Lily Hay Newman Dell Cameron Matt Burgess Security May 30, 2026 6:30 AM Security News This Week: Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license-plate surveillance data to the cops, and more. MyPillow founder and CEO Mike Lindell Photograph: Anthony Souffle/The Minnesota Star Tribune/Getting Images Save this story Save this story The United States military has known for years that enemies could use location data to track troops’ phones —and it’s also long been aware of easy fixes for the problem. The Pentagon adopted almost none of these protections, though, in spite of admitting in a letter exposed this week that US adversaries are actually using the data to target soldiers in war. Meanwhile, US law enforcement warned this week about “anti-tech extremism ” as AI backlash grows around the country. After a nearly 90-day internet shutdown, connectivity started to trickle back into Iran this week amid internal political power struggles and ongoing negotiations with the US to end its war with Tehran. Researchers cautioned that it is unclear how extensive the restoration will be and whether connectivity will only return temporarily. As cybercriminals and offensive hackers ramp up their use of AI to exploit vulnerabilities and develop hacking tools, the technology is also radically changing the dynamics of how security researchers hunt for vulnerabilities . And scammers are using real hotel reservation data and other travel details to conduct effective spear-phishing campaigns , potentially accessing customer data from 350 hotels and vacation rentals around the world. And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow Play, a Russian-language ransomware operation that has affected more than 900 organizations since 2022, posted to its dark-web leak site on Monday claiming it had pulled “private and personal confidential data, clients' documents, budget, payroll, IDs, taxes,” and other financial records from MyPillow. The Minnesota-based home goods company is run by Mike Lindell, who is among at least 10 Republicans seeking the party’s nomination for governor of Minnesota in August’s primary. Lindell is also one of the most prolific backers of Donald Trump’s false claims of victory in the 2020 election. Play reportedly set a Friday deadline for MyPillow to make contact before publishing the data online. Lindell told Straight Arrow News , which broke the story of the ransomware claims on Tuesday , that his company was not hacked and that allegations that it was are a political hit job. “This is another hit job by outside sources because I’m running for governor,” Lindell said. “I guarantee it. We do not have any breaches in our data at all.” Lindell has been on the losing end of two recent defamation rulings over his 2020 election claims: A federal jury in Colorado last year found that he had defamed Eric Coomer, a former Dominion Voting Systems director, and ordered Lindell and his media platform, FrankSpeech, to pay $2.3 million in damages; a federal judge in Minnesota separately ruled in September that Lindell had defamed Smartmatic through 51 false statements about its voting machines, with damages still to be set at trial. A Ransomware Group Is Stealing Data in Person In recent years, ransomware groups have become more aggressive and ruthless in their efforts to obtain money from victims. Most of these criminal hackers now focus on stealing data and extorting companies rather than using malware to lock computer systems. But in rare occasions, ransomware groups have been seen directly threatening executives, or contacting people named in stolen data, to try to obtain payment. The FBI said this week that one ransomware group is going even further: sending people to steal data directly from companies IRL. Among more traditional social engineering techniques, the FBI says the Silent Ransom Group (SRG), which is targeting law firms, has sent people to company offices to directly get access to computers. “By sending someone in person to the victim’s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI said in an alert. Security researchers say the tactic has not been seen before. The FBI did not provide any information about who the Russian-speaking ransomware group was sending to conduct its attacks, but researchers believe they could be paying freelancers who do not necessarily know who they are working for. BusPatrol School Bus Cameras Aim to Feed Surveillance Data to Cops The AI surveillance company BusPatrol, which has installed its cameras in tens of thousands of US school buses, says that it will now turn those cameras into automatic license plate readers that will record the location of every vehicle a BusPatrol school bus passes and make the data available to law enforcement without a warrant. The initiative would turn the familiar yellow buses into what 404 Media aptly described as “roaming surveillance vehicles.” BusPatrol technology, and school bus surveillance tech more broadly, was originally intended to be used for ticketing vehicles that illegally pass stopped buses—a critical safety issue for children. Dropping ShotSpotter Improved Chicago Police Response Times for 911 Calls University of Chicago sociology professor Rob Vargas found this month that the Chicago Police Department was four minutes faster in responding to the most urgent non-gunshot 911 calls in the six-month period after Mayor Brandon Johnson shut down ShotSpotter gunshot detection tech in 12 neighborhoods in September 2024. Analyzing Chicago city data as well as data obtained through public records requests, Vargas compared the time period with the preceding six months during which ShotSpotter was still active. The data couldn’t be used to assess response times for calls specifically related to gunshots, but it indicated that ShotSpotter alerts may have been occupying officers with false positives and delaying them in responding to other types of critical 911 calls. “It is clear that ShotSpotter wasted officers’ time by sending them on wild-goose chases,” Vargas told WTTW News. Comments Back to top You Might Also Like How to find us: Add WIRED.com to your preferred sources in Google How the Canvas hack threatened thousands of schools Big Story: I've covered robots for years— this one is eerily lifelike Orbs, saucers, and flashes on the moon—here’s what’s in the UFO files Take our survey: What does “home” mean to you? Written by WIRED Staff Topics security roundup hacking security cybersecurity ransomware privacy politics Read More Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more. Andrew Couts Hackable Robot Lawn Mower Unlocks a New Nightmare Plus: Meta officially kills encrypted Instagram DMs, the Trump administration targets “violent left wing extremists,” leaked documents reveal Russia's school for elite hackers, and more. Matt Burgess Disneyland Now Uses Face Recognition on Visitors Plus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more. Andrew Couts Foxconn Ransomware Attack Shows Nothing Is Safe Forever Famous for helping build Apple’s iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world’s most valuable data. Lily Hay Newman A Bipartisan Amendment Would End Police License Plate Tracking Nationwide One line tucked into a federal highway bill would strip funds from cities and states unless they kill their automated plate tracking programs—effectively banning the tech for all but toll collection. Dell Cameron Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk. Dan Goodin, Ars Technica A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations. Andy Greenberg The Canvas Hack Is a New Kind of Ransomware Debacle Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters. Andy Greenberg Your iPhone Gets Stolen. Then the Hacking Begins A bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more. Matt Burgess Palantir Held Another ‘Hack Week.’ This Time, the Focus Was ICE The hackathon, held to build user-auditing tools for Palantir customers, comes as the company struggles to address employee concerns over its relationship with ICE. Makena Kelly Hackers Hate AI Slop Even More Than You Do It's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity. Matt Burgess An Engineer’s Post Protesting Laptop Surveillance Is Going Viral Inside Meta Meta employees in the US and UK are organizing against corporate software that tracks workers’ keystrokes and mouse activity. Paresh Dave