This week's cybersecurity landscape saw a mix of offensive and defensive maneuvers, alongside concerning privacy lapses and the tangible consequences of cyberattacks. ### Botnet Busts and iPhone Risks United States law enforcement took down the **Aisuru**, **Kimwolf**, **JackSkid**, and **Mossad** botnets, a collection of cybercriminal tools that have infected over 3 million devices globally. These botnets have been implicated in numerous large-scale cyberattacks, many originating from within home networks. Simultaneously, hundreds of millions of iPhones are vulnerable to a new tool called **DarkSword**, reportedly used by Russian hackers to exfiltrate user data. ### Privacy Fails: AI Chatbots and Data Brokers Customer service interactions with the **Sears** Home Services AI bot, Samantha, were exposed online, revealing personal details from calls and chats, including audio recorded after calls ended. Separately, an investigation uncovered Telegram channels listing jobs for “AI face models,” with predominantly female applicants likely being used in AI scams to defraud victims. ### Encryption Concerns and AI Collaboration **Meta** announced it will eliminate end-to-end encryption for Instagram Direct Messages on May 8, citing low adoption. This decision has raised concerns about setting a dangerous precedent. In a contrasting move, **Signal** creator Moxie Marlinspike will collaborate with Meta to integrate his encrypted AI platform, Confer, into **Meta AI**. ### Intoxalock Cyberattack Strands Drivers **Intoxalock**, a provider of automotive breathalyzers used by 150,000 drivers in the US, reported a cyberattack that has disrupted its services. Drivers reliant on these devices are facing lockouts and inability to start their vehicles due to the system downtime, highlighting the interconnectedness of cybersecurity and everyday life. The company is offering temporary extensions and towing services while investigating the incident. ### FBI's Phone Data Purchases Raise Concerns Despite previous assurances, the **FBI** is again purchasing phone location data from commercial data brokers. This practice circumvents the need for warrants, raising Fourth Amendment concerns. Senator Ron Wyden criticized this as an "outrageous end run around the Fourth Amendment," especially given the use of AI to analyze massive datasets. A bipartisan bill has been introduced to restrict government agencies from acquiring data through commercial brokers. ### Iranian Hack Impacts Maryland Hospitals Hospitals and emergency medical services in Maryland experienced disruptions following an Iranian-linked cyberattack on medical technology firm **Stryker**. Court documents reveal that the attack, attributed to the **Handala** hacking group, forced some hospitals to suspend connections to medical systems, leading clinicians to rely on alternative communication methods. This incident demonstrates the potential for cyberattacks to directly impact patient care.