FCC Moves to End Anonymous Phone Services — What It Means for Your Privacy
The FCC wants cellular providers to collect government ID from every customer. Privacy advocates say it could eliminate the last refuge of phone anonymity.
FCC Targets Burner Phones and Anonymous Carriers in Sweeping New Proposal
For years, purchasing a prepaid burner phone or signing up with a privacy-focused carrier has offered Americans a rare, legal escape from pervasive digital surveillance. That may soon change. The Federal Communications Commission has put forward a new rule that would require all cellular network providers to collect verified personal information — including a customer's full name, physical address, government-issued ID number, and an alternate phone number — before activating any new or renewing account.
The FCC frames the proposal as an anti-fraud measure, comparing it to know-your-customer regulations already enforced in the financial sector to prevent money laundering. But privacy advocates are pushing back hard, arguing the rule would effectively dismantle one of the last remaining channels through which journalists, whistleblowers, activists, and ordinary privacy-conscious citizens can communicate without being tracked.
Among the services directly threatened is Phreeli, a recently launched privacy-first mobile carrier that currently allows users to register using nothing more than a ZIP code. The company's founder, Nicholas Merrill, has stated his mission is to help everyday people live their lives without feeling monitored or exploited by large-scale data collection operations — a goal he argues is broadly shared across the population. The FCC is accepting public comments on the proposal through June 25.
ShinyHunters Hacker Group Exploits Oracle Software Vulnerability in Mass Breach
Google issued a warning Thursday that the notorious cybercriminal collective known as ShinyHunters had launched a wide-ranging attack campaign targeting educational institutions by exploiting a critical zero-day vulnerability in Oracle's PeopleSoft HR and payroll platform. The group claimed to have successfully breached over one hundred organizations, with more intrusions reportedly underway at the time of disclosure.
Oracle notified customers of the flaw, but the warning came after ShinyHunters had already weaponized it. The group has a well-documented history of ransomware attacks against the education sector — most recently targeting Instructure, a major education software firm, in an attack that disrupted thousands of schools before a ransom payment was made. The pattern suggests ShinyHunters has identified educational targets as particularly vulnerable and financially motivated to pay.
Microsoft's Largest-Ever Patch Tuesday Driven by AI-Powered Bug Detection
Microsoft has rolled out its biggest Patch Tuesday update in the initiative's history, with some security analysts counting over 200 individual bug fixes in the latest release cycle. The company credited advanced artificial intelligence tools for the unprecedented volume, explaining that AI-assisted vulnerability detection now operates at speeds and scales that human researchers simply cannot match.
Microsoft's Security Response Center noted that AI models are now an active and accelerating component of its internal security discovery process. The previous near-record patch release had also been attributed to the same AI-driven approach, signaling a lasting shift in how the company identifies and addresses software vulnerabilities going forward.
Google Sues Alleged Chinese Scam Network for Abusing Gemini AI
Google filed a lawsuit Friday against an alleged scam operation identified as Outsider Enterprises, which the company says exploited its Gemini AI tool to run large-scale fraud campaigns targeting hundreds of thousands of Americans. The fake websites created by the network impersonated well-known platforms and services, including YouTube and New York's E-ZPass toll payment system.
Google also coordinated with the FBI as part of its response. According to the company's own data, the group sent approximately 2.5 million messages to Android users containing links to around 9,000 spoofed websites — all within a single two-week window in May. Google says the scheme resulted in millions of dollars in losses for American consumers.
Trump Withdraws Bill Pulte Nomination for Intelligence Director, Names Jay Clayton
President Donald Trump reversed course this week on his nomination of Bill Pulte — director of the Federal Housing Finance Agency — to serve as acting director of national intelligence. The pick had faced significant bipartisan criticism, with House Minority Leader Hakeem Jeffries describing Pulte as both "deeply unqualified" and "deeply dangerous" given his complete lack of intelligence or law enforcement experience and his perceived willingness to deploy federal authority against political opponents.
Trump has since nominated Jay Clayton, the sitting U.S. Attorney for Manhattan, to fill the role permanently. The reversal came amid growing concern on Capitol Hill about the future of key surveillance oversight authorities under Pulte's potential leadership.
More Stories Shaping the Cybersecurity and Privacy Landscape
Beyond these headlines, several other significant developments unfolded this week across the technology and privacy space:
- Anthropic released an upgraded version of its restricted Mythos-class AI model to select partners and launched a safety-guardrailed public version designed to prevent misuse in cyberattacks.
- CISA issued a new federal directive requiring agencies to patch the most critical software vulnerabilities within as little as three days in response to emerging AI-enabled threats.
- The ACLU filed a lawsuit against two Florida police departments over alleged misuse of the FACES facial recognition system, which reportedly led to the wrongful arrest of an innocent man in Fort Myers.
- Amnesty International concluded that fans and residents across all three 2026 FIFA World Cup host nations — the United States, Canada, and Mexico — face potential human rights violations tied to surveillance technology deployed at tournament venues.
- Illegal pharmacy and scam websites were found to have manipulated Spotify's search rankings through fraudulent podcast listings, according to a joint U.S. Congressional report.
