内容来源：https://www.wired.com/story/security-news-this-week-your-push-notifications-arent-safe-from-the-fbi/

内容总结：

本周全球网络安全与地缘政治风险交织，呈现多维度威胁态势。美国警告伊朗黑客正针对其能源与水利基础设施发动攻击，而中东地区局势持续动荡——黎巴嫩近五分之一人口因冲突流离失所，叙利亚政府账户遭劫持事件暴露出其基础网络防御薄弱。与此同时，政治暴力威胁上升促使美国政客加大安防投入，部分社交平台出现大规模非自愿女性影像传播及间谍软件滥用现象。东南亚电信诈骗集团在中国选择性执法压力下正将目标转向海外。

科技领域，人工智能公司Anthropic正式发布Claude Mythos Preview模型，目前仅限苹果、微软等数十家顶尖科技金融组织组成的"玻璃翼项目"联盟试用，旨在评估其高级黑客能力并探索防御方案，引发业界关于该技术网络安全影响的争议。

此外，多起安全事件值得关注：FBI通过推送通知缓存获取已删除加密通讯软件Signal信息；伊朗国内互联网中断已达1000小时，创历史最长封锁纪录；2025年美国加密货币诈骗损失高达113亿美元，占全年网络犯罪总损失半数以上；谷歌Gmail端到端加密功能扩展至移动端，但目前仅限企业高级客户使用。

（基于WIRED等媒体报道综合整理）

中文翻译：

在美国总统唐纳德·特朗普发出骇人威胁、美伊双方谈判停火之际，美国政府本周警告称，与伊朗有关的黑客正对美国能源和水利基础设施目标发动攻击。黎巴嫩近五分之一人口因以色列袭击而流离失所，该国政府正试图在没有现代化数字基础设施、应急系统濒临崩溃的情况下应对危机。此外，《连线》杂志的一项分析审视了三月叙利亚政府账户遭劫持事件，以及这些事件暴露出的叙利亚基础网络安全防御薄弱问题。

随着对政治暴力的担忧日益加剧，《连线》杂志的一项调查发现，美国政治候选人正在增加安保支出，包括购置家庭警报器和防弹背心等设备。近期一项针对Telegram群组的研究发现，男性用户正在分享数千张未经同意的女性及女童照片，购买间谍软件用于监视妻子和朋友，并实施人肉搜索和性虐待。与此同时，在各国政府忙于应对源自东南亚日益猖獗的工业诈骗之际，中国已成为最主要的执法力量，但其执法具有选择性，导致犯罪集团将目标转向国外以规避中国打击。

Anthropic本周正式宣布其新的Claude Mythos Preview模型，并表示目前该模型仅提供给包括苹果、微软、谷歌和Linux基金会在内的数十家领先科技和金融组织。这个名为"玻璃翼项目"的联盟将探索Mythos Preview的高级黑客攻击及其他网络安全能力，并评估改进软硬件防御的最佳方法，以防此类能力在其他模型中更广泛扩散并最终落入攻击者手中。该声明引发了关于Mythos Preview及类似能力是否真能如Anthropic所言对网络安全产生重大影响的争议。专家告诉《连线》杂志，虽然这可能不会造成剧烈灾难，但防御者有必要联合起来，利用早期访问权限改变软件开发方式及全球组织在漏洞修补方面的投入。

最后，《连线》杂志调查发现，与美国海关和边境保护设施有关的非营利组织正在出售纪念特朗普政府移民突袭行动的挑战币，其中一枚硬币描绘了身穿防暴装备的《夏洛特的网》角色。

还有更多消息。每周我们会汇总未深入报道的安全与隐私新闻。点击标题阅读完整报道。请注意安全。

联邦调查局可获取您的推送通知内容
据404 Media报道，联邦调查局近期获得了发送至被告iPhone的加密Signal消息副本，因为这些消息内容包含在推送通知中。尽管手机被联邦调查局扣押前已删除Signal应用，但通知仍存于手机内存中。此问题影响所有发送推送通知的应用，不仅限于Signal。但Signal用户可调整设置，使推送通知不显示消息内容或发件人姓名。如需调整通知设置，请打开Signal应用，进入"设置"-"通知"，将选项改为"仅显示姓名"或"不显示姓名和内容"。

伊朗互联网中断已达1000小时
尽管美国-以色列与伊朗的战争达成了脆弱且存在争议的停火协议，但数千万普通伊朗人仍无法获得稳定可靠的互联网连接。据互联网监测组织NetBlocks数据，自2月28日战争爆发初期实施的断网措施，目前已持续近1000小时。近几周来，这次断网已成为伊朗历史上最长、全球范围内最长的断网事件之一，导致伊朗民众无法获取准确战事新闻、无法联系家人亲友，并对国家经济造成进一步损害。总部位于美国的伊朗数字权利项目Filter Watch详细披露了伊朗政权在冲突期间如何将反审查工具标记为"恶意软件"，并宣称已逮捕使用星链互联网连接绕过封锁的人员。

去年加密货币诈骗致美国人损失110亿美元
联邦调查局年度互联网犯罪报告通常描绘出严峻景象：网络犯罪报告数量逐年上升，美国人损失金额急剧增加。遗憾的是，2025年情况依旧如此。根据联邦调查局年度报告，去年向互联网犯罪投诉中心报告的损失总额超过200亿美元，较2024年增长26%。其中超过半数损失（113亿美元）与加密货币诈骗有关，多通过欺诈性投资计划实施。商业电邮入侵、技术与客服支持诈骗、个人数据泄露以及信任诈骗/浪漫诈骗构成其他最常见犯罪类型。提及人工智能的犯罪导致8.93亿美元损失。

Gmail端到端加密终登陆移动端——面向少数用户
谷歌本周将Gmail端到端加密功能扩展至Android和iOS应用，首次允许企业用户无需借助独立应用或邮件门户，即可在移动端直接编写和阅读端到端加密邮件。加密邮件在接收方的Gmail应用中显示为标准邮件线程，使用其他邮件服务的用户可通过安全浏览器视图查看。此次推广基于2025年4月向Google Workspace网页用户推出的客户端加密模式，该模式使用客户控制的密钥加密邮件，防止谷歌访问其内容。这种方法对需要严格遵循HIPAA、出口管制和数据主权法规的组织尤其具有吸引力。

但使用权限仍然有限：该功能仅面向配备"受控保障"或"受控保障+"附加组件的Google Workspace Enterprise Plus客户开放，个人Gmail账户暂不支持。管理员必须在管理界面中明确启用Android和iOS客户端功能（默认关闭），符合条件的用户才能使用。最终用户可通过点击锁形图标选择"附加加密"来逐条切换加密设置，这与网页端操作流程一致。该功能已立即面向快速发布版和计划发布版域开放。

英文来源：

Amid horrific threats from United States president Donald Trump as the US and Iran negotiated a ceasefire, the US government warned this week that Iran-linked hackers were carrying out attacks against US energy and water infrastructure targets. With nearly one in five people in Lebanon displaced by Israeli attacks, the government is attempting to manage the crisis without modern digital infrastructure and an emergency system that is barely hanging on. Plus, a WIRED analysis looked at Syrian government account hijacks in March and the inadequacies they expose in Syria’s baseline cybersecurity defenses.
Amid rising fears of political violence, a WIRED investigation found that US political candidates are spending more on security, including purchasing equipment like home alarms and bulletproof vests. And recent research looking at Telegram groups found that men are sharing thousands of nonconsensual images of women and girls, purchasing spyware to use against their wives and friends, and engaging in doxing and sexual abuse. Meanwhile, as governments scramble to address growing industrial scamming originating from Southeast Asia, China has emerged as the biggest enforcer, but also a selective one, resulting in crime syndicates shifting their focus abroad to avoid Chinese targets.
Anthropic formally announced its new Claude Mythos Preview model this week and said that for now it will only make the model available to a select group of a few dozen leading tech and financial organizations, including Apple, Microsoft, Google, and the Linux Foundation. The consortium, dubbed Project Glasswing, will explore Mythos Preview’s advanced hacking and other cybersecurity capabilities and assess the best ways to improve software and hardware defenses before capabilities like the ones in Mythos Preview proliferate more broadly across other models and inevitably end up in the hands of attackers. The announcements sparked controversy about whether Mythos Preview and similar capabilities will truly be as consequential for cybersecurity as Anthropic says. Experts told WIRED that while it may not be a dramatic catastrophe, it is important for defenders to come together and use their early access to make changes in how software is developed and how organizations around the world invest in patching.
Finally, a WIRED investigation found that nonprofit groups linked to Customs and Border Protection facilities were selling challenge coins that celebrated the Trump administration’s immigration raids, including one coin that depicted Charlotte’s Web characters in riot gear.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Your Push Notifications Aren’t Safe From the FBI
The FBI recently got its hands on copies of encrypted Signal messages being sent to a defendant's iPhone because the contents of those messages were included in push notifications, 404 Media reports. Even though Signal had been removed from the phone prior to it being seized by the FBI, the notifications still lived on in the phone's internal memory.
The issue affects all apps that send push notifications, not just Signal, but users of that app can adjust their settings to not show the content of a message or the name of the sender in push notifications. To adjust your settings for notifications going forward, open Signal and go to Settings, then Notifications, and change the option to Name Only or No Name or Content.
Iran’s Internet Access Has Been Cut for 1,000 Hours
Despite the tenuous and contested ceasefire enacted in the US-Israel war with Iran, tens of millions of ordinary Iranians are still without regular and reliable internet connectivity. The regime-imposed internet blackout, which started during the first hours of the war on February 28, is now reaching the 1,000 hour point, according to internet monitoring group NetBlocks. In recent weeks, the internet shutdown has become the longest in Iranian history and one of the longest worldwide—depriving Iranians of accurate news about the war, stopping them contacting family and loved ones, and causing further economic harm to the nation. US-based Iranian digital rights project Filter Watch has detailed how the Iranian regime, while being bombarded during the conflict, has labeled anti-censorship tools as “malicious” and claimed to have arrested individuals using Starlink internet connections to get around the block.
Cryptocurrency Scams Cost Americans $11 Billion Last Year
The FBI’s annual internet crime report typically paints a bleak picture: year-on-year, the number of cybercrime reports increases and the amount of money lost by Americans shoots up. Unfortunately, 2025 was no different. Last year, according to the FBI’s annual report, losses reported to the Internet Crime Complaint Center topped $20 billion—an increase of 26 percent compared to 2024. More than half of these reported losses ($11.3 billion) were linked to cryptocurrency scams, often through fraudulent investment schemes, according to the FBI. Business email compromise, tech and customer support scams, personal data breaches, and confidence or romance scams, make up the other most common crime reports. Crimes mentioning AI led to $893 million in losses.
Gmail's End-to-End Encryption Finally Lands on Mobile—for a Select Few
Google this week expanded Gmail’s end-to-end encryption to its Android and iOS apps, allowing enterprise users to compose and read E2EE messages natively on mobile for the first time without separate apps or mail portals required. Encrypted emails appear as standard threads in the Gmail app for recipients using Gmail, while those on other providers can access them via a secure browser view. This rollout builds on the client-side encryption model introduced to Google Workspace web users in April 2025, where messages are encrypted with customer-controlled keys, preventing Google from accessing their contents. The approach is particularly appealing for organizations with strict compliance requirements, including HIPAA, export controls, and data sovereignty regulations.
Access, however, remains limited: The feature is available only to Google Workspace Enterprise Plus customers with the Assured Controls or Assured Controls Plus add-on, and is not supported for personal Gmail accounts. Administrators must also explicitly enable the Android and iOS clients in the admin interface before eligible users can access the feature, which is off by default. End users then toggle encryption per-message by tapping the lock icon and selecting "Additional encryption," mirroring the web workflow. The rollout is available immediately to both Rapid Release and Scheduled Release domains.