Pete Recommends – Weekly highlights on cyber security issues, November 22, 2025

Subject: State leaders push laws to bring down drone
Source: Route Fifty
https://www.route-fifty.com/emerging-tech/2025/11/state-leaders-push-laws-bring-down-drones/409529/

While the federal government has ultimate authority over airspace, in the absence of firm action, more states are stepping up to protect residents from illegal drone activity.

In reopening the federal government, Congress also reauthorized federal agencies’ counter-drone authorities, which had been allowed to expire and left experts worried about national security risks.

States, meanwhile, are also concerned about the rapid growth in illegal drone use, especially around airports, at major events, in delivering contraband to prisons and at other sensitive sites including critical infrastructure. And an increasing number are looking to give law enforcement the authority to bring those drones down.

Louisiana fired the starting gun on this trend last summer, as lawmakers passed the “We Will Act” Act and granted law enforcement agencies direct authority to mitigate drones. That authority is typically only reserved for specific federal agencies, including the departments of Homeland Security, Justice and Energy, among others. The law allows officers to use what state officials described at the time as “kinetic and non-kinetic technologies” to bring drones down if they operate unlawfully.

Despite state and local concerns, the FAA remains in control of the nation’s airspace and ultimately is the agency that determines whether a drone can be brought down, rather than local law enforcement agencies, or even the state.

But while the idea of bringing down drones may conjure images of someone shooting a firearm at one in the hopes of destroying it, the truth is a lot more nuanced. Companies like D-Fend Solutions instead look to take over a drone’s operation and land it safely, while others like AirSpace Link in Detroit provide an air traffic control system for effective monitoring and identifying if a drone is being used illegally.

Related articles

Topics:

Filed: https://www.route-fifty.com/emerging-tech/

Subject: Startup Founder Goes All-In on AI Workers, Chaos Ensues
Source: Newser – By Kate Seamons with Newser.AI
https://www.newser.com/story/378620/startup-founder-goes-all-in-on-ai-workers-chaos-ensues.html

AI staffers invent fake meetings, imaginary hikes, and endless updates. A startup founder’s experiment with an all-AI staff took a surreal turn when his digital “employees” began fabricating progress reports and brainstorming company off-sites in the wilderness. Writing for

Subject: The internet isn’t free: Shutdowns, surveillance and algorithmic risks
Source: Help Net Security
https://www.helpnetsecurity.com/2025/11/17/freedom-house-global-internet-freedom-decline/

Global internet freedom has declined for the 15th straight year, according to the latest Freedom House report. Out of 72 countries evaluated, 28 recorded declines and 17 saw improvements.

Surveillance and civil society under strain – Authoritarian governments are expanding control, and democracies are slipping in their efforts to protect digital rights. Among the 18 countries designated “Free” in the report, half suffered score declines in the assessment period (June 2024-May 2025). Georgia, Germany and the United States registered the steepest changes in this cluster.

The report highlights a key indicator: “online sources of information are manipulated by the government or other powerful actors” and notes it “has undergone the most consistent global decline over the past 15 years.” Common methods include paid commenters posing as private users, AI-generated misleading content, and influencers posting pro-government content without transparent affiliation.

An environment where discourse is manipulated, identities are obscured and digital trust is eroded means increased exposure for brand reputation, insider threats and social engineering

 

Algorithmic influence and anonymity in retreat…

What the trends mean for enterprise security. This report offers four take-aways for CISOs and security teams operating in a global context:

NB: PDF is 43 pages

https://freedomhouse.org/sites/default/files/2025-11/Freedom_on_the_Net_2025_Digital.pdf

This booklet is a summary of findings for the 2025 edition of Freedom on the Net. Summaries of developments in the 72 countries assessed in this study can be found on our website at freedomonthenet.org.

FREEDOM ON THE NET 2025

ToC:

ON THE COVER
Illustration by Mitch Blunt

TABLE OF CONTENTS
Key Findings……………………………………………………………………………………….. 1
Freedom on the Net 2025: An Uncertain Future for the Global Internet…. 2
Tracking the Global Decline…………………………………………………………….. 4
Fifteen Years of Evolution in Internet Controls………………………………… 8
On the Horizon for Human Rights Online ………………………………………… 14
Policy Recommendations ……………………………………………………………………. 28
What We Measure………………………………………………………………………………. 32
Checklist of Questions………………………………………………………………………… 33

Acknowledgements and Sources…………………………………………………………. 40
TABLES, CHARTS, AND GRAPHICS
Detained for Dissent……………………………………………………………………………….. 4
Global Internet User Stats………………………………………………………………………. 6
Internet Freedom’s 15 Years of Decline………………………………………………….. 9
The Perils and Promises of AI Sovereignty…………………………………………….. 15
A Crisis for Online Anonymity………………………………………………………………… 19
Key Internet Controls by Country…………………………………………………………… 21
Freedom on the Net 2025 Map……………………………………………………………….. 22
Global Rankings……………………………………………………………………………………….. 24
Regional Rankings……………………………………………………………………………………. 26

Subject: I Scammed My Internet Provider to Try to Lower My Bill
Source: Business Insider
https://www.businessinsider.com/scammed-internet-provider-lower-my-bill-deepfakes-ai-2025-11

“Across industries, there’s a surge in AI voice agents targeting customer support service lines, driving new forms of fraud while dramatically increasing call volumes and operational strain,” says Emily Fontaine, global head of venture capital at IBM, a partner and investor in Reality Defender, tells me in an email.

Patrick Carroll, founder and CEO of deepfake detector ValidSoft, tells me in an email that call centers are increasingly fielding calls from agents that attempt to thwart security protocols and authentication methods. “Even companies with strong defences are seeing rising call volumes as voice automation tools become more accessible and sophisticated,” he says.

Attempts to thwart call waiting aren’t new. About half of customers say they try third-party channels, like Google, Reddit, or ChatGPT, to try to resolve a service issue before they even bother contacting the company, according to another 2025 survey from Gartner. In 2010, a startup called LucyPhone tried to best call waiting. It allowed people to hang up on customer service, and then receive a call back when it was their turn in line. The Reserve with Google tool can book restaurant reservations on your behalf. DoNotPay, a startup that uses AI to help people fight fees, tickets, and search for money users may be owed, has gained attention for successfully acting as an advocate for individuals against big corporations that often have roadblocks to contact.

[…]

Subject: Microsoft Launches ‘Agent 365’ for AI Agent Management
Source: tech.co
https://tech.co/news/microsoft-launches-agent-365-ai-management

AI agents are so popular that businesses now need a dashboard specifically for managing all their AI agents. At least, Microsoft is betting they’ll need one, since the company just launched Agent 365 to do just that.

Agent 365 is designed to track AI telemetry and issue alerts when needed, just like many business management software do for human employees.

Microsoft just announced the new tool, which comes with built-in cybersecurity tools and can track third-party agents in addition to homegrown AI agents from Microsoft’s Copilot.

To put a number to the predictions, one estimate says that roughly 1.3 billion AI agents are predicted by 2028. The enterprise business world might be on the brink of a big shift, and Microsoft is ready to profit off of exactly that.

Tags

Subject: Google Hit With AI Defamation Lawsuit After Alleged False Claims and Hallucinations
Source: Android Headlines
https://www.androidheadlines.com/2025/11/google-hit-with-ai-defamation-lawsuit-after-alleged-false-claims-and-hallucinations.html

Robby Starbuck is suing Google, alleging that its AI falsely linked him to serious misconduct—claims Google argues were induced through misuse of developer tools. The case highlights growing concerns around AI hallucinations and the importance of verifying machine-generated information.

So much so that Google is now facing a defamation lawsuit over its AI. Google faces an AI defamation lawsuit – Google is currently facing an AI defamation lawsuit filed by Robby Starbuck. Starbuck alleged that Google’s AI falsely associated him with sexual assault allegations and being a white nationalist. Starbuck had previously sued Meta in a similar lawsuit, although in Meta’s case, the company opted to settle.

However, Google doesn’t appear to be as eager. In fact, Google has filed a motion to dismiss the lawsuit.

Sometimes AI is trained on a set of data with a cutoff date. This means that if you ask it for new information after that date, it might get it wrong. Plus, AI almost never admits that it’s wrong. In fact, if you check the AI subreddits, you’ll find a lot of examples of AI models gaslighting users.

We can only hope that with time and as the technology improves, AI will become smarter. But until then, never take an AI’s word as gospel. Just be sure to double-check everything.

Filed: Artificial Intelligence News

Subject: Unremovable AppCloud on Samsung Phones Sparks Privacy Fears
Source: Android Headlines
https://www.androidheadlines.com/2025/11/unremovable-appcloud-app-samsung-phones-privacy-fears-controversy.html

Samsung is under fire for AppCloud, an unremovable pre-installed app on Galaxy phones. Linked to Israeli-founded ironSource, the bloatware raises serious privacy fears regarding data harvesting and surveillance, especially in sensitive regions. Digital rights groups demand clarity, but Samsung remains silent.

Samsung is facing scrutiny over an app pre-installed on some of its affordable devices that users cannot easily remove. The controversial app, called AppCloud, is designed to recommend and install third-party applications during phone setup or updates on Samsung Galaxy A, M, and F series models. However, users and digital rights groups are labeling it bloatware and expressing some privacy concerns.

The core problem is simple: AppCloud is integrated at the system level. This means ordinary users cannot uninstall it. The app remains on the device even when disabled and often reappears after software updates. Users report that its system permissions are extensive, requesting abilities like “full network access” and the right to “download files without notification.”

Some Samsung phone users alarmed by unremovable, Israeli-tied ‘AppCloud’…

Subject: WhatsApp Flaw Exposed 3.5 Billion Phone Numbers
Source: Tech Republic
https://www.techrepublic.com/article/news-whatsapp-flaw-exposed-billions-users/

[h/t Sabrina]

Austrian researchers used a WhatsApp contact-lookup flaw to map 3.5 billion phone numbers, revealing how basic metadata can build a directory of accounts.

It began as a small curiosity and ultimately exposed phone numbers for nearly half the planet.

A team of Austrian researchers has uncovered a major weakness in WhatsApp, revealing how a basic contact-lookup function can be exploited to create a global directory of users. By pushing WhatsApp’s contact discovery tool far beyond typical use, the researchers confirmed 3.5 billion active phone numbers linked to WhatsApp accounts.

In the research paper, they noted that the exposure would have been “the largest data leak in history, had it not been collated as part of a responsibly-conducted research study.”

The researchers stated that the data for many accounts “contains phone numbers, timestamps, about text, profile pictures, and public keys for E2EE encryption.” They added that its exposure “would entail adverse implications to the included users.”

How the enumeration worked – Instead of using the standard app, the researchers tapped into WhatsApp’s underlying XMPP interface, using a reverse-engineered client called whatsmeow. With just five concurrent sessions and a single server, they were able to run queries at up to 7,000 numbers per second.

Meta responds – In a statement shared with WIRED, Nitin Gupta, WhatsApp’s VP of engineering, acknowledged the issue and stated that the company had already been tightening its anti-scraping defenses. He called the exposed information “basic publicly available information,” saying that users who set their profile details to private were protected.

Concerns about WhatsApp’s data exposure echo recent allegations from its former security chief, who says Meta has been ignoring flaws that put billions at risk.

Filed: https://www.techrepublic.com/topic/security/

Subject: Is Misinformation More Open? A Study of robots.txt Gatekeeping on the Web
Source: arXiv
https://www.bespacific.com/is-misinformation-more-open-a-study-of-robots-txt-gatekeeping-on-the-web/

Is Misinformation More Open? A Study of robots.txt Gatekeeping on the Web. Nicolas Steinacker-Olsztyn, Devashish Gosain, Ha Dao Large Language Models (LLMs) are increasingly relying on web crawling to stay up to date and accurately answer user queries. These crawlers are expected to honor this http URL files, which govern automated access. In this study, …

Read more
– AI, Education, Internet, Knowledge Management, Legal Research, Search Engines • 2025-11-20

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

Subject: Your Smartphone, Their Rules: How App Stores Enable Corporate-Government Censorship
Source: ACLU
https://www.bespacific.com/your-smartphone-their-rules-how-app-stores-enable-corporate-government-censorship/

ACLU: “Who controls what you can do on your mobile phone? What happens when your device can only run what the government decides is OK? We are dangerously close to this kind of totalitarian control, thanks to a combination of government overreach and technocratic infrastructure choices. Most Americans have a smartphone, and the average American spends over 5 hours a day on their phone. While these devices are critical to most people’s daily lives, what they can actually do is shaped by what apps are readily available.

[…]

The current structure of the mobile phone ecosystem enables this kind of abuse and control. Apple’s iOS (the operating system for any iPhone) is designed to only be able to run apps from the AppStore. If Apple hasn’t signed off on it, the app won’t run. This centralized control is ripe for abuse:

[…]

Unlike Apple, Google’s Android operating system has traditionally allowed relatively easy access to “sideloading”, which just means installing apps through means other than Google’s Play Store. Although most installations default to getting apps from the Play Store, the availability of sideloading means that even if Google censors apps in the Play Store, people can still install them. Even apps critical of Google can make it onto an Android device. It’s also possible to run a variant of Android without the Play Store at all, such as GrapheneOS…”

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

Subject: Rogue techie pleads guilty in $862K employer attack
Source: The Register
https://www.theregister.com/2025/11/20/it_contractor_sabotage/

The attack took place on May 14, 2021, and saw Schultz use the credentials to reset approximately 2,500 passwords at the affected organization.

This meant thousands of employees and contractors across the US were unable to access the company network.

Schultz admitted to running a PowerShell script to reset the passwords, searching for ways to delete system logs to cover his tracks – in some cases succeeding – and clearing PowerShell window events, according to the Department of Justice.

Prosecutors said the attack caused more than $862,000 worth of damage related to employee downtime, a disrupted customer service function, and costs related to the remediation of the intrusion.Schultz is set to be sentenced on Jan 30, 2026, and faces up to ten years in prison and a potential maximum fine of $250,000.

Be it Coinbase or FinWise in the US, the spate of rogue North Korean IT workers targeting Western organizations, local authorities, or even GCHQ in the UK, insider threats continue to wreak havoc across all types of organizations, and that’s just in 2025.

More about

Filed: https://www.theregister.com/security/cyber_crime/

Subject: Police Chief Allegedly Used License Plate Readers to Stalk
Source: Newser
https://www.newser.com/story/379077/police-chief-allegedly-used-license-plate-readers-to-stalk.html

Michael Steffman steps down amid arrest in suburban Atlanta/ A police chief in suburban Atlanta has been arrested on charges that he used the city’s automated license plate recognition cameras to stalk and harass multiple people, per the AP. Michael Steffman, 49, had been the police chief since April in Braselton, about 45 miles northeast of Atlanta, and he had worked as an officer in the fast-growing town of 17,000 since 2005. He announced his resignation Wednesday, just before his arrest by the Georgia Bureau of Investigation became public.

Subject: GAO: ‘Digital footprints’ endanger the nation, military and personnel
Source: UPI.com
https://www.upi.com/Top_News/US/2025/11/20/defense-department-digital-footprint/9471763686637/

Nov. 20 (UPI) — Using digital devices creates a data footprint that endangers national security, U.S. military personnel and military operations, the Government Accountability Office said.

The Defense Department has cited publicly available data generated by defense platforms, personal devices and online activities as a growing threat that requires continual caution, the GAO reported on Monday.

Such information could enable “malicious actors” to trace the movements of ships and aircraft and otherwise endanger military operations, according to Military Times.

The GAO report says 10 Defense Department components are vulnerable to security lapses that create “volumes of traceable data.”

[…]

Topics:

LinkedIn
Posted in: AI, Cybercrime, Cybersecurity, KM, Legal Research, Privacy, Social Media, Spyware