📄 UNI-PASS-Based Customs Systems Insecure Direct Object Reference

A critical security vulnerability has been identified in customs platforms based on UNI-PASS, where a publicly exposed API endpoint allows unauthorized access to sensitive documents without proper authentication or authorization checks. The affected endpoint commonly structured under /api/public/...

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations...

CBP Used Online Ad Data to Track Phone Locations

Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more...

Jeffrey Epstein’s Ties to CBP Agents Sparked a DOJ Probe

Documents say customs officers in the US Virgin Islands had friendly relationships with Epstein years after his 2008 conviction, showing how the infamous sex offender tried to cultivate allies...

The Paramilitary ICE and CBP Units at the Center of Minnesota's Killings

Two agents involved in the shooting deaths of US citizens in Minneapolis are reportedly part of highly militarized DHS units whose extreme tactics are generally reserved for war zones...

ICE Asks Companies About ‘Ad Tech and Big Data’ Tools It Could Use in Investigations

A new federal filing from ICE demonstrates how commercial tools are increasingly being considered by the government for law enforcement and surveillance...

US Judge Rules ICE Raids Require Judicial Warrants, Contradicting Secret ICE Memo

The ruling in federal court in Minnesota lands as Immigration and Customs Enforcement faces scrutiny over an internal memo claiming judge-signed warrants aren’t needed to enter homes without consent...

Border Patrol Bets on Small Drones to Expand US Surveillance Reach

Federal records show CBP is moving from testing small drones to making them standard surveillance tools, expanding a network that can follow activity in real time and extend well beyond the border...

ICE Wants to Build a Shadow Deportation Network in Texas

A new ICE proposal outlines a 24/7 transport operation run by armed contractors—turning Texas into the logistical backbone of an industrialized deportation machine...

CBP Searched a Record Number of Phones at the US Border Over the Past Year

The total number of US Customs and Border Protection device searches jumped by 17 percent over the 2024 fiscal year, but more invasive forensic searches remain relatively rare...

No, ICE (Probably) Didn’t Buy Guided Missile Warheads

A federal contracting database lists an ICE payment for $61,218 with the payment code for “guided missile warheads and explosive components.” But it appears ICE simply entered the wrong code...

EUVD-2023-52844

Malicious code in bioql PyPI...

MAL-2025-44539 Malicious code in hang-announced-customs (npm)

The package hang-announced-customs was found to contain malicious code...

Malicious code in hang-announced-customs (npm)

The package hang-announced-customs was found to contain malicious code...

Phone Searches at the US Border Hit a Record High

Customs and Border Protection agents searched nearly 15,000 devices from April through June of this year, a nearly 17 percent spike over the previous three-month high in 2022...

CBP Wants New Tech to Search for Hidden Data on Seized Phones

Customs and Border Protection is asking companies to pitch tools for performing deep analysis on the contents of devices seized at the US border...

Airlines Secretly Selling Passenger Data to the Government

This is news: A data broker owned by the country's major airlines, including Delta, American Airlines, and United, collected U.S. travellers' domestic flight records, sold access to them to Customs and Border Protection CBP, and then as part of the contract told CBP to not reveal where the data...

US airline industry quietly selling flight data to DHS

A data broker owned by some of America's biggest airlines has been selling access to customer flight data to the US Department of Homeland Security DHS. The data, compiled by data broker Airlines Reporting Corporation ARC, includes names, flight itineraries, and financial details. It also covers...

The US Is Storing Migrant Children’s DNA in a Criminal Database

Customs and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future...

US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car

A CBP spokesperson tells WIRED that the agency plans to expand its program for real-time face recognition at the border, potentially aiding Trump administration efforts to track people who self-deport...