Lock down those Firefox add-ons
Mozilla warns of phishing attacks targeting developers of Firefox add-ons
Assess risk and choose the right tools when recording interviews
Before journalists hit the ‘record’ button to capture interviews, it’s critical for them to think through the potential risks associated with recording and storing audio or video
Apple’s least fun alerts
Research shows that in recent months, Apple has notified at least a dozen Iranian iPhone users of targeted spyware, including those in civil society
Ask a security trainer: What about the password for my password manager?
Definitely use a strong password on your password manager. But it’s also a good move to have backup plans
Meta fixes bug that leaked AI chats
A security researcher found that by altering the ID attached to Meta AI prompts, he could get their chatbot to spit out someone else’s prompt and AI-generated responses
AI impersonation in the White House
Journalistic skepticism is pretty normal. But now we need to question someone’s literal voice. That’s a bit new
Airline data is flying all over the place
Getting back to the basics can help you mitigate the impact of mass data breaches
Oh, Brother (printers)!
The best time to patch your connected devices is all the time
Should you try Google Advanced Protection?
It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.Android 16 drops — and with it, Advanced Protection modeJournalists and other at-risk …
Ask a security trainer: Securing your passwords when traveling
Planning to travel soon? Protect your passwords with these tips from FPF’s digital security training team!
Module: Digital security 101 — Crossing the US-Mexico border
This module focuses on how to prepare and what to expect for those traversing the U.S. southern border, centering journalists serving border communities.Unlike most modules in the J-school digital security curriculum, it begins with a somewhat distinct perspective on risk assessment, adding further emphasis on individual attributes (e.g., nationality) …
Journalist searched and detained at US airport
CBP searched an Australian journalist’s phone. He noted he was questioned over materials in his blog, social media posts, and reporting
Preparing devices for travel through a US border
US border searches of electronic devices put journalists’ work at risk. But there’s a lot you can do to be prepared
Report examines scams on the rise
The report also examines users’ choices in authentication methods, highlighting passkeys
The automated license plate reader dragnet
Automated license plate readers are everywhere, and they can often tell a story about your movement
Signal blocks Microsoft Recall from recalling
Signal is making it harder for your private messages to get pulled into Microsoft’s new Recall AI feature
Telegram’s growing mountain of data requests
Telegram’s transparency reporting bot suggests their compliance with data requests from authorities has exploded between 2024 and 2025.
Ask a security trainer: Checking identities in Signal
Welcome to “Ask a security trainer,” the column where the Digital Security Training team at Freedom of the Press Foundation (FPF) answers your burning questions at the intersection of journalism and security. Submit yours here! Let’s jump right into this week’s question.Dear DST,I’ve been seeing this story …
NSO Group fined in WhatsApp suit
The lawsuit also reveals more about how NSO Group executed its attacks on WhatsApp users, including journalists.
More Signalgate than we can tolerate
Look, neither one of us wants this. But we’re going to have to keep talking about how defense officials are using Signal in unusual ways
Chrome concedes third-party cookie fight
Third-party cookie ad tracking in Chrome is here to stay. If you’re sticking with Chrome, let’s talk about some safer settings.
Signalgate: The saga continues
The Signalgate saga continues. This time, Defense Secretary Pete Hegseth sent operational Yemen missile strike details to his wife and brother. Fortunately you can learn from Hegseth’s mistakes.
Ask a security trainer: What information can my VPN provider see?
Virtual private networks are a useful tool for our digital security kit, but what exactly do they protect us from?
Tariffs and security updates
If you’re like me, you’re thinking about whether to buy electronics ahead of potential tariffs, and how long those devices will receive updates
Siding with Apple, court rejects UK’s secrecy request
A transparency win in a case concerning backdoor requests to Apple
