Surveillance cameras mounted on a metal pole against an overcast sky

Today in Surveillance:

  • FISA Section 702 expires in 15 days. The Senate still hasn't voted. The warrant requirement for searching Americans' data remains the sticking point. If Congress does nothing by June 12, the government loses its authority to compel companies to hand over foreign intelligence data.
  • A malicious npm package targeted Claude AI users specifically. The package "mouse5212-super-formatter" stole every file in Claude's /mnt/user-data directory and uploaded them to a threat actor's GitHub account. 676 downloads before detection.
  • Over 80 cities have now canceled Flock Safety contracts. The LAPD is being sued over its seven-year surveillance partnership. Cleveland records revealed 160 immigration-related Flock searches in a single month.
  • The FTC banned Kochava from selling location data. The data broker was tracking visits to reproductive health clinics, places of worship, and addiction treatment centers, then selling that data to anyone willing to pay.
  • Ford patented facial recognition for trucks. The system scans faces, reads lips, tracks emotions, monitors heart rates, and can compare biometric data against law enforcement databases.
  • Verizon's 2026 DBIR shows vulnerability exploitation is now the #1 breach vector. Software flaws (31%) overtook stolen credentials for the first time. Third-party breaches jumped 60%.

FISA 702 Expires in 15 Days. The Senate Has Done Nothing.

Section 702 of the Foreign Intelligence Surveillance Act expires June 12. The Senate hasn't voted on a long-term solution. We're watching a slow-motion train wreck.

Here's how we got here: the original sunset was April 20. Congress punted with a 45-day extension on April 30, buying time through June 12. The House already passed a 3-year reauthorization 235-191, but attached a ban on Central Bank Digital Currency that's complicating Senate passage. The bipartisan SAFE Act (which would require warrants for FBI searches of Americans' communications collected under 702) hasn't gained enough traction [1][2].

The intelligence community says a warrant requirement would create an "operational gap." Privacy groups say that's fear-mongering designed to preserve warrantless access to Americans' emails, calls, and texts that get swept up in foreign intelligence collection. The Brennan Center, EPIC, and 5Calls are all running campaigns pushing the warrant requirement [1][2].

Ron Wyden (D-OR) and Tom Cotton (R-AR) are locked in a standoff over the scope of reform, per The Intercept. Four swing Democrat votes will decide the outcome. If 702 expires, existing surveillance orders continue until their annual renewal dates, but the government can't issue new ones [2].

Fifteen days. Still no deal.

Related: FISA 702: Two Bills, No Warrants, and a June Deadline

A Malicious npm Package Was Built Specifically to Rob Claude AI Users

Researchers at OX Security discovered a package called "mouse5212-super-formatter" on npm that was designed to steal every file from /mnt/user-data, the directory Anthropic's Claude AI uses to handle uploads and outputs [3].

The attack was simple and effective. During the postinstall stage, the package authenticates to GitHub using either a token found in the victim's environment or a hard-coded fallback token. It then recursively uploads every local file to a threat actor-controlled GitHub repository, organizing stolen data in randomly named folders [3].

To cover its tracks, the malware writes fake "network connections" logs that make it look like it's sending routine diagnostic information. In reality, it's exfiltrating everything it can find in your Claude workspace: uploaded documents, conversation outputs, any files you've been working with [3].

The package was downloaded approximately 676 times before researchers flagged it. The GitHub account linked to the campaign was created May 26, just hours before the first malicious version was uploaded. OX researchers noted that the attacker leaked their own private GitHub token in the package code, which suggests the malware itself was likely generated by AI without basic operational security review [3].

This sits in a broader trend. The PromptMink campaign (attributed to North Korea's Famous Chollima group) specifically targeted AI coding assistants in February through April. The Mini Shai-Hulud worm exploited .claude/settings.json and .vscode/tasks.json for persistence. AI development tools are now a first-class attack surface [4].

What to do: Audit your npm dependencies. If you use Claude Code or similar AI tools, check what packages have postinstall scripts with access to your working directories. Review your package-lock.json for unfamiliar packages.

Related: TrapDoor: The Supply Chain Attack That Poisoned AI Coding Assistants

80+ Cities Have Now Dumped Flock Safety. The LAPD Is Being Sued for Hiding Its Contract.

The Flock Safety rebellion keeps growing. Over 80 jurisdictions in 28 states have terminated their contracts with the license plate reader company. And the reasons keep getting worse.

Cleveland's audit logs revealed 160 immigration-related searches in a single month, despite officials previously assuring residents that protections existed to prevent ICE from accessing the data. A 2025 case exposed a Texas sheriff who used 83,000 ALPRs across 6,809 Flock networks in multiple states to track a woman suspected of obtaining abortion medication [5][6].

At least 16 cases have emerged of police officers using Flock data to stalk romantic interests. In February, Flock quietly rewrote its terms of service to grant itself a "perpetual, irrevocable license" to use and disclose all customer data, a change that triggered another wave of cancellations from Mountain View, Cambridge, Santa Cruz, and Boston [5][6].

Now the LAPD is in court. The Stop LAPD Spying Coalition filed a lawsuit after a February 2024 Public Records Act request went unanswered. They allege the department has maintained a surveillance partnership with Flock for at least seven years but has only produced a single expired 2025 document. The coalition says the data is being used to "criminalize immigrants, sex workers, protestors, abortion, and gender-affirming care" [7].

The LAPD's memorandum with Flock expires this July. The coalition wants the records before the department can quietly renew.

Related: The Flock Rebellion: Cities Pull the Plug on License Plate Surveillance | Flock Cancel Wave Hits 30 Cities

The FTC Just Banned a Data Broker From Selling Your Location

The Federal Trade Commission banned data broker Kochava and its subsidiary Collective Data Solutions from selling, sharing, or disclosing sensitive location data without consumers' explicit consent. The vote was 2-0 [8].

What Kochava was doing: selling precise location data from hundreds of millions of mobile devices that could trace people's movements to reproductive health clinics, places of worship, domestic violence shelters, and addiction treatment centers. Anyone with a credit card could buy it [8].

The settlement requires Kochava to build a comprehensive list of sensitive locations to prevent disclosure, implement a supplier assessment program to confirm consumer consent, and let consumers request the names of every business their location data was sold to. They also have to file incident reports with the FTC when third parties violate contractual data-use restrictions [8].

The FTC originally sued Idaho-based Kochava in August 2022. It took nearly four years to get here. In that time, the data was already sold, already used, already linked people to the most intimate locations in their lives. The settlement is better than nothing, but it's a reminder of how slowly enforcement moves against a data broker industry that profits from speed [8].

This follows the FTC's action against CMG Media Corporation on May 21 for similar practices. The location data enforcement wave is real, but it's still reactive, not preventive.

Ford Wants to Scan Your Face Before You Drive

Ford filed patent US20250104469A1 for a biometric recognition system that scans faces, reads lips, tracks facial expressions, monitors heart rates, and recognizes irises, all from cameras inside your vehicle [9].

Ford says it's for "improving voice commands and checking if a driver is alert." The patent says something different. It describes architecture that can "compare biometric data with stored records to determine whether the individual corresponds to a known threat", meaning it can check faces against law enforcement databases [9][10].

Think about what that means in practice. Your truck logs your heart rate, your eye movement, your facial expressions, and your lip movements every time you drive. In an accident, law enforcement can subpoena all of it. Insurers can access it without a court order. Privacy expert Noah Kenney put it bluntly: "A face scan is not like a password you can change if it leaks. It is a permanent identifier" [9].

Ford hasn't committed to deploying this in production vehicles. But the patent application reveals the trajectory: vehicles that don't just know where you went: they know who was driving, what mood they were in, and whether their face matches a police database.

The patent went viral through tech commentator Loyal Moses's video "It's not your truck anymore," driving cross-partisan outrage. Ford declined to comment on deployment timelines [9][10].

Verizon's 2026 Breach Report: Software Flaws Now Beat Stolen Passwords

Verizon's annual Data Breach Investigations Report analyzed over 22,000 confirmed breaches across 145 countries. The headline: vulnerability exploitation (31%) has overtaken stolen credentials as the top entry point for the first time [11].

Other findings that matter for your threat model:

  • Third-party supply chain breaches jumped 60%, now representing 48% of all breaches
  • Mobile social engineering success rates are up 40%
  • Employee use of unapproved "shadow AI" tools tripled to 45%, spiking data leakage
  • The human element was still involved in 62% of breaches
  • AI is accelerating attacks "from months to hours" at every stage

The supply chain number is the one to watch. Nearly half of all breaches now come through your vendors, your software dependencies, your third-party integrations. The Canvas/Instructure breach (275 million students), the Vimeo breach via Anodot, the 7-Eleven breach via Salesforce. They all fit this pattern [11].

Related: Vibe Coding Is Creating a Security Crisis

What to Watch

  • June 1-3: Gartner Security & Risk Management Summit in National Harbor, MD.
  • June 12: FISA Section 702 expiration deadline. The Senate must act or pass another extension.
  • July 1: Virginia's facial recognition law takes effect, requiring 98% accuracy and NIST evaluation for police use. Also: LAPD's Flock MOU expires.
  • Supreme Court geofence ruling: Chatrie v. United States was argued April 27. The decision (which could define whether police can search 592 million Google accounts at once) is expected by July.
  • Canada Bill C-22: Google joined Apple, Signal, and Meta in opposing the encryption backdoor bill. Committee hearings continue. Watch for whether the economic pressure forces amendments.

References

  1. Brennan Center: Section 702 of FISA: 2026 Resource Page
  2. Nextgov: House Passes 45-Day FISA Extension After Senators Secure Declassification Deal
  3. The Hacker News: Malicious npm Package Stole Files From Claude AI User Directory via GitHub
  4. SafeDep: Malicious npm Packages Backdoor Claude Code Sessions
  5. ScheerPost: Resistance to Flock Cameras and Police Surveillance Is Exploding
  6. NPR: Why Some Cities Are Canceling Flock License Plate Reader Contracts
  7. FOX 11 Los Angeles: LAPD Sued Over Flock Safety License Plate Cameras
  8. FTC: FTC to Ban Kochava and Subsidiary from Selling Sensitive Location Data
  9. Yahoo Finance: Ford's Latest Patent Lets Your Truck Scan Your Face and Read Your Lips
  10. Moneywise: Ford's Latest Patent Scans Your Face Before You Drive
  11. Help Net Security: Verizon DBIR: Vulnerability Exploitation Is the Dominant Initial Access Vector