Welcome to this week's cybersecurity news roundup, where we break down the latest security developments affecting governments, organizations, and everyday users.
Switzerland Takes Strong Stance Against US Cloud Services
Swiss data protection authorities have issued a significant warning to government agencies about using major cloud platforms like Microsoft 365, AWS, and Google Cloud for handling sensitive information.
The Swiss Conference of Data Protection Officers (Privatim) released guidance stating that most cloud-based software services don't provide true end-to-end encryption, meaning cloud providers can still access user data in plain text. This creates a major problem for Swiss government agencies that handle confidential citizen information.
Why it matters: The main concern centers around the US CLOUD Act, which allows American authorities to request data from US-based companies regardless of where that data is physically stored. Even if information sits on servers in Switzerland, US law enforcement could potentially access it.
The guidance recommends that Swiss public bodies avoid these services for sensitive data and instead look toward locally-hosted alternatives or strictly European providers. This decision could signal a broader trend of European governments reconsidering their reliance on American tech giants for critical infrastructure.
Massive Security Flaw Discovered Across Millions of GitLab Projects
Security researcher Luke Marshall recently completed an eye-opening project: he scanned all 5.6 million public repositories on GitLab and discovered over 17,000 verified live credentials sitting in plain sight.
Using an open-source tool called TruffleHog, Marshall spent about $770 on cloud computing resources to complete the scan in just 24 hours. The results were alarming – he found thousands of active API keys, passwords, and tokens that could be exploited by attackers.
What was exposed:
Over 5,000 Google Cloud credentials
More than 2,000 MongoDB access keys
Numerous OpenAI and AWS credentials
910 Telegram bot tokens
The research revealed that GitLab has a 35% higher concentration of leaked secrets compared to similar platforms like Bitbucket. Many of these exposed credentials dated back years, with some valid credentials from as far back as 2009 still working today.
The takeaway: Developers often accidentally commit sensitive information to code repositories, and once it's there, it can remain accessible indefinitely unless explicitly removed. Organizations need to regularly scan their repositories and immediately rotate any exposed credentials.
Strava Updates Terms to Address Military Security Concerns
The popular fitness tracking app Strava is updating its terms of service to place responsibility squarely on users when it comes to location sharing risks.
Starting January 1, 2026, Strava's new terms will require users to accept all safety and security risks associated with sharing their GPS data. The updated language specifically warns people working in sensitive positions or jobs requiring trust to think carefully before using location features.
The backstory: This change comes years after Strava made headlines when its global activity heatmap inadvertently revealed the locations of military bases and the movements of soldiers. In 2018, researchers discovered they could identify secret US military installations by looking at activity patterns in remote areas. More recently, the app exposed location data of French President Emmanuel Macron's security detail.
The new terms make it clear that Strava won't be held responsible for security incidents arising from location data sharing, emphasizing that users must employ these features responsibly based on their personal circumstances.
Iranian Hacking Operation Exposed in Massive Leak
A significant data breach has revealed the inner workings of one of Iran's most active cyber espionage groups, known as "Charming Kitten" or APT35.
Iranian opposition activist Nariman Gharib published leaked documents that expose the structure, operations, and targets of this group, which is linked to Iran's Islamic Revolutionary Guard Corps (IRGC). The leak includes organizational details, personnel identities, operational logs, and even photographs of operatives.
What the leak reveals:
The group operates through multiple specialized teams focusing on different tasks: developing hacking tools, conducting infiltration operations, running phishing campaigns, and translating stolen documents
Operations targeting thousands of organizations across dozens of countries, with particular focus on Middle Eastern governments, Iranian dissidents, and Western officials
Evidence linking the hacking activities to broader intelligence operations, including alleged connections to assassination planning
Financial records showing how the operation is funded through shell companies and cryptocurrency payments
The documents show that Charming Kitten has been active since at least 2017 and has been growing in both size and sophistication. The breach represents a rare glimpse into how state-sponsored hacking operations actually function on a day-to-day basis.
Israeli Military Bans Android Devices for Senior Officers
The Israel Defense Forces (IDF) has expanded its smartphone restrictions by banning Android devices for all senior officers at the rank of Lieutenant Colonel and above.
Under the new directive, these officers will only be permitted to use iPhones for official military communications. The policy is being implemented to address concerns about malware installation and information security vulnerabilities.
The reasoning: Israeli military officials believe Android devices present greater security risks compared to Apple's iOS platform. The closed nature of Apple's ecosystem makes it harder for malicious software to infiltrate devices, while Android's more open architecture is seen as potentially more vulnerable to sophisticated attacks.
The decision follows increased warnings about social engineering attacks and "honeypot" operations conducted by adversarial groups like Hamas, Hezbollah, and Iranian cyber units. These attacks often use fake social media profiles and messaging apps to trick military personnel into revealing sensitive information or their locations.
While Android phones will still be allowed for personal use, any official or operational communications must now be conducted exclusively on iPhones. The IDF has been conducting internal training to educate personnel about these cyber threats and the importance of operational security.
What These Stories Mean for You
These developments highlight several important cybersecurity themes:
Data sovereignty is becoming a bigger concern – Countries are increasingly questioning whether foreign cloud providers should handle sensitive government data.
Developers must be vigilant about secrets in code – Even years-old credentials can still be active and exploitable. Regular security audits and secret scanning should be standard practice.
Location data carries real risks – What seems like harmless fitness tracking can have serious security implications, especially for people in sensitive positions.
State-sponsored hacking is sophisticated and persistent – Nation-state actors are conducting complex, long-term operations with significant resources.
Mobile security is a growing military concern – As smartphones become integral to operations, militaries are having to make hard choices about which platforms to trust.
Stay safe out there, and remember: security is everyone's responsibility.