Iris Scan, ICE Face ID, Cybercrime & Huawei – 11/26/2025

This privacy intelligence digest highlights critical alerts including the Thai PDPC halting iris scans, rights groups challenging ICE’s face recognition program, and the FBI warning about a surge in cybercriminal impersonation resulting in $262M stolen. Also covered are London councils hit by a cyberattack and concerns surrounding Huawei’s surveillance capabilities. Stay informed with these key updates.

Top 5 Critical Privacy Alerts

• Thailand’s PDPC tells firm to halt iris scan service: Thailand’s PDPC orders TIDC Worldverse to halt iris scan services and delete data from 1.2 million people due to cryptocurrency exchange for personal data. Read more
• Rights Organizations Demand Halt to Mobile Fortify, ICE’s Handheld Face Recognition Program: Rights groups demand DHS halt ICE’s Mobile Fortify app, citing privacy violations and potential for wrongful detentions due to face recognition tech. Read more
• FBI: Cybercriminals stole $262M by impersonating bank support teams: The FBI warns of a surge in account takeover (ATO) fraud, with cybercriminals impersonating financial institutions stealing over $262 million this year. Read more
• Two London councils enact emergency plans after being hit by cyber-attack: Two London councils enact emergency plans after a cyber-attack, investigating potential data compromise and shutting down systems as a precaution. Read more
• Huawei and Chinese Surveillance: An excerpt from ‘House of Huawei’ details concerns about Huawei’s early history and its connection to Chinese surveillance. Read more

Regulatory Fines & Enforcement Actions

• Thailand’s PDPC tells firm to halt iris scan service: Thailand’s PDPC orders TIDC Worldverse to halt iris scan services and delete data from 1.2 million people due to cryptocurrency exchange for personal data. Read more

Security

• Microsoft to secure Entra ID sign-ins from script injection attacks — Microsoft will enhance Entra ID security against script injection attacks starting in mid-to-late October 2026. Read more
• ASUS warns of new critical auth bypass flaw in AiCloud routers — ASUS has released firmware patches for nine security vulnerabilities, including a critical authentication bypass flaw in AiCloud routers. Read more
• Passwork 7: Self-hosted password and secrets manager for enterprise teams — Passwork 7 unifies enterprise password and secrets management in a self-hosted platform, offering automation and free trials. Read more
• OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide — A cyberattack on OnSolve CodeRED disrupted emergency notification systems used by state and local governments across the US. Read more
• The Black Friday 2025 Cybersecurity, IT, VPN, & Antivirus Deals — Early Black Friday deals are available across security software, online courses, system administration tools, antivirus products, and VPN services. Read more
• FBI: Cybercriminals stole $262M by impersonating bank support teams: The FBI warns of a surge in account takeover (ATO) fraud, with cybercriminals impersonating financial institutions stealing over $262 million this year. Read more
• Tor switches to new Counter Galois Onion relay encryption algorithm — Tor has announced improved encryption by replacing the tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). Read more

Surveillance

• Huawei and Chinese Surveillance: An excerpt from ‘House of Huawei’ details concerns about Huawei’s early history and its connection to Chinese surveillance. Read more
• Rights Organizations Demand Halt to Mobile Fortify, ICE’s Handheld Face Recognition Program: Rights groups demand DHS halt ICE’s Mobile Fortify app, citing privacy violations and potential for wrongful detentions due to face recognition tech. Read more

Biometrics

• Thailand’s PDPC tells firm to halt iris scan service: Thailand’s PDPC orders TIDC Worldverse to halt iris scan services and delete data from 1.2 million people due to cryptocurrency exchange for personal data. Read more