US legislation covering federal datacenters is set to expire in September and it appears that the Trump administration is simply going to allow it to lapse without replacement. The Federal Data Center Enhancement Act (FDCEA) of 2023 covers certain standards that are to be adhered to for facilities that are wholly or partially owned, operated, or maintained by a federal agency. It includes requirements relating to availability and uptime of the facility; the use of sustainable energy sources; protection against power failure; protections against physical intrusion and natural disasters; plus IT security protections. We understand that the legislation will sunset on September 30, 2026, and according to Wired, neither the US Congress nor the Trump administration appears to be making any move to extend the act, or put alternate legislation in place. The danger is that if the FDCEA is not renewed or superseded by similar legislation, then federal agencies across the US may cease to follow the requirements and simply act as they see fit when procuring new datacenter infrastructure. We asked the White House and Congress for comment. According to implementation guidance issued by the Office of Management and Budget (OMB) under the previous administration, agency datacenters “must provide secure and highly available computing infrastructure to enable reliable access to Federal information and information systems.” It notes that the "needs of the federal government with respect to data access and data processing systems have evolved since 2014,” when the Federal Data Center Consolidation Initiative (FDCCI) was established, and hence the latter was not renewed but replaced by the FDCEA. The OMB states that effective operation of datacenters requires regular monitoring, and optimization of resources by operators, and directs agencies to incorporate automated tools into the management of all new facilities, including tools that monitor metrics such as electrical consumption. It also states that the “cost, scarcity, and environmental impact of energy and water consumption necessitates that agencies evaluate datacenters against resource consumption metrics and best practices when making their decisions” regarding new datacenter builds. Perhaps most importantly, it requires that federal facilities “must be able to meet the reliability and resiliency needs of their hosted information and information systems through implementation of the appropriate information security and physical security protections.” It is widely known that the Trump administration does not look kindly on regulations, especially those relating to environmental protection. Instead, policy has focused on fast-tracking the federal permitting process for datacenters, particularly those dedicated to training and developing AI models. A recent report from Politico stated that the Trump administration was not inclined to set nationwide environmental requirements or recommendations for the datacenter industry. Instead, Environmental Protection Agency (EPA) Administrator Lee Zeldin said that while there are technologies and practices that reduce air pollution and water usage, individual states and communities know what works best for them. At the same time, opposition to datacenter construction is growing across the US, precisely because of public fears over factors such as air pollution, water usage, and the prospect of spiking energy bills. A recent survey found more than 70 percent of respondents said that they would be against the construction of an AI datacenter in their neighborhood. ®

The UK government has set up an advisory board for its digital ID project, intended "to challenge the government on emerging ideas or policy decisions to ensure the system works for everyone," says the Cabinet Office. The board includes David Rogers, an Internet of Things security expert and CEO of security consultancy Copper Horse. He is no stranger to government advisory panels, having previously sat on a group formed in 2020 to consider telecoms diversification. A year later, as chairman of the GSMA's fraud and security group, he backed the then-Conservative government's Product Security and Telecommunications Infrastructure Act 2022. Rogers has provided El Reg with comments over the years, and in 2014 discussed iPhone 6 biometric security, arguing that better usability would cut data loss overall because most people found PIN locks too cumbersome. Justine Roberts, founder and chief executive of UK parenting forum Mumsnet, is also on the board. The site experienced a data breach in 2019 due to a cloud migration affecting 46 user accounts, leading Roberts to apologize. More recently, some Mumsnet posters have been unimpressed by the government's digital ID plans, with one responding to the prime minister's October 2025 announcement with "Honestly, who is he kidding?" and "Desperate stuff to justify this authoritative bs." During the public consultation, some posters promoted the Sex Matters campaign to let Brits include their sex in their digital IDs. Another board member, Victor Dominello, has relevant experience as the minister who launched New South Wales' digital driver's license in 2019, saying it was more secure than the physical equivalent. In 2022, a researcher at security company Dvuln found numerous security flaws in the Service NSW app that hosts the license and other government services, although the state government said these did not pose a risk to customer information. Other members include John Fallon, former chief executive of Pearson and the lead non-executive board member of the Cabinet Office; Anne-Marie Imafidon, who runs social enterprise Stemettes, which encourages people to consider jobs in tech and science; and digital regulation lawyer Emma Wright. The board will meet quarterly for as long as the digital ID program lasts. The government is also setting up engagement exercises with the digital verification and financial services sectors. It is currently running a People's Panel with around 100 to 120 participants meeting in Birmingham and on Zoom to hear from experts and ministers before producing recommendations, in return for £550 in cash or vouchers. ®

If you thought US Immigration and Customs Enforcement’s widespread use of face recognition apps was a privacy violation, you’re about to get eye-rate over a new $25 million contract. According to a largely unreported contract summary published last week by ICE parent agency the Department of Homeland Security, US immigration cops have doled out about $25.1 million to a company called Bi2 Technologies for 1,570 biometric recognition devices able to identify people through fingerprints, iris scans, and facial recognition. Additional procurement data indicates that the devices can be used in the field in both mobile and stationary configurations, and they provide ICE agents with access to Bi2’s Inmate Recognition and Identification System (IRIS), which matches biometrics to a database of more than five million booking, arrest, and incarceration records from 47 US states. The Bi2 system is also able to access driver’s license and vehicle plate info. The deal was made without seeking any competing bids, and ICE justified the sole-source acquisition by pointing not only to Bi2’s capabilities being “unmatched by any competitor,” but also to a contract from last year in which it paid the company $4.6 million for what now appears to have been a one-year trial run of its technology on a much smaller scale. Per the FY 2025 contract, which expires at the end of this coming September, ICE got similar access to the IRIS database and mobile/stationary biometric scanning technology as this year’s award, but only 200 devices were deployed across the US. With the addition of this contract, 1,770 of the devices could now be on American streets by the end of May 2027. While the Bi2 contracts have yet to cause a stir on the level of other ICE biometric surveillance technologies, the widespread deployment of eyeball scanners linked to law enforcement databases and other forms of government documentation could end up stirring up more controversy. Senate Democrats have been railing against ICE’s use of biometric identification technology like Mobile Fortify, an app reportedly used by DHS under the Trump administration’s immigration enforcement push to identify people suspected of immigration violations and, potentially, protesters. In a letter last September, senators demanded ICE immediately cease using Mobile Fortify over concerns that the app could be inaccurate, biased, and might have a chilling effect on the legal expression of protected civil rights in the US. Neither ICE nor DHS responded to questions for this story. ®

Vietnam has decided to develop its own cloud platform, so its government agencies can stop using foreign-owned services. Prime Minister Le Minh Hung last week announced the plan in Decision 808/QD-TTg, which lists 20 strategic technologies Vietnam wants to develop to improve its technological self-reliance and give its government the tools to tackle national challenges. Developing a national cloud computing platform is number 13 on the list. Machine translation of Decision 808 yields the following goals for the project: “Ensuring national data sovereignty and cybersecurity for the digital government and key digital economic infrastructures; forming a centralized, secure, and reliable digital and data infrastructure to serve national digital transformation; gradually replacing foreign cloud services in state agencies, reducing the risk of data leaks and breaches of state secrets.” The move is a sign that Vietnam’s government, like many others, fears entanglements with cloud providers that may struggle to escape edicts from their home jurisdictions. Yet major hyperscalers Microsoft, Google, and Tencent Cloud are yet to build facilities in Vietnam. AWS will bring one of its lightweight Local Zones to Hanoi, Alibaba Cloud intends to build a datacenter, and Huawei Cloud has expressed interest in doing likewise. Vietnam’s government wants more love from hyperscalers – the nation’s Deputy PM recently met with AWS officials and called for greater co-operation. Yet any Vietnamese government workloads currently operating in a major hyperscaler violate the nation’s own laws that require local storage of personal information! Other technologies Vietnam wants to develop include a large-scale Vietnamese language model, virtual assistants, and AI to power applications including cameras, credit risk management, and something that translates as “a national smart education platform applying controlled AI.” The nation also wants its own next-generation firewall; anti-malware software, a next-generation SIEM system, and an “AI-integrated security operations center platform.” Quantum-resistant encryption also makes the list, as does a “user and entity behavior analysis system.” Rare earth processing is another capability Vietnam desires, as are 5G expertise, the ability to build and operate autonomous and industrial robots, and improved semiconductor design skills. Vietnam is in a hurry: Decision 808 set a 2030 deadline to get this all done. According to a Tuesday post to a government news platform, 2030 is also the year in which Hanoi expects all core government services will be online, and digital infrastructure enables outcomes such as “Ensuring social welfare and supporting crime prevention and control, national security, and social order and safety” plus “Supporting scientific research and innovation.” And in 2035, Vietnam “will become a developed digital nation” in which “National databases, with population data serving as the core, will be interconnected, shared, and effectively utilized to support the development of a smart government, enabling data-driven decision-making based on real-time information.” Smart government will mean “Citizens will benefit from personalized, automated, and convenient digital services tailored to different life events.” What a time to be alive. ®

Wearable health devices are designed to give you more control over your body and your data. 

But in 2026, the bigger risk isn’t someone spying on your smartwatch or smartring in real time. It’s what happens if the data connected to that device gets exposed. 

Health data, login credentials, and behavioral patterns tied to wearables can become valuable signals for cybercriminals. And once that data is out, it can fuel everything from identity theft to highly targeted scams. 

Here’s what’s actually at risk, and how to protect yourself. 

What Is Wearable Health Data (and Why It Matters) 

Wearable health data refers to the personal information collected and stored by devices like fitness trackers, smartwatches, and connected medical monitors. 

This can include: 

• Heart rate and activity levels  
• Sleep patterns  
• Location data  
• Medical metrics (like glucose levels)  
• Account credentials tied to apps and dashboards  

On its own, this data may seem harmless. But combined, it creates a highly detailed profile of your habits, routines, and health status. 

The Real Risk in 2026 Isn’t the Device. It’s the Data. 

Early conversations around wearable security focused on device hacking or surveillance. 

Today, the bigger concern is data exposure. 

If wearable platforms, apps, or connected services are breached, your data could be: 

• Sold on the dark web  
• Used to impersonate you  
• Leveraged in targeted phishing or health-related scams  

And because this data is personal and specific, scams built from it can feel far more convincing than generic spam. 

How Exposed Wearable Data Can Lead to Scams 

When cybercriminals gain access to personal data, they don’t just sit on it. They use it. 

Here’s how that plays out: 

Scenario	What It Looks Like	Why It Works
Health-related phishing	“Your insurance claim was denied” or “Update your health profile”	Feels relevant and urgent
Account takeover attempts	Password reset emails tied to known apps	Uses real account signals
Personalized scams	Messages referencing routines, devices, or conditions	Builds trust quickly
Fake alerts or services	“Device security issue detected”	Mimics real product behavior

 

This is where the risk shifts from data privacy → real-world financial and identity impact. 

6 Smart Ways to Protect Your Wearable Data 

1)Install updates immediately
Security patches fix known vulnerabilities. Delaying updates leaves gaps open.  

2) Use layered protection, not just device settings
A VPN and security software help protect data in transit and block threats before they reach you.  

3) Strengthen your login credentials
Use strong, unique passwords and enable two-factor authentication wherever possible.  

4) Limit what you share
Review app permissions and only connect devices to services you trust.  

5) Verify every message or alert
If you receive a message tied to your device or health data, double-check the source before clicking.  

6) Monitor your accounts regularly
Small signs of unusual activity can be early indicators of larger issues. 

How McAfee Helps Protect Your Data Beyond the Device 

Protecting your wearable doesn’t stop at the device itself. It extends to what happens if your data is exposed or targeted. 

Identity Monitoring 

McAfee helps track your personal information across known breach sources and alerts you if your data appears where it shouldn’t. 

This gives you early warning if wearable-related accounts or associated data are compromised. 

Scam Detector 

If your data is exposed, scammers often follow. 

McAfee’s Scam Detector helps identify suspicious messages, links, and communications before you engage, and explains why something was flagged, so you can make informed decisions quickly. 

Together, these tools help protect not just your device, but the chain reaction that can follow a data breach. 

The post Can Your Wearable Health Monitors Be Compromised? appeared first on McAfee Blog.

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers.

Kimwolf is a botnet that surfaced in late 2025 and quickly infected millions of systems, turning poorly secured IoT devices like TV streaming boxes, digital picture frames and routers into relays for malicious traffic and abnormally large distributed denial-of-service (DDoS) attacks.

I2P is a decentralized, privacy-focused network that allows people to communicate and share information anonymously.

“It works by routing data through multiple encrypted layers across volunteer-operated nodes, hiding both the sender’s and receiver’s locations,” the I2P website explains. “The result is a secure, censorship-resistant network designed for private websites, messaging, and data sharing.”

On February 3, I2P users began complaining on the organization’s GitHub page about tens of thousands of routers suddenly overwhelming the network, preventing existing users from communicating with legitimate nodes. Users reported a rapidly increasing number of new routers joining the network that were unable to transmit data, and that the mass influx of new systems had overwhelmed the network to the point where users could no longer connect.

When one I2P user asked whether the network was under attack, another user replied, “Looks like it. My physical router freezes when the number of connections exceeds 60,000.”

The same day that I2P users began noticing the outages, the individuals in control of Kimwolf posted to their Discord channel that they had accidentally disrupted I2P after attempting to join 700,000 Kimwolf-infected bots as nodes on the network.

Although Kimwolf is known as a potent weapon for launching DDoS attacks, the outages caused this week by some portion of the botnet attempting to join I2P are what’s known as a “Sybil attack,” a threat in peer-to-peer networks where a single entity can disrupt the system by creating, controlling, and operating a large number of fake, pseudonymous identities.

Indeed, the number of Kimwolf-infected routers that tried to join I2P this past week was many times the network’s normal size. I2P’s Wikipedia page says the network consists of roughly 55,000 computers distributed throughout the world, with each participant acting as both a router (to relay traffic) and a client.

However, Lance James, founder of the New York City based cybersecurity consultancy Unit 221B and the original founder of I2P, told KrebsOnSecurity the entire I2P network now consists of between 15,000 and 20,000 devices on any given day.

Benjamin Brundage is founder of Synthient, a startup that tracks proxy services and was the first to document Kimwolf’s unique spreading techniques. Brundage said the Kimwolf operator(s) have been trying to build a command and control network that can’t easily be taken down by security companies and network operators that are working together to combat the spread of the botnet.

Brundage said the people in control of Kimwolf have been experimenting with using I2P and a similar anonymity network — Tor — as a backup command and control network, although there have been no reports of widespread disruptions in the Tor network recently.

“I don’t think their goal is to take I2P down,” he said. “It’s more they’re looking for an alternative to keep the botnet stable in the face of takedown attempts.”

The Kimwolf botnet created challenges for Cloudflare late last year when it began instructing millions of infected devices to use Cloudflare’s domain name system (DNS) settings, causing control domains associated with Kimwolf to repeatedly usurp Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites.

James said the I2P network is still operating at about half of its normal capacity, and that a new release is rolling out which should bring some stability improvements over the next week for users.

Meanwhile, Brundage said the good news is Kimwolf’s overlords appear to have quite recently alienated some of their more competent developers and operators, leading to a rookie mistake this past week that caused the botnet’s overall numbers to drop by more than 600,000 infected systems.

“It seems like they’re just testing stuff, like running experiments in production,” he said. “But the botnet’s numbers are dropping significantly now, and they don’t seem to know what they’re doing.”