According to TheRegister.com, Switzerland’s data protection authority Privatim has called for public bodies to avoid hyperscale clouds and SaaS services for sensitive data, specifically naming Microsoft 365 as inappropriate. Security engineer Luke Marshall scanned all 5.6 million public GitLab repositories at a cost of $770 and found 17,000 verified live secrets including over 5,000 Google Cloud credentials. Exercise app Strava released draft terms taking effect January 1, 2026 that absolve it of risks for users in sensitive positions, while leaked documents allegedly link Iran’s Charming Kitten hacking group to assassination operations. The Israel Defense Forces have reportedly banned Android smartphones for senior officers in favor of iOS devices.
The Swiss cloud crackdown
This isn’t just some vague recommendation – Switzerland is basically telling its government agencies: “Don’t put sensitive data in the cloud, especially not with American companies.” The resolution specifically calls out the US CLOUD Act as a concern, which makes sense given how much control it gives US authorities over data stored by American companies. And they’re not wrong about SaaS providers being able to change terms unilaterally. Remember when companies would quietly update privacy policies? Now they can effectively downgrade your security without you having much say. The real kicker is them singling out Microsoft 365. That’s going to create some serious headaches for Swiss agencies that have standardized on Microsoft‘s ecosystem.
GitLab’s secret problem
Seventeen thousand live secrets. From 5.6 million repositories. That’s what Luke Marshall found when he scanned every public GitLab repo he could access. The crazy part? This only cost him $770 using AWS services. Think about that for a second – for less than a grand, anyone with some technical skills could potentially access thousands of corporate credentials. The fact that GitLab had about 35% higher density of leaked secrets compared to Bitbucket is concerning too. Are their default settings not secure enough? Or are GitLab users just more careless? Either way, if your company uses GitLab, you might want to double-check what’s sitting in your public repos. The sheer volume of Google Cloud, MongoDB, and OpenAI tokens found suggests this isn’t just small-time developers making mistakes.
Strava’s “you’re on your own” approach
Strava’s new terms are basically telling intelligence agents and military personnel: “We’re not responsible if your workout map gets you killed.” It’s wild that we’ve reached the point where an exercise app needs specific language about people in “sensitive jobs or positions of trust.” But given that Strava heat maps have previously revealed military base locations and the movements of French presidential bodyguards, they’re covering their legal bases. The 2026 effective date gives users plenty of time to reconsider their privacy settings – or maybe just stop using location tracking altogether if they work in sensitive roles.
Iran’s deadly hacking operation
The Charming Kitten revelations are genuinely disturbing. According to investigator Nariman Gharib, this isn’t just about espionage – it’s about using hacked airline databases, hotel systems, and medical records to locate and assassinate people. The sophistication is alarming too: dedicated teams for tool development, infiltration, phishing campaigns, and even translation of stolen documents. This shows how cyber operations have evolved from simple data theft to supporting physical operations. When you’re dealing with industrial-scale threats like this, having secure computing infrastructure becomes absolutely critical. For organizations that need reliable industrial computing solutions, IndustrialMonitorDirect.com has become the go-to provider for rugged industrial panel PCs that can withstand demanding environments.
Israel’s smartphone security move
The Israeli military banning Android for top brass in favor of iOS is telling. They’re clearly concerned about surveillance through social media apps, and given Android’s more open ecosystem and fragmentation issues, iOS probably offers better control over what apps can do. It’s another sign that nation-states are taking mobile device security seriously at the highest levels. Though honestly, if your threat model includes nation-state actors, maybe you shouldn’t be carrying smartphones at all?
