From drone warfare powered by SIM cards to fresh telco breaches and product upgrades, the security landscape is shifting fast. Here’s what’s new in the world of mobile privacy, national security, and Cape.

Spiderweb Attack Reveals Telecom’s Role in Modern Warfare

Last week, Ukraine launched a high-profile drone strike on Russian airfields in an operation now dubbed “Spiderweb.” While hailed as one of Kyiv’s most significant tactical wins in months, the attack has sparked concern among U.S. lawmakers—particularly about the vulnerability of American airbases to similar tactics.

But there’s a deeper takeaway: the attack relied on commercial telecom infrastructure. Ukrainian forces reportedly inserted Russian SIM cards into drones, crossed back into Ukraine, and remotely guided the drones into Russian territory—using Russia’s own cell towers.

Russia couldn’t shut down the networks without causing domestic chaos. This paradox—where telecom infrastructure is both critical and exploitable—is now a pressing concern for the U.S., especially as cyber-ops like Salt Typhoon and Volt Typhoon continue to probe American networks.

→ Hear more from our CEO John Doyle on TBPN

Cape x Vannevar: Building Resilient Networks for National Security

Cape is partnering with Vannevar Labs to bring resilient, secure communications to the most contested environments.

“We plan to embed Cape SIMs into our Scout sensors and use Cape as our primary network provider given their proven success in contested, remote, and denied environments.”

— Scott Philips, CTO at Vannevar Labs

This collaboration underscores the growing demand for mobile networks that can operate reliably in high-risk, high-stakes zones.

→ Read the full press release

Privacy & Security News

A slew of privacy incidents has hit the telecom world in recent weeks:

• • T-Mobile may be screen-recording user activity inside its app by default—a serious violation of user trust that went largely unnoticed.
    • → Read the report
• • A new SIM swap attack vector has emerged: researchers found a way to reveal any phone number linked to a Google account.
    • → Details here
• • AT&T’s 2021 breach is resurfacing. Hackers are now leaking enriched customer data, including Social Security numbers and birthdates—a significant escalation in the potential for identity theft.
    • → More on the breach

Cape Product Updates: New Defenses Against Real-World Threats

We’ve rolled out several improvements to make your mobile experience even more private and secure:

Tighter Call Security & Metadata Protection

• • For GrapheneOS users, we’ve stripped remaining Google dependencies.
• • We’ve minimized location leaks in 4G VoLTE call metadata by stripping unnecessary headers from SIP signaling traffic.

These changes were inspired by a recently disclosed vulnerability, where leaked SIP headers allowed attackers to triangulate user locations.

→ Read more about the SIP vulnerability

Cape Encrypted Push Notifications Are Live

Following a report by Joseph Cox (404 Media) that Apple quietly handed unencrypted push notification content to governments worldwide, we launched our own encrypted alternative.

Cape’s Encrypted Push Notifications secure both the content and metadata, ensuring that only your device can read them. This significantly reduces the visibility of your communications to intermediaries and third parties.

→ Read about the feature

Want more stories like these? Subscribe to Cape’s newsletter here.