Keir Giles, a prominent expert on Russia, was targeted with a new form of social-engineering attack that leverages App-Specific Passwords. Google links the operation to UNC6293, a Russian state-backed group.
Our preliminary analysis of Bill C-2 situates the legislation within the context of existing research by the Citizen Lab about two potential data-sharing treaties that are most relevant to the new proposed powers being introduced in Bill C-2: the Second Additional Protocol to the Budapest Convention (2AP) and the CLOUD Act. Both of which carry significant constitutional and human rights risks.
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings from our forensic analyses of their devices.
Our investigation of a spearphishing campaign that targeted senior members of the World Uyghur Congress in March 2025 reveals a highly-customized attack delivery method. The ruse used by attackers replicates a pattern in which threat actors weaponize software and websites aimed at preserving and supporting marginalized and repressed cultures to target those same communities.
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research and development at the intersection of information and communication technologies, human rights, and global security. Learn more.
In an interview with What Bitcoin Did, Citizen Lab senior researcher John Scott-Railton discusses the proliferation of spyware and the repercussions of its use on victims. He explains how mass surveillance “ultimately leads to self-censorship,” with significant implications for our freedom. Watch here.
A new U.K. age-verification law aimed to protect children can push people to seedier parts of the web. Citizen Lab senior researcher John Scott-Railton spoke with the Washington Post about the “law of unintended consequences” faced by regulators. The law “suppresses traffic to compliant platforms while driving users to sites without age verification,” says Scott-Railton…. Read more »
Citizen Lab senior researcher John Scott-Railton confirms that FlexiSPY spyware was installed on two Kenyan filmmakers’ phones while the devices were in police custody.
Citizen Lab director Ron Deibert’s new op-ed in the Globe and Mail argues that AI should be subject to more regulation, not less.
The Information Security Program Manager will be responsible for providing strategic leadership to develop and implement Information Security Programs for the Citizen Lab as well as other units at the University. Apply by September 30, 2025.
Join Citizen Lab founder and director Ron Deibert for a screening of the 1981 film “Blow Out” hosted by the Great Escape Bookstore.
