Updates and analysis on data breaches.
Researchers at UC Santa Cruz and Johns Hopkins hijacked self-driving cars and autonomous drones using commands written on road signs. AI systems followed illicit instructions with success rates up to 95.5% in tests.
Read more
Dutch authorities seized a Windscribe VPN server without a warrant and told the company they'd return it after analysis. Windscribe disclosed the incident publicly on X. Dutch police have issued no statement and referenced no judicial warrant.
Read more
Moltbook, a social media platform for AI agents, exposed its entire production database containing user secrets and personally identifying information within days of launch. The creator bragged on X that AI wrote all the code. Researcher Gal Nagli found the database API key exposed on the front end in minutes.
Read more
Former Google engineer Linwei Ding was convicted on 14 counts for stealing over 2,000 pages of AI trade secrets and transferring them to Chinese companies. He uploaded confidential files to his personal cloud while secretly founding a Chinese AI startup and pitching investors using stolen Google technology.
Read more
Security researchers found that Bondu's AI dinosaur toys left over 50,000 chat logs exposed to anyone with a Gmail account. Children's names, birth dates, family details, and every private conversation sat on a web portal anyone could access without hacking.
Read more
Anthropic's latest model replicated one of history's costliest breaches using only Bash and Kali Linux. No custom toolkits, no iteration, no external lookups.
Read more
SentinelOne SentinelLABS and Censys discovered 175,000 publicly accessible Ollama AI servers operating without authentication across 130 countries. The servers form a massive unmanaged layer of AI infrastructure running outside corporate security controls.
Read more
Oleg Nefedov, a 35-year-old Russian national, has been added to the EU Most Wanted and INTERPOL Red Notice lists as the alleged leader of Black Basta ransomware. Ukrainian and German authorities identified two Ukrainian accomplices who worked as password crackers for the group.
Read more
Malicious Chrome extensions posing as enterprise productivity tools stole authentication credentials from Workday, NetSuite, and SAP SuccessFactors users. The extensions extracted session cookies every 60 seconds and blocked access to security management pages.
Read more
Amazon stopped 1,800 North Korean operatives from infiltrating its workforce, exposing how remote hiring and broken digital identity systems are being weaponised.
Read more
In a 2023 action, the FTC said Ring allowed employees to spy on private footage and ignored basic security, enabling hackers to hijack home cameras.
Read more
Flock Safety exposed dozens of Condor cameras filming unattended children and lone adults directly to the internet. Predators accessed live video and full archives with no login or trace.
Read more
AI browsers combine instruction-following models with direct access to sensitive systems, creating failure modes vendors admit cannot be eliminated.
Read more
Attackers are using stolen AWS credentials to spin up massive cryptomining workloads within minutes, draining accounts without exploiting any AWS vulnerability.
Read more
Ethical AI depends on consent and accountability. Under state control, AI becomes a system for scaling repression, not protecting rights.
Read more
A Google featured browser extension with millions of users silently intercepted AI chats across major platforms and exported them to analytics servers as a business model.
Read more
A 19 year old breached nine companies and sold 64 million identity records. The real failure is the companies that collected that data in the first place.
Read more
The December patches show a shift. Zero-days no longer live only in Windows. They now live inside IDEs, AI assistants and the autocomplete layer that touches your entire workflow.
Read more
Shanya proves stealth is now a commodity. Ransomware gangs no longer build their own evasion. They rent it and walk straight past EDR tools still relying on a broken Windows trust model.
Read more
A new peer reviewed study shows enormous VPN brands lying about ownership, hard coding encryption keys, and quietly piping user data through insecure tunnels. The rot is systemic and it has been hidden behind Singapore shell companies and marketing gloss.
Read more
Thirty vulnerabilities in AI coding tools show how prompt injection and auto approved actions can escalate into data theft and remote code execution. Every major AI IDE tested was vulnerable.
Read more
Chinese state-linked groups like Earth Lamia and Jackpot Panda exploited CVE-2025-55182 in React Server Components within hours of its December 3 2025 disclosure. This unauthenticated RCE flaw gives attackers full server access without logins
Read more
Petco exposed customer data after a misconfigured app left files accessible online. The real failure is the industry wide habit of collecting information it cannot defend.
Read more
A SonicWall weakness let ransomware actors infiltrate Marquis Software Solutions and extract sensitive data from 74 US banks and credit unions. This attack shows what happens when a single vendor becomes a quiet central point of failure.
Read more
CISA just added an old OpenPLC ScadaBR XSS bug to the KEV list after a pro Russian crew used it in the wild. If your HMI is on the internet with default creds, you are the low hanging fruit.
Read more
The Federal Court issued a five point eight million penalty against Australian Clinical Labs for a breach affecting 223000 people. It confirms that companies guarding sensitive data keep failing while regulators act only after the damage is permanent.
Read more
Researchers scraped 3.5 billion WhatsApp profiles using WhatsApp’s own contact discovery feature. No hack. No breach. Just a system that exposes too much data by design.
Read more
A contractor leaked over seventy thousand government ID images tied to Discord accounts. Safety laws created the target.
Read more