Posts about privacy related news.
SentinelOne SentinelLABS and Censys discovered 175,000 publicly accessible Ollama AI servers operating without authentication across 130 countries. The servers form a massive unmanaged layer of AI infrastructure running outside corporate security controls.
Read more
Signal Foundation president Meredith Whittaker says AI agents embedded in operating systems are destroying the practical security of end-to-end encryption. The agents require sweeping permissions to read messages and access credentials, collapsing the isolation that encrypted messaging relies on.
Read more
Indian government entities were hit by two cyber campaigns in September 2025 using GitHub repositories for command and control. The attacks filtered victims by IP address and delivered backdoors only to Windows users in India.
Read more
The UK House of Lords voted to ban VPN services for anyone under 18. The age verification required puts Britain on the same policy path as China, Russia, and Iran
Read more
Ireland's Communications Bill gives police authority to install spyware on your devices, break encryption before it activates, and track every phone in a given area. The government calls it modernization. It's state-sanctioned hacking.
Read more
The most trusted MCP servers contain exploitable vulnerabilities. Research shows 36.7% of all MCP servers may share the same security flaws found in Microsoft's implementation.
Read more
Google's Fast Pair protocol was designed for one-tap Bluetooth connections. Researchers just proved it also gives hackers one-tap access to hijack your earbuds, activate your microphone, and track your location in under 15 seconds.
Read more
Oleg Nefedov, a 35-year-old Russian national, has been added to the EU Most Wanted and INTERPOL Red Notice lists as the alleged leader of Black Basta ransomware. Ukrainian and German authorities identified two Ukrainian accomplices who worked as password crackers for the group.
Read more
Malicious Chrome extensions posing as enterprise productivity tools stole authentication credentials from Workday, NetSuite, and SAP SuccessFactors users. The extensions extracted session cookies every 60 seconds and blocked access to security management pages.
Read more
The UK government created Pathways, a video game with an extremism meter that tracks children's thoughts. Schools deploy it for kids aged 11-18. Researching immigration statistics increases your score. Prevent referred a triple murderer three times and released him. Now it tracks teenage curiosity.
Read more
X reported 870,000 child abuse cases in 2023. Australia fined them $610,500 and moved on. Grok's AI deepfakes in December 2025 triggered investigations and ban threats within 72 hours.
Read more
Italy fined Apple €98.6 million over App Tracking Transparency, arguing the consent burden fell harder on third party developers while reinforcing ad tracking as the assumed norm.
Read more
Amazon stopped 1,800 North Korean operatives from infiltrating its workforce, exposing how remote hiring and broken digital identity systems are being weaponised.
Read more
Victoria is exploiting a terrorist attack to push anti-democratic laws that restrict speech, suppress protests, and force platforms to identify users.
Read more
Flock Safety exposed dozens of Condor cameras filming unattended children and lone adults directly to the internet. Predators accessed live video and full archives with no login or trace.
Read more
After years of mass data breaches, South Korea is mandating facial verification for SIM cards, shifting identity failure into permanent biometric risk.
Read more
Cisco customers were hit by a China-linked zero-day exploit and a separate VPN brute-force campaign within days, exposing persistent edge security failures.
Read more
US prosecutors destroyed two open source developers after regulators told them no crime existed. This case exposes how far the surveillance state will go to crush privacy tools that work.
Read more
The KimWolF botnet is quietly infecting Android devices at scale by hiding inside trojanised apps and turning phones into invisible infrastructure.
Read more
Attackers are using stolen AWS credentials to spin up massive cryptomining workloads within minutes, draining accounts without exploiting any AWS vulnerability.
Read more
Texas is suing major TV manufacturers for using deceptive tactics to turn smart TVs into surveillance devices without real consumer consent.
Read more
Ethical AI depends on consent and accountability. Under state control, AI becomes a system for scaling repression, not protecting rights.
Read more
A Google featured browser extension with millions of users silently intercepted AI chats across major platforms and exported them to analytics servers as a business model.
Read more
Attackers abused PayPal’s subscription system to send legitimate PayPal emails that falsely claim expensive purchases and push victims toward scam phone numbers.
Read more
A fake torrent claiming to contain a new Leonardo DiCaprio film was used to infect Windows users with Agent Tesla by abusing scripts, shortcuts, and built in system tools.
Read more
Microsoft Recall screenshots your screen by default. Signal responded by blocking Windows from capturing private conversations entirely.
Read more
India is mandating SIM binding for WhatsApp, Signal and Telegram. If your SIM changes, your messages die. This is surveillance, not security.
Read more
The US is moving from checking identities to judging expression. Five years of social media is now being treated as a border requirement.
Read more
A 19 year old breached nine companies and sold 64 million identity records. The real failure is the companies that collected that data in the first place.
Read more
The December patches show a shift. Zero-days no longer live only in Windows. They now live inside IDEs, AI assistants and the autocomplete layer that touches your entire workflow.
Read more
Shanya proves stealth is now a commodity. Ransomware gangs no longer build their own evasion. They rent it and walk straight past EDR tools still relying on a broken Windows trust model.
Read more
The FTC denied SpyFone’s attempt to escape its 2021 ban because nothing changed. SpyFone was stalkerware and the industry still harms real people.
Read more
Thirty vulnerabilities in AI coding tools show how prompt injection and auto approved actions can escalate into data theft and remote code execution. Every major AI IDE tested was vulnerable.
Read more
Chinese state-linked groups like Earth Lamia and Jackpot Panda exploited CVE-2025-55182 in React Server Components within hours of its December 3 2025 disclosure. This unauthenticated RCE flaw gives attackers full server access without logins
Read more
Petco exposed customer data after a misconfigured app left files accessible online. The real failure is the industry wide habit of collecting information it cannot defend.
Read more
Axon is using Edmonton Police to trial face recognition on body cameras. The test builds a biometric pipeline that expands police visibility far beyond live encounters.
Read more
India issued a secret order on 28 November 2025 forcing every phone maker to bake the Sanchar Saathi government app into devices and block users from disabling it. Three days of fury later the mandate is dead.
Read more
A SonicWall weakness let ransomware actors infiltrate Marquis Software Solutions and extract sensitive data from 74 US banks and credit unions. This attack shows what happens when a single vendor becomes a quiet central point of failure.
Read more
Twin brothers Muneeb and Sohaib Akhter spent years hacking private companies and U S government systems. Their schemes show how insider access and basic intrusions cause real damage before nation state actors ever get involved.
Read more
The USPTO wants to cripple inter partes review and make bad patents untouchable. EFF is pushing back because the public needs the power to challenge broken law.
Read more
Flock claims it runs a smart automated safety system but the real work is being done by offshore gig workers reviewing raw footage of Americans.
Read more
After media accusations and law enforcement pressure, GrapheneOS is exiting France entirely and moving infrastructure to Canada.
Read more
Over $262 million has been lost in 2025 alone to account takeover scams, with attackers mimicking bank staff and spoofing websites to steal credentials.
Read more
US states are pushing bills that punish VPN use and force websites to expose users. It looks a lot more like authoritarian censorship than child protection.
Read more
The Federal Court issued a five point eight million penalty against Australian Clinical Labs for a breach affecting 223000 people. It confirms that companies guarding sensitive data keep failing while regulators act only after the damage is permanent.
Read more
A California judge has shut down a decade long program where police used utility smart meter data to scan entire neighborhoods without suspicion. The ruling confirms that mass data sharing by utilities crosses clear legal limits.
Read more
Researchers scraped 3.5 billion WhatsApp profiles using WhatsApp’s own contact discovery feature. No hack. No breach. Just a system that exposes too much data by design.
Read more
Hidden documents show Meta estimates up to 10% of its 2024 revenue comes from scam advertisements and that its platforms display 15 billion “higher risk” scam ads each day.
Read more
The GUARD Act claims to protect kids, but the fine print reveals a mass identity check for every American and a ban on teens using basic digital tools.
Read more
A contractor leaked over seventy thousand government ID images tied to Discord accounts. Safety laws created the target.
Read more