Click any tag below to further narrow down your results
Links
SquareX's research reveals a concealed MCP API in the Comet browser that allows extensions to execute commands and access user devices without permission. This breach of security principles raises concerns about potential exploitation and the lack of transparency surrounding embedded extensions.
Google Chrome's new autofill feature can now store sensitive information like passports and vehicle IDs, making form-filling faster. However, experts warn that this could increase risks if a user's Google account is compromised, as all that data is concentrated in one place. The cybersecurity community advises against storing sensitive information in browsers due to rising malware threats.
Ryan SΞAN ADAMS warns crypto investors to avoid keeping cryptocurrency at home due to the risk of wrench attacks. He advises implementing strict security measures, including using multisig wallets and custodians, to protect digital assets and ensure safety.
The article critiques Zoom's privacy practices and compares them to more secure alternatives like Jitsi. It highlights the risks of using Zoom, including data collection and lack of transparency, while advocating for better security and privacy in online communications.
This article outlines how developers in Japan can use alternative browser engines in iOS apps. It details the requirements for both dedicated browser apps and in-app browsing, including security and privacy commitments developers must meet to gain authorization.
A UK consumer rights group found that air fryer apps are requesting excessive user data, including precise location and voice recordings, raising privacy concerns. The podcast episode explores other consumer devices that collect and share data in unexpected ways, highlighting the commonness of such practices.
Norton Neo is an AI-native browser that prioritizes user privacy by storing data locally and allowing users to control what information is remembered. It aims to streamline browsing with features that reduce clutter and enhance productivity. Users can expect a smooth experience with built-in protection against malicious sites.
Moltbook, a social network for AI agents, suffered a major security breach due to a misconfigured Supabase database, exposing 1.5 million API keys and personal data of 17,000 human users. The incident highlights risks in quickly developed applications without adequate security measures.
A researcher revealed that some private Instagram profiles were exposing links to private photos in their HTML code, accessible to unauthenticated users. Although Meta fixed the issue shortly after being notified, they dismissed it as "not applicable" and did not acknowledge the severity of the vulnerability.
Google is shutting down its dark web reports feature in February. Launched in 2023, the service provided users with lists of partially redacted personal data found on the dark web but proved to have little practical value for security. The company concluded that users cannot effectively act on this information.
PRISM.TOOLS offers a variety of free developer tools that run entirely in your browser, ensuring privacy as your data stays local. It features tools for formatting, security, visual design, and content generation. This platform currently has 38 tools available for use.
The article discusses how to encrypt your Windows PC using BitLocker while avoiding storing recovery keys with Microsoft. It explains the upgrade requirements for Windows 11 Pro and provides step-by-step instructions for encrypting your disk and managing recovery keys securely.
Freedom Chat recently addressed two serious security issues that exposed users' phone numbers and PIN codes. A researcher discovered that phone numbers could be guessed and that PIN codes were visible to others in public channels, prompting a reset of all user PINs and an update to the app.
The article discusses Apple's withdrawal of Advanced Data Protection in the UK due to government regulations, which will limit users' data security. It urges users to move their data out of iCloud and suggests alternatives for secure storage. The author emphasizes the importance of end-to-end encryption and the implications of recent legal changes.
OpenAI's ChatGPT Health aims to provide tailored health advice while raising significant questions about data security and privacy. Users can connect personal medical records, but this could expose sensitive information to third parties. The lack of clarity on regulatory compliance and encryption methods adds to the skepticism surrounding its safety.
This article discusses a tracking method called "supercookie" that uses favicons to create unique identifiers for website visitors. Unlike traditional tracking, this method persists even in incognito mode and cannot be easily cleared by users. It highlights the potential for tracking across major browsers and suggests disabling the favicon cache as a mitigation strategy.
Google hired NCC Group to evaluate its Private AI Compute system, which aims to enhance mobile AI capabilities using cloud resources while maintaining user privacy. The review included two phases: an architecture assessment and a detailed security analysis of various components, involving ten consultants over 100 person-days.
Tor has replaced its old encryption algorithm with a new one called Counter Galois Onion (CGO) to enhance security and protect user anonymity. This upgrade addresses vulnerabilities in the previous system, including tagging attacks and weak forward secrecy, by implementing modern cryptographic techniques.
Mozilla is rolling out improved anti-fingerprinting measures in Firefox 145, initially available in Private Browsing Mode and Enhanced Tracking Protection Strict mode. These updates aim to reduce the number of users who can be uniquely tracked online, now down to 20% by blocking various identifiers while balancing usability for legitimate sites.
Researchers found a significant security flaw in WhatsApp that allowed hackers to easily access phone numbers and some profile information for all 3.5 billion users. Despite being warned about the issue since 2017, Meta only implemented a fix in October 2023. Users are urged to review their privacy settings to protect their information.
This article investigates the data sent by seven popular AI coding agents during standard programming tasks. By intercepting their network traffic, the research highlights privacy and security concerns, revealing how these tools interact with user data and potential telemetry leaks.
Apple introduced a new feature that limits precise location data shared by iPhones and iPads with cell carriers, making it harder for law enforcement and hackers to track users. This feature is available on select models and does not impact location data shared with apps or emergency services.
WhatsApp has launched a new feature called Strict Account Settings, which allows users to enhance their privacy with a single toggle. This mode restricts various functionalities, making users less visible and enabling stronger security measures. Additionally, Meta has replaced an old media-handling library with a new one built in Rust for better security.
Pornhub has alerted Premium members about potential sextortion emails following a data breach at a third-party analytics provider. While no passwords or payment info were leaked, users should be vigilant for blackmail attempts and follow safety guidelines if they receive suspicious emails.
Fence is a tool that wraps commands in a sandbox, blocking network access by default and allowing configurable filesystem restrictions. It's useful for executing semi-trusted code safely, making it ideal for package installations and CI jobs. The tool also integrates with various coding agents to enhance security.
The article discusses the evolution of stablecoins and their impact on financial services. It highlights lessons learned from failures like Synapse and emphasizes the advantages of stablecoins in providing global reach, transparency, and agentic finance. The author urges the industry to innovate beyond traditional fintech models.
DoorDash reported a data breach in October 2025, revealing that an unauthorized party accessed user contact information including names, addresses, and phone numbers. The breach resulted from a social engineering scam targeting a company employee, and affected users in Canada, with potential implications for others in the U.S.
The Electronic Frontier Foundation is urging major tech companies to implement end-to-end encryption (E2EE) by default to enhance user privacy amid rising AI use. They argue that users should not have to opt in for security features that protect their data from third parties. The campaign highlights the urgency of these measures as AI complicates privacy concerns.
Microsoft is rolling out smartphone-like app permission prompts in Windows 11, allowing users to control access to sensitive resources like files and cameras. This change aims to enhance user consent and privacy, addressing issues with apps overriding settings or installing unwanted software. The updates are part of the Secure Future Initiative following a recent security breach.
Starting December 15, H-1B visa applicants must make their social media profiles public for visa interviews, exposing them to security threats. This policy could lead to doxxing, making applicants and their families vulnerable to foreign adversaries.
The article discusses the challenges and implications of privacy in the context of public blockchains, highlighting the tension between transparency and confidentiality in decentralized systems. It emphasizes the need for effective privacy solutions to protect user data while maintaining the integrity of blockchain technologies.
Microsoft is testing its AI-powered Windows Recall feature, which allows users to take snapshots of their active windows for easier searching of content, with a rollout to Windows 11 Insiders. Concerns over privacy led to enhancements including opt-in functionality and security measures like Windows Hello authentication. The feature is designed to help users manage snapshots while ensuring sensitive information is filtered out.
WhatsApp has introduced advanced privacy features that allow users to control who can see their last seen status, profile photo, and about information. These updates aim to enhance user privacy and provide more options for managing visibility within the app. Additionally, WhatsApp emphasizes its commitment to user security with end-to-end encryption for messages.
The roadmap outlines practical steps to enhance privacy for Ethereum users with minimal consensus changes, focusing on on-chain payment privacy, anonymization of application activity, and secure RPC interactions. Key proposals include integrating privacy tools into wallets, adopting one address per application, and improving RPC privacy through advanced technologies like TEE and PIR. Ultimately, the goal is to create a landscape where private transactions are the default and user activities across applications remain unlinked.
The article discusses the advancements in privacy infrastructure at Facebook, particularly focusing on how they are scaling their security measures to support generative AI product innovation. It highlights the importance of integrating robust privacy protocols to enhance user trust and comply with regulatory standards.
Rainwalk, a pet insurance provider, has reportedly exposed sensitive customer data related to 158,000 pets, including personal and medical information. This data breach raises significant concerns about privacy and data security within the pet insurance industry as affected customers face potential identity theft and fraud risks.
The article explores the state of Iran's internet infrastructure and censorship practices from the perspective of Censys, highlighting the challenges faced by users in accessing information and the implications for privacy and security. It discusses the technical and political factors that shape the online environment in Iran, emphasizing the need for improved transparency and access to information.
Meta has addressed a significant bug that risked exposing users' AI prompts and the content generated by those prompts. This vulnerability raised concerns about user privacy and data security within Meta's AI tools. The fix aims to enhance trust in the platform as it continues to develop AI capabilities.
Proton has released Proton Authenticator, a free and open-source two-factor authentication app available across multiple platforms, including Windows, macOS, Linux, Android, and iOS. Designed with a focus on privacy and security, it generates time-based one-time passwords and offers features like encrypted backups, biometric app locking, and easy import/export options. This new tool aims to provide a secure alternative to existing authentication apps that often rely on closed-source models and user lock-in.
A security flaw in the covert surveillance app Catwatchful exposed sensitive data, including email addresses and passwords, of 62,000 users due to a SQL injection vulnerability. While the app is marketed for parental monitoring, its stealth features raise concerns about misuse for malicious purposes.
A hard-coded API key was discovered in an AI note-taking app, leading to the exposure of users' private meeting transcripts. This vulnerability raises significant concerns about data security and user privacy within the application. Immediate actions are needed to address and rectify such security flaws to protect user information.
A company known for selling spyware to monitor sex offenders has reportedly suffered a data breach, exposing sensitive information. The hack raises concerns about the security measures in place for companies dealing with sensitive data related to criminal monitoring.
YouTuber Jeff Geerling challenged viewers to de-pixelate a heavily obscured section of his video, which was intended to protect private information. Within hours, a developer successfully restored the hidden content using frame extraction techniques, highlighting the weaknesses of pixelation as a privacy measure.
The UK government has decided to drop its demands for tech companies, including Apple, to provide encryption backdoors that would allow law enforcement access to encrypted communications. This move reflects a shift in the government's approach to balancing privacy and security in the digital age. The decision comes amid ongoing debates about the implications of encryption for public safety and privacy rights.
A security breach has exposed user data from VirtualMacOSX.com, potentially affecting numerous users who utilized the service. The compromised data includes sensitive information, raising concerns about user privacy and security measures in place. Users are advised to monitor their accounts and take necessary precautions.
Notorious image board 4chan has been hacked, resulting in the leak of sensitive internal data. The breach raises concerns about user privacy and security on the platform, which has a history of controversial content and activities. Investigations are underway to assess the extent of the damage and the implications for its users.
The article discusses a complex topic related to technology and its implications on society, touching upon various aspects such as privacy, security, and ethical considerations. It highlights the ongoing debates and challenges that arise from advancements in tech, emphasizing the need for awareness and proactive measures to address potential issues.
Pistachio offers automated, personalized tools for IT admins and end users, integrating seamlessly with Microsoft SSO for quick setup. It prioritizes user privacy while providing essential security training and insider threat detection, ensuring safety without intrusive monitoring.
The article discusses recent leaks related to Google's phone models, highlighting security vulnerabilities and concerns regarding data privacy. It emphasizes the implications these issues may have for users and the potential impact on Google's reputation in the tech industry.
Google has resolved a critical bug that posed a risk of inadvertently exposing users' private phone numbers through its services. The company acted quickly to patch the vulnerability after it was discovered, ensuring that user privacy is maintained.
Fully Homomorphic Encryption (FHE) enables computations on encrypted data without decryption, potentially transforming internet privacy by keeping user data encrypted at all times. Despite current limitations in speed and efficiency, rapid advancements suggest FHE could soon support secure cloud computing and confidential transactions, shifting the paradigm from data harvesting to user privacy.
Apple has alerted a developer that their iPhone was targeted with government spyware, highlighting concerns over privacy and security. This incident raises questions about the extent of surveillance and the measures tech companies are taking to protect users from such threats.
Nearly 1 million browsers have been turned into website scraping bots through 245 browser extensions that override security protections, according to researcher John Tuckner. These extensions, which serve various functions, incorporate the MellowTel-js library to monetize their use by scraping websites for paying clients, including AI startups, while raising concerns about user privacy and security.
A browser hijacking campaign has infected 2.3 million users of Chrome and Edge through malicious extensions that started as legitimate tools. These extensions, which include features like color pickers and emoji keyboards, were later updated to include malware that tracks user activity and redirects browser sessions. Microsoft has removed the extensions from its store, but Google has not yet responded to the incident.
The conversation with Cloudflare's Matthew Prince explores the future of the internet's business model, discussing the implications of privacy, security, and the evolution of online services. Prince emphasizes the importance of adapting to changing user expectations and the need for innovative approaches to sustain growth in the tech industry.
OpenAI is enhancing its security measures to protect its systems from unauthorized access and ensure user privacy. The new protocols aim to deter potential threats and safeguard sensitive information in an increasingly scrutinized tech landscape.
Granting AI access to personal data raises significant privacy and security concerns that individuals should carefully consider. The potential risks associated with data exposure can outweigh the benefits of enhanced AI functionalities. Users are encouraged to think critically about the implications of sharing their information with AI systems.
The article discusses how Meta leverages advanced data analysis techniques to understand and manage vast amounts of data at scale. It highlights the methodologies and technologies employed to ensure data security and privacy while enabling efficient data utilization for various applications.
Florida's proposed law mandates encryption backdoors for social media accounts, raising concerns among experts who label it as both dangerous and misguided. Critics argue that such measures undermine user security and privacy, potentially exposing sensitive information to malicious actors. The law has sparked a broader debate about the implications of government interventions in digital privacy.
Google Chrome has introduced a new feature that prevents browsing history leaks by partitioning link history, allowing links to turn purple only for previously visited sites while keeping them blue on malicious sites. This update aims to enhance user privacy and prevent exploitation by malicious websites.
The U.S. House of Representatives has banned the use of WhatsApp on government devices due to security concerns. This decision reflects ongoing worries about data privacy and the potential for foreign interference through widely-used messaging applications. Agencies are now required to use alternative communication methods that meet security standards.
The article discusses Twitter's new encrypted messaging feature, highlighting its potential impact on user privacy and communication security. It examines the challenges and implications of implementing encryption on a platform with a vast user base, as well as the broader context of encryption in social media.
A significant data breach at Mango has exposed sensitive customer information, raising concerns about privacy and security. Investigations are ongoing to determine the full extent of the breach and its implications for affected users. Customers are advised to take precautions to safeguard their personal data in the wake of this incident.
The article provides an in-depth analysis of VPNs, explaining their purpose, how they work, and the various types available. It discusses the benefits and limitations of using VPNs for privacy and security online, addressing common misconceptions and offering tips for choosing the right service.
The article appears to discuss updates and features in Firefox version 144, including enhancements to performance, security, and user experience. It highlights Mozilla's commitment to maintaining user privacy and improving browsing efficiency. Specific details about new tools and functionalities may also be included.
Apple has issued notifications to new victims of spyware attacks worldwide, highlighting the ongoing threat posed by advanced surveillance technologies. The company is taking steps to inform affected users and enhance security measures to protect their devices from such intrusions.
Cline explains its decision not to index users' codebases, emphasizing the importance of privacy and security for developers. By not indexing code, Cline seeks to foster a more secure environment where users can work without the fear of exposing sensitive information. This approach ultimately benefits developers by allowing them to focus on their coding without concerns over data breaches.
My Privacy DNS is dedicated to compiling and organizing information on blacklisted domains to enhance online privacy through its Matrix project, which acts as a DNS firewall. Key features include an anti-porn list for parental control, a structured submission process for problematic websites, and a commitment to providing accurate and secure domain management. Contributions to the project are welcomed to support its ongoing development and maintenance.
Fake TikTok and WhatsApp apps have surfaced on Android, posing as legitimate applications but actually containing Clayrat spyware. Users who download these apps risk their personal data being compromised, as the spyware can capture sensitive information and track activities. It is crucial for users to be vigilant and verify app authenticity before installation.
1Password emphasizes the importance of security in AI integration, outlining key principles to ensure that AI tools are trustworthy and do not compromise user privacy. The principles include maintaining encryption, deterministic authorization, and auditability while ensuring that security is user-friendly and effective. The company is committed to creating secure AI experiences that prioritize privacy and transparency.
Pakistanis are being urged to change all their passwords immediately following a significant global data breach that has compromised numerous accounts. Authorities recommend enhancing security measures to protect personal information from potential exploitation.
FreeVPN.One, initially a trusted VPN, has been caught secretly capturing users' screens and sensitive information without consent through a series of updates that expanded its permissions and functionality. Despite claiming to protect user privacy, the extension employs deceptive practices to surveil users, raising serious concerns about security in browser marketplaces. The article highlights the risks associated with malicious extensions and the need for better oversight in software security.
Over 40,000 security cameras worldwide are accessible via the internet, allowing potential hackers to exploit them for spying and other malicious activities. The cybersecurity firm Bitsight warns that these cameras, often used in homes and small offices, are at risk due to inadequate security measures, making them targets for cyberattacks. Users are advised to implement stronger security practices to protect their devices.
A new tea app aimed at men is reportedly leaking personal data, including users' driver's licenses. Concerns have been raised about the app's security measures and the potential risks to user privacy. Experts are calling for immediate investigations and stronger data protection regulations.
AT&T has reached a settlement regarding data breaches that occurred between 2019 and 2024, which affected customer data and privacy. The agreement addresses compensation for affected individuals and outlines measures to enhance data security moving forward.
Researchers from King's College London warn that large language model (LLM) chatbots can be easily manipulated into malicious tools for data theft, even by individuals with minimal technical knowledge. By using "system prompt" engineering, these chatbots can be instructed to act as investigators, significantly increasing their ability to elicit personal information from users while bypassing existing privacy safeguards. The study highlights a concerning gap in user awareness regarding privacy risks associated with these AI interactions.
The article discusses methods of spying using Chromium-based browsers, specifically focusing on the vulnerabilities that allow screensharing without user consent. It highlights the technical aspects of how these exploits work and the potential privacy implications for users. The piece serves as a cautionary reminder of the importance of browser security and user awareness.
Brosix and Chatox, two messaging platforms, failed to uphold their promises of secure communication, exposing users' chats to potential breaches. This raises concerns about the reliability of privacy assurances from messaging services.
The article appears to be corrupted and does not contain readable content. As such, it is not possible to summarize the main points or themes of the intended discussion regarding security measures or practices. Further analysis or access to a different version of the content may be required to provide a summary.
The article discusses methods to obscure command and control (C2) traffic using platforms like Discord and Slack. It explores the potential of these applications to serve as covert channels for communication, thereby enhancing security and privacy for users involved in sensitive activities. Techniques for effectively utilizing these platforms are also examined.
A security vulnerability in the Verizon Call Filter iOS app allowed unauthorized access to the call history of any Verizon customer by manipulating network requests, raising significant privacy and safety concerns for vulnerable individuals. The flaw was reported and promptly fixed by Verizon, highlighting the importance of securing sensitive user data in telecommunications.
The article discusses concerns regarding pre-installed apps on the Ulefone Kruger smartphone, highlighting potential security risks and privacy issues associated with these apps. Users are advised to be cautious about the data these applications may access and the implications for personal security.
The article discusses the recent discovery of popular Chrome extensions that are leaking user data through unencrypted connections. This raises concerns about user privacy and the security of sensitive information while using these extensions. Users are advised to be cautious and consider the risks associated with such tools.
The article discusses zkPDF, a tool designed to unlock verifiable data in PDF documents using zero-knowledge proofs. It highlights how zkPDF enhances privacy and security by enabling users to confirm the authenticity of data without revealing sensitive information. The focus is on the potential applications of this technology in various sectors, emphasizing its importance in maintaining data integrity and confidentiality.
Brave Software's browser will block Microsoft's Windows Recall feature from capturing screenshots of its windows by default to enhance user privacy. This decision follows criticism of Windows Recall for potentially exposing sensitive user data, and Brave aims to prevent browsing history from being inadvertently stored. Users can still enable Recall through Brave's settings if desired.
Google announced that the Pixel 10 series will incorporate C2PA Content Credentials, enhancing digital media transparency by securely attaching provenance information to images captured with the Pixel Camera. This initiative aims to differentiate between AI-generated and non-AI content, ensuring user privacy and trust through robust security measures and unique certificates for each image. The Pixel 10 is the first to achieve Assurance Level 2 under the C2PA Conformance Program, making it a leader in secure media provenance on mobile devices.
A new attack known as "pixnapping" has emerged, targeting Android devices by using pixel-stealing techniques to access sensitive information. This method allows attackers to manipulate the display output, potentially compromising user data without their knowledge. Users are advised to remain vigilant and update their security measures to protect against this threat.
Vodafone GmbH has been fined €45 million ($51.4 million) by Germany's data protection authority for privacy and security violations, including fraud committed by employees of partner agencies and vulnerabilities in its authentication systems. The company has since revamped its processes, severed ties with fraudulent partners, and cooperated fully with the investigation. Vodafone has also donated to organizations focused on data protection and media literacy.
Choosing the right VPN involves understanding its limitations and realistic benefits, such as bypassing internet censorship and securely accessing corporate networks. While VPNs can enhance privacy by masking your IP address, they do not guarantee complete anonymity or protection from all security threats. Key factors to consider when selecting a VPN include the provider's claims, trustworthiness, and business model.
Bugfish Nuke is a Windows tool designed for emergency data deletion, allowing users to securely erase sensitive files and system traces with customizable overwrite options. It features an advanced function to lock out system access by corrupting Windows login files, and includes user-friendly elements like customizable audio notifications during the deletion process. Users are warned against misuse and encouraged to comply with legal guidelines while using the tool.
The article reviews the cryptographic techniques employed by the Signal messaging app, highlighting its commitment to user privacy and security. It delves into the specific algorithms and protocols that underpin Signal's encryption, emphasizing the importance of robust cryptography in protecting user communications. Additionally, it discusses potential vulnerabilities and the app's response to security challenges.
Researchers have discovered a vulnerability in computer mice that allows attackers to eavesdrop on conversations by exploiting the way these devices communicate with computers. The technique, dubbed the "mic-e-mouse attack," highlights potential security risks associated with everyday peripherals, raising concerns about privacy and data protection.
A significant data breach at the Australian Human Rights Commission has resulted in the exposure of personal information, raising concerns about data security and privacy. The incident highlights vulnerabilities in handling sensitive information and the potential risks to individuals affected by the breach.
Satellites have been found to expose unencrypted data, revealing sensitive information including phone calls and some military communications. This security vulnerability raises significant concerns about privacy and data protection in satellite communications.
Google is introducing a new security feature for Android devices that automatically reboots locked devices after three days of inactivity, enhancing protection against data extraction by forensic tools. This update aims to keep user data encrypted in the Before First Unlock (BFU) state for longer periods, complicating unauthorized access during forensic investigations. Users can obtain the update through the Google Play store, though it will be rolled out gradually.
The article discusses the recent controversy surrounding Proton Mail, specifically regarding the treatment of journalist accounts during a police investigation. It highlights concerns about user privacy and the implications for press freedoms, as well as the measures Proton Mail is taking to address these issues and improve its service for journalists.
An Italian businessman has reportedly had his phone targeted by Paragon spyware, raising concerns about privacy and security in digital communications. The incident highlights ongoing issues related to surveillance technology and its implications for individuals in business and politics.
Device fingerprinting creates a unique identifier for each device by collecting diverse signals from its hardware and software, which persists even after clearing browsing data. This technology is crucial for security applications such as bot detection, fraud prevention, and enhanced authentication, but it raises privacy concerns that necessitate responsible implementation and transparency.
A new malware, identified as CL-STA-0969, has been discovered that covertly installs itself on targeted systems, posing a significant threat to users' security and privacy. Researchers warn that this malware is capable of evading detection by traditional antivirus software, making it particularly dangerous. Users are advised to enhance their security measures to protect against this emerging threat.
The article discusses the security risks associated with AI browser agents like OpenAI's ChatGPT Atlas and Perplexity's Comet, which offer advanced web browsing capabilities but pose significant privacy threats. Cybersecurity experts warn of vulnerabilities, particularly prompt injection attacks, which can compromise user data and actions. While companies are developing safeguards, the risks remain substantial as these technologies gain popularity.