Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Hidden 4GB AI Model Found Downloading Through Google Chrome

  In what appeared to be a routine background update within Google Chrome, privacy researchers have raised concerns over a potentially probl...

All the recent news you need to know
Vehicle Surveillance
Connected cars Cyber Security Data collection Smart Car Privacy Vehicle Surveillance

Your Car Is Spying on You—and It’s About to Get Worse

 

Cars used to be simple machines that carried people from one place to another. Today, they are rolling computers packed with sensors, microphones, cameras, GPS receivers, and internet connections. That shift has turned the modern vehicle into a powerful data collector, often recording far more than location or mileage. For many drivers, the unsettling part is not just that cars gather information, but that the process is now built into the way many features work. 

The data collected can be surprisingly intimate. Depending on the brand and model, cars may track where you go, how fast you drive, when you brake, what entertainment you use, and even physical or behavioral cues such as voice commands, seat settings, facial expressions, or body weight estimates. Some systems can also log passengers and nearby devices, creating a broad picture of who is in the car and how they behave. What makes this especially worrying is that drivers often do not see the full extent of what is being gathered. 

The bigger issue is what happens after the data is collected. Privacy policies can allow manufacturers, service providers, insurers, advertisers, and other third parties to access or share the information. In practice, opting out may be difficult or impossible because many connected features depend on data collection to function. That means consumers may face a trade-off between convenience and privacy, often without realizing how much personal information they are giving away. 

This is why the debate around connected cars is no longer just about safety or convenience. It is also about consent, transparency, and accountability. Drivers may assume their vehicle is a private space, but modern software can turn it into a monitoring platform. As automakers add more digital services, remote controls, and subscription features, the amount of data generated by each trip is likely to grow even further. 

The lesson is simple: buying a car now involves more than checking the engine, fuel economy, or price. It also means understanding the privacy cost of connected technology. Drivers should review data settings, read privacy terms carefully, and think about which features are worth the information they reveal. In the era of smart vehicles, the road ahead is not only about mobility; it is also about who gets to see your life along the way.
Read more »
WhatsApp Security
AI Data Privacy cybersecurity news Encrypted AI Chat End To End Encryption Meta AI Privacy Secure Messaging Trusted Execution Environment WhatsApp Security

Meta’s New Encrypted AI Chat Strategy Faces Trust Challenges


 

A significant structural change in consumer chatbot privacy has taken place over the past two years since Meta launched Incognito Chat with Meta AI on 13 May 2026. As a result of this announcement, the architecture Christakis has been referring to as Sealed Mode in Part 1 of his study on consumer chatbot confidentiality has become a mass-market product and no longer remains a research aspiration. 

The Meta AI app allows WhatsApp users to communicate with the provider in a mode that does not allow Meta to read the conversation, in a similar fashion to the way Meta cannot read two user WhatsApp messages. 

The protection is architectural rather than contractual: Meta has renounced access to content through its hardware design in a Trusted Execution Environment where the chat is processed. Furthermore, the announcement comes as legal and regulatory scrutiny grows on how artificial intelligence providers retain conversational data and respond to law enforcement demands. 

In spite of Google's statement that temporary Gemini chats may be retained for up to 72 hours, OpenAI and Anthropic maintain substantially longer retention periods for temporary and incognito interactions, with ChatGPT sessions and Claude sessions reportedly remaining available for at least 30 days. It has become increasingly necessary to maintain these retention practices since chatbot logs have been used as evidence in numerous high-profile legal cases, including investigations relating to the mass shootings at Tumbler Ridge and Florida State University, as well as a court order requiring indefinite storage of certain ChatGPT conversations in The New York Times litigation. 

Additionally, Google is facing litigation regarding allegations that Gemini encouraged a series of “missions” preceding the death of a 36-year-old man. Meta is positioning Incognito Chat to distinguish itself from conventional cloud AI architectures against this backdrop. Using Meta AI, the company has extended the company's existing Private Processing framework originally deployed within WhatsApp for AI-driven summarization and writing tools directly into conversations with users. This eliminates the previous model of prompts leaving WhatsApp's encrypted channel and reaching Meta's server infrastructure during processing, eliminating the problem. 

Using Incognito Chat, Meta claims that conversations are processed within a Trusted Execution Environment where neither Meta nor WhatsApp has access to plaintext conversation history, while all contextual memory is removed once a session is completed. A web search initiated by Meta AI is also detached from user identity metadata and can be disabled completely by the user at launch. At launch, Meta will provide text-only interactions, with an upcoming "Side Chat" feature that will enable users to privately assist within an active WhatsApp conversation without interrupting the encryption thread. 

Through the new model, Meta AI users will be able to initiate Incognito Chat sessions where they will be able to conduct temporary encrypted interactions. These interactions will be processed in an isolated, secure computing environment whose operations are even inaccessible to Meta AI's internal systems, according to Meta AI. 

By design, Meta says these sessions are ephemeral, with conversations neither being stored nor retained by default following their conclusion. The feature is positioned in a way similar to transient secure messaging rather than conventional cloud-based AI assistance. In the near future, this capability will be available both through WhatsApp and Meta AI's standalone application, along with another privacy-focused feature internally referred to as Sidechat. 

With Sidechat, users will be able to use Meta AI discreetly within an active WhatsApp conversation to summarize exchanges, answer contextual questions, and provide assistance with ongoing conversations without interrupting or exposing the primary encrypted chat thread by invoking Meta AI discreetly within an active conversation. Meta officially stopped supporting end-to-end encrypted direct messages on Instagram less than one week before the rollout, which has increased industry scrutiny.

According to Instagram's support documentation, encrypted direct message functionality will cease on 8 May, and users are advised to export any media or conversations they wish to keep. Users seeking encrypted communication were immediately redirected to WhatsApp, which was explicitly referred to as Meta's sole remaining end-to-end encrypted messaging platform. 

Following the Instagram encryption rollback, a spokesperson from the company indicated that limited adoption prompted the rollback, stating that only a small percentage of users enabled encrypted direct messages, but stressed that WhatsApp's infrastructure could still be used by those who needed encrypted communication.

Meta’s Incognito Chat initiative ultimately represents more than a new privacy feature it signals a broader shift in how major AI platforms are attempting to redesign trust at the infrastructure level rather than through policy language alone. By combining encrypted messaging pathways with Trusted Execution Environment-based processing, Meta is testing whether consumer AI systems can operate with reduced provider visibility while still delivering real-time contextual assistance at scale. 

Yet the rollout also exposes the growing contradiction at the center of the AI industry: as chatbot interactions become increasingly personal, legal demands for data retention, safety monitoring, and platform accountability continue to expand in parallel. Whether Meta’s architecture can withstand both regulatory pressure and public skepticism may determine how future AI communication systems balance usability, privacy, and operational transparency.
Read more »
Malware attacks
AI Chatbot ChatGPT. OpenAI Cyber Attacks Digital Supply Chain Risk Hacker attack Malicious Software Malware attacks

OpenAI Confirms Employee Devices Hit in TanStack Supply Chain Malware Attack

 

A recent software supply-chain breach impacted several companies after hackers targeted widely used open-source tools. Among those affected was OpenAI, where compromised employee devices provided limited access to internal systems. At the center of the attack stood TanStack, a framework heavily relied upon for building websites and integrated across countless technology environments worldwide. Its broad adoption allowed the threat to spread far beyond a single platform. 

OpenAI stated that no customer information, production systems, intellectual property, or software releases were compromised. However, attackers did access a limited number of internal code repositories linked to employees whose systems had previously been infected. The company described the exposure as narrow in scope. 

The incident surfaced after TanStack disclosed that hackers had uploaded 84 malicious software updates within a six-minute period. Security researchers reportedly identified the suspicious activity within roughly twenty minutes, helping reduce broader impact. The compromised packages were designed to steal credentials from infected devices and quietly spread across connected systems. 

Although the breach exposed only a small amount of authentication material, OpenAI responded by rotating cryptographic certificates tied to the affected repositories. Some users running OpenAI applications on Apple devices may need updated installations following the security changes. OpenAI also stated that investigations found no evidence of altered production software or persistent threats within its operational infrastructure. Core systems reportedly remained secure throughout the incident. 

The identity of the attackers remains unknown. Researchers say open-source ecosystems are increasingly becoming targets because of how deeply they are embedded across modern technology stacks. Instead of attacking organizations directly, hackers compromise trusted software components and distribute malicious code through official update channels. 

One successful breach can therefore impact numerous downstream users simultaneously. Security analysts have linked similar tactics to multiple cyber threat groups over the past year. In March, North Korean-linked hackers reportedly compromised Axios to distribute malware capable of affecting large numbers of developers. More recently, suspected Chinese threat actors targeted Windows users through altered installers connected to DAEMON Tools. 

Supply-chain compromises have become particularly dangerous because developers routinely trust updates delivered through official repositories and package managers. Once malicious code enters legitimate distribution systems, organizations may unknowingly install infected software while assuming it is safe. Cybersecurity professionals warn that attacks targeting open-source infrastructure will likely continue increasing as businesses depend more heavily on shared frameworks, collaborative development tools, cloud services, and AI-powered systems. 

The same openness that accelerates innovation also creates opportunities for attackers to exploit weak points at scale. The latest incident highlights how even highly advanced technology companies remain vulnerable when trusted third-party tools are compromised. Security experts are now urging stronger oversight across software supply chains, including stricter dependency validation, improved monitoring, and deeper review of external code before deployment into production environments.
Read more »
stolen data
BWH Hotels Data Breach Login Credentials scams stolen data

BWH Hotels Confirms Cyberattack Exposed Customer Reservation Information

 



BWH Hotels, the parent company of hotel brands including Best Western Hotels & Resorts, WorldHotels, and SureStay Hotels, has disclosed a cybersecurity incident that exposed sensitive guest reservation data.

The company recently began notifying affected individuals after detecting unauthorized access within its systems earlier this year. According to the breach notification, BWH Hotels discovered the incident on April 22, 2026. The organization said attackers managed to obtain customer information stored within a web application connected to hotel reservations.

The stolen data reportedly includes customers’ names, email addresses, phone numbers, and home mailing addresses. Reservation-related details were also accessed, including booking confirmation numbers, stay dates, and special requests submitted by guests during reservations.

While the company did not reveal how many individuals were impacted, the exposed information appears to cover records generated between October 14, 2025, and April 22, 2026. BWH Hotels also did not specify how long the attackers may have remained inside its systems before the intrusion was identified.

According to the company’s Chief Technology Officer Bill Ryan, the attackers exploited a weakness in a web-based application that stored certain guest reservation information. However, the company stated that the compromised environment did not contain customers’ payment card details or banking information.

After identifying the intrusion, BWH Hotels said it immediately disabled the affected application and blocked the unauthorized access. The company also confirmed that external cybersecurity specialists were brought in to assist with the investigation, incident response, and additional security improvements.

Ryan further warned customers to remain cautious when receiving unexpected communications related to hotel reservations or travel bookings. Cybercriminals frequently use stolen reservation data to launch convincing phishing campaigns by impersonating hotels, travel agencies, or customer support teams.

The company advised customers not to respond to suspicious emails, text messages, WhatsApp messages, or phone calls requesting payments, login credentials, security codes, or verification details, even if those communications appear to reference an upcoming reservation or a BWH Hotels property. Customers were also encouraged to visit official websites directly instead of clicking links sent through messages.

Cybersecurity experts have repeatedly warned that hospitality companies remain attractive targets for attackers because hotel reservation systems store large volumes of personal information connected to travel activity. Even when financial records are not exposed, reservation data can still be valuable for social engineering scams, identity fraud, and targeted phishing operations.

In recent years, researchers have observed a rise in travel-related phishing schemes where attackers use stolen booking information to send fake payment requests or fraudulent reservation updates. Because these messages often contain real travel dates or hotel details, victims may find them more believable than ordinary scam attempts.

BWH Hotels operates approximately 4,300 properties across more than 100 countries and generates annual revenue exceeding $8.5 billion, making it one of the largest hospitality groups globally. The company has not publicly attributed the incident to any specific threat actor, and it remains unclear whether additional customer information may have been affected as the investigation continues.

Read more »
Cyber Security
Ad Data Privacy AI Chatbot AI Privacy AI Security chatbot security Cyber Privacy Cyber Security

WhatsApp Incognito AI Chats Raise Privacy and Accountability Concerns

 

Private AI chats are now arriving on WhatsApp through a new incognito mode where conversations disappear once they end. Neither users nor Meta will retain copies of these exchanges, according to the company. Executives say the feature was designed for sensitive discussions involving health, finances, relationships, or personal struggles, where users may not want permanent records stored online. 

Unlike most AI systems that retain chat history for moderation, improvements, or future model training, Meta claims these AI conversations will not be saved on company servers at all. CEO Mark Zuckerberg described it as one of the first major AI systems built without maintaining conversation logs. According to Will Cathcart, many users feel uncomfortable sharing private information when companies can later review chat histories. 

To address this, the new setting automatically erases AI discussions after completion, leaving no retrievable record behind. Although WhatsApp says the feature provides protections similar to end-to-end encryption, the company acknowledged the underlying technology differs from the encryption used for regular WhatsApp messages. Meta nevertheless maintains that users should expect comparable privacy safeguards while interacting with AI tools. 

Despite the stronger privacy focus, cybersecurity experts warn the system could create accountability challenges. Alan Woodward from the University of Surrey noted that while the feature is unlikely to weaken WhatsApp’s broader security infrastructure, disappearing AI chats could make it difficult to investigate harmful responses or dangerous recommendations generated by the chatbot. Companies including OpenAI and Google have already faced legal scrutiny tied to allegations that AI conversations contributed to emotional harm, unsafe behavior, or psychological distress. 

If AI chats vanish permanently, neither users nor Meta may be able to review what was said during critical interactions. Experts also warn that disappearing chat histories may reduce transparency around misinformation, moderation failures, or unsafe advice shared privately by AI systems. Without stored records, proving what responses were generated during sensitive moments becomes far more difficult. Meta says additional safety protections are still being developed. 

Initially, the incognito mode will support only text conversations rather than image processing, while stricter moderation guardrails are expected to block prompts considered harmful, illegal, or dangerous. The feature also reflects Meta’s broader push to integrate AI across Instagram, Facebook, and Messenger. Despite criticism from some users after Meta AI was added to WhatsApp without a full removal option, the company continues aggressively expanding its AI ecosystem. 

Industry analysts say Meta’s growing investment in AI infrastructure is tied to intense competition across the technology sector. The company is expected to spend heavily on artificial intelligence throughout 2026 to improve advertising systems, shopping features, and user engagement tools. Investors, however, remain cautious about whether those enormous investments will ultimately generate long-term returns. 

WhatsApp’s disappearing AI conversations highlight an increasingly important debate surrounding privacy and accountability. While users may value confidential AI interactions, experts warn that removing all conversation records could also make it harder to investigate misuse, harmful outcomes, or dangerous AI behavior later on.
Read more »
User Privacy
Cyber Security Meta Meta Glass Smart Glasses User Privacy

Meta Smart Glasses Secretly Film Women: Privacy Invasion Crisis Explained

 

Smart glasses are moving from novelty to mainstream, and Meta’s Ray-Ban model is leading the market. The BBC says Meta accounts for about 80% of sales in the smart-glasses category, helped by the familiar Ray-Ban design and the addition of a built-in camera, speakers, and AI features. That combination has made the product appealing to early adopters who want hands-free music, calls, photos, and information on the go. 

But the same features that make smart glasses attractive also make them controversial. The report describes women being filmed without their knowledge by men wearing the glasses, often in everyday settings such as beaches, shops, and sidewalks. Those videos can later appear online and attract harassment, while the people recorded may not even realize it happened until much later. 

Privacy concerns are not limited to casual misuse. The report says some wearers have been surprised to discover what their glasses were recording, while lawsuits have also been filed over videos captured through the devices and used for AI training. In addition, experts quoted in the report warn that if smart glasses become common, it may become much harder to enforce norms around sensitive places like courthouses, hospitals, museums, and bathrooms. 

Meta says the glasses are designed with privacy in mind and that users should behave responsibly. The company’s spokesperson told the BBC that it has teams focused on limiting misuse, but also argued that the ultimate responsibility lies with individual users. Even so, the report notes that visible indicators like the recording light may be too subtle to reliably alert bystanders, especially in bright outdoor conditions.

Despite the backlash, the commercial momentum is strong, and other major tech firms are preparing their own versions. Apple, Snap, and Google are all reportedly working on smart-glasses products, suggesting this could become a major new consumer category rather than a passing trend. The BBC’s reporting points to a familiar tech dilemma: a device can be genuinely useful while still raising difficult questions about consent, surveillance, and the limits of public privacy.
Read more »
Subscribe to: Posts (Atom)

Featured