Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

FROST Attack: Websites Can Now Spy on Users Via SSDs

Websites have always tried to spy on user activity through browsing histories, mouse clicks and keystrokes, and device fingerprints. Even Ya...

All the recent news you need to know
data security
Android Smartphone Customer Data Exposed customer data leak Data Breach Data Leak Data Privacy data security

Trump Mobile Data Leak Exposes Customer Information as Questions Grow Around T1 Smartphone

 

Following confirmation by Trump Mobile, fresh attention has turned toward the company over a breach affecting its T1 smartphone users. Sensitive data - such as contact numbers, residential locations, emails, and additional private records - appeared publicly online, sources indicate. This exposure casts doubt on how securely the firm manages user information. Questions emerge about safeguards meant to protect personal details. 

A statement from a Trump Mobile representative confirmed none of the leaked data involved monetary records. Yet word emerged solely once people found their private info appearing on web platforms. Skeptics wonder about the delay in alerting impacted clients despite clear dangers tied to such leaks. Despite awareness, updates reached users well after exposure occurred. Blame for the event points toward an outside tech partner handling parts of Trump Mobile's systems. 

Though confirmation came from Trump Mobile about information being exposed, the specific vendor stayed unnamed in public updates. Details about customer notifications remain unclear, with no official word on outreach efforts so far. Later arriving than first planned, the phone now joins past problems tied to the Trump Mobile T1 handset. Though initially set for an August 2025 release, several setbacks pushed delivery further into delay. 

At first, ads insisted production would happen within U.S. borders - this messaging changed over time, replaced by phrases like "crafted around American ideals." Despite its appeal, the T1 phone faces scrutiny due to visual and sourcing concerns. A golden exterior carries a symbolic banner on the rear - yet close inspection reveals just eleven bars where thirteen should appear. Some watchers point out discrepancies resembling those seen in national imagery. Doubt emerges too around innovation claims, given speculation it may simply repurpose another model already on the market. 

Some industry analyses point to similarities between the T1 and earlier Android phones, many made outside domestic markets. Because of these links, questions about its cost have grown - priced above five hundred dollars, it stands out next to far cheaper counterparts. Though not identical, enough resemblance exists to spark discussion among buyers and critics alike. Worries have grown since details of the leak came to light, touching both users and analysts. 

Though Trump Mobile insists nothing related to money was exposed, risks tied to trust and safety surface when private details are found unprotected on the web. With reviews still underway, clarity could become a priority - especially around how the event unfolded and what happens behind the scenes with user records.
Read more »
Private Data
Data Breach NHS Trust Nottingham Attacks Patient Records Private Data

Nottingham Attacks Survivors Left Out in Data Breach Inquiry as NHS Trust Apologizes

 

Nottingham University Hospitals NHS Trust has issued an apology after a public inquiry revealed that survivors of the Nottingham attacks were not properly considered when a major data breach investigation began. Medical director Manjeet Shehmar acknowledged that the trust’s early response caused additional distress to victims and their families, admitting that the initial focus was too narrow and primarily centered on the families of those who died rather than including the people who survived the attack. 

The breach stems from the June 13, 2023 attacks carried out by Valdo Calocane, who murdered three people and seriously injured three others at locations in and around Nottingham. Following the attacks, it was discovered that staff at the trust had inappropriately accessed medical records belonging to victims without proper authorization. The trust launched an internal investigation in 2025, which uncovered widespread unauthorized access to sensitive patient information during a period when survivors and bereaved families were already coping with extreme trauma. 

The inquiry found that 11 employees were dismissed after the trust confirmed multiple serious breaches of data protection protocols. The dismissed staff included nurses and other healthcare workers, indicating that the unauthorized access was not confined to a single department. Several other employees received final written warnings or first written warnings. The scale of the dismissals and warnings highlighted how deeply the breach penetrated the trust’s operations and raised serious concerns about internal safeguards for protecting patient records.

Survivors’ legal representatives had to intervene before the trust fully recognized that survivors should be included in the inquiry process from the beginning. This delay meant that the emotional and psychological impact on the people who lived through the attack was not initially addressed, even though they were directly affected by both the original violence and the subsequent data breach. The trust acknowledged that it failed to consider survivors from the start, which compounded the distress caused by the breach. 

The case has become a significant example of how institutions must balance their duty to investigate data breaches with their responsibility to protect the well-being of victims. For survivors and bereaved families, critical questions remain about what specific information was accessed, who viewed the records, and why existing safeguards were not strong enough to prevent unauthorized access. The inquiry continues to examine these issues as part of a broader review of institutional responses to major crimes when the very systems meant to protect patients fail during times of crisis.
Read more »
Ransomware Attack
Cybersecurity Incident Dark Web Leak Data Extortion Data Leak financial data exposure Information Security MyPillow Data Breach Play Ransomware Ransomware Attack

MyPillow Hit by Ransomware Attack as Cyber Threats Intensify


 

MyPillow, a Minnesota-based bedding manufacturer founded by Mike Lindell, has been targeted by a ransomware group. This adds the company to a growing list of organizations that are currently under cyber extortion threats. As a result of the unauthorized access to a broad range of sensitive corporate and personal records, identified as Play, the threat actor claims that payroll data, financial information, tax information, identification information, and internal business files have been exfiltrated. 

The claims have attracted attention due to the sensitive nature of the alleged exposed data, even though Lindell has denied the allegations and described them as politically motivated. As a result of this incident, the risks associated with modern ransomware campaigns are evolving, resulting from increased data theft and public exposure, which often accompany or replace traditional file encryption methods. 

MyPillow has become increasingly aware that its network has been compromised and its company data has been stolen as further details emerge from the alleged intrusion. It was reported that CEO Mike Lindell dismissed the claims when they first emerged in May 2025, however, the threat actors later released approximately 9.8 gigabytes of data via a dark-web leak portal, a tactic commonly used to pressure organizations unwilling to negotiate ransom. 

There are 11,456 files reported in the dataset dating from 2011 through 2026, indicating that historical records of the company have been preserved alongside more recent information about the company. This exposure indicates that the attackers obtained sensitive operational data, including payroll records and financial transactions, indicating the potential depth of the compromise, as well as raising further concerns about how long unauthorised access will remain within the company's network. 

Play's dark-web leak portal revealed the allegations of MyPillow, listing the company among its claimed victims and setting a deadline for public release of purportedly stolen information if ransom negotiations failed. The allegations gained further visibility when MyPillow appeared there. Ransomware operations are evolving in a broader sense, with attackers increasingly stealing data and threatening to publish it, as opposed to relying solely on file encryption to threaten victims.

In the ransomware ecosystem, data-centric extortion tactics are becoming increasingly popular. Modern threat groups increasingly prioritize stealing sensitive information over system encryption as a means of disrupting business operations. By leveraging the threat of public disclosure, they are exerting pressure on victims by leveraging the theft of sensitive information. By adopting this approach, organisations become more vulnerable to reputational damage, regulatory scrutiny, legal liabilities, and heightened concerns about employee and customer privacy as a result of an incident. 

The lack of verification can lead to unverified claims of data compromise quickly escalating to a broader business risk, prompting questions about the security posture of the organization and the integrity of data that has been entrusted to it from stakeholders, partners, insurers, and regulators. In addition to the nature of the alleged cyber intrusion, the incident has gained heightened public attention as a result of the company's and its leadership's high profile. 

During Mike Lindell's tenure, MyPillow has grown beyond its flagship bedding products to include mattresses, linens, bath products, nutritional supplements, coffee, and snacks. Since Lindell is a political activist and continues to promote disputed claims regarding the 2020 U.S. presidential election, MyPillow's public profile extends beyond retail. These claims have resulted in multiple legal challenges, making any major development involving the company likely to be of interest to individuals outside the cybersecurity community as well. 

The consequences of such an unverified claim of data compromise are that it quickly escalates into a broader business risk, causing stakeholders, partners, insurers, and regulators to inquire about the organization's security posture and the integrity of data entrusted to it. Due to the nature of the alleged cyber intrusion as well as the profile of the company and its management, the incident has heightened public attention. 

Since Mike Lindell has become President of MyPillow, it has expanded its product line beyond its bedding offerings to encompass mattresses, linens, bath products, nutritional supplements, coffee, and snack items. Due to Lindell's political activism and ongoing promotion of disputed claims surrounding the 2020 United States presidential election, MyPillow's public profile has extended beyond retail. 

A number of legal challenges have been brought against the company for these claims, making any major development involving the company likely to draw attention from outside the cybersecurity community as well. 

According to Lindell, political controversy has negatively impacted MyPillow's business, indicating that independent assessments have estimated an estimated $400 million in losses to the company and brand. Additionally, Lindell indicated that he plans to seek compensation through President Donald Trump's recently instituted $1.8 billion Anti-Weaponization Fund, an initiative that has become the subject of political debate and controversy. 

Since several years, MyPillow has had financial difficulties, particularly after major retailers, including Walmart, Kohl's, J.C. Penney, Wayfair, and Bed Bath & Beyond, removed its products from their shelves as a result of the events surrounding January 6. While Lindell has maintained that these decisions were politically motivated, several retailers have indicated that declining consumer demand played a significant role in these decisions. Due to this, the ransomware claims are coming at a time when the company is already confronting legal disputes, reputational pressure, and broader political controversy. 

The ten candidates who seek the Republican nomination to run for Minnesota’s gubernatorial office include Lindell, who will face Senator Amy Klobuchar as the Democratic frontrunner after Governor Tim Walz has decided not to seek another term. 

Based on the information reportedly exposed through the leak, it appears as though access has been gained to some of the company's most important financial and personnel records. It is believed that the breach resulted in the theft of Social Security numbers, tax documentation including W-9 and 1099 forms, payroll records containing employee contact information, bank statements, wire transfer documentation, American Express account statements, vendor billing records, advertising expenditure reports, internal audit documents, budgeting materials from the corporation, and even aviation-related expense logs associated with private aircraft operations. 

From a data security and compliance perspective, the breadth of the dataset indicates that the attackers may have accessed systems that contained both administrative and operational information, thus increasing the severity of the incident. 

From a data security and compliance perspective, MyPillow has not disclosed how many people were potentially affected, whether external incident-resolution specialists were consulted, or whether identity theft protection services were offered to the affected. It remains unclear, therefore, how the breach was disclosed, how notifications were carried out, and how the company is conducting remediation efforts.

In addition to the immediate allegations, this incident illustrates an important aspect of cybercrime: access to sensitive information has become just as valuable to threat actors as access to systems. In this case, it is likely that the outcome will be determined not only by what was accessed, but also by what was disclosed.
Read more »
website
Android Cyber Security OSINT sensitive information spyware website

Android Spyware ‘Asin’ Uses Fake News and Utility Apps to Target Arabic-Speaking Users




Researchers at ESET have identified a previously undocumented Android spyware strain called Asin that is being distributed through fraudulent websites aimed at Arabic-speaking users.

According to the security company, the activity was first observed in early 2025 and involved several separate campaigns. The operators used different websites during each phase of the operation, presenting them as legitimate services to encourage users to download malicious Android applications.

Among the websites identified by researchers was govlens[.]net, which was registered in May 2025 and presented itself as a government-related news platform. Another site, pdf-reader[.]help, registered two days later, claimed to provide secure PDF viewing and editing capabilities. A third domain, live-war-map[.]com, registered in January 2025, advertised itself as a source of information about military incidents and conflict activity.

ESET found that some of these websites were promoted through social media accounts on Facebook and Telegram. The campaign's Telegram presence appeared to draw inspiration from Live Universal Awareness Map (Liveuamap), a legitimate service widely used to monitor armed conflicts, humanitarian crises, natural disasters, human rights developments, and geopolitical events around the world.

While the websites offered services that appeared useful or relevant to their intended audience, the downloaded applications contained hidden spyware components. Researchers said the malicious apps combined advertised functionality with surveillance capabilities operating in the background.

Additional evidence suggests the campaign remained active beyond its initial discovery. ESET identified several artifacts linked to Asin, including a sample uploaded to VirusTotal from Türkiye in October 2025. Another malicious Android package was downloaded from the domain c-pdf[.]net in December 2025 by a user operating a Xiaomi Redmi Note 13 Pro running Android 15.

Researchers also revealed a separate application disguised as Syria Defense Map. That sample was detected on a Xiaomi Redmi Note 13 Pro+ 5G device using Android 15 around mid-January 2026. In that case, the application was reportedly obtained through the website syriadefensemap[.]com.

As with many Android threats distributed outside official app marketplaces, users must manually install the software before it can operate. The spyware also relies on victims granting requested permissions, which can provide access to sensitive information stored on the device.

ESET has not attributed the activity to any known threat group, and the purpose behind the operation remains uncertain. However, the themes used throughout the campaign provide some indication of who may have been in the attackers' sights.

The company noted that three of the fraudulent applications, GovLens, WarMap, and Syria Defense Map, appear particularly relevant to individuals involved in open-source intelligence (OSINT) research. Because the applications focused on news gathering, conflict tracking, and investigative information, researchers believe Arabic-speaking journalists and OSINT practitioners may have been among the intended targets.

The findings illustrate how threat actors continue to package malicious code within applications that appear credible and useful. By exploiting interest in current events, government information, and conflict monitoring, attackers increase the likelihood that users will install software capable of collecting data from their devices without raising immediate suspicion. 

Read more »
Illegal Gambling
Confidential Data Cyber Security Data Breach data misuse Data protection data security Google Exploit Google Search History Illegal Gambling

Google Employee Charged After Allegedly Using Confidential Search Data to Win $1.2 Million on Polymarket

 

A person working at Google stands charged with misusing private internal data to make winning predictions online - profits reportedly surpassing $1.2 million. In Manhattan, federal authorities say access to unreleased insights about what people search was leveraged improperly; outcomes linked directly to Google's own ranking movements. While performing regular job duties, the individual allegedly monitored patterns not meant for public view, then applied that knowledge elsewhere. Bets placed on future trends were informed by information obtained through employment. 

The case centers on whether insider awareness crossed into illegal territory when used outside corporate boundaries. Though common tools were involved, their application in forecasting events raised legal concerns. What began as routine work activity appears to have branched into personal financial gain. Investigators emphasize timing and access as critical elements under review. Working at Google as an information security engineer, Michele Spagnuolo reportedly gained access to user interaction logs tied to search activity. With such access came the ability - allegedly - to observe patterns others could not. 

From there, it is claimed he placed multiple wagers on Polymarket, where event-based predictions are monetized. The charges stem from a federal filing stating those trades relied on nonpublic insights. Though meant to remain confidential, the data supposedly guided his entries on the betting site. Each transaction appears linked to specific shifts in public interest tracked internally at Google. What followed was scrutiny when usage anomalies matched his market moves. It is claimed by investigators that Spagnuolo leveraged private data on Google searches to forecast movements tied to the company's yearly ranking releases. 

Because he had clearance to sensitive corporate details, prosecutors argue, he was aware of outcomes ahead of official announcements. With such insight came an edge - bets were made under conditions most market participants could not replicate. His position reportedly created opportunities far beyond what typical traders experience. Later came confirmation - Google's 2025 search data showed D4vd ranked highest by public interest. That result lined up exactly with a gamble made earlier under the alias "AlphaRaccoon." The bet had favored musician D4vd despite slim odds offered on prediction platforms. Authorities now connect Spagnuolo to that username. Before the list dropped, few expected such an outcome. Profits surged after the official release. 

Unlikely forecasts sometimes pay off, especially when timing aligns. Funds from successful trades reportedly added up to about $1..2 million, according to federal authorities. Following the influx of money, Spagnuolo began altering records - shifting details around - to mask who really controlled the accounts. Behind these actions lay an attempt, officials claim, to cover up improper use of confidential data. Prosecutors filed charges over commodities fraud, followed by wire fraud, along with money laundering accusations. 

Held in New York, Spagnuolo - an Italian national - gained release after posting a $2.25 million bond backed not only by cash but also by additional financial assurances as legal proceedings continue. When questioned about the claims, Google mentioned working alongside law enforcement. While workers may access certain internal systems normally, turning private data into gambling material crosses clear policy lines, according to the firm. 

Following review procedures, the individual involved was temporarily removed from duties until outcomes are determined. Two big court cases this year in New York target Polymarket, showing growing scrutiny. Behind the scenes, officials are digging into ways secret data might sway betting odds on forecasts. Questions grow about whether stronger rules should block insiders from exploiting these platforms. What happens next could reshape how such markets operate under watch.
Read more »
US
Ads Chrome Digital Ads Google Location Privacy Tech US

Hackers Use Phone Location Data to Attack US Military Personnel

Hackers Use Phone Location Data to Attack US Military Personnel

Threat actors are targeting U.S. military personnel deployed in active war zones, exploiting commercially available location data. 

This shows how the global surveillance economy (digital targeted advertising) affects battlefield security. 

Location data exposing military location

The US Central Command (Centcom) confirmed this attack and said, "multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater."

Details about the incident

This alarming development was shared with Reuters by Senator Ron Wyden, but no particular detail about the incident was offered. 

But Centcom’s operation area consists of the Gulf, where the US forces are at war with the Iranian military. This is the first time that US forces have confirmed it is being targeted in an active war zone with the help of digital ads that are exposing location data. 

Officials’ statements

According to Pentagon and the US lawmakers, “"commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, and for counterintelligence."

Lawmakers warned that "commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, and for counterintelligence."

The risk of digital advertising targeting in wars

Senator Wyden has warned that it is time to “"start treating the adtech industry as a national security threat." 
The problem has again exposed the underlying privacy threats concerning location data, which is the foundation of digital advertising.

The Pentagon did not return messages seeking comment, and lawmakers' efforts to obtain more information from military officials about the targeting reports.

Attack tactic

The location data is retrieved by apps through smartphones or service providers. For instance, a third-party sometimes collects the data which is sold on the web for advertising purposes.

The privacy threats of selling personal location data is not new. In 2016, a US defense contract bought commercially available location data to trace special ops forces from their domestic bases to a private staging post in Syria, according to a Wall Street Journal (WSJ) report. 

Recently, reporters from two German news outlets and the Wired used billions of coordinates from a data broker to leak detailed locations of individuals near eleven US military sites in Germany. 

The US lawmakers wrote a letter to the Pentagon which argued that military officials should act faster to protect military personnel, as their location is sometimes exposed due to the complex location data trade market.

The US lawmakers have suggested to:
  1. Disable location sharing on field smartphones
  2. Shifting military staff away from Google Chrome in favour of privacy focused browsers.
  3. Turn off digital advertising on military devices.

The impact

Advertising groups such as the Association of National Advertisers and the Interactive Advertising Bureau have not responded to any questions or comments.

North Carolina Republican and former U.S. Army Special Forces officer, representative Pat Harrigan, co-signed the letter, saying that browsers such as Google Chrome “are built from the ground up to collect and share user data. every day they remain on government-issued devices is another day we are handing our adversaries a weapon against our own troops.”

Responding to the statement, Google said that its browser has “industry-leading security" and has "long advocated for stronger rules and safeguards against data brokers."
Read more »
Subscribe to: Posts (Atom)

Featured