Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
Vehicle Surveillance
Connected cars Cyber Security Data collection Smart Car Privacy Vehicle Surveillance

Your Car Is Spying on You—and It’s About to Get Worse

 

Cars used to be simple machines that carried people from one place to another. Today, they are rolling computers packed with sensors, microphones, cameras, GPS receivers, and internet connections. That shift has turned the modern vehicle into a powerful data collector, often recording far more than location or mileage. For many drivers, the unsettling part is not just that cars gather information, but that the process is now built into the way many features work. 

The data collected can be surprisingly intimate. Depending on the brand and model, cars may track where you go, how fast you drive, when you brake, what entertainment you use, and even physical or behavioral cues such as voice commands, seat settings, facial expressions, or body weight estimates. Some systems can also log passengers and nearby devices, creating a broad picture of who is in the car and how they behave. What makes this especially worrying is that drivers often do not see the full extent of what is being gathered. 

The bigger issue is what happens after the data is collected. Privacy policies can allow manufacturers, service providers, insurers, advertisers, and other third parties to access or share the information. In practice, opting out may be difficult or impossible because many connected features depend on data collection to function. That means consumers may face a trade-off between convenience and privacy, often without realizing how much personal information they are giving away. 

This is why the debate around connected cars is no longer just about safety or convenience. It is also about consent, transparency, and accountability. Drivers may assume their vehicle is a private space, but modern software can turn it into a monitoring platform. As automakers add more digital services, remote controls, and subscription features, the amount of data generated by each trip is likely to grow even further. 

The lesson is simple: buying a car now involves more than checking the engine, fuel economy, or price. It also means understanding the privacy cost of connected technology. Drivers should review data settings, read privacy terms carefully, and think about which features are worth the information they reveal. In the era of smart vehicles, the road ahead is not only about mobility; it is also about who gets to see your life along the way.
Read more »
Cyber Security
Ad Data Privacy AI Chatbot AI Privacy AI Security chatbot security Cyber Privacy Cyber Security

WhatsApp Incognito AI Chats Raise Privacy and Accountability Concerns

 

Private AI chats are now arriving on WhatsApp through a new incognito mode where conversations disappear once they end. Neither users nor Meta will retain copies of these exchanges, according to the company. Executives say the feature was designed for sensitive discussions involving health, finances, relationships, or personal struggles, where users may not want permanent records stored online. 

Unlike most AI systems that retain chat history for moderation, improvements, or future model training, Meta claims these AI conversations will not be saved on company servers at all. CEO Mark Zuckerberg described it as one of the first major AI systems built without maintaining conversation logs. According to Will Cathcart, many users feel uncomfortable sharing private information when companies can later review chat histories. 

To address this, the new setting automatically erases AI discussions after completion, leaving no retrievable record behind. Although WhatsApp says the feature provides protections similar to end-to-end encryption, the company acknowledged the underlying technology differs from the encryption used for regular WhatsApp messages. Meta nevertheless maintains that users should expect comparable privacy safeguards while interacting with AI tools. 

Despite the stronger privacy focus, cybersecurity experts warn the system could create accountability challenges. Alan Woodward from the University of Surrey noted that while the feature is unlikely to weaken WhatsApp’s broader security infrastructure, disappearing AI chats could make it difficult to investigate harmful responses or dangerous recommendations generated by the chatbot. Companies including OpenAI and Google have already faced legal scrutiny tied to allegations that AI conversations contributed to emotional harm, unsafe behavior, or psychological distress. 

If AI chats vanish permanently, neither users nor Meta may be able to review what was said during critical interactions. Experts also warn that disappearing chat histories may reduce transparency around misinformation, moderation failures, or unsafe advice shared privately by AI systems. Without stored records, proving what responses were generated during sensitive moments becomes far more difficult. Meta says additional safety protections are still being developed. 

Initially, the incognito mode will support only text conversations rather than image processing, while stricter moderation guardrails are expected to block prompts considered harmful, illegal, or dangerous. The feature also reflects Meta’s broader push to integrate AI across Instagram, Facebook, and Messenger. Despite criticism from some users after Meta AI was added to WhatsApp without a full removal option, the company continues aggressively expanding its AI ecosystem. 

Industry analysts say Meta’s growing investment in AI infrastructure is tied to intense competition across the technology sector. The company is expected to spend heavily on artificial intelligence throughout 2026 to improve advertising systems, shopping features, and user engagement tools. Investors, however, remain cautious about whether those enormous investments will ultimately generate long-term returns. 

WhatsApp’s disappearing AI conversations highlight an increasingly important debate surrounding privacy and accountability. While users may value confidential AI interactions, experts warn that removing all conversation records could also make it harder to investigate misuse, harmful outcomes, or dangerous AI behavior later on.
Read more »
User Privacy
Cyber Security Meta Meta Glass Smart Glasses User Privacy

Meta Smart Glasses Secretly Film Women: Privacy Invasion Crisis Explained

 

Smart glasses are moving from novelty to mainstream, and Meta’s Ray-Ban model is leading the market. The BBC says Meta accounts for about 80% of sales in the smart-glasses category, helped by the familiar Ray-Ban design and the addition of a built-in camera, speakers, and AI features. That combination has made the product appealing to early adopters who want hands-free music, calls, photos, and information on the go. 

But the same features that make smart glasses attractive also make them controversial. The report describes women being filmed without their knowledge by men wearing the glasses, often in everyday settings such as beaches, shops, and sidewalks. Those videos can later appear online and attract harassment, while the people recorded may not even realize it happened until much later. 

Privacy concerns are not limited to casual misuse. The report says some wearers have been surprised to discover what their glasses were recording, while lawsuits have also been filed over videos captured through the devices and used for AI training. In addition, experts quoted in the report warn that if smart glasses become common, it may become much harder to enforce norms around sensitive places like courthouses, hospitals, museums, and bathrooms. 

Meta says the glasses are designed with privacy in mind and that users should behave responsibly. The company’s spokesperson told the BBC that it has teams focused on limiting misuse, but also argued that the ultimate responsibility lies with individual users. Even so, the report notes that visible indicators like the recording light may be too subtle to reliably alert bystanders, especially in bright outdoor conditions.

Despite the backlash, the commercial momentum is strong, and other major tech firms are preparing their own versions. Apple, Snap, and Google are all reportedly working on smart-glasses products, suggesting this could become a major new consumer category rather than a passing trend. The BBC’s reporting points to a familiar tech dilemma: a device can be genuinely useful while still raising difficult questions about consent, surveillance, and the limits of public privacy.
Read more »
Microsoft security
Credential Security Cyber Phishing Cyber Security Data protection data security Microsoft Microsoft security

Microsoft Warns Users About Rising QR Code Phishing and Quishing Scams

 

Microsoft’s cybersecurity researchers have uncovered a growing wave of phishing scams using QR codes hidden inside emails, PDF files, and fake CAPTCHA pages. Instead of clicking suspicious links, victims scan QR codes that secretly redirect them to fraudulent websites designed to steal login credentials and session data. The attacks spread quickly because they bypass many traditional security filters and often appear harmless at first glance. 

Known as “quishing,” these scams hide malicious links inside QR codes, avoiding the usual warning signs tied to suspicious URLs. Emails often create urgency through fake compliance notices, security alerts, or missed-message warnings, encouraging users to scan the code without carefully checking the sender. According to Microsoft, attackers are impersonating HR teams, IT departments, managers, and office administrators to make messages appear legitimate. 

Once scanned, users are routed through several webpages before landing on counterfeit login portals built to capture usernames, passwords, and even live session tokens capable of bypassing some two-factor authentication protections. Researchers say more than 35,000 users across approximately 13,000 organizations worldwide have already been targeted, with cases continuing to rise. Many people trust QR codes because they are commonly used for menus, payments, and sign-ins, making them less likely to question the risks behind scanning one. 
Cybercriminals are exploiting that familiarity to trick users into exposing sensitive information. A recent case highlighted by Digit.in demonstrated how convincing these scams can be. Employees reportedly received emails appearing to come from an Office 365 administrator claiming several messages were awaiting approval. Instead of links, the email included a QR code directing users elsewhere. Investigators tested the QR code using a freshly wiped mobile device across Android and iOS platforms to minimize potential risks. 

While the QR codes in that case did not install malware or alter device settings, the test showed how easily similar scams could deceive unsuspecting users. Security professionals warn that scanning unfamiliar QR codes on devices containing banking apps, work credentials, personal photos, or confidential files can expose users to serious threats without obvious warning signs. Experts recommend avoiding QR codes sent through unsolicited emails, verifying senders carefully, and checking linked addresses before entering passwords. 

As cybercriminals increasingly rely on social engineering instead of direct hacking, simple actions like scanning a QR code are becoming new entry points for digital attacks.
Read more »
Threat Investigation
AI SOC Alert Overload Cyber Security SOC Security Threat Investigation

SOC Alert Overload: Why More Analysts Won’t Help

 

Security operations centers are facing a problem that hiring alone cannot solve. Alert volumes keep rising, attackers move faster than most human teams can investigate, and many SOCs still rely on workflows built for a much smaller stream of events. The result is a widening gap between the alerts generated by modern systems and the number that can be analyzed with real depth. 

Even when organizations add analysts, the queue often remains crowded because the underlying process still depends on manual triage. That is why security experts argue the issue is not a staffing shortage alone, but an operating-model failure that leaves teams reacting instead of defending. 

Most SOCs have already tried the obvious fixes. They prioritize critical alerts, suppress noisy detections, and tune rules to reduce false positives. Those steps help, but they do not remove the central bottleneck: too many alerts still reach humans for investigation. The article explains that low- and medium-severity events are especially dangerous because attackers often hide inside them, knowing analysts are overwhelmed. When those signals sit in a backlog, the delay becomes a security weakness in itself. 

To test whether a SOC is truly under strain, security experts suggest a quick diagnostic. Leaders should ask how many high-priority alerts were actually investigated, how often detection rules were suppressed without replacement coverage, whether analyst turnover has created a fragile bench, and what task would be sacrificed if alert volume doubled overnight. If the answers reveal gaps, the problem is not effort or discipline. It is capacity, continuity, and architecture. 

The proposed answer is not to push analysts harder, but to change how investigations are handled. AI-based SOC platforms can triage alerts at scale, document reasoning, and free analysts from repetitive work. In the examples cited, teams completed thousands of investigations quickly and recovered large amounts of analyst time. That shift also allowed some organizations to reduce SIEM-related spending by cutting unnecessary ingest and storage. Humans still matter, but their role changes: they focus on insider threats, novel attack patterns, and cases that require business or regulatory judgment. 

The broader lesson is simple. Modern SOCs need a model that matches today’s attack speed and alert volume. If the queue is always full, more people will only slow the pain, not remove it. The stronger answer is to redesign the workflow so that technology handles scale and analysts handle judgment, because that is where security value actually comes from.
Read more »
Data Leak
AI Bug Management Cloud Cyber Security Data Data Leak

9-Year-Old Linux bug Found by Researchers, Could Leak Data


Experts have revealed details of a bug in the Linux kernel that stayed unnoticed for nine years. The flaw is tracked as CVE-2026-46333 (CVSS score: 5.5). 

Improper bug management 

The incident is improper privilege management that could have allowed threat actors to reveal sensitive data as unprivileged local users and launch arbitrary commands on default installs such as Ubuntu, Debian, and Fedora. Its alias is aka ssh-keysign-pwn.

Vulnerability existed since 2016

Cybersecurity firm Qualys found the flaw. Since November 2016, the problem has been present in mainstream Linux (v4.10-rc1). 

Distribution updates and upstream patches are already accessible. There are publicly available working exploits, thus administrators should install vendor kernel upgrades right away, Qualys said.

Privilege compromise tactic

TRU discovered a small window in which a privileged process that is dropping its credentials can still be accessed through ptrace-family operations, despite the fact that its dumpable flag should have blocked that path, during ongoing study into Linux kernel privilege boundaries.  

Qualys also added that an attacker can obtain open file descriptors and authenticated inter-process channels from a dying privileged process and utilize them under their own uid by combining this window with the pidfd_getfd() syscall (introduced in v5.6-rc1, January 2020)

What is successful exploit?

Successful bug exploit can allow a local threat actor to reveal /etc/shadow and ho'st private keys under /etc/ssh/*_key, and deploy arbitrary commands as root via four distinct hacks attacking ssh-keysign, accounts-daemon, chage, and pkexec.

PoC exploit

The bug reveal is a proof-of-concept (PoC) exploit for the bug. It was released recently, and soon after, a public kernel surfaced. CVE-2026-46333 is the latest security bug revealed in Linux after Dirty Frag, Fragnesia, and Copy Fail in recent months.

How to stay safe

Experts have advised to use the latest kernel update released by Linux distributions. If users are unable to do it immediately, temporary patchwork includes raising "kernel.yama.ptrace_scope" to 2.
Qualys added, "On hosts that have allowed untrusted local users during the exposure window, treat SSH host keys and locally cached credentials as potentially disclosed. Rotate host keys and review any administrative material that lived in the memory of set-uid processes,” Qualys said.

Incident impact

The incident happened after the release of a PoC for a local privilege exploit known as PinTheft that lets local hackers get access to root privileges on Arch Linux systems. The hack requires the Reliable Datagram Sockets (RDS) module to be deployed on the victim system, readable SUID-root-binary, io_ring enabling, and x86_64 support for the given payload.

Read more »
European Union
AI Act AI Deepfakes AI Privacy AI Risks AI Security Cyber Security Deepfake Deepfake Images EU European Union

European Union Agrees to Ban AI Generated Non Consensual Sexualized Deepfakes

 

A temporary deal emerged Thursday between EU lawmakers and national representatives, targeting AI tools that create explicit fake images without consent. Such technology, when applied to produce child exploitation material, will also fall under the new restrictions. Agreement came after extended discussions on digital ethics and public safety concerns. Rules now aim to block deployment of systems designed for these harmful purposes. The move reflects growing attention to misuse of synthetic media across Europe. Final approval processes remain pending among governing bodies. 

Part of wider changes to the EU’s approach on AI, this move fits within the “Omnibus VII” laws meant to streamline digital rule-making. Rules for artificial intelligence across European countries are being aligned through these adjustments, reducing complexity where possible. One goal stands clear - making compliance less fragmented without adding new layers. 

Updates like this reshape how standards apply, slowly shifting the landscape from within. Following talks, officials announced updated guidelines banning artificial intelligence systems from producing private or explicit material about people without their agreement. These measures single out synthetic media depicting minors in sexually abusive scenarios - prompted by rising unease around how machine learning models enable manipulation, harmful behavior, and digital assault. 

Though broad in scope, enforcement hinges on consistent oversight across platforms where such technologies operate. Still, Marilena Raouna noted the deal could ease repeated paperwork demands on firms in the EU's tech industry - so long as safeguards around AI oversight remain intact. Compliance dates shift for high-risk AI under the new version of the framework. Starting December 2, 2027, standalone systems classified as high risk must follow the requirements. 

By August 2, 2028, those integrated into physical products come into scope. The timeline change appears in the current draft deal. Rules apply earlier to independent platforms than built-in ones. Registration of exempted AI tools in the European Union's high-risk database forms part of the deal. Authorities believe tracking these technologies will support clearer monitoring. Oversight gains clarity when deployments become visible through such records. Among updated measures, tighter rules return for handling sensitive personal details via AI aimed at spotting or fixing skewed algorithms. 

Government representatives noted these changes strengthen individual privacy safeguards, yet still require firms to justify extensive data use with concrete need. Now arriving amid global scrutiny, the deal reflects mounting demands on authorities to control tools that craft lifelike false media through artificial intelligence. 

While Europe's officials stress consequences, they point especially at intimate imagery made without permission - citing threats it poses to personal boundaries, digital safety, truth integrity, and public standing. Though not yet legally binding, the agreement advances the EU’s push to shape how artificial intelligence is built and used throughout its countries. Approval must come later, but momentum continues.
Read more »
European Union hacking
Chinese Cyber Threat Chinese Hackers Cyber Security Cyberespionage Cybersecurity EU cybersecurity European Union hacking

Chinese Cyber Threats to Europe Growing Through Silent Espionage Tactics

 

Chinese state-supported hacking groups are becoming one of the most serious cybersecurity concerns for the European Union, with experts cautioning that their activities often go unnoticed due to their discreet nature.

Unlike the highly visible cyberattacks commonly associated with Russia, Chinese-linked operations usually focus on quietly gaining long-term access to systems and collecting intelligence over extended periods.

According to Antonia Hmaidi, a senior analyst at the Mercator Institute for China Studies, one of the major risks involves cyber actors targeting small office devices used across Europe. These include routers, printers, and network equipment that frequently lack strong security protections, making them easier to exploit as entry points into larger systems.

“It’s not like Russian attacks, which are very visible. Therefore, we tend to underestimate it,” Hmaidi said.

Concerns over cyberespionage continue to rise

European authorities have increasingly expressed concerns over cyberespionage activities allegedly linked to China, especially as more incidents involving government agencies and private businesses continue to surface.

Rather than disrupting systems immediately, these cyber campaigns are often aimed at gathering confidential information and monitoring sensitive activity over time.

In response to growing security risks, several European institutions have tightened cybersecurity precautions. Earlier this year, members of the European Parliament travelling to China were reportedly advised to use burner phones and avoid carrying personal electronic devices.

Officials stated that the measures were introduced to minimise the possibility of surveillance or cyber intrusion during overseas visits. Lawmakers and staff members were also provided with security guidance and training before departure.

Similar safety protocols have been adopted by other EU institutions as well. Reports suggest that internal guidelines within the Council of the European Union recommend officials avoid carrying electronic devices to certain countries, including China. If devices must be taken, authorities reportedly advise wiping them completely after returning.

At the same time, staff members of the European Commission travelling abroad have reportedly been issued temporary phones and basic laptops to reduce the risk of espionage.

A stealth-driven cyber strategy

Cybersecurity experts believe Chinese cyber operations differ significantly from more aggressive attacks because they prioritise stealth, persistence, and long-term infiltration.

Instead of causing immediate and visible disruption, attackers quietly enter systems, observe operations, and gradually extract valuable information. This strategy makes detection far more difficult and allows intruders to remain active within networks for long periods without being discovered.

As Europe becomes increasingly dependent on digital infrastructure for governance, business, and communication, analysts warn that failing to recognise these hidden cyber risks could pose serious challenges to the region’s long-term security and technological independence.
Read more »
Subscribe to: Posts (Atom)