Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Privacy. Show all posts
X Platform
Grok Imagine MeitY Technology User Privacy X Platform

India Cracks Down on Grok's AI Image Misuse

 

The Ministry of Electronics and Information Technology (MeitY) of India has found that the latest restrictions on Grok’s image generation tool by X are not adequate to prevent obscene content. The platform, owned by Elon Musk, restricted the controversial feature, known as Grok Imagine, to paid subscribers across the globe. The feature was removed to prevent free users on the platform from creating abusive images. However, officials have argued that allowing such image generation violates Indian laws on privacy and dignity, especially regarding women and children. 

Grok Imagine, available on X and as a separate app, has shown a rise in pornographic and abusive images, including non-consensual images of real people, including children, being naked. The feature, known as Spicy Mode, which produced such images, sparked anger across India, the United Kingdom, Türkiye, Malaysia, Brazil, and the European Union. The feature allowed users to create images of people being undressed, including images of women being dressed in bikinis. The feature sparked anger among members of Parliament in India. 

X's partial fixes fall short 

On 2 January 2026, MeitY ordered X to remove all vulgar images generated on the platform within 72 hours. The order also required X to provide a report on actions taken to comply with the order. The response from X mentioned stricter filters on images. However, officials have argued that X failed to provide adequate technical details on steps taken to prevent such images from being generated. The officials have also stated that the website of Grok allows users to create images for free. 

X now restricts image generation and editing via @Grok replies to premium users, but loopholes persist: the Grok app and website remain open to all, and X's image edit button is accessible platform-wide. Grok stated illegal prompts face the same penalties as uploads, yet regulators demand proactive safeguards. MeitY seeks comprehensive measures to block obscene outputs entirely. 

This clash highlights rising global scrutiny on AI tools lacking robust guardrails against deepfakes and harm. India's IT Rules 2021 mandate swift content removal, with non-compliance risking liability for platforms and executives.As X refines Grok, the case underscores the need for ethical AI design amid tech's rapid evolution, balancing innovation with societal protection.
Read more »
User Privacy
Data Breach Data Theft ESA User Privacy

ESA Confirms Cyber Breach After Hacker Claims 200GB Data Theft

 

The European Space Agency (ESA) has confirmed a major cybersecurity incident in the external servers used for scientific cooperation. The hackers who carried out the operation claim responsibility for the breach in a post in the hacking community site BreachForums and claim that over 200 GB worth of data has been stolen, including source code, API tokens, and credentials. This incident highlights escalating cyber threats to space infrastructure amid growing interconnectedness in the sector 

It is alleged that the incident occurred around December 18, 2025, with an actor using the pseudonym "888" allegedly gaining access to ESA's JIRA and Bitbucket systems for an approximate week's duration. ESA claims that the compromised systems represented a "very small number" of systems not on their main network, which only included unclassified data meant for engineering partnerships. As a result, the agency conducted an investigation, secured the compromised systems, and notified stakeholders, while claiming that no mission critical systems were compromised. 

The leaked data includes CI/CD pipelines, Terraform files, SQL files, configurations, and hardcoded credentials, which have sparked supply chain security concerns. As for the leaked data, it includes screenshots from the breach, which show unauthorized access to private repositories. However, it is unclear whether this data is genuine or not. It is also unclear whether the leaked data is classified or not. As for security experts, it is believed that this data can be used for lateral movements by highly sophisticated attackers, even if it is unclassified. 

Adding to the trouble, the Lapsus$ group said they carried out a separate breach in September 2025, disclosing they exfiltrated 500 GB of data containing sensitive files on spacecraft operations, mission specifics, and contractor information involving partners such as SpaceX and Airbus. The ESA opened a criminal investigation, working with the authorities, however the immediate effects were minimized. The agency has been hit by a string of incidents since 2011, including skimmers placed on merchandise site readers. 

The series of breaches may be indicative of the "loosely coupled" regional space cooperative environment featuring among the ESA 23 member states. Space cybersecurity requirements are rising—as evidenced by open solicitations for security products—incidents like this may foster distrust of global partnerships. Investigations continue on what will be the long-term threats, but there is a pressing need for stronger protection.
Read more »
User Privacy
Data Breach Honeypot Resecurity SLH Group User Privacy

Resecurity Breach Claims Exposed as Honeypot Deception

 

The hackers, who claimed to represent the “Scattered Lapsus$ Hunters” (SLH) group, believed they successfully compromised Resecurity, a cybersecurity firm based in the United States, by exfiltrating their data. Resecurity disputed this by saying they were only able to gain access to their honeypot, which was set up to provide fake data to potential attackers. Such differing accounts of an incident show not only the brazenness of financially driven attackers but also the increasing use of deception techniques by attackers to gain intelligence.

The SLH members propagated their allegations through Telegram, claiming “full access” to the Resecurity systems and the theft of all internal conversations and logs, employee data, threat intelligence reports, and an extensive list of clients and their information. In an attempt to prove the validity of these allegations, the SLH members shared screenshots of Resecurity’s internal “Mattermost” environment, where conversations between the company employees and Pastebin representatives about malicious data on the Pastebin platform were shown. The SLH members described the attack as retaliation against Resecurity, which they believed was trying to socially engineer them by impersonating the buyers of the stolen Vietnamese financial database in order to receive complimentary samples and more information about their activities. 

Adding to this complexity, the renowned threat actor group known as ShinyHunters, known to have been part of the Scattered Lapsus$ Hunters umbrella, later disclaimed their involvement in this incident. This was revealed when a representative of ShinyHunters told a local media outlet that, although they have long claimed to be part of SLH, they did not have any involvement in this incident against Resecurity. This has left many questions regarding how these overlapping groups coordinate their efforts or if SLH uses its association with ShinyHunters to magnify its efforts. 

Resecurity firmly disputes any compromise of its production environment, asserting that the attackers never touched live systems or genuine client data but instead interacted with a purpose-built honeypot. According to a report filed on December 24, it was determined that the initial recon in the vulnerable environment was first spotted on November 21, 2025, with subsequent scanning activities originating from Egyptian IP addresses and utilizing Mullvad VPN. In this regard, in order to monitor the tactics, techniques, and procedures of the attacker, the Digital Forensics and Incident Response (DFIR) team set up an isolated “honeypot” account. 

To make the bait more convincing, Resecurity claims the creation of more than 28,000 fake consumer records and over 190,000 fake payment transactions modeled after the official API structures defined by Stripe. Later in December, the attacker reportedly began automated data exfiltration attacks with more than 188,000 requests made between December 12th and December 24th using a wide range of residential proxy IP addresses. During this period, Resecurity claims that sporadic proxy issues temporarily revealed actual IP addresses, helping analysts identify the attacker’s back-end servers, whose details were later shared with a foreign law enforcement agency that subsequently issued a subpoena against the attacker.

After the initial coverage, the attackers contacted Dissent Doe of DataBreaches.net and provided samples of what they claimed was stolen data, seeking to reinforce their narrative. However, an independent review by DataBreaches concluded there was no evidence that SLH obtained information from any real Resecurity clients, aligning with the company’s assertion that only synthetic records were exposed. Meanwhile, the Telegram channel that originally hosted SLH’s breach claims has since been suspended for violating the platform’s policies, limiting the group’s ability to continue publishing its version of events.
Read more »
User Privacy
Biometric Authentication Cyber Fraud OTP Scam UAE Banks User Privacy

UAE Banks Ditch SMS OTPs for Biometric App Authentication

 

UAE banks have discontinued SMS-based one-time passwords (OTPs) for online transactions from January 6, 2026, moving customers to app-based and biometric authentication as part of a wider security overhaul led by the Central Bank of the UAE. This marks a significant shift in how digital payments are approved, aiming to curb SIM-swap and phishing-related fraud while streamlining user experience for cardholders across the country.

Since January 6, customers making online card payments are no longer receiving OTP codes via SMS or email to complete their purchases. Instead, banks will push transaction-approval requests directly to their official mobile applications, where users must confirm the payment using in-app prompts.Major UAE lenders, including names like Emirates NBD and others, have started sending alerts to customers, warning that online payments may fail if the banking app is not installed and activated before the deadline.

Role of biometrics and app authentication

The new model relies heavily on biometric verification such as fingerprint and facial recognition, along with secure app PINs or Smart Pass-style codes built into mobile banking platforms. When a customer attempts an online transaction, a notification appears inside the bank’s app, and the user authorises it with their registered biometric data or a secure PIN rather than typing in a texted code.Banks and regulators describe this as “strong customer authentication,” aligning local practices with international standards similar to Europe’s PSD2 framework for secure digital payments.

Authorities and banks point to rising fraud that targets SMS OTPs, especially SIM-swap scams, phishing schemes and interception of text messages over insecure channels. By tying approvals to registered devices and biometrics inside the banking app, the sector aims to sharply reduce the chance that criminals can hijack authentication codes and authorise fraudulent payments in a victim’s name. The Central Bank’s notice (2025/3057) set March 2026 as the outer deadline to phase out SMS and email OTPs entirely, but most major banks accelerated implementation after seeing a spike in such fraud cases last year.

Impact on customers and preparations

Customers are being urged to update their bank apps to the latest version, register biometrics where available, and enable push notifications so they do not miss approval requests during online shopping or money transfers.Those who do not complete these steps risk declined payments or delays, particularly for e-commerce and international transactions that now depend entirely on in-app verification rather than text messages. Employers and community groups in the UAE have been encouraged to educate less tech-savvy users, including blue-collar workers who rely on digital wallets and remittances, to avoid disruption during the transition period.

The move positions the UAE as one of the early markets to rely almost exclusively on biometric and app-based approvals for everyday retail payments, ahead of many more mature banking jurisdictions. Industry analysts see this shift as part of a broader digital transformation strategy in the country’s financial sector, combining enhanced security with faster, more convenient user journeys for online transactions.For customers, the change may require short-term adaptation, but it is expected to deliver stronger protection and a smoother checkout flow once app-based and biometric authentication becomes routine.
Read more »
User Privacy
Chinese hacking group Data Breach Email Breach Privacy Salt Typhoon U.S. U.S. House committees cyberattack User Data User Privacy

Chinese Hacking Group Breaches Email Systems Used by Key U.S. House Committees: Report

 

A cyber espionage group believed to be based in China has reportedly gained unauthorized access to email accounts used by staff working for influential committees in the U.S. House of Representatives, according to a report by the Financial Times published on Wednesday. The information was shared by sources familiar with the investigation.

The group, known as Salt Typhoon, is said to have infiltrated email systems used by personnel associated with the House China committee, along with aides serving on committees overseeing foreign affairs, intelligence, and armed services. The report did not specify the identities of the staff members affected.

Reuters said it was unable to independently confirm the details of the report. Responding to the allegations, Chinese Embassy spokesperson Liu Pengyu criticized what he described as “unfounded speculation and accusations.” The Federal Bureau of Investigation declined to comment, while the White House and the offices of the four reportedly targeted committees did not immediately respond to media inquiries.

According to one source cited by the Financial Times, it remains uncertain whether the attackers managed to access the personal email accounts of lawmakers themselves. The suspected intrusions were reportedly discovered in December.

Members of Congress and their staff, particularly those involved in overseeing the U.S. military and intelligence apparatus, have historically been frequent targets of cyber surveillance. Over the years, multiple incidents involving hacking or attempted breaches of congressional systems have been reported.

In November, the Senate Sergeant at Arms alerted several congressional offices to a “cyber incident” in which hackers may have accessed communications between the nonpartisan Congressional Budget Office and certain Senate offices. Separately, a 2023 report by the Washington Post revealed that two senior U.S. lawmakers were targeted in a hacking campaign linked to Vietnam.

Salt Typhoon has been a persistent concern for the U.S. intelligence community. The group, which U.S. officials allege is connected to Chinese intelligence services, has been accused of collecting large volumes of data from Americans’ telephone communications and intercepting conversations, including those involving senior U.S. politicians and government officials.

China has repeatedly rejected accusations of involvement in such cyber spying activities. Early last year, the United States imposed sanctions on alleged hacker Yin Kecheng and the cybersecurity firm Sichuan Juxinhe Network Technology, accusing both of playing a role in Salt Typhoon’s operations.
Read more »
User Privacy
Chrome Extension Credential Theft Mobile Security Phantom Shuttle User Privacy

Phantom Shuttle Chrome Extensions Caught Stealing Credentials

 

Two malicious Chrome extensions named Phantom Shuttle have been discovered to have acted as proxies and network test tools while stealing internet browsing and private information from people’s browsers without their knowledge.

According to security researchers from Socket, these extensions have been around since at least 2017 and were present in the Chrome Web Store until the time of writing. This raises serious concerns regarding the dangers associated with browser extensions even from reputable sources. 

Analysis carried out by Socket indicates that the Phantom Shuttle extension directs the online traffic of the victims to a proxy setup that is controlled by the attackers using hardcoded credentials. The attackers hid the malcode using the approach of prepending the malcode to a jQuery library. 

The hardcoded credentials for the proxy are also obfuscated using a custom character index-based encoding scheme, which could impact detection and reverse engineering efficiency. The built-in traffic listener in the extensions is capable of intercepting HTTP authentication challenges on multiple websites.

Modus operandi 

To force traffic through its infrastructure, Phantom Shuttle dynamically modifies Chrome’s proxy configuration using an auto-configuration script. In a default mode labeled “smarty,” the extensions allegedly route more than 170 “high-value” domains through the proxy network, including developer platforms, cloud consoles, social media services, and adult sites. Additionally, to avoid breaking environments that could expose the operation, the extensions maintain an exclusion list that includes local network addresses and the command-and-control domain. 

Since the extensions operate a man-in-the-middle, they can seize data passed through forms such as credentials, payment card data, passwords and other personal information. Socket claims the extensions can also steal session cookies from HTTP headers, and parse API tokens from requests, potentially taking over accounts even if passwords aren't directly harvested. 

Mitigation tips 

Chrome users are warned to download extensions only from trusted developers, to verify multiple user reviews and to be attentive to the permissions asked for when installing. In sensitive workload environments (cloud admin, developer portals, finance tools), minimizing extensions and removing those not in use can also dramatically reduce exposure to similar proxy-based credential heists.
Read more »
User Privacy
Android Spyware Cellik Credential Theft malware User Privacy

Cellik Android Spyware Exploits Play Store Trust to Steal Data

 

Recently found in the Android platform, remote access trojan named Cellik has been recognized as a serious mobile threat, using the Google Play integration feature to mask itself within legitimate applications to evade detection by security solutions.

Cellik is advertised as a malware-as-a-service (MaaS) in the cybercrime forums, with membership rates beginning at approximately $150 a month. One of the most frightening facets of the malware is the fact that it allows malicious payloads to be injected into legitimate Google Play applications, which can be easily installed. 

Once it is installed, Cellik provides complete control over the target device for the attacker. Operators can remotely stream the target device’s screen live, as well as access all files, receive notifications, and even use a stealthy browser to surf websites and enter form data without the target’s awareness. The malware also comes equipped with an app inject functionality that enables attackers to superimpose login screens on normal applications such as bank or email apps and harvest login and other sensitive data. 

Cellik Play Store integration also includes an automated APK builder, so the perpetrators of this crimeware can now browse the store for apps, choose popular apps, and pack them with the Cellik payload in one click bundling it together with the cellik payload. The perpetrators of this attack claim that this allows them to bypass Google Play Protect and other device-based security scanners, but Google has not independently verified this. 

Android users should heed the words of security experts and not sideload APKs from unknown sources, keep Play Protect enabled at all times, be very judicious about app permissions, and keep an eye out for anything strange on their phones that might be harmful. Since Cellik is a groundbreaking new development in Android malware, both users and the security community should be vigilant to ensure their sensitive data and device integrity are not compromised.
Read more »
VPNS
Age Verification Cyber Security privacy laws User Privacy VPNS

VPN Surge: Americans Bypass Age Verification Laws

 

Americans are increasingly seeking out VPNs as states enact stringent age verification laws that limit what minors can see online. These regulations compel users to provide personal information — like government issued IDs — to verify their age, leading to concerns about privacy and security. As a result, VPN usage is skyrocketing, particularly in states such as Missouri, Florida, Louisiana, Utah and more where VPN searches have jumped by a factor of four following the new regulations. 

How age verification laws work 

Age verification laws require websites and apps that contain a substantial amount of "material harmful to minors" to verify users' age prior to access. This step frequently entails submitting photographs or scans of ID documents, potentially exposing personal info to breaches. Even though laws forbid companies from storing this information, there is no assurance it will be kept secure, not with the record of massive data breaches at big tech firms. 

The vague definition of "harmful content" suggests that age verification could be required for many other types of digital platforms, such as social media, streaming services, and video games. The expansion raises questions about digital privacy and identity protection for all users, minors not excluded. From the latest Pew Research Center finding, 40% of Americans say government regulation of business does more harm than good, illustrating bipartisan wariness of these laws. 

Bypassing restrictions with VPNs 

VPN services enable users to mask their IP addresses and circumvent these age verification policies, allowing them to maintain their anonymity and have their sensitive information protected. Some VPNs are available on desktop and mobile devices, and some can be used on Amazon Fire TV Stick, among other platforms. To maximize privacy and security, experts suggest opting for VPN providers with robust no-logs policies and strong encryption.

Higher VPN adoption has fueled speculation on whether the US lawmakers will attempt to ban VPNs outright, which would be yet another blow to digital privacy and freedom. For now, VPNs are still a popular option for Americans who want to keep their online activity hidden from nosy age verification schemes.
Read more »
Vendor Breach
Data Breach Data Leak Mixpanel OpenAI User Privacy Vendor Breach

OpenAI Vendor Breach Exposes API User Data

 

OpenAI revealed a security incident in late- November 2025 that allowed hackers to access data about users via its third-party analytics provider, Mixpanel. The breach, which took place on November 9, 2025, exposed a small amount of personally identifiable information for some OpenAI API users, although OpenAI stressed that its own systems had not been the target of the attack.

Breach details 

The breach occurred completely within Mixpanel’s own infrastructure, when an attacker was able to gain access and exfiltrate a dataset containing customer data. Mixpanel became aware of the compromise on 9 November 2025, and following an investigation, shared the breached dataset with OpenAI on 25 November, allowing the technology firm to understand the extent of potential exposure. 

The breach specifically affected users who accessed OpenAI's API via platform.openai.com, rather than regular ChatGPT users. The compromised data included several categories of user information collected through Mixpanel's analytics platform. Names provided to accounts on platform.openai.com were exposed, along with email addresses linked to API accounts. 

Additionally, coarse approximate location data determined by IP addresses, operating system and browser types, referring websites, and organization and user IDs saved in API accounts were part of the breach. However, OpenAI confirmed that more sensitive information remained secure, including chat content, API requests, API usage data, passwords, credentials, API keys, payment details, and government IDs. 

Following the incident, OpenAI took immediate action by removing Mixpanel from its services while conducting its investigation. The company notified affected users on November 26, 2025, right before Thanksgiving, providing details about the breach and emphasizing that it was not a compromise of OpenAI's own systems. OpenAI has suspended its integration with Mixpanel pending a thorough investigation of the incident.

Recommended measures 

OpenAI also encouraged the affected users to stay on guard for potential second wave attacks using the stolen information. Users need to be especially vigilant for phishing and social engineer attacks that could be facilitated by the leaked information, such as names, e-mail addresses and company information. A class action has also been brought against OpenAI and Mixpanel, claiming the companies did nothing to stop the breach of data that revealed personally identifiable information for thousands of users.
Read more »
WhatsApp Security
Albiriox Android Trojan malware User Privacy WhatsApp Security

Android Users Face New WhatsApp Malware Threat

 

Cybersecurity researchers at security firm Cleafy have issued a warning regarding a high risk malware campaign aimed at Android users via WhatsApp messages that could jeopardize users' cryptocurrency wallets and bank information. The researchers tracked the threat as Albiriox, a new emerging Android malware family being marketed as malware-as-a-service (MaaS) on underground cybercrime forums. 

Modus operandi 

The malware propagate through WhatsApp messages which include links to malicious websites that impersonate Google Play Store pages. Currently, they are impersonating a popular discount retail app, but this could quickly change both in terms of campaigns and targets. Rather than having the app delivered directly, victims are persuaded to submit their phone number, on the premise that an installation link will be sent to them on WhatsApp. 

After users tap on and download the trojanised app, Albiriox is able to take full control of the compromised device. The malware overlays attacks on more than 400 cryptocurrency wallet and banking apps — displaying fake login screens on top of the legitimate apps to capture credentials as users input them. 

Albiriox is an advanced, rapidly evolving malware. The malware also features Vnc-based remote access, which gives the attackers the ability to directly control the infected machines. Initially, campaigns were targeted at Austrian citizens with German-language messages, but is now broadening its reach. The malware is obfuscated with JSONPacker and also it tricks users into allowing the "Install Unknown Apps" permission. When it is running, it contacts its command servers through unencrypted TCP and stays on the bot forever, maintaining active control through a regular series of ping-pong heartbeat messages. 

Mitigation tips

Security experts emphasize that users should never agree to install apps through phone number submission on websites. Any WhatsApp messages requesting app installations should be immediately deleted without clicking links. This distribution method represents exactly why Google is strengthening measures against sideloading, requiring app developers to register and verify their identities.

Cleafy highlights that Albiriox demonstrates the ongoing evolution and increasing sophistication of mobile banking threats. However, users can protect themselves effectively by following several key practices: only install apps from the official Google Play Store, ensure Play Protect is activated, and remain skeptical of any unsolicited installation requests received through messaging apps. 

The campaign highlights broader security concerns affecting WhatsApp and similar platforms, particularly as attackers combine social engineering with technical malware capabilities to compromise both devices and accounts.
Read more »
User Privacy
Data Breach Data Leak Gainsight Salesforce User Privacy

Salesforce Probes Gainsight Breach Exposing Customer Data

 

Salesforce has disclosed that some of its customers' data was accessed following a breach of Gainsight, a platform used by businesses to manage customer relationships. The breach specifically affected Gainsight-published applications that were connected to Salesforce, with these apps being installed and managed directly by customers. 

Salesforce emphasized that the breach did not stem from vulnerabilities in its own platform, but rather from Gainsight's external connection to Salesforce. The company is actively investigating the incident and directed further inquiries to its dedicated incident response page.

Gainsight confirmed it was investigating a Salesforce connection issue, but did not explicitly acknowledge a breach, stating that its internal investigation was ongoing. Notable companies using Gainsight's services include Airtable, Notion, and GitLab. GitLab confirmed that its security team is investigating and will share more details as they become available.

The hacking group ShinyHunters claimed responsibility for the breach, stating that if Salesforce does not negotiate with them, they will set up a new website to advertise the stolen data—a common tactic for cybercriminals seeking financial gain. The group reportedly stole data from nearly a thousand companies, including details from Salesloft and GainSight campaigns. 

This breach mirrors a previous incident in August, where ShinyHunters exploited vulnerabilities in AI marketing chatbot maker Salesloft, compromising numerous customers' Salesforce instances and accessing sensitive information such as access tokens.

In the earlier Salesloft breach, victims included major organizations like Allianz Life, Bugcrowd, Cloudflare, Google, Kering, Proofpoint, Qantas, Stellantis, TransUnion, and Workday. The hackers subsequently launched a website to extort victims, threatening to release over a billion records. Gainsight was among those affected in the Salesloft-linked breaches, but it remains unclear if the latest wave of attacks originated from the same compromise or a separate incident.

Overall, this incident highlights the risks associated with third-party integrations in major cloud platforms and the growing sophistication of financially-motivated cybercriminals targeting customer data through supply chain vulnerabilities. Both Salesforce and Gainsight are continuing their investigations, with cybersecurity teams across affected organizations actively working to assess the extent of the breach and mitigate potential damage.
Read more »
User Privacy
Data Breach Data Leak Hyundai AutoEver America IT Firm User Privacy

Hyundai AutoEver America Breach Exposes Employee SSNs and Driver’s License Data

 

Hyundai AutoEver America (HAEA), an IT services affiliate of Hyundai Motor Group, has confirmed a data breach that compromised sensitive personal information, including Social Security Numbers (SSNs) and driver’s licenses, of approximately 2,000 individuals, mostly current and former employees. The breach occurred between February 22 and March 2, 2025, with the company discovering the intrusion and launching an investigation on March 1.

HAEA specializes in providing IT consulting, managed services, and digital solutions for Hyundai and Kia affiliates, covering vehicle telematics, over-the-air updates, vehicle connectivity, and embedded systems, as well as business systems and digital manufacturing platforms. The company’s IT environment supports 2 million users and 2.7 million vehicles, with a workforce of 5,000 employees.

The notification to affected individuals revealed that the breach exposed names, while the Massachusetts government portal listed additional information such as SSNs and driver’s licenses. It is still unclear whether customers or users were affected besides employees, and the exact breakdown of impacted groups remains unspecified. The company worked with external cybersecurity experts and law enforcement to investigate the incident, confirm containment, and identify the potentially affected data.

At the time of the report, no ransomware groups had claimed responsibility for the attack, and the perpetrators are unknown. This incident adds to a series of cybersecurity challenges faced by Hyundai and its affiliates in recent years, including previous ransomware attacks and data breaches affecting operations in Europe and exposing owner data in Italy and France. 

Additionally, security researchers previously identified significant privacy and security issues with Hyundai’s companion app, which allowed unauthorized remote control of vehicles, and vulnerabilities in built-in anti-theft systems.

HAEA has not yet released a full public statement with details about the breach, mitigation steps, or future security improvements. The limited information available highlights the need for robust security protocols, especially for organizations handling large volumes of sensitive personal and automotive data. The breach serves as a reminder of the ongoing risks facing major automotive and IT service providers amid the growing threat landscape for digital infrastructure.
Read more »
User Privacy
Apache OpenOffice ASF Data Breach Employee Data User Privacy

ASF Rejects Akira Breach Claims Against Apache OpenOffice

 

Apache OpenOffice, an open-source office suite project maintained by the Apache Software Foundation (ASF), is currently disputing claims of a significant data breach allegedly perpetrated by the Akira ransomware gang. 

On October 30, 2025, Akira published a post on its data leak site asserting that it had compromised Apache OpenOffice and exfiltrated 23 GB of sensitive corporate documents, including employee personal information—such as home addresses, phone numbers, dates of birth, driver’s licenses, social security numbers, and credit card data—as well as financial records and internal confidential files. The group further claimed it would soon release these documents publicly.

Responding publicly, the ASF refutes the claims, stating it has no evidence that its systems have been compromised or that a breach has occurred. According to ASF representatives, the data types described by Akira do not exist within the Foundation’s infrastructure. Importantly, the ASF points out the open-source nature of the project: there are no paid employees associated with Apache OpenOffice or the Foundation, and therefore, sensitive employee information as specified by Akira is not held by ASF. 

All development activities, bug tracking, and feature requests for the software are managed openly and transparently, primarily through public developer mailing lists. Thus, any internal reports or application issues cited in the alleged leak are already available in the public domain.

ASF further emphasized its strong commitment to security and clarified that, as of November 4, 2025, it had received no ransom demands directed at either the Foundation or the OpenOffice project. The Foundation has initiated an internal investigation to fully assess the veracity of Akira’s claims but, so far, has found no supporting evidence. 

It has not contacted law enforcement or external cybersecurity experts, signaling that the incident is being treated as a claim without substantiation. As of the time of publication, none of the purported stolen data has surfaced on the Akira leak site, leaving ASF’s assertion unchallenged.

This dispute highlights the increasingly common tactic among ransomware operators of leveraging publicity and unsubstantiated claims to pressure organizations, even when the technical evidence does not support their assertions. For now, ASF continues to reassure users and contributors that Apache OpenOffice remains uncompromised, and stresses the transparency inherent in open-source development as a key defense against misinformation and data exfiltration claims.
Read more »
User Privacy
Bluetooth Hackers Mobile Security Personal Data User Privacy

Bluetooth Security Risks: Why Leaving It On Could Endanger Your Data

 

Bluetooth technology, widely used for wireless connections across smartphones, computers, health monitors, and peripherals, offers convenience but carries notable security risks—especially when left enabled at all times. While Bluetooth security and encryption have advanced over decades, the protocol remains exposed to various cyber threats, and many users neglect these vulnerabilities, putting personal data at risk.

Common Bluetooth security threats

Leaving Bluetooth permanently on is among the most frequent cybersecurity oversights. Doing so effectively announces your device’s continuous availability to connect, making it a target for attackers. 

Threat actors exploit Bluetooth through methods like bluesnarfing—the unauthorized extraction of data—and bluejacking, where unsolicited messages and advertisements are sent without consent. If hackers connect, they may siphon valuable information such as banking details, contact logs, and passwords, which can subsequently be used for identity theft, fraudulent purchases, or impersonation.

A critical issue is that data theft via Bluetooth is often invisible—victims receive no notification or warning. Further compounding the problem, Bluetooth signals can be leveraged for physical tracking. Retailers, for instance, commonly use Bluetooth beacons to trace shopper locations and gather granular behavioral data, raising privacy concerns.

Importantly, Bluetooth-related vulnerabilities affect more than just smartphones; they extend to health devices and wearables. Although compromising medical Bluetooth devices such as pacemakers or infusion pumps is technically challenging, targeted attacks remain a possibility for motivated adversaries.

Defensive strategies 

Mitigating Bluetooth risks starts with turning off Bluetooth in public or unfamiliar environments and disabling automatic reconnection features when constant use (e.g., wireless headphones) isn’t essential. Additionally, set devices to ‘undiscoverable’ mode as a default, blocking unexpected or unauthorized connections.

Regularly updating operating systems is vital, since outdated devices are prone to exploits like BlueBorne—a severe vulnerability allowing attackers full control over devices, including access to apps and cameras. Always reject unexpected Bluetooth pairing requests and periodically review app permissions, as many apps may exploit Bluetooth to track locations or obtain contact data covertly. 

Utilizing a Virtual Private Network (VPN) enhances overall security by encrypting network activity and masking IP addresses, though this measure isn’t foolproof. Ultimately, while Bluetooth offers convenience, mindful management of its settings is crucial for defending against the spectrum of privacy and security threats posed by wireless connectivity.
Read more »
User Privacy
Cyber Security Data Safety One Login UK Digital ID User Privacy

UK Digital ID Faces Security Crisis Ahead of Mandatory Rollout

 

The UK’s digital ID system, known as One Login, triggered major controversy in 2025 due to serious security vulnerabilities and privacy concerns, leading critics to liken it to the infamous Horizon scandal. 

One Login is a government-backed identity verification platform designed for access to public services and private sector uses such as employment verification and banking. Despite government assurances around its security and user benefits, public confidence plummeted amid allegations of cybersecurity failures and rushed implementation planned for November 18, 2025.

Critics, including MPs and cybersecurity experts, revealed that the system failed critical red-team penetration tests, with hackers gaining privileged access during simulated cyberattacks. Further concerns arose over development practices, with portions of the platform built by contractors in Romania on unsecured workstations without adequate security clearance. The government missed security deadlines, with full compliance expected only by March 2026—months after the mandatory rollout began.

This “rollout-at-all-costs” approach amidst unresolved security flaws has created a significant trust deficit, risking citizens’ personal data, which includes sensitive information like biometrics and identification documents. One Login collects comprehensive data, such as name, birth date, biometrics, and a selfie video for identity verification. This data is shared across government services and third parties, raising fears of surveillance, identity theft, and misuse.

The controversy draws a parallel to the Horizon IT scandal, where faulty software led to wrongful prosecutions of hundreds of subpostmasters. Opponents warn that flawed digital ID systems could cause similar large-scale harms, including wrongful exclusions and damaged reputations, undermining public trust in government IT projects.

Public opposition has grown, with petitions and polls showing more people opposing digital ID than supporting it. Civil liberties groups caution against intrusive government tracking and call for stronger safeguards, transparency, and privacy protections. The Prime Minister defends the program as a tool to simplify life and reduce identity fraud, but critics label it expensive, intrusive, and potentially dangerous.

In conclusion, the UK’s digital ID initiative stands at a critical crossroads, facing a crisis of confidence and comparisons to past government technology scandals. Robust security, oversight, and public trust are imperative to avoid a repeat of such failures and ensure the system serves citizens without compromising their privacy or rights.
Read more »
User Privacy
Data Breach Fashion Retailer MANGO Spain User Privacy

MANGO Marketing Vendor Breach Exposes Customer Contact Details

 

MANGO, the Spanish fashion retailer, has disclosed a data breach affecting customer information due to a cyberattack on one of its external marketing service providers. The incident, revealed on October 14, 2025, involved unauthorized access to personal data used in marketing campaigns, prompting the company to notify affected customers directly.

The compromised data includes customers' first names, country of residence, postal codes, email addresses, and telephone numbers. Notably, sensitive details such as last names, banking information, credit card data, government-issued IDs, passports, and account credentials were not accessed, reducing the risk of financial fraud. Despite this, the exposed information could be leveraged by threat actors for targeted phishing campaigns, where attackers impersonate legitimate entities to trick individuals into revealing further personal or financial data.

MANGO emphasized that its corporate infrastructure and internal IT systems remained unaffected, with no disruption to business operations. The company confirmed that all security protocols were activated immediately upon detection of the breach at the third-party vendor, although the name of the compromised marketing partner has not been disclosed.

In response, MANGO has reported the incident to the Spanish Data Protection Agency (AEPD) and other relevant regulatory authorities, in compliance with data protection regulations. To assist concerned customers, the company has established a dedicated support channel, including an email address (personaldata@mango.com) and a toll-free hotline (900 150 543), where individuals can seek clarification and guidance regarding potential exposure.

Founded in 1984 and headquartered in Barcelona, MANGO operates over 2,800 physical and e-commerce stores across 120 countries. It employs approximately 16,300 people and generates an annual revenue of €3.3 billion, with nearly 30% derived from online sales. While the breach does not impact core business systems, the incident highlights the growing risks associated with third-party vendors in digital supply chains, particularly in the retail and fashion sectors that rely heavily on external marketing and customer engagement platforms.

At the time of reporting, no ransomware group has claimed responsibility for the attack, and the identity of the attackers remains unknown. Local media outlets reached out to MANGO for further details on the scope and technical aspects of the breach but had not received a response by publication.
Read more »
Windows 10
Device Vulnerability Microsoft User Privacy Vulnerabilities and Exploits Windows 10

Windows 10 Support Termination Leaves Devices Vulnerable

 

Microsoft has officially ended support for Windows 10, marking a major shift impacting hundreds of millions of users worldwide. Released in 2015, the operating system will no longer receive free security updates, bug fixes, or technical assistance, leaving all devices running it vulnerable to exploitation. This decision mirrors previous end-of-life events such as Windows XP, which saw a surge in cyberattacks after losing support.

Rising security threats

Without updates, Windows 10 systems are expected to become prime targets for hackers. Thousands of vulnerabilities have already been documented in public databases like ExploitDB, and several critical flaws have been actively exploited. 

Among them are CVE-2025-29824, a “use-after-free” bug in the Common Log File System Driver with a CVSS score of 7.8; CVE-2025-24993, a heap-based buffer overflow in NTFS marked as “known exploited”; and CVE-2025-24984, leaking NTFS log data with the highest EPSS score of 13.87%. 

These vulnerabilities enable privilege escalation, code execution, or remote intrusion, many of which have been added to the U.S. CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling the seriousness of the risks.

Limited upgrade paths

Microsoft recommends that users migrate to Windows 11, which features modernized architecture and ongoing support. However, strict hardware requirements mean that roughly 200 million Windows 10 computers worldwide remain ineligible for the upgrade. 

For those unable to transition, Microsoft provides three main options: purchasing new hardware compatible with Windows 11, enrolling in a paid Extended Security Updates (ESU) program (offering patches for one extra year), or continuing to operate unsupported — a risky path exposing systems to severe cyber threats.

The support cutoff extends beyond the OS. Microsoft Office 2016 and 2019 have simultaneously reached end-of-life, leaving only newer versions like Office 2021 and LTSC operable but unsupported on Windows 10. Users are encouraged to switch to Microsoft 365 or move licenses to Windows 11 devices. Notably, support for Office LTSC 2021 ends in October 2026.

Data protection tips

Microsoft urges users to back up critical data and securely erase drives before recycling or reselling devices. Participating manufacturers and Microsoft itself offer trade-in or recycling programs to ensure data safety. As cyber risks amplify and hackers exploit obsolete systems, users still on Windows 10 face a critical choice — upgrade, pay for ESU, or risk exposure in an increasingly volatile digital landscape.
Read more »
User Privacy
Cyber Security Deepfake India NDTV World Summit User Privacy

India Plans Techno-Legal Framework to Combat Deepfake Threats

 

India will introduce comprehensive regulations to combat deepfakes in the near future, Union IT Minister Ashwini Vaishnaw announced at the NDTV World Summit 2025 in New Delhi. The minister emphasized that the upcoming framework will adopt a dual-component approach combining technical solutions with legal measures, rather than relying solely on traditional legislation.

Vaishnaw explained that artificial intelligence cannot be effectively regulated through conventional lawmaking alone, as the technology requires innovative technical interventions. He acknowledged that while AI enables entertaining applications like age transformation filters, deepfakes pose unprecedented threats to society by potentially misusing individuals' faces and voices to disseminate false messages completely disconnected from the actual person.

The minister highlighted the fundamental right of individuals to protect their identity from harmful misuse, stating that this principle forms the foundation of the government's approach to deepfake regulation. The techno-legal strategy distinguishes India's methodology from the European Union's primarily regulatory framework, with India prioritizing innovation alongside societal protection.

As part of the technical solution, Vaishnaw referenced ongoing work at the AI Safety Institute, specifically mentioning that the Indian Institute of Technology Jodhpur has developed a detection system capable of identifying deepfakes with over 90 percent accuracy. This technological advancement will complement the legal framework to create a more robust defense mechanism.

The minister also discussed India's broader AI infrastructure development, noting that two semiconductor manufacturing units, CG Semi and Kaynes, have commenced production operations in the country. Additionally, six indigenous AI models are currently under development, with two utilizing approximately 120 billion parameters designed to be free from biases present in Western models.

The government has deployed 38,000 graphics processing units (GPUs) for AI development and secured a $15 billion investment commitment from Google to establish a major AI hub in India. This infrastructure expansion aims to enhance the nation's research capabilities and application development in artificial intelligence.
Read more »
User Privacy
Data Breach Discord Hack Third-Party Vendor unauthorised access User Privacy

Discord Third-Party Breach Exposes User Data and Government IDs

 

Discord has confirmed a significant data breach affecting users who interacted with their customer support or trust & safety teams, stemming not from a direct attack on Discord’s own systems but through a compromised third-party vendor that handled customer service operations.

This incident highlights a persistent and growing vulnerability within the tech industry—outsourcing crucial services to external parties with potentially weaker cybersecurity standards, making user data increasingly reliant on the practices of organizations that customers never directly chose to trust.

Data exposed in the breach

The breach resulted in unauthorized access to sensitive personal information stored in customer service records. Specifically, exposed data included names, email addresses, Discord usernames, and various contact details for users engaging with Discord support. Furthermore, hackers gained limited billing information comprising payment types, purchase history, and the last four digits of credit cards, with full card numbers and passwords remaining secure.

A particularly concerning aspect was a small subset of government-issued ID images—such as driver’s licenses and passports—belonging to users who had submitted documents for age verification purposes. Although not all Discord users were affected, the breach still poses a tangible risk of identity theft and privacy erosion for those involved.

Third-Party vendor risks

The incident underscores the dangers posed by outsourcing digital operations to third-party vendors. Discord’s response involved revoking the vendor’s access and launching a thorough investigation; however, the damage had already been done, reflecting security gaps that even prompt internal actions cannot immediately resolve once data is compromised. 

The broader issue is that while companies often rely on vendors to reduce costs and streamline services, these relationships introduce new, often less controllable, points of failure. In essence, the robust security of a major platform like Discord can be undermined by external vendors who do not adhere to equally rigorous protection standards.

Implications for users

In the aftermath, Discord followed standard protocols by notifying affected users via email and communicating with data protection authorities. Yet, this episode demonstrates a critical lesson: users’ digital privacy extends beyond the platforms they consciously choose, as it also depends on a network of third-party companies that can become invisible weak links. 

Each vendor relationship broadens the attack surface for potential breaches, transforming cybersecurity into a chain only as strong as the least secured party involved. The Discord incident serves as a stark reminder of the challenges in safeguarding digital identity in an interconnected ecosystem, where the security of personal data cannot be taken for granted.
Read more »
User Privacy
Data Leak Deepfake Mobile Security OpenAI Sora User Privacy

OpenAI's Sora App Raises Facial Data Privacy Concerns

 

OpenAI's video-generating app, Sora, has raised significant questions regarding the safety and privacy of user's biometric data, particularly with its "Cameo" feature that creates realistic AI videos, or "deepfakes," using a person's face and voice. 

To power this functionality, OpenAI confirms it must store users' facial and audio data. The company states this sensitive data is encrypted during both storage and transmission, and uploaded cameo data is automatically deleted after 30 days. Despite these assurances, privacy concerns remain. The app's ability to generate hyper-realistic videos has sparked fears about the potential for misuse, such as the creation of unauthorized deepfakes or the spread of misinformation. 

OpenAI acknowledges a slight risk that the app could produce inappropriate content, including sexual deepfakes, despite the safeguards in place. In response to these risks, the company has implemented measures to distinguish AI-generated content, including visible watermarks and invisible C2PA metadata in every video created with Sora .

The company emphasizes that users have control over their likeness. Individuals can decide who is permitted to use their cameo and can revoke access or delete any video featuring them at any time. However, a major point of contention is the app's account deletion policy. Deleting a Sora account also results in the termination of the user's entire OpenAI account, including ChatGPT access, and the user cannot register again with the same email or phone number. 

While OpenAI has stated it is developing a way for users to delete their Sora account independently, this integrated deletion policy has surprised and concerned many users who wish to remove their biometric data from Sora without losing access to other OpenAI services.

The app has also drawn attention for potential copyright violations, with users creating videos featuring well-known characters from popular media. While OpenAI provides a mechanism for rights holders to request the removal of their content, the platform's design has positioned it as a new frontier for intellectual property disputes.
Read more »
Subscribe to: Comments (Atom)