#screen-leak
#screen-leak

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

18 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

#data-breach

Privacy professionals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

Healthcare

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

Privacy technologies

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

Privacy professionals

T-Mobile Sets the Record Straight on Latest Data Breach Filing

Privacy professionals

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

fromSecuritymagazine

Information security

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Healthcare

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.

T-Mobile Sets the Record Straight on Latest Data Breach Filing

T-Mobile confirmed a data breach was caused by an insider incident affecting only one account with limited information exposed.

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.

fromSecuritymagazine

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

Brooklyn

PREMIUM Is Your Phone Spying on You? Nah. It Doesn't Have To.

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

fromBrooklyn Eagle

Brooklyn

PREMIUM Is Your Phone Spying on You? Nah. It Doesn't Have To.

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

Apple issues warning to iPhone users over stealthy attack: Act NOW

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.

#cybersecurity

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

fromTNW | Eu

Information security

European Commission breached after hackers poisoned open-source security tool Trivy

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

4 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

20 hours ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

fromTNW | Eu

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

4 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

20 hours ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

more#cybersecurity

#privacy

Privacy technologies

Double Shot of Privacy's Defender in D.C.

15 hours ago

Privacy technologies

Triple Header for Privacy's Defender in New York

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

Privacy technologies

Double Shot of Privacy's Defender in D.C.

15 hours ago

Triple Header for Privacy's Defender in New York

Cindy Cohn's new book, Privacy's Defender, details her 30-year fight against digital surveillance and promotes data security and digital rights.

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

more#privacy

fromwww.scientificamerican.com

Anthropic leak reveals Claude Code tracking user frustration and raises new questions about AI privacy

Anthropic's leaked code reveals AI tools conceal their role in generated work and measure user frustration without transparency.

Entire Claude Code CLI source code leaks thanks to exposed map file

Claude Code's complexity and architecture provide valuable insights for competitors and pose security risks for Anthropic.

fromTechzine Global

Claude Code leak exposes many of Anthropic's secrets

A leak of Claude Code's source code reveals significant details about its features and future plans, despite Anthropic's usual secrecy.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

Software development

Entire Claude Code CLI source code leaks thanks to exposed map file

Claude Code's complexity and architecture provide valuable insights for competitors and pose security risks for Anthropic.

fromTechzine Global

Claude Code leak exposes many of Anthropic's secrets

A leak of Claude Code's source code reveals significant details about its features and future plans, despite Anthropic's usual secrecy.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

Your phone's Bluetooth is broadcasting more than you think - here's how to limit it

Bluetooth remains active and broadcasts data even when not connected, potentially allowing for tracking without user consent.

Business intelligence

fromSecuritymagazine

Beyond Locking Doors

Access control systems provide valuable data that enhances operational efficiency and decision-making beyond just security.

Remote teams

Security contractor blew the whistle on shabby support crew

Brad, a security contractor, faced challenges with antivirus alerts while working in a labor hire company's office without proper IT support.

Photography

6 days ago

Your Photos Are Probably Giving Away Your Location. Here's How to Stop That

Photos contain metadata like EXIF data, including location, which can be useful but may compromise privacy when shared.

#fbi

fromNextgov.com

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

fromAdvocate.com

How the Kash Patel hack turned a college-linked username into a security warning

FBI Director Kash Patel's personal email was hacked, exposing over 300 emails and photos, raising concerns about digital security and identity management.

fromNextgov.com

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

fromAdvocate.com

How the Kash Patel hack turned a college-linked username into a security warning

FBI Director Kash Patel's personal email was hacked, exposing over 300 emails and photos, raising concerns about digital security and identity management.

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Apple will hide your email address from apps and websites, but not cops | TechCrunch

Apple provided federal agents with identities of customers using its email privacy feature, revealing limitations in its privacy assurances.

Apple

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Apple will hide your email address from apps and websites, but not cops | TechCrunch

Apple provided federal agents with identities of customers using its email privacy feature, revealing limitations in its privacy assurances.

Anthropic leaks its own AI coding tool's source code in second major security breach | Fortune

Anthropic leaked the source code for Claude Code, exposing 500,000 lines of code due to a packaging error, raising cybersecurity concerns.

#whatsapp

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

WhatsApp alerted 200 users about a fake iOS app infected with spyware, primarily targeting users in Italy.

Italian surveillance firm SIO built fake WhatsApp app with government spyware, Meta says - Silicon Canals

WhatsApp notified 200 users in Italy about a fake app containing spyware linked to surveillance firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

WhatsApp alerted 200 users about a fake iOS app infected with spyware, primarily targeting users in Italy.

Italian surveillance firm SIO built fake WhatsApp app with government spyware, Meta says - Silicon Canals

WhatsApp notified 200 users in Italy about a fake app containing spyware linked to surveillance firm SIO.

fromHarvard Business Review

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

more#whatsapp

#ai

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

fromComputerWeekly.com

fromHarvard Business Review

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

fromComputerWeekly.com

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

more#ai

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The public Quizlet set contained information about alleged codes for specific facility entrances. 'Checkpoint doors code?' asked one card, with a specific four-digit combination listed in response.

Privacy professionals

NHS staff resist using Palantir software

One official reportedly described Palantir as 'ethically bankrupt' in justifying his refusal to use the software, and noted that he knows of coworkers who deliberately slow their work pace when forced to use the system.

EU data protection

19 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

The best way to protect your phone from a warrantless search in 2026

US authorities are increasingly aggressive in detaining and seizing devices, with biometrics remaining vulnerable.

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

fromwww.businessinsider.com

10 hours ago

Meta paused its work with AI training startup Mercor after a data breach

Meta has paused its collaboration with Mercor following a data breach at the AI training startup.

17 hours ago

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

fromwww.businessinsider.com

10 hours ago

Meta paused its work with AI training startup Mercor after a data breach

Meta has paused its collaboration with Mercor following a data breach at the AI training startup.

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

This App Makes Even the Sketchiest PDF or Word Doc Safe to Open

Dangerzone is a free tool that safely opens potentially harmful documents by converting them into secure image-based PDFs.

fromnews.bitcoin.com

7 hours ago

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Guy Zyskind emphasized that the whitepaper reframes the conversation around quantum threats, stating that the traditional 10-year migration window now seems dangerously optimistic given Google's findings.

Information security

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

1 month ago

Information security

Phone acting weird? 5 red flags that could point to hackers

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

1 month ago

Information security

Phone acting weird? 5 red flags that could point to hackers

5 telltale signs that your phone has been compromised (and how to combat them)

Phone hacking can be detected through signs like battery drain, slow performance, unfamiliar logins, and reduced storage space.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

I turned to PrivacyBee to clean up my data - here's how it made me disappear

PrivacyBee is preferred for its comprehensive data removal services and user-friendly management tools.

fromThe Verge

Pinterest said he violated laid-off colleagues' privacy. Now he's going public

A former Pinterest engineer claims he was unjustly fired for sharing a tool that revealed employee layoffs.

fromTNW | Insights

32 minutes ago

KeeperDB brings zero-trust database access to privileged access management

Database credentials are a major attack vector, and KeeperDB integrates access controls into its PAM platform to enhance security.

#malware

Information security

Fake Claude Code source downloads actually delivered malware

Information security

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

Sophisticated CrystalX RAT Emerges

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

more#malware

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

fromHer Campus

Who's Watching The Watchers? AI, Age Verification, And Online Privacy

Parents are increasingly concerned about children's exposure to harmful online content despite regulations like CIPA and platforms like YouTube Kids.

Law

fromabovethelaw.com

2 months ago

Hacked Database To Match Their Hack Opinions - See Also

Repeated hacks of the Supreme Court, a former Biglaw partner accused of murdering his wife, an xAI deepfake investigation, and a citation-bias dispute.

21 hours ago

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

more#supply-chain-attack

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

more#chrome

fromSlashGear

Apps That Track You: 17 Of The Worst Offenders In Privacy Invasion - SlashGear

Online privacy is compromised by data collection from apps, with Meta's platforms being significant offenders.

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

fromFortune

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Security boffins harvest bumper crop of API keys from web

Almost 2,000 API credentials were found exposed on 10,000 webpages, posing significant security risks to organizations and critical infrastructure.

New 'DarkSword' Leak Puts Millions of iPhones at Risk After Initial Attack

The leaked DarkSword exploit kit poses a significant threat to outdated iPhones, making attacks easier for less experienced hackers.

Chrome encryption bypass discovered: New malware steals passwords and cookies

The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods.

Information security