#shield-act-20
#shield-act-20

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Privacy technologies

Triple Header for Privacy's Defender in New York

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Triple Header for Privacy's Defender in New York

Cindy Cohn's new book, Privacy's Defender, details her 30-year fight against digital surveillance and promotes data security and digital rights.

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

more#privacy

fromComputerworld

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

#cybersecurity

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

fromBusiness Matters

Information security

5 IT Mistakes That Still Catch Small Businesses Off Guard

Healthcare

Healthcare IT Platform CareCloud Probing Potential Data Breach

fromTNW | Eu

22 hours ago

Information security

European Commission breached after hackers poisoned open-source security tool Trivy

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

Information security

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

fromBusiness Matters

5 IT Mistakes That Still Catch Small Businesses Off Guard

Cybersecurity is a critical concern for SMEs, yet many underestimate the risks and only seek help after incidents occur.

Healthcare

Healthcare IT Platform CareCloud Probing Potential Data Breach

CareCloud experienced a cybersecurity incident that may have compromised patient information, but the impact is believed to be limited and manageable.

fromTNW | Eu

22 hours ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

Sanctions ramping up in cases involving AI hallucinations

Monetary sanctions against attorneys for AI-generated hallucinations in case documents are increasing as courts take these issues more seriously.

#ai-regulation

Tech Nonprofits to Feds: Don't Weaponize Procurement to Undermine AI Trust and Safety

The U.S. government is revising procurement rules to influence AI technology use and funding, impacting safety and utility of AI tools.

US politics

US lawmakers push for pause in data centres until AI safeguards in place

Tech Nonprofits to Feds: Don't Weaponize Procurement to Undermine AI Trust and Safety

The U.S. government is revising procurement rules to influence AI technology use and funding, impacting safety and utility of AI tools.

US lawmakers push for pause in data centres until AI safeguards in place

A moratorium on new AI data centers is proposed to protect workers, civil liberties, and the environment amid concerns over AI's rapid advancement.

more#ai-regulation

US Elections

fromLos Angeles Times

House Democrats to hold California 'shadow hearings' on midterm election security

California Democrats are holding hearings to defend state election systems against Trump's fraud allegations and threats of intervention.

Trump wants to slash $707M from CISA's budget

CISA faces a proposed $707 million budget cut, risking national cybersecurity and critical infrastructure management.

#ai

fromFortune

fromHarvard Business Review

Digital life

Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year, and 'it's the tip of the iceberg' | Fortune

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Digital life

fromFortune

fromHarvard Business Review

Internet Watch Foundation finds 260-fold increase in AI-generated CSAM in just one year, and 'it's the tip of the iceberg' | Fortune

AI-generated child sexual abuse material is surging, fundamentally changing targeting methods and overwhelming investigators.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Apple issues warning to iPhone users over stealthy attack: Act NOW

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

State official to EU: Work with us on tech policy or fall behind a generation

The EU's regulatory regime hinders innovation and collaboration with the U.S., threatening economic competitiveness and technological advancement.

fromTelecompetitor

New House of Representatives bills hope to improve broadband access

The affordability crisis is hitting rural America hard. Across the country, broadband, electricity, and clean water remain out of reach for far too many families.

Agriculture

HHS reverses Biden-era restructuring of its IT and tech operations

HHS Chief Information Officer Clark Minor stated that consolidating the CTO, CDO, and CAIO roles within his office allows the department to move faster on shared platforms and protect systems more effectively.

Healthcare

Lawmaker looks to award grants for veteran suicide prevention AI models

The Recovery Engagement and Coordination for Health-Veteran Enhanced Treatment, or REACH VET, program identifies veterans in the top 0.1% of suicide risk by analyzing health records for specific indicators of potential self-harm.

Non-profit organizations

fromwww.theguardian.com

California to impose new AI regulations in defiance of Trump call

Companies hoping to sign contracts with the state of California will have to show they have policies to keep AI from distributing child sexual abuse material and violent pornography.

California

SF politics

New contract for background investigations raises concerns about scale and risk

DCSA is modernizing its Case Processing Operations Center to enhance background investigations and incorporate Continuous Vetting for national security.

Why AI-powered city cameras are sounding new privacy alarms

Automatic license plate readers are expanding in the U.S., raising concerns about surveillance and targeting of specific communities.

The real US surveillance threat isn't AI - it's the data infrastructure we already built - Silicon Canals

The infrastructure for mass surveillance already exists, relying on pre-existing technology and data rather than new AI advancements.

fromFast Company

3 hours ago

Why AI-powered city cameras are sounding new privacy alarms

Automatic license plate readers are expanding in the U.S., raising concerns about surveillance and targeting of specific communities.

The real US surveillance threat isn't AI - it's the data infrastructure we already built - Silicon Canals

The infrastructure for mass surveillance already exists, relying on pre-existing technology and data rather than new AI advancements.

more#surveillance

Cambodia parliament approves law to combat cybercrime scam rings

Cambodia's National Assembly approved a law targeting scam centres to combat online fraud and protect the economy and citizens.

fromwww.npr.org

Intellectual property law

As DOJ prepares to share state voter data with DHS, a key privacy officer resigns

The DOJ is acquiring sensitive voter registration data, raising privacy concerns, as a key privacy officer resigns amid ongoing legal challenges.

Trade and industry groups warn of risks in GSA's draft AI procurement guidance

Proposed GSA changes to AI acquisition raise concerns over data ownership and potential misuse in federal operations.

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Apple

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.

Apple

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Apple

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.

more#apple

fromIPWatchdog.com | Patents & Intellectual Property Law

US Homeland Security shutdown to stretch on, despite Senate passing funding

The House has not voted on the Senate bill, prolonging the partial government shutdown affecting DHS funding and federal workers.

As 'Pro Codes Act' is Reintroduced, Opponents Warn of Threats to Standards Development System

Without effective copyright protections, there is a grave risk that these organizations will no longer be able to produce the high-quality codes and standards that the public and lawmakers have come to rely on.

Intellectual property law

#data-breach

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

more#data-breach

Artificial intelligence

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

President's budget proposes folding beleaguered DHS intelligence office into headquarters

The Department of Homeland Security's intelligence office faces consolidation and potential workforce reductions under Trump's proposed budget for 2027.

fromwww.mediaite.com

Senate Unanimously Passes DHS Funding Bill to End Partial Shutdown, Sending It Back to the House

The Senate approved a bill to partially reopen DHS, moving closer to ending the longest government shutdown.

fromIntelligencer

Johnson Caves on DHS, But Shutdown Deal Could Unravel Again

The Senate passed a bill to reopen DHS, but House Republicans rejected it until a sudden agreement was reached with Trump's assurance of funding.

President's budget proposes folding beleaguered DHS intelligence office into headquarters

The Department of Homeland Security's intelligence office faces consolidation and potential workforce reductions under Trump's proposed budget for 2027.

fromwww.mediaite.com

Senate Unanimously Passes DHS Funding Bill to End Partial Shutdown, Sending It Back to the House

The Senate approved a bill to partially reopen DHS, moving closer to ending the longest government shutdown.

fromIntelligencer

Intellectual property law

Johnson Caves on DHS, But Shutdown Deal Could Unravel Again

The Senate passed a bill to reopen DHS, but House Republicans rejected it until a sudden agreement was reached with Trump's assurance of funding.

more#dhs

New U.S. Law aims to halt ASML sales to China

The MATCH Act aims to tighten export restrictions on chip manufacturing equipment to China, significantly impacting ASML's sales and market share.

EFF's Submission to the UN OHCHR on Protection of Human Rights Defenders in the Digital Age

New laws addressing online harms are increasingly restricting fundamental rights and impacting human rights defenders globally.

fromZDNET

The best way to protect your phone from a warrantless search in 2026

US authorities are increasingly aggressive in detaining and seizing devices, with biometrics remaining vulnerable.

Google and Amazon: Acknowledged Risks, And Ignored Responsibilities

Google and Amazon have failed to act on human rights risks associated with Project Nimbus despite multiple warnings and commitments.

fromPrivacy International

Are IP addresses personal data?

IP addresses identify devices on the Internet, enabling communication and tracking for advertising and geolocation purposes.

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

fromMail Online

Deadline issued for UFO videos as Congress warns of 'threat' to US

Lawmakers demand federal agencies release UFO videos by April 14, 2026, citing potential threats to US military forces.

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

fromTechRepublic

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

fromTechRepublic

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

more#cyberattack

fromThe Verge

Pinterest said he violated laid-off colleagues' privacy. Now he's going public

A former Pinterest engineer claims he was unjustly fired for sharing a tool that revealed employee layoffs.

fromABC7 San Francisco

CA senators demand answers from DHS after ICE arrest tied to TSA data at San Francisco Airport

Senators Padilla and Schiff demand answers from DHS regarding TSA data use for immigration enforcement after an airport arrest.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Healthcare

4 weeks ago

Lawmakers raise questions about security of health data shared with AI tools

Lawmakers seek federal guardrails for healthcare data uploaded to AI tools, as third-party wearables and apps lack HIPAA protections that medical devices require.

fromGamesBeat

Understanding the updated COPPA rules and their impact on child safety

New COPPA rule amendments effective April 2026 will require separate parental consent for targeted advertising and data sharing in children's games.

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

fromAxios

Cyber warfare starts to get personal in war between U.S., Israel and Iran

Iran-linked hackers are using data leaks and intimidation tactics against individuals to influence public perception during the current conflict.

fromFEDweek

Agencies Need More Complete Guidance on Privacy Considerations of AI Use, Says GAO

GAO identifies gaps in AI guidance, highlighting risks and the need for comprehensive privacy protections in agency implementations.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Tech bills of the week: Child social media safety, Data center moratorium, and more

New child safety legislation, Sammy's Law, aims to enhance parental control over children's social media use through safety notifications and monitoring tools.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

more#cisco

Lawmakers question VPN impact on Americans' FISA surveillance protections

VPN use may complicate Americans' legal protections against warrantless surveillance due to obscured user locations.

fromComputerworld

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

2 weeks ago

National cyber director doesn't envision industry doing offensive hacking

The U.S. National Cyber Director clarifies that private sector companies will not conduct offensive cyber operations on behalf of the government, but will instead provide intelligence and defensive support.

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

#cisa-2015

US politics

US punts renewal of threat data sharing law to September | Computer Weekly

Information security

Key cyber statutes at risk again as Congress works to avert shutdown

US politics

US punts renewal of threat data sharing law to September | Computer Weekly

Information security

Key cyber statutes at risk again as Congress works to avert shutdown

US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies

Trump administration releases comprehensive cyber strategy emphasizing government-private sector coordination, deterrence, regulatory reform, and investment in AI and quantum technologies to strengthen national cybersecurity.