https://www.youtube.com/watch?v=Ktze-X2rG4E
#DataPrivacy
https://winbuzzer.com/2026/01/26/google-pays-68m-settle-voice-assistant-privacy-lawsuit-xcxwbn/
Google Pays $68M to Settle Voice Assistant Spying Lawsuit
#Google #GoogleAssistant #Privacy #DataPrivacy #VoiceAssistants #BigTech #Apple #Siri #Amazon #Alexa #VoiceAssistants
📺 Data is the new oil. Max #Schrems and Chou Kuan-Ju give a worrying reveal on how large actors get their hands on your #data and why data #privacy is a matter of national security.
WhatsApp Clone... But Decentralized and P2P Encrypted Without Install or Signup.
By leveraging WebRTC for direct browser-to-browser communication, it eliminates the middleman entirely. Users simply share a unique URL to establish an encrypted, private channel. This approach effectively bypasses corporate data harvesting and provides a lightweight, disposable communication method for those prioritizing digital sovereignty.
Features include:
* P2P
* End to end encryption
* forward secrecy
* Multimedia
* Open source
* No registration
* No installation
* Encrypted storage
* TURN server
The project is far from finished and presented for testing, feedback and demo purposes (USE RESPONSIBLY!).
Technical breakdown: https://www.reddit.com/r/CorpFree/comments/1qnouh8/whatsapp_clone_but_peertopeer_no_install_or_signup
#Privacy #OpenSource #P2P #WebRTC #Decentralization #DigitalSovereignty #CyberSecurity #FOSS #SelfHosted #NoCloud #AntiCorp #Encryption #WebDev #TechLiberty #PrivateMessaging #Networking #DataPrivacy #InternetFreedom #LocalFirst #SoftwareEngineering #WebApps #ZeroKnowledge #PrivacyTech #IndieDev #NoSignup #NoInstall #DecentralizedWeb #SecureMessaging #BrowserApp #TechEthics
🇻🇳 **Kiểm soát dữ liệu Google trong 3 bước đơn giản:**
1️⃣ **Quản lý Hoạt động Web:** Tắt lịch sử duyệt web & tìm kiếm
2️⃣ **Kiểm soát Vị trí:** Hạn chế chia sẻ vị trí thiết bị
3️⃣ **Quảng cáo:** Tắt cá nhân逅 hóa để giảm dấu vết kỹ thuật số
📌 Tags:
#BaoMatDuLieu #QuyenRiengTu #AnToanMang #GoogleTips #DataPrivacy #PrivacyTips #DigitalSecurity
#BảoMậtDữLiệu #QuyềnRiêngTư #GoogleMẹo
https://vtcnews.vn/bao-ve-du-lieu-ca-nhan-tren-google-chi-voi-3-buoc-don-gian-ar1000275.html
Fediverse has been snubbed again? What about Loops or Pixelfed?
Australian app UpScrolled reports influx of downloads after after Oracle took over TikTok’s US operations last week, sparking concerns about censorship.
#Apps #SocialMedia #Algorithm #BigTech #Censorship #Tech #DataPrivacy #CyberSecurity
https://www.theverge.com/news/867958/tiktok-upscrolled-app-us-takeover
It's been a busy 24 hours in the cyber world with updates on nation-state activity, actively exploited vulnerabilities, new AI-powered malware, and a reminder about data privacy and regulatory efforts. Let's dive in:
Nike Data Theft & Poland Power Grid Attack 🚨
- Extortion group WorldLeaks, believed to be a rebrand of Hunters International, claims to have stolen 1.4TB of internal Nike data, including design and manufacturing workflows. Nike is investigating the potential breach.
- Russia's GRU-linked Sandworm unit is suspected to be behind a December wiper malware attack (DynoWiper) on Poland's power grid, which aimed to disrupt communications between renewable energy installations. The attack was thwarted but described as the strongest in years.
- These incidents highlight the ongoing threat of data exfiltration for extortion and nation-state targeting of critical infrastructure, even if the attacks are unsuccessful.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/26/data_thieves_claim_nike_data_haul/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/26/moscow_likely_behind_wiper_attack/
🗞️ The Record | https://therecord.media/russia-eset-sandworm-poland-hack
Even Cybercriminals Have Security Lapses 🤦
- Cybersecurity researcher Jeremiah Fowler discovered over 149 million unique login/password combinations from infostealer and keylogging malware exposed online.
- The 96GB dataset contained credentials for social media, dating apps, streaming services, financial services, banking, credit cards, and even government accounts.
- This serves as a stark reminder that even threat actors can fail at basic security, but more importantly, it's a critical prompt for everyone to regularly reset passwords, especially if you've been a victim of infostealer malware.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
AI-Generated Malware and Malicious Extensions 🤖
- North Korean Konni hackers are using AI-generated PowerShell malware to target blockchain developers and engineering teams in Japan, Australia, and India, expanding their traditional scope.
- Two malicious Microsoft VS Code extensions, "ChatGPT - 中文版" (1.3M installs) and "ChatGPT - ChatMoss(CodeMoss)" (150K installs), were found exfiltrating every opened file and code modification to China-based servers.
- Separately, LayerX Research identified 16 malicious Chrome browser extensions for ChatGPT designed to steal account credentials and session tokens by monitoring outbound requests from chatgpt.com.
📰 The Hacker News | https://thehackernews.com/2026/01/konni-hackers-deploy-ai-generated.html
📰 The Hacker News | https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html
🤫 CyberScoop | https://cyberscoop.com/chatgpt-browser-extensions-steal-your-data/
Critical Vulnerabilities Under Active Exploitation ⚠️
- CISA has flagged a critical VMware vCenter Server RCE flaw (CVE-2024-37079) as actively exploited, stemming from a heap overflow in the DCERPC protocol. Federal agencies have three weeks to patch.
- Microsoft released emergency out-of-band updates for an actively exploited high-severity Office zero-day (CVE-2026-21509), a security feature bypass affecting multiple Office versions. Mitigations are available for unpatched versions.
- Nearly 800,000 Telnet servers are exposed globally, with active exploitation of a critical authentication bypass (CVE-2026-24061) in GNU InetUtils telnetd server, allowing root access without authentication. Patch immediately or disable Telnet.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-says-critical-vmware-rce-flaw-now-actively-exploited/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/
Pwn2Own Automotive & npm Supply Chain Flaws 🛡️
- The Pwn2Own Automotive 2026 competition uncovered 76 unique zero-day vulnerabilities across Tesla infotainment, EV chargers, and Automotive Grade Linux, with over $1M paid out.
- Researchers found "PackageGate" vulnerabilities in JavaScript package managers (pnpm, vlt, Bun, npm) that bypass Shai-Hulud supply-chain defenses via Git dependencies, allowing script execution even with '--ignore-scripts'. NPM has not patched this, stating users are responsible for vetting packages.
- Google has patched a vulnerability in Gemini AI that could expose a user's calendar secrets through prompt injection in malicious calendar invitations, highlighting the need for new security considerations for LLMs.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-can-bypass-npms-shai-hulud-defenses-via-git-dependencies/
📰 The Hacker News | https://thehackernews.com/2026/01/malicious-vs-code-ai-extensions-with-15.html
Winning Against AI-Based Attacks Requires a Combined Defensive Approach 💡
- The rise of offensive AI is transforming attack strategies, making them more sophisticated and harder to detect, with LLMs used to conceal code and generate malicious scripts.
- Legacy defences like EDR alone are proving insufficient against AI-fueled attacks, which can operate at higher speeds and scale, and often combine threats across identity, endpoint, cloud, and on-premises infrastructure.
- A combined defensive approach, integrating Network Detection and Response (NDR) with EDR, is crucial for detecting novel attack types, identifying behavioural anomalies, and gaining deeper insights from network data to respond quickly.
📰 The Hacker News | https://thehackernews.com/2026/01/winning-against-ai-based-attacks.html
Privacy Breaches and State-Sponsored Spyware 🔒
- French privacy regulators fined an unnamed company €3.5M for sharing customer loyalty data (email addresses, phone numbers) with a social network for targeted advertising without explicit consent, affecting over 10.5 million Europeans.
- A London judge awarded a British critic of the Saudi regime over £3M ($4.1M) in damages, finding "compelling basis" that his iPhones were hacked by Pegasus spyware directed or authorised by Saudi Arabia.
- These incidents underscore the critical importance of informed consent for data sharing and the severe consequences of state-sponsored surveillance and privacy violations.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
🗞️ The Record | https://therecord.media/london-judge-sides-with-saudi-critic-spyware-case/
Voluntary Rules for Commercial Hacking Tools ⚖️
- An international effort, the Pall Mall Process, is developing voluntary standards for the commercial cyber intrusion industry, focusing on responsible government use and procurement from ethical vendors.
- Key discussions include the scope of these rules (e.g., reconnaissance tools), incentives for vendor participation, and how to handle companies with a history of irresponsible behaviour.
- Bug bounty platform HackerOne has also published a new safe harbour document for AI security testing, aiming to provide clear, standardised authorisation for researchers and encourage good-faith AI vulnerability discovery.
🤫 CyberScoop | https://cyberscoop.com/industry-government-nonprofits-weigh-voluntary-rules-for-commercial-hacking-tools/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
Cloudflare BGP Route Leak 🌐
- Cloudflare experienced a 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, causing congestion, packet loss, and dropped traffic due to an accidental policy misconfiguration on a router.
- The incident, a mixture of Type 3 and Type 4 route leaks, occurred when an overly permissive export policy allowed internal IPv6 routes to be advertised externally from Miami.
- Cloudflare detected and reverted the configuration within 25 minutes and is implementing stricter community-based export safeguards, CI/CD checks, and promoting RPKI ASPA adoption to prevent future occurrences.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cloudflare-misconfiguration-behind-recent-bgp-route-leak/
#CyberSecurity #ThreatIntelligence #APT #Ransomware #Malware #ZeroDay #Vulnerability #RCE #SupplyChainAttack #AI #DataPrivacy #IncidentResponse #NetworkSecurity #EndpointSecurity #BGP #InfoSec
Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.
– Quote by Frank Herbert from Dune No. 1
#machines #ai #bigtech #enslavement #openai #chatgpt #microsoft #meta #unplugbigtech #ki #dataprivacy #dune #quote
"Digital Defense: Library Cybersecurity Webinar Series, January - June 2026"
https://sherpaintelligence.substack.com/p/digital-defense-library-cybersecurity
- This will be a six-part series featuring a variety of guest presenters speaking on a range of #cybersecurity topics.
- These sessions are open to anyone, anywhere and will be recorded.
- First session January 28th!
It's Data Privacy Week! When was the last time you thought about the information your favorite games collect about you? 🤔 🎮
In this beginner-friendly guide, you'll learn:
- what kinds of personal information games may collect
- how expectations have changed over time
- practical steps you can take to protect yourself online
Also includes tips and suggestions for indie game creators.
https://writing-games.org/data-privacy-week-tips-for-safer-gaming/
Information Security & Data Privacy Weekend News Roundup: January 23-25, 2026
Sherpa Intelligence paid attention to the #InfoSec & #DataPrivacy news from over the weekend so you wouldn't have to!
https://sherpaintelligence.substack.com/p/information-security-and-data-privacy-c09
https://winbuzzer.com/2026/01/26/chatgpt-temporary-chats-keep-settings-private-xcxwbn/
ChatGPT Temporary Chats Now Keep Your Settings
#AI #ChatGPT #OpenAI #AIAssistants #Privacy #DataPrivacy #AIMemory
Giáo sư mất sạch dữ liệu nghiên cứu vì thay đổi cài đặt ChatGPT, rồi bị mạng xã hội chế giễu. Câu chuyện nhấn mạnh rủi ro lưu trữ quan trọng trên AI. #ChatGPT #AI #DataLoss #Giáo_sư #Công_nghệ #Technology #AI #DataPrivacy
Những khoản tiền đầu tiên từ thỏa thuận Apple bồi thường 95 triệu USD đã chính thức đến tay người dùng iPhone toàn cầu, khép lại vụ bê bối quyền riêng tư liên quan đến trợ lý ảo Siri. Mỗi người nhận được số tiền ít hơn dự kiến! 💰📱
Mới ra mắt sản phẩm mà không hiểu về GDPR/CCPA? Nine Norms - công cụ AI giúp indie dev quét tracker, tự động tạo văn bản pháp lý phù hợp với 120+ khu vực. Tránh phạt, tiết kiệm thời gian, tập trung phát triển sản phẩm. Có bản miễn phí để trải nghiệm. Bạn từng gặp khó khăn gì về compliance? #SaaS #Privacy #GDPR #Compliance #NineNorms #IndieDev #Startup #DataPrivacy #LegalTech #CôngNghệPhápLý #SaaS #BảoMậtDữLiệu
https://www.reddit.com/r/SaaS/comments/1qn5t5f/why_i_built_nine_norms_ai_compliance_f
Don't miss the Sherpa Intelligence #InfoSec & #DataPrivacy news roundup on Monday morning! Subscribe now and wake up to expertly curated industry updates!
https://sherpaintelligence.substack.com/
BitLocker keys given to FBI highlight the danger of centralized cloud storage. Encryption without proper key management is security theater. Users must prioritize user-controlled key storage and transparency. #Cybersecurity #DataPrivacy #KeyManagement
Tự vận hành máy chủ giúp giảm phụ thuộc vào Big Tech, tiết kiệm chi phí và bảo vệ dữ liệu. Tuy nhiên, rủi ro như hỏng phần cứng, mất điện, tấn công mạng, lửa/cháy, hay mất dữ do thiên tai vẫn cao. Để đảm bảo an toàn: sao lưu định kỳ (backup), dùng NAS + RAID, sao lưu đám mây (tên miền riêng, mã hóa), UPS, tường lửa, cập nhật hệ thống, kiểm tra bảo mật tự động. Phân tán nơi lưu trữ, cân nhắc VPS dự phòng. #SelfHosting #DataPrivacy #Backup #NAS #HomeAssistant #Immich #VaultWarden #CyberSecurity #L
Don't miss the Sherpa Intelligence #InfoSec & #DataPrivacy news roundup on Monday morning!
Subscribe now and wake up to expertly curated industry updates! https://sherpaintelligence.substack.com/
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst