WhatsApp Claims it Thwarted an NSO Spyware Campaign
WhatsApp claims they detected and stopped an NSO spyware campaign against its users.
Privacy & Security News
RSS Feed • Follow @PrivacyNews@mstdn.plus on Mastodon • Find more news on the forum
Around 1,500 AUR Packages Compromised with "Rootkit-Like" Malware
Researchers at Sonatype uncovered a massive supply chain attack against the Arch User Repository (AUR) to harvest credentials and exfiltrate user data by hijacking around 1,500 packages.
Data Breach Roundup (June 5 - 11, 2026)
This was a busy week with breaches from several universities, the French government, Flock, and more.
Microsoft Patches Some Vulnerabilities from Nightmare Eclipse, Others Left Unpatched
Microsoft has patched some vulnerabilities from anonymous security researcher going by the pseudonym Nightmare Eclipse, who published yet another vulnerability the same day.
Ransomware Gang Exploiting Legacy VPN Protocol in US Federal Agencies
According to TechCrunch, CISA is giving US federal agencies until the end of Wednesday to fix an actively exploited VPN vulnerability in the deprecated IKEv1 key exchange protocol.
Common Speakers Can Be Remotely Hacked and Used to Take Over Your PC
Ethical hacker Rasmus Moorats in a blog post revealed an exploit in Sound Blaster Katana V2X speakers, dubbed "Pwnd Blaster," that would allow an attacker to remotely take over your PC.
Brave Launches Paid, "Minimalist" Brave Origin Browser
Brave has officially released Brave Origin, a minimal version of the regular Brave browser without a lot of the optional features such as Rewards, Leo AI, and Brave's VPN, for a one-time fee.
Data Breach Roundup (May 29 - June 4, 2026)
This week saw data breaches impacting GTA Online cheaters, a health wearable, a UN food assistance program for Palestinians, and an update to the neverending 23andMe saga.
Meta’s AI Support Agent Used by Hackers to Take Over Instagram Accounts
An exploit described as “remarkably simple” allows anyone to add a new email address to any Instagram account using Meta’s AI chat bot, allowing full account takeover.
Data Breach Roundup (May 22 - 28, 2026)
A complex travel booking breach, multiple government breaches around the world, some updates, and much more. This was a busy week for cybercriminals.
Google Family Link Exploit Enables Account Lockout and Surveillance
Google Family Link, Google's child safety feature, can be leveraged by an attacker to lock you out of your Google account and surveil and control your activity
Signal macOS Desktop App Doesn't Actually Delete Messages When it Should
Security researcher Harry Sintonen disclosed that the macOS desktop Signal app doesn't actually delete messages when they're deleted in the UI of the app.
Town Councilmember Proposes Internet and Phone Ban After Flock Contract is Cancelled
After the town of Bandera, Texas voted 3-2 to end its contract with the dystopian surveillance company Flock, a pro-Flock councilmember proposed a ban of phones, cameras, the internet, and nearly all technology.
Apple Publishes Source Code for Their Cryptography on GitHub
Apple has published the source code for their corecrypto libraries on GitHub, along with the tools and formal verification libraries they used to evaluate their cryptography, so independent cryptography experts can verify it for themselves.
The US DOJ Wants Identities and Addresses of Over 100,000 Users of a Car App
The US DOJ is demanding the data of all users, equating to over 100,000 people, of the EZ Lynk app over alleged violations of the Clean Air Act, which the company denies.
CISA Leaks Secret Credentials in a Public Github Repo
Brian Krebs found a public GitHub repository with sensitive internal CISA credentials "including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets."
First Public Kernel Memory Exploit of on Apple's M5 Chip Found
Security researchers at Calif have found the first public memory corruption exploit on Apple's M5 chip, surviving Memory Integrity Enforcement protections.
Discord Makes All Voice/Video Calls E2EE
After Discord announced their DAVE end-to-end encryption protocol for audio and video calls in 2024, they’ve finally finished migrating all calls to use it by default.
Data Breach Roundup (May 15 - 21, 2026)
This week had some particularly noteworthy breaches including facial recognition systems, fingerprint scans, and Trump Mobile.
Dirty Frag Sequel Continues the Streak of Linux Kernel Privilege Escalation Vulnerabilities
Fragnesia, the latest local privilege escalation vulnerability in the same family as Dirty Frag, emerges as an “unintended side effect of one of the patches addressing the original Dirty Frag vulnerabilities” according to the original creator of Dirty Frag, Hyunwood Kim.
Subscribe today!
Privacy Guides is the best place to learn about protecting your digital life. You can get more articles like these, straight to your inbox:
No spam. Unsubscribe anytime.