Security researcher Harry Sintonen disclosed that the macOS desktop Signal app doesn't actually delete messages when they're deleted in the UI of the app.
RSS Feed • Follow @PrivacyNews@mstdn.plus on Mastodon • Find more news on the forum
After the town of Bandera, Texas voted 3-2 to end its contract with the dystopian surveillance company Flock, a pro-Flock councilmember proposed a ban of phones, cameras, the internet, and nearly all technology.
Apple has published the source code for their corecrypto libraries on GitHub, along with the tools and formal verification libraries they used to evaluate their cryptography, so independent cryptography experts can verify it for themselves.
The US DOJ is demanding the data of all users, equating to over 100,000 people, of the EZ Lynk app over alleged violations of the Clean Air Act, which the company denies.
Brian Krebs found a public GitHub repository with sensitive internal CISA credentials "including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets."
Security researchers at Calif have found the first public memory corruption exploit on Apple's M5 chip, surviving Memory Integrity Enforcement protections.
After Discord announced their DAVE end-to-end encryption protocol for audio and video calls in 2024, they’ve finally finished migrating all calls to use it by default.
This week had some particularly noteworthy breaches including facial recognition systems, fingerprint scans, and Trump Mobile.
Fragnesia, the latest local privilege escalation vulnerability in the same family as Dirty Frag, emerges as an “unintended side effect of one of the patches addressing the original Dirty Frag vulnerabilities” according to the original creator of Dirty Frag, Hyunwood Kim.
This week featured some high-risk breaches including banks, cars, and water utilities.
An anonymous security researchers known as Nightmare-Eclipse has published two more Windows zero-day exploits, YellowKey and GreenPlasma, after already publishing 3 earlier this year.
Android has introduced some new protections against scammers and malware, some powered by agentic AI.
The Canvas breach quickly became the biggest hack of the week, but a couple others slipped under the radar.
Governor Spencer Cox has signed a law stating that websites are accountable for determining if a user is physically located in Utah, even from behind a VPN.
Canvas, software used by thousands of schools in the U.S., has been hacked and the private data of staff and students stolen.
A new investigation from Bloomberg has revealed how state-run health insurance marketplaces have - often accidentally - been sharing sensitive data with tech giants. The United States healthcare landscape is complicated. The healthcare system is largely privatized. Many employers offer health insurance to full-time employees, while those not covered can
Two new Linux local privilege escalation vulnerabilities were discovered in the same vulnerability class as Copy Fail, affecting most Linux distributions.
Google announced that “you can now choose to share your approximate location with websites, instead of sharing precise location” on Chrome for Android.
Proton Mail now offers post-quantum encryption to protect against future threats from quantum computers.
Under the proposed settlement, Kochava would be required to implement a slew of oversights and allow consumers to have more control over their data.
The company surprisingly emphasizes reduced fraud instead of visitor safety.
Privacy Guides is the best place to learn about protecting your digital life. You can get more articles like these, straight to your inbox:
No spam. Unsubscribe anytime.