Data Breach Roundup (June 19-25)
This week bad luck (or poor planning) struck LastPass, Polymarket, Meta, and an "AI-powered healthcare company."
Privacy & Security News
RSS Feed • Follow @PrivacyNews@mstdn.plus on Mastodon • Find more news on the forum
DOJ Stopped From Requiring Apple and Google to Hand Over the Data of 100,000 People
A court has determined that the US DOJ cannot force Apple and Google to hand over the information of around 100,000 users of the EZ Lynk app.
Meta's Keystroke-Logging Employee AI Training Program on Pause After Internal Data Leak
According to Business Insider, n internal program at Meta to train AI on employees' data is on pause after an internal leak exposing keystrokes, private conversations, and transcriptions.
Kansas City Pushes for Facial Recognition on Public Buses
Kansas City, Missouri is gearing up to equip public buses with facial recognition cameras designed to detect if a rider is on a list of banned or missing people.
Connectivity Standards Alliance Releases Matter 1.6 and Product Security 1.1 Specifications
The Connectivity Standards Alliance (CSA), creators of the Matter, Zigbee, and Aliro standards for IoT devices, released their new Matter 1.6 and Product Security 1.1 specifications for securing smart homes.
Data Breach Roundup (June 12 - 18, 2026)
Novo Nordisk, the Knicks, Peter Thiel, and many more are among this week's numerous big names who were breached.
Unpatchable Exploit Found Apple's A12 and A13 Chips
Researchers at Paradigm Shift discovered a new unwatchable vulnerability, dubbed "usbliter8," in Apple's A12, S4/S5, and A13 chips.
Linux Removes Support for Legacy AppleTalk Protocol in Response to AI Patches
A surge of AI-generated patches in the Linux kernel has resulted in the removal of support for older protocols, the latest of which being AppleTalk.
Android 17 Launched, What New Privacy/Security Features Does it Bring?
Android 17 has now officially launched, bringing with it a slew of new privacy and security upgrades like the new Contact Picker and post-quantum app signing.
WhatsApp Claims it Thwarted an NSO Spyware Campaign
WhatsApp claims they detected and stopped an NSO spyware campaign against its users.
Around 1,500 AUR Packages Compromised with "Rootkit-Like" Malware
Researchers at Sonatype uncovered a massive supply chain attack against the Arch User Repository (AUR) to harvest credentials and exfiltrate user data by hijacking around 1,500 packages.
Data Breach Roundup (June 5 - 11, 2026)
This was a busy week with breaches from several universities, the French government, Flock, and more.
Microsoft Patches Some Vulnerabilities from Nightmare Eclipse, Others Left Unpatched
Microsoft has patched some vulnerabilities from anonymous security researcher going by the pseudonym Nightmare Eclipse, who published yet another vulnerability the same day.
Ransomware Gang Exploiting Legacy VPN Protocol in US Federal Agencies
According to TechCrunch, CISA is giving US federal agencies until the end of Wednesday to fix an actively exploited VPN vulnerability in the deprecated IKEv1 key exchange protocol.
Common Speakers Can Be Remotely Hacked and Used to Take Over Your PC
Ethical hacker Rasmus Moorats in a blog post revealed an exploit in Sound Blaster Katana V2X speakers, dubbed "Pwnd Blaster," that would allow an attacker to remotely take over your PC.
Brave Launches Paid, "Minimalist" Brave Origin Browser
Brave has officially released Brave Origin, a minimal version of the regular Brave browser without a lot of the optional features such as Rewards, Leo AI, and Brave's VPN, for a one-time fee.
Data Breach Roundup (May 29 - June 4, 2026)
This week saw data breaches impacting GTA Online cheaters, a health wearable, a UN food assistance program for Palestinians, and an update to the neverending 23andMe saga.
Meta’s AI Support Agent Used by Hackers to Take Over Instagram Accounts
An exploit described as “remarkably simple” allows anyone to add a new email address to any Instagram account using Meta’s AI chat bot, allowing full account takeover.
Data Breach Roundup (May 22 - 28, 2026)
A complex travel booking breach, multiple government breaches around the world, some updates, and much more. This was a busy week for cybercriminals.
Google Family Link Exploit Enables Account Lockout and Surveillance
Google Family Link, Google's child safety feature, can be leveraged by an attacker to lock you out of your Google account and surveil and control your activity
Subscribe today!
Privacy Guides is the best place to learn about protecting your digital life. You can get more articles like these, straight to your inbox:
No spam. Unsubscribe anytime.