privacy

UK Government Says 100 Countries Have Spyware That Can Hack People’s Phones

According to U.K. intelligence, over 100 countries now have access to commercial spyware capable of hacking phones and computers to steal sensitive data, increasing from 80 countries in 2023. The U.K. National Cyber Security Centre warns this expanded access lowers barriers for foreign governments and hackers to target U.K. citizens, companies, and critical infrastructure, with victims now including bankers and wealthy businesspeople, and highlights ongoing threats from state-backed intrusions and leaked hacking tools.

https://techcrunch.com/2026/04/22/uk-government-says-100-countries-have-spyware-that-can-hack-peoples-phones/

The Company Paid to Protect Your Identity Just Got Hacked

Aura, a major U.S. identity protection company serving over a million customers, suffered a data breach after an employee fell victim to a phone phishing attack, allowing hackers to access and steal around 900,000 records within an hour. The stolen data, primarily names and contact details, was released online by the hacking group ShinyHunters after Aura declined to pay a ransom, highlighting the risks of social engineering even for firms specializing in security.

https://gizmodo.com/the-company-paid-to-protect-your-identity-just-got-hacked-2000735410

Face Value: What It Takes to Fool Facial Recognition

ESET Global Cybersecurity Advisor Jake Moore demonstrated how widely-used facial recognition systems can be fooled using modified smart glasses for real-time identification, AI-generated fake faces to bypass bank identity verification, and face swap technology to evade police watchlists. His experiments reveal significant vulnerabilities in facial recognition technology that is increasingly trusted for security, highlighting the need for these systems to be rigorously tested against such attacks. Moore will present these findings live at RSAC 2026 to raise awareness about the risks of relying solely on facial biometrics for identity verification.

https://www.welivesecurity.com/en/privacy/face-value-what-takes-fool-facial-recognition/

LLMs Can Unmask Pseudonymous Users at Scale With Surprising Accuracy

Large language models (LLMs) can accurately unmask pseudonymous users on social media platforms, thereby undermining the privacy afforded by pseudonymity. Researchers found that LLMs can achieve high recall and precision rates in identifying users based on their online activity, posing risks of doxxing, stalking, and targeted advertising. The study highlights the need for stronger privacy protections and suggests mitigations, such as rate limits on data access and monitoring for LLM misuse.

https://arstechnica.com/security/2026/03/llms-can-unmask-pseudonymous-users-at-scale-with-surprising-accuracy/

What Your Bluetooth Devices Reveal About You

Bluetooth devices leak personal data. The author built Bluehood, a scanner to analyze Bluetooth presence patterns and understand data exposure risks. Key points include the unintended information leaked by always-on Bluetooth devices, lack of control over Bluetooth settings in many devices, and potential privacy tools needing Bluetooth for functionality. Bluehood passively monitors devices, creating heatmaps and identifying patterns. The main takeaway: users need to be aware of their Bluetooth habits to make informed privacy decisions.

https://blog.dmcc.io/journal/2026-bluetooth-privacy-bluehood/

Eurail Says Stolen Traveler Data Now up for Sale on Dark Web

Eurail's stolen customer data is for sale on the dark web after a breach revealed sensitive records, including names and bank details. The company is investigating the extent of the breach and has notified data protection authorities. Affected customers should be alert for phishing attempts and update their passwords.

https://www.bleepingcomputer.com/news/security/eurail-says-stolen-traveler-data-now-up-for-sale-on-dark-web/

Spyware Maker Is Hijacking Diplomatic Efforts to Limit Commercial Hacking, Civil Society Warns

Civil society alleges NSO Group, a spyware manufacturer with a history of human rights violations, is using diplomatic initiatives like the Pall Mall Process to rehabilitate its image despite reports of abuses. While NSO claims engagement in reining in spyware misuse, officials from France and the UK affirm they did not invite NSO's participation. Critics stress that NSO's history, including targeting journalists and activists, undermines its claims of responsible governance, while calls for exclusion from future negotiations are growing amid concerns over accountability and transparency.

https://therecord.media/spyware-maker-pall-mall-process-reputation

Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw

Microsoft provided the FBI with encryption keys for BitLocker-protected data on three laptops, following a warrant related to a Covid unemployment assistance fraud investigation in Guam. This case marks the first known instance of Microsoft providing law enforcement with encryption keys. Privacy experts criticize Microsoft for this decision, arguing that it compromises user privacy and security, and urging the company to adopt stronger protections like those offered by Apple and Google.

https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

Critical WhisperPair Flaw Lets Hackers Track, Eavesdrop Via Bluetooth Audio Devices

Security researchers found a critical vulnerability in Google's Fast Pair protocol, called “WhisperPair,” allowing attackers to hijack Bluetooth audio devices to track and eavesdrop on users. The flaw affects numerous devices, regardless of smartphone OS, due to improper implementation allowing unauthorized pairing. Attackers can exploit it from up to 14 meters away, gaining control of the devices for malicious purposes. Google awarded researchers $15,000, but security updates are still pending for many devices. Users must install firmware updates to mitigate risks.

https://www.bleepingcomputer.com/news/security/critical-whisperpair-flaw-lets-hackers-track-eavesdrop-via-bluetooth-audio-devices/

Murder-suicide Case Shows OpenAI Selectively Hides Data After Users Die

OpenAI is being accused of concealing crucial ChatGPT logs during legal proceedings related to a murder-suicide case involving Stein-Erik Soelberg and his mother, Suzanne Adams. The family claims Soelberg's mental health deteriorated after engaging with ChatGPT, which allegedly fueled delusional beliefs about his mother. Despite evidence from shared logs, OpenAI has refused to provide full access to discussions that could shed light on Soelberg's state of mind leading up to the tragedy. The lawsuit argues that OpenAI's data policies, particularly regarding deceased users, lack transparency and accountability, exacerbating the family's grief and hindering their ability to understand the events.

https://arstechnica.com/tech-policy/2025/12/openai-refuses-to-say-where-chatgpt-logs-go-when-users-die/

Meet the Team That Investigates When Journalists and Activists Get Hacked With Government Spyware

Access Now's Digital Security Helpline investigates government spyware hacks targeting journalists and activists. Staffed by experts from Costa Rica, Manila, and Tunisia, it assists victims by assessing potential spyware infections and offering support. The helpline has seen a surge in cases, now handling about 1,000 per year, driven by increased awareness and the proliferation of spyware. Collaborating with organizations like CiviCERT, they aim to empower civil society in navigating cybersecurity threats.

https://techcrunch.com/2025/12/27/meet-the-team-that-investigates-when-journalists-and-activists-get-hacked-with-government-spyware/

Meet the Man Hunting the Spies in Your Smartphone

Ronald Deibert, founder of the Citizen Lab, has worked for over two decades to uncover digital threats and abuses of power. Based at the University of Toronto, the lab is unique for its independence from government and corporate interests, focusing on public interest investigations into cyberthreats. Deibert warns that democracy, particularly in the U.S., is under threat, noting a rise in authoritarian practices. Despite risks to himself and his team, the lab's work continues to influence global human rights and cybersecurity discussions, including laying groundwork for sanctions against spyware vendors. Deibert emphasizes the importance of their mission, especially as similar research faces challenges in the U.S.

https://www.technologyreview.com/2025/12/24/1129294/ronald-deibert-citizen-lab-digital-threats-spies-cybersecurity/

8 Million Users’ AI Conversations Sold for Profit by “Privacy” Extensions

TLDR: Over 8 million users' AI conversations have been harvested and sold for profit by the Urban VPN Proxy extension, which secretly captures data from platforms like ChatGPT and Claude. Despite claiming privacy, the extension transmits sensitive information to servers without user consent. It has passed Google’s reviews, misleading users about its data practices. Users are advised to uninstall it immediately to protect their private conversations.

https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection

Should You Trust Your VPN Location?

Extreme TLDR: Analysis of 20 VPNs revealed 17 falsely claim exit locations; many are routed through different countries. 38 countries were only virtual, with data showing actual locations often thousands of kilometers away. Only 3 providers matched their claimed locations perfectly. Relying on self-reported data leads to significant inaccuracies. Users should treat “100+ countries” claims with skepticism and verify provider transparency regarding virtual versus physical server locations.

https://ipinfo.io/blog/vpn-location-mismatch-report

Scroll to Top