If you are using a company Android mobile phone Google will start sharing all your text messages, including those encrypted, with your employer

forbes.com/sites/zakdoffman/20…

#CyberSecurity #Privacy

You might want to compare what the #FTC now requires of them to what Illuminate's settlement with three state attorneys general requires:

ag.ny.gov/sites/default/files/…

#enforcement #edtech #databreach #edusec #cybersecurity #incidentresponse

Linux 6.18 Release Improves Gaming, Laptops, and Security

see: omgubuntu.co.uk/2025/11/linux-…

#linux #kernel #news #update #upgrade #feature #software #os #foss #floss #Hooray #opensource #cybersecurity #security #tux

Indien zwingt WhatsApp und Telegram zur permanenten SIM-Bindung

Indiens Telekombehörde DoT verpflichtet Messenger-Dienste zur dauerhaften SIM-Bindung. WhatsApp, Telegram und Signal müssen binnen 90 Tagen umstellen.

heise.de/news/Indien-zwingt-Wh…

#Cybersecurity #Mobiles #Netzpolitik #Security #Signal #SIMKarte #Telegram #WhatsApp #news

Indien zwingt WhatsApp und Telegram zur permanenten SIM-Bindung

^{Malte Kirchner (heise online)}

☣️ GitLab discovers widespread npm supply chain attack

｢ Harvests credentials from GitHub, npm, AWS, GCP, and Azure
Exfiltrates stolen data to attacker-controlled GitHub repositories
Propagates by automatically infecting other packages owned by victims
Contains a destructive payload that triggers if the malware loses access to its infrastructure ｣

about.gitlab.com/blog/gitlab-d…

#npm #supplychainattack #cybersecurity

GitLab discovers widespread npm supply chain attack

Malware driving attack includes "dead man's switch" that can harm user data.

^{Michael Henriksen (GitLab)}

🚨 #Mixpanel wurde gecybert, OpenAI-API-Nutzer sind eventuell betroffen

Angreifer erbeuteten nach SMS-Phishing ggf. Namen, E-Mails und Standortdaten, Betriebssystem und Browser, Webseiten-Referrer und Organisations- oder User-IDs von API-Nutzern.

ChatGPT-Accounts sind offensichtlich sicher, aber wer API-Keys nutzt (z.B. für Powertoys), sollte aufmerksam bleiben.
OpenAI hat Mixpanel entfernt und kontaktiert Betroffene direkt.

heise.de/news/OpenAI-meldet-Da…

#Cybersecurity #OpenAI #Datenschutz

OpenAI meldet Datenklau bei Dienstleister Mixpanel

OpenAI meldet Datendiebstahl bei dem Webanalyser-Dienstleister Mixpanel. Daten von OpenAI-API-Nutzern sind betroffen.

^{Dirk Knop (heise online)}

No bark. No bite.

The Information Commissioner's Office (UK) has shied away from enforcing data laws one too many times.

Yesterday over 70 groups and experts joined ORG's demand for an inquiry into the regulator.

Evidence shows that enforcement goes down, breaches go up. We say enough.

openrightsgroup.org/press-rele…

#dataprotection #gdpr #privacy #ICO #cybersecurity #ukpolitics #ukpol #datarights

70+ organisations and experts demand action over failing ICO

Over 70 civil society organisations, academics and data protection experts have urged the Chair of the Select Committee for Science Information and Technology to open an inquiry into the collapse in enforcement activity by the Information Commissione…

^{Open Rights Group}

I'm writing a #guide for #cybersecurity:

take a look: wiki.doomsday.site/en/cybersec…

Please feel free to comment your ideas for more tools ...

#security #surfing #internet #browser #firefox #privacy #surveillance #tracking #bigbrother #orwell #online #cyberspace #cybercrime #bigtech #web #www #anonymity

New research out from @DomainTools Investigations today!

We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.

Always fascinating to me how different the threat actor groups can be both domestically and regionally. In APT35's case, much more militarily regimented, versus hybrid "state startup waterfall" or "criminal-state merge blend" setups.

#infosec #cybersecurity #threatintel

dti.domaintools.com/threat-int…

Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations | DTI

Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.

^{DomainTools Investigations | DTI}

Strange how in a country with so many tech experts they couldn't find women speakers.

Recently I attended #Kawaiicon2025 a #Cybersecurity / #InfoSec conference in Aotearoa New Zealnd, a country with just over 5Million people living here. They found an assortment credible and interesting speakers who were men or women or nonbinary (NB). Same with panels. And organisers which helps. The participating audience was still more Men than Women or NB but anyone attending would have found peers.
kawaiicon.org/talks/

A fully sponsored Girl Geek Dinner pre-con welcoming event was also held.
kawaiicon.org/con-events/#girl…

Calling out manels (all male panels) is brave work and it's helpful when men do the "Do Better" call.

Hallway con - Kawaiicon 2025

Kawaiicon is more than just the main talk track over the two days. We know a lot of people come to the con to see each other, hangout, and cause some hacker mischief. That is why we have a hallway con.

^{Kawaiicon 2025}

Please, if you are using a free VPN, other than ProtonVPN, stop!!! If you need a VPN then pay for it. And don't pick some cheap one with no reputation either. Pick a reputable one.

They are hugely expensive to run and if they are free, run by some unknown, they are getting their profits in ways you won't like.

cybersecuritynews.com/maliciou…

#cybersecurity #VPN #VPNS

Malicious 'Free' VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data

A deceptive browser campaign has exposed millions of users to extensive surveillance through seemingly innocent VPN extensions.

^{Tushar Subhra Dutta (CybersecurityNews)}

Chrome now wants to store and autofill your driver’s license and other ID info.

From a cybersecurity perspective, that is a hard no from me. Info-stealer malware already targets browser autofill, and you cannot rotate a driver’s license number like a password. Putting high value IDs in the most targeted consumer app on the planet is a bad trade for a little convenience.

I wrote up why this feature is such a risky idea and what I recommend instead:

🔗 kylereddoch.me/blog/chromes-ne…

#Infosec #Privacy #Chrome #Cybersecurity

Chrome’s New Driver’s License Autofill Is a Terrible Idea

Chrome can now store and autofill driver’s licenses, passports, and vehicle IDs. From a cybersecurity and privacy standpoint, putting government ID numbers into the world’s most-targeted browser is a bad trade, no matter how convenient it feels.

^{Kyle Reddoch}

The Case for Making EdTech Companies Liable Under FERPA:

techpolicy.press/the-case-for-…

#edtech #ferpa #cybersecurity #infosecurity #edusec

@douglevin @funnymonkey @mkeierleber

The Case for Making EdTech Companies Liable Under FERPA

Congress should amend FERPA to hold EdTech vendors, rather than the schools, directly responsible for vendor compliance, Lavanya Sathyamurthy writes.

^{Lavanya Sathyamurthy (Tech Policy Press)}

The Louvre’s surveillance password was literally… “Louvre.” 😳

Here are 3 password manager tips from Tuta you need to hear 👇

Tip 1: Use strong, unique passwords
Tip 2: Never reuse passwords
Tip 3: Enable 2FA (two-factor authentication)

#CyberSecurity #JewelryLourve #Lourvepassword

Breaking Up With Edtech Is Hard to Do:
edsurge.com/news/2025-11-07-br…

@douglevin @funnymonkey @mkeierleber

#edtech #EduSec #cybersecurity #contract

Breaking Up With Edtech Is Hard to Do

Shedding old edtech is a real pain, district experts say. Worse, student privacy may be at risk.

^{Ellen Ullman (EdSurge)}