The DarkSpectre threat actor, linked to China, has exposed a series of malicious browser extensions across Chrome, Edge, and Firefox, affecting over 8.8 million users worldwide. These extensions, including ShadyPanda, GhostPoster, and The Zoom Stealer, are designed for data theft, corporate espionage, and meeting information harvesting, often masquerading as legitimate tools for video conferencing and utilities. The campaigns have been active for over seven years, with some extensions still in the trust-building phase, posing significant risks to user privacy and corporate security.
A popular Chrome extension called Urban VPN Proxy, with 6 million users, was found secretly collecting and exfiltrating users' AI chat prompts and responses to remote servers, despite claiming to provide VPN services and offering a privacy protection feature. The extension's update in July 2025 enabled default data harvesting, which is hidden from users, raising significant privacy concerns. Similar data collection practices were identified in other extensions from the same publisher, highlighting risks associated with trusted marketplace badges and the need for better oversight.
The social event app Partiful was found to be storing user-uploaded photos with embedded GPS location data, posing privacy risks. After TechCrunch revealed the security flaw, Partiful fixed the issue by removing metadata from existing photos and announced ongoing security reviews. The incident highlights the importance of proper data handling and security practices in social apps.
The NJ gubernatorial race was impacted after the National Archives mistakenly released unredacted military records of Congresswoman Mikie Sherrill, including her Social Security number, prompting calls for investigation and legal action amid accusations of political weaponization and privacy violations.
The Neon app, a popular call-recording platform that paid users for their data, has been taken offline after a security flaw exposed users' phone numbers, call recordings, and transcripts, raising privacy concerns. The app's servers failed to prevent unauthorized access to user data, prompting the developer to shut down the service temporarily. The incident highlights ongoing issues with app security and oversight in app marketplaces.
House Minority Leader Jeffries calls for a criminal investigation into the unauthorized and potentially illegal release of Rep. Mikie Sherrill's military records by the National Archives, amid concerns over privacy violations and political implications in a closely watched gubernatorial race.
A significant privacy breach occurred when the National Archives released an almost unredacted version of Rep. Mikie Sherrill's military records to her opponent's ally, raising concerns about violations of privacy laws and the mishandling of sensitive information during a heated political campaign in New Jersey.
An app called 'Cancel the Hate' aimed at reporting individuals criticizing conservative activist Charlie Kirk leaked users' personal data due to a security flaw, leading to its takedown amid privacy concerns and ongoing investigations.
A US jury has ordered Google to pay $425 million for violating user privacy by collecting data from users who had opted out of tracking features, with Google planning to appeal the decision, claiming it misunderstood how its products work.
A whistleblower from the Social Security Administration alleges that members of the Department of Government Efficiency uploaded sensitive Social Security data to a vulnerable cloud server without proper oversight, risking widespread identity theft and privacy violations, though no breach has been confirmed. The incident highlights concerns over data security and misuse within government agencies, especially involving personnel linked to Elon Musk's ventures.
A man advises that his sisters' anger over a private financial discussion and a recorded conversation could be mitigated by setting clear boundaries, demanding apologies for privacy breaches, and insisting on respectful treatment of his girlfriend, emphasizing that the issues stem from the sisters' breach of trust.
AI conversations from ChatGPT have been exposed to public access through Google Search and the Wayback Machine, raising significant privacy concerns as OpenAI has not requested their removal from these platforms, highlighting ongoing issues with user privacy in AI applications.
Lovense, a maker of internet-connected sex toys, fixed security flaws that exposed user emails and allowed account takeovers, but the company is considering legal action against reports of the breach, despite claiming no user data was compromised.
A women-only dating safety app called Tea has been hacked, exposing 72,000 images and additional data from over two years, raising concerns about privacy and security for its 1.6 million users. The breach includes sensitive verification images and posts, prompting the company to work with cybersecurity experts and emphasize its efforts to protect the community.
The article highlights numerous shocking stories of HIPAA violations by healthcare workers, including unauthorized access to patient information, sharing sensitive data, and mishandling medical records, emphasizing the ongoing issues with patient privacy breaches in medical settings.
