Privacy
-
Smishing texts impersonate New York tax agency to steal inflation refund details
Smishing texts impersonating the New York Department of Taxation and Finance are urging recipients to submit payment and personal details to claim “Inflation Refunds,” BleepingComputer reported; state officials said the refunds are automatic and advised people not to provide information and to report suspected scams.
-
DraftKings warns accounts breached in credential stuffing attacks
DraftKings said an undisclosed number of customer accounts were accessed in credential stuffing attacks that exposed a limited set of account details; the company is requiring password resets, urging multifactor authentication and advising customers to monitor financial and credit accounts.
-
UC Irvine researchers say high-precision mice can be used to eavesdrop on conversations
Researchers at the University of California, Irvine say high-precision optical mice can pick up tiny desk vibrations from speech and, using signal processing and machine learning, be converted into audible reconstructions; the team published details on a Google research site and an arXiv paper.
-
ESET: Fake Signal and ToTok Android Apps used to deploy spyware in UAE
ESET researchers warned that two spyware campaigns in the UAE use fake Signal and ToTok Android apps disguised as plugins or add‑ons to collect contacts, messages, backups and files; the spyware has been traced to mid‑2022 and is blocked by Google Play Protect for devices with Google Play Services.
-
Misconfigured Rainwalk Pet database left 158 GB of owner and pet records exposed
A misconfigured Rainwalk Pet database exposed about 158 GB of customer and pet records, including names, contact details, partial credit card numbers, veterinary bills and microchip numbers, the article said; the data remained publicly accessible for almost a month before being secured.
-
Discord says support vendor breach exposed customer data
Discord said a compromised third-party customer support vendor exposed support tickets and personal details, including billing data and ID images, and that it cut the vendor’s access, launched an investigation and notified law enforcement.
-
Signal adds post‑quantum SPQR ratchet to its protocol
Signal announced the Sparse Post Quantum Ratchet (SPQR), to be combined with its Double Ratchet into a Triple Ratchet that Signal says will add post‑quantum protections while preserving forward secrecy and post‑compromise security, and will be rolled out gradually with formal verification and academic review.
-
Renault and Dacia inform UK customers of data exposure after third‑party breach
Renault and Dacia told UK customers that personal data held by a third‑party provider was taken in a cyberattack, exposing names, contact details and vehicle identifiers; Renault said banking data was not exposed and declined to name the supplier or say how many customers were affected.
-
Adobe says Analytics ingestion bug caused some customers’ data to appear in other tenants
Adobe said an ingestion bug in Analytics Edge caused some organisations’ data to appear in other customers’ analytics instances between Sept. 17 and Sept. 18, 2025; Adobe is cleaning impacted datasets and a customer advisory seen by BleepingComputer instructs deletion of affected data and backups.
-
US Air Force investigating ‘privacy-related issue’ after alleged SharePoint notice
The Department of the Air Force is investigating a “privacy-related issue” after an alleged notice said USAF SharePoint permissions exposed PII and PHI and that SharePoint, Teams and Power BI might be blocked; officials have provided limited confirmation and Microsoft declined to comment.
