Privacy
-
Breach of RemoteCOM surveillance service exposes records of nearly 14,000 monitored people
A breach of RemoteCOM’s SCOUT monitoring system exposed nearly 14,000 records of people under court supervision and contact details for thousands of officers, with leaked files showing device monitoring data, activity alerts and fees for monitored individuals.
-
Asahi suspends Japan operations after cyberattack
Asahi Group Holdings said a cyberattack has forced a halt to ordering, shipping and customer service operations in Japan; the company is investigating and said there is no confirmed data leakage so far but gave no recovery timeline.
-
Volvo North America confirms employee data exposure after Miljödata ransomware attack
Volvo North America confirmed that attackers accessed employee data after its HR-system provider Miljödata was hit by a ransomware attack, exposing names and Social Security numbers and affecting a wide network of Swedish municipalities and institutions.
-
Archer Health data breach exposes 145,000 patient records in publicly accessible database
A California-based in-home health provider, Archer Health Inc., left a 23 GB cache of medical and personal data publicly accessible, exposing more than 145,000 files including patient names, SSNs and medical histories. The database was secured within hours after a cybersecurity researcher alerted investigators, and the company says it is investigating the incident, which underscores…
-
Senate Democrats flag DOGE program for privacy, cybersecurity risks across three federal agencies
A Senate Democratic report accuses the DOGE program of violating federal law and exposing Americans’ personal data across three agencies, urging immediate safeguards and compliance measures amid warnings of heightened identity theft risk.
-
FBI Warns of Fake IC3 Websites Designed to Steal Personal Data
The FBI warning highlights that criminals are creating spoofed IC3 websites to harvest personal data, noting more than 100 impersonation reports since late 2023 and urging direct access to IC3.gov and vigilance against look-alike domains and scam communications.
-
Unpatched OnePlus flaw lets rogue apps access SMS data, Rapid7 says
Rapid7 has disclosed an unpatched vulnerability in OnePlus OxygenOS that could allow rogue apps to access SMS data and metadata without user interaction, due to exposed content providers in the Telephony package. The flaw, CVE-2025-10184, affects OxygenOS 12 through 15 and remains unpatched as OnePlus investigates; a PoC exploit has been published.
-
Boyd Gaming Discloses Data Breach After Cyberattack; Employee Data Among Those Compromised
Boyd Gaming disclosed a cyberattack in a Form 8-K, stating attackers gained access to its systems and stole employee data and data belonging to a limited number of other individuals. The company says operations and financial condition are not affected, has engaged external cybersecurity experts and notified law enforcement, and no group has claimed responsibility.
-
GitHub Tightens npm Publishing Security with 2FA, Short-Lived Tokens and Trusted Publishing
GitHub announced a sweeping set of security measures for npm publishing, including deprecating legacy tokens, migrating to FIDO-based 2FA, and introducing seven-day, short-lived granular tokens plus trusted publishing that uses OpenID Connect and cryptographic provenance attestations to bolster npm’s supply-chain security.
-
Mac ad campaign impersonating brands pushes macOS credential stealer, LastPass warns
Security researchers warn of a malvertising campaign that uses search ads to impersonate LastPass and other services, delivering the Atomic Stealer/Amos Stealer on macOS via fraudulent GitHub pages; LastPass says takedowns are underway and IoCs are shared.
