Privacy
-
Texas agency says license vendor breach exposed data on 3 million people
Texas Parks and Wildlife said a breach at its license system vendor exposed personal data tied to more than 3 million hunting and fishing license customers, including driver’s license details, passport numbers and contact information.
-
Apple patches Beats Studio Buds flaw that could let attackers hear conversations
Apple has patched a high-severity Bluetooth flaw in Beats Studio Buds that could let an attacker in range listen through the microphone before pairing. The update is delivered as firmware 1B211.
-
Malicious JetBrains plugins stole AI provider keys, researchers say
Researchers say 15 JetBrains Marketplace plugins posed as AI assistants while stealing user API keys for services such as OpenAI and DeepSeek. The campaign has run since October 2025 and included two plugins with more than 25,000 downloads each.
-
iRhythm says hackers stole patient data in breach of third-party business apps
iRhythm Holdings said hackers stole patient and personal information from third-party-hosted business applications. The company disclosed the breach in an SEC filing and said it found no evidence of impact to medical device systems or patient safety.
-
152 Chrome wallpaper extensions linked to ad tracking and traffic fraud
Researchers found 152 Chrome wallpaper extensions tied to a potentially unwanted program family, with 105,000 installs across 38 publisher accounts. The extensions were said to hide tracking and make extension-generated visits look like organic Google traffic.
-
Kyushu Electric says missing drive exposed data of 10.9 million customers
Kyushu Electric Power said a missing backup drive may have exposed customer data tied to up to 10.9 million accounts after staff found a server room cabinet unlocked and the device gone on May 26.
-
South Korea fines Coupang record $409 million over data breach
South Korea’s privacy regulator fined Coupang a record 624.6 billion won, about $409 million, after a breach exposed data linked to more than 37 million customers and drew findings of weak security controls.
-
Browser-based FROST attack can infer site visits from SSD timing
Researchers at Graz University of Technology say a browser-based attack called FROST can infer site visits and app launches from SSD timing, reaching 88.95% accuracy in one macOS test and working without native code or a permission prompt.
-
Oxford University says CareerConnect breach exposed user names, emails and passwords
Oxford University said a breach of its third-party CareerConnect platform exposed user names, email addresses and encrypted passwords on May 28. The university said its own systems were not compromised and warned of possible phishing attempts.








