Privacy
-
Hacker Threw MacBook Air in River after Breach that Exposed 33.7 Million Accounts
Investigators recovered a MacBook Air thrown into a river after a breach that exposed data for 33.7 million users. The company detailed a 1.685 trillion won compensation package and a government-led probe to manage the response.
-
Korean Air says employee data exposed after supplier hack
Korean Air said an internal notice that employee names and bank account numbers in its ERP were compromised after a hack of its supplier KC&D. Local reporting put the number of exfiltrated records at about 30,000.
-
Alleged WIRED subscriber database of 2.37 million records posted to hacking forum
An alleged WIRED subscriber database of 2,366,576 records was posted to a hacking forum on December 20. Independent analysis matched records to infostealer logs and the dataset is listed on Have I Been Pwned.
-
Two Chrome extensions intercepted traffic and exfiltrated credentials, researchers say
Researchers reported two Chrome extensions named Phantom Shuttle that posed as VPN/speed-test tools but injected hard-coded proxy credentials, routed traffic through attacker-controlled proxies and exfiltrated user credentials and other sensitive data to a command-and-control server.
-
Italy fines Apple €98.6 million over App Tracking Transparency practices
Italy’s competition authority fined Apple €98.6 million, saying App Tracking Transparency exempted Apple apps and forced developers into a burdensome double-consent process; Apple plans to appeal.
-
Malicious npm WhatsApp API ‘lotusbail’ found stealing tokens and linking attacker devices
A malicious npm package named lotusbail, downloaded more than 56,000 times, masquerades as a WhatsApp API while capturing authentication tokens, messages and contacts and linking an attacker device to victims’ WhatsApp accounts, Koi Security researchers said; ReversingLabs also disclosed related NuGet supply-chain malware.
-
South Korea to require facial scans for new mobile accounts to curb scams
The South Korean government will require facial recognition scans for new mobile accounts to curb scams, using biometric data stored in carriers’ PASS apps, after major data breaches and a large compensation order for SK Telecom customers.
-
University of Sydney says coding repository breach exposed personal data of more than 27,000
The University of Sydney said an online coding repository was breached, exposing files with personal information for more than 27,000 current and former staff and students. The university blocked access, notified regulators, began notifying affected people and set up support services, but said there was no evidence the data has been published or misused.
-
Texas sues five TV makers over alleged secret collection of viewing data
Texas Attorney General Ken Paxton sued Sony, Samsung, LG, Hisense and TCL, alleging their smart TVs used Automated Content Recognition to capture and transmit viewing data without consent; Paxton’s office also warned of national security risks tied to China-based companies.
-
PornHub targeted by ShinyHunters after Premium member activity data reportedly stolen
PornHub says it is being extorted by the ShinyHunters gang after activity data for some Premium members was reportedly stolen in a Mixpanel-related incident; Mixpanel says it can find no indication the records were taken in its November 2025 incident.
