Privacy
-
Coupang says data breach exposed 33.7 million customer records
Coupang has acknowledged a data breach affecting about 33.7 million domestic customer accounts, exposing names, contact details, shipping addresses and partial order histories; the company says credentials and payment card data were not accessed, has notified authorities and is investigating.
-
French Football Federation discloses data breach after compromised account
The French Football Federation said attackers used a compromised account to access administrative software for clubs, stealing personal and contact details; the FFF disabled the account, reset passwords, filed a criminal complaint and notified ANSSI and CNIL.
-
Researchers propose observational audit to detect label leakage in machine learning models
A new observational auditing framework lets testers detect whether machine learning models leak training labels without altering training data, using proxy labels and attacker-based tests; experiments on image and click datasets showed tighter privacy settings reduced leakage.
-
OpenAI notifies some API customers after Mixpanel analytics vendor hacked
OpenAI said some ChatGPT API customers had limited identifying information exposed after a smishing-driven compromise of analytics vendor Mixpanel; no chats, API requests, credentials or payment data were exposed and both companies have taken mitigation steps while investigations continue.
-
Dartmouth College confirms data breach after Clop posts Oracle EBS data
Dartmouth College said files taken from its Oracle E-Business Suite servers were posted by the Clop extortion group. A Maine filing identified 1,494 individuals whose records included names and Social Security numbers, and an appendix said financial account data was also taken. The college has not yet filed a New Hampshire notice and has not…
-
CISA warns of active spyware campaigns targeting messaging app users
CISA warned that threat actors are actively using commercial spyware and remote access trojans to compromise users of mobile messaging apps, citing multiple campaigns that used techniques such as zero‑click exploits, device‑linking QR codes and spoofed apps, and urged high‑value individuals to follow specific security guidance.
-
Harvard discloses Alumni Affairs data breach after voice phishing attack
Harvard said systems used by its Alumni Affairs and Development office were accessed in a phone-based phishing attack discovered on Nov. 18, 2025, exposing contact and fundraising-related information for alumni, donors, students and staff; the university said no Social Security numbers, passwords, payment card or other financial data were in the compromised systems.
-
MI5 warns Chinese agents using social media and fake recruiters to target UK parliament and officials
MI5 has issued an espionage alert warning that Chinese intelligence officers are using social media and fake recruiters to cultivate people with access to sensitive UK information, Security Minister Dan Jarvis told parliament, and the government has removed Chinese-made surveillance equipment from sensitive sites.
-
French childcare payroll service reports data breach affecting up to 1.2 million people
Pajemploi said a cyberattack detected on November 14 may have exposed personal data for up to 1.2 million employees using its service, including names, birthplaces, addresses and social security numbers; the agency said IBANs, emails and phone numbers were not accessed and affected individuals will be notified.
-
Meta gives researchers a WhatsApp Research Proxy and tightens anti-scraping protections
Meta has given selected bug bounty researchers access to a WhatsApp Research Proxy and launched a pilot to study platform abuse, while adding anti‑scraping protections after a public report showed how contact discovery could be abused to enumerate accounts at scale. Meta also patched a Unity‑related vulnerability affecting Quest devices and said it has paid…
