Privacy & Security News

RSS Feed • Follow @PrivacyNews@mstdn.plus on Mastodon • Find more news on the forum

Data Breach Roundup (Jan 16 – Jan 22, 2026)

January 23, 2026

You have to admire the audacity of someone who posts on Instagram as "ihackthegovernment"

Pwn2Own Automotive Shows How Insecure Our Vehicles Are

January 23, 2026

The first day of the Pwn2Own Automotive hacking competition has kicked off in Tokyo, Japan, with “a record 73 entries” showing that our vehicles are juicier targets than ever.

Mandiant Releases Rainbow Tables for Outdated Windows NTLMv1

January 20, 2026

Mandiant, a cybersecurity firm and subsidiary of Google, has released a rainbow table for the outdated Windows NTLMv1 authentication protocol, allowing attackers to crack administrator passwords in under 12 hours using consumer hardware that costs less than $600.

ChatGPT Announces Ads Coming for Free and Go Users

January 20, 2026

OpenAI has announced it’ll be incorporating ads into ChatGPT for Free and Go users.

Data Breach Roundup (Jan 9 – Jan 15, 2026)

January 16, 2026

A data breach forum having a breach, an investment platform sweeping theirs under the rug, major shipping company ignoring disclosures, and more.

Bluetooth Exploit Leaves Hundreds of Millions of Accessories Vulnerable to Full Takeover

January 16, 2026

Researchers have discovered a vulnerability in Google Fast Pair, dubbed WhisperPair, that leaves affected accessories open to being fully controlled by an attacker.

Windscribe launches privacy alliance with Addy.io, Notesnook, Kagi, and Ente

January 16, 2026

By offering discounts to current users, Windscribe wants you to invest your money into specialists, not bundled ecosystems.

Trail of Bits Exposes Vulnerabilities in Agentic Browsers, Compares to Cross-Site Scripting

January 16, 2026

Security research and consulting firm Trail of Bits analyzed agentic AI in browsers and found vulnerabilites that resemble cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

Another private equity firm acquires Threema

An Android tablet showing the Threema inbox, an incoming call is minimized on the bottom

January 16, 2026

Funded by private equity firm AFINUM Management since 2020, Threema has agreed to a secondary buyout from Comitis Capital.

Encrypted RCS Spotted in iOS 26.3 Beta

January 13, 2026

Mention of the long-awaited RCS end-to-end encryption (E2EE) support in the iOS 26.3 beta was spotted by Tiion-X83 on X via a carrier bundle setting that would let carriers enable E2EE for RCS messaging.

Instagram Password Reset Emails Sent Out to Users Unprompted

January 13, 2026

Instagram users were sent password reset emails recently that they didn’t request, but Instagram says there was no breach of their system.

Data Breach Roundup (Jan 2 – Jan 8, 2026)

January 09, 2026

From cryptocurrency to healthcare, 2026 seems set to bring us more of the same breaches.

Logitech macOS Software Fails, Leaving Mice and Keyboards Malfunctioning

January 09, 2026

Logitech’s G HUB and Logi Options+ software stopped working, leaving users who relied on it for managing their mice and keyboards high and dry.

Texas Man Rescues Daughter Using Phone's Location Feature

January 07, 2026

Illustrating the importance of threat models

Telegram Adds Passkey Support, Still Requires Phone Number

January 07, 2026

Telegram has added support for passkeys, a secure and convenient sign-in method, replacing SMS verification codes.

Multiple Vulnerabilities Found in GnuPG

January 07, 2026

Gnu Privacy Guard, a popular implementation of the OpenPGP standard, was found to have multiple vulnerabilities including modifying the plaintext shown to the user and modifying files on the user’s system.