Fragnesia, the latest local privilege escalation vulnerability in the same family as Dirty Frag, emerges as an “unintended side effect of one of the patches addressing the original Dirty Frag vulnerabilities” according to the original creator of Dirty Frag, Hyunwood Kim.
This week featured some high-risk breaches including banks, cars, and water utilities.
An anonymous security researchers known as Nightmare-Eclipse has published two more Windows zero-day exploits, YellowKey and GreenPlasma, after already publishing 3 earlier this year.
Android has introduced some new protections against scammers and malware, some powered by agentic AI.
The Canvas breach quickly became the biggest hack of the week, but a couple others slipped under the radar.
Governor Spencer Cox has signed a law stating that websites are accountable for determining if a user is physically located in Utah, even from behind a VPN.
Canvas, software used by thousands of schools in the U.S., has been hacked and the private data of staff and students stolen.
A new investigation from Bloomberg has revealed how state-run health insurance marketplaces have - often accidentally - been sharing sensitive data with tech giants. The United States healthcare landscape is complicated. The healthcare system is largely privatized. Many employers offer health insurance to full-time employees, while those not covered can
Two new Linux local privilege escalation vulnerabilities were discovered in the same vulnerability class as Copy Fail, affecting most Linux distributions.
Google announced that “you can now choose to share your approximate location with websites, instead of sharing precise location” on Chrome for Android.
Proton Mail now offers post-quantum encryption to protect against future threats from quantum computers.
Under the proposed settlement, Kochava would be required to implement a slew of oversights and allow consumers to have more control over their data.
The company surprisingly emphasizes reduced fraud instead of visitor safety.
9to5mac spotted in the release notes of iOS 26.5 RC confirmation that the long-awaited RCS end-to-end encryption feature will ship with iOS 26.5.
Fedora 44 has released, and with it comes a new offering: sealed bootable container images, which “include all the components needed to create a fully verified boot chain.”
OpenAI has introduced new security protections for ChatGPT accounts called Advanced Account Security, to protect users against account takeover.
A new exploit called copy.fail has emerged that can root just about any Linux distribution shipped since 2017 using just an unprivileged user account.
A security company, two medtech companies, a video streaming service, and an older attack we missed last week compromise this week's data breach headlines.
Firefox has bundled adblock-rust, Brave’s memory-safe content blocker, into Firefox in version 149, although disabled by default.
A popular app-infrastructure provider, an important French government agency, a watchmaker, and a cosmetics giant make up this week's confirmed data breaches.
The fingerprinting company fingerprint.com discovered a vulnerability affecting “all Firefox-based browsers” that would allow a “stable process-lifetime identifier” during a browsing session, including after pressing the “New Identity“ button in Tor browser.