Data Breach Roundup (Jan 9 – Jan 15, 2026)
A data breach forum having a breach, an investment platform sweeping theirs under the rug, major shipping company ignoring disclosures, and more.
Latest in News Briefs
Bluetooth Exploit Leaves Hundreds of Millions of Accessories Vulnerable to Full Takeover
Researchers have discovered a vulnerability in Google Fast Pair, dubbed WhisperPair, that leaves affected accessories open to being fully controlled by an attacker.
Windscribe launches privacy alliance with Addy.io, Notesnook, Kagi, and Ente
By offering discounts to current users, Windscribe wants you to invest your money into specialists, not bundled ecosystems.
Trail of Bits Exposes Vulnerabilities in Agentic Browsers, Compares to Cross-Site Scripting
Security research and consulting firm Trail of Bits analyzed agentic AI in browsers and found vulnerabilites that resemble cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
Another private equity firm acquires Threema
Funded by private equity firm AFINUM Management since 2020, Threema has agreed to a secondary buyout from Comitis Capital.
Encrypted RCS Spotted in iOS 26.3 Beta
Mention of the long-awaited RCS end-to-end encryption (E2EE) support in the iOS 26.3 beta was spotted by Tiion-X83 on X via a carrier bundle setting that would let carriers enable E2EE for RCS messaging.
Instagram Password Reset Emails Sent Out to Users Unprompted
Instagram users were sent password reset emails recently that they didn’t request, but Instagram says there was no breach of their system.
Data Breach Roundup (Jan 2 – Jan 8, 2026)
From cryptocurrency to healthcare, 2026 seems set to bring us more of the same breaches.
Logitech macOS Software Fails, Leaving Mice and Keyboards Malfunctioning
Logitech’s G HUB and Logi Options+ software stopped working, leaving users who relied on it for managing their mice and keyboards high and dry.
Texas Man Rescues Daughter Using Phone's Location Feature
Illustrating the importance of threat models
Telegram Adds Passkey Support, Still Requires Phone Number
Telegram has added support for passkeys, a secure and convenient sign-in method, replacing SMS verification codes.
Multiple Vulnerabilities Found in GnuPG
Gnu Privacy Guard, a popular implementation of the OpenPGP standard, was found to have multiple vulnerabilities including modifying the plaintext shown to the user and modifying files on the user’s system.
Connectivity Standard Alliance Launches Aliro Standard for Smart Locks
The Connectivity Standards Alliance has launched their new standard for secure, interoperable smart locks called Aliro.
Data Breach Roundup (Dec 26, 2025 – Jan 1, 2026)
WIRED, crypto, and 2026's first candidate for "cascading data breach"
AI Data Centers May Start Using Radio Instead of Copper
AI data centers are running up against the physical limits of copper for transmitting data, so radio is being considered as a replacement.
Data Breach Roundup (Dec 19 – Dec 25, 2025)
The Aflac breach affected 22.6 million customers. And this was a slow week.
Cloudflare Explains Plan for Resilience After Multiple Outages
Following multiple outages, Cloudflare outlines their plan to improve resilience of their network, titled “Code Orange: Fail Small.”
The Linux Foundation Announces Formation of the Agentic AI Foundation
The Linux Foundation announced the newly formed Agentic AI Foundation to standardize and support an open, collaborative ecosystem for agentic AI.
Texas sues Smart TV Makers for Spying on People's Watch Habits
The Texas Attorney General has launched a lawsuit against five major smart TV manufacturers - Sony, Samsung, LG, Hisense, and TCL - over their use of Automated Content Recognition, or ACR.
Neobank Bunq Shares Customers’ Investments to Their Contacts Without Permission
Bunq, a Dutch neobank that’s been growing in popularity in recent years, has started sharing users’ investments with others on their contacts list, according to RTL.
Data Breach Roundup (Dec 12 – Dec 18, 2025)
Data breaches at Hama Film, Home Depot, 700Credit, PornHub, Askul, SoundCloud, University of Sydney, plus an update on last week's Coupang data breach.