Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones

Code reviewed by WIRED uncovered an unreleased face-recognition system embedded in Meta’s smart glasses platform. It’s designed to identify people via biometric data stored on users’ phones...

Biometrics, diagnoses, and bank details exposed in major healthcare breach

NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...

YouTube wants your face to fight deepfakes

If you're worried about deepfake likenesses of yourself showing up online, you're not alone; YouTube is worried for you. It wants to protect you by having you upload a selfie video and government ID to its site. The idea is that the video giant will use its own AI to patrol the service for fake...

CVE-2026-35455

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

CVE-2026-35455

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

CVE-2026-35455 immich has Stored XSS via OCR Text in 360° Panorama Viewer

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

immich 跨站脚本漏洞

immich is a high-performance, open-source, self-hosted solution for managing photos and videos. Versions of immich prior to 2.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a stored-cross-site scripting flaw within the 360-degree panorama viewer, which could...

PT-2026-31431

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

Could your face change what you pay? NYC wants limits on biometric tracking

New York City lawmakers are pushing to ban private businesses from using biometric tools like voice and facial recognition software to track the public. While the desire to use surveillance technology in stores to fight shoplifting is understandable, lawmakers and privacy advocates are worried th...

Quantum Secure Biometric Authentication in Decentralised Systems

Biometric authentication has become integral to digital identity systems, particularly in smart cities where it en-ables secure access to services across governance, trans-portation, and public infrastructure. Centralised archi-tectures, though widely used, pose privacy and scalabil-ity challenge...

The Wegman’s Supermarket Chain Is Probably Using Facial Recognition

The New York City Wegman's is collecting biometric information about customers...

EUVD-2024-54616

Malicious code in bioql PyPI...

FacialMotionID: Identifying Users of Mixed Reality Headsets Using Abstract Facial Motion Representations

Facial motion capture in mixed reality headsets enables real-time avatar animation, allowing users to convey non-verbal cues during virtual interactions. However, as facial motion data constitutes a behavioral biometric, its use raises novel privacy concerns. With mixed reality systems becoming...

Facebook wants to look at your entire camera roll for “AI restyling” suggestions, and more

Facebook's pursuit of your personal data continues apace, and now it has a new target: photos on your phone that you haven't shared with it yet. Techcrunch reports that the social media giant is now asking its users to peek at the photos on their phones' camera rolls. In return it will give them...

CVE-2024-13916

An application "com.pri.applock", which is pre-loaded on Kruger smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public method query allows any...

CVE-2024-13917

An application "com.pri.applock", which is pre-loaded on Kruger smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system...

CVE-2024-13916

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public method query allows...

Location Tracking App for Foreigners in Moscow

Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones. Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location Fingerprint Face photograph...

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users' personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle...

A Framework to Prevent Biometric Data Leakage in the Immersive Technologies Domain

Doubtlessly, the immersive technologies have potential to ease people's life and uplift economy, however the obvious data privacy risks cannot be ignored. For example, a participant wears a 3D headset device which detects participant's head motion to track the pose of participant's head to match...