Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

Italy's data protection watchdog has blocked Chinese artificial intelligence AI firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking...

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data. For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence AI field. The...

Texas scrutinizes four more car manufacturers on privacy issues (updated)

The Texas Attorney General’s Office has started an investigation into how Ford, Hyundai, Toyota, and Fiat Chrysler collect, share, and sell consumer data, expanding an earlier probe launched last year into how modern automakers are potentially using customer driving data. We've addressed cars and...

Malicious code in next-refresh-token (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d44ee35f1e7a2f1a815de12ce539b2c3ffcb9ef5dc72eb632de64e000cf1b7 Any computer that has this package installed or runni...

MAL-2025-142 Malicious code in next-refresh-token (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d44ee35f1e7a2f1a815de12ce539b2c3ffcb9ef5dc72eb632de64e000cf1b7 Any computer that has this package installed or runni...

MAL-2025-265 Malicious code in openssl-node (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06f19e257e800106253b9b27f14e1caac48d65284d85d47aa244d8aa9bfc97a8 Any computer that has this package installed or runni...

The vulnerability of the software tool for collecting network and application performance data from Cisco ThousandEyes Endpoint Agent, related to errors in the certificate validation process, allows attackers to escalate their privileges.

The vulnerability of the software tool for collecting network performance and Cisco ThousandEyes Endpoint Agent application data is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6, which stems from a lack of CSRF protection for the logout feature, which allows an attacker to send a CSV file to the victim to view uploaded data...

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

A hack of location data company Gravy Analytics has revealed which apps are—knowingly or not—being used to collect your information behind the scenes...

CVE-2024-13240

Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05...

CVE-2024-13241

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5...

CVE-2024-13241

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5...

CVE-2024-13240

Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05...

CVE-2024-13240 Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004

Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap 15.0.0 and earlier versions, which stems from a lack of sufficient input validation of the Project Dashboard name field, making it vulnerable to a stored cross-site...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap 15.0.0 and earlier versions that stems from a lack of cross-site request forgery protection in the logout feature, which allows an attacker to trigger a logout request and...

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at...

Troubleshooting Guidance for Apps Optimized with Citrix Unified Communications SDK

Document what data needs to be collected for Citrix support and Citrix engineers to troubleshoot issues with a vendor application that is optimized with Citrix Unified Communications SDK...

These cars want to know about your sex life (re-air) (Lock and Code S05E25)

This week on the Lock and Code podcast … Two weeks ago, the Lock and Code podcast shared three stories about home products that requested, collected, or exposed sensitive data online. There were the air fryers that asked users to record audio through their smartphones. There was the smart ring...

Malicious code in omigo-data-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae4cfba5955464b4ebdf67da4386ccc25b7431d6dfc11e70146b23c0a8185860 The package looks like a beginning for a further work. In fact, the uploader has shortly published a few similar packages appearing to be e.g. an integration f...