923 matches found
A week in security (February 24 – March 2)
Last week on Malwarebytes Labs: Millions of stalkerware users exposed again PayPal’s "no-code checkout" abused by scammers Countries and companies are fighting at the expense of our data privacy Roblox called "real-life nightmare for children" as Roblox and Discord sued Android happy to check you...
Countries and companies are fighting at the expense of our data privacy
Data privacy issues are a hot topic in a world where we apparently don’t know who to trust anymore. A few weeks ago, we reported how the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. This week, Apple decided to pull the plug on Advanced Data...
Surveillance pricing is “evil and sinister,” explains Justin Kloczko (Lock and Code S06E04)
This week on the Lock and Code podcast … Insurance pricing in America makes a lot of sense so long as you’re one of the insurance companies. Drivers are charged more for traveling long distances, having low credit, owning a two-seater instead of a four, being on the receiving end of a car crash,...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns
Italy's data protection watchdog has blocked Chinese artificial intelligence AI firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking...
A week in security (January 20 – January 26)
Last week on Malwarebytes Labs: Your location or browsing habits could lead to price increases when buying online AI tool GeoSpy analyzes images and identifies locations in seconds 7-Zip bug could allow a bypass of a Windows security feature. Update now Warning: Don’t sell or buy a second hand...
Three privacy rules for 2025 (Lock and Code S06E02)
This week on the Lock and Code podcast… It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for...
Three privacy rules for 2025 (Lock and Code S06E02)
This week on the Lock and Code podcast… It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for...
Insurance company accused of using secret software to illegally collect and sell location data on millions of Americans
Insurance company Allstate and its subsidiary Arity unlawfully collected, used, and sold data about the location and movement of Texans’ cell phones through secretly embedded software in mobile apps, according to Texas Attorney General Ken Paxton. Attorney General Paxton says the companies didn't...
CVE-2025-0055 Information Disclosure vulnerability in SAP GUI for Windows
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in...
Inside the Black Box of Predictive Travel Surveillance
Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict who’s safe—and who’s a threat...
Apps That Are Spying on Your Location
404 Media and Wired are reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating ap...
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the bloc's own data privacy regulations. The development marks the first time the Commission has bee...
Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations
Italy's data protection authority has fined ChatGPT maker OpenAI a fine of €15 million $15.66 million over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its...
These cars want to know about your sex life (re-air) (Lock and Code S05E25)
This week on the Lock and Code podcast … Two weeks ago, the Lock and Code podcast shared three stories about home products that requested, collected, or exposed sensitive data online. There were the air fryers that asked users to record audio through their smartphones. There was the smart ring...
AI is everywhere, and Boomers don’t trust it
Artificial intelligence tools like ChatGPT, Claude, Google Gemini, and Meta AI represent a stronger threat to data privacy than the social media juggernauts that cemented themselves in the past two decades, according to new research on the sentiments of older individuals from Malwarebytes. A...
AI-Powered APIs: Expanding Capabilities and Attack Surfaces
AI and APIs have a symbiotic relationship. APIs power AI by providing the necessary data and functionality, while AI enhances API security through advanced threat detection and automated responses. In 2023, 83% of Internet traffic traveled through APIs, but there was a 21% increase in API-related...
The Global Surveillance Free-for-All in Mobile Ad Data
Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a New...
23andMe will retain your genetic information, even if you delete the account
Deleting your personal data from 23andMe is proving to be hard. There are good reasons for people wanting to delete their data from 23andMe: The DNA testing platform has a lot of problems, so let’s start with a recap. A little over a year ago, cybercriminals put up information belonging to as man...
5 Ways to Reduce SaaS Security Risks
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based...