Policy & Government
European Parliament Advances "Chat Control 2.0," Clearing Big Tech to Scan Messages for CSAM
A pointed EU privacy-and-messaging shift — compliance implications for Big Tech and civil-society groups this week.
The protocols, regulations, and technical safeguards governing the collection, storage, and sharing of personal data. This coverage explores the balance between digital utility and individual rights, focusing on encryption, data residency, and the security implications of corporate data retention policies.
Policy & Government
A pointed EU privacy-and-messaging shift — compliance implications for Big Tech and civil-society groups this week.
Data Privacy
A pointed export-control-policy disclosure — the spyware-inquiry rapporteur becomes the target.
Artificial Intelligence (AI)
A multi-vendor AI-browser research disclosure — defender posture-review work for organizations deploying agentic browsers this week.
Policy & Government
A bipartisan House vote on child-safety platform obligations — Senate outlook and industry response in focus this week.
Mobile Security
A scale-significant AI-app privacy disclosure with developer accountability implications: Wake Forest researchers found 282 of 444 iOS AI apps exposing usable LLM credentials in their own network traffic, and most stayed open months after notification.
Data Breaches
Another scale-significant Japanese-sector disclosure: Aflac Life Insurance Japan says intruders sat in its policyholder portal for ten days and exfiltrated the personal data of roughly 4.38 million customers and agents.
Threat Intelligence
Browser-extension enforcement action at scale from Microsoft. The company pulled 119 Edge add-ons that concealed payloads inside image and font files, with a combined install base reported at up to 2.6 million, and suspended the developer accounts behind them.
Cybercrime
A coordinated US law-enforcement push against a Russian-intelligence messaging-app campaign pairs a Rewards for Justice bounty with an FBI advisory on Signal backup-recovery-key theft.
Data Breaches
Identity-data exposures continue at scale. A cannabis-club membership platform reportedly left nearly a million passports and ID photos reachable on the open internet with no password — a consumer-notification story for the week.
Nation-State Cyber Threats
A Russian-intelligence campaign against messaging-app credentials, documented by Ukraine, uses fake support texts to coax Signal and WhatsApp users into surrendering the codes that unlock their accounts.
Data Breaches
A high-profile prediction-market disclosure of user-fund theft: a compromised third-party vendor injected a malicious script into Polymarket's frontend, draining roughly $3.1 million from eleven user wallets, with the platform pledging full refunds.
Mobile Security
Cellebrite's stated sales-restriction practice gets fresh scrutiny via human-rights documentation, after researchers tied its forensic tooling to a jailed Russian activist's iPhone months after the company said it had pulled out.