A 500-page document reviewed by WIRED shows Corellium engaged with several controversial companies, including spyware maker NSO Group.

Attorneys general found that Google violated state consumer protection laws by misleading consumers about its location-data practices, tracking consumers even when their location history setting was turned off.

Apple is facing a proposed federal class action alleging that it records users' mobile activity without their consent and despite privacy...

Christopher Wray, the F.B.I.’s director, told Congress last December that the bureau purchased the phone hacking tool Pegasus for research and development purposes.

The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children. An ICO investigation found that the DfE’s poor due diligence meant a database of pupils’ learning records was ultimately used by Trust Systems Software UK Ltd (trading as Trustopia), an employment screening firm, to check whether people opening online gambling accounts were 18.

Leaked data obtained by TechCrunch reveals the notorious network of Android spyware apps tracked locations and recorded calls of Americans.

Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.

Today, the US government published an executive order, allegedly limiting US surveillance. This is a first statement by noyb.

The executive order will give EU citizens redress for intelligence collection that violates U.S. laws.

With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.

The “Augury” platform includes highly sensitive network data that Team Cymru, a private company, is selling to the military. “It’s everything. There’s nothing else to capture except the smell of electricity,” one cybersecurity expert said.

A data broker has been selling raw location data about individual people to federal, state, and local law enforcement agencies, EFF has learned. This personal data isn’t gathered from cell phone towers or tech giants like Google — it’s obtained by the broker via thousands of different apps on Android and iOS app stores as part of the larger location data marketplace.

A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000 "...the extensions also track the user’s browsing activity."

Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time, according to public records and internal emails obtained by The Associated Press.

When people seek medical care or visit other sensitive locations, they may think their presence is confidential.

At a moment when education technology firms are stockpiling sensitive information on millions of school children, safeguards for student data have broken down.

Iranian hacker group Sharp Boys obtained personal data from over 20 Israeli tourism sites.

For years, activists and academics have been raising concerns that facial analysis software that claims to be able to identify a person’s age, gender and emotional state can be biased, unreliable or invasive — and shouldn’t be sold.

Critics say the government isn’t doing enough to inform the public about such secretive surveillance.

German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies.

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]

The Information Commissioner’s Office (ICO) has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition. The ICO has also issued an enforcement notice, ordering the company to stop obtaining and using the personal data of UK residents that is publicly available on the internet, and to delete the data of UK residents from its systems.

User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our evidence indicates that the use of the CNAME scheme threatens web security and privacy systematically and in general

Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

The data could be a potential first step to identifying the users of a specific app in a post-abortion rights America.

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.

Web users enter their email addresses into online forms for a variety of reasons, including signing in or signing up for a service or subscribing to a newsletter. While enabling such functionality, email addresses typed into forms can also be collected by third-party scripts even when users change their minds and leave the site without submitting the form.

Rules for industries and governments aim to prevent all-out cyber breakdown.

ISPs are quietly distributing "netflow" data that can, among other things, trace traffic through VPNs.

Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.