This tactic of using browser extensions to stealthily capture AI conversations has been codenamed Prompt Poaching by Secure Annex. The two newly identified extensions "were found exfiltrating user conversations and all Chrome tab URLs to a remote C2 server every 30 minutes," OX Security researcher Moshe Siman Tov Bustan said. "The malware adds malicious capabilities by requesting consent for 'anonymous, non-identifiable analytics data' while actually exfiltrating complete conversation content from ChatGPT and DeepSeek sessions."
IT security teams, especially the compliance cast, love drama. The slower, more arcane, and less intelligible the script, the louder the applause. Every few years, someone strides onstage with a seemingly edgy rallying cry: "Let's burn it all down and start again!" Let's be honest: torching the set doesn't fix the play. The real villain isn't any one framework. It's the lackluster production we force our best people to perform "assessments" that consume weeks, cost a fortune, and deliver stale, unread artifacts.
Last year, Google decided not to deprecate third-party cookies in Chrome after all. This year, Google decided to jettison its backup plan and not even launch a planned choice prompt for cookies in its browser. By October, the Privacy Sandbox was all but kaput. The UK's Competition and Markets Authority released Google from its Privacy Sandbox commitments and - Psych. I'm done writing about third-party cookie deprecation, guys. Let's move on, fur real.
Digital surveillance can affect workers' physical and mental health in both positive and negative ways, according to a recent report from the U.S. Government Accountability Office. For instance, monitoring tools or apps can alert employees about potential health problems or increase their sense of safety. However, these technologies can also increase anxiety or the risk of injury by pushing workers to move faster to meet productivity goals.
According to the California Privacy Protection Agency, more than 500 companies actively scour all sorts of sources for scraps of information about individuals, then package and store it to sell to marketers, private investigators, and others. The nonprofit Consumer Watchdog said in 2024 that brokers trawl automakers, tech companies, junk-food restaurants, device makers, and others for financial info, purchases, family situations, eating, exercising, travel, entertainment habits, and just about any other imaginable information belonging to millions of people.
Manage My Health, a portal enabling connection between individuals and their healthcare providers, experienced a cyberattack identified on Dec. 30. The New Zealand-based organization published a statement to its website the following day, and as of Jan. 5, has continued to post subsequent updates as information has come available. Following the forensic investigations, the organization believes around 7% of 1.8 million registered patients may have been impacted.
A statement by the social media behemoth reads: "We want to let advertisers know that we will be shutting down Partner Categories. This product enables third party data providers to offer their targeting directly on Facebook. "While this is common industry practice, we believe this step, winding down over the next six months, will help improve people's privacy on Facebook."
To start making changes to what's visible, click one of the Update buttons on the right. The Profile and Avatar options lead to options such as your display name and picture on Reddit, the social links you have displayed on your profile, and how you want Reddit to notify you about activity on the platform. Switch to the Privacy tab on the settings screen and you get some control over how visible your profile is.
We do not fear advances in technology - but we do have legitimate concerns about some of the products on the market now... AI continues to develop and we are hopeful that we will reach a point in the near future where these reports can be relied on. For now, our office has made the decision not to accept any police narratives that were produced with the assistance of AI.
For example, privileged information shared by foreign partners is currently not overseen by the IPC. It's common practice for national intelligence agencies, such as GCHQ, to receive reports from allies overseas, including from those in the Five Eyes alliance. These reports often contain the kind of privileged information that, in the UK, would require permission from a judicial commissioner, under the IPA, to acquire.
Rehmat Alam operates from the mountains of northern Pakistan, according to one of his online profiles. There, he flaunts his talent for harvesting LinkedIn data and advises YouTube viewers how to earn money off the internet. His company, ProAPIs, allegedly boasted in marketing materials that its software can handle hundreds of requests per second to scrape profiles, selling the underlying data for thousands of dollars a month.
Pasted on the wall next to the locked steel door that seals Laura Poitras's studio from visitors and intruders is a black poster depicting a PGP key that the filmmaker has used in the past to receive encrypted messages. It makes sense that this key-a sort of invitation to send her a secret message-is the only identifiable sign that Poitras edits her movies in this building;
Shoshana Zuboff (New England, U.S., 1951) joins the video call from her home in Maine, in the northeastern United States, on the border with Canada, where the cold is relentless at this time of year. She sips tea to warm her throat and apologizes for being late; her schedule is so packed these days that it was impossible to find an opportunity to do this interview in person.
As someone with a child in the US, this new Trump threat to scrutinise tourists' social media is concerning. Providing my user name would be OK the authorities would get sick of scrolling through chicken pics before they found anything critical of their Glorious Leader but what if I have to hand over my phone at the border, as has happened to some travellers already?
Sometimes, a false sense of intimacy with AI can lead people to share information online that they never would otherwise. AI companies may haveemployees who work on improving the privacy aspects of their models, but it's not advisable to share credit card details, Social Security numbers, your home address, personal medical history, or other personally identifiable information with AI chatbots.
"This took all of 20 minutes," Exempt, a member of the group that carried out the ploy, told WIRED. He claims that his group has been successful in extracting similar information from virtually every major US tech company, including Apple and Amazon, as well as more fringe platforms like video-sharing site Rumble, which is popular with far-right influencers. Exempt shared the information Charter Communications sent to the group with WIRED, and explained that the victim was a "gamer" from New York.
Reddit has launched a challenge in Australia's highest court against the nation's landmark social media ban for children. The online forum is among 10 social media platforms which must bar Australians aged under 16 from having accounts, under a new law which began on Wednesday. The ban, which is being watched closely around the world, was justified by campaigners and the government as necessary to protect children from harmful content and algorithms.
Ncontracts found that leadership support is rising at the compliance level, with 82% of respondents saying they're satisfied with board and management backing, while 74% are satisfied with their institution's compliance culture. More than half (56%) reported stronger integration of compliance into policies, procedures and training since 2021. Nearly 40% of institutions operate with one or two compliance professionals, while 25% of firms with $1 billion to $10 billion in assets have similarly small teams.
