#keepass
#keepass

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

23 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

#data-breach

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Healthcare

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

fromDataBreaches.Net

Privacy professionals

DataBreaches.Net

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Healthcare

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

fromDataBreaches.Net

Privacy professionals

DataBreaches.Net

more#data-breach

#privacy

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Cindy Cohn's new book, Privacy's Defender, chronicles her 30-year fight for digital privacy and civil liberties.

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

fromYanko Design - Modern Industrial Design News

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.

more#apple

Mobile UX

This Finnish Privacy-focused Linux Phone Wants You to Forget Google Exists - Yanko Design

Jolla reintroduces a European smartphone ecosystem with its new phone running Sailfish OS, emphasizing privacy and independence from American tech giants.

Wearables

fromMakeUseOf

Your phone's Bluetooth is broadcasting more than you think - here's how to limit it

Bluetooth remains active and broadcasts data even when not connected, potentially allowing for tracking without user consent.

New quantum-computing advances heighten threat to elliptic curve cryptosystems

Utility-scale quantum computers can break elliptic curve cryptography much more efficiently than previously thought.

fromnews.bitcoin.com

12 hours ago

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google's whitepaper on quantum threats urges immediate post-quantum preparations, shifting the migration deadline to 2029 and highlighting vulnerabilities in blockchain security.

Shrinking PQC timeline highlights immediate risk to data security | Computer Weekly

Google's accelerated timeline for post-quantum cryptography highlights urgent data security risks posed by quantum computers that need immediate attention.

Science

New quantum-computing advances heighten threat to elliptic curve cryptosystems

Utility-scale quantum computers can break elliptic curve cryptography much more efficiently than previously thought.

fromnews.bitcoin.com

12 hours ago

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google's whitepaper on quantum threats urges immediate post-quantum preparations, shifting the migration deadline to 2029 and highlighting vulnerabilities in blockchain security.

Shrinking PQC timeline highlights immediate risk to data security | Computer Weekly

Google's accelerated timeline for post-quantum cryptography highlights urgent data security risks posed by quantum computers that need immediate attention.

more#quantum-computing

Digital life

fromBig Think

3 ways to prove you're human online

Generative AI is rapidly increasing information production, leading to a potential scarcity of human-generated content and a need for new human verification methods.

Business intelligence

fromHarvard Business Review

Beyond Locking Doors

Access control systems provide valuable data that enhances operational efficiency and decision-making beyond just security.

#ai

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

fromHarvard Business Review

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Node JS

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

fromTNW | Eu

6 hours ago

Information security

European Commission breached after hackers poisoned open-source security tool Trivy

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

Information security

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

Node JS

fromInfoQ

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

fromTNW | Eu

6 hours ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

KeeperDB brings zero-trust database access to privileged access management

Database credentials are a major attack vector, and KeeperDB integrates access controls into its PAM platform to enhance security.

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.

DevOps

fromInfoQ

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

Artificial intelligence

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Proton Workspace boasts privacy-first alternative to Google, Microsoft

Proton Workspace offers a private alternative to Google and Microsoft productivity suites, focusing on security and data protection.

fromComputerworld

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

#fbi

fromAdvocate.com

How the Kash Patel hack turned a college-linked username into a security warning

FBI Director Kash Patel's personal email was hacked, exposing over 300 emails and photos, raising concerns about digital security and identity management.

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

Threat actors accessed FBI Director Kash Patel's personal email, but no government information was compromised.

fromAdvocate.com

How the Kash Patel hack turned a college-linked username into a security warning

FBI Director Kash Patel's personal email was hacked, exposing over 300 emails and photos, raising concerns about digital security and identity management.

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

Threat actors accessed FBI Director Kash Patel's personal email, but no government information was compromised.

This App Makes Even the Sketchiest PDF or Word Doc Safe to Open

Dangerzone is a free tool that safely opens potentially harmful documents by converting them into secure image-based PDFs.

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

I turned to PrivacyBee to clean up my data - here's how it made me disappear

PrivacyBee is preferred for its comprehensive data removal services and user-friendly management tools.

fromEngadget

Proton adds a secure video conferencing service called Meet to its toolbox

Proton launches Meet, a privacy-focused video-calling service, competing with Microsoft and Google while ensuring user anonymity and security.

Why I use Apple's and Google's password managers - and don't mind the chaos

Apple and Google offer free, beginner-friendly password managers that securely store passwords across devices, with Apple best for iOS users and Google best for Android or mixed-device environments.

How to Pick Your Password Manager

Password managers are essential security tools that protect against phishing and data breaches by generating unique passwords for each site and preventing credential reuse across platforms.

Information security

Password managers' promise that they can't see your vaults isn't always true

Information security

Password managers don't protect secrets if pwned

Information security

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

3 weeks ago

Why I use Apple's and Google's password managers - and don't mind the chaos

Apple and Google offer free, beginner-friendly password managers that securely store passwords across devices, with Apple best for iOS users and Google best for Android or mixed-device environments.

How to Pick Your Password Manager

Password managers are essential security tools that protect against phishing and data breaches by generating unique passwords for each site and preventing credential reuse across platforms.

Information security

Password managers' promise that they can't see your vaults isn't always true

Information security

Password managers don't protect secrets if pwned

Information security

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

more#password-managers

#whatsapp

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

5 telltale signs that your phone has been compromised (and how to combat them)

Phone hacking can be detected through signs like battery drain, slow performance, unfamiliar logins, and reduced storage space.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Information security

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

fromTechRepublic

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

more#chrome

fromWIRED

Using a VPN May Subject You to NSA Spying

Using commercial VPNs may expose Americans to foreign surveillance laws, risking their constitutional protections against warrantless government spying.

2 weeks ago

You're being tracked online - 9 easy ways to stop the surveillance

Reducing online tracking is possible through careful browser choice, VPNs, and anti-tracking software.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

more#claude-code

#phishing

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

Tycoon 2FA continues to operate despite international takedown efforts, facilitating phishing attacks and compromising accounts without alerts.

fromEngadget

Information security

1Password adds an extra layer of phishing protection

Information security

LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords

Information security

1Password's new anti-phishing feature targets your most inescapable vulnerability - here's how

Information security

Don't click the LastPass 'create backup' link

Information security

1Password's new anti-phishing feature adds a crucial layer of protection - how it works

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

Tycoon 2FA continues to operate despite international takedown efforts, facilitating phishing attacks and compromising accounts without alerts.

fromEngadget

Information security

1Password adds an extra layer of phishing protection

Information security

LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords

Information security

1Password's new anti-phishing feature targets your most inescapable vulnerability - here's how

Information security

Don't click the LastPass 'create backup' link

Information security

1Password's new anti-phishing feature adds a crucial layer of protection - how it works

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

fromTechRepublic

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

3 weeks ago

I switched password managers without losing a single login - here's how

Switching password managers involves exporting passwords to CSV and importing them into a new app, then reviewing settings before deleting the old manager.

fromTechzine Global

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

fromTechRepublic

4 weeks ago

Bitwarden Brings Passkey Logins to Windows 11, Expanding Passwordless Sign-Ins

Bitwarden enables Windows 11 users to sign in using passkeys stored in their vault, providing phishing-resistant authentication through mobile device verification via QR code.

Gadgets

fromwww.esquire.com

4 Best Password Managers for Online Safety 2026

NordPass is an easy-to-use personal password manager offering strong features, affordable first-year pricing, xChaCha20 encryption, offline access, and secure sharing among users.

fromInfoQ

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

A vulnerability in OpenAI ChatGPT allowed sensitive data to be exfiltrated without user consent, exploiting a hidden DNS communication path.

Security boffins harvest bumper crop of API keys from web

Almost 2,000 API credentials were found exposed on 10,000 webpages, posing significant security risks to organizations and critical infrastructure.

fromTNW | Offers

Team password manager costs $1.50 & just added the features businesses actually need

Stolen credentials are a major security risk; using a password manager like Passpack can mitigate this threat effectively.

fromComputerworld

Chrome encryption bypass discovered: New malware steals passwords and cookies

The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods.

Information security

2 weeks ago

As AI agents spread, 1Password's new tool tackles a rising security threat

AI agents require credentials to access systems, creating enterprise security risks similar to managing human employee access, necessitating unified credential management solutions.

fromTechzine Global

2 weeks ago

1Password Launches Unified Access Pro for AI Agents

1Password launches Unified Access Pro to manage credentials for people, AI agents, and machine identities with device-level visibility and just-in-time credential delivery.

fromWIRED

Password Managers Share a Hidden Weakness

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.

Information security

#password-security

Information security

Every day in every way, passwords are getting worse

Information security

The 25 Most Vulnerable Passwords of 2026

fromFast Company

Information security

What if everything you think you know about passwords is wrong? Here's what really makes a strong password in 2026

Information security

Every day in every way, passwords are getting worse

Information security

The 25 Most Vulnerable Passwords of 2026

fromFast Company

Information security

What if everything you think you know about passwords is wrong? Here's what really makes a strong password in 2026

more#password-security

How to encrypt your PC's disk without giving the keys to Microsoft

Both the Home and Pro versions of Windows support disk encryption, but only the Pro versions give users full control over the process. The Home version of Windows only supports disk encryption when logged in with a Microsoft account and will only offer to store your encryption key on Microsoft's servers. To access the full version of BitLocker and back up your own recovery key, you'll need to upgrade to the Pro version of Windows.

Information security

7 apps I use to lock down, encrypt, and store my private files - and most are free

Use dedicated file-and-folder security apps across devices, stay vigilant about sharing and access, and keep operating systems and apps up to date.

Can you trust LastPass in 2026? Inside the multimillion-dollar quest to rebuild its security culture

LastPass used the 2022 data breach as a catalyst to substantially strengthen security controls and prioritize consumer security beyond typical program standards.

Think Your Data Is Secure? Not Without AES Encryption In Java

Strong encryption, especially AES-256-GCM, provides robust, reliable protection for sensitive personal data against unauthorized access and modern cyber threats.

How to keep your PC encryption key safe - from Microsoft and the FBI

Microsoft's BitLocker is a security feature built into Windows that encrypts the entire hard drive. The idea is to protect your personal files from prying eyes in case your PC is ever lost or stolen. Decrypting the data requires a BitLocker recovery key, which is supposed to be safe from access by other people. Aah, but not so fast. Microsoft has confirmed to Forbes that it will provide your BitLocker recovery key if it receives a valid legal order.

Information security

#aes-256-gcm

Information security

Think Your Data Is Secure? Not Without AES Encryption In Java

Information security

Think Your Data Is Secure? Not Without AES Encryption In Java

Information security

Think Your Data Is Secure? Not Without AES Encryption In Java

Information security

Think Your Data Is Secure? Not Without AES Encryption In Java

Think Your Data Is Secure? Not Without AES Encryption In Java

AES-256-GCM strong encryption provides robust, reliable protection for sensitive personal data as a last line of defense against modern cyber threats.