#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Privacy | Breaking Cybersecurity News | The Hacker News

Category — Privacy
Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code

Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code

Apr 30, 2025 Secure Coding / Vulnerability
Meta on Tuesday announced LlamaFirewall , an open-source framework designed to secure artificial intelligence (AI) systems against emerging cyber risks such as prompt injection, jailbreaks, and insecure code, among others. The framework , the company said, incorporates three guardrails, including PromptGuard 2, Agent Alignment Checks, and CodeShield. PromptGuard 2 is designed to detect direct jailbreak and prompt injection attempts in real-time, while Agent Alignment Checks is capable of inspecting agent reasoning for possible goal hijacking and indirect prompt injection scenarios. CodeShield refers to an online static analysis engine that seeks to prevent the generation of insecure or dangerous code by AI agents. "LlamaFirewall is built to serve as a flexible, real-time guardrail framework for securing LLM-powered applications," the company said in a GitHub description of the project. "Its architecture is modular, enabling security teams and developers to com...
WhatsApp Launches Private Processing to Enable AI Features While Protecting Message Privacy

WhatsApp Launches Private Processing to Enable AI Features While Protecting Message Privacy

Apr 29, 2025 Artificial Intelligence / Data Protection
Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence (AI) capabilities in a privacy-preserving manner. "Private Processing will allow users to leverage powerful optional AI features – like summarizing unread messages or editing help – while preserving WhatsApp's core privacy promise," the Meta-owned service said in a statement shared with The Hacker News. With the introduction of the latest feature, the idea is to facilitate the use of AI features while still keeping users' messages private. It's expected to be made available in the coming weeks. The capability, in a nutshell, allows users to initiate a request to process messages using AI within a secure environment called the confidential virtual machine (CVM) such that no other party, including Meta and WhatsApp, can access them. Confidential processing is one of the three tenets that underpin the feature, the others being - Enf...
cyber security

10 Steps to Microsoft 365 Cyber Resilience

websiteVeeamCyber Resilience / Data Security
75% of organizations get hit by cyberattacks, and most report getting hit more than once. Read this ebook to learn 10 steps to take to build a more proactive approach to securing your organization's Microsoft 365 data from cyberattacks and ensuring cyber resilience.
WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads

WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads

Apr 24, 2025 Data Protection / Artificial Intelligence
WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement. The optional feature, when enabled, prevents others from exporting chats, auto-downloading media to their phone, and using messages for artificial intelligence (AI) features. However, it's worth noting users can still take individual screenshots, or manually download the media. The popular messaging service said the feature is "best used" when engaging in sensitive conversations with groups where it's possible that users may not know everyone closely. The feature, WhatsApp said, is rolling to all users who are on the latest version of the application. The disclosure comes as the ...
cyber security

The Ultimate Guide to SaaS Identity Security in 2025

websiteWing SecuritySaaS Security / Identity Threat Detection
Discover how to protect your SaaS apps from identity-based breaches with this expert 2025 guide—learn practical steps to secure every account and keep your data safe.
Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Apr 23, 2025 Privacy / Artificial Intelligence
Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," Anthony Chavez, vice president of Privacy Sandbox at Google, said . "Users can continue to choose the best option for themselves in Chrome's Privacy and Security Settings." Back in July 2024, the tech giant said it had abandoned its plans to deprecate third-party tracking cookies and that it intends to roll out a new experience instead that lets users make an informed choice. Google said feedback from publishers, developers, regulators, and the ads industry has made it clear there are "divergent perspectives" on making changes that could affect the availability of third-party cookies. In its...
Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

Apr 01, 2025 Data Protection / Privacy
Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework. The Autorité de la concurrence said it's imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25, 2023. ATT, introduced by the iPhone maker with iOS 14.5, iPadOS 14.5, and tvOS 14.5, is a framework that requires mobile apps to seek users' explicit consent in order to access their device's unique advertising identifier (i.e., the Identifier for Advertisers or IDFA ) and track them across apps and websites for purposes targeted advertising. "Unless you receive permission from the user to enable tracking, the device's advertising identifier value will be all zeros and you may not track them," Apple notes on its website. "While you can display the AppTr...
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions

Mar 17, 2025 Web Security / Cyber Threat
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and privacy. "The features available in CSS allow attackers and spammers to track users' actions and preferences, even though several features related to dynamic content (e.g., JavaScript) are restricted in email clients compared to web browsers," Talos researcher Omid Mirzaei said in a report published last week. The insights build upon previous findings from the cybersecurity company about a spike in email threats leveraging hidden text salting in the second half of 2024 with an aim to get around email spam filters and security gateways. This technique particularly entails using legitimate features of the Hypertext Markup Language (HTML) and CSS to include commen...
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

Mar 14, 2025 Mobile Security / Encryption
The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol via what's called the RCS Universal Profile 3.0 . "The new specifications define how to apply MLS within the context of RCS," Tom Van Pelt, technical director of GSMA, said . "These procedures ensure that messages and other content such as files remain confidential and secure as they travel between clients." This also means that RCS will be the first "large-scale messaging service" to have support for interoperable E2EE between different client implementations from different providers in the near future. It's worth noting that Google's own implemen...
Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

Mar 05, 2025 Mobile Security / Artificial Intelligence
Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information. "These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations," Google said . "And more phone calling scammers are using spoofing techniques to hide their real numbers and pretend to be trusted companies." The company said it has partnered with financial institutions to better understand the nature of scams customers are encountering, thereby allowing it to devise AI models that can flag suspicious patterns and deliver real-time warnings over the course of a conversation without sacrificing user privacy. These models run completely on-device , alerting users in the event of a likely scam. Users then have an option to either dismiss or report and block the sender. The setting is enabled by default and applies only to conversatio...
⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

Mar 03, 2025
This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely on can hide risky surprises. We've sifted through a storm of cyber threats—from phishing scams to malware attacks—and broken down what it means for you in clear, everyday language. Get ready to dive into the details, understand the risks, and learn how to protect yourself in an increasingly unpredictable online world. ⚡ Threat of the Week Serbian Youth Activist Targeted by Android 0-Day Exploit Chain — A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit chain developed by Cellebrite to unlock the device and likely deploy an Android spyware called NoviSpy. The flaws combined ...
Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

Mar 01, 2025 Privacy / Data Protection
Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states - You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice . It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content. A previous version of this clause, which went into effect on February 26, said - When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox. The development came days after the company introduced a T...
⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma

⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple's Data Dilemma

Feb 24, 2025
Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you understand the changing threats in our digital world. ⚡ Threat of the Week Lazarus Group Linked to Record-Setting $1.5 Billion Crypto Theft — The North Korean Lazarus Group has been linked to a "sophisticated" attack that led to the theft of over $1.5 billion worth of cryptocurrency from one of Bybit's cold wallets, making it the largest ever single crypto heist in history. Bybit said it detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a planned routine transfer process on February 21, 2025, at around 12:30 p.m. UTC. The incident makes it the biggest-ever cryptocurrency heist reported to date, dwarfing that of Ronin Network ($624 million), Poly N...
Expert Insights / Articles Videos
Cybersecurity Resources