#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Maximizing Efficiency and Security in Government Cloud Environments

data privacy | Breaking Cybersecurity News | The Hacker News

Category — data privacy
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials

Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials

Jun 05, 2025 Browser Security / Online Safety
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response team, said . "By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext." The fact that the network traffic is unencrypted also means that they are susceptible to adversary-in-the-middle (AitM) attacks, allowing malicious actors on the same network such as a public Wi-Fi to intercept and, even worse, modify this data, which could lead to far more serious consequences. The list of identified extensions are below - SEMRush Rank (extension ID: idbhoeaiokcojcgappfigpifhpkjgmab) and P...
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

May 28, 2025 Data Privacy / Vulnerability
Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted," the Oasis Research Team said in a report shared with The Hacker News. "This flaw could have severe consequences, including customer data leakage and violation of compliance regulations." It's assessed that several apps are affected, such as ChatGPT, Slack, Trello, and ClickUp, given their integration with Microsoft's cloud service. The problem, Oasis said, is the result of excessive permissions requested by the OneDrive File Picker, which seeks read access to the entire drive, even in cases only a single file is uploaded due to the absence of fine-grai...
CISO's Guide To Web Privacy Validation And Why It's Important

CISO's Guide To Web Privacy Validation And Why It's Important

May 26, 2025 Data Privacy / Web Security
Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO's guide provides a practical roadmap for continuous web privacy validation that's aligned with real-world practices. – Download the full guide here . Web Privacy: From Legal Requirement to Business Essential As regulators ramp up enforcement and users grow more privacy-aware, CISOs face a mounting challenge: ensuring that what their organization says about privacy matches what their digital assets are doing . 70% of top US websites still drop advertising cookies even when users opt out, a clear contradiction of privacy claims. This gap exposes organizations to compliance failures, reputational damage, and user distrust. A Practical Approach to Web Privacy Validation Drawing from real-world incidents and regulatory trends, this guide outlines how CISOs can integrate continuous privacy validation into their security operations and explains why it's becoming a foundational practice....
cyber security

Navigating the Maze: How to Choose the Best Threat Detection Solution

websiteSygniaThreat Detection / Cybersecurity
Discover how to continuously protect your critical assets with the right MDR strategy. Download the Guide.
cyber security

Phishing Response Automation Playbook: Reduce Security Analysts' Time on Phishing Alerts

websiteUnderdefensePhishing Protection / Incident Response
Automate your phishing detection and response: from identifying phishing emails to conducting impact analysis and remediation. This playbook includes a phishing response checklist and a step-by-step guide for handling detected phishing emails.
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

May 15, 2025 Browser Security / Web Security
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page," according to a description of the flaw. The tech giant credited security researcher Vsevolod Kokorin (@slonser_) with detailing the flaw in X on May 5, 2025, adding it's aware "an exploit for CVE-2025-4664 exists in the wild." "Unlike other browsers, Chrome resolves the Link header on sub-resource requests," Kokorin said in a series of posts on X earlier this month. "The issue is that the Link header can set a referrer-policy. We can specify uns...
⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

May 12, 2025 Cybersecurity / Hacking News
What do a source code editor, a smart billboard, and a web server have in common? They've all become launchpads for attacks—because cybercriminals are rethinking what counts as "infrastructure." Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It's not just clever—it's reshaping how intrusion, persistence, and evasion happen at scale. ⚡ Threat of the Week 5Socks Proxy Using IoT, EoL Systems Dismantled in Law Enforcement Operation — A joint law enforcement operation undertaken by Dutch and U.S. authorities dismantled a criminal proxy network, known as anyproxy[.]net and 5socks[.]net, that was powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors. The illicit platform, active since 2004, advertised more than 7,000 online proxies daily, with infected ...
Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

May 09, 2025 Artificial Intelligence / Software Security
AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask:  Are they secure? AI agents work with sensitive data and make real-time decisions. If they're not protected, attackers can exploit them to steal information, spread misinformation, or take control of systems. Join Michelle Agroskin, Product Marketing Manager at Auth0 , for a free, expert-led webinar — Building AI Agents Securely  — that breaks down the most important AI security issues and what you can do about them. What You'll Learn: What AI Agents Are: Understand how AI agents work and why they're different from chatbots or traditional apps. What Can Go Wrong: Learn about real risks — like adversarial attacks, data leakage, and identity misuse. How to Secure Them: Discover prov...
⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

May 05, 2025 Cybersecurity / Hacking News
What if attackers aren't breaking in—they're already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn't just the breach—it's not knowing who's still lurking in your systems. If your defenses can't adapt quickly, you're already at risk. Here are the key cyber events you need to pay attention to this week. ⚡ Threat of the Week Lemon Sandstorm Targets Middle East Critical Infra — The Iranian state-sponsored threat group tracked as Lemon Sandstorm targeted an unnamed critical national infrastructure (CNI) in the Middle East and maintained long-term access that lasted for nearly two years using custom backdoors like HanifNet, HXLibrary, and NeoExpressRAT. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive es...
TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China

TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China

May 02, 2025 Data Privacy / Social Media
Ireland's Data Protection Commission (DPC) on Friday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China. "TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "The decision includes administrative fines totaling €530 million and an order requiring TikTok to bring its processing into compliance within 6 months." The order, in addition, requires the company to suspend data transfers to China within the time period. The penalty is the result of an investigation that was launched in September 2021 that probed the company's transfer of personal data to China and its compliance with stringent data protection laws regarding data transfers to third countries. Commenting on the decision, DPC Deputy Commissioner Graham Doyl...
Artificial Intelligence – What's all the fuss?

Artificial Intelligence – What's all the fuss?

Apr 17, 2025 Artificial Intelligence / Threat Intelligence
Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine Learning (ML) — ML is a subset of AI that focuses on developing algorithms and statistical models that allow machines to learn from and make predictions or decisions based on data. ML is a specific approach within AI, emphasizing data-driven learning and improvement over time. Deep Learning (DL) — Deep Learning is a specialized subset of ML that uses neural networks with multiple layers to analyze and interpret complex data patterns. This advanced form of ML is particularly effective for tasks such as image and speech recognition, making it a crucial component of many AI applications. Larg...
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Apr 15, 2025 Data Privacy / Enterprise Security
Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people don't know is that browser extensions' excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025 , This report is the first and only report to merge public extension marketplace statistics with real-world enterprise usage telemetry. By doing so, it sheds light on one of the most underestimated threat surfaces in modern cybersecurity: browser extensions. The report reveals several findings that IT and security leaders will find interesting, as they build their plans for H2 2025. This includes information and analysis on how many extensions have risky permissions, which kinds of permissions are given, if extension developers are to be trusted, and more. Below, we bring key statistics from the report. Highlights from the Enterprise Browse...
Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

Apr 15, 2025 Artificial Intelligence / Data Privacy
Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better understand and reflect their cultures, languages, and history," the company said . To that end, users' posts and comments, as well as their interactions with Meta AI, are expected to be used for training and improving the models. It does not cover private messages sent between friends and family and data from accounts below the age of 18. Users in the region will start receiving notifications this week, both in the apps and via email, that detail the kinds of data the company will be using for this purpose and why it matters in the context of improving AI and the overall user experie...
Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind

Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind

Apr 14, 2025 Cybersecurity / Security Training
AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to level the playing field, but only if security professionals learn to apply it effectively. Organizations are beginning to integrate AI into security workflows, from digital forensics to vulnerability assessments and endpoint detection. AI allows security teams to ingest and analyze more data than ever before, transforming traditional security tools into powerful intelligence engines. AI has already demonstrated its ability to accelerate investigations and uncover unknown attack paths, but many companies are hesitant to fully embrace it. Many AI models are implemented with such velocity that they r...
AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

Apr 03, 2025 Enterprise Security / Compliance
AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario : A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security alerts and potential attacks. Before the project can begin, it must pass through layers of GRC (governance, risk, and compliance) approval, legal reviews, and funding hurdles. This gridlock delays innovation, leaving organizations without the benefits of an AI-powered SOC while cybercriminals keep advancing. Let's break down why AI adoption faces such resistance, distinguish genuine risks from bureaucratic obstacles, and explore practical collaboration strategies between vendors, C-suite, and GRC teams. We'll also provide tips from CISOs who have dealt with these issues extensively as w...
Expert Insights Articles Videos
Cybersecurity Resources