Signal macOS Desktop App Doesn't Actually Delete Messages When it Should
Security researcher Harry Sintonen disclosed that the macOS desktop Signal app doesn't actually delete messages when they're deleted in the UI of the app.
Fria Reyes
Fria is a privacy advocate and synthwave enthusiast who has been volunteering with Privacy Guides since 2023. They are an unapologetic tech optimist, and believes with the right technology we can solve any problem.
Town Councilmember Proposes Internet and Phone Ban After Flock Contract is Cancelled
After the town of Bandera, Texas voted 3-2 to end its contract with the dystopian surveillance company Flock, a pro-Flock councilmember proposed a ban of phones, cameras, the internet, and nearly all technology.
Apple Publishes Source Code for Their Cryptography on GitHub
Apple has published the source code for their corecrypto libraries on GitHub, along with the tools and formal verification libraries they used to evaluate their cryptography, so independent cryptography experts can verify it for themselves.
The US DOJ Wants Identities and Addresses of Over 100,000 Users of a Car App
The US DOJ is demanding the data of all users, equating to over 100,000 people, of the EZ Lynk app over alleged violations of the Clean Air Act, which the company denies.
CISA Leaks Secret Credentials in a Public Github Repo
Brian Krebs found a public GitHub repository with sensitive internal CISA credentials "including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets."
First Public Kernel Memory Exploit of on Apple's M5 Chip Found
Security researchers at Calif have found the first public memory corruption exploit on Apple's M5 chip, surviving Memory Integrity Enforcement protections.
Discord Makes All Voice/Video Calls E2EE
After Discord announced their DAVE end-to-end encryption protocol for audio and video calls in 2024, they’ve finally finished migrating all calls to use it by default.
Dirty Frag Sequel Continues the Streak of Linux Kernel Privilege Escalation Vulnerabilities
Fragnesia, the latest local privilege escalation vulnerability in the same family as Dirty Frag, emerges as an “unintended side effect of one of the patches addressing the original Dirty Frag vulnerabilities” according to the original creator of Dirty Frag, Hyunwood Kim.
BitLocker Bypass Found In Latest Series of Windows Vulns
An anonymous security researchers known as Nightmare-Eclipse has published two more Windows zero-day exploits, YellowKey and GreenPlasma, after already publishing 3 earlier this year.
Android Introduces New Privacy and Security Protections, with a Focus on Agentic AI
Android has introduced some new protections against scammers and malware, some powered by agentic AI.
Utah Targets VPNs for Age Verification
Governor Spencer Cox has signed a law stating that websites are accountable for determining if a user is physically located in Utah, even from behind a VPN.
Canvas System Used by Over 40% of US Schools Breached
Canvas, software used by thousands of schools in the U.S., has been hacked and the private data of staff and students stolen.
Two More Major Linux Vulnerabilities Discovered in the Same Class as Copy Fail
Two new Linux local privilege escalation vulnerabilities were discovered in the same vulnerability class as Copy Fail, affecting most Linux distributions.
Chrome for Android Now Supports Approximate Location
Google announced that “you can now choose to share your approximate location with websites, instead of sharing precise location” on Chrome for Android.
Proton Mail Launches Post Quantum Encryption
Proton Mail now offers post-quantum encryption to protect against future threats from quantum computers.
Apple Confirms RCS E2EE Will Ship with iOS 26.5
9to5mac spotted in the release notes of iOS 26.5 RC confirmation that the long-awaited RCS end-to-end encryption feature will ship with iOS 26.5.
Fedora Sealed Bootable Container Images, Possibly Opening the Door to a “Fully Verified Boot Chain”
Fedora 44 has released, and with it comes a new offering: sealed bootable container images, which “include all the components needed to create a fully verified boot chain.”
OpenAI Introduces Advanced Account Security
OpenAI has introduced new security protections for ChatGPT accounts called Advanced Account Security, to protect users against account takeover.
Every Linux Distribution Shipped Since 2017 Vulnerable to New Copy.Fail Exploit
A new exploit called copy.fail has emerged that can root just about any Linux distribution shipped since 2017 using just an unprivileged user account.
Firefox Quietly Adds Brave’s Rust-Based Adblocker
Firefox has bundled adblock-rust, Brave’s memory-safe content blocker, into Firefox in version 149, although disabled by default.
Fingerprint.com Discovers Vulnerability That Can Link Your Tor Browsing Together
The fingerprinting company fingerprint.com discovered a vulnerability affecting “all Firefox-based browsers” that would allow a “stable process-lifetime identifier” during a browsing session, including after pressing the “New Identity“ button in Tor browser.