Today’s privacy digest highlights critical vulnerabilities and emerging threats, including a major WhatsApp data leak and the rise of Android malware targeting encrypted messaging apps. Regulatory updates feature the potential US ban on state AI laws and Illinois’ new AI employment regulations. Also covered are scams targeting consumers and proposed changes to patent challenge rules, demanding immediate attention to safeguard personal data and innovation.
Top 5 Critical Privacy Alerts
- Researchers claim ‘largest leak ever’ after uncovering WhatsApp enumeration flaw: Researchers found a WhatsApp flaw exposing 3.5 billion users’ data. Read more
- Multi-threat Android malware Sturnus steals Signal, WhatsApp messages: New Android malware Sturnus steals data from encrypted messaging apps and gains device control. Read more
- Scam USPS and E-Z Pass Texts and Websites: Google reports a Chinese cybercriminal group selling phishing kits. Read more
- French authorities investigate alleged Holocaust denial posts on Elon Musk’s Grok AI: Grok AI under investigation for Holocaust denial posts. Read more
- The Patent Office Is About To Make Bad Patents Untouchable: USPTO proposes rules limiting challenges to improperly granted patents. Read more
Privacy Laws & Regulations
- Big Beautiful AI Bill: Is the US State AI law ban back on the horizon?: A draft Federal Executive Order considers mirroring the EU’s AI Act concerns, potentially impacting US State AI laws. Read more
- Illinois AI Employment Law Goes Live Soon: Are Your Hiring Practices Compliant?: Illinois employers must comply with AI employment law starting January 1, 2026. Read more
- Closing the Privacy Gap: HIPRA Targets Health Apps and Wearables: Senator Cassidy introduces HIPRA to close health data protection gaps. Read more
- Warning! States Continue to Worry About Social Media and Teens: States are concerned about social media’s impact on teens, with California passing a warning label law. Read more
- Strengthen Colorado’s AI Act: EFF urges Colorado to strengthen its AI Act, especially in enforcement mechanisms. Read more
Data Minimization & User Consent
- Who’s eligible for a refund from Amazon?: Amazon to pay $2.5B for enrolling users in Prime without consent. Read more
- When sharing your info online leads to unwanted and unlawful telemarketing calls: Learn how to reduce unwanted telemarketing calls. Read more
Security
- Crypto mixer founders sent to prison for laundering over $237 million: Samourai Wallet founders imprisoned for laundering over $237 million. Read more
- Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack: Sneaky2FA phishing kit adds Browser-in-the-Browser attack capabilities. Read more
- W3 Total Cache WordPress plugin vulnerable to PHP command injection: Critical flaw in W3 Total Cache plugin allows PHP command injection. Read more
- Russian bulletproof hosting provider sanctioned over ransomware ties: US sanctions Russian bulletproof hosting provider for ransomware support. Read more
Phishing & Scams
- How to help protect foster youth from identity theft: Tips to protect foster youth from identity theft. Read more
- No, that’s not an FTC commissioner on the phone: FTC warns against scammers impersonating FTC officials. Read more
- How to spot a job scam: FTC Chairman Andrew Ferguson explains how to spot job scams. Read more
- How to prepare yourself to deal with an emergency and avoid disaster-related scams: Tips to avoid disaster-related scams. Read more
- This Medicare Open Enrollment season, learn how to protect yourself from scams: Protect yourself from Medicare scams during open enrollment. Read more
- Thinking about selling your timeshare? Key steps to avoid scams: Steps to avoid timeshare selling scams. Read more
- Before you donate, find out where the money is going: FTC warns about deceptive fundraising by Kars-R-Us.com. Read more
- Use this action plan to avoid scams: FTC’s action plan to avoid scams. Read more
