This is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 - 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes.

Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed.

Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories.

Privacy Tip of the Week

Don't enable remote management on your router; this exposes your control panel to the public internet, which in some situations could compromise the security of router (and network).

Surveillance Tech in the News

This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy.

The surveillance tech waiting for workers as they return to the office

ArsTechnica

RTO continues to pick up steam... with hiring slowing, there has been a shift towards squeezing more productivity out of current workers.

In pursuit of "more productivity," some employers are leaning heavily into surveillance tech. Many different systems can track workers inside office buildings; of course, there is already plenty of software that tracks what workers do on company equipment as well.

The UK will neither confirm nor deny that it’s killing encryption

The Verge

This is not US-related, but certainly important enough to follow as it may have ramifications in the US in the form of setting precedent.

A continuation of the events stemming from UK giving a secret order to Apple to incorporate backdoors for iCloud, regardless of whether ADP was enabled. Companies who have received these orders cannot legally say so and the British Home Office department naturally will not confirm or deny involvement.

Signal will withdraw from Sweden if encryption-busting laws take effect

The Register

While not US-focused, this is something worth paying attention to.

Right on the heels of the UK secretly ordering Apple to give it backdoor access to iCloud encryption (even with ADP enabled), Sweden is considering passing legislation that would backdoor end-to-end encryption as well. Private messaging platform Signal has threatened to pull out of Sweden if these laws take effect.

Anti-Surveillance Mapmaker Refuses Flock Safety's Cease and Desist Demand

EFF

Flock Safety has sold automated license plate readers to thousands of law enforcement agencies around the US. A privacy activist created a website that crowdsourced the locations of these license plate readers. Flock Safety sent the activist a cease-and-desist letter in an attempt to silence him and the project.

Privacy Tools and Services

Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com

Privacy Tools

Introducing a terms of use and updated privacy notice for Firefox

Mozilla

Mozilla has introduced a Terms of Use to Firefox. This is alongside an updated privacy notice. The language used in the new ToU and specific removals from the privacy notice sparked confusion among users, as the new language implied that Firefox as a whole was subject to the ToU and would make anything typed/processed in the browser available for Mozilla use.

You can get my thoughts/explainer on this from Mastodon.

NOTE: Mozilla released yet another update on this, which seeks to better explain their changes and the new Terms of Use.

Mozilla’s approach to Manifest V3: What’s different and why it matters for extension users

Mozilla

In a time where many browsers are phasing out Manifest v2 extensions, Mozilla confirms support for Manifest v2 and v3 extensions.

Privacy Services

Brave iOS update brings Smart Proxy and Kill Switch

AlternativeTo

This has more to do with Brave's VPN service rather than its browser. An update (version 1.75) on iOS introduces Smart Proxy and Kill Switch for Brave's VPN service.

Vulnerabilities and Malware

Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.

Vulnerabilities

A single default password exposes access to dozens of apartment buildings

TechCrunch

Internet-connected entrance keypads/locks used by some apartment complexes have a default password. Anyone with this default password could access these "locked" apartment complexes. While it could be changed, the device does not prompt end users to change the password.

The manufacturer (Hirsch) does not plan a security fix.

61% of Hackers Use New Exploit Code Within 48 Hours of Attack

Infosecurity Magazine

According to SonicWall's Annual Cyber Threat Report (2024), for year 2024 cyber threat actors launched attacks within 48 hours of discovering a vulnerability, with approximately 61% of attackers using new exploit code in this window.

This supports other reporting throughout the last 2-3 years citing that attackers are attempting exploits of disclosed/discovered vulnerabilities quicker. For this reason, users are encouraged to stay on top of security updates for their software/firmware.

House Dems say DOGE is leaving publicly exposed entry points into government systems

Cyberscoop

No specific vulnerabilities are mentioned here. Allegedly, DOGE left endpoints of various government agencies exposed. This included the Treasury Department's Secure Payment System and systems from various National Laboratories that manage systems connected to the US nuclear stockpile.

Researchers uncover unknown Android flaws used to hack into a student’s phone

TechCrunch

This is not US-related, but given the current environment, it is worth including here.

Serbian police used previously "unknown" (and naturally, undisclosed) flaws in Android to use forensic tools - such as Cellebrite - to unlock phones. In this specific case, Serbian police used these flaws and forensic tools to unlock the phones of a student activist.

Old Vulnerabilities Among the Most Widely Exploited

Infosecurity Magazine

New vulnerabilities are always popping up; however, attackers regularly exploit "old vulnerabilities" - especially those in deprecated software or EOL devices.

Interestingly, the most exploited vulnerabilities in 2024 targeted SOHO routers. This research in particular is from GreyNoise's 2025 Mass Internet Exploitation Report.

Malware

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Bleeping Computer

The Vo1d malware botnet has grown to approximately 1.6 infected Android TV devices. These devices become part of proxy networks frequently sold/made available to threat actors, helping conceal their malicious activity.

GrassCall malware campaign drains crypto wallets via fake job interviews

Bleeping Computer

This campaign primarily targets those seeking employment in the "Web3" or crypto space. These threat actors frequently post job listings on popular job boards (like LinkedIn). People who applied for these jobs were encouraged to join a Telegram group, where targets are socially engineered to install malware on their devices.

The installed malware drains cryptocurrency wallets and may also call infostealers and remote access trojans (RATs).

The GitVenom campaign: cryptocurrency theft using GitHub

SecureList (by Kaspersky)

This campaign is dubbed "GitVenom" and has been active for at least two years. Carefully crafted (and therefore believable, especially at first glance) repositories hosted on GitHub are actually malware in disguise.

The malware hosted on the malicious repos differs, but includes information stealers and RATs. In many cases, the various malicious repos call additional malware once installed on a host.

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

KrebsonSecurity

This is not a malware campaign. Another day, more threat actors abusing "trusted" or "legitimate services." In this post, the focus is on on how/when a known web host for spam/malware allegedly began routing traffic through networks run by Kaspersky Labs. Kaspersky denies these claims.

Phishing and Scams

Covers popular phishing schemes affecting end users - smishing, vishing, and any new scam/phish tactics for deceiving end users. May overlap some with malware, but focuses more on the phishing tactics than details on a malware delivery/campaign information.

Scams

PayPal’s “no-code checkout” abused by scammers

MalwareBytes

Threat actors are using compromised advertiser accounts to create Google Search Ads impersonating PayPal. The malicious ads point to a website where the scammers have abused PayPal's "no code checkout" feature. On the malicious website, scammers post the phone numbers of bogus tech support call centers.

Service Providers' Privacy Practices

This section is dedicated to notable changes or developments in popular/large service provider's privacy practices.

Service providers listed here are not necessarily "privacy-focused," but may have privacy practice changes positively (ex: adopting end-to-end encryption for messaging or) or negatively (ex: increased sharing of data with affiliates) affecting a large amount of users.

Gmail Security Alert: Google To Ditch SMS Codes For Billions Of Users

Forbes

Primarily security related. Google plans to deprecate SMS MFA.

Edge begins disabling uBlock Origin and other Manifest V2 extensions, following Google

AlternativeTo

Following Google's plan to phase out manifest v2 extensions, Microsoft has reportedly started disabling manifest v2 extensions -- such as uBlock Origin. As of writing, this only affects Edge Canary.

Legislation/Regulations/Lawsuits

Predominately focused on legal/regulation privacy practices outlined in US law (ex: FTC banning certain companies from sharing location data), but large enough changes in EU law may also be covered here.

Legislation and Regulation

The Senate Passed The TAKE IT DOWN Act, Threatening Free Expression and Due Process

EFF

The TAKE IT DOWN Act is meant to remove non-consensual intimate imagery (including deep fake or AI generated content imitating real people)... however, according to the EFF, this may lead to platforms using "often-inaccurate automated filters that are infamous for flagging legal content."

Data Breaches and Leaks

Generally covers large data breaches (or data leaks) exposing sensitive information of users - typically the focus is on US companies and on data breaches affecting primarily US citizens, though some exceptions are made depending on potential impact and scale.

Will not cover every data breach, naturally, due to frequency and scale.

Data breaches

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt (Have I Been Pwned)

Have I Been Pwned has added approximately 284 million unique email addresses to its database. The service also added 244 million never-before-seen passwords to its "pwned passwords" database.

US employee screening giant DISA says hackers accessed data of more than 3M people

TechCrunch

DISA Global Solutions is a US-based provider of employee screening services. They provide employment screening services to over 55k enterprises and approximately one third of Fortune 500 companies. DISA suffered a "cyber incident" on 22 APR 2024; an investigation uncovered the threat actor originally breached their network on 9 FEB 2024.

However, only recently has DISA disclosed this breach, which affects over 3.3 million people. As of writing, what data was compromised is not clear.

The biggest data breaches of 2025 — so far

TechCrunch

The biggest breaches so far include:

• PowerSchool
• DOGE's access to federal government data
• Community Health Center
• stalkerware apps
• DISA

Zapier says someone broke into its code repositories and may have accessed customer data

The Verge

Zapier informed some customers on 28 FEB 2025 that an unauthorized user may have gained access to customer information. Apparently, the private repositories shouldn't have included customer data in the first place.

Data leaks

Spyzie stalkerware is spying on thousands of Android and iPhone users

TechCrunch

Related to the leak of stalkerware, Cocospy and Spyic. A security researcher used the same vulnerability found in Cocospy and Spyic to collect over 500k email addresses of Spyzie customers.