Daily Digest | 27 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

"ESET researchers uncovered the first known case of Android malware abusing generative AI for context-aware user interface manipulation. While machine learning has been used to similar ends already – just recently, researchers at Dr.WEB found Android.Phantom, which uses TensorFlow machine learning models to analyze advertisement screenshots and automatically click on detected elements for large scale ad fraud – this is the first time we have seen generative AI deployed in this manner. Because the attackers rely on prompting an AI model (in this instance, Google’s Gemini) to guide malicious UI manipulation, we have named this family PromptSpy. This is the second AI powered malware we have discovered – following PromptLock in August 2025, the first known case of AI-driven ransomware.

While generative AI is deployed only in a relatively minor part of PromptSpy's code – that responsible for achieving persistence – it still has a significant impact on the malware's adaptability. Specifically, Gemini is used to analyze the current screen and provide PromptSpy with step-by-step instructions on how to ensure the malicious app remains pinned in the recent apps list, thus preventing it from being easily swiped away or killed by the system. The AI model and prompt are predefined in the code and cannot be changed. Since Android malware often relies on UI navigation, leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, which can greatly expand the pool of potential victims.

The main purpose of PromptSpy is to deploy a built-in VNC module, giving operators remote access to the victim’s device. This Android malware also abuses the Accessibility Service to block uninstallation with invisible overlays, captures lockscreen data, records video. It communicates with its C&C server via the VNC protocol, using AES encryption."

https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/

#CyberSecurity #PromptSpy #AI #GenerativeAI #Android #Malware

Daily Digest | 26 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

Effective cybersecurity requires more than just data privacy measures. New technologies demand thorough privacy impact assessments (PIAs) to ensure regulatory compliance and operational security. Don't view PIAs as mere "compliance theater" – they're a crucial step in protecting your organization from security breaches and reputational damage. Get the inside scoop on why effective PIAs are essential for tech development and how to implement them successfully.

Read more: https://steelefortress.com/fortress-feed/forget-what-youve-heard-the-overemphasis-on-data-privacy-in-tech-development-leads-to-misguided-assessments

#CyberSecurity #Privacy #InfoSec #Security #DataProtection #Tech #Technology

Delta Chat is a messaging platform that works over email.

Setup is similar to a email client.
Messaging is decentralized and interoperable.

Supports end-to-end encryption via PGP.
PGP encryption keys are created automatically.

Default desktop client is based on Electron.
Electron is based on the Google Chromium web browser.

Website: https://delta.chat
Mastodon: @delta

#DeltaChat #Messaging #Privacy #InfoSec #E2EE #OpenPGP #PGP #OpenSource #FOSS #CyberSecurity #Encryption #FreeSoftware

Alt...

Delta Chat logo.

Age verification laws force platforms to collect IDs, biometrics or behavioral data, directly conflicting with data minimization principles. 🔍

Recurring checks and stored proof for regulators create breach-prone archives, exposing everyone—not just minors—to surveillance risks. 🔒

🔗 https://spectrum.ieee.org/age-verification

#TechNews #Privacy #Security #Surveillance #DataProtection #DigitalRights #BigTech #AI #Biometrics #KidsOnline #Profiling #Cybersecurity #EU #USA #AgeVerification #Law #Biometrics

Colorado’s SB26-051 would make OSes (Windows, Android, iOS, Linux) collect an “age signal” at setup and expose it via API to every app in broad age brackets 📊

Even if “minimal data” is promised, normalising OS‑level age tagging for all apps raises serious long‑term risks for privacy and user autonomy 🔒

🔗 https://itsfoss.com/news/colorado-age-attestation-bill/

#TechNews #Privacy #Security #Surveillance #DataProtection #DigitalRights #BigTech #AI #KidsOnline #AgeVerification #Profiling #Cybersecurity #US #USA #Colorado #Linux

Daily Digest | 25 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

"A software engineer’s earnest effort to steer his new DJI robot vacuum with a video game controller inadvertently granted him a sneak peak into thousands of people’s homes.

While building his own remote-control app, Sammy Azdoufal reportedly used an AI coding assistant to help reverse-engineer how the robot communicated with DJI’s remote cloud servers. But he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries. The backend security bug effectively exposed an army of internet-connected robots that, in the wrong hands, could have turned into surveillance tools, all without their owners ever knowing.

Luckily, Azdoufal chose not to exploit that. Instead, he shared his findings with The Verge, which quickly contacted DJI to report the flaw. While DJI tells Popular Science the issue has been “resolved,” the dramatic episode underscores warnings from cybersecurity experts who have long-warned that internet-connected robots and other smart home devices present attractive targets for hackers."

https://www.popsci.com/technology/robot-vacuum-army/

#AI #IoT #CyberSecurity #DJII #RobotVaccum

Daily Digest | 24 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

The Age Verification Trap, Verifying age undermines everyone's data protection

https://spectrum.ieee.org/age-verification

#HackerNews #AgeVerification #DataProtection #PrivacyOnline #DigitalRights #Cybersecurity

Daily Digest | 23 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

“Nothing to hide” is a dangerous myth: it turns a fundamental right into a moral test and ignores how data is stored, combined, and used to judge or manipulate us over time 🔍

Privacy isn’t about hiding crimes, it’s about keeping control of our lives in a world of profiling, data brokers, shifting laws, and client‑side scanning 🔒

#Privacy #Security #Surveillance #DataProtection #DigitalRights #BigTech #AI #Tracking #Profiling #Cybersecurity #Freedom #HumanRights #NothingToHide #OpenSource #FOSS

"How do you bring people of all ages, backgrounds, and technical abilities into a mass movement without exposing them to monitoring and targeting by a government—and in particular Immigration and Customs Enforcement and Customs and Border Protection, agencies with paramilitary ambitions, a tendency to break the law, and more funding than some countries’ militaries.

Organizing safely in an age of surveillance increasingly requires not only technical security know-how, but also a tricky balance between secrecy and openness, says Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, a nonprofit focused on digital civil liberties. “You may want to limit access to some information to a smaller group of people, and you need to consider the platforms you are using, so that when law enforcement shows up to Google with a subpoena, there’s nothing sensitive it can hand over,” says Galperin. “But you have to weigh that against the fact that the majority of organizing is done in public, with other people, because the power of organizing is in numbers and solidarity.”

There’s no simple set of tech tips that can help organizers safely build a movement while facing that dilemma, but there are approaches, guidelines and tools that can help. WIRED asked technologists, activists, aid groups, and cybersecurity experts for their guidance on how to organize and collaborate in an age of surveillance. Here’s what we found."

https://www.wired.com/story/how-to-organize-safely-in-the-age-of-surveillance/

#USA #Trump #Activism #ICE #Immigration #Surveillance #PoliceState #CyberSecurity

You have a verified LinkedIn account, read this. #microsoft #linkedin #privacy #cybersecurity #personaidentities
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/

Predator spyware can secretly bypass iPhone’s camera/mic dots, raising fresh concerns over iOS privacy and targeted surveillance 🔍📱 Full story: https://cyberinsider.com/predator-spyware-uses-stealthy-trick-to-disable-ios-recording-alerts/ #CyberSecurity #iOS #Spyware #Privacy #Newz

ICE triples Azure data usage to 1.4PB (Jul'25-Jan'26), leans on AI Vision/Video Indexer for surveillance amid facial recognition, phone trackers, drones. ☁️

Reports challenge Microsoft's "no mass surveillance" stance despite contracts; employee concerns rise as policies clash with ICE enforcement reality. ⚖️

🔗 https://www.windowscentral.com/microsoft/microsoft-azure-data-usage-by-ice-triples-as-reports-question-microsofts-connection-to-mass-surveillance-we-do-not-believe-ice-is-engaged-in-such-activity

#TechNews #Privacy #Cybersecurity #Surveillance #AI #Cloud #Azure #Microsoft #ICE #DigitalRights #DataProtection #Ethics #FOSS #US #USA #Police #Trump #USpol

Spain court orders NordVPN, ProtonVPN to block 16 LaLiga piracy sites via dynamic IP lists—no appeals, inaudita parte hearing. ⚖️

LaLiga cites EU Digital Services Regulation duties; both VPNs decry lack of notification, due process violations. 🛡️

Impacts paid privacy tools while free VPN loopholes persist. 🔒

@protonprivacy

🔗 https://www.bleepingcomputer.com/news/security/spain-orders-nordvpn-protonvpn-to-block-laliga-piracy-sites/

#TechNews #Privacy #VPN #Cybersecurity #Piracy #EU #Regulation #DigitalRights #FOSS #Internet #Censorship #LaLiga #Spain #NordVPN #Proton #Europe

📜 Scrolls 30 is now out! Check it out for all the usual #indieweb, #fediverse & #Infosec / #cybersecurity goodies.

https://shellsharks.com/scrolls/scroll/2026-02-20

30 issues into this I'm a bit curious. If you feel like sharing: What do you think of Scrolls so far? Is it still interesting? Is there something you'd like to see in there that I haven't done? Is there something I've done a little of that you'd like more of? Any other feedback, good or bad, is always welcome!

Have a great weekend! 👋

Daily Digest | 20 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

X's documentation explicitly states:

"Direct messages are not protected against hacking or unauthorised access."

If messages aren't protected against hacking, they're not encrypted properly.

This is encryption theatre, not encryption.

Words matter in security.

#Encryption #Cybersecurity #Twitter #Privacy

From threat modeling to encrypted collaboration apps, we’ve collected experts’ tips and tools for safely and effectively building a group—even while being targeted and tracked by the powerful.

Alt...

How to Organize Safely in the Age of Surveillance

Daily Digest | 19 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

The city is a grid of silicon traps, and public Wi-Fi is the biggest bait. 🕵️‍♂️ Episode 14 of Impractical Privacy is out.

​We’re dissecting rogue hotspots, SSL stripping, and the "Evil Twin." But more importantly, we’re talking about your well-being. Privacy is a journey, not a destination. Don't trade your peace of mind for perfect OpSec. 🧠✨
​Tune in, grab your VPN, and join the #WiFiWarrior ranks. 🛡️
​ImpracticalPrivacy.com

​#PrivacyMatters #PublicWiFi #DigitalSovereignty #Privacy #CyberSecurity

Alt...

​A stylized, neon-lit digital illustration for a podcast titled "Impractical Privacy." The episode is labeled "Episode 14: The Dark Side of Public Wi-Fi." ​The scene is set in a dark coffee shop where several patrons are using tablets and phones. In the center, a hooded figure sits at a table with a laptop, glowing blue light reflecting off them. A red neon Wi-Fi symbol above the figure radiates data streams—including envelopes and boxes labeled "password"—into a dark, swirling vortex or portal on the right. In the bottom-right corner, the name "Sudo" is written in a bright white and green neon script font.

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. […] The aes-js/pyaes maintainer, on the other hand, has taken a more… cavalier approach.

🔓 https://blog.trailofbits.com/2026/02/18/carelessness-versus-craftsmanship-in-cryptography/

#aesctr #itsecurity #key #javascript #js #iv #pyaes #cryptography #carelessness #aes #cybersecurity #cryptography #itsec #encryption #craftsmanship #reuse #fail

LockBit 5.0 Ransomware Group Claims Breach of Aeromedical Society of Australasia

The Aeromedical Society of Australasia was listed on the LockBit 5.0 ransomware leak site. The threat group is threatening to publish stolen data by late February 2026. The organization is investigating the claims with authorities and its IT provider and states that personal information was not stored on the affected platforms.

****
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/aeromedical-society-of-australasia-targeted-by-lockbit-5-0-ransomware-group-z-c-0-r-v/gD2P6Ple2L

Daily Digest | 18 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

Smart devices are becoming an increasingly important part of our daily lives, but they also pose a significant threat to our personal privacy. Did you know that 78% of manufacturers comply with law enforcement requests for data without notifying users? This widespread collection and sharing of data can leave us vulnerable to cybersecurity breaches and lawsuits.

Read more: https://steelefortress.com/fortress-feed/10-privacy-vulnerabilities-that-can-sink-smart-home-and-connected-device-lawsuits

#CyberSecurity #Privacy #InfoSec #Security #DataProtection #Tech #Technology

Spain court orders temporary blocks on ProtonVPN & NordVPN during LaLiga matches.
Raises concerns over impact on legitimate privacy users.

🔗 https://www.technadu.com/vpn-blocking-in-spain-affects-protonvpn-nordvpn-matches-access/620401/

#VPN #CyberSecurity #DigitalRights #Spain

Alt...

Spain Court Orders ProtonVPN and NordVPN Blocks During LaLiga Matches, Raising Concerns for Users

PureVPN on 2026 privacy strategy:
“Our core learning can be summarized in one line: privacy assurances must be provable, not aspirational.”

Modular infrastructure. No-logs-first. Evolving obfuscation.

Full interview:
https://www.technadu.com/purevpn-on-proven-privacy-and-next-gen-infrastructure-strategy-in-2026/620372/

#VPN #Privacy #CyberSecurity #Encryption

Alt...

PureVPN in 2026 Talks About Proven Privacy, Resilient Infrastructure, and Staying Ahead of Network Restrictions

Ring's controversial AI-powered 'Search Party' feature to find lost pets sparked dystopian surveillance concerns during the Super Bowl.

Surprise, surprise...this feature is enabled by default...😬

What do you think of 'Search Party'? Is this a useful community tool or soft launch of a surveillance state? Let me know in the comments!

Watch this episode on YouTube:
https://youtu.be/QBhYDtbPkeE

Listen and subscribe wherever you like to get your podcasts:

https://sharedsecurity.net/subscribe
https://sharedsecurity.net/2026/02/16/rings-search-party-dystopia-debate-claude-zero-click-rce-vulnerability/

#podcast #privacy #surveillance #ringcameras #cybersecurity

Daily Digest | 17 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

Samsung teases Privacy Display on Galaxy S26 Ultra, using Flex Magic Pixel to obscure screen from side angles and block shoulder surfers 🔒

Switch activates per-app or automatically; launch set for Feb 25—boosting on-device data protection without accessories 📱

🔗 https://www.androidauthority.com/samsung-tease-privacy-display-galaxy-s26-3641155/

#TechNews #Privacy #Samsung #Galaxy #GalaxyS26 #PrivacyDisplay #Pixel #Cybersecurity #Smartphone #DigitalRights #UserRights #DataProtection #Biometrics #Accountability #Surveillance #Screen

🧱 You're already building infrastructure, apps, and cloud systems. Now build your cybersecurity muscle. We make it fast, easy and free with the Cybersecurity Skills Framework from Linux Foundation Education & OpenSSF.

Understand the risks. Identify the skills. Strengthen your team. Start here, it's FREE! Try it now: https://cybersecurityframework.io

#Cybersecurity #InfoSec #ITLeadership #RiskManagement

Daily Digest | 16 February 2026

Your daily dose of Privacy, Data Protection, AI & Cybersecurity news.

5 stories you should not miss.

Read more: https://www.nicfab.eu/daily-digest/

#Privacy #AI #GDPR #Cybersecurity #TechLaw

DHS monitors Reddit users calling for peaceful ICE protests, per leaked intelligence bulletin. 🔍

No violence indicated, yet agency flags it for "operational and reputational risks" near Border Patrol sites—raising free speech concerns ⚠️

Surveillance without warrants erodes user privacy and civil liberties 🛡️

🔗 https://boingboing.net/2026/02/10/dhs-is-stalking-reddit-users-online.html

#TechNews #Privacy #DHS #Surveillance #Reddit #FreeSpeech #Cybersecurity #DataProtection #CivilLiberties #ICE #Censorship #Government #Protest #Violence #Police

Ring's Search Party AI tracks lost pets via cloud videos from nearby cameras—opt-out by default, sparking privacy backlash post-Super Bowl ad. 🐕

No human tracking now, but fears rise over AI surveillance potential; Ring ends Flock police data partnership amid outrage. ⚠️

🔗 https://www.cnet.com/home/security/what-does-rings-search-party-ai-pet-tracking-do-to-your-privacy-i-got-the-details/

#TechNews #Privacy #Ring #Amazon #SearchParty #Surveillance #AI #Cybersecurity #SmartHome #DigitalRights #UserRights #DataProtection #Accountability #Pets #Cloud #SuperBowl #Flock #Tech

Police recovered "deleted" Nest Doorbell footage from Nancy Guthrie via Google's residual backend data, despite no subscription. 🔍

Expired clips retrieved by FBI post-removal expose retained cloud data accessible to law enforcement. ⚠️

"Deleted" ≠ gone, raising user privacy risks. 🛡️

🔗 https://www.theverge.com/tech/877235/nancy-guthrie-google-nest-cam-video-storage

#TechNews #Privacy #Google #NestCam #Nest #Surveillance #DataRetention #Cybersecurity #SmartHome #DigitalRights #UserRights #DataProtection #Biometrics #Accountability #GDPR #Police #FBI