Category: Security & Privacy

Recent events surrounding Coupang’s data breach in South Korea have led to legal action from U.S. investors against the South Korean government, creating a tech-related geopolitical issue.

Coupang, a major e-commerce platform in South Korea, faced a significant data breach affecting millions of customers. The breach not only prompted a regulatory investigation into data security but also sparked allegations of discriminatory treatment by the South Korean government toward the U.S.-based company.

Investors, including Greenoaks, Altimeter, Abrams Capital, Durable Capital Partners, and Foxhaven Asset Management, are now pursuing international arbitration under the U.S.-Korea Free Trade Agreement. They claim losses due to what they perceive as unfair actions by the government during the investigation.

The breach compromised personal information of nearly 34 million Korean customers, including sensitive data like names, email addresses, and order histories. Despite other data breaches in Korea resulting in milder repercussions, Coupang faced intensified government scrutiny and alleged misrepresentations of the breach’s extent.

This case highlights the intersection of technology and international trade agreements, demonstrating how data breaches can lead to legal disputes with broader geopolitical implications.

Source: TechCrunch

Microsoft has quickly responded to critical security vulnerabilities affecting Windows and Office users, as reported by TechCrunch. These vulnerabilities have become the target of cyber attackers aiming to compromise victims’ computers through malicious links and files. The exploits, known as zero-days, enable hackers to gain complete control of a system with minimal user interaction, underscoring the urgency for users to apply the patches immediately.

The vulnerabilities allow for one-click attacks, where a simple action like clicking on a malicious link or opening a corrupted Office file can lead to a system breach. Microsoft acknowledged the severity of the situation, emphasizing the need for prompt action to prevent further exploitation.

Security researcher Dustin Childs highlighted the significance of one of the bugs, CVE-2026-21510, found in the Windows shell. This bug, affecting all supported Windows versions, circumvents Microsoft’s SmartScreen protection, facilitating the remote installation of malware upon clicking a malicious link.

Google’s Threat Intelligence Group also confirmed the active exploitation of the Windows shell bug, posing significant risks due to the silent execution of malware with elevated privileges. The collaboration between security researchers and tech companies remains crucial in identifying and mitigating such threats.

Source: TechCrunch

In a significant development, the former executive of Trenchant, a U.S. maker of hacking and surveillance tools, has been found guilty of selling exploits to a Russian broker with ties to the Russian government. This potentially enabled access to millions of computers and devices globally. Peter Williams, an Australian national, admitted to selling eight hacking tools stolen from Trenchant, making over $1.3 million in cryptocurrency from the sales between 2022 and 2025. These exploits, capable of indiscriminate government surveillance, cybercrime, and ransomware attacks, were sold to a company linked to the Russian government, posing a threat to international cybersecurity.

The Justice Department disclosed that Williams’ actions directly harmed the U.S. intelligence community, leading to a call for a nine-year prison sentence, supervised release, restitution of $35 million, and a significant fine. The severity of the breach underscores the risks associated with the illicit trade of hacking tools and the potential for widespread misuse by state actors and cybercriminals.

Source: TechCrunch

Google’s compliance with a subpoena from the U.S. Immigration and Customs Enforcement (ICE) has sparked debates over data privacy and tech company cooperation with government agencies. According to The Intercept, Google provided ICE with personal and financial data of a student journalist, Amandla Thomas-Johnson, who attended a pro-Palestinian protest. The disclosure included usernames, physical addresses, service details, IP addresses, phone numbers, and financial information linked to Thomas-Johnson’s account.

The subpoena, issued without judicial approval, lacked a specific justification for the data request, raising questions about the handling of private information. This incident highlights concerns about the use of administrative subpoenas to access individual data without oversight. The demand for Thomas-Johnson’s data shortly after his student visa revocation underscores the potential misuse of such requests.

This case underscores the delicate balance between data privacy and law enforcement needs. Tech companies face growing scrutiny over their roles in safeguarding user information while adhering to legal demands. The incident sheds light on the challenges companies like Google encounter in protecting user privacy while complying with government requests.

Source: TechCrunch

The government of Singapore has revealed that a Chinese cyber-espionage group, known as UNC3886, targeted four of the country’s leading telecom companies in a sustained attack, as reported by TechCrunch. The hackers infiltrated systems belonging to Singtel, StarHub, M1, and Simba Telecom, although no service disruptions or data breaches occurred.

Cybersecurity experts have linked the attackers to China, noting their expertise in exploiting zero-day vulnerabilities in network infrastructure. Despite gaining limited access to critical systems using advanced tools like rootkits, they failed to compromise the targeted telecom services, according to K. Shanmugam, Singapore’s coordinating minister for national security.

The targeted telcos, accustomed to facing distributed denial-of-service attacks, employ layered defense mechanisms to safeguard their networks. In a joint statement, the telecom companies emphasized their proactive security measures and prompt remediation of detected issues.

This incident underscores the persistent threat of state-sponsored cyber intrusions in the telecommunications sector, posing risks to critical infrastructure and national security.

Source: TechCrunch

Google has introduced new features to empower users to better manage their personal information on Search. The tech company unveiled these updates on Safer Internet Day, aiming to provide users with more control over their digital privacy.

The ‘Results about you’ tool now allows users to request the removal of Search results containing sensitive data such as driver’s license numbers, passport information, Social Security numbers, email addresses, and phone numbers. Users can access this tool through the Google app to monitor and control the visibility of their personal information.

Additionally, Google has streamlined the process for removing non-consensual explicit images from Search. Users can now easily report such images by clicking on the three dots, selecting ‘remove result,’ and indicating that the image displays sexual content involving them. The updated system enables users to submit requests for multiple images simultaneously, simplifying the reporting process.

While removing sensitive information from Search results does not erase it from the internet entirely, these new tools offer users added protection and control over their digital footprint. The updates are currently being rolled out in the U.S., with plans for expansion to other regions in the future.

Source: TechCrunch

The Indian government is further integrating Aadhaar, the world’s largest digital identity system, into daily private interactions with the introduction of a new app and offline verification support. This move aims to provide users with more control over their data while expanding the presence of Aadhaar in various sectors.

The Unique Identification Authority of India (UIDAI) has unveiled a new Aadhaar app that enables users to share limited personal information, such as confirming their age without revealing their full date of birth, with services ranging from hotels and housing societies to workplaces and payment devices. Additionally, the existing mAadhaar app will continue to operate alongside the new app.

UIDAI is also expanding Aadhaar’s integration with mobile wallets, including plans to integrate it with Google Wallet and discussions to offer similar functionality in Apple Wallet, complementing the current support on Samsung Wallet.

The Indian authority is advocating for the app’s use in law enforcement and hospitality sectors, with the Ahmedabad City Crime Branch being the first police unit in India to incorporate Aadhaar-based offline verification with a guest-monitoring platform.

UIDAI has positioned the new Aadhaar app as a digital business card for meetings and networking, enabling users to share selected personal details via a QR code.

Source: TechCrunch

A recent incident has revealed the payment records of over 500,000 customers who purchased surveillance services from ‘stalkerware’ app providers. The leaked data includes email addresses and partial payment details of individuals who used phone-tracking apps like Geofinder and uMobix, as well as services like Peekviewer that grant access to private Instagram accounts. Notably, the exposed information also involves transaction records from Xnspy, a well-known phone surveillance app that faced a data breach in 2022.

These incidents highlight the ongoing security challenges within the surveillance technology sector, where numerous stalkerware providers have suffered breaches, leading to the exposure of both customer and victim data due to inadequate cybersecurity measures.

Source: TechCrunch

Roblox, the popular online platform, has recently introduced mandatory facial verification for chat access, with 45% of daily active users having completed age checks by January 31. This move comes in response to concerns over child safety, including issues of grooming and exposure to explicit content.

To undergo the age-check process, users must use the Roblox app, grant camera access, and follow on-screen instructions for facial verification. The verification, managed by a third-party vendor called Persona, ensures user privacy by deleting images and videos post-verification.

Upon successful age verification, users gain access to age-based chats, enabling communication only within specific age groups. With six age categories ranging from under 9 to 21 plus, users can interact with those in adjacent age groups, fostering a safer online environment.

Roblox’s Q4 2025 earnings report revealed that age-checked data indicates a younger user demographic than self-reported data, with 35% under 13, 38% aged 13-17, and 27% over 18.

Concerns regarding the new process emerged during implementation, prompting the platform to offer avenues for users to appeal age-check results through alternative verification methods or parental controls.

Source: TechCrunch

Norway’s government has accused the Chinese-backed hacking group, Salt Typhoon, of infiltrating multiple organizations within the country. According to a report by the Norwegian Police Security Service, the hackers, suspected to be affiliated with the Chinese government, exploited vulnerable network devices to engage in espionage activities.

Salt Typhoon, a group identified by senior U.S. officials as a significant threat, has a history of hacking into critical infrastructure networks globally. Past targets include telecom providers in Canada and the United States, where they reportedly accessed communications of high-ranking politicians. These breaches have prompted telecom companies to enhance their security measures.

While details of the specific cyber campaign in Norway remain limited, this incident exemplifies the ongoing cybersecurity challenges faced by nations worldwide. The Norwegian government’s allegations underscore the persistent threat posed by state-sponsored hacking groups and the importance of robust cybersecurity defenses.

Source: TechCrunch