Category: Security & Privacy

La Sapienza University, one of Europe’s largest universities located in Rome, has faced a significant disruption as its computer systems remain offline for three days due to an alleged ransomware attack.

The university, with approximately 120,000 students, took its systems offline as a precautionary measure following the cyberattack. While investigations are ongoing, efforts are being made to restore all digital services, although communication channels like email and workstations are only partially operational.

Fortunately, the university had backups unaffected by the attack, aiding in the restoration process. However, the Sapienza website remains inaccessible at present.

Reports suggest the disruption stems from a ransomware attack, with hackers allegedly demanding a ransom within a 72-hour countdown period. The incident is being investigated by Italy’s national cybersecurity agency, ACN, to determine the nature and impact of the attack.

This cyber incident serves as a reminder of the vulnerabilities institutions face in the digital age, highlighting the importance of robust cybersecurity measures to safeguard critical infrastructure against malicious threats.

Source: TechCrunch

Substack, the popular newsletter platform, has confirmed a data breach affecting its users’ email addresses and phone numbers. The breach, which occurred in October 2025 but was only discovered in early February, involved an unauthorized third party accessing user data, including internal metadata.

However, Substack clarified that more sensitive information such as credit card details and passwords remained unaffected by the breach. The company’s CEO, Chris Best, reassured users that the security vulnerability has been addressed, and an investigation is underway to understand the extent of the breach.

In an email to users, Best expressed apologies for the incident, emphasizing Substack’s commitment to data protection and privacy. Despite no evidence of data misuse so far, the company advised users to remain cautious with emails and texts.

With a significant user base, Substack has become a prominent platform for content creators. The company’s recent funding of $100 million in July 2025 highlights its growth trajectory.

Source: TechCrunch

A significant data breach at Conduent, a major government technology provider, has impacted millions of Americans, raising concerns about the security of personal information in the digital age. The ransomware attack, which disrupted Conduent’s operations for days, has now been revealed to affect over 15 million people in Texas alone, with additional victims in Oregon and other states. This breach has compromised individuals’ sensitive data, including names, Social Security numbers, medical records, and health insurance details, highlighting the vulnerabilities in data protection mechanisms.

Conduent, known for managing vast amounts of personal and confidential data on behalf of government agencies and corporations, serves a significant portion of the U.S. population through its technology and operational services. The breach underscores the urgent need for robust cybersecurity measures in handling sensitive information and the potential risks associated with cyberattacks on large-scale data repositories.

While Conduent has been working to assess the extent of the breach and identify the compromised information, details remain scarce, leaving many questions unanswered about the scope and impact of the cyber incident. The breach serves as a stark reminder of the ongoing battle against cyber threats and the imperative for organizations to prioritize data security to safeguard individuals’ privacy.

Source: TechCrunch

A recent cyber attack has brought Harvard University and the University of Pennsylvania (UPenn) into the spotlight. The infamous hacking group ShinyHunters has claimed responsibility for breaching the data security of these prestigious institutions. The group allegedly published over a million records from each university on their dedicated leak site, a platform often used for extortion purposes.

In the case of UPenn, the breach involved a select group of information systems linked to the university’s development and alumni activities. The hackers reportedly used social engineering tactics, a method that involves impersonation to deceive individuals into taking unwanted actions. Although the specific data accessed remains undisclosed, the breach had a significant impact on the university community.

Similarly, Harvard University faced its own data breach on alumni systems due to a voice phishing attack, where targets are manipulated into interacting with malicious links or attachments through voice calls. This incident underscores the evolving tactics employed by cybercriminals to infiltrate secure networks.

Verification of the compromised data by TechCrunch, through cross-referencing with public records and alumni, highlights the severity of these breaches and the importance of robust cybersecurity measures in educational institutions.

Source: TechCrunch

French police and Europol recently conducted a search at the local office of X, as confirmed by the Paris prosecutor’s office. This search is part of an ongoing investigation that began in 2025, focusing on allegations of data extraction fraud by an organized group.

The investigation has now expanded to include additional suspected crimes such as complicity in the possession and distribution of child sexual exploitation material, privacy violations, and Holocaust denial. This expansion follows criticisms faced by X and its CEO, Elon Musk, regarding the misuse of its AI system, Grok AI, which has reportedly been used to generate nonconsensual and harmful imagery on the platform.

Elon Musk, the CEO of X, and former X chief executive Linda Yaccarino have been summoned for questioning in relation to these allegations. The Paris prosecutor’s office also issued summons to unnamed X employees for the same period, highlighting the gravity of the situation.

Requests for comments from X and eMed, where Yaccarino currently serves as the CEO, have not been responded to at this time. Maylis De Roeck, a spokesperson for the Paris prosecutor’s office, emphasized the objective of ensuring X’s compliance with French law, given its operations within the country.

Source: TechCrunch

The Department of Homeland Security has been utilizing administrative subpoenas to gather user information about critics of the Trump administration, as reported by TechCrunch. These subpoenas have been employed to collect identifiable data from tech companies, targeting individuals who manage anonymous Instagram accounts highlighting ICE immigration operations.

Unlike judicial subpoenas that require judicial approval, administrative subpoenas issued by federal agencies allow investigators to request a broad range of information without oversight. While they cannot access email contents or search history, these subpoenas can reveal user login times, locations, devices, and associated email addresses.

The use of administrative subpoenas to uncover details about individuals critical of the Trump administration’s policies has raised concerns. For instance, Homeland Security sought the identity of an anonymous Instagram account, @montocowatch, focused on supporting immigrant rights in Montgomery County, Pennsylvania.

This situation underscores the delicate balance between privacy rights and government information requests within the tech sector, prompting discussions on data protection and government access to user data.

Source: TechCrunch

India’s Supreme Court has issued a stern warning to Meta, questioning WhatsApp’s data-sharing model and its privacy implications. The court scrutinized how WhatsApp monetizes user data, especially in a market where it dominates communication.

With over 500 million users in India, WhatsApp faces scrutiny over potential misuse of metadata for advertising and AI purposes within Meta’s ecosystem. Chief Justice Surya Kant emphasized the importance of user privacy and consent, highlighting concerns about the lack of genuine choice for users.

During the hearing, the court expressed skepticism about WhatsApp’s data practices, labeling the messaging service as a de facto monopoly. Justices raised questions about the commercial value of behavioral data and its exploitation for targeted advertising, underscoring the economic significance of even anonymized information.

Meta’s defense focused on WhatsApp’s end-to-end encryption, ensuring message privacy. The company argued that the disputed privacy policy did not compromise user data protection or enable chat content for advertising purposes.

Source: TechCrunch

The developer of the widely-used text editor Notepad++ has disclosed that hackers, suspected to have ties to the Chinese government, exploited its software update system to distribute malicious software to users for several months in 2025. According to Don Ho, the developer, security experts identified the cyberattack between June and December 2025, with the group responsible known as Lotus Blossom, a well-known espionage entity linked to China.

Notepad++, a popular open-source project with millions of downloads globally, was infiltrated by hackers who targeted specific organizations, particularly in East Asia, by injecting tainted versions of the text editor. The compromised software allowed the attackers to gain unauthorized access to victims’ computers, highlighting the severity of the breach.

The precise method of the intrusion into Notepad++’s servers is still being investigated. Ho revealed that the attackers exploited a vulnerability in the software to redirect users to a server controlled by the hackers, enabling the distribution of malicious updates to targeted users requesting software patches.

Source: TechCrunch

According to a confidential informant, the FBI was informed in 2017 about Jeffrey Epstein’s alleged association with a skilled hacker. The hacker, reportedly of Italian origin, is said to have specialized in identifying vulnerabilities in iOS, BlackBerry devices, and the Firefox browser, and to have developed zero-day exploits and offensive cyber tools.

The informant further disclosed that the hacker allegedly sold these tools to various countries, including an unnamed central African government, the U.K., and the United States. The hacker is also said to have provided a zero-day exploit to Hezbollah, receiving payment in cash.

While these claims raise concerns about potential security breaches and cyber threats, it is essential to approach them with caution, as they are based solely on the informant’s statements and have not been directly confirmed by the FBI or the Justice Department. Both agencies have refrained from providing comments on these allegations, indicating the need for further investigation and verification of the information.

Source: TechCrunch

Recent reports reveal a concerning breach in Poland’s energy sector, where Russian government hackers infiltrated wind and solar farms as well as a heat-and-power plant, exploiting weak security measures. The intrusion, detailed in a report by Poland’s Computer Emergency Response Team (CERT), exposed the use of default credentials and the absence of multi-factor authentication, basic security oversights that facilitated the attack.

The hackers attempted to deploy wiper malware to disrupt operations, but their efforts were thwarted at the heat-and-power plant, preventing any significant impact on the power supply. Although the wind and solar farms suffered system disruptions, the Polish power grid remained stable amidst the attack.

This incident, reminiscent of past cyber assaults on energy infrastructure, underscores the critical importance of robust cybersecurity measures in safeguarding vital systems against malicious actors. The involvement of notorious Russian government hacking groups like Sandworm and Berserk Bear raises concerns about the persistent threat posed to critical infrastructure worldwide.

Source: TechCrunch

Bluesky, the social media startup, unveiled its inaugural transparency report, shedding light on its Trust & Safety team’s actions and various initiatives. The report highlights moderation, regulatory compliance, account takedowns, and more, with a significant fivefold increase in legal requests from government entities.

In 2025, Bluesky experienced substantial growth, expanding its user base by almost 60% to 41.2 million users. The platform witnessed a surge in user activity, with 1.41 billion posts and 235 million media-containing posts, showcasing the platform’s increasing engagement.

Notably, Bluesky saw a 54% rise in moderation reports from users in 2025, reflecting the company’s efforts to address user concerns amidst its rapid expansion. The uptick in moderation reports aligns closely with the platform’s user growth trajectory.

Bluesky’s comprehensive transparency report marks a significant step towards openness, encompassing various facets beyond content moderation. The report details the company’s account verification processes and regulatory compliance efforts, demonstrating its commitment to transparency and user safety.

As Bluesky navigates the evolving social media landscape, its transparency report serves as a benchmark for accountability and integrity in user interactions, setting a precedent for ethical practices in the industry.

Source: TechCrunch

Apple has introduced a new security feature for select models of the latest iPhones and iPads, aimed at restricting the collection of precise location data by cell phone carriers. This move is designed to enhance user privacy and safeguard against potential threats from law enforcement, spies, and hackers seeking to access sensitive location information.

When activated, this feature alters the level of precision in location data shared with the cell carrier, providing only general neighborhood information instead of specific street addresses. Apple assures that this adjustment does not impact the accuracy of location data exchanged with apps or emergency services during critical situations.

The rollout of this privacy-enhancing feature includes support for devices like iPhone Air, iPhone 16e, and iPad Pro (M5) Wi-Fi + Cellular, running iOS 26.3, and is currently available on selected carriers worldwide, such as Telekom in Germany, AIS and True Thailand, EE and BT in the UK, and Boost Mobile in the US.

As concerns grow over unauthorized access to location data, this development underscores the ongoing vulnerabilities in global cellular networks that have facilitated surveillance and the need for enhanced privacy measures in the digital age.

Source: TechCrunch