Promises, promises.

Exclusive: Brosix and Chatox promised to keep your chats secured. They didn’t.

A researcher found a misconfigured backup with -- yes, you guessed it -- everything in plaintext instead of encrypted.

Some entities that used the service are medical entities that were actually mentioning protected health information or attaching files with #PHI in the chat.

There were almost 5k Allstate employees using the service and sharing customer #PII in files.

And oh yeah, I found one company gossiping about me and plotting against me after I notified them they were leaking tons of #PHI. I've done them a favor by not publishing all their chat logs about me. :)

There also appeared to be some "dodgy" stuff on the backup, too.

Read the details about the exposed backup in my post at https://databreaches.net/2025/08/05/exclusive-brosix-and-chatox-promised-to-keep-your-chats-secured-they-didnt/

#infosec #encryption #databreach #incidentresponse #chatox #brosix #dataleak

@zackwhittaker

This seems like a bit of a flaw:

spammyshit@gmail.com sends me an email with a calendar event in it.

gmail reads email for me, puts the email in the spam folder, then adds calendar event to my calender.

I delete the calendar event.

The calender sends an email to spammyshit@gmail.com from my email address saying I will not be attending.

Microsoft Recall can capture passwords and credit cards: https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/

Oh yeah, the Online Safety Act is going really well, UKGOV are smart and know what they're doing /s

https://cybernews.com/security/developer-protests-uk-age-gating-with-mock-mp-ids/

If these security cons happened on the same weekend, which would you attend?

When #Democracy Meets Data Exploitation: An ITSPmagazine's #BlackHat USA 2025 Pre-Event Coverage Conversation!

How vulnerable is your personal information when you engage with political campaigns? Virginia Tech researchers Alan Michaels and Jared Byers spent five years finding out—and their discoveries should concern every citizen who values #privacy.

In this pre-event coverage from Black Hat USA 2025, Sean Martin, CISSP and I explore groundbreaking research that exposes the hidden data economy behind political engagement. Using thousands of fake digital identities across 1,400 real campaigns, this study reveals how personal information flows through political networks—often without your knowledge or consent.

Key revelations include:
Cross-party data sharing that transcends political boundaries
AI-powered persona creation for targeted manipulation
Security vulnerabilities exposing citizen data
The real cost of political participation in the digital age

This isn't about politics—it's about the intersection of #technology, #society, and fundamental privacy rights. As our democratic processes become increasingly digitized, understanding these data practices becomes essential for every citizen.

The research maintains strict political neutrality, letting the data expose uncomfortable truths about how campaigns treat personal information regardless of party affiliation.

Watch: https://lnkd.in/emYyif2D Listen: https://lnkd.in/efj8F5VE Full Black Hat Coverage:https://lnkd.in/gQ4-g3Ab

What questions would you ask about political data practices? The implications extend far beyond campaign season.

Heads up peeps of #DefCon... Saturday, Aug. 9th is MOVIE NIGHT at Blue Team Village! Hosted by Women in Security and Privacy (WISP) and #BlueTeamVillage, this movie night and mixer is sure to be lit.

Free admission with #DefCon33 badge. And best of all, #Graylog will be there with free (did we say ???) candy! C U there!

https://www.wisporg.com/upcoming-events/defcon33 #cybersecurity #infosec #hackersummercamp @defcon @blueteamvillage

How's #HackerSummerCamp in #LasVegas going, #InfoSec fam and friends?

Remember to submit what you learn for our #CFP!
https://sessionize.com/bsidesnova-2025/

My hotel for DEFCON wants me to upload my driver’s license to some random “identity verification partner” to do online check in.

I know that if I check in in person they’re gonna just scan it and upload it anyway but man. I don’t wanna.

#enshittification #infosec

Worth repeating and boosting. It's the kind of behavior only thieves and miscreants would engage in.

Cloudflare: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives https://blog.cloudflare.com/perplexity-is-using-stealth-undeclared-crawlers-to-evade-website-no-crawl-directives/ @cloudflare #Perplexity #AI #cybersecurity #infosec

Recorded Future: Cloud Threat Hunting and Defense Landscape https://www.recordedfuture.com/research/cloud-threat-hunting-defense-landscape #cybersecurity #infosec

I'm not at DEFCON, but I'm there. Don't think I don't hear the tea. Be good, kids. You really don't want to end up on my spreadsheet.

Also tell me which villages and talks you're most excited for?

OWASP Ottawa August 2025 Meetup

OWASP Ottawa is back from our summer break! Join us in person at the University of Ottawa for our next OWASP Ottawa meetup on August 20, 2025, where we’ll dive into not one, but two timely and impactful talks at the intersection of cybersecurity, AI, and real-world application security.

Date: August 20, 2025
Time: 6:00 PM EST – Arrival, setup & pizza
6:30 PM EST – Technical Talks
Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117

Talk 1: "Doing More with Less: An Adaptive, Label-Efficient Approach to Fraud Detection from Day One" with Bahar Afshar
Speaker: Bahar Afshar, Master’s in Computer Science candidate with specialization in AI at University of Ottawa
Discover an innovative approach on how to detect financial fraud using adaptive, label-efficient AI approaches, even when labeled, fraudulent data is scarce. A must-see for those in finance, security, and AI research.

Talk 2: "Beyond APIs: MCP Security for AI Integrations" with Harsh Makwana
Speaker: Harsh Makwana, M.Eng, Aplication Security Consultant at Software Secured
Model Context Protocol (MCP) is becoming the standard for LLM integration with external tools, but this increasingly fast adoption rate is coming at the cost of missed security challenges. Learn the security strategies necessary to build hardened AI agents.

Can’t join in person? We’ll livestream on YouTube on our channel: https://www.youtube.com/@OWASP_Ottawa

RSVP now: https://www.meetup.com/owasp-ottawa/events/310273515/

Come learn, network, and grab some pizza with Ottawa’s cybersecurity community!
.
.
.
.
.
.
.
.
#OWASP #Ottawa #Cybersecurity #InfoSec #Networking #AI #AISecurity #FraudDetection #MachineLearning

PancakesCon is looking for a CTF provider, prize sponsors, more CFP submissions, and villages.

It's a unique talk format and I highly recommend you come up with a topic and apply! I submitted, but I would MUCH rather watch your talk than give mine.

(Other than the submission I am not involved in PancakesCon, just a big fan)

#infosec #cybersecurity

https://infosec.exchange/@hacks4pancakes/114968248998643575