Arizona AG Sues Temu Over “Stealing” User Data

Source: Dark Reading

Arizona’s attorney general sued Temu, alleging the shopping app secretly harvests sensitive device data and evades reviews. U.S. firms should expect renewed scrutiny of mobile SDKs, background data collection, and consent. Review privacy notices, telemetry settings, and third-party code used in consumer apps.

Link to article

Google fixes two Android zero-days exploited in attacks (107 flaws total)

Source: BleepingComputer

Google’s December Android update patches 107 vulnerabilities, including two under active exploitation. BYOD and frontline devices are at risk. Urge immediate updates, block outdated OS versions, enforce device compliance checks, and monitor for privilege-escalation attempts after patching.

Link to article

ShadyPanda turns 4.3M browser extensions into spyware

Source: The Hacker News

A long-running campaign weaponized popular Chrome/Edge extensions to exfiltrate browsing data at scale. SMB takeaway: lock down extension allow-lists, monitor unusual installs, and use enterprise browser controls to restrict risky APIs and permissions.

Link to article

Penn & University of Phoenix disclose breaches tied to Oracle EBS hacks

Source: SecurityWeek

U.S. universities confirmed compromise via the Oracle E-Business Suite campaign, with SSNs and bank details affected. Organizations relying on Oracle EBS should verify mitigations, monitor for data exfiltration, and review vendor advisories and state filings for impact scope.

Link to article

OpenAI User Data Exposed in Mixpanel Hack

Source: SecurityWeek

OpenAI is informing some users that they may be impacted by a recent data breach at product analytics and event-tracking solutions provider Mixpanel. Mixpanel disclosed the security incident on Thursday, saying that it was detected on November 8. The company described it as a “smishing campaign” and noted that a “limited number of customers” are affected.

Link to article