On the night of April 25, 2019, tragedy struck in Key Largo, Florida. A Tesla vehicle hit Naibel Benavides Leon, 22, and her boyfriend. Naibel died, and her

  A major data exposure has come to light after cybersecurity experts discovered an unsecured online storage system containing nearly 26 million documents, many of which appear to be resumes of job seekers in the United States. The exposed files were found in a cloud-based storage system, commonly used to save and share digital files. According to the research team, this storage space had not been properly secured, meaning anyone who knew where to look could access its contents without needing a password or any special permissions. On further examination, it was revealed that the majority of the documents stored in the system were personal resumes and CVs. These files included sensitive personal details like full names, phone numbers, email addresses, education history, previous work experience, and other professional information. In the wrong hands, such detailed personal data can become a serious security risk. Experts warn that job seekers are particularly vulnerable in situations like this. If cybercriminals gain access to such data, they can use it to send highly personalized scam messages. These messages may appear trustworthy, as they can be tailored using real employment history or job interests, making it easier to trick someone into clicking a malicious link or sharing their login information. One common tactic includes sending fake job offers or interview invitations that secretly install harmful software on a person’s device. Some advanced scams may even go as far as conducting fake job interviews before sending victims "sample tasks" that involve downloading malware. The database in question was linked to a platform used by employers and hiring teams to manage job applications and connect with candidates. However, the researchers who found the issue say they did not receive any confirmation that access to the exposed files has been blocked. While the team reached out to suggest tightening security settings, it’s unclear whether any action was taken. There is no current proof that the data has been used by cybercriminals yet, but experts note that the longer the files remain unprotected, the higher the risk of misuse. Even if no signs of abuse have appeared so far, the availability of such information online creates an ongoing threat. This situation serves as a reminder for companies handling sensitive data to prioritize cybersecurity. Properly configuring cloud storage, regularly updating access settings, and limiting who can view certain files are essential steps in preventing such exposures. It’s not just about protecting a system, it’s about safeguarding real people’s identities and futures.

Enterprise users are leaking sensitive corporate data through use of unauthorized and authorized generative AI apps at alarming rates. Plugging the leaks is vital to reduce risk exposure.

A report highlights critical enterprise API security risks, revealing vulnerabilities and gaps in authentication, monitoring, and governance.

A vulnerability in Verizon's Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request.

Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway.

 Sam Altman, CEO of OpenAI, has reiterated his call for legal privacy protections for ChatGPT conversations, arguing they should be treated with the same confidentiality as discussions with doctors or lawyers. “If you talk to a doctor about your medical history or a lawyer about a legal situation, that information is privileged,” Altman said. “We believe that the same level of protection needs to apply to conversations with AI.”   Currently, no such legal safeguards exist for chatbot users. In a July interview, Altman warned that courts could compel OpenAI to hand over private chat data, noting that a federal court has already ordered the company to preserve all ChatGPT logs, including deleted ones. This ruling has raised concerns about user trust and OpenAI’s exposure to legal risks.  Experts are divided on whether Altman’s vision could become reality. Peter Swire, a privacy and cybersecurity law professor at Georgia Tech, explained that while companies seek liability protection, advocates want access to data for accountability. He noted that full privacy privileges for AI may only apply in “limited circumstances,” such as when chatbots explicitly act as doctors or lawyers.  Mayu Tobin-Miyaji, a law fellow at the Electronic Privacy Information Center, echoed that view, suggesting that protections might be extended to vetted AI systems operating under licensed professionals. However, she warned that today’s general-purpose chatbots are unlikely to receive such privileges soon. Mental health experts, meanwhile, are urging lawmakers to ban AI systems from misrepresenting themselves as therapists and to require clear disclosure when users are interacting with bots.   Privacy advocates argue that transparency, not secrecy, should guide AI policy. Tobin-Miyaji emphasized the need for public awareness of how user data is collected, stored, and shared. She cautioned that confidentiality alone will not address the broader safety and accountability issues tied to generative AI.  Concerns about data misuse are already affecting user behavior. After a May court order requiring OpenAI to retain ChatGPT logs indefinitely, many users voiced privacy fears online. Reddit discussions reflected growing unease, with some advising others to “assume everything you post online is public.” While most ChatGPT conversations currently center on writing or practical queries, OpenAI’s research shows an increase in emotionally sensitive exchanges.  Without formal legal protections, users may hesitate to share private details, undermining the trust Altman views as essential to AI’s future. As the debate over AI confidentiality continues, OpenAI’s push for privacy may determine how freely people engage with chatbots in the years to come.

Seyfullah Kiliç, who runs the cybersecurity firm SwordSec, uncovered this huge privacy issue. He found these servers without any locks or login steps. Anyone

Stay secure on global business trips. Learn key espionage risks and defenses from Luke Bencie’s expert guide. Explore now.

 Telstra, one of Australia’s leading telecommunications companies, has denied claims made by the hacker group Scattered Spider that it suffered a massive data breach compromising nearly 19 million personal records. The company issued a statement clarifying that its internal systems remain secure and that the data in question was scraped from publicly available sources rather than stolen. In a post on X (formerly Twitter), Telstra emphasized that no passwords, banking details, or sensitive identification data such as driver’s licenses or Medicare numbers were included in the dataset.  The claims originated from a dark web post published on October 3 by a group calling itself Scattered Lapsus$ Hunters, an offshoot of Scattered Spider. The group alleged it had stolen more than 100GB of personally identifiable information, including names and physical addresses, and warned that company executives should negotiate to avoid further data exposure. The attackers claimed the alleged breach took place in July 2023 and threatened to release the data publicly if a ransom was not paid by October 13, 2025. They also asserted possession of over 16 million records contained in a file named telstra.sql, which they said was part of a larger collection of 19 million records.  In a surprising twist, the ransom note also mentioned Salesforce, the global cloud computing company, demanding negotiations begin with its executives. Salesforce swiftly rejected the demand, issuing a statement on October 8 declaring that it “will not engage, negotiate with, or pay any extortion demand,” aligning with global cybersecurity guidelines that discourage ransom payments.  Scattered Lapsus$ Hunters has made similar claims about breaches involving several major corporations, including Qantas, IKEA, and Google AdSense. Cybersecurity intelligence platforms like Cyble Vision have documented multiple previous instances of alleged Telstra data breaches, some dating back to 2022. In one notable case, a threat actor called UnicornLover67 claimed to possess a dataset containing over 47,000 Telstra employee records, including email addresses and hashed passwords. Telstra has previously confirmed smaller breaches linked to third-party service providers, most recently in 2022, affecting around 132,000 customers.  However, cybersecurity analysts remain uncertain whether the current claims represent a fresh breach or a recycling of old data. Experts suggest that previously leaked or publicly available datasets may have been repurposed to appear as new evidence of compromise. This possibility aligns with Telstra’s statement that no recent intrusion has occurred.  The investigation into the alleged breach remains ongoing as the ransom deadline approaches. While Telstra continues to assert that its systems are uncompromised, the persistence of repeated breach claims underscores the growing challenge of misinformation and data reuse in the cybercrime landscape. The Cyber Express has reached out to Telstra for further updates and will continue to monitor the situation as new details emerge.

The Death of Privacy – Why It Matters ---------------------------------------- * Privacy - a fundamental right * Your privacy is being targeted * Protecting your piracy * Stronger Regulations nee...

  Data Breach at Willow Exposes Over 240,000 Customer Records A significant data exposure incident involving the Chicago-based financial technology firm Willow has left the personal details of more than 240,000 customers vulnerable. Willow, which…