One self-hosted DNS server. Every device protected — at home and anywhere in the world. Here is a slightly terrifying, yet fun fact most people do not know: every time anyone in your household opens a browser, your Internet Service Provider (ISP) sees exactly which website they are visiting — before the page even loads. Not because they hacked your
Category: Compliance and Privacy
GDPR, CCPA, HIPAA, PCI-DSS, SOC 2, ISO 27001, NIST, DORA, NIS2, data privacy, data protection, privacy policy, compliance audit, regulatory compliance, data governance, DPO, data processing agreement, right to erasure, data residency, privacy by design, AI Act, EU AI Act, digital identity, eIDAS, cookie consent, consent management, PECR, data localisation, breach notification
Microsoft strips EXIF metadata from Teams images to protect employee privacy
On March 2026’s feature rollout, Microsoft updated Teams to automatically remove EXIF metadata from images shared in chats and channels. The change aims to prevent accidental leaks of GPS coordinates, device details, and time stamps—data that can be exploited for targeted attacks or unwanted location disclosure. The move is part of a broader push to bake privacy and security into
Prevent Accidental Exposure of Non-Production Power Pages Sites — New Admin Governance Controls (Microsoft Power Platform)
When teams build or test Power Pages sites in trial or developer environments, there’s a risk those unfinished or sensitive sites could be made public by mistake. Microsoft has added a simple governance control in the Power Platform admin center (PPAC) that helps tenant admins prevent non-production sites from being switched to public—giving organizations an easy guardrail while leaving production
Anthropic’s Claude Mythos Leak: When Pre-Release Secrets Meet Cybersecurity Risk
Anthropic recently found itself at the center of an avoidable but consequential security incident: leaked internal drafts revealing the existence of an unreleased, high-capability model called “Claude Mythos.” The exposure—rooted in an unsecured, publicly searchable data cache—pulled back the curtain on product plans, internal risk assessments, and even references to an exclusive executive event. For organizations building powerful AI, the
AstraZeneca Allegedly Targeted by LAPSUS$ — Claims of a 3GB Internal Data Dump
A known hacking collective identifying as LAPSUS$ has posted claims that it obtained and is attempting to sell a 3GB .tar.gz archive allegedly containing AstraZeneca internal data. As of the reports dated March 20, 2026, AstraZeneca had not issued a public statement confirming or denying the claim. What the threat actors presented The actors published teasers and screenshots on breach
Aura Exposed: When 900,000 Marketing Contacts Turned Into a Security Crisis
Aura, the consumer digital safety company known for identity protection and fraud monitoring, recently confirmed a data breach that exposed nearly 900,000 marketing contacts. What seems like a single shocking number actually reveals deeper problems: legacy data inherited through acquisitions, the continued effectiveness of social-engineering attacks, and the tricky line between marketing lists and active customer records. This incident is