Privacy Roundup: Week 8 of Year 2025
This is a news item roundup of privacy or privacy-related news items for 16 FEB 2025 – 22 FEB 2025. Information and summaries provided here are as-is for warranty purposes.
Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user’s devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed.
Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or “popular” stories.
Privacy Tip of the Week
If you’re filling out a field in a form, double check the field you’re filling out is actually required. Avoid giving more data than needed.
Surveillance Tech in the News
This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy.
X now blocks Signal contact links, flags them as malicious
Bleeping Computer
Twitter/X has started flagging signal.me links, a URL used by Signal to share account information with someone else, as malicious.
DeepSeek found to be sharing user data with TikTok parent company ByteDance
MalwareBytes
A South Korean agency claims to have found evidence that DeepSeek is “secretly sharing data with” ByteDance (the parent company of TikTok). Allegedly, every time the user opens the DeepSeek app, it transmits information to ByteDance servers.
Privacy Tools and Services
Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com
Privacy Tools
Pi-hole Blog
Pi-hole version 6 introduces multiple changes. Most notably, it eliminates the need for lighttpd and php by using a new REST API and embedded web server into the pihole-FTL binary. Version 6 also introduces subscribed allowlists, consolidated configuration files (which streamlines configuration management), a redesign user interface, and native HTTPS support.
Mozilla
Firefox version 135.0.1 features bug fixes and a fix for a high-severity memory safety bug, that if exploited, could allow running arbitrary code.
Replacing balenaEtcher with Rufus as installer for Windows
Tails
Tails no longer recommends balenaEtcher in its installation instructions for Windows. This change came about due to a 2024 change in balenaEtcher; specifically, the tool allegedly shares the file name of the image and model of the USB stick with Balena and possibly with third parties.
Tails will now recommend Rufus (developed by Akeo Consulting).
Privacy Services
Key rotation issue fix in IVPN iOS app – update required
iVPN
iVPN fixes a potential DNS leak issue in its iOS app that could occur during WireGuard key rotation.
Privacy-focused messaging app Threema finally introduces emoji reactions in latest update
AlternativeTo
Threema introduces emoji reactions, a long-requested feature by users.
ente Blog
Ente releases version 0.9.98 of Ente Photos. This version includes light mode for desktop, album deep links (links to albums will open on the app instead of the browser), the ability to search shared photos, adding faces to contacts (in a privacy-preserving and respecting way), and an end-to-end encrypted video streaming beta.
Vulnerabilities and Malware
Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.
This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.
Vulnerabilities
Stable Channel Update for Desktop
Google Chrome Releases
Chrome version 133 introduces security fixes for 2 high severity vulnerabilities and 1 medium severity vulnerability.
Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466
Qualys
This is especially relevant for anyone who self-hosts or uses cloud services, as to manage services/servers frequently involves using SSH.
CVE-2025-26465. A machine-in-the-middle attack where the client may accept the attacker’s key instead of the legitimate server’s key. This could enable interception or tampering with the session without knowledge of the user; this could also result in manipulating sensitive data and/or hijacking sesssions. Requires VerifyHostKeyDNS option to be set to “yes” or “ask”.
CVE-2025-26466. This is a pre-authentication denial of service attack; it eats up system resources, such as memory and CPU, that could make completing legitimate requests difficult or impossible. When exploited, this could result in a denial of service, which could cause service outages and make managing the affected servers difficult during the duration of attack.
These vulnerabilities have been addressed in OpenSSH version 9.9p2. Users are encouraged to update their servers and clients ASAP.
Malware
Hundreds of US Military and Defense Credentials Compromised
Infosecurity Magazine
Infostealer malware has allegedly compromised credentials from defense contractors and the US army and navy. This implies that at some point these employees/contractors/military members downloaded malware onto devices used for work.
XCSSET macOS malware returns with first new version since 2022
The Register
First resurgence of XCSSET since 2022, used in limited attacks as of writing. This is a malware that primarily targets macOS (and even more specifically, Apple developers), stealing information from digital wallets, Notes, and accessing data system files.
SecTopRAT bundled in Chrome installer distributed via Google Ads
MalwareBytes
Threat actors continue to use Google Ads to distribute malware. In this particular campaign, the bait is Google Chrome; users who click the malicious Google Ad links are directed to a malicious page. When the “Google Chrome Installer” is downloaded, it also drops SecTopRAT as a payload.
Google Docs used by infostealer ACRStealer as part of attack
MalwareBytes
Malware-as-a-service ACRStealer has been observed abusing legitimate platforms like Google Docs or Steam to read what a C2 domain is. Threat actors input the C2 name on the Google Doc; when the malware installed on the victim device makes a call to the C2 server, the traffic appears as going to…
*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoid The Hack!. Read the original post at: https://avoidthehack.com/privacy-week8-2025
