We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

URL has been copied successfully!
Privacy Roundup: Week 13 of Year 2025
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Privacy Roundup: Week 13 of Year 2025

by

Andy Stern
in

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

This is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user’s devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed. Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or “popular” stories.

You can get immediate notification of when this series is published (every Monday) by subscribing to the RSS feed or signing up for the newsletter

Privacy Tip of the Week

Using a private search engine is a good way to begin improving your privacy. Private search engines generally avoid connecting users to their searches.

Surveillance Tech in the News

up close view of camera lens This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy. Madison Square Garden’s surveillance system banned this fan over his T-shirt design The Verge This pretty much boils down to a company leveraging data aggregation (whether first-party or third-party, but likely both) to ban a guy for life from its venues. In other words, based on data they had on this individual, they determined they do not want him on its properties – even though he himself had never “did anything” on their properties.

Privacy Tools and Services

Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com

Privacy Tools

fingerprint scan on blue background “MyTerms” wants to become the new way we dictate our privacy on the web ArsTechnica “MyTerms” (draft standard IEEE P7012) is a proposed standard for machine readable personal privacy terms. Generally speaking, you as the user could preset a “contract” for web properties you visit that inform the website which information you will and will not offer for access to content/services. The website will presumable being able to 1) work with that contract, 2) modify (or serve up and alternate version) of itself to meet the user terms, and/or 3) tell you it can’t meet the terms of the contract. This is a large departure from things like Do Not Track (DNT) – DNT is a request sent via HTTP header that the website does not have to follow or even acknowledge. MyTerms is designed to be a demand versus a request. Privacy Without Compromise: Proton VPN is Now Built Into Vivaldi Vivaldi Vivaldi integrates ProtonVPN natively into its desktop version of its browser. A smarter VPN experience: Introducing the Mozilla VPN extension for Windows Mozilla Mozilla releases a VPN extension for its VPN service that supposedly lets users choose which websites to enable/disable VPN or choose a different VPN server location. As of writing this extension is for Firefox (or Gecko-based) installations on Windows. Organic Maps update improves user navigation experience AlternativeTo Organic Maps, an alternative to Apple Maps and Google Maps, has introduced split screen mode, enhanced routing algorithms for cyclists, individual track sharing, and flexible route planning. Messaging editing, deletion and saving now available Deltachat blog Deltachat has rolled out the ability for users to: forward messages edit and delete messages sync messages across devices save messages Pale Moon browser now accessible via Microsoft Store AlternativeTo The Pale Moon browser is now available on the Microsoft Store. The browser also recently released version 33.6.1, which focuses on security and bug fixes.

Privacy Services

data and storage concept orange and yellow tiles Ente Photos v1 ente blog Ente has released version 1.0 of its photos app. Proton Drive and Docs now support collaboration with users without Proton accounts Proton Proton users can now collaborate on documents with anyone — including those without Proton accounts. Successful security assessment of our Android app Mullvad Mullvad’s Android app has successfully passed the Mobile Application Security Assessment (MASA), conducted by NCC Group. Multihop now available on Android Mullvad Mullvad has introduced its server multihop feature to its Android client. DAITA version 2 now available on all platforms Mullvad Mullvad has rolled out version of their “Defense Against AI-guided Traffic Analysis” (DAITA) model. Version 2 reduces traffic overhead and introduces dynamic configurations varying VPN tunnel characteristics.

Vulnerabilities and Malware

Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.

Vulnerabilities

padlock with bullet hole on circuit board Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783) Qualys Researchers at Qualys have discovered an actively exploited zero-day in Chromium. Tracked as CVE-2025-2783, this vulnerability, when exploited, could allow attackers to bypass Chromium’s sandbox. Google has addressed this vulnerability in version 134.0.6998.177/.178 for Windows. This vulnerability is not just limited to Chrome – it affects all Chromium-based browsers. Users running a Chromium fork (which includes popular browsers such as Brave, Vivaldi, among others.) Mozilla patches Firefox bug ‘exploited in the wild,’ similar to bug attacking Chrome TechCrunch Firefox version 136.0.4 fixes a vulnerability, tracked as CVE-2025-2857, that when exploited could lead to a sandbox escape. This vulnerability was exploited in the wild and only affects Firefox on Windows.

Note: This vulnerability is similar to a sandbox escape (CVE-2025-2783) for Chrome. New Ubuntu Linux security bypasses require manual mitigations Bleeping Computer Three security bypass vulnerabilities have been discovered in Ubuntu’s unprivileged user namespace restrictions. A local unprivileged user can create user namespaces with full administrative privileges. The local attacker could then exploit vulnerabilities in various kernel components.

Malware

red virus detection on dark background Microsoft Trusted Signing service abused to code-sign malware Bleeping Computer Threat actors are abusing the Microsoft cloud service Trusted Signing…

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2025/03/privacy-roundup-week-13-of-year-2025/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Privacy Roundup: Week 11 of Year 2025
  2. Privacy Roundup: Week 3 of Year 2025
  3. Privacy Roundup: Week 7 of Year 2025
  4. Privacy Roundup: Week 12 of Year 2025