NEW, by me: Uzbekistan exposed its nationwide license plate surveillance system to the web, no password needed. The system reveals around a hundred locations around the country where banks of cameras have been placed, including big cities and rural areas. The system contains raw video footage of millions of vehicles and their occupants.

TechCrunch

Exclusive: Inside Uzbekistan's nationwide license plate surveillance system

The Uzbek government's national license plate scanning system was discovered exposed to the internet for anyone to access without a password.

Are you a security researcher or journalist? We want to hear from you — please take this survey! @npub1umr5...0yvm at DataBreaches, and yours truly at ~ this week in security ~ are running this survey to better understand the state of legal demands and criminal threats in cybersecurity.

Survey about legal and criminal threats experienced by journalists and security researchers

Absolute horror story of a long-time Apple customer who was locked out of their devices and account with no recourse after redeeming a suspected bad gift card. Gift card scams are on the rise & increasingly difficult to spot, and can have devastating consequences.

~this week in security~

Apple nuking a customer's account over a bad gift card is a warning for everyone

One long-time Apple customer was left with no recourse after a bad gift card triggered a full account and device lock-out.

Online casino and betting site Stake.com has emailed customers saying their data was stolen during Mixpanel's breach. Stake says customers' username, email address, date of birth and phone number were compromised. That's now OpenAI, CoinTracker, SwissBorg, SoundCloud, and Pornhub known to be affected so far. View quoted note →

One of those stupid autonomous Uber Eats delivery robots in our neighborhood looks like it got stuck in cold weather, frozen to the ground, not moving. The future, everyone.

I'm thrilled to have been featured in the EFF's Breachies for uncovering security lapses in the info-sharing app TeaOnHer and stalkerware app Catwatchful, along with TechCrunch's security desk's coverage of data breaches at Blue Shield of California, PowerSchool, TransUnion, and more. Thanks, EFF!

Electronic Frontier Foundation

The Breachies 2025: The Worst, Weirdest, Most Impactful Data Breaches of the Year

Another year has come and gone, and with it, thousands of data breaches that affect millions of people. The question these days is less, Is my info...

This looks like a particularly spicy shituation affecting Cisco customers: • 10/10 severity zero-day bug in popular Cisco products • Cisco says China is exploiting bug to hack customers • Cyberattacks discovered on Dec. 10; disclosed today • No patches yet. Compromised devices must be wiped

TechCrunch

Cisco says Chinese hackers are exploiting its customers with a new zero-day | TechCrunch

Cisco said it discovered a Chinese hacking campaign targeting its customers by exploiting a zero-day in some of the company's most popular pro...

Coupang, aka "Asia's Amazon," filed its data breach 8-K; blames a former employee who "may have obtained the name, phone number, delivery address, and email address associated with up to 33 million customer accounts, and certain order histories for a subset of the impacted accounts." The 8-K was signed by Coupang's new CEO, Harold Rogers, who replaced Park Dae-jun after his resignation following the massive data breach. Filed here:

cpng-20251215