u/caramel_member

Week 27 | cybersecurity - technology - privacy news recap

Week 27 | cybersecurity - technology - privacy news recap

u/caramel_member — 3 days ago
▲ 13 r/nordvpn

High-five to our awesome contributors!

A lot of long-time members here know how this works by now: when someone consistently adds value to the subreddit, we like to make sure it gets recognized.

During the last few months, this community has had plenty of useful discussions from NordVPN features and app changes to bugs, fixes, setup tips, and broader online privacy topics. Many of you contributed helpful insights, but a few people especially caught our attention:

  • u/WhatSoupGuy - your guide was exactly the kind of post that makes a community useful. You didn’t just say “something is broken,” you dug into the issue, found the likely cause, laid out what didn’t work, and shared clear steps that helped others get their systems back to normal. That kind of practical troubleshooting is a real win for everyone here.
  • u/Drklf - thanks for pushing through the CPU usage issue and turning a frustrating support back-and-forth into something useful for the community. Sharing the workaround gave people something concrete to try while the issue is being worked on. That kind of follow-through matters.

You two, please check your inboxes. There’s a small “thank you” from the mod team waiting for you.

For everyone else: the digital privacy space keeps changing, and having a solid community around it makes a real difference. This subreddit is a place where people exchange practical advice, flag issues, and help each other stay safer online. That’s worth continuing.

So let’s keep asking questions, sharing solutions, comparing notes, and making this place useful for everyone.

reddit.com
u/caramel_member — 6 days ago

Week 26 | cybersecurity - technology - privacy news recap

u/caramel_member — 10 days ago

Week 25 | cybersecurity - technology - privacy news recap

u/caramel_member — 17 days ago

Moderation transparency - what gets removed and why

Recently we’ve been receiving feedback that moderators unnecessarily remove comments or posts, so we’d like to provide some clarification.

Negative feedback, legitimate complaints, and criticism are not removed simply because they are negative. Community members are free to share their experiences, including issues they have had with the service.

Beyond community rule violations, we may remove posts that lack essential details, make unsupported claims, appear promotional or coordinated, or don’t provide community enough information to understand or investigate the issue.

When posting about any issue you’re dealing with, please include:

  • A clear description of what happened
  • What NordVPN support said about the issue
  • Your OS, protocol, or relevant server details
  • The troubleshooting steps you already tried
  • Screenshots, error messages, or other relevant evidence

Low effort statements such as ‘Nord just no longer works’ or ‘VPN issue’ do not provide enough context to assess what happened, and can appear like farming for upvotes, rather than seeking help or encouraging a constructive discussion. 

Many of our OG contributors regularly spend their own time sharing their technical expertise and helping others resolve problems. Detailed posts allow them to provide meaningful assistance instead of having to guess.

Moderation decisions are based on the content and context of the submission, not whether it is positive or negative.

Bot comments / affiliate promotion / repetitive claims, and VPN shilling are common here. Our community would quickly become a mess if the automod/mods did not do their job. Therefore, when a post or comment appears to have been created without a reasonable basis and contains no supporting details, it may be removed.

So folks, please be mindful and respect each other's time!

reddit.com
u/caramel_member — 17 days ago
▲ 23 r/nordvpn

NordVPN now offers dedicated VPN servers

This is a new add-on for users who need more control than a regular VPN connection or Dedicated IP can offer. With a dedicated VPN server, you get a private VPN node that is used only by you, with its own static IP, dedicated hardware resources, and port forwarding support.

A dedicated server gives you:

  • A static IP address used only by you
  • Dedicated resources: 1 vCPU, 4 GB RAM
  • Up to 1 Gbps dedicated speed
  • 4 TB/month bandwidth
  • Port forwarding
  • Support for up to 10 devices

The main difference from standard NordVPN servers is that both the server and IP are not shared with other users. That can mean better control over IP reputation, and more customization options.

It is also different from NordVPN’s Dedicated IP. Dedicated IP gives you a personal, static IP address, but it still runs on shared infrastructure and does not include port forwarding. A dedicated server gives you the private IP, the server hardware resources, and the ability to forward ports.

This could be useful if you want to:

  • Access home devices, NAS, cameras, or a home lab while away
  • Reach services running on your home or office network
  • Use a static VPN IP for workflows where IP reputation matters
  • Set up remote access without opening your real network directly to the internet

Setup is handled through your NordAccount. You buy the dedicated server add-on, choose a server location, and then connect through the NordVPN app using NordLynx.

A dedicated server is probably worth considering if you need port forwarding, a static IP, or want to protect the real IP of a hosted service. For everyday browsing privacy, streaming while traveling, or switching between different VPN protocols, regular NordVPN servers are still the better fit.

More info is available on Nord’s blog: https://nordvpn.com/blog/nordvpn-dedicated-server/ 

reddit.com
u/caramel_member — 18 days ago

Week 24 | Cybersecurity - technology - privacy news recap

u/caramel_member — 24 days ago

NordVPN rolled out its Call Protection feature for iOS users

Some of you may have already seen previous posts about how the feature works on Android. This update is worth highlighting separately because iOS rollouts can take longer due to Apple’s stricter platform permissions, App Store review process, and the way call identification features need to integrate with iOS settings.

In practical terms, Call Protection is designed to help identify potentially suspicious incoming calls before you answer. According to NordVPN, the feature checks caller info against scam and spam indicators, but does not access or store call audio or call content. It also works even when the VPN connection itself is not active.

So, if you’re on iOS, you can enable it here: 
iPhone settings > Phone > Call Blocking & Identification > NordVPN – Call identification. 

Given how common scam calls have become, I think this is a useful addition. I personally received two suspicious calls last week, so I can see real value in having another layer of warning before picking up.

One important note: Call Protection is not included in every NordVPN plan. If you are on the Basic plan, you may not have access to it. So if this feature matters to you, it may be worth checking whether your current subscription includes it before trying to enable it.

NordVPN’s full article is here: https://nordvpn.com/blog/call-protection/ 

My main takeaway: this is a meaningful step beyond traditional VPN protection. Scam attempts are no longer limited to websites, emails, or malicious links, they increasingly happen through phone calls too. Call Protection seems like an additional NordVPN’s toward covering that part of the threat surface as well.

reddit.com
u/caramel_member — 25 days ago

Week 23 | Cybersecurity - technology - privacy news recap

u/caramel_member — 1 month ago

Week 21 | Cybersecurity - technology - privacy news recap

A CISA contractor exposed plaintext credentials in public GitHub spreadsheets, including reportedly valid access tokens and cloud keys for CISA and DHS systems. Source: https://techcrunch.com/2026/05/19/us-cyber-agency-cisa-exposed-reams-of-passwords-and-cloud-keys-to-the-open-web/

GitHub confirmed that roughly 3,800 internal repositories were breached after an employee installed a malicious VS Code extension. Source: https://thehackernews.com/2026/05/github-internal-repositories-breached.html

Cisco patched another actively exploited Catalyst SD-WAN zero-day, CVE-2026-20182, the sixth Cisco SD-WAN flaw reported as exploited in 2026. Cisco Talos said the vulnerability was used in limited targeted attacks by a sophisticated threat actor that attempted to add SSH keys, modify NETCONF configurations, and escalate to root privileges. Source: https://www.securityweek.com/cisco-patches-another-sd-wan-zero-day-the-sixth-exploited-in-2026/

Microsoft is changing Edge so the browser no longer loads saved passwords into process memory in clear text at startup. The change follows a public disclosure by a security researcher, who showed that Edge decrypted stored credentials on launch and kept them in memory even when not in use. Microsoft initially said the behavior was “by design,” but later described the fix as a defense-in-depth improvement that will roll out across supported Edge channels. Source: https://www.pcmag.com/news/microsofts-edge-drops-plaintext-password-loading-after-backlash

Discord has enabled end-to-end encryption by default for voice and video calls, covering DMs, group DMs, voice channels, and Go Live streams across major platforms. Stage channels are excluded, and Discord says it has no current plans to extend E2EE to text messages due to how its text systems were built. Source: https://www.bleepingcomputer.com/news/security/discord-rolls-out-end-to-end-encryption-on-voice-video-calls/

NYC Health + Hospitals disclosed a breach affecting at least 1.8 million people after hackers accessed its network from November 2025 to February 2026 via an unnamed third-party vendor. Stolen data included medical, insurance, billing, identity, geolocation, and biometric information, including fingerprints and palm prints. Source: https://techcrunch.com/2026/05/18/nyc-health-and-hospitals-says-hackers-stole-medical-data-and-fingerprints-during-breach-affecting-at-least-1-8-million-people/ 

Japan-based hotel check-in system Tabiq exposed over 1 million passports, driver’s licenses, and selfie verification photos through a publicly accessible Amazon storage bucket. Reqrea secured the bucket and plans to notify affected individuals once it completes its investigation.. Source: https://techcrunch.com/2026/05/15/a-hotel-check-in-system-left-a-million-passports-and-drivers-licenses-open-for-anyone-to-see/

INTERPOL’s Operation Ramz seized 53 phishing, malware, and fraud servers across the Middle East and North Africa, leading to more than 200 arrests and the identification of 382 suspects in 13 countries. Recovered intelligence revealed at least 3,867 confirmed victims, while authorities also disrupted investment scams, phishing-as-a-service activity, and malware-infected infrastructure. Source: https://www.pcgamer.com/software/security/interpols-operation-ramz-has-arrested-over-200-people-for-phishing-scams-malware-threats-and-all-sorts-of-internet-neer-do-well-behaviour/

u/caramel_member — 1 month ago

Week 19 | Cybersecurity - technology - privacy News recap

  • A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. The threat actor advertises Claude-Pro as a "high-performance relay service designed specifically for Claude-Code" developers. The fake website is a simplistic attempt at mimicking the legitimate site for the popular Claude large language model (LLM) and an AI assistant, using similar colors and fonts. Source: https://www.bleepingcomputer.com/news/security/fake-claude-ai-website-delivers-new-beagle-windows-malware/
  • Pennsylvania has sued the maker of Character.AI, alleging that it violated state law by presenting an AI chatbot character as a licensed doctor. The lawsuit was filed in a state court by the Pennsylvania Department of State and State Board of Medicine. “The department’s investigation found that AI chatbot characters on Character.AI claimed to be licensed medical professionals, including psychiatrists, available to engage users in conversations about mental health symptoms,” Governor Josh Shapiro’s office said today in an announcement of the lawsuit. “In one instance, a chatbot falsely stated it was licensed in Pennsylvania and provided an invalid license number.” Source: https://arstechnica.com/tech-policy/2026/05/character-ai-sued-over-chatbot-that-claims-to-be-a-real-doctor-with-a-license/
  • Google is updating search to refine its AI experience by adding additional context to links, like excerpts from web forums and blogs, as well as a feature that highlights links from a user’s news subscriptions. While citing web forums and discussion boards can help users find answers to more niche queries, this design choice could also prove chaotic. Source: https://techcrunch.com/2026/05/06/google-updates-ai-search-to-include-expert-advice-from-reddit-and-other-web-forums/
  • The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million records tied to students and staff from 8,809 colleges, school districts, and online education platforms. Instructure is a cloud-based education technology company best known for its Canvas learning management system, which schools and universities use to manage coursework, assignments, grading, and communication. Last Friday, Instructure disclosed that it was investigating a cyberattack and later revealed that it had suffered a data breach, during which users' names, email addresses, and private messages were exposed. Source: https://www.bleepingcomputer.com/news/security/instructure-hacker-claims-data-theft-from-8-800-schools-universities/
  • Some age-verification systems are no match for enterprising children, who have found that drawing on a fake mustache with a makeup pencil is enough to skirt the blocks of adult websites. U.K.-based nonprofit Internet Matters surveyed a thousand children about age-verification checks online, and about half said that age checks were easy to bypass. Source: https://techcrunch.com/2026/05/06/some-kids-are-bypassing-age-verification-checks-with-a-fake-mustache/
  • While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security. In the wake of the ClawdBot fiasco — the viral self-hosted AI assistant that’s averaging an eye-watering 2.6 CVEs per day — the Intruder team wanted to investigate how bad the security of AI infrastructure actually is. Source: https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html
  • An appeals court today struck down federal rules that prohibit discrimination in access to broadband services, delivering a victory to telecom and cable lobby groups. The court ruling was welcomed by Federal Communications Commission Chairman Brendan Carr, who voted against the Biden-era rules when they were approved in 2023. The FCC exceeded its legal authority by imposing liability for actions that result in “disparate impact,” instead of merely policing “disparate treatment,” said a ruling by from the US Court of Appeals for the 8th Circuit. The FCC also exceeded its authority by applying the rules to entities that don’t directly offer Internet service to subscribers, according to the ruling issued unanimously by three judges appointed by Republican presidents. Source: https://arstechnica.com/tech-policy/2026/05/court-strikes-down-fcc-anti-discrimination-rule-opposed-by-internet-providers/
u/caramel_member — 2 months ago

IT budgets are getting blown out as some companies increasingly spend more on AI than on employees' salaries. Source: https://www.axios.com/2026/04/26/ai-cost-human-workers 

A growing number of PlayStation 4 and PlayStation 5 users have reported that new digital purchases on each console have introduced DRM requiring online activation every 30 days. Source: https://www.videogameschronicle.com/news/playstation-has-seemingly-added-a-30-day-drm-check-to-all-newly-purchased-digital-ps4-and-ps5-games/ 

Earlier this year, a federal probe into whether Meta's WhatsApp service can access encrypted messages was abruptly shut down, according to two people familiar with the matter. The closure cut short an investigation that had raised technical questions about how the service handles user data behind the scenes. Source: https://www.techspot.com/news/112232-federal-agent-whatsapp-encryption-lie-investigation-shut-down.html 

After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts via the default Mail app. Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-iphone-users-to-re-enter-credentials-after-outlook-outage/ 

The confidential health records of half a million British volunteers have been offered for sale on Chinese website Alibaba, the UK government has confirmed. Source: https://www.theguardian.com/technology/2026/apr/23/private-health-records-uk-biobank-chinese-website-alibaba 

“Yesterday afternoon, an AI coding agent — Cursor running Anthropic's flagship Claude Opus 4.6 — deleted our production database and all volume-level backups in a single API call to Railway, our infrastructure provider,” sums up the PocketOS boss. “It took 9 seconds.” Source: https://www.tomshardware.com/tech-industry/artificial-intelligence/claude-powered-ai-coding-agent-deletes-entire-company-database-in-9-seconds-backups-zapped-after-cursor-tool-powered-by-anthropics-claude-goes-rogue 

Claude AI agent’s confession after deleting a firm’s entire database: ‘I violated every principle I was given’: https://www.theguardian.com/technology/2026/apr/29/claude-ai-deletes-firm-database 

Electric motorcycles from Zero Motorcycles and electric scooters from Yadea are affected by vulnerabilities that, if exploited, could have a physical security and safety impact. Source: https://www.securityweek.com/electric-motorcycles-and-scooters-face-hacking-risks-to-security-and-rider-safety/ 

Vibe coding will break your company: https://www.forbes.com/sites/jasonwingard/2026/04/23/vibe-coding-will-break-your-company/ 

Google has reportedly signed a deal with the US Pentagon to use its artificial intelligence models for classified work. The tech company joins a growing list of Silicon Valley firms inking agreements with the US military. Source: https://www.theguardian.com/technology/2026/apr/28/google-classified-ai-deal-pentagon 

The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. Source: https://www.bleepingcomputer.com/news/security/hackers-arrested-for-hijacking-and-selling-610-000-roblox-accounts/ 

u/caramel_member — 2 months ago

u/caramel_member — 2 months ago