Fidaro

An app called Quittr made $500,000 a month helping men quit porn. It exposed 600,000 users’ most intimate data to anyone who knew where to look. Here’s what was actually in that database: - How often each user masturbates. Exact frequency. Logged. - Personal “confessions” about their habits and urges - Their specific triggers. Boredom. Stress. All of it. - Their age. 1 in 6 of those users is a minor. People shared all of this because they were trying to get better. They trusted an app with their most vulnerable moments – and the app wasn’t ready for that responsibility. That’s the real conversation we’re not having. Not “how could they” – but how do we build products worthy of the trust people place in them when they’re at their most honest? Sometimes, the most dangerous data you have isn’t your passwords. It can be as simple as what you typed while you were being honest.

Most AI leaks inside companies don't start with a breach. They start with someone trying to hit a deadline. Here are 5 rules that actually reduce the risk (without slowing your team down) 👇 1. Never paste full contracts, internal reports, or source code into public AI tools. Summarize the problem. Ask about the concept. Keep the specifics off the screen. 2. Remove names, numbers, and company identifiers before you ask a question. You don't need to mention the client to get the answer you need. 3. Don't share login details, API keys, or infrastructure data with AI assistants. Ever. No matter how convenient it seems in the moment. 4. Avoid uploading confidential files unless your company has explicitly approved the system. "It's probably fine" is not an approval process. 5. Treat every prompt like it could be stored, searched, or reviewed later. Because it can. Many leaks start with small pieces of information shared in the wrong place. AI should help your work – not hand your company's data to someone who shouldn't have it.

You didn't upload anything. But you mentioned your cloud vendor, your deployment setup, and why production keeps breaking on Thursdays. The file isn't the only document in the room. The prompt is too.

An AI just found 14 high-severity Firefox vulnerabilities – plus 90 other bugs – that years of human security testing missed. 🛑 That number should make you stop for a second. Anthropic's red team pointed Claude at Firefox's codebase and it didn't just find known vulnerability patterns. It found entire classes of bugs that traditional methods weren't looking for. These weren't new bugs. They'd been sitting there. 22 were serious enough to get formal CVE designations. The other 90 got quietly patched before Firefox 148 shipped. That gap – between "CVE-worthy" and "still silently fixed" – is where a lot of the interesting stuff lives. 👀 Here's the part nobody's really asking: if AI can surface bugs that have evaded human review for years, what does that mean for every other codebase handling your data right now? The answer isn't reassuring. The same tools that found these Firefox bugs exist for anyone with resources and intent. Security researchers. Intelligence agencies. People who are not interested in fixing what they find. Mozilla deserves credit. They fixed everything before ship. That's how this is supposed to work. The question is who's doing this level of analysis on infrastructure that isn't open source – and isn't publishing the results? 🤔 wsj.com/tech/ai/send-u…

The Cl0p group exploited zero-day flaws in Oracle’s E-Business Suite, impacting 100+ organizations. MSG says names and SSNs were compromised. The affected system was hosted by a third-party vendor. By breaking one piece of widely used enterprise software, a single hacker group can compromise over 100 organizations at once. It proves that your security is only as strong as the vendors you trust to hold your data. securityweek.com/madison-square…

An attacker impersonated a civil servant and accessed France’s national bank account registry (FICOBA). Exposed data includes account numbers (IBAN), names, and addresses. No exploit. Just credential abuse. Single-account access can become national-scale risk. timesofindia.indiatimes.com/technology/tec…

The Mexico hack is a masterclass in how a single person with an AI subscription can outwork an entire government’s security team. A lone hacker spent a month convincing Claude Code it was an elite security expert. From there, the AI analyzed the government’s internal data, finding 20 different "unlocked doors," and writing the custom scripts needed to walk right through them. The hacker didn't need to be a coding genius. They just needed to feed the AI enough information to let it do the work. This underscores the need for a much more secure way to use AI. If your sensitive data isn't behind an isolated, encrypted layer, you're essentially giving a hacker a map to your most private systems. securityaffairs.com/188696/ai/clau…

A recent campaign used DeepSeek + Claude to automate attacks on FortiGate VPN devices worldwide. 2,500+ targets. 106 countries. AI generating and executing exploitation steps. AI isn’t just being used to write emails or fake photos anymore. It’s handling the actual work of a break-in, from finding the door to picking the lock. The real danger is a machine that can manage a hundred hacks at once while the attacker just watches the results. cybersecuritynews.com/hackers-levera…

Optimizely has confirmed a data breach after a phishing attack on February 11 allowed attackers to access CRM records and internal documents. With over 10,000 companies relying on the platform – including some of the world's biggest brands – the blast radius is significant. There was no malware or complex exploit kit involved. This likely started with a simple phone call to an employee to bypass security. Modern breaches don't always need a hacker behind a keyboard; they often just need a convincing voice on the other end of the line. The most sophisticated security in the world can still be dismantled by a single human being who is tricked into opening the door. techradar.com/pro/security/t…

A cybersecurity breach has hit MediMap, a medication management platform used by hundreds of aged care and hospice facilities across NZ. The impact is chilling: some patient profiles were reportedly altered, including cases where living patients were incorrectly marked as deceased. Because the system handles prescriptions and medication charts, healthcare workers had to immediately abandon the software and switch to manual paper processes to prevent life-threatening errors. In healthcare, data integrity isn't just about privacy. It's the difference between a patient getting their medicine or a fatal mistake. stuff.co.nz/nz-news/360943…

700+ passport scans of Abu Dhabi Finance Week attendees were exposed online. Affected individuals reportedly include David Cameron, Anthony Scaramucci, and Binance CEO Richard Teng. No sophisticated hack. Just a misconfigured cloud storage bucket managed by a third party. Elite networking. Basic security failure. ft.com/content/b86cef…

6.2M customers affected in the Odido telecom breach. Stolen data reportedly includes names, bank accounts, addresses, phone numbers, emails, and passport/ID details. Attackers allegedly impersonated IT staff to get fraudulent logins approved. Telecom providers sit at the center of our digital identity. They track everything from your location to your bank info, they aren't just a phone service – they’re a one-stop shop for identity thieves. therecord.media/dutch-telecom-…

When vendors fail, the impact becomes national. evrimagaci.org/gpt/conduent-d…

25M+ Americans exposed after a ransomware attack on government contractor Conduent. SSNs, birth dates, addresses, medical data. This wasn’t a breach of one app. It hit backend systems running Medicaid, unemployment, and public benefits.

25M Americans affected. ~15.4M in Texas alone. A breach at Conduent exposed SSNs and health insurance data after months undetected. Most victims never chose this vendor. Your data often lives in systems you never see. That’s where the real risk sits. nypost.com/2026/02/09/bus…

Breach numbers rarely shrink. They only expand as the corporate excuses run out. Coupang is offering vouchers for the "inconvenience," but you can’t buy back the security of a leaked front-door code. timesofindia.indiatimes.com/technology/tec…

Coupang has confirmed that an additional 165,000 users had their personal data exposed, pushing the total impact to approximately 33.8M accounts – nearly 2/3 of South Korea’s population. The leak includes names, phone numbers, delivery addresses, and even door access codes.

When a breach happens, the security failure is clear. But in court, you must prove "actual damages" before a judge will even hear the case. The case might be dismissed, but for 300,000 victims, the risk of their stolen data never expires. reuters.com/legal/governme…

A breach involving 300K+ health records led to a class-action lawsuit. Now, it’s been dropped without prejudice. The exposure didn’t happen at the hospital; it came through Thompson Coburn, a law firm that had access to patient files for legal work.

Hackers take that leaked email and search it against old password leaks to see if they can unlock high-value sites like your bank or Amazon. Worse, your email becomes a "verified lead" for highly targeted phishing. Separate your main email from sign ups securityweek.com/hackers-leak-5…

A coffee, a sandwich, an email address. Panera Bread confirmed a breach exposing ~5.1M customer emails and contact details after attackers failed extortion. The risk isn't just about your lunch order. It's how this data is used for identity stitching.