Independent cybersecurity / privacy / AI risk journal
ZeroDayDiary tracks the security, privacy, surveillance, infrastructure, and AI developments that matter — with archive-first briefings designed to stay useful after the news cycle moves on.
Lead briefing
CISA has added CVE-2025-68613, an n8n improper control of dynamically managed code resources vulnerability, to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation.
Today’s briefings
ESET says APT28 has used BEARDSHELL, SLIMAGENT, and a heavily modified COVENANT framework to maintain long-term surveillance of Ukrainian military targets while abusing legitimate cloud storage services for command and control.
The FTC is seeking public comment on whether and how it should update its Negative Option Rule, reopening a policy battle over recurring billing, consent, and hard-to-cancel subscription models after years of complaints and contested rulemaking.
Researchers disclosed nine cross-tenant flaws in Google Looker Studio that could have enabled arbitrary SQL queries, data exfiltration, and destructive actions across victims’ cloud-connected data sources before Google patched them.
Latest updates
The FTC says it is sending more than $47.2 million to renters affected by Invitation Homes’ undisclosed fees and other unlawful charges, showing how housing-related consumer protection cases can end in large-scale financial remediation rather than just settlement headlines.
Google says a cryptocurrency firm was breached after a developer transferred a trojanized file from a personal device to a work device via AirDrop, enabling UNC4899 to pivot into cloud infrastructure and steal millions in digital assets.
CISA and international partners say attackers are actively exploiting Cisco SD-WAN systems and urge organisations to inventory assets, patch immediately, collect forensic artifacts, and hunt for compromise.
EU privacy regulators say the Digital Omnibus proposal can simplify compliance, but warn that narrowing the definition of personal data would weaken data protection.
The EDPB has signed a joint Global Privacy Assembly statement warning that AI-generated imagery and video can create serious privacy, dignity, and safety harms when real people are depicted without consent.
A coordinated European enforcement action found recurring problems with how organisations handle GDPR erasure requests, including weak procedures, inconsistent deletion practices, and difficulties around backups and anonymisation.
Topics
13 entries
Cybersecurity briefings on breaches, exploited vulnerabilities, ransomware, incident response, and systemic security failures.
12 entries
Privacy briefings on data misuse, tracking changes, surveillance harms, regulator action, and data rights enforcement.
7 entries
AI risk briefings on model misuse, deployment failures, safety regressions, governance gaps, and synthetic-media harms.
16 entries
Governance briefings on enforcement, standards, court action, regulator opinions, institutional accountability, and policy shifts.
7 entries
Infrastructure briefings on cloud, telecoms, public systems, network edge, and critical infrastructure risk developments.
1 entries
Surveillance briefings on biometrics, monitoring systems, identity correlation, tracking technology, and public or private observation systems.