Global security / privacy / AI risk
ZeroDayDiary is a compact global journal tracking breaches, surveillance shifts, AI governance failures, and privacy-relevant policy changes.
Lead briefing
A 2025 multi-agency update on Akira ransomware highlights continued attacks on critical sectors, with emphasis on edge-device exploitation, credential abuse, remote admin tooling, and faster encryption variants.
Today’s briefings
The EDPB’s 2025 blockchain guidance emphasizes early design decisions, role clarity, DPIAs, data minimisation, and limits on placing personal data into immutable systems.
A joint CISA, FBI, and ASD advisory update says Play ransomware has hit roughly 900 entities and remains active across multiple regions and sectors.
A June 2025 EDPB update combined finalized guidance on third-country authority requests with new AI and data-protection training material, pointing to a more operational privacy-governance agenda.
Latest updates
A 2025 EDPB-backed report on LLM privacy risks focuses on concrete mitigations and real-world deployment scenarios rather than abstract AI principles.
The UK ICO says Reddit processed children’s data unlawfully, failed to implement robust age assurance, and did not complete a relevant DPIA before January 2025.
The UK ICO’s investigations into TikTok, Reddit, and Imgur signaled a broader regulatory focus on recommender systems, age assurance, and how platforms structurally handle children’s data.
The UK ICO fined MediaLab over Imgur’s handling of children’s data, citing absent age checks, unlawful processing of under-13 data, and failure to carry out a DPIA.
CISA and partner agencies say Interlock ransomware activity is affecting businesses and critical infrastructure, with current guidance focused on access control, segmentation, patching, and phishing defense.
A monitoring note on three public signals worth following across student cyber safety, AI workplace tooling risk, and privacy governance.
Categories
5 entries
Breaches, vulnerabilities, exploit activity, ransomware, and systemic security failures.
7 entries
Data misuse, tracking changes, surveillance expansion, and privacy enforcement developments.
5 entries
Model misuse, safety regressions, governance gaps, and deployment-driven AI risk.
6 entries
Regulation, enforcement, standards, court action, and institutional accountability.
3 entries
Cloud, telecoms, transport, public systems, and critical infrastructure risk developments.
1 entries
Biometrics, monitoring systems, identity correlation, and public/private observation systems.