VulnHub

Real-time Cybersecurity News

US privacy fines skyrocket past $3.4B, Gartner reports

SCM feed for Latest

Overview

In 2022, U.S. states imposed a record $3.45 billion in privacy-related fines on companies, surpassing the total fines levied between 2020 and 2021. This sharp increase reflects growing scrutiny over how businesses handle personal data and comply with privacy regulations. The report by Gartner highlights the rising trend of regulatory actions as states strengthen their privacy laws. Companies across various sectors are feeling the pressure to improve their data protection practices to avoid hefty penalties. The surge in fines indicates a significant shift in enforcement, emphasizing the importance of compliance in today’s digital landscape.

Key Takeaways

  • Action Required: Companies should enhance their data protection practices and ensure compliance with privacy regulations to avoid fines.
  • Timeline: Newly disclosed

Original Article Summary

Privacy-related regulatory penalties imposed by U.S. states on companies reached $3.45 billion last year, which is higher than the combined fines between 2020 and 2024, reports CyberScoop.

Impact

Not specified

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Companies should enhance their data protection practices and ensure compliance with privacy regulations to avoid fines.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher

Infosecurity Magazine

A researcher from Theori, a security firm, has discovered a nine-year-old vulnerability in the Linux kernel using artificial intelligence tools. This flaw could potentially allow attackers to exploit systems running affected versions of the Linux kernel, putting many users and organizations at risk. The vulnerability's age raises concerns about how long it has gone unnoticed and the implications for systems that rely on Linux for their operations. As Linux is widely used across various platforms, including servers and embedded systems, this discovery highlights the need for ongoing vigilance in software security. Users and administrators are encouraged to review their systems and apply any available patches to mitigate the risk associated with this vulnerability.

May 1, 2026

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

Security Affairs

SonicWall has released urgent firmware updates to address three vulnerabilities found in its SonicOS software, which affects Gen 6, Gen 7, and Gen 8 firewalls. These flaws could potentially allow attackers to bypass security controls and gain unauthorized access to restricted services. Users of these firewall models are strongly advised to apply the patches immediately to protect their systems from possible exploitation. The vulnerabilities underscore the importance of keeping security software up to date, as failure to patch could leave networks open to attacks. Companies relying on these firewalls should prioritize this update to safeguard their network environments.

May 1, 2026

US ransomware negotiators get 4 years in prison over BlackCat attacks

BleepingComputer

Two former employees from cybersecurity firms Sygnia and DigitalMint were sentenced to four years in prison for their involvement in BlackCat (ALPHV) ransomware attacks against U.S. companies. These individuals exploited their insider knowledge to facilitate cyberattacks that resulted in significant financial losses for the targeted organizations. The BlackCat ransomware group has gained notoriety for its sophisticated attacks and has been responsible for numerous breaches in recent years. This case underscores the risks posed by insider threats in the cybersecurity landscape, as even trusted employees can engage in malicious activities. The sentences aim to deter similar behavior and reinforce the importance of vigilance within the cybersecurity community.

May 1, 2026

Open-source privacy proxy masks PII before prompts reach external AI services

Help Net Security

Dataiku has introduced Kiji Privacy Proxy, an open-source tool designed to protect sensitive customer information when interacting with external AI services. Many organizations send prompts containing personally identifiable information (PII) to large language models without proper sanitization, risking data exposure. Kiji acts as a local gateway, filtering out customer emails, support transcripts, and other identifying data before requests reach APIs like OpenAI and Anthropic. This tool is particularly relevant for enterprise developers who need to ensure customer privacy while still utilizing advanced AI capabilities. By integrating this proxy, companies can better safeguard user data and comply with privacy regulations.

May 1, 2026

Ukrainian police arrest 3 hackers for hijacking 610,000 Roblox accounts

SCM feed for Latest

Ukrainian police have arrested three individuals, including a 19-year-old, for allegedly hijacking approximately 610,000 accounts on the popular gaming platform Roblox. The suspects reportedly exploited stolen session cookies, allowing them to bypass traditional password protections and gain unauthorized access to user accounts. This incident underscores the risks associated with session management and the potential for significant breaches in online gaming communities. The large number of affected accounts highlights the need for users to be vigilant about their account security and for platforms like Roblox to strengthen their defenses against such attacks. The situation serves as a reminder of the ongoing challenges in protecting digital identities in an increasingly interconnected world.

Apr 30, 2026

Former incident responders sentenced to 4 years in prison for committing ransomware attacks

CyberScoop

Ryan Goldberg and Kevin Martin, both former incident responders, have been sentenced to four years in prison for their involvement in a series of ransomware attacks against five companies in 2023. The duo extorted nearly $1.3 million from one of their victims, showcasing a troubling trend where individuals with cybersecurity expertise turn to criminal activities. This case raises concerns about trust within the cybersecurity community and highlights the ongoing risks of ransomware, which continues to threaten businesses across various sectors. The sentencing serves as a reminder that those who exploit their knowledge for malicious purposes will face serious consequences.

Apr 30, 2026