EU Privacy Battles, North Korean Hacks & Red Hat Breaches
From California's new privacy laws to North Korea’s record-setting crypto thefts and Red Hat's security breach, this week’s cybersecurity news highlights growing concerns over digital privacy, state-sponsored hacking, and tech company accountability in safeguarding user data.
Red Hat Confirms Security Breach: 570GB of Data Stolen from GitLab Instance
Red Hat has confirmed a security breach in one of its self-hosted GitLab instances, where a hacker, identified as the Crimson Collective, claims to have stolen nearly 570GB of data from 28,000 private repositories. While Red Hat maintains that no personal customer data or critical infrastructure was exposed, the stolen files include sensitive customer engagement reports (CERs) containing network configurations, credentials, and troubleshooting details, potentially compromising downstream customers in sectors like banking, government, and telecommunications.
The attacker has allegedly exploited authentication tokens to access customer infrastructures, though Red Hat insists the breach did not affect its core products or supply chain. Despite the breach, the company has already taken steps to secure its systems and prevent further unauthorized access.
New Records in Crypto-Thefts? North Korean Hackers Rake in $2 Billion in Stolen Crypto in 2025
North Korean hackers, under the state-backed Lazarus Group, have shattered records again, stealing over $2 billion in cryptocurrency this year alone, bringing their total haul to $6 billion. With a heavy focus on targeting crypto exchanges, the hackers have become increasingly sophisticated in their methods, using advanced social engineering and malware to exploit weaknesses.
The largest breach of 2025 so far occurred at Dubai’s Bybit exchange, where $1.46 billion was stolen through a sophisticated malware attack. North Korea’s crypto thefts now represent around 13% of the country’s estimated GDP, underscoring the scale of the cyber threat. As the hackers refine their laundering techniques, crypto investors and organizations with large digital asset holdings are urged to ramp up their security and stay alert to emerging threats, including targeted malware like NimDoor, which can bypass protections on both Mac and Windows devices.
California’s New "Opt Me Out" Law Gives Consumers a One-Click Way to Protect Their Privacy
California has taken another step in leading the nation on privacy protections with the signing of Assembly Bill 566, also known as the California Opt Me Out Act. Starting in 2027, the law will require web browsers to include a built-in feature that allows consumers to easily opt out of having their browsing data sold, eliminating the need for users to opt out on every website individually. This law, an amendment to the California Consumer Privacy Act (CCPA), is designed to simplify privacy rights for Californians, giving them more control over their personal data with just a click.
While this shift is seen as a victory for privacy, experts predict it could significantly impact online advertising and marketing, as businesses will need to honor a growing number of opt-out requests. The law could also spark broader industry changes, potentially affecting browser developers and users nationwide, and raises questions about mobile browser compatibility and jurisdictional reach.
EU's Chat Control Encryption Plans Hit Roadblock as Germany Blocks Proposal
The European Union's plans to mandate technology companies to scan encrypted messages and emails for child abuse material (dubbed "Chat Control") have been delayed after a failure to reach agreement among member states, largely due to Germany's objections. The proposal, which would require services like WhatsApp and Signal to monitor encrypted communications, has sparked fierce opposition from privacy advocates, tech companies, and experts, who argue that it would undermine encryption and compromise digital security.
Germany, which voiced strong concerns about the mass surveillance implications, blocked the Danish proposals on October 7, leaving the future of the legislation uncertain. Critics warn that such measures would weaken cybersecurity, harm privacy, and risk creating backdoors for state surveillance. While the EU may revisit the issue later, many are calling for alternative approaches that protect both privacy and child protection more effectively.
