Remember that time our Social Security numbers got hacked? Well, technically, it was “lost in a data breach,” but the end result was the same: Last year, National Public Data lost the SSNs of nearly every American citizen. Well, the site is back, and this time it’s a free people search site, and it probably has your information on it. This week, we reported on, among other things, how to remove yourself from its database. 

Speaking of your personal information ending up on random people search sites, now is a good time to look into a personal data removal service. And hey, if your data does get lost and you’re worried about identity theft, we have 11 tips to make sure it won’t happen to you.

Let’s back up a second, though. We finished out last week with some great coverage from Black Hat in Las Vegas, including an incredible walkthrough of the Network Operations Center (NOC) that powered the conference, and Jennifer Granick’s part-plea part-warning to security experts to stop enabling mass surveillance by collecting treasure troves of data. If you missed our coverage from the show floor, make sure to read our Black Hat wrap-up.

Breaches don’t stop for security conferences. For example, last week, security researchers discovered a flaw in the venerable WinRAR file compression software that could be used to deliver malware. If you use it (and even if you don’t, you probably have it installed), you should update it now. If you were an AT&T customer when they were breached back in 2019, we have a guide to help you get your part of the $177 million settlement over that hack. 

Finally, because we want you to stay safe out there, this week we also published a guide to check your phone for malware, and some things to look out for if you think your phone is being tapped. We also recommend adding a VPN to your security toolkit, so once you have one you like, make sure to check these settings to make sure it’s keeping your data safe. While you’re in the settings, these tips will make sure you don’t trade speed for security. We also have tips that will help you decide when you actually shouldn’t use a VPN at all. 

You can tell from the above that it was a busy week for the PCMag security team. Even so, we can’t cover everything, so each week we round up the most interesting cybersecurity stories from around the web and include them here so you can stay informed.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones

Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders

Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Guess What Else GPT-5 Is Bad At? Security

The GPT-5 launch is already...rocky, to say the least, but most of that reaction has been the reception to the product itself and how well it works. Unfortunately, according to Cyberscoop, the story behind the scenes isn’t much better. Several security researchers and analysts have pointed out that GPT-5 fails on almost every safety and security measure, and the teams responsible for it had to have known on some level prior to its launch. AI red-teaming company SPLX subjected it to a number of security tests, and it came away with painfully low scores on security, safety, and “business alignment,” or its propensity to leak data and perform tasks outside of its instructions. 

Microsoft and OpenAI claim the model is highly secure, but that they’re always improving and adding security features and guardrails to their model, so there’s that. In the meantime, however, Cyberscoop reports additional researchers have been poking holes in GPT-5, which doesn’t bode well for its already troubled launch. 

North Korean Kimsuky Hackers Exposed in Alleged Data Breach

Maybe I just have Black Hat on the brain, but I love stories where someone hacks the hackers, and that’s exactly what happened in this case. Bleeping Computer reports that Kimsuky, the state-sponsored North Korean hacking group, itself has been hacked by two hackers who describe themselves as having the “complete opposite” of Kimsuky’s values. The hackers made off with close to 9GB of data from the North Korean government, including information on internal operations, phishing logs, tools to build phishing sites to target South Korean government and military officials, as well as the entire source code for the internal email platform for South Korea's Ministry of Foreign Affairs.

For the record, this is one of the same state-sponsored hacking groups responsible for tricking companies into hiring them as remote workers (100-plus companies, to be exact), and even launching fraudulent crowdfunding campaigns.

Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking

At the Def Con hacker conference, which took place at the same time as Black Hat, security researchers revealed that smart buses, the kind that many cities are buying to replace aging fleets, can be remotely hacked. SecurityWeek reports that while the buses are packed with technology that does everything from offering free Wi-Fi to passengers to safety and tracking software that helps municipalities keep tabs on the buses and the people on board, they’re also rolling computers with complicated software that, predictably, can be breached. 

For example, the researchers reported easily bypassing a bus’s onboard router authentication and accessing the systems that govern everything from collision detection to passenger monitoring. They even disclosed their findings to the router manufacturers and the contractors who manage the buses, but they received no response. Even worse, they reported that the vulnerabilities appear to still be unpatched.