Consumer protection

Dutch court increases pressure on Meta over non-profiling social media feeds

A court in the Netherlands has increased potential penalties against Meta after ruling that changes to social media timelines must be implemented urgently.

The decision raises the potential fine for non-compliance from €5 million to €10 million if required adjustments are not applied to Facebook and Instagram feeds.

Judges at the Amsterdam Court of Appeals said users must be able to select a timeline that does not rely on profiling-based recommendations.

The ruling follows a legal challenge from the digital rights organisation Bits of Freedom, which argued that users who switched away from algorithmic feeds were automatically returned to them after navigating the platform or reopening the application.

The court concluded that the automatic resetting mechanism represents a deceptive design practice known as a ‘dark pattern’.

Such practices are prohibited under the EU’s Digital Services Act, which requires large online platforms to provide greater transparency and user control over recommendation systems.

Judges acknowledged that Meta had already introduced several technical changes, although not all required measures were fully implemented. The company must ensure that the non-profiling timeline option remains active once selected, rather than reverting to algorithmic recommendations.

The dispute also highlights regulatory tensions within the European framework. Before turning to the courts, Bits of Freedom submitted a complaint to Coimisiún na Meán, the national authority responsible for overseeing Meta’s compliance with the EU rules.

According to the organisation, the lack of progress from regulators encouraged legal action in Dutch courts.

Meta indicated that the company intends to challenge the decision and pursue further legal proceedings. The case could become an important test of how the Digital Services Act is enforced against major online platforms across Europe.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

New York moves to ban chatbots from giving legal and medical advice

New York lawmakers are considering legislation that would ban AI chatbots from providing legal or medical advice. The bill aims to stop automated systems from impersonating licensed professionals such as doctors and lawyers.

The proposal would also require chatbot operators to clearly inform users that they are interacting with an AI system. Notices must be prominent, written in the same language as the chatbot, and use a readable font.

A key feature of the bill is a private right of action. However, this would allow users to file civil lawsuits against chatbot owners who violate the law, recovering damages and legal fees. Experts say this enforcement tool strengthens the rules and deters abuse.

Supporters of the legislation argue it protects New Yorkers’ safety, particularly minors. Other bills in the same package would regulate online platforms like Roblox and set standards for generative AI, synthetic content, and the handling of biometric data.

The bill’s author, state Senator Kristen Gonzalez, said AI innovation should not come at the expense of public safety. She pointed to recent cases where AI chatbots were linked to harmful outcomes for minors, highlighting the need for transparency and accountability.

If passed, the law would take effect 90 days after the governor signs it. Lawmakers hope it will balance innovation with user protection, ensuring AI tools are used responsibly and safely across the state.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Tycoon 2FA phishing service disrupted in global cybercrime crackdown

Authorities have disrupted the Tycoon 2FA phishing-as-a-service (PhaaS) platform, which sent millions of phishing emails to organisations worldwide.

The operation, led by Microsoft, Europol, and several industry partners, targeted the infrastructure behind Tycoon 2FA, which enabled large-scale phishing campaigns against more than 500,000 organisations each month.

By mid-2025, Tycoon 2FA accounted for 62% of the phishing attempts blocked by Microsoft, with over 30 million malicious emails blocked in a single month. Experts link the platform to around 96,000 global victims since 2023, including 55,000 Microsoft customers.

Researchers from Resecurity found cybercriminals widely used the platform to impersonate legitimate users and gain unauthorised access to accounts such as Microsoft 365, Outlook and Gmail. The service relied on techniques such as URL rotation using open redirect vulnerabilities and the misuse of Cloudflare Workers to hide malicious infrastructure.

‘The author of Tycoon 2FA is actively updating the tool with regular kit updates,’ reads the report published by Resecurity. ‘What makes Tycoon 2FA so special is that the kit effectively combines multiple methods to deliver phishing at scale—from PDF attachments to QR codes.’

Authorities say taking the infrastructure offline disrupts a key pathway for account takeover attacks and prevents additional threats, such as data theft, ransomware, business email compromise, and financial fraud.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU launches AI platform to detect food fraud and contamination

Food safety monitoring across the EU is receiving a technological upgrade with the launch of TraceMap, a new AI platform designed to detect food fraud, contamination and disease outbreaks more quickly.

The European Commission introduced the tool as part of efforts to strengthen consumer protection and improve oversight of the agri-food supply chain.

TraceMap helps authorities analyse large volumes of data related to food production, distribution and trade. By identifying connections between operators, shipments and supply chains, the system allows investigators to spot suspicious activity and potential safety risks earlier.

National authorities in the EU member states can already access the platform, enabling them to conduct more targeted inspections and investigations without requiring additional resources.

The platform draws on data from existing EU systems such as the Rapid Alert System for Food and Feed (RASFF) and the Trade Control and Expert System (TRACES). Using AI to structure and interpret information, TraceMap can reveal patterns in production and trade flows that may indicate contamination, fraud, or other irregularities in the food supply chain.

Early testing of the platform has already demonstrated its practical value. A pilot version of TraceMap helped authorities identify and recall infant milk formula produced with contaminated ARA oil originating from China.

European officials say the system will strengthen the EU’s ability to respond rapidly to food safety risks while improving monitoring of both domestic production and imported products.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Canada warns about AI-generated scams targeting citizens online

Authorities in Canada have issued a warning about the growing use of AI in impersonation scams targeting citizens. Fraudsters increasingly deploy advanced tools capable of mimicking politicians, government officials and other public figures with convincing realism.

Deepfake videos, synthetic audio and AI-generated messages allow scammers to create convincing communications that appear to come from trusted authorities.

Such tactics are often used to persuade victims to send money, reveal personal information, install malicious software or engage with fraudulent investment offers.

Officials also warn about fake government websites created with AI-assisted tools that imitate official pages by copying national symbols and similar domain names. Suspicious websites often use unusual web addresses, extra characters, or unfamiliar domain endings to mislead visitors.

Authorities advise Canadians to verify unexpected messages through official channels rather than clicking links or responding immediately.

Suspected impersonation attempts should be reported to the Competition Bureau or the Canadian Anti-Fraud Centre.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Blockchain network Tron joins Agentic AI Foundation to advance AI infrastructure

Tron has joined the Linux Foundation’s Agentic AI Foundation (AAIF) as a governing member to support the development of AI agent infrastructure. The network aims to enable collaboration and interoperability among systems that efficiently manage high-volume, low-value transactions.

Founder Justin Sun highlighted Tron’s speed, scalability, and low fees as key advantages for AI-agent use cases. He noted that as AI agents move to mainstream machine-to-machine commerce, transaction volumes could rise, increasing demand for robust blockchain networks.

The AAIF encourages open-source agentic AI development and establishes standards for governance, safety, and interoperability. Tron joins major members like Circle and JPMorgan while building tools and infrastructure to support AI, including the Bank of AI with AINFT.

Tron currently leads in blockchain revenue, with data showing strong performance over 24 hours, seven days, and 30 days. Sun confirmed that AI activity is contributing to this growth, reflecting the rapid adoption and scaling of agentic AI on the network.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Blockchain and AI security central to US cyber framework

The US National Cyber Strategy emphasises support for emerging technologies, including blockchain, cryptocurrencies, AI, and post-quantum cryptography. The strategy highlights the importance of securing digital infrastructure while advancing technological leadership.

The strategy rests on six pillars, including modernising federal networks, protecting critical infrastructure, and advancing secure technology. Specific sections reference cryptocurrencies and blockchain, noting the need to safeguard digital systems from design to deployment.

Financial systems, data centres, and telecommunications networks are identified as key components of the broader cybersecurity framework. The strategy also stresses collaboration with private-sector technology companies and research institutions to foster innovation and strengthen protections.

AI plays a central role, with measures to secure AI data centres and deploy AI-driven tools for network defence. The plan avoids direct crypto rules but signals greater integration of blockchain and cryptography into national digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Online scams rise as Parkin urges Dubai residents to stay vigilant

Dubai’s parking provider, Parkin, has warned residents to stay alert as online scams targeting digital service users continue to rise, urging people to take immediate steps to protect their digital identities.

In an advisory, the company stressed that official entities will never ask users to log in or disclose sensitive information through unsolicited messages, emails, or phone calls. The warning comes amid growing concerns about phishing attempts and other online scams targeting users of digital platforms.

Parkin said residents should exercise caution if they receive unexpected requests for personal details, passwords, or verification codes. Users are strongly advised not to respond to suspicious links, attachments, or messages from unknown sources, which are commonly used in online scams.

The operator also urged the public to verify the authenticity of communications before taking any action. Residents who are unsure about the legitimacy of a message should check official websites or contact customer service channels directly. The advice applies to messages claiming to come from Parkin or other service providers.

Authorities and service providers across the UAE have repeatedly warned that cybercriminals often impersonate trusted organisations in online scams designed to steal sensitive information. Such attacks can lead to identity theft, financial losses, or unauthorised access to personal accounts.

Parkin encouraged residents who receive suspicious communications to report them through official channels so that appropriate action can be taken. The company added that staying vigilant and safeguarding personal data remain essential to preventing online scams.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI tools linked to rise in abuse disclosures

Support organisations in the UK report that some abuse survivors are turning to AI tools such as ChatGPT before contacting helplines. Charities in the UK say individuals increasingly use AI to explore experiences and seek guidance before approaching professional support services.

The National Association of People Abused in Childhood said callers in the UK have recently reported being referred to its helpline after conversations with ChatGPT. Staff say AI is being used as an informal step in processing trauma.

Law enforcement and support groups in the UK have also recorded a rise in disclosures involving ritualistic sexual abuse. Authorities in the UK say only 14 criminal cases since 1982 have formally recognised such practices.

Police and support organisations are responding by improving training and launching specialist working groups. Officials aim to strengthen the identification and investigation of complex cases of abuse.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Codex Security expands OpenAI’s push into cybersecurity tools

OpenAI has launched Codex Security, an AI-powered application security agent that detects hard-to-find software vulnerabilities and proposes fixes through advanced reasoning. By providing detailed context about a system’s architecture, the tool identifies security risks that are often missed by conventional automation.

The system uses advanced models to analyse repositories, construct project-specific threat models, and prioritise vulnerabilities based on their potential real-world impact. By combining automated validation with system-level context, Codex Security aims to reduce the number of false positives that security teams must review while highlighting high-confidence findings.

Initially developed under the name Aardvark, the tool has been tested in private deployments over the past year. During early use, OpenAI said it uncovered several critical vulnerabilities, including a cross-tenant authentication flaw and a server-side request forgery issue, allowing internal teams to quickly patch affected systems.

The company says improvements during the beta phase significantly reduced noise in vulnerability reports. In some repositories, unnecessary alerts fell by 84 percent, while over-reported severity dropped by more than 90 percent, and false positives declined by more than half.

Codex Security is now rolling out in research preview for ChatGPT Pro, Enterprise, Business, and Edu customers. OpenAI also plans to expand access to open-source maintainers through a dedicated programme that offers security scanning and support to help identify and remediate vulnerabilities across widely used projects.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.