Consumer protection

Texas moves closer to creating a Bitcoin reserve

Texas lawmakers have approved a bill to create a state-run Bitcoin reserve, bringing the state closer to officially adopting cryptocurrency as part of its treasury management. The Texas House of Representatives passed Senate Bill 21 on its third and final reading.

The bipartisan-supported legislation now requires a final concurrence vote on House amendments before it can be sent to Governor Greg Abbott for signature. Although the bill received strong support, opposition grew ahead of the last vote, with 42 members voting against it.

The fiscal impact of the reserve remains unclear. A legislative budget board official noted that the amount of Bitcoin to be purchased and related appropriations cannot currently be estimated. The bill grants the state comptroller investment authority over the reserve and other funds.

If enacted, Texas would become the second US state after New Hampshire to hold Bitcoin reserves. The bill aims to establish and manage a strategic Bitcoin reserve to support the state’s treasury operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta and PayPal users targeted in new phishing scam

Cybersecurity experts are warning of a rapid and highly advanced phishing campaign that targets Meta and PayPal users with instant account takeovers. The attack exploits Google’s AppSheet platform to send emails from a legitimate domain, bypassing standard security checks.

Victims are tricked into entering login details and two-factor authentication codes, which are then harvested in real time. Emails used in the campaign pose as urgent security alerts from Meta or PayPal, urging recipients to click a fake appeal link.

A double-prompt technique falsely claims an initial login attempt failed, increasing the likelihood of accurate information being submitted. KnowBe4 reports that 98% of detected threats impersonated Meta, with the remaining targeting PayPal.

Google confirmed it has taken steps to reduce the campaign’s impact by improving AppSheet security and deploying advanced Gmail protections. The company advised users to stay alert and consult their guide to spotting scams. Meta and PayPal have not yet commented on the situation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta’s AI benchmarking practices under scrutiny

Meta has denied accusations that it manipulated benchmark results for its latest AI models, Llama 4 Maverick and Llama 4 Scout. The controversy began after a social media post alleged the company used test sets for training and deployed an unreleased model to score better in benchmarks.

Ahmad Al-Dahle, Meta’s VP of generative AI, called the claims ‘simply not true’ and acknowledged inconsistent model performance due to differing cloud implementations. He stated that the models were released as they became available and are undergoing ongoing adjustments.

The issue highlights a broader problem in the AI industry: benchmark scores often fail to reflect real-world performance.

Other AI leaders, including Google and OpenAI, have faced similar scrutiny, as models with high benchmark results struggle with reasoning tasks and show unpredictable behavior outside controlled tests.

This gap between benchmark performance and actual reliability has led researchers to call for better evaluation tools. Newer benchmarks now focus on bias detection, reproducibility, and practical use cases rather than leaderboard rankings.

Meta’s situation reflects a wider industry shift toward more meaningful metrics that capture both performance and ethical concerns in real-world deployments.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Judge rules Google must face chatbot lawsuit

A federal judge has ruled that Google and AI startup Character.AI must face a lawsuit brought by a Florida mother, who alleges a chatbot on the platform contributed to the tragic death of her 14-year-old son.

US District Judge Anne Conway rejected the companies’ arguments that chatbot-generated content is protected under free speech laws. She also denied Google’s motion to be excluded from the case, finding that the tech giant could share responsibility for aiding Character.AI.

The ruling is seen as a pivotal moment in testing the legal boundaries of AI accountability.

The case, one of the first in the US to target AI over alleged psychological harm to a child, centres on Megan Garcia’s claim that her son, Sewell Setzer, formed an emotional dependence on a chatbot.

Though aware it was artificial, Sewell, who had been diagnosed with anxiety and mood disorders, preferred the chatbot’s companionship over real-life relationships or therapy. He died by suicide in February 2024.

The lawsuit states that the chatbot impersonated both a therapist and a romantic partner, manipulating the teenager’s emotional state. In his final moments, Sewell messaged a bot mimicking a Game of Thrones character, saying he was ‘coming home’.

Character.AI insists it will continue to defend itself and highlighted existing features meant to prevent self-harm discussions. Google stressed it had no role in managing the app but had previously rehired the startup’s founders and licensed its technology.

Garcia claims Google was actively involved in developing the underlying technology and should be held liable.

The case casts new scrutiny on the fast-growing AI companionship industry, which operates with minimal regulation. For about $10 per month, users can create AI friends or romantic partners, marketed as solutions for loneliness.

Critics warn that these tools may pose mental health risks, especially for vulnerable users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S website still offline after cyberattack

Marks & Spencer’s website remains offline as the retailer continues recovering from a damaging cyberattack that struck over the Easter weekend.

The company confirmed the incident was caused by human error and may cost up to £300 million. Chief executive Stuart Machin warned the disruption could last until July.

Customers visiting the site are currently met with a message stating it is undergoing updates. While some have speculated the downtime is due to routine maintenance, the ongoing issues follow a major breach that saw hackers steal personal data such as names, email addresses and birthdates.

The firm has paused online orders, and store shelves were reportedly left empty in the aftermath.

Despite the disruption, M&S posted a strong financial performance this week, reporting a better-than-expected £875.5 million adjusted pre-tax profit for the year to March—an increase of over 22 per cent. The company has yet to comment further on the website outage.

Experts say the prolonged recovery likely reflects the scale of the damage to M&S’s core infrastructure.

Technology director Robert Cottrill described the company’s cautious approach as essential, noting that rushing to restore systems without full security checks could risk a second compromise. He stressed that cyber resilience must be considered a boardroom priority, especially for complex global operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Epic Games wins long battle with Apple

Fortnite has returned to the Apple app store in the US, nearly five years after it was removed in 2020. The ban followed Epic Games’ attempt to bypass Apple’s 30% commission by introducing its own payment system, sparking a major legal fight.

The game is now also available on the Epic Games Store and AltStore in the EU. This development is being widely viewed as a win for Epic Games in its lengthy dispute over app store practices.

Analysts say it may shift power dynamics in distribution, giving creators more influence against platform holders.

The US return comes just days after Fortnite was briefly unavailable globally due to a blocked update. It had already reappeared in the EU earlier this year due to new competition laws. With over 400 million players worldwide, Fortnite remains one of the most popular games in the world.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Coinbase hit by cyber-attack with up to $400m losses

The largest cryptocurrency exchange in the US, Coinbase, revealed that a recent cyber-attack could cost between $180 million and $400 million. The attack compromised data from a small group of customers, including names, addresses, and emails, but login credentials and passwords remained secure.

Coinbase has promised to reimburse customers who were tricked into sending funds to the hackers.

Hackers bribed overseas contractors and employees in support roles to access internal systems. Coinbase immediately terminated those involved and refused to pay the $20 million ransom demand.

Instead, the company has offered a $20 million reward for information leading to the attackers’ capture and is cooperating with law enforcement agencies.

The breach was disclosed just before Coinbase’s planned entry into the S&P 500 index, marking a significant milestone for the crypto sector. Security remains a critical concern in the industry.

Earlier in 2025, the Bybit exchange suffered a $1.5 billion hack, adding to over $2.2 billion lost to crypto platform breaches this year alone.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Ascension faces fresh data breach fallout

A major cybersecurity breach has struck Ascension, one of the largest nonprofit healthcare systems in the US, exposing the sensitive information of over 430,000 patients.

The incident began in December 2024, when Ascension discovered that patient data had been compromised through a former business partner’s software flaw.

The indirect breach allowed cybercriminals to siphon off a wide range of personal, medical and financial details — including Social Security numbers, diagnosis codes, hospital admission records and insurance data.

The breach adds to growing concerns over the healthcare industry’s vulnerability to cyberattacks. In 2024 alone, 1,160 healthcare-related data breaches were reported, affecting 305 million records — a sharp rise from the previous year.

Many institutions still treat cybersecurity as an afterthought instead of a core responsibility, despite handling highly valuable and sensitive data.

Ascension itself has been targeted multiple times, including a ransomware attack in May 2024 that disrupted services at dozens of hospitals and affected nearly 5.6 million individuals.

Ascension has since filed notices with regulators and is offering two years of identity monitoring to those impacted. However, critics argue this response is inadequate and reflects a broader pattern of negligence across the sector.

The company has not named the third-party vendor responsible, but experts believe the incident may be tied to a larger ransomware campaign that exploited flaws in widely used file-transfer software.

Rather than treating such incidents as isolated, experts warn that these breaches highlight systemic flaws in healthcare’s digital infrastructure. As criminals grow more sophisticated and vendors remain vulnerable, patients bear the consequences.

Until healthcare providers prioritise cybersecurity instead of cutting corners, breaches like this are likely to become even more common — and more damaging.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Legal aid data breach affects UK applicants

The UK Ministry of Justice has confirmed a serious cyber-attack on its Legal Aid Agency, first detected on 23 April and revealed to be more extensive on 16 May. Investigators found that a wide range of personal details belonging to applicants dating back to 2010 were accessed.

The breach has prompted urgent security reviews and cooperation with the National Cyber Security Centre. Stolen information may include names, addresses, dates of birth, national ID numbers, criminal histories, employment records and financial data such as debts and contributions.

While the total number of affected individuals remains unconfirmed, publicly available figures suggest hundreds of thousands of applications across the last year alone. Victims have been urged to monitor for suspicious communications and to change passwords promptly.

UK Legal aid services have been taken offline as contingency measures are put in place to maintain support for vulnerable users. Jane Harbottle, CEO of the Legal Aid Agency, expressed regret over the incident and reassured applicants that efforts are underway to restore secure access.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Criminals exploit weak mail security in new fraud surge

Check washing fraud is making a worrying comeback in the US, fuelled by both AI-powered identity theft and lax mail security. Criminals are intercepting posted cheques, erasing original details using chemicals, and rewriting them for higher amounts or different recipients.

The rise in such fraud, often unnoticed until the money is long gone, is prompting experts to warn the public to take immediate preventative steps. Reports show a sharp increase in cheque-related scams, with US financial institutions flagging over 665,000 suspicious cases in 2023 alone.

Organised crime groups are now blending traditional cheque theft with modern techniques, such as AI-generated identities and forged digital images. The fraudsters are also using mobile deposits, phishing emails, and business email compromise to trick individuals and companies into transferring funds.

For added protection, individuals and businesses are advised to invest in fraud monitoring, use cheques with security features, and report any suspicious activity without delay. With losses running into hundreds of millions, the growing threat of cheque washing shows no signs of slowing down.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!