Consumer protection

Le Chat leads AI privacy ranking report

A new report has revealed that Le Chat from Mistral AI is the most privacy-respecting generative AI, with ChatGPT and Grok close behind. The study by Incogni assessed nine popular services against 11 criteria covering data use, sharing and transparency.

Meta AI came last, flagged for poor privacy practices and extensive data sharing. According to the findings, Gemini and Copilot also performed poorly in protecting user privacy.

Incogni highlighted that several services, including ChatGPT and Grok, allow users to stop their data from being used for training. However, other providers like Meta AI, Pi AI and Gemini offered no clear way to opt-out.

The report warned that AI firms often share data with service providers, affiliates, researchers and law enforcement. Clear, readable privacy policies and opt-out tools were key for building trust.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

BT report shows rise in cyber attacks on UK small firms

A BT report has found that 42% of small businesses in the UK suffered a cyberattack in the past year. The study also revealed that 67% of medium-sized firms were targeted, while many lacked basic security measures or staff training.

Phishing was named the most common threat, hitting 85% of businesses in the UK, and ransomware incidents have more than doubled. BT’s new training programme aims to help SMEs take practical steps to reduce risks, covering topics like AI threats, account takeovers and QR code scams.

Tris Morgan from BT highlighted that SMEs face serious risks from cyber attacks, which could threaten their survival. He stressed that security is a necessary foundation and can be achieved without vast resources.

The report follows wider warnings on AI-enabled cyber threats, with other studies showing that few firms feel prepared for these risks. BT’s training is part of its mission to help businesses grow confidently despite digital dangers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Irish businesses face cybersecurity reality check

Most Irish businesses believe they are well protected from cyberattacks, yet many neglect essential defences. Research from Gallagher shows most firms do not update software regularly or back up data as needed.

The survey of 300 companies found almost two-thirds of Irish firms feel very secure, with another 28 percent feeling quite safe. Despite this, nearly six in ten fail to apply software updates, leaving systems vulnerable to attacks.

Cybersecurity training is provided by just four in ten Irish organisations, even though it is one of the most effective safeguards. Gallagher warns that overconfidence may lead to complacency, putting businesses at risk of disruption and financial loss.

Laura Vickers of Gallagher stressed the importance of basic measures like updates and data backups to prevent serious breaches. With four in ten Irish companies suffering attacks in the past five years, firms are urged to match confidence with action.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft family safety blocks Google Chrome on Windows 11

Windows 11 users have reported that Google Chrome crashes and fails to reopen when Microsoft family safety parental controls are active.

The issue appears to be linked to Chrome’s recent update, version 137.0.7151.68 and does not affect users of Microsoft Edge under the same settings.

Google acknowledged the problem and provided a workaround involving changes to family safety settings, such as unblocking Chrome or adjusting content filters.

Microsoft has not issued a formal statement, but its family safety FAQ confirms that non-Edge browsers are blocked from web filtering.

Users are encouraged to update Google Chrome to version 138.0.7204.50 to address other security concerns recently disclosed by Google.

The update aims to patch vulnerabilities that could let attackers bypass security policies and run malicious code.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New ranking shows which AI respects your data

A new report comparing leading AI chatbots on privacy grounds has named Le Chat by Mistral AI as the most respectful of user data.

The study, conducted by data removal service Incogni, assessed nine generative AI services using eleven criteria related to data usage, transparency and user control.

Le Chat emerged as the top performer thanks to limited data collection and clarity in privacy practices, even if it lost some points for complete transparency.

ChatGPT followed in second place, earning praise for providing clear privacy policies and offering users tools to limit data use despite concerns about handling training data. Grok, xAI’s chatbot, took the third position, though its privacy policy was harder to read.

At the other end of the spectrum, Meta AI ranked lowest. Its data collection and sharing practices were flagged as the most invasive, with prompts reportedly shared within its corporate group and with research collaborators.

Microsoft’s Copilot and Google’s Gemini also performed poorly in terms of user control and data transparency.

Incogni’s report found that some services allow users to prevent their input from being used to train models, such as ChatGPT Grok and Le Chat. In contrast, others, including Gemini, Pi AI, DeepSeek and Meta AI, offered no clear way to opt-out.

The report emphasised that simple, well-maintained privacy support pages can significantly improve user trust and understanding.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI tools at work pose hidden dangers

AI tools are increasingly used in workplaces to enhance productivity but come with significant security risks. Workers may unknowingly breach privacy laws like GDPR or HIPAA by sharing sensitive data with AI platforms, risking legal penalties and job loss.

Experts warn of AI hallucinations where chatbots generate false information, highlighting the need for thorough human review. Bias in AI outputs, stemming from flawed training data or system prompts, can lead to discriminatory decisions and potential lawsuits.

Cyber threats like prompt injection and data poisoning can manipulate AI behaviour, while user error and IP infringement pose further challenges. As AI technology evolves, unknown risks remain a concern, making caution essential when integrating AI into business processes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Tech support scammers abuse search tools

Tech support scammers have exploited the websites of major firms such as Apple, Microsoft, and Netflix to trick users into calling them. Using sponsored ads and a technique known as search parameter injection, scammers have manipulated legitimate support pages to display fake helpline numbers.

Victims searching for 24/7 support are directed to genuine websites where misleading search results prominently show fraudulent numbers. According to researchers, the address bar shows the official URL, reducing suspicion and increasing the likelihood that users will call the scammers.

Once connected, the fraudsters pose as legitimate staff and attempt to steal sensitive information, including personal data, payment details or access to victims’ devices. Financial services sites like Bank of America and PayPal have also been targeted, with attackers aiming to drain accounts.

Experts warn that while some scams are easy to spot, others appear highly convincing, especially on sites like Apple’s and Netflix’s. Users are urged to verify contact details through official channels rather than relying on search results or ads.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon exploits critical Cisco flaw to breach Canadian network

Canadian and US authorities have attributed a cyberattack on a Canadian telecommunications provider to state-sponsored actors allegedly linked to China. The attack exploited a critical vulnerability that had been patched 16 months earlier.

According to a statement issued on Monday by Canada’s Communications Security Establishment (CSE), the breach is attributed to a threat group known as Salt Typhoon, believed to be operating on behalf of the Chinese government.

‘The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,’ the CSE stated, adding that Salt Typhoon was ‘almost certainly’ responsible. The US FBI released a similar advisory.

Salt Typhoon is one of several threat actors associated with the People’s Republic of China (PRC), with a history of conducting cyber operations against telecommunications and infrastructure targets globally.

In late 2023, security researchers disclosed that over 10,000 Cisco devices had been compromised by exploiting CVE-2023-20198—a vulnerability rated 10/10 in severity.

The exploit targeted Cisco devices running iOS XE software with HTTP or HTTPS services enabled. Despite Cisco releasing a patch in October 2023, the vulnerability remained unaddressed in some systems.

In mid-February 2025, three network devices operated by an unnamed Canadian telecom company were compromised, with attackers retrieving configuration files and modifying at least one to create a GRE tunnel—allowing network traffic to be captured.

Cisco has also linked Salt Typhoon to a broader campaign using multiple patched vulnerabilities, including CVE-2018-0171, CVE-2023-20273, and CVE-2024-20399.

The Cyber Centre noted that the compromise could allow unauthorised access to internal network data or serve as a foothold to breach additional targets. Officials also stated that some activity may have been limited to reconnaissance.

While neither agency commented on why the affected devices had not been updated, the prolonged delay in patching such a high-severity flaw highlights ongoing challenges in maintaining basic cyber hygiene.

The authorities in Canada warned that similar espionage operations are likely to continue targeting the telecom sector and associated clients over the next two years.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

McLaren Health Care confirms major ransomware attack and data breach

McLaren Health Care in Michigan has begun notifying over 743,000 individuals that their personal and health data may have been compromised in a ransomware attack in August 2024.

The health system confirmed that unauthorised access to its systems began on 17 July and continued until 3 August 2024, affecting McLaren Health Care and its Karmanos Cancer Centers.

A forensic investigation concluded on 5 May 2025 revealed that files containing names, Social Security numbers, driver’s licence details, medical information, and insurance data were accessed.

Notification letters began going out on 20 June 2025, and recipients are being offered 12 months of complimentary credit monitoring and identity theft protection.

Although the incident has not been officially attributed to a specific ransomware group, industry reports have previously linked the attack to the Inc. Ransom group. However, McLaren Health Care has not confirmed this, and the group has not publicly listed McLaren on its leak site.

However, this is McLaren’s second ransomware incident within a year. A previous attack by the ALPHV/BlackCat group compromised the data of more than 2.1 million individuals.

Following the August 2024 attack, McLaren Health Care restored its IT systems ahead of schedule and resumed normal operations, including reopening emergency departments and rescheduling postponed appointments and surgeries.

However, data collected manually during the outage is still being integrated into the electronic health record (EHR) system, a process expected to take several weeks.

McLaren Health Care has stated that it continues to investigate the full scope of the breach and will issue further notifications if additional data exposures are identified. The organisation works with external cybersecurity experts to strengthen its systems and prevent future incidents.

The attack caused disruptions across all 13 hospitals in the McLaren system and affiliated cancer centres, surgery centres, and clinics. While systems have been restored, McLaren has encouraged patients to remain prepared by bringing essential documents and information to appointments.

The health system expressed appreciation for its staff’s efforts and patients’ patience during the response and recovery efforts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cloudflare blocks the largest DDoS attack in internet history

Cloudflare has blocked what it describes as the largest distributed denial-of-service (DDoS) attack ever recorded after nearly 38 terabytes of data were unleashed in just 45 seconds.

The onslaught generated a peak traffic rate of 7.3 terabits per second and targeted nearly 22,000 destination ports on a single IP address managed by an undisclosed hosting provider.

Instead of relying on a mix of tactics, the attackers primarily used UDP packet floods, which accounted for almost all attacks. A small fraction employed outdated diagnostic tools and methods such as reflection and amplification to intensify the network overload.

These techniques exploit how some systems automatically respond to ping requests, causing massive data feedback loops when scaled.

Originating from 161 countries, the attack saw nearly half its traffic come from IPs in Brazil and Vietnam, with the remainder traced to Taiwan, China, Indonesia, and the US.

Despite appearing globally orchestrated, most traffic came from compromised devices—often everyday items infected with malware and turned into bots without their owners’ knowledge.

To manage the unprecedented data surge, Cloudflare used a decentralised approach. Traffic was rerouted to data centres close to its origin, while advanced detection systems identified and blocked harmful packets without disturbing legitimate data flows.

The incident highlights the scale of modern cyberattacks and the growing sophistication of defences needed to stop them.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!