Warnings have been issued by Google to some users after detecting a web traffic hijacking campaign that delivered malware through manipulated login portals.
According to the company’s Threat Intelligence Group, attackers compromised network edge devices to modify captive portals, the login pages often seen when joining public Wi-Fi or corporate networks.
Instead of leading to legitimate security updates, the altered portals redirected users to a fake page presenting an ‘Adobe Plugin’ update. The file, once installed, deployed malware known as CANONSTAGER, which enabled the installation of a backdoor called SOGU.SEC.
The software, named AdobePlugins.exe, was signed with a valid GlobalSign certificate linked to Chengdu Nuoxin Times Technology Co, Ltd. Google stated it is tracking multiple malware samples connected to the same certificate.
The company attributed the campaign to a group it tracks as UNC6384, also known by other names including Mustang Panda, Silk Typhoon, and TEMP.Hex.
Google said it first detected the campaign in March 2025 and sent alerts to affected Gmail and Workspace users. The operation reportedly targeted diplomats in Southeast Asia and other entities worldwide, suggesting a potential link to cyber espionage activities.
Google advised users to enable Enhanced Safe Browsing in Chrome, keep devices updated, and use two-step verification for stronger protection.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Spotify is launching a new Messages feature, enabling users aged 16 and older in select markets to share music, podcasts, and audiobooks directly within the app. The update lets users chat one-on-one with friends and family to share and discuss favourite content.
Users can react with emojis and text, accept or reject message requests, and see suggested contacts based on past sharing, collaborative playlists, or Family and Duo plans. The feature complements existing social media sharing options rather than replacing them.
Artists, authors, and creators benefit as Messages encourages word-of-mouth discovery, helping new content reach wider audiences. Conversations are secured with encryption, and Spotify applies moderation tools and reporting features to maintain a safe environment.
Spotify plans to refine and expand the feature globally in the coming months, aiming to make connecting over music, podcasts, and audiobooks more seamless and engaging.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google Translate is receiving powerful Gemini AI upgrades that make speaking across languages feel far more natural.
The refreshed live conversation mode intelligently recognises pauses, accents, and background noise, allowing two people to talk without the rigid back-and-forth of older versions. Google says the new system should even work in noisy environments like cafes, a real-world challenge for speech technology.
The update also introduces a practice mode that pushes Translate beyond its traditional role as a utility. Users can set their skill level and goals, then receive personalised listening and speaking exercises designed to build confidence.
The tool is launching in beta for selected language pairs, such as English to Spanish or French, but it signals Google’s ambition to blend translation with education.
By bringing some advanced translation capabilities first seen on Pixel devices into the widely available Translate app, Google makes real-time multilingual communication accessible to everyone.
It’s a practical application of AI that promises to change everyday conversations and how people prepare to learn new languages.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Researchers have uncovered severe misconfigurations in two Tencent Cloud sites that exposed sensitive credentials and internal source code to the public. The flaws could have given attackers access to Tencent’s backend infrastructure and critical internal services.
Cybernews discovered the data leaks in July 2025, finding hardcoded plain-text passwords, a sensitive internal .git directory, and configuration files linked to Tencent’s load balancer and JEECG development platform.
Weak passwords, built from predictable patterns like the company name and year, increased the risk of exploitation.
The exposed data may have been accessible since April, leaving months of opportunity for scraping bots or malicious actors.
With administrative console access, attackers could have tampered with APIs, planted malicious code, pivoted deeper into Tencent’s systems, or abused the trusted domain for phishing campaigns.
Tencent confirmed the incident as a ‘known issue’ and has since closed access, though questions remain over how many parties may have already retrieved the exposed information.
Security experts warn that even minor oversights in cloud operations can cascade into serious vulnerabilities, especially for platforms trusted by millions worldwide.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
OpenAI has announced new safety measures for its popular chatbot following a lawsuit filed by the parents of a 16-year-old boy who died by suicide after relying on ChatGPT for guidance.
The parents allege the chatbot isolated their son and contributed to his death earlier in the year.
The company said it will improve ChatGPT’s ability to detect signs of mental distress, including indirect expressions such as users mentioning sleep deprivation or feelings of invincibility.
It will also strengthen safeguards around suicide-related conversations, which OpenAI admitted can break down in prolonged chats. Planned updates include parental controls, access to usage details, and clickable links to local emergency services.
OpenAI stressed that its safeguards work best during short interactions, acknowledging weaknesses in longer exchanges. It also said it is considering building a network of licensed professionals that users could access through ChatGPT.
The company added that content filtering errors, where serious risks are underestimated, will also be addressed.
The lawsuit comes amid wider scrutiny of AI tools by regulators and mental health experts. Attorneys general from more than 40 US states recently warned AI companies of their duty to protect children from harmful or inappropriate chatbot interactions.
Critics argue that reliance on chatbots for support instead of professional care poses growing risks as usage expands globally.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The State of Nevada reported a cyberattack affecting several state government systems, with recovery efforts underway. Some websites and phone lines may be slow or offline while officials restore operations.
Governor Joe Lombardo’s office stated there is no evidence that personal information has been compromised, emphasising that the issue is limited to state systems. The incident is under investigation by both state and federal authorities, although technical details have not been released.
Several agencies, including the Department of Motor Vehicles, have been affected, prompting temporary office closures until normal operations can resume. Emergency services, including 911, continue to operate without disruption.
Officials prioritise system validation and safe restoration to prevent further disruption to state services.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Perplexity has announced Comet Plus, a new service that will pay premium publishers to provide high-quality news content as an alternative to clickbait. The company has not disclosed its roster of partners or payment structure, though reports suggest a pool of $42.5 million.
Publishers have long criticised AI services for exploiting their work without compensation. Perplexity, backed by Amazon’s Jeff Bezos, said Comet Plus will create a fairer system and reward journalists for producing trusted content in the era of AI.
The platform introduces a revenue model based on three streams: human visits, search citations, and agent actions. Perplexity argues this approach better reflects how people consume information today, whether by browsing manually, seeking AI-generated answers, or using AI agents.
The company stated that the initiative aims to rebuild trust between readers and publishers, while ensuring that journalism thrives in a changing digital economy. The initial group of publishing partners will be revealed later.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Netflix has issued detailed guidance for production companies on the approved use of generative AI. The guidelines allow AI tools for early ideation tasks such as moodboards or reference images, but stricter oversight applies beyond that stage.
The company outlined five guiding principles. These include ensuring generated content does not replicate copyrighted works, maintaining security of inputs, avoiding use of AI in final deliverables, and prohibiting storage or reuse of production data by AI tools.
Enterprises or vendors working on Netflix content must pass the platform’s AI compliance checks at every stage.
Netflix has already used AI to reduce VFX costs on projects like The Eternaut, but has moved to formalise boundaries around how and when the technology is applied.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Security researchers from Zscaler’s ThreatLabz team uncovered 77 malicious Android applications on the Google Play Store, collectively downloaded over 19 million times, that distributed the Anatsa banking trojan, TeaBot, and other malware families.
Anatsa, active since at least 2020, has evolved to target over 831 banking, fintech and cryptocurrency apps globally, including platforms in Germany and South Korea. These campaigns now use direct payload installation with encrypted runtime strings and device checks to evade detection.
Deploying as decoy tools, often document readers, the apps triggered a silent download of malicious code after installation. The Trojan automatically gained accessibility permissions to display overlays, capture credentials, log keystrokes, and intercept messages. Additional malware such as Joker, its variant Harly, and adware were also detected.
Following disclosure, Google removed the identified apps from the Play Store. Users are advised to enable Google Play Protect, review app permissions carefully, limit downloads to trusted developers, and consider using antivirus tools to stay protected.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
ChatGPT is increasingly used as a travel assistant, with some travellers claiming it can save hundreds of pounds on flights. Finance influencer Casper Opala shares cost-saving tips online and said the AI tool helped him secure a flight for £70 that initially cost more than £700.
Opala shared a series of prompts that allow ChatGPT to identify hidden routes, budget airlines not listed on major platforms, and potential savings through alternative airports or separate bookings. He also suggested using the tool to monitor prices for several days or compare one-way fares with return tickets.
While many money-saving tricks have existed for years, ChatGPT condenses the process, collecting results in seconds. Opala says this efficiency is a strong starting point for cheaper travel deals.
Experts, however, warn that ChatGPT is not connected to live flight booking systems. TravelBook’s Laura Pomer noted that the AI can sometimes present inaccurate or outdated fares, meaning users should always verify results before booking.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
