Critical infrastructure

Nearly 2 million patients affected in healthcare cyberattack

Anne Arundel Dermatology, a network of over 100 clinics across seven states, has confirmed a cyberattack that compromised patient data for nearly 1.9 million individuals.

The breach between 14 February and 13 May 2025 may have exposed sensitive personal and medical records.

The company responded swiftly by isolating affected systems, working with forensic experts and completing a full file review by 27 June.

While there is no evidence that the data was accessed or misused, patients were notified and offered 24 months of identity-theft protection.

The incident ranks among the largest reported healthcare data breaches this year, prompting mandatory notifications to state attorneys general and the HHS Office for Civil Rights.

Affected individuals are advised to monitor statements and credit reports carefully.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Drug‑testing firm exposes 748,000 records in breach

In a massive data breach revealed in July 2025, the Texas Alcohol & Drug Testing Service (TADTS) admitted hackers gained access to sensitive information belonging to approximately 748,763 individuals.

Attackers remained inside the network for five days in July 2024 before detection, later leaking hundreds of gigabytes of data via the BianLian ransomware group.

Exposed records include a dangerous mix of personal and financial data—names, Social Security and passport numbers, driver’s licence and bank account details, biometric information, health‑insurance files and login credentials.

The breadth of this data presents a significant risk of identity theft and financial fraud.

Despite identifying the breach shortly after, TADTS delayed notifying those affected until July 2025 and provided no credit monitoring or identity theft services.

The company is now under classic action scrutiny, with law firms investigating its response and breach notification delays.

Security experts warn that the extended timeline and broad data exposure could lead to scams, account takeovers and sustained damage to victims.

Affected individuals are urged to monitor statements, access free credit reports, and remain alert for suspicious activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon targets routers in sweeping campaign

Since early 2025, the Chinese-linked hacking group Salt Typhoon has aggressively targeted telecom infrastructure worldwide, compromising routers, switches and edge devices used by clients of major operators such as Comcast, MTN and LG Uplus.

Exploiting known but unpatched vulnerabilities, attackers gained persistent access to these network devices, potentially enabling further intrusions into core telecom systems.

The pattern suggests a strategic shift: the group broadly sweeps telecom infrastructure to establish ready-made access across critical communication channels.

Affected providers emphasised that only client-owned hardware was breached and confirmed no internal networks were compromised, but the campaign raises deeper concerns.

Experts warn that such indiscriminate telecommunications targeting could threaten data security and disrupt essential services, revealing a long-term cyber‑espionage strategy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nvidia’s container toolkit patched after critical bug

Cloud security researchers at Wiz have uncovered a critical misconfiguration in Nvidia’s Container Toolkit, used widely across managed AI services, that could allow a malicious container to break out and gain full root privileges on the host system.

The vulnerability, tracked as CVE‑2025‑23266 and nicknamed ‘NVIDIAScape’, arises from unsafe handling of OCI hooks. Exploiters can bypass container boundaries by using a simple three‑line Dockerfile, granting them access to server files, memory and GPU resources.

With Nvidia’s toolkit integral to GPU‑accelerated cloud offerings, the risk is systemic. A single compromised container could steal or corrupt sensitive data and AI models belonging to other tenants on the same infrastructure.

Nvidia has released a security advisory alongside updated toolkit versions. Users are strongly advised to apply patches immediately. Experts also recommend deploying additional isolation measures, such as virtual machines, to protect against container escape threats in multi-tenant AI environments.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum tech could break online security, warns India

The Indian Computer Emergency Response Team (CERT-In), alongside cybersecurity firm SISA, cautions that these powerful machines could soon break the encryption used to protect everything from online banking to personal identity systems.

CERT-In’s new white paper outlines how attackers may already be stockpiling encrypted data to unlock later using quantum tools, a tactic called ‘harvest now, decrypt later’. If left unaddressed, this strategy could expose sensitive data stored today once quantum technology matures.

AI is adding to the urgency. As it becomes more embedded in digital systems, it also increases access to user data, raising the stakes if encryption is compromised. The biggest digital systems in India, including Aadhaar, cryptocurrencies, and smart devices, are seen as particularly exposed to this looming risk.

Everyday users are advised to take precautions: update devices regularly, use strong passwords with multi-factor authentication, and avoid storing sensitive data online long-term. Services like Signal or ProtonMail, which use strong encryption, are also recommended.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers hide malware using DNS TXT records

Hackers are increasingly exploiting DNS records to deliver malware undetected, according to new research from DomainTools.

Instead of relying on typical delivery methods such as emails or downloads, attackers now hide malicious code within DNS TXT records, part of the Domain Name System, often overlooked by security systems.

The method involves converting malware into hexadecimal code, splitting it into small segments, and storing each chunk in the TXT record of subdomains under domains like whitetreecollective.com.

Once attackers gain limited access to a network, they retrieve these chunks via ordinary-looking DNS queries, reassembling them into functioning malware without triggering antivirus or firewall alerts.

The rising use of encrypted DNS protocols like DNS-over-HTTPS and DNS-over-TLS makes detecting such queries harder, especially without in-house DNS resolvers equipped for deep inspection.

Researchers also noted that attackers are using DNS TXT records for malware and embedding harmful text designed to manipulate AI systems through prompt injection.

Ian Campbell of DomainTools warns that even organisations with strong security measures struggle to detect such DNS-based threats due to the hidden nature of the traffic.

Instead of focusing solely on traditional defences, organisations are advised to monitor DNS traffic closely, log and inspect queries through internal resolvers, and restrict DNS access to trusted sources. Educating teams on these emerging threats remains essential for maintaining robust cybersecurity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

xAI eyes data centre deal with Humain

Elon Musk’s AI venture, xAI, has entered early discussions with Humain to secure data centre capacity instead of relying solely on existing infrastructure.

According to Bloomberg, the arrangement could involve several gigawatts of capacity, although Humain has yet to start building its facilities, meaning any deal would take years to materialise.

Humain is backed by Saudi Arabia’s Crown Prince Mohammed bin Salman and the Public Investment Fund (PIF). xAI is reportedly considering a fresh funding round where PIF might also invest.

At the same time, xAI is negotiating with a smaller company constructing a 200-megawatt data centre, offering a more immediate solution while waiting for larger projects.

Rather than operating in isolation, xAI joins AI competitors like Google, Meta and Microsoft in racing to secure vast computing power for training large AI models. The push for massive data centre capacity reflects the escalating demands of advanced AI systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum sector surges as Rigetti unveils modular machine

Quantum computing is progressing faster than expected, with Rigetti Computing achieving a major breakthrough. The company reached 99.5% median 2-qubit gate fidelity using a modular 36-qubit system—halving its error rate and moving closer to fault-tolerant computing.

The new machine, built from four 9-qubit chiplets, represents the industry’s largest multichip quantum system. Its modular design addresses the scalability challenges of single-chip models.

Rigetti’s superconducting qubits also outperform rivals by operating at significantly faster speeds.

Plans are in place to launch a 100+-qubit system before the end of 2025. Backing from DARPA, the US Air Force, and the UK government further validates Rigetti’s approach. Partnerships with Nvidia and Quanta Computer add commercial strength.

Despite modest revenue, Rigetti holds $575 million in cash with no debt and owns the sector’s first dedicated quantum chip factory. True commercial quantum advantage is expected between 2026 and 2028.

Shares of Rigetti, along with other quantum computing firms like IonQ and D-Wave, have surged in recent months, outperforming the broader market.

Rigetti offers strong potential—but remains a high-risk pick in a competitive field.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU helps Vietnam prepare for cyber emergencies

The European Union and Vietnam have conducted specialised cyber‑defence training to enhance the resilience of key infrastructure sectors such as power, transportation, telecoms and finance.

Participants, including government officials, network operators and technology experts, engaged in interactive threat-hunting exercises and incident simulation drills designed to equip teams with practical cyber‑response skills.

This effort builds on existing international partnerships, including collaboration with the US Cybersecurity and Infrastructure Security Agency, to align Vietnam’s security posture with global standards.

Vietnam faces an alarming shortfall of more than 700,000 cyber professionals, with over half of organisations reporting at least one breach in recent years.

The training initiative addresses critical skills gaps and contributes to national digital security resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

South Korea’s new Science Minister pledges AI-led national transformation

South Korea’s new Science and ICT Minister, Bae Kyung-hoon, has pledged to turn the nation into one of the world’s top three AI powerhouses.

Instead of following outdated methods, Bae outlined a bold national strategy centred on AI, science and technology, aiming to raise Korea’s potential growth rate to 3 per cent and secure a global economic leadership position.

Bae, a leading AI expert and former president of LG AI Research, officially assumed office on Thursday.

Drawing from experience developing hyperscale AI models like LG’s Exaone, he emphasised the need to build a unique competitive advantage rooted in AI transformation, talent development and technological innovation.

Rather than focusing only on industrial growth, Bae’s policy agenda targets a broad AI ecosystem, revitalised research and development, world-class talent nurturing, and addressing issues affecting daily life.

His plans include establishing AI-centred universities, enhancing digital infrastructure, promoting AI semiconductors, restoring grassroots research funding, and expanding consumer rights in telecommunications.

With these strategies, Bae aims to make AI accessible to all citizens instead of limiting it to large corporations or research institutes. His vision is for South Korea to lead in AI development while supporting social equity, cybersecurity, and nationwide innovation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!