A cyber‑attack on Bouygues Telecom has compromised the personal data of 6.4 million customers. The firm disclosed that a third party accessed personal and contractual information related to certain subscriptions.
Attackers gained access on 4 August and were blocked swiftly after detection, increasing the monitoring of the systems. Exposed data includes contact details, contractual and civil status information, business records for professional clients, and IBANs for affected users.
The cybersecurity breach did not include credit card numbers or passwords. Bouygues sent impacted customers notifications via email or text and advised vigilance against scam calls and messages.
The French data protection authority, the CNIL, has been informed, and a formal complaint has been filed. The company warned that perpetrators face up to five years in prison and a fine of €150,000 under French law.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has confirmed a data breach during its investigation into the ShinyHunters group, revealing the tech giant was also affected. The attackers accessed a Salesforce database used for storing small business customer information.
The breach exposed business names and contact details during a short window before access was revoked. Google stated no highly sensitive or personal data was compromised.
ShinyHunters used phishing and vishing tactics to trick users into authorising malicious Salesforce apps disguised as legitimate tools. The technique mirrors previous high-profile breaches involving firms like Santander and Ticketmaster.
Google warned the group may escalate operations by launching a data leak site. Organisations are urged to tighten their cybersecurity measures and access controls, train staff and apply multi-factor authentication across all accounts.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Cybercriminals are increasingly targeting TikTok Shop users through a phishing and malware campaign known as ‘ClickTok‘. The scheme uses fake Meta ads and AI-generated TikTok videos imitating influencers to lure victims to fraudulent domains resembling real sites.
These domains are used to steal credentials and distribute trojanised applications. More than 10,000 fake sites have been identified, luring shoppers with heavily discounted products and urgency tactics such as countdown timers.
Victims are prompted to make payments in Tether, allowing scammers to exploit the irreversible nature of cryptocurrency transactions. The fraudulent storefronts are designed to appear convincing, encouraging rash purchases.
TikTok Shop affiliate members are also being targeted with advance fee scams. Criminals pose as TikTok affiliates on WhatsApp and Telegram, convincing victims to deposit funds into bogus wallets in exchange for fake commission payments.
The report warns that the younger demographic on TikTok, particularly those aged 18 to 34, may be more vulnerable to such schemes. The trend shows scams shifting from Facebook and X to new e-commerce platforms.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Over 1,000 employees are now based at Hubballi, where the new Living Lab delivers services across sectors such as manufacturing, healthcare, financial services, and space technology. Strategic ties with local academic institutions like IIIT Dharwad are intended to nurture future-ready talent close to operations.
Local leaders framed the centre as a corrective to past underutilisation concerns and a driver of industry-academia collaboration. By encouraging expansion to other districts, they set the tone for inclusive growth and long-term innovation across North Karnataka.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Australia’s eSafety commissioner report showed that tech giants, including Apple, Google, Meta, and Microsoft, have failed to act against online child sexual abuse. Namely, it was found that Apple and YouTube do not track the number of abuse reports they receive or how quickly they respond, raising serious concerns. Additionally, both companies failed to disclose the number of trust and safety staff they employ, highlighting ongoing transparency and accountability issues in protecting children online.
In July 2024, the eSafety Commissioner of Australia took action by issuing legally enforceable notices to major tech companies, pressuring them to improve their response to child sexual abuse online.
These notices legally require recipients to comply within a set timeframe. Under the order, each companies were required to report eSafety every six months over a two-year period, detailing their efforts to combat child sexual abuse material, livestreamed abuse, online grooming, sexual extortion, and AI-generated content.
While these notices were issued in 2022 and 2023, there has been minimal effort by the companies to take action to prevent such crimes, according to Australia’s eSafety Commissioner Julie Inman Grant.
Apple did not use hash-matching tools to detect known CSEA images on iCloud (which was opt-in, end-to-end encrypted) and did not use hash-matching tools to detect known CSEA videos on iCloud or iCloud email. For iMessage and FaceTime (which were end-to-end encrypted), Apple only used Communication Safety, Apple’s safety intervention to identify images or videos that likely contain nudity, as a means of ‘detecting’ CSEA.
Discord did not use hash-matching tools for known CSEA videos on any part of the service (despite using hash-matching tools for known images and tools to detect new CSEA material).
Google did not use hash-matching tools to detect known CSEA images on Google Messages (end-to-end encrypted), nor did it detect known CSEA videos on Google Chat, Google Messages, or Gmail.
Microsoft did not use hash-matching tools for known CSEA images stored on OneDrive18, nor did it use hash-matching tools to detect known videos within content stored on OneDrive or Outlook.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A sweeping cyberattack has compromised the federal court filing system across multiple US states, exposing sensitive case data and informant identities. The breach affects core systems used by legal professionals and the public.
Sources say the Administrative Office of the US Courts first realised the scale of the hack in early July, with authorities still assessing the damage. Nation-state-linked actors or organised crime are suspected.
Critical systems like CM/ECF and PACER were impacted, raising fears over sealed indictments, search warrants and cooperation records now exposed. A dozen dockets were reportedly tampered with in at least one district.
Calls to modernise the ageing court infrastructure have intensified, with officials warning of rising cyber threats and the urgent need for system replacements.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
China’s Ministry of State Security has warned of foreign attempts to collect sensitive biometric data via crypto schemes. The ministry warned that foreign agents are illegally harvesting iris scans and facial data, risking personal privacy and national security.
The advisory noted recent cases in which foreign intelligence services exploited biometric technologies to spy on individuals within China. Cryptocurrencies incentivised people worldwide to submit iris scans, which were sent overseas.
Although no specific companies were named, the description resembled the approach of the crypto firm World, formerly known as Worldcoin.
Biometric identification methods have proliferated across many sectors due to their accuracy and convenience. However, the ministry stressed the vulnerability of such systems to data breaches and misuse.
Iris patterns, unique and challenging to replicate, are prized by malicious actors.
Citizens are urged to remain cautious, carefully review privacy policies, and question how their biometric information is handled.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The crackdown follows the discovery that organised criminal groups are operating scam centres across Southeast Asia, hacking WhatsApp accounts or adding users to group chats to lure victims into fake investment schemes and other types of fraud.
In one case, WhatsApp, Meta, and OpenAI collaborated to disrupt a Cambodian cybercrime group that used ChatGPT to generate fake instructions for a rent-a-scooter pyramid scheme.
Victims were enticed with offers of cash for social media engagement before being moved to private chats and pressured to make upfront payments via cryptocurrency platforms.
Meta warned that these scams often stem from well-organised networks in Southeast Asia, some exploiting forced labour. Authorities continue to urge the public to remain vigilant, enable features such as WhatsApp’s two-step verification, and be wary of suspicious or unsolicited messages.
It should be mentioned that these scams have also drawn political attention in the USA. Namely, US Senator Maggie Hassan has urged SpaceX CEO Elon Musk to act against transnational criminal groups in Southeast Asia that use Starlink satellite internet to run massive online fraud schemes targeting Americans.
Despite SpaceX’s policies allowing service termination for fraud, Starlink remains active in regions where these scams, often linked to forced labour and human trafficking, operate.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Millions of Dell laptops faced a serious security risk due to a flaw in a Broadcom chip used for storing sensitive data. Cisco Talos researchers uncovered the vulnerability, which could have allowed attackers to steal passwords and monitor activity.
Dell confirmed over 100 laptop models were impacted, especially those with its ‘ControlVault’ security software used in sensitive industries. A fix has been issued through security patches since March.
No evidence suggests the flaw was exploited, but experts warn users to install updates promptly to avoid exposure. The issue highlights the risks of storing biometrics and credentials directly on devices.
Users are advised to keep security patches current and use reliable antivirus software to help reduce threats from similar vulnerabilities in future.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Researchers have discovered a critical security flaw in Microsoft’s new NLWeb protocol, designed to bring ChatGPT-style search to websites and apps. The vulnerability, a simple path traversal bug, allowed remote access to sensitive files, including system configurations and API keys.
Although Microsoft has patched it, the incident raises concerns about security oversight, particularly as NLWeb is being adopted by major partners such as Shopify, Snowflake, and TripAdvisor.
According to The Verge, security researchers Aonan Guan and Lei Wang identified the flaw shortly after NLWeb’s launch, warning that traditional vulnerabilities now have the potential to compromise the ‘brains’ of AI systems themselves.
Microsoft issued a fix on 1 July, but has yet to assign the flaw a CVE, the industry standard for tracking security vulnerabilities, despite pressure from the researchers. Assigning a CVE would raise awareness and allow better monitoring of the issue, even though NLWeb is not yet widely used.
Microsoft is also continuing to roll out native support for the Model Context Protocol (MCP) in Windows, despite recent warnings from security researchers about its potential risks.
The NLWeb vulnerability highlights the need for Microsoft to balance the rapid rollout of new AI carefully features with maintaining security as its top priority.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
