Privacy-focused search engine DuckDuckGo has launched a new feature that allows users to filter out AI-generated images from search results.
Although the company admits the tool is not perfect and may miss some content, it claims it will significantly reduce the number of synthetic images users encounter.
The new filter uses open-source blocklists, including a more aggressive ‘nuclear’ option, sourced from tools like uBlock Origin and uBlacklist.
Users can access the setting via the Images tab after performing a search or use a dedicated link — noai.duckduckgo.com — which keeps the filter always on and also disables AI summaries and the browser’s chatbot.
The update responds to growing frustration among internet users. Platforms like X and Reddit have seen complaints about AI content flooding search results.
In one example, users searching for ‘baby peacock’ reported seeing just as many or more AI images than real ones, making it harder to distinguish between fake and authentic content.
DuckDuckGo isn’t alone in trying to tackle unwanted AI material. In 2024, Hiya launched a Chrome extension aimed at spotting deepfake audio across major platforms.
Microsoft’s Bing has also partnered with groups like StopNCII to remove explicit synthetic media from its results, showing that the fight against AI content saturation is becoming a broader industry trend.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Anne Arundel Dermatology, a network of over 100 clinics across seven states, has confirmed a cyberattack that compromised patient data for nearly 1.9 million individuals.
The breach between 14 February and 13 May 2025 may have exposed sensitive personal and medical records.
The company responded swiftly by isolating affected systems, working with forensic experts and completing a full file review by 27 June.
While there is no evidence that the data was accessed or misused, patients were notified and offered 24 months of identity-theft protection.
The incident ranks among the largest reported healthcare data breaches this year, prompting mandatory notifications to state attorneys general and the HHS Office for Civil Rights.
Affected individuals are advised to monitor statements and credit reports carefully.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
In a massive data breach revealed in July 2025, the Texas Alcohol & Drug Testing Service (TADTS) admitted hackers gained access to sensitive information belonging to approximately 748,763 individuals.
Attackers remained inside the network for five days in July 2024 before detection, later leaking hundreds of gigabytes of data via the BianLian ransomware group.
Exposed records include a dangerous mix of personal and financial data—names, Social Security and passport numbers, driver’s licence and bank account details, biometric information, health‑insurance files and login credentials.
The breadth of this data presents a significant risk of identity theft and financial fraud.
Despite identifying the breach shortly after, TADTS delayed notifying those affected until July 2025 and provided no credit monitoring or identity theft services.
The company is now under classic action scrutiny, with law firms investigating its response and breach notification delays.
Security experts warn that the extended timeline and broad data exposure could lead to scams, account takeovers and sustained damage to victims.
Affected individuals are urged to monitor statements, access free credit reports, and remain alert for suspicious activity.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Exploiting known but unpatched vulnerabilities, attackers gained persistent access to these network devices, potentially enabling further intrusions into core telecom systems.
Affected providers emphasised that only client-owned hardware was breached and confirmed no internal networks were compromised, but the campaign raises deeper concerns.
Cloud security researchers at Wiz have uncovered a critical misconfiguration in Nvidia’s Container Toolkit, used widely across managed AI services, that could allow a malicious container to break out and gain full root privileges on the host system.
The vulnerability, tracked as CVE‑2025‑23266 and nicknamed ‘NVIDIAScape’, arises from unsafe handling of OCI hooks. Exploiters can bypass container boundaries by using a simple three‑line Dockerfile, granting them access to server files, memory and GPU resources.
With Nvidia’s toolkit integral to GPU‑accelerated cloud offerings, the risk is systemic. A single compromised container could steal or corrupt sensitive data and AI models belonging to other tenants on the same infrastructure.
Nvidia has released a security advisory alongside updated toolkit versions. Users are strongly advised to apply patches immediately. Experts also recommend deploying additional isolation measures, such as virtual machines, to protect against container escape threats in multi-tenant AI environments.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The cryptocurrency industry faces a record-breaking year for theft in 2025, with losses surpassing $2.17 billion by mid-July, according to a Chainalysis report. The amount stolen so far has surpassed the total for all of 2024, highlighting a concerning increase in digital asset crime.
A large proportion, around $1.5 billion, stems from the North Korea-linked Bybit hack, which accounts for nearly 70% of thefts targeting crypto services this year.
While centralised exchanges remain prime targets, personal wallets now represent almost a quarter of stolen funds. The report highlights a rise in violent ‘wrench attacks,’ where criminals coerce Bitcoin holders into revealing private keys through threats or physical force.
Kidnappings of crypto executives and family members have also increased, with 2025 expected to double the number of such physical assaults compared to previous years.
Sophistication in laundering stolen crypto varies depending on the target. Hackers focusing on exchanges use advanced techniques like chain-hopping and mixers to obscure transactions.
Conversely, attackers targeting personal wallets often employ simpler methods. Interestingly, criminals are holding stolen assets longer and are willing to pay fees up to 14.5 times higher than average to swiftly move illicit funds and avoid detection.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Indian Computer Emergency Response Team (CERT-In), alongside cybersecurity firm SISA, cautions that these powerful machines could soon break the encryption used to protect everything from online banking to personal identity systems.
CERT-In’s new white paper outlines how attackers may already be stockpiling encrypted data to unlock later using quantum tools, a tactic called ‘harvest now, decrypt later’. If left unaddressed, this strategy could expose sensitive data stored today once quantum technology matures.
AI is adding to the urgency. As it becomes more embedded in digital systems, it also increases access to user data, raising the stakes if encryption is compromised. The biggest digital systems in India, including Aadhaar, cryptocurrencies, and smart devices, are seen as particularly exposed to this looming risk.
Everyday users are advised to take precautions: update devices regularly, use strong passwords with multi-factor authentication, and avoid storing sensitive data online long-term. Services like Signal or ProtonMail, which use strong encryption, are also recommended.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Hackers are increasingly exploiting DNS records to deliver malware undetected, according to new research from DomainTools.
Instead of relying on typical delivery methods such as emails or downloads, attackers now hide malicious code within DNS TXT records, part of the Domain Name System, often overlooked by security systems.
The method involves converting malware into hexadecimal code, splitting it into small segments, and storing each chunk in the TXT record of subdomains under domains like whitetreecollective.com.
Once attackers gain limited access to a network, they retrieve these chunks via ordinary-looking DNS queries, reassembling them into functioning malware without triggering antivirus or firewall alerts.
The rising use of encrypted DNS protocols like DNS-over-HTTPS and DNS-over-TLS makes detecting such queries harder, especially without in-house DNS resolvers equipped for deep inspection.
Researchers also noted that attackers are using DNS TXT records for malware and embedding harmful text designed to manipulate AI systems through prompt injection.
Ian Campbell of DomainTools warns that even organisations with strong security measures struggle to detect such DNS-based threats due to the hidden nature of the traffic.
Instead of focusing solely on traditional defences, organisations are advised to monitor DNS traffic closely, log and inspect queries through internal resolvers, and restrict DNS access to trusted sources. Educating teams on these emerging threats remains essential for maintaining robust cybersecurity.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Elon Musk’s AI venture, xAI, has entered early discussions with Humain to secure data centre capacity instead of relying solely on existing infrastructure.
According to Bloomberg, the arrangement could involve several gigawatts of capacity, although Humain has yet to start building its facilities, meaning any deal would take years to materialise.
Humain is backed by Saudi Arabia’s Crown Prince Mohammed bin Salman and the Public Investment Fund (PIF). xAI is reportedly considering a fresh funding round where PIF might also invest.
At the same time, xAI is negotiating with a smaller company constructing a 200-megawatt data centre, offering a more immediate solution while waiting for larger projects.
Rather than operating in isolation, xAI joins AI competitors like Google, Meta and Microsoft in racing to secure vast computing power for training large AI models. The push for massive data centre capacity reflects the escalating demands of advanced AI systems.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Cloudflare’s latest DDoS threat report reveals that business competitors initiate most known attacks. Of the customers who identified attackers, 63% blamed rivals, 21% pointed to state-linked actors, and 5% admitted self-inflicted disruptions caused by misconfigurations.
The Q2 report shows China as the most targeted country, followed by Brazil and Germany, while Ukraine, Singapore and Indonesia are listed among the top sources of DDoS traffic. Telecommunications, internet services and gaming are the industries most frequently targeted by attackers.
Cloudflare highlighted that the locations identified as sources often reflect the presence of botnets, proxies or VPNs, not the actual location of threat actors. Countries like the Netherlands appear high on the list due to favourable privacy laws and strong network infrastructure.
The company urged broader participation in its threat intelligence feed to help mitigate risks. Over 600 providers currently use Cloudflare’s data to remove abusive accounts and stop the spread of DDoS attacks across the internet.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
