Cybersecurity

Con artists pose as lawyers to steal from crypto scam victims

A new fraud tactic is emerging, with con artists posing as lawyers to target cryptocurrency scam victims. They exploit desperation by promising to recover lost funds, using elaborate ruses like fabricated government partnerships and forged documents.

Sophisticated tactics, including fake websites and staged WhatsApp chats, pressure people into paying additional fees.

The US Federal Bureau of Investigation has issued a warning about the scam. Fake law firms use detailed knowledge of a victim’s prior losses to appear credible, knowing the exact amounts and dates of fraudulent transactions.

The scheme often escalates when victims are directed to deposit money into what appear to be foreign bank accounts, which are sophisticated facades designed to steal more funds.

The FBI recommends a ‘Zero Trust’ approach to combat fraud. Any unsolicited recovery offer should be met with immediate scepticism. A major red flag is if a representative refuses to appear on camera or provide their licensing details.

The bureau also advises keeping detailed records of all interactions, like emails and video calls, as documentation could prove invaluable for investigators.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber-crime group BlackSuit crippled by $1 million crypto seizure

Law enforcement agencies in the United States and abroad have coordinated a raid to dismantle the BlackSuit ransomware operation, seizing servers and domains and approximately $1 million in cryptocurrency linked to ransom demands.

The action, led by the Department of Justice, Homeland Security Investigations, the Secret Service, the IRS and the FBI, involved cooperation with agencies across the UK, Germany, France, Canada, Ukraine, Ireland and Lithuania.

BlackSuit, a rebranded successor to the Royal ransomware gang and connected to the notorious Conti group, has been active since 2022. It has targeted over 450 US organisations across healthcare, government, manufacturing and education sectors, demanding more than $370 million in ransoms.

The crypto seized was traced back to a 2023 ransom payment of around 49.3 Bitcoin, valued at approximately $1.4 million. Investigators worked with cryptocurrency exchanges to freeze and recover roughly $1 million of those funds in early 2024.

While this marks a significant blow to the gang’s operations, officials warn that without arrests, the threat may persist or re-emerge under new identities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New digital headquarters aims to embed AI across Kazakhstan’s public services

Prime Minister Olzhas Bektenov established a digital transformation group, or digital headquarters, to advance AI integration across Kazakhstan, following President Tokayev’s directives on 11 August 2025.

The group includes senior officials, such as the deputy prime minister, the head of strategic planning, the minister of digital development, innovation, and aerospace industry, and the presidential digitalisation advisor. The group is tasked with implementing nine priority areas outlined by the president.

These span AI deployment in the economy, public administration, and healthcare; digital strategy development; IT architecture modernisation; cybersecurity; support for IT startups; the national QazTech platform; and innovative city initiatives.

A significant plan component involves crafting a roadmap with the Samruk Kazyna Sovereign Wealth Fund to embed AI in production and boost labour productivity. AI solutions are expected to improve diagnostics, personalise treatment, enable continuous patient monitoring, and streamline workflows in healthcare. Startups will gain access to the Ministry of Health infrastructure and integration into a unified medical database.

Consolidating government communication via the Aitu national messenger, IT modernisation, and strengthened cybersecurity aims to create a seamless, safe digital environment for citizens. The emphasis is swift collaboration to address AI integration challenges across all sectors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google patches critical Chrome bugs enabling code execution

Chrome security update fixes six flaws that could enable arbitrary code execution. Stable channel 139.0.7258.127/.128 (Windows, Mac) and .127 (Linux) ships high-severity patches that protect user data and system integrity.

CVE-2025-8879 is a heap buffer overflow in libaom’s video codec. CVE-2025-8880 is a V8 race condition reported by Seunghyun Lee. CVE-2025-8901 is an out-of-bounds write in ANGLE.

Detection methods included AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL. Further fixes address CVE-2025-8881 in File Picker and CVE-2025-8882, a use-after-free in Aura.

Successful exploitation could allow code to run with browser privileges through overflows and race conditions. The automatic rollout is staged; users should update it manually by going to Settings > About Chrome.

Administrators should prioritise rapid deployment in enterprise fleets. Google credited external researchers, anonymous contributors, and the Big Sleep project for coordinated reporting and early discovery.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Brazil prepares bill to tighten rules on social media

Brazilian President Luiz Inácio Lula da Silva has confirmed that his government is preparing new legislation to regulate social media, a move he defended despite criticism from US President Donald Trump. Speaking at an event in Pernambuco, Lula stressed that ‘laws also apply to foreigners’ operating in Brazil, underlining his commitment to hold international platforms accountable.

The draft proposal, which has not yet been fully detailed, aims to address harmful content such as paedophilia, hate speech, and disinformation that Lula said threaten children and democracy. According to government sources, the bill would strengthen penalties for companies that fail to remove content flagged as especially harmful by Brazil’s Justice Department.

Trump has taken issue with Brazil’s approach, criticising the Supreme Court for ruling that platforms could be held responsible for user-generated content and denouncing the 2024 ban of X, formerly Twitter, after Elon Musk refused to comply with court orders. He linked these disputes to imposing a 50% tariff on certain Brazilian imports, citing the political persecution of former president Jair Bolsonaro.

Lula pushed back on Trump’s remarks, insisting Bolsonaro’s trial for an alleged coup attempt is proceeding with full legal guarantees. On trade, he signalled that Brazil is open to talks over tariffs but emphasised negotiations would take place strictly on commercial, not political, grounds.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI agents face prompt injection and persistence risks, researchers warn

Zenity Labs warned at Black Hat USA that widely used AI agents can be hijacked without interaction. Attacks could exfiltrate data, manipulate workflows, impersonate users, and persist via agent memory. Researchers said knowledge sources and instructions could be poisoned.

Demos showed risks across major platforms. ChatGPT was tricked into accessing a linked Google Drive via email prompt injection. Microsoft Copilot Studio agents leaked CRM data. Salesforce Einstein rerouted customer emails. Gemini and Microsoft 365 Copilot were steered into insider-style attacks.

Vendors were notified under coordinated disclosure. Microsoft stated that ongoing platform updates have stopped the reported behaviour and highlighted built-in safeguards. OpenAI confirmed a patch and a bug bounty programme. Salesforce said its issue was fixed. Google pointed to newly deployed, layered defences.

Enterprise adoption of AI agents is accelerating, raising the stakes for governance and security. Aim Labs, which had previously flagged similar zero-click risks, said frameworks often lack guardrails. Responsibility frequently falls on organisations deploying agents, noted Aim Labs’ Itay Ravia.

Researchers and vendors emphasise layered defence against prompt injection and misuse. Strong access controls, careful tool exposure, and monitoring of agent memory and connectors remain priorities as agent capabilities expand in production.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

YouTube’s AI flags viewers as minors, creators demand safeguards

YouTube’s new AI age check, launched on 13 August 2025, flags suspected minors based on their viewing habits. Over 50,000 creators petitioned against it, calling it ‘AI spying’. The backlash reveals deep tensions between child safety and online anonymity.

Flagged users must verify their age with ID, credit card, or a facial scan. Creators say the policy risks normalising surveillance and shrinking digital freedoms.

SpyCloud’s 2025 report found a 22% jump in stolen identities, raising alarm over data uploads. Critics fear YouTube’s tool could invite hackers. Past scandals over AI-generated content have already hurt creator trust.

Users refer to it on X as a ‘digital ID dragnet’. Many are switching platforms or tweaking content to avoid flags. WebProNews says creators demand opt-outs, transparency, and stronger human oversight of AI systems.

As global regulation tightens, YouTube could shape new norms. Experts urge a balance between safety and privacy. Creators push for deletion rules to avoid identity risks in an increasingly surveilled online world.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK-based ODI outlines vision for EU AI Act and data policy

The Open Data Institute (ODI) has published a manifesto setting out six principles for shaping European Union policy on AI and data. Aimed at supporting policymakers, it aligns with the EU’s upcoming digital reforms, including the AI Act and the review of the bloc’s digital framework.

Although based in the UK, the ODI has previously contributed to EU policymaking, including work on the General-Purpose AI Code of Practice and consultations on the use of health data. The organisation also launched a similar manifesto for UK data and AI policy in 2024.

The ODI states that the EU has a chance to establish a global model of digital governance, prioritizing people’s interests. Director of research Elena Simperl called for robust open data infrastructure, inclusive participation, and independent oversight to build trust, support innovation, and protect values.

Drawing on the EU’s Competitiveness Compass and the Draghi report, the six principles are: data infrastructure, open data, trust, independent organisations, an inclusive data ecosystem, and data skills. The goal is to balance regulation and innovation while upholding rights, values, and interoperability.

The ODI highlights the need to limit bias and inequality, broaden access to data and skills, and support smaller enterprises. It argues that strong governance should be treated like physical infrastructure, enabling competitiveness while safeguarding rights and public trust in the AI era.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI browsers accused of harvesting sensitive data, according to new study

A new study from researchers in the UK and Italy found that popular AI-powered browsers collect and share sensitive personal data, often in ways that may breach privacy laws.

The team tested ten well-known AI assistants, including ChatGPT, Microsoft’s Copilot, Merlin AI, Sider, and TinaMind, using public websites and private portals like health and banking services.

All but Perplexity AI showed evidence of gathering private details, from medical records to social security numbers, and transmitting them to external servers.

The investigation revealed that some tools continued tracking user activity even during private browsing, sending full web page content, including confidential information, to their systems.

Sometimes, prompts and identifying details, like IP addresses, were shared with analytics platforms, enabling potential cross-site tracking and targeted advertising.

Researchers also found that some assistants profiled users by age, gender, income, and interests, tailoring their responses across multiple sessions.

According to the report, such practices likely violate American health privacy laws and the European Union’s General Data Protection Regulation.

Privacy policies for some AI browsers admit to collecting names, contact information, payment data, and more, and sometimes storing information outside the EU.

The study warns that users cannot be sure how their browsing data is handled once gathered, raising concerns about transparency and accountability in AI-enhanced browsing.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ukraine pioneers Starlink satellite-to-phone network

Ukraine has completed its first successful field test of Starlink’s direct-to-cell satellite technology, marking a breakthrough for mobile connectivity in Eastern Europe.

The trial, carried out by the country’s largest mobile operator Kyivstar in the Zhytomyr region, saw CEO Oleksandr Komarov and Ukraine’s digital transformation minister Mykhailo Fedorov exchange messages using standard smartphones.

The system connects directly to phones via satellites equipped with advanced cellular modems, functioning like cell towers in space.

The technology is designed to keep communications running when terrestrial networks are damaged or inaccessible.

Telecom companies worldwide are exploring satellite-based solutions to remove coverage gaps instead of relying solely on costly or impractical land-based networks.

Starlink, owned by SpaceX, has already signed direct-to-cell service deals in 10 countries, with Kyivstar set to be the first European operator to adopt it.

A commercial rollout in Ukraine is planned for late 2025, starting with messaging. Broader mobile satellite broadband access is expected in early 2026.

Kyivstar’s parent company, VEON, is also discussing with other providers, such as Amazon’s Project Kuiper, the extension of similar services beyond Ukraine.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.