OpenAI’s ChatGPT search tool is under scrutiny after a Guardian investigation revealed vulnerabilities to manipulation and malicious content. Hidden text on websites can alter AI responses, raising concerns over the tool’s reliability. The search feature, currently available to premium users, could misrepresent products or services by summarising planted positive content, even when negative reviews exist.
Cybersecurity researcher Jacob Larsen warned that the AI system in its current form might enable deceptive practices. Tests revealed how hidden prompts on webpages influence ChatGPT to deliver biased reviews. The same mechanism could be exploited to distribute malicious code, as highlighted in a recent cryptocurrency scam where the tool inadvertently shared credential-stealing instructions.
Experts emphasised that while combining search with AI models like ChatGPT offers potential, it also increases risks. Karsten Nohl, a scientist at SR Labs, likened such AI tools to a ‘co-pilot’ requiring oversight. Misjudgments by the technology could amplify risks, particularly as it lacks the ability to critically evaluate sources.
OpenAI acknowledges the possibility of errors, cautioning users to verify information. However, broader implications, such as how these vulnerabilities could impact website practices, remain unclear. Hidden text, while traditionally penalised by search engines like Google, may find new life in manipulating AI-based tools, posing challenges for OpenAI in securing the system.
Authorities in Thailand are taking steps to regulate bulk SIM card purchases to combat their misuse in scams targeting Thai citizens. The issue came to light following the police seizure of 200,000 prepaid SIM cards linked to a Chinese call center gang.
Currently, there are no restrictions on corporate bulk SIM purchases, aside from a rule requiring registration for users holding more than five numbers. The lack of oversight has enabled SIM cards to be used illegally, particularly near borders where foreign SIMs are common.
Many of these cards are intentionally registered without clear user identities or are misused in IoT devices, GPS trackers, or sold to tourists. To address these gaps, the Ministry of Digital Economy and Society has proposed legal reforms requiring mobile operators and banks to verify buyer identities and notify users of suspicious transactions.
Additionally, stricter regulations on SMS messages with embedded links are set to take effect next year. Inspired by policies in countries like Singapore and Australia, these reforms aim to enhance accountability and curb abuse.
The National Broadcasting and Telecommunications Commission (NBTC) emphasises a gradual approach to implementing these measures to minimise inconvenience for consumers and avoid disrupting legitimate business operations. While tackling the misuse of SIM cards, authorities aim to strike a balance between protecting the public and ensuring businesses can operate smoothly. This measured approach reflects the broader goal of preventing scams while maintaining economic and social stability.
Argentine authorities have seized a crypto wallet containing $3.5 million in Tether’s USDT as part of a sweeping investigation into the Rainbowex Ponzi scheme. The crackdown has also led to the freezing of additional cryptocurrency wallets and bank accounts linked to those accused of orchestrating the fraud.
The investigation has benefited from collaboration with Lemon, a major digital asset exchange in Argentina, along with blockchain forensics experts from Chainalysis and Qlue. Their technical expertise enabled authorities to track the flow of funds and uncover the scale of the alleged scheme.
Rainbowex lured investors with promises of extraordinary daily returns, amounting to an annual rate of nearly 3,500%. Authorities estimate that tens of thousands of San Pedro, Buenos Aires residents were affected. The operation has already resulted in over 15 raids, with four arrests made, while efforts to apprehend additional suspects, including individuals in Malaysia, continue with Interpol’s support.
Greek authorities have made their first-ever cryptocurrency seizure, confiscating 273,000 USDT (Tether) as part of a criminal investigation. The operation, conducted in December, was carried out under the supervision of the Greek European Public Prosecutor’s Office and involved collaboration with various law enforcement departments, including the Digital Evidence Examination Department.
The seizure, which is part of the ongoing ‘Admiral’ operation, highlights the growing challenges law enforcement faces in dealing with advanced technologies like blockchain and cryptocurrencies. Cryptocurrencies, known for their anonymity and security features, are often used in criminal activities such as fraud and money laundering. Experts stress the need for precision and expertise in handling digital assets, as mistakes can lead to irreversible losses.
Crypto-related scams are becoming more common in Greece, with many victims falling prey to fraudulent schemes. As cryptocurrencies gain popularity, particularly with the rise of Bitcoin and NFTs, the lack of understanding among the public increases the risk of scams. Experts warn that technological advances in AI are making these scams harder to detect, even for experienced investors.
In addition to combating fraud, authorities are also focusing on the management of seized cryptocurrencies, with plans to convert them into funds for the state, similar to practices in other European countries.
As Germany prepares for national elections on February 23, political parties are outlining their tech policy priorities, including digitalisation, AI, and platform regulation. Here’s where the leading parties stand as they finalise their programs ahead of the vote.
The centre-right CDU, currently leading in polls with 33%, proposes creating a dedicated Digital Ministry to streamline responsibilities under the Ministry of Transport. The party envisions broader use of AI and cloud technology in German industry while simplifying citizen interactions with authorities through digital accounts.
Outgoing Chancellor Olaf Scholz’s SPD, polling at 15%, focuses on reducing dependence on US and Chinese tech platforms by promoting European alternatives. The party also prioritises faster digitalisation of public administration and equitable rules for regulating AI and digital platforms, echoing EU-wide goals of tech sovereignty and security.
The Greens, with 14% support, highlight the role of AI in reducing administrative workloads amid labour shortages. They stress the need for greater interoperability across IT systems and call for an open-source strategy to modernise Germany’s digital infrastructure, warning that the country lags behind EU digitalisation targets.
The far-right AfD, projected to secure 17%, opposes EU platform regulations like the Digital Services Act and seeks to reverse Germany’s adoption of the NetzDG law. The party argues these measures infringe on free speech and calls for transparency in funding non-state actors and NGOs involved in shaping public opinion.
The parties’ contrasting visions set the stage for significant debates on the future of technology policy in Germany.
The United Nations General Assembly has adopted a landmark treaty to combat cybercrime, marking the culmination of five years of negotiations. The UN Convention against Cybercrime is set to become the first global instrument for global efforts to combat cybercrime and enhance international cooperation and technical assistance.
The UN Office on Drugs and Crime (UNODC), which acted as secretariat throughout the negotiations, celebrated the treaty as a victory for global cooperation.
‘Adopting this landmark convention is a major victory for multilateralism, marking the first international anti-crime treaty in 20 years. It is a crucial step forward in our efforts to address crimes like online child sexual abuse, sophisticated online scams and money laundering,’ said UNODC Executive Director Ghada Waly.
The General Assembly adopted the resolution by consensus, underscoring widespread support. Negotiations included contributions from civil society, academia, and the private sector, ensuring the treaty reflects diverse perspectives. However, many non-state actors raisedconcerns about the latest draft.
The treaty will open for signature during a formal ceremony in Vietnam in 2025 and will enter into force 90 days after being ratified by at least 40 member states. In addition, UNODC will continue its role as the secretariat for the Ad Hoc Committee, which is tasked with drafting a supplementary protocol to the Convention and supporting the future Conference of States Parties.
For more details about the Convention and negotiations process, please follow the dedicated page.
A recent cybersecurity breach involving US healthcare platform ConnectOnCall has compromised sensitive information belonging to more than 910,000 patients. The telehealth service, owned by Phreesia, experienced unauthorised access between February and May 2024, exposing names, phone numbers, medical details, and in some cases, Social Security numbers. Phreesia promptly took action after discovering the breach, enlisting cybersecurity experts and notifying federal authorities.
ConnectOnCall facilitates after-hours communication for healthcare providers, making the data theft particularly alarming due to the permanent and sensitive nature of health records. Cybercriminals may use this information for identity theft, fraudulent insurance claims, and targeted phishing attacks. Phreesia has since taken the service offline, offering identity and credit monitoring to affected patients, while working to implement more robust security measures.
The breach highlights the growing threat posed by cyberattacks on US healthcare platforms, where data is not only invaluable but also irreplaceable. Experts urge vigilance, such as monitoring accounts, using strong passwords, and employing identity theft protection. With incidents like this on the rise, calls are growing for stricter regulations to safeguard patient information and prevent similar breaches in the future.
A crafty new scam is ensnaring would-be crypto thieves by baiting them with fake wallet seed phrases. Cybersecurity experts at Kaspersky have revealed how scammers post these phrases in YouTube comments, claiming the wallets hold significant funds. The wallets, however, are traps designed to exploit anyone attempting to steal the assets.
One wallet discovered by Kaspersky analyst Mikhail Sytnik reportedly held $8,000 in USDT on the Tron network. A thief must send Tron (TRX) tokens to move the funds to cover transaction fees. Unbeknownst to them, the wallet is a multi-signature account, meaning the TRX sent for fees is instantly redirected to another wallet controlled by the scammers.
Sytnik described the scammers as “digital Robin Hoods” for targeting other opportunists. He advised people never to try accessing others’ wallets, even if given a seed phrase, and to remain cautious of strangers’ claims about cryptocurrency online.
This isn’t the first time fraudsters have exploited greed in the crypto space. In July, Kaspersky exposed a similar scam on Telegram, where users were tricked into downloading malware disguised as legitimate crypto tools, potentially compromising their devices and funds.
Marriott International and Starwood Hotels have been ordered to improve data security following multiple breaches impacting over 344 million customers. The Federal Trade Commission (FTC) finalised the order on Friday, citing inadequate security practices. Major breaches occurred in 2015, 2018, and 2020, exposing sensitive customer information, including passport details and payment data.
Hackers gained prolonged access to systems during the breaches, with one lasting four years undetected. The companies must now implement measures such as limiting data retention and providing US customers with a way to request the deletion of personal information tied to their accounts.
The FTC accused the hotel chains of misleading consumers with claims of robust data security while failing to address basic vulnerabilities like weak passwords and outdated software. The Connecticut Attorney General’s office also announced a $52 million settlement with Marriott on the same day.
Under the 20-year order, Marriott and Starwood must maintain compliance records, undergo inspections, and ensure transparency about their data handling practices. The ruling is part of broader efforts to hold businesses accountable for safeguarding customer information.
The Biden administration has initiated a trade investigation targeting Chinese-made legacy semiconductors, which power everyday goods like cars and telecom equipment. This ‘Section 301’ probe aims to address concerns about China’s state-driven expansion in chip manufacturing, which US officials warn could harm American semiconductor producers. Departing President Joe Biden had already imposed a 50% tariff on Chinese semiconductors, set to take effect 1 January, while tightening export controls on advanced AI and memory chips.
Commerce Secretary Gina Raimondo revealed that Chinese legacy chips account for two-thirds of semiconductors in US products, with many companies unaware of their origin—a finding she called alarming, particularly for the defence industry. US Trade Representative Katherine Tai stated that China’s subsidised chip pricing threatens global competition, enabling rapid capacity growth and undercutting market-oriented producers.
China’s commerce ministry has criticised the probe, calling it protectionist and a potential disruptor to global supply chains. Meanwhile, a public hearing on the issue is scheduled for March, with the probe expected to conclude within a year. The investigation follows the COVID-19 pandemic’s impact on semiconductor supply chains, prompting the US efforts to bolster domestic chip production with $52.7 billion in subsidies.
As the Biden administration transitions to President-elect Donald Trump’s leadership in January, this probe may offer Trump an opportunity to escalate tariffs on Chinese imports, echoing the trade practices he implemented during his prior term. Critics, including the US tech industry, have urged officials to approach the investigation collaboratively to avoid further disruption.
