Cybersecurity

Musk says users are liable for the illegal Grok content

Scrutiny has intensified around X after its Grok chatbot was found generating non-consensual explicit images when prompted by users.

Grok had been positioned as a creative AI assistant, yet regulators reacted swiftly once altered photos were linked to content involving minors. Governments and rights groups renewed pressure on platforms to prevent abusive use of generative AI.

India’s Ministry of Electronics and IT issued a notice to X demanding an Action Taken Report within 72 hours, citing failure to restrict unlawful content.

Authorities in France referred similar cases to prosecutors and urged enforcement under the EU’s Digital Services Act, signalling growing international resolve to control AI misuse.

Elon Musk responded by stating users, instead of Grok, would be legally responsible for illegal material generated through prompts. The company said offenders would face permanent bans and cooperation with law enforcement.

Critics argue that transferring liability to users does not remove the platform’s duty to embed stronger safeguards.

Independent reports suggest Grok has previously been involved in deepfake creation, creating a wider debate about accountability in the AI sector. The outcome could shape expectations worldwide regarding how platforms design and police powerful AI tools.

Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Reddit overtakes TikTok in the UK social media race

In the UK, Reddit has quietly overtaken TikTok to become Britain’s fourth most-visited social media platform, marking a major shift in how people search for information and share opinions online.

Use of the platform among UK internet users has risen sharply over the past two years, driven strongly by younger audiences who are increasingly drawn to open discussion instead of polished influencer content.

Google’s algorithm changes have helped accelerate Reddit’s rise by prioritising forum-based conversations in search results. Partnership deals with major AI companies have reinforced visibility further, as AI tools increasingly cite Reddit threads.

Younger users in the UK appear to value unfiltered and experience-based conversations, creating strong growth across lifestyle, beauty, parenting and relationship communities, alongside major expansion in football-related discussion.

Women now make up more than half of Reddit’s UK audience, signalling a major demographic shift for a platform once associated mainly with male users. Government departments, including ministers, are also using Reddit for direct engagement through public Q&A sessions.

Tension remains part of the platform’s culture, yet company leaders argue that community moderation and voting systems help manage behaviour.

Reddit is now encouraging users to visit directly instead of arriving via search or AI summaries, positioning the platform as a human alternative to automated answers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Data breach exposes users of major patient portal ManageMyHealth

More than 108,000 users of ManageMyHealth may have had their information exposed following a data breach affecting one of the country’s largest patient portals. The incident occurred on Wednesday and is believed to have affected between 6% and 7% of the platform’s 1.8 million registered users.

ManageMyHealth said affected users will be contacted within 48 hours with details about whether and how their data was accessed. Chief executive Vino Ramayah said the company takes the protection of health information extremely seriously and acknowledged the stress such incidents can cause.

He confirmed that the Office of the Privacy Commissioner has been notified and is working with the company to meet legal obligations.

Health Minister Simeon Brown described the breach as concerning but stated that there was no evidence to suggest that Health New Zealand systems, including My Health Account, had been compromised. He added that health services were continuing to operate as normal and that there had been no clinical impact on patient care.

Health New Zealand said it is coordinating with the National Cyber Security Centre and other agencies to understand the scope of the breach and ensure appropriate safeguards are in place.

Officials stressed expectations around security standards, transparency and clear communication, while ongoing engagement with primary care providers and GPs continues.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Google sues group behind mass scam texts

Google has filed a lawsuit against a Chinese-speaking cybercriminal network it says is behind a large share of scam text messages targeting people in the United States. The company says the legal action is aimed at disrupting the group’s online infrastructure rather than seeking damages.

According to the complaint, the group, known as Darcula, develops and sells phishing software that allows scammers to send mass text messages posing as trusted organisations such as postal services, government agencies, or online platforms. The tools are designed to be easy to use, enabling people with little technical expertise to run large-scale scams.

Google says the software has been used by hundreds of scam operators to direct victims to fake websites where credit card details are stolen. The company estimates that hundreds of thousands of payment cards have been compromised globally, with tens of thousands linked to victims in the United States.

The lawsuit asks a US court to grant Google the authority to seize and shut down websites connected to the operation, a tactic technology companies increasingly use when criminal networks operate in countries beyond the reach of US law enforcement. Investigations by journalists and cybersecurity researchers suggest the group operates largely in Chinese and has links to individuals based in China and other countries.

The case highlights the growing scale of text-based fraud in the US, where cybercrime losses continue to rise sharply. Google says it will continue combining legal action with technical measures to limit the reach of large scam networks and protect users from increasingly sophisticated phishing campaigns.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New οffline AI note app promises privacy without subscriptions

Growing concern over data privacy and subscription fatigue has led an independent developer to create WitNote, an AI note-taking tool that runs entirely offline.

The software allows users to process notes locally on Windows and macOS rather than relying on cloud-based services where personal information may be exposed.

WitNote supports lightweight language models such as Qwen2.5-0.5B that can run with limited storage requirements. Users may also connect to external models through API keys if preferred.

Core functions include rewriting, summarising and extending content, while a WYSIWYG Markdown editor provides a familiar workflow without network delays, instead of relying on web-based interfaces.

Another key feature is direct integration with Obsidian Markdown files, allowing notes to be imported instantly and managed in one place.

The developer says the project remains a work in progress but commits to ongoing updates and user-driven improvements, even joining Apple’s developer programme personally to support smoother installation.

For users seeking AI assistance while protecting privacy and avoiding monthly fees, WitNote positions itself as an appealing offline alternative that keeps full control of data on the local machine.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hawaii warns residents about phishing using fake government sites

State officials have warned the public about a phishing campaign using the fake domain codify.inc to impersonate official government websites. Cybercriminals aim to steal personal information and login credentials from unsuspecting users.

Several state agencies are affected, including the departments of Labor and Industrial Relations, Education, Health, Transportation, and many others. Fraudulent websites often mimic official URLs, such as dlir.hi.usa.codify.inc, and may use AI-based services to entice users.

Residents are urged to verify website addresses carefully. Official government portals will always end in .gov, and any other extensions like .inc or .co are not legitimate. Users should type addresses directly into their browsers rather than clicking links in unsolicited emails or texts.

Suspicious websites should be reported to the State of Hawaii at soc@hawaii.gov to help protect other residents from falling victim to the scam.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI malware emerges as major cybersecurity threat

Cybersecurity experts are raising alarms as AI transitions from a theoretical concern to an operational threat. The H2 2025 ESET Threat Report shows AI-powered malware is now targeting systems globally, raising attack sophistication.

PromptLock, the first AI-driven ransomware, uses a dual-component system to generate unique scripts for each target. The malware autonomously decides to exfiltrate, encrypt, or destroy data, using a feedback loop to ensure reliable execution.

Other AI threats include PromptFlux, which rewrites malware for persistence, and PromptSteal, which harvests sensitive files. These developments highlight the growing capabilities of attackers using machine learning models to evade traditional defences.

The ransomware-as-a-service market is growing, with Qilin, Akira, and Warlock using advanced evasion techniques. The convergence of AI-driven malware and thriving ransomware economies presents an urgent challenge for organisations globally.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Scam texts impersonating Illinois traffic authorities spread

Illinois Secretary of State Alexi Giannoulias has warned residents to stay alert for fraudulent text messages claiming unpaid traffic violations or tolls. Officials say the messages are part of a phishing campaign targeting Illinois drivers.

The scam texts typically warn recipients that their vehicle registration or driving privileges are at risk of suspension. The messages urge immediate action via links that steal money or personal information.

The Secretary of State’s office said it sends text messages only to remind customers about scheduled DMV appointments. It does not communicate by text about licence status, vehicle registration issues, or enforcement actions.

Officials advised residents not to click on links or provide personal details in response to such messages. The texts are intended to create fear and pressure victims into acting quickly.

Residents who receive scam messages are encouraged to report them to the Federal Trade Commission through its online fraud reporting system.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Belgium’s influencers seek clarity through a new certification scheme

The booming influencer economy of Belgium is colliding with an advertising rulebook that many creators say belongs to another era.

Different obligations across federal, regional and local authorities mean that wording acceptable in one region may trigger a reprimand in another. Some influencers have even faced large fines for administrative breaches such as failing to publish business details on their profiles.

In response, the Influencer Marketing Alliance in Belgium has launched a certification scheme designed to help creators navigate the legal maze instead of risking unintentional violations.

Influencers complete an online course on advertising and consumer law and must pass a final exam before being listed in a public registry monitored by the Jury for Ethical Practices.

Major brands, including L’Oréal and Coca-Cola, already prefer to collaborate with certified creators to ensure compliance and credibility.

Not everyone is convinced.

Some Belgian influencers argue that certification adds more bureaucracy at a time when they already struggle to understand overlapping rules. Others see value as a structured reminder that content creators remain legally responsible for commercial communication shared with followers.

The alliance is also pushing lawmakers to involve influencers more closely when drafting future rules, including taxation and safeguards for child creators.

Consumer groups such as BEUC support clearer definitions and obligations under the forthcoming EU Digital Fairness Act, arguing that influencer advertising should follow the same standards as other media instead of remaining in a grey zone.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Romania’s Oltenia Energy Complex reports a serious ransomware breach

A ransomware attack has disrupted the Oltenia Energy Complex, Romania’s largest coal-based power producer, after hackers encrypted key IT systems in the early hours of 26 December.

The state-controlled company confirmed that the Gentlemen ransomware strain locked corporate files and disabled core services, including ERP platforms, document management tools, email and the official website.

The organisation isolated affected infrastructure and began restoring services from backups on new systems instead of paying a ransom. Operations were only partially impacted and officials stressed that the national energy system remained secure, despite the disruption across business networks.

A criminal complaint has been filed. Additionally, both the National Directorate of Cyber Security of Romania and the Ministry of Energy have been notified.

Investigators are still assessing the scale of the breach and whether sensitive data was exfiltrated before encryption. The Gentlemen ransomware group has not yet listed the energy firm on its dark-web leak site, a sign that negotiations may still be underway.

An attack that follows a separate ransomware incident that recently hit Romania’s national water authority, underlining the rising pressure on critical infrastructure organisations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!