Consumer protection

Fake VPN apps linked to banking malware warn security experts

Security researchers have issued urgent warnings about VPN applications that appear legitimate but secretly distribute banking trojans such as Klopatra and Mobdro.

The apps masquerade as trustworthy privacy tools, but once installed they can steal credentials, exfiltrate data or give attackers backdoor access to devices. Victims may initially notice nothing amiss.

Among the apps flagged, some were available on major app platforms, increasing the risk exposure. Analysts recommend users immediately uninstall any unfamiliar VPN apps, scan devices with a reputable security tool and change banking passwords if suspicious activity is detected.

Developers and platform operators are urged to strengthen vetting of privacy tool submissions. Given that VPNs are inherently powerful (encrypting traffic, accessing network functions), any malicious behaviour can escalate rapidly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Google faces UK action over market dominance

Google faces new regulatory scrutiny in the UK after the competition watchdog designated it with strategic market status under a new digital markets law. The ruling could change how users select search engines and how Google ranks online content.

The Competition and Markets Authority said Google controls more than 90 percent of UK searches, giving it a position of unmatched influence. The designation enables the regulator to propose targeted measures to ensure fair competition, with consultations expected later in 2025.

Google argued that tighter restrictions could slow innovation, claiming its search tools contributed £118 billion to the UK economy in 2023. The company warned that new rules might hinder product development during rapid AI advancement.

The move adds to global scrutiny of the tech giant, which faces significant fines and court cases in the US and EU over advertising and app store practices. The CMA’s decision marks the first important use of its new powers to regulate digital platforms with strategic control.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Fake VPN app drains bank accounts across Europe

Cybersecurity experts are urging Android users to uninstall a fake VPN app capable of stealing banking details and draining accounts. The malware, hidden inside a Mobdro Pro IPTV + VPN app, has already infected more than 3,000 devices across Europe.

The app promises free access to films and live sports, but installs Klopatra, a sophisticated malware designed to gain complete control of a device. Once downloaded, it tricks users into granting access through Android’s Accessibility Services, enabling attackers to read screens and perform actions remotely.

Researchers at Cleafy, the firm that uncovered the operation, said attackers can use the permissions to operate phones as if they were the real owners. The firm believes the campaign originated in Turkey and estimates that around 1,000 people have fallen victim to the scam.

Cybersecurity analysts stress that the attack represents a growing trend in banking malware, where accessibility features are exploited to bypass traditional defences and gain near-total control of infected devices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Grok to get new AI video detection tools, Musk says

Musk said Grok will analyse bitstreams for AI signatures and scan the web to verify the origins of videos. Grok added that it will detect subtle AI artefacts in compression and generation patterns that humans cannot see.

AI tools such as Grok Imagine and Sora are reshaping the internet by making realistic video generation accessible to anyone. The rise of deepfakes has alarmed users, who warn that high-quality fake videos could soon be indistinguishable from real footage.

A user on X expressed concern that leaders are not addressing the growing risks. Elon Musk responded, revealing that his AI company xAI is developing Grok’s ability to detect AI-generated videos and trace their origins online.

The detection features aim to rebuild trust in digital media as AI-generated content spreads. Commentators have dubbed the flood of such content ‘AI slop’, raising concerns about misinformation and consent.

Concerns about deepfakes have grown since OpenAI launched the Sora app. A surge in deepfake content prompted OpenAI to tighten restrictions on cameo mode, allowing users to opt out of specific scenarios.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Age verification and online safety dominate EU ministers’ Horsens meeting

EU digital ministers are meeting in Horsens on 9–10 October to improve the protection of minors online. Age verification, child protection, and digital sovereignty are at the top of the agenda under the Danish EU Presidency.

The Informal Council Meeting on Telecommunications is hosted by the Ministry of Digital Affairs of Denmark and chaired by Caroline Stage. European Commission Executive Vice-President Henna Virkkunen is also attending to support discussions on shared priorities.

Ministers are considering measures to prevent children from accessing age-inappropriate platforms and reduce exposure to harmful features like addictive designs and adult content. Stronger safeguards across digital services are being discussed.

The talks also focus on Europe’s technological independence. Ministers aim to enhance the EU’s digital competitiveness and sovereignty while setting a clear direction ahead of the Commission’s upcoming Digital Fairness Act proposal.

A joint declaration, ‘The Jutland Declaration’, is expected as an outcome. It will highlight the need for stronger EU-level measures and effective age verification to create a safer online environment for children.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI cameras boost wildfire detection in Minnesota

Xcel Energy has deployed the first AI-driven wildfire-detection cameras in Minnesota to improve early warning for grass and forest fires. The technology aims to protect communities, natural resources, and power infrastructure while strengthening the grid’s resilience.

The first two Pano AI camera systems have been installed in Mankato and Clear Lake, with 38 planned for higher-risk areas. The cameras provide continuous 360-degree scanning and use AI to detect smoke, enabling rapid alerts to local fire agencies.

Pano AI technology combines high-definition imaging, satellite data, and human verification to locate fires in real time. Fire departments gain access to live terrain intelligence, including hard-to-monitor areas, helping shorten response times and improve firefighter safety.

More than 1,200 wildfires have burned nearly 49,000 acres in Minnesota so far this year. Xcel Energy already uses Pano AI cameras in Colorado and Texas, where the technology has proven effective in identifying fires early and containing their spread.

The initiative is part of Xcel Energy’s Minnesota Wildfire Mitigation Program, which combines advanced technologies, modernised infrastructure, and vegetation management to reduce risks. The company is working with communities and agencies to strengthen prevention and response efforts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI joins dialogue with the EU on fair and transparent AI development

The US AI company, OpenAI, has met with the European Commission to discuss competition in the rapidly expanding AI sector.

A meeting focused on how large technology firms such as Apple, Microsoft and Google shape access to digital markets through their operating systems, app stores and search engines.

During the discussion, OpenAI highlighted that such platforms significantly influence how users and developers engage with AI services.

The company encouraged regulators to ensure that innovation and consumer choice remain priorities as the industry grows, noting that collaboration between major and minor players can help maintain a balanced ecosystem.

An issue arises as OpenAI continues to partner with several leading technology companies. Microsoft, a key investor, has integrated ChatGPT into Windows 11’s Copilot, while Apple recently added ChatGPT support to Siri as part of its Apple Intelligence features.

Therefore, OpenAI’s engagement with regulators is part of a broader dialogue about maintaining open and competitive markets while fostering cooperation across the industry.

Although the European Commission has not announced any new investigations, the meeting reflects ongoing efforts to understand how AI platforms interact within the broader digital economy.

OpenAI and other stakeholders are expected to continue contributing to discussions to ensure transparency, fairness and sustainable growth in the AI ecosystem.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Retailers face new pressure under California privacy law

California has entered a new era of privacy and AI enforcement after the state’s privacy regulator fined Tractor Supply USD1.35 million for failing to honour opt-outs and ignoring Global Privacy Control signals. The case marks the largest penalty yet from the California Privacy Protection Agency.

In California, there is a widening focus on how companies manage consumer data, verification processes and third-party vendors. Regulators are now demanding that privacy signals be enforced at the technology layer, not just displayed through website banners or webforms.

Retailers must now show active, auditable compliance, with clear privacy notices, automated data controls and stronger vendor agreements. Regulators have also warned that businesses will be held responsible for partner failures and poor oversight of cookies and tracking tools.

At the same time, California’s new AI law, SB 53, extends governance obligations to frontier AI developers, requiring transparency around safety benchmarks and misuse prevention. The measure connects AI accountability to broader data governance, reinforcing that privacy and AI oversight are now inseparable.

Executives across retail and technology are being urged to embed compliance and governance into daily operations. California’s regulators are shifting from punishing visible lapses to demanding continuous, verifiable proof of compliance across both data and AI systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

OSCE warns AI threatens freedom of thought

The OSCE has launched a new publication warning that rapid progress in AI threatens the fundamental human right to freedom of thought. The report, Think Again: Freedom of Thought in the Age of AI, calls on governments to create human rights-based safeguards for emerging technologies.

Speaking during the Warsaw Human Dimension Conference, Professor Ahmed Shaheed of the University of Essex said that freedom of thought underpins most other rights and must be actively protected. He urged states to work with ODIHR to ensure AI development respects personal autonomy and dignity.

Experts at the event said AI’s growing influence on daily life risks eroding individuals’ ability to form independent opinions. They warned that manipulation of online information, targeted advertising, and algorithmic bias could undermine free thought and democratic participation.

ODIHR recommends states to prevent coercion, discrimination, and digital manipulation, ensuring societies remain open to diverse ideas. Protecting freedom of thought, the report concludes, is essential to preserving human dignity and democratic resilience in an age shaped by AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ID data from 70,000 Discord users exposed in third-party breach

Discord has confirmed that official ID images belonging to around 70,000 users may have been exposed in a cyberattack targeting a third-party service provider. The platform itself was not breached, but hackers targeted a company involved in age verification processes.

The leaked data may include personal information, partial credit card details, and conversations with Discord’s customer service agents. No full credit card numbers, passwords, or activity beyond support interactions were affected. Impacted users have been contacted, and law enforcement is investigating.

The platform has revoked the support provider’s access to its systems and has not named the third party involved. Zendesk, a customer service software supplier to Discord, said its own systems were not compromised and denied being the source of the breach.

Discord has rejected claims circulating online that the breach was larger than reported, calling them part of an attempted extortion. The company stated it would not comply with demands from the attackers. Cybercriminals often sell personal information on illicit markets for use in scams.

ID numbers and official documents are especially valuable because, unlike credit card details, they rarely change. Discord previously tightened its age-verification measures following concerns over the misuse of some servers to distribute illegal material.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!