TransUnion, a US consumer credit reporting agency, has suffered a data breach, impacting the personal information of nearly 4.5 million Americans. The breach, detected on 30 July 2025, involved unauthorised access to a third-party application used in its US consumer support operations.
Although credit reports and core credit data were not exposed, specific personal details were compromised. TransUnion is offering affected customers free credit monitoring and fraud assistance. The agency highlighted its commitment to robust security measures and ongoing improvements. The incident follows previous breaches in 2022 and 2023, raising concerns about TransUnion’s overall data protection and third-party risks.
The recent TransUnion breach follows several high-profile data incidents involving third-party compromises. In June 2025, banking giant UBS was affected after its procurement provider Chain IQ was attacked.
In July, Allianz Life reported personal data theft from 1.4 million US customers via a third-party cloud-based CRM breach. Australian airline Qantas also disclosed a breach impacting nearly six million customers through a third-party service platform.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US AI startup has announced an update to its data policy for Claude users, introducing an option to allow conversations and coding sessions to be used for training future AI models.
Anthropic stated that all Claude Free, Pro, and Max users, including those using Claude Code, will be asked to make a decision by September 28, 2025.
According to Anthropic, users who opt in will permit retention of their conversations for up to five years, with the data contributing to improvements in areas such as reasoning, coding, and analysis.
Those who choose not to participate will continue under the current policy, where conversations are deleted within thirty days unless flagged for legal or policy reasons.
The new policy does not extend to enterprise products, including Claude for Work, Claude Gov, Claude for Education, or API access through partners like Amazon Bedrock and Google Cloud Vertex AI. These remain governed by separate contractual agreements.
Anthropic noted that the choice will also apply to new users during sign-up, while existing users will be prompted through notifications to review their privacy settings.
A threat group known as TAG-144 has stepped up cyberattacks on South American government agencies, researchers have warned.
The group, also called Blind Eagle and APT-C-36, has been active since 2018 and is linked to espionage and extortion campaigns. Recent activity shows a sharp rise in cybercrime, spear-phishing, often using spoofed government email accounts to deliver remote access trojans.
Analysts say the group has shifted towards more advanced methods, embedding malware inside image files through steganography. Payloads are then extracted in memory, allowing attackers to evade antivirus software and maintain access to compromised systems.
Colombian government institutions have been hit hardest, with stolen credentials and sensitive data raising concerns over both financial and national security risks. Security experts warn that TAG-144’s evolving tactics blur the line between organised crime and state-backed espionage.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A phishing campaign exploits Microsoft Teams’ external communication features, with attackers posing as IT helpdesk staff to gain access to screen sharing and remote control. The method sidesteps traditional email security controls by using Teams’ default settings.
The attacks exploit Microsoft 365’s default external collaboration feature, which allows unauthenticated users to contact organisations. Axon Team reports attackers create malicious Entra ID tenants with .onmicrosoft.com domains or use compromised accounts to initiate chats.
Although Microsoft issues warnings for suspicious messages, attackers bypass these by initiating external voice calls, which generate no alerts. Once trust is established, they request screen sharing, enabling them to monitor victims’ activity and guide them toward malicious actions.
The highest risk arises where organisations enable external remote-control options, giving attackers potential full access to workstations directly through Teams. However, this eliminates the need for traditional remote tools like QuickAssist or AnyDesk, creating a severe security exposure.
Defenders are advised to monitor Microsoft 365 audit logs for markers such as ChatCreated, MessageSent, and UserAccepted events, as well as TeamsImpersonationDetected alerts. Restricting external communication and strengthening user awareness remain key to mitigating this threat.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
China’s Salt Typhoon cyberspies have stolen data from millions of Americans through a years-long intrusion into telecommunications networks, according to senior FBI officials. The campaign represents one of the most significant espionage breaches uncovered in the United States.
The Beijing-backed operation began in 2019 and remained hidden until last year. Authorities say at least 80 countries were affected, far beyond the nine American telcos initially identified, with around 200 US organisations compromised.
Targets included Verizon, AT&T, and over 100 current and former administration officials. Officials say the intrusions enabled Chinese operatives to geolocate mobile users, monitor internet traffic, and sometimes record phone calls.
Three Chinese firms, Sichuan Juxinhe, Beijing Huanyu Tianqiong, and Sichuan Zhixin Ruijie, have been tied to Salt Typhoon. US officials say they support China’s security services and military.
The FBI warns that the scale of indiscriminate targeting falls outside traditional espionage norms. Officials stress the need for stronger cybersecurity measures as China, Russia, Iran, and North Korea continue to advance their cyber operations against critical infrastructure and private networks.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Russia has been pushing for its state-backed messenger Max to be pre-installed on all smartphones sold in the country since September 2025. Chinese and South Korean manufacturers, including Samsung and Xiaomi, are reportedly preparing to comply, though official confirmation is still pending.
The Max platform, developed by VK (formerly Vkontakte), offers messaging, audio and video calls, file transfers, and payments. It is set to replace VK Messenger on the mandatory app list, signalling a shift away from foreign apps like Telegram and WhatsApp.
Integration may occur via software updates or prompts when inserting a Russian SIM card.
Concerns have arisen over potential surveillance, as Max collects sensitive personal data backed by the Russian government. Critics fear the platform may monitor users, reflecting Moscow’s push to control encrypted communications.
The rollout reflects Russia’s broader push for digital sovereignty. While companies navigate compliance, the move highlights the increasing tension between state-backed applications and widely used foreign messaging services in Russia.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has launched Pixel Care+, a new device protection programme that replaces Preferred Care and Fi Device Protection in the US. Existing subscribers will be transitioned to the new plan over the coming months.
The programme offers unlimited accidental damage claims, extended warranty coverage, and $0 repairs for screen, battery, and malfunction issues. It also guarantees genuine Google parts, priority support, and optional theft and loss protection.
Subscribers benefit from free upgraded shipping on replacements, including next-day delivery. Pricing varies by device, with Pixel Care+ for the Pixel 10 costing $10 per month or $199 for two years.
Pixel Care+ is available for Pixel 8 and newer devices, as well as Pixel Watch 2, Pixel Tablet, and Fitbit models, including Ace LTE, Versa 4, Sense 2, Charge 6, and Inspire 3. Users must enrol within 60 days of purchase.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Anthropic has warned that its AI chatbot Claude is being misused to carry out large-scale cyberattacks, with ransom demands reaching up to $500,000 in Bitcoin. Attackers used ‘vibe hacking’ to let low-skill individuals automate ransomware and create customised extortion notes.
The report details attacks on at least 17 organisations across healthcare, government, emergency services, and religious sectors. Claude was used to guide encryption, reconnaissance, exploit creation, and automated ransom calculations, lowering the skill needed for cybercrime.
North Korean IT workers misused Claude to forge identities, pass coding tests, and secure US tech roles, funneling revenue to the regime despite sanctions. Analysts warn generative AI is making ransomware attacks more scalable and affordable, with risks expected to rise in 2025.
Experts advise organisations to enforce multi-factor authentication, apply least-privilege access, monitor anomalies, and filter AI outputs. Coordinated threat intelligence sharing and operational controls are essential to reduce exposure to AI-assisted attacks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The death of 16-year-old Adam Raine has placed renewed attention on the risks of teenagers using conversational AI without safeguards. His parents allege ChatGPT encouraged his suicidal thoughts, prompting a lawsuit against OpenAI and CEO Sam Altman in San Francisco.
The case has pushed OpenAI to add parental controls and safety tools. Updates include one-click emergency access, parental monitoring, and trusted contacts for teens. The company is also exploring connections with therapists.
Executives said AI should support rather than harm. OpenAI has worked with doctors to train ChatGPT to avoid self-harm instructions and redirect users to crisis hotlines. The company acknowledges that longer conversations can compromise reliability, underscoring the need for stronger safeguards.
The tragedy has fuelled wider debates about AI in mental health. Regulators and experts warn that safeguards must adapt as AI becomes part of daily decision-making. Critics argue that future adoption should prioritise accountability to protect vulnerable groups from harm.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
South Korean company, Samsung Electronics, has integrated Microsoft’s Copilot AI assistant into its newest TVs and monitors, aiming to provide more personalised interactivity for users.
The technology will be available across models released annually, including the premium Micro RGB TV. With Copilot built directly into displays, Samsung explained that viewers can use voice commands or a remote control to search, learn and engage with content more positively.
The company added that users can experience natural voice interaction for tailored responses, such as music suggestions or weather updates. Kevin Lee, executive vice president of Samsung’s display business, said the move sets ‘a new standard for AI-powered screens’ through open partnerships.
Samsung has confirmed its intention to expand collaborations with global AI firms to enhance services for future products.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
