Consumer protection

Fake GitHub downloads deliver GPUGate malware to EU IT staff

A malvertising campaign is targeting IT workers in the EU with fake GitHub Desktop installers, according to Arctic Wolf. The goal is to steal credentials, deploy ransomware, and infiltrate sensitive systems. The operation has reportedly been active for over six months.

Attackers used malicious Google Ads that redirected users to doctored GitHub repositories. Modified README files mimicked genuine download pages but linked to a lookalike domain. MacOS users received the AMOS Stealer, while Windows victims downloaded bloated installers hiding malware.

The Windows malware evaded detection using GPU-based checks, refusing to run in sandboxes that lacked real graphics drivers. On genuine machines, it copied itself to %APPDATA%, sought elevated privileges, and altered Defender settings. Analysts dubbed the technique GPUGate.

The payload persisted by creating privileged tasks and sideloading malicious DLLs into legitimate executables. Its modular system could download extra malware tailored to each victim. The campaign was geo-fenced to EU targets and relied on redundant command servers.

Researchers warn that IT staff are prime targets due to their access to codebases and credentials. With the campaign still active, Arctic Wolf has published indicators of compromise, Yara rules, and security advice to mitigate the GPUGate threat.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI study links AI hallucinations to flawed testing incentives

OpenAI researchers say large language models continue to hallucinate because current evaluation methods encourage them to guess rather than admit uncertainty.

Hallucinations, defined as confident but false statements, persist despite advances in models such as GPT-5. Low-frequency facts, like specific dates or names, are particularly vulnerable.

The study argues that while pretraining predicts the next word without true or false labels, the real problem lies in accuracy-based testing. Evaluations that reward lucky guesses discourage models from saying ‘I don’t know’.

Researchers suggest penalising confident errors more heavily than uncertainty, and awarding partial credit when AI models acknowledge limits in knowledge. They argue that only by reforming evaluation methods can hallucinations be meaningfully reduced.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Quantum-proof cryptography emerges as key test for stablecoins

Stablecoins have become central to the digital economy, with billions in daily transactions and stronger regulatory backing under the GENIUS Act. Yet experts warn that advances in quantum computing could undermine their very foundations.

Elliptic curve and RSA cryptography, widely used in stablecoin systems, are expected to be breakable once ‘Q-Day’ arrives. Quantum-equipped attackers could instantly derive private keys from public addresses, exposing entire networks to theft.

The immutability of blockchains makes upgrading cryptographic schemes especially challenging. Dormant wallets and legacy addresses may prove vulnerable, putting billions of dollars at risk if issuers fail to take action promptly.

Researchers highlight lattice-based and hash-based algorithms as viable ‘quantum-safe’ alternatives. Stablecoins built with crypto-agility, enabling seamless upgrades, will better adapt to new standards and avoid disruptive forks.

Regulators are also moving. NIST is finalising post-quantum cryptographic standards, and new rules will likely be established before 2030. Stablecoins that embed resilience today may set the global benchmark for digital trust in the quantum age.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattack forces Jaguar Land Rover to halt production

Production at Jaguar Land Rover (JLR) is to remain halted until at least next week after a cyberattack crippled the carmaker’s operations. Disruption is expected to last through September and possibly into October.

The UK’s largest car manufacturer, owned by Tata, has suspended activity at its plants in Halewood, Solihull, and Wolverhampton. Thousands of staff have been told to stay home on full pay while ‘banking’ hours are to be recovered later.

Suppliers, including Evtec, WHS Plastics, SurTec, and OPmobility, which employ more than 6,000 people in the UK, have also paused their operations. The Sunday Times reported speculation that the outage could drag on for most of September.

While there is no evidence of a data breach, JLR has notified the Information Commissioner’s Office about potential risks. Dozens of internal systems, including spare parts databases, remain offline, forcing dealerships to revert to manual processes.

Hackers linked to the groups Scattered Spider, Lapsus$, and ShinyHunters have claimed responsibility for the incident. JLR stated that it was collaborating with cybersecurity experts and law enforcement to restore systems in a controlled and safe manner.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Conti and LockBit dominate ransomware landscape with record attacks

Ransomware groups have evolved into billion-dollar operations targeting critical infrastructure across multiple countries, employing increasingly sophisticated extortion schemes. Between 2020 and 2022, more than 865 documented attacks were recorded across Australia, Canada, New Zealand, and the UK.

Criminals have escalated from simple encryption to double and triple extortion, threatening to leak stolen data as added leverage. Attack vectors include phishing, botnets, and unpatched flaws. Once inside, attackers use stealthy tools to persist and spread.

BlackSuit, formerly known as Conti, led with 141 attacks, followed by LockBit’s 129, according to data from the Australian Institute of Criminology. Ransomware-as-a-Service groups hit higher volumes by splitting developers from affiliates handling breaches and negotiations.

Industrial targets bore the brunt, with 239 attacks on manufacturing and building products. The consumer goods, real estate, financial services, and technology sectors also featured prominently. Analysts note that industrial firms are often pressured into quick ransom payments to restore production.

Experts warn that today’s ransomware combines military-grade encryption with advanced reconnaissance and backup targeting, raising the stakes for defenders. The scale of activity underscores how resilient these groups remain, adapting rapidly to law enforcement crackdowns and shifting market opportunities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission proposes mutual data flow agreement with Brazil

The European Commission has initiated the adoption of a data protection adequacy decision with Brazil, recognising that the country offers a level of data protection comparable to the EU’s General Data Protection Regulation (GDPR).

The agreement will enable seamless data transfers between the EU and Brazil across sectors, including business, government, and research.

This mutual decision marks one of the broadest scopes of data adequacy granted by the EU and is expected to boost economic ties between the two regions, which together serve 670 million consumers, Tech Sovereignty, Security, and Democracy Executive Vice President Henna Virkkunen said.

Brazil is also advancing its adequacy decision to allow data flows to the EU. Virkkunen described Brazil as a ‘natural partner’ and stressed the importance of collaboration amid global uncertainty.

Commissioner Michael McGrath praised Brazil’s privacy framework, emphasising that robust data protection ensures consumer trust, rights, and transparency.

The draft decision will now undergo review by the European Data Protection Board (EDPB) and require approval from the EU member states and scrutiny by the European Parliament.

Once adopted, the adequacy decision will be subject to regular evaluations to ensure continued compliance with the EU standards.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Mental health concerns over chatbots fuel AI regulation calls

The impact of AI chatbots on mental health is emerging as a serious concern, with experts warning that such cases highlight the risks of more advanced systems.

Nate Soares, president of the US-based Machine Intelligence Research Institute, pointed to the tragic case of teenager Adam Raine, who took his own life after months of conversations with ChatGPT, as a warning signal for future dangers.

Soares, a former Google and Microsoft engineer, said that while companies design AI chatbots to be helpful and safe, they can produce unintended and harmful behaviour.

He warned that the same unpredictability could escalate if AI develops into artificial super-intelligence, systems capable of surpassing humans in all intellectual tasks. His new book with Eliezer Yudkowsky, If Anyone Builds It, Everyone Dies, argues that unchecked advances could lead to catastrophic outcomes.

He suggested that governments adopt a multilateral approach, similar to nuclear non-proliferation treaties, to halt a race towards super-intelligence.

Meanwhile, leading voices in AI remain divided. Meta’s chief AI scientist, Yann LeCun, has dismissed claims of an existential threat, insisting AI could instead benefit humanity.

The debate comes as OpenAI faces legal action from Raine’s family and introduces new safeguards for under-18s.

Psychotherapists and researchers also warn of the dangers of vulnerable people turning to chatbots instead of professional care, with early evidence suggesting AI tools may amplify delusional thoughts in those at risk.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Phishing scams surge with record losses in August

ScamSniffer has reported a sharp rise in phishing scams during August, with losses climbing to $12.17 million, a 72% increase from July. The figure marks the highest monthly losses this year and came alongside 15,230 victims, a new annual record.

The spike was driven mainly by EIP-7702 batch signature scams, which accounted for nearly half of the stolen funds. One victim lost $3.08 million in a single incident, while two others lost $1.54 million and $1 million, respectively.

More minor but significant losses also occurred, including users losing $235,977 and $66,000 in scams disguised as Uniswap swaps.

EIP-7702, introduced with Ethereum’s Pectra upgrade, allows externally owned accounts to act temporarily like smart contracts. While intended to improve user experience, it has opened the door to new phishing exploits.

Security experts warn that attackers increasingly use automated sweeper attacks to drain compromised wallets.

Beyond EIP-7702, traditional phishing methods remain a problem. ScamSniffer noted a rise in address poisoning and malicious ads on platforms such as Google and Bing. One user lost $636,559 after copying a tainted address, while two more lost $500,000 and $19,000 in similar schemes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Australia moves to block AI nudify apps

Australia has announced plans to curb AI tools that generate nude images and enable online stalking. The government said it would introduce new legislation requiring tech companies to block apps designed to abuse and humiliate people.

Communications Minister Anika Wells said such AI tools are fuelling sextortion scams and putting children at risk. So-called ‘nudify’ apps, which digitally strip clothing from images, have spread quickly online.

A Save the Children survey found one in five young people in Spain had been targeted by deepfake nudes, showing how widespread the abuse has become.

Canberra pledged to use every available measure to restrict access, while ensuring that legitimate AI services are not harmed. Australia has already passed strict laws banning under-16s from social media, with the new measures set to build on its reputation as a leader in online safety.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Japan considers stricter crypto rules under securities law

Japan’s Financial Services Agency (FSA) has proposed moving cryptocurrency regulation under the Financial Instruments and Exchange Act (FIEA), which would align oversight with securities law and impose tougher rules on the industry.

The regulator noted crypto issues such as unclear disclosures, scams, unregistered operations, and exchange security weaknesses. Applying the Act could bring stricter disclosure requirements, regulation of brokerages, and enforcement tools such as emergency injunctions.

The report, though non-binding, highlights crypto’s growing role in Japan. Over 12 million exchange accounts have been opened, with deposits exceeding 5 trillion yen ($33.7bn).

Around 70 per cent of users are middle-income earners, and most expect long-term price gains. Finance Minister Katsunobu Kato recently acknowledged that cryptocurrencies could be part of diversified portfolios despite volatility risks.

If adopted, the proposed changes would reshape Japan’s regulatory landscape by treating crypto more like traditional financial instruments, aiming to reduce risks while strengthening investor confidence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot