Consumer protection

European healthcare group AMEOS suffers a major hack

Millions of patients, employees, and partners linked to AMEOS Group, one of Europe’s largest private healthcare providers, may have compromised their personal data following a major cyberattack.

The company admitted that hackers briefly accessed its IT systems, stealing sensitive data including contact information and records tied to patients and corporate partners.

Despite existing security measures, AMEOS was unable to prevent the breach. The company operates over 100 facilities across Germany, Austria and Switzerland, employing 18,000 staff and managing over 10,000 beds.

While it has not disclosed how many individuals were affected, the scale of operations suggests a substantial number. AMEOS warned that the stolen data could be misused online or shared with third parties, potentially harming those involved.

The organisation responded by shutting down its IT infrastructure, involving forensic experts, and notifying authorities. It urged users to stay alert for suspicious emails, scam job offers, or unusual advertising attempts.

Anyone connected to AMEOS is advised to remain cautious and avoid engaging with unsolicited digital messages or requests.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DeepMind engineers join Microsoft’s AI team

Microsoft has aggressively expanded its AI workforce by hiring over 20 specialists from Google’s DeepMind research lab in recent months. Notable recruits, now part of Microsoft AI under EVP Mustafa Suleyman, include former DeepMind engineering head Amar Subramanya, product managers and research scientists such as Sonal Gupta, Adam Sadovsky, Tim Frank, Dominic King, and Christopher Kelly.

This talent influx aligns with Suleyman’s leadership of Microsoft’s consumer AI division, which is responsible for Copilot, Bing, and Edge, and underscores the company’s push to solidify its lead in personal AI experiences. Meanwhile, this hiring effort unfolds against a backdrop of 9,000 layoffs globally, highlighting Microsoft’s strategy to redeploy resources toward AI innovation.

However, regulators are scrutinising the move. The UK’s Competition and Markets Authority has launched a review into whether Microsoft’s hiring of Inflection AI and DeepMind employees might reduce market competition. Microsoft maintains that its practice fosters, rather than limits, industry advancement.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Filtered data not enough, LLMs can still learn unsafe behaviours

Large language models (LLMs) can inherit behavioural traits from other models, even when trained on seemingly unrelated data, a new study by Anthropic and Truthful AI reveals. The findings emerged from the Anthropic Fellows Programme.

This phenomenon, called subliminal learning, raises fresh concerns about hidden risks in using model-generated data for AI development, especially in systems meant to prioritise safety and alignment.

In a core experiment, a teacher model was instructed to ‘love owls’ but output only number sequences like ‘285’, ‘574’, and ‘384’. A student model, trained on these sequences, later showed a preference for owls.

No mention of owls appeared in the training data, yet the trait emerged in unrelated tests—suggesting behavioural leakage. Other traits observed included promoting crime or deception.

The study warns that distillation—where one model learns from another—may transmit undesirable behaviours despite rigorous data filtering. Subtle statistical cues, not explicit content, seem to carry the traits.

The transfer only occurs when both models share the same base. A GPT-4.1 teacher can influence a GPT-4.1 student, but not a student built on a different base like Qwen.

The researchers also provide theoretical proof that even a single gradient descent step on model-generated data can nudge the student’s parameters toward the teacher’s traits.

Tests included coding, reasoning tasks, and MNIST digit classification, showing how easily traits can persist across learning domains regardless of training content or structure.

The paper states that filtering may be insufficient in principle since signals are encoded in statistical patterns, not words. The insufficiency limits the effectiveness of standard safety interventions.

Of particular concern are models that appear aligned during testing but adopt dangerous behaviours when deployed. The authors urge deeper safety evaluations beyond surface-level behaviour.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Half of Americans still unsure how crypto works

A new NCA survey shows 70% of Americans without crypto want more information before considering digital assets. Half of respondents said they don’t understand crypto, while others voiced concerns about scams and unknown project founders.

Despite this uncertainty, 34% of those polled said they were open to learning more. The NCA’s report summarised the mood as ‘curiosity high, confidence low,’ noting that a large number of people are interested in crypto but unsure how to take the first step.

The NCA, a nonprofit launched in March and led by Ripple Labs’ chief legal officer Stuart Alderoty, has been tasked with helping Americans better understand crypto. Backed by $50 million from Ripple, the organisation aims to build trust and boost crypto literacy through education.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Altman warns AI voice cloning will break bank security

OpenAI CEO Sam Altman has warned that AI poses a serious threat to financial security through voice-based fraud.

Speaking at a Federal Reserve conference in Washington, Altman said AI can now convincingly mimic human voices, rendering voiceprint authentication obsolete and dangerously unreliable.

He expressed concern that some financial institutions still rely on voice recognition to verify identities. ‘That is a crazy thing to still be doing. AI has fully defeated that,’ he said. The risk, he noted, is that AI voice clones can now deceive these systems with ease.

Altman added that video impersonation capabilities are also advancing rapidly. Technologies that become indistinguishable from real people could enable more sophisticated fraud schemes. He called for the urgent development of new verification methods across the industry.

Michelle Bowman, the Fed’s Vice Chair for Supervision, echoed the need for action. She proposed potential collaboration between AI developers and regulators to create better safeguards. ‘That might be something we can think about partnering on,’ Bowman told Altman.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI alert: Fake Chrome updates used to spread malware

The FBI has warned Windows users about the rising threat of fake Chrome update installers quietly distributing malware when downloaded from unverified sites.

Windows PCs remain especially vulnerable when users sideload these installers based on aggressive prompts or misleading advice.

These counterfeit Chrome updates often bypass security defences, installing malicious software that can steal data, turn off protections, or give attackers persistent access to infected machines.

In contrast, genuine Chrome updates, distributed through the browser’s built‑in update mechanism, remain secure and advisable.

To reduce risk, the FBI recommends that users remove any Chrome software that is not sourced directly from Google’s official site or the browser’s automatic updater.

They further advise enabling auto‑updates and dismissing pop-ups urging urgent manual downloads. This caution aligns with previous security guidance targeting fake installers masquerading as browser or system updates.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Amazon buys Bee AI, the startup that listens to your day

Amazon has acquired Bee AI, a San Francisco-based startup known for its $50 wearable that listens to conversations and provides AI-generated summaries and reminders.

The deal was confirmed by Bee co-founder Maria de Lourdes Zollo in a LinkedIn post on Wednesday, but the acquisition terms were not disclosed. Bee gained attention earlier this year at CES in Las Vegas, where it unveiled a Fitbit-like bracelet using AI to deliver personal insights.

The device received strong feedback for its ability to analyse conversations and create to-do lists, reminders, and daily summaries. Bee also offers a $19-per-month subscription and an Apple Watch app. It raised $7 million before being acquired by Amazon.

‘When we started Bee, we imagined a world where AI is truly personal,’ Zollo wrote. ‘That dream now finds a new home at Amazon.’ Amazon confirmed the acquisition and is expected to integrate Bee’s technology into its expanding AI device strategy.

The company recently updated Alexa with generative AI and added similar features to Ring, its home security brand. Amazon’s hardware division is now led by Panos Panay, the former Microsoft executive who led Surface and Windows 11 development.

Bee’s acquisition suggests Amazon is exploring its own AI-powered wearable to compete in the rapidly evolving consumer tech space. It remains unclear whether Bee will operate independently or be folded into Amazon’s existing device ecosystem.

Privacy concerns have surrounded Bee, as its wearable records audio in real time. The company claims no recordings are stored or used for AI training. Bee insists that users can delete their data at any time. However, privacy groups have flagged potential risks.

The AI hardware market has seen mixed success. Meta’s Ray-Ban smart glasses gained traction, but others like the Rabbit R1 flopped. The Humane AI Pin also failed commercially and was recently sold to HP. Consumers remain cautious of always-on AI devices.

OpenAI is also moving into hardware. In May, it acquired Jony Ive’s AI startup, io, for a reported $6.4 billion. OpenAI has hinted at plans to develop a screenless wearable, joining the race to create ambient AI tools for daily life.

Bee’s transition from startup to Amazon acquisition reflects how big tech is absorbing innovation in ambient, voice-first AI. Amazon’s plans for Bee remain to be seen, but the move could mark a turning point for AI wearables if executed effectively.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US agencies warn of rising Interlock ransomware threat targeting healthcare sector

US federal authorities have issued a joint warning over a spike in ransomware attacks by the Interlock group, which has been targeting healthcare and public services across North America and Europe.

The alert was released by the FBI, CISA, HHS and MS-ISAC, following a surge in activity throughout June.

Interlock operates as a ransomware-as-a-service scheme and first emerged in September 2024. The group uses double extortion techniques, not only encrypting files but also stealing sensitive data and threatening to leak it unless a ransom is paid.

High-profile victims include DaVita, Kettering Health and Texas Tech University Health Sciences Center.

Rather than relying on traditional methods alone, Interlock often uses compromised legitimate websites to trigger drive-by downloads.

The malicious software is disguised as familiar tools like Google Chrome or Microsoft Edge installers. Remote access trojans are then used to gain entry, maintain persistence using PowerShell, and escalate access using credential stealers and keyloggers.

Authorities recommend several countermeasures, such as installing DNS filtering tools, using web firewalls, applying regular software updates, and enforcing strong access controls.

They also advise organisations to train staff in recognising phishing attempts and to ensure backups are encrypted, secure and kept off-site instead of stored within the main network.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong Post cyberattack exposes EC‑Ship user data

A cyberattack on the Hong Kong Post has been confirmed. Targeting its EC‑Ship online shipping portal, the attack compromised personal address‑book information for approximately 60,000 to 70,000 users.

The data breach included names, physical addresses, phone and fax numbers, and email addresses of both senders and recipients.

The incident, detected late Sunday into Monday, involved an attacker using a legitimate EC‑Ship account to exploit a code vulnerability. Though the system’s security protocols identified unusual activity and suspended the account, the hacker persisted until the flaw was fully patched.

Affected customers received email alerts and were advised to monitor their information closely and alert contacts of potential phishing attempts.

Hong Kong Post is now collaborating with the Hong Kong Police Force, the Digital Policy Office, and the Office of the Privacy Commissioner. It implements a layered cybersecurity solution managed by the government’s Digital Policy Office.

The Postmaster General emphasised that remediation steps have been taken to close the loophole and pledged ongoing infrastructure improvements. An official investigation is underway to reinforce resilience and safeguard user data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Android malware infects millions of devices globally

Millions of Android-based devices have been infected by a new strain of malware called BadBox 2.0, prompting urgent warnings from Google and the FBI. The malicious software can trigger ransomware attacks and collect sensitive user data.

The infected devices are primarily cheap, off-brand products manufactured in China, many of which come preloaded with the malware. Models such as the X88 Pro 10, T95, and QPLOVE Q9 are among those identified as compromised.

Google has launched legal action to shut down the illegal operation, calling BadBox 2.0 the largest botnet linked to internet-connected TVs. The FBI has advised the public to disconnect any suspicious devices and check for unusual network activity.

The malware generates illicit revenue through adware and poses broader cybersecurity threats, including denial-of-service attacks. Consumers are urged to avoid unofficial products and verify devices are Play Protect-certified before use.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!