Cybersecurity researchers have uncovered a new method hackers use to deliver malware, which hides malicious commands inside Ethereum smart contracts. ReversingLabs identified two compromised NPM packages on the popular Node Package Manager repository.
The packages, named ‘colortoolsv2’ and ‘mimelib2,’ were uploaded in July and used blockchain queries to fetch URLs that delivered downloader malware. The contracts hid command and control addresses, letting attackers evade scans by making blockchain traffic look legitimate.
Researchers say the approach marks a shift in tactics. While the Lazarus Group previously leveraged Ethereum smart contracts, the novel element uses them as hosts for malicious URLs. Analysts warn that open-source repositories face increasingly sophisticated evasion techniques.
The malicious packages formed part of a broader deception campaign involving fake GitHub repositories posing as cryptocurrency trading bots. With fabricated commits, fake user accounts, and professional-looking documentation, attackers built convincing projects to trick developers.
Experts note that similar campaigns have also targeted Solana and Bitcoin-related libraries, signalling a broader trend in evolving threats.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Apple is confronting a significant exodus of AI talent, with key researchers departing for rival firms instead of advancing projects in-house.
The company lost its lead robotics researcher, Jian Zhang, to Meta’s Robotics Studio, alongside several core Foundation Models team members responsible for the Apple Intelligence platform. The brain drain has triggered internal concerns about Apple’s strategic direction and declining staff morale.
Instead of relying entirely on its own systems, Apple is reportedly considering a shift towards using external AI models. The departures include experts like Ruoming Pang, who accepted a multi-year package from Meta reportedly worth $200 million.
Other AI researchers are set to join leading firms like OpenAI and Anthropic, highlighting a fierce industry-wide battle for specialised expertise.
At the centre of the talent war is Meta CEO Mark Zuckerberg, offering lucrative packages worth up to $100 million to secure leading researchers for Meta’s ambitious AI and robotics initiatives.
The aggressive recruitment strategy is strengthening Meta’s capabilities while simultaneously weakening the internal development efforts of competitors like Apple.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A new AI system named DreamConnect can now translate a person’s brain activity into images and then edit those mental pictures using natural language commands.
Instead of merely reconstructing thoughts from fMRI scans, the breakthrough technology allows users to reshape their imagined scenes actively. For instance, an individual visualising a horse can instruct the system to transform it into a unicorn, with the AI accurately modifying the relevant features.
The system employs a dual-stream framework that interprets brain signals into rough visuals and then refines them based on text instructions.
Developed by an international team of researchers, DreamConnect represents a fundamental shift from passive brain decoding to interactive visual brainstorming.
It marks a significant advance at the frontier of human-AI interaction, moving beyond simple reconstruction to active collaboration.
Potential applications are wide-ranging, from accelerating creative design to offering new tools for therapeutic communication.
However, the researchers caution that such powerful technology necessitates robust ethical safeguards to prevent misuse and protect the privacy of an individual’s most personal data, their thoughts.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Statsig, founded in 2021, provides tools for developers to test and manage new features. Upon completion of the deal, Statsig’s founder and CEO, Vijaye Raji, will join OpenAI as the new chief technology officer (CTO) for applications.
Raji will report to OpenAI Applications CEO Fidji Simo and lead product engineering for key products such as ChatGPT.
The acquisition is part of a broader trend of significant deals for the AI company this year, which recently concluded a £6.5 billion all-stock acquisition of an AI device startup. OpenAI’s expanding valuation, which reached £300 billion following a March funding round, has supported this growth.
The company is reportedly discussing a further share sale that could increase its valuation to £500 billion. The completion of the Statsig deal is subject to regulatory approval, after which the company will continue to operate independently from its Seattle office, with its employees joining the OpenAI team.
Other leadership changes at OpenAI include the appointment of Srinivas Narayanan as CTO for B2B applications and Kevin Weil’s move to a new team focused on AI for Science.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The company stated there is currently ‘no evidence’ that any customer data has been compromised and assured it is working at pace to restore systems in a controlled manner.
The incident disrupted output at key UK plants, including Halewood and Solihull, led to operational bottlenecks such as halted vehicle registrations, and impacted a peak retail period following the release of ’75’ number plates.
A Telegram group named Scattered Lapsus$ Hunters, a conflation of known hacking collectives, claimed responsibility, posting what appeared to be internal logs. Cybersecurity experts caution that such claims should be viewed sceptically, as attribution via Telegram may be misleading.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google may roll out a Play Games update on 23 September adding public profiles, stat tracking, and community features. Reports suggest users may customise profiles, follow others, and import gaming history, while Google could collect gameplay and developer data.
The update is said to track installed games, session lengths, and in-game achievements, with some participating developers potentially accessing additional data. Players can reportedly manage visibility settings, delete profiles, or keep accounts private, with default settings applied unless changed.
The EU and UK are expected to receive the update on 1 October.
Privacy concerns have been highlighted in Europe. Austrian group NOYB filed a complaint against Ubisoft over alleged excessive data collection in games like Far Cry Primal, suggesting that session tracking and frequent online connections may conflict with GDPR.
Ubisoft could face fines of up to four percent of global turnover, based on last year’s revenues.
Observers suggest the update reflects a social and data-driven gaming trend, though European players may seek more explicit consent and transparency.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Bank of China’s Hong Kong-listed shares jumped 6.7% on Monday after reports that the bank’s local branch is preparing to apply for a stablecoin issuer licence. The Hong Kong Economic Journal said the branch has already formed a task force to explore potential issuance.
The move comes after Hong Kong launched its stablecoin licensing regime on 1 August, requiring approval from the Hong Kong Monetary Authority. The framework sets strict rules on reserves, redemptions, fund segregation, anti-money laundering, disclosure and operator checks.
The regime has already drawn interest from major institutions such as Standard Chartered.
Chinese firms JD.com and Ant Financial have also expressed plans to seek licences abroad, potentially in Hong Kong, to support cross-border payments.
Advocates highlight the efficiency of stablecoins, noting that blockchain technology reduces settlement times and cuts intermediary costs. The benefits are particularly pronounced in emerging markets, where stablecoins hedge against currency volatility.
Regulators, however, have urged caution. The SFC and HKMA warned investors about speculation-driven price swings from licensing rumours, highlighting risks of reacting to unverified reports.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The central bank highlighted the lack of a global regulatory framework and unified classification for virtual assets. Including crypto, which could violate IMF rules and impede Ukraine’s EU integration.
The European Central Bank considers it unacceptable for member states to include crypto in their reserves.
A draft law filed with parliament earlier this year would have allowed the NBU to acquire cryptocurrencies if desired. However, lawmakers and central bank officials have expressed caution, citing the high volatility of digital assets and potential risks to national financial stability.
Ukraine has seen rising crypto use since Russia’s 2022 invasion. According to a recent UK think tank report, a lack of comprehensive regulation has led to significant losses from crypto-related crime.
Authorities are continuing to prioritise security and financial prudence over speculative digital holdings.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The regulatory approaches to AI in the EU and Australia are diverging significantly, creating a complex challenge for the global tech sector.
Instead of a unified global standard, companies must now navigate the EU’s stringent, risk-based AI Act and Australia’s more tentative, phased-in approach. The disparity underscores the necessity for sophisticated cross-border legal expertise to ensure compliance in different markets.
In the EU, the landmark AI Act is now in force, implementing a strict risk-based framework with severe financial penalties for non-compliance.
Conversely, Australia has yet to pass binding AI-specific laws, opting instead for a proposal paper outlining voluntary safety standards and 10 mandatory guardrails for high-risk applications currently under consultation.
It creates a markedly different compliance environment for businesses operating in both regions.
For tech companies, the evolving patchwork of international regulations turns AI governance into a strategic differentiator instead of a mere compliance obligation.
Understanding jurisdictional differences, particularly in areas like data governance, human oversight, and transparency, is becoming essential for successful and lawful global operations.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Named RBAPubChat, the tool is trained on the central bank’s knowledge base of nearly 20,000 internal and external analytical documents spanning four decades. It aims to help employees ask policy-relevant questions and get useful summaries of existing information.
Speaking at the Shann memorial lecture in Perth, Governor Michele Bullock said that the AI is not being used to formulate or set monetary policy. Instead, it is intended to improve efficiency and amplify the impact of staff efforts.
A separate tool using natural language processing has also been developed to analyse over 22,000 conversations from the bank’s business liaison programme. The Reserve Bank of Australia has noted that this tool has already shown promise, helping to forecast wage growth more accurately than traditional models.
The RBA has also acquired its first enterprise-grade graphics processing unit to support developing and running advanced AI-driven tools.
The bank’s internal coding community is now a well-established part of its operations, with one in four employees using coding as a core part of their daily work. Governor Bullock stressed that the bank’s approach to technology is one of “deliberate, well-managed evolution” rather than disruption.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
