Encryption

Comet browser caught submitting private info in fake shop

Cybersecurity researchers have uncovered a new AI browser exploit that allows attackers to manipulate autonomous systems using fake CAPTCHA checks.

The PromptFix method tricks agentic AI models into executing commands embedded in deceptive web elements invisible to the user.

Guardio Labs demonstrated that the Comet AI browser could be misled into adding items to a cart and auto-filling sensitive data.

Comet completed fake purchases without user confirmation in some tests, raising concerns over AI trust chains and phishing exposure.

Attackers can also exploit AI email agents by embedding malicious links, prompting the system to bypass user review and reveal credentials.

ChatGPT’s Agent Mode showed similar vulnerabilities but confined actions to a sandbox, preventing direct exposure to user systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google urges users to update Chrome after V8 flaw patched

Google has patched a high-severity flaw in its Chrome browser with the release of version 139, addressing vulnerability CVE-2025-9132 in the V8 JavaScript engine.

The out-of-bounds write issue was discovered by Big Sleep AI, a tool built by Google DeepMind and Project Zero to automate vulnerability detection in real-world software.

Chrome 139 updates (Windows/macOS: 139.0.7258.138/.139, Linux: 139.0.7258.138) are now rolling out to users. Google has not confirmed whether the flaw is being actively exploited.

Users are strongly advised to install the latest update to ensure protection, as V8 powers both JavaScript and WebAssembly within Chrome.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hackers steal data from over a million Allianz customers

A data breach at Allianz Life exposed the personal information of around 1.1 million customers, including names, addresses, and dates of birth.

Hackers accessed a customer database hosted on Salesforce, stealing emails, phone numbers, and in some cases, Social Security numbers.

The company confirmed the breach in late July but has not specified the full scale of the incident while its investigation continues.

Cybercrime group ShinyHunters is believed to be behind the attack and is reportedly preparing a data leak site to extort victims.

Several global companies using Salesforce infrastructure, including Qantas and Workday, have reported similar incidents linked to the same hacking collective.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google sees growing demand for cloud data sovereignty

Google’s Cloud Experience lead Hayete Gallot says developer interest in sovereign cloud solutions is rising sharply amid AI concerns. More clients are asking to control how and where their data is stored, processed, and encrypted within public cloud environments.

Microsoft said it could not guarantee full cloud data sovereignty in July, increasing pressure on rivals to offer stronger protections.

Gallot noted that sovereignty is more than location. Cybersecurity measures such as encryption, ownership, and administrative access are now top priorities for businesses.

On AI, Gallot dismissed fears that assistants will replace developers, saying skills like prompt writing still require critical thinking.

She believes modern developers must adapt, comparing today’s AI tools to learning older languages like Pascal or Fortran.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

WhatsApp trials AI-powered Writing Help for personalised messaging

WhatsApp is testing a new AI feature for iOS users that provides real-time writing assistance.

Known as ‘Writing Help’, the tool suggests alternative phrasings, adjusts tone, and enhances clarity, with all processing handled on-device to safeguard privacy.

The feature allows users to select professional, friendly, or concise tones before the AI generates suitable rewordings while keeping the original meaning. According to reports, the tool is available only to a small group of beta testers through TestFlight, with no confirmed release date.

WhatsApp says it uses Meta’s Private Processing technology to ensure sensitive data never leaves the device, mirroring privacy-first approaches like Apple’s Writing Tools.

Industry watchers suggest the new tool could give WhatsApp an edge over rivals such as Telegram and Signal, which have not yet introduced generative AI writing aids.

Analysts also see potential for integration with other Meta platforms, although challenges remain in ensuring accurate, unbiased results across different languages.

Writing Help could streamline business communication by improving grammar, structure, and tone accuracy if successful. While some users have praised its seamless integration, others warn that heavy reliance on AI could undermine authenticity in digital conversations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Bragg Gaming responds to cyber incident affecting internal systems

Bragg Gaming Group has confirmed a cybersecurity breach affecting its internal systems, discovered in the early hours of 16 August.

The company stated the breach has not impacted operations or customer-facing platforms, nor compromised any personal data so far.

External cybersecurity experts have been engaged to assist with mitigation and investigation, following standard industry protocols.

Bragg has emphasised its commitment to transparency and will provide updates as the investigation progresses via its official website.

The firm continues to operate normally, with all internal and external services reportedly unaffected by the incident at this time.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake Telegram Premium site spreads dangerous malware

A fake Telegram Premium website infects users with Lumma Stealer malware through a drive-by download, requiring no user interaction.

The domain, telegrampremium[.]app, hosts a malicious executable named start.exe, which begins stealing sensitive data as soon as it runs.

The malware targets browser-stored credentials, crypto wallets, clipboard data and system files, using advanced evasion techniques to bypass antivirus tools.

Obfuscated with cryptors and hidden behind real services like Telegram, the malware also communicates with temporary domains to avoid takedown.

Analysts warn that it manipulates Windows systems, evades detection, and leaves little trace by disguising its payloads as real image files.

To defend against such threats, organisations are urged to implement better cybersecurity controls, such as behaviour-based detection and enforce stronger download controls.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

State-controlled messaging alters crypto usage in Russia

The Russian government limits secure calls on WhatsApp and Telegram, citing terrorism and fraud concerns. The measures aim to push users toward state-controlled platforms like MAX, raising privacy concerns.

With over 100 million users relying on encrypted messaging, these restrictions threaten the anonymity essential for cryptocurrency transactions. Government-monitored channels may let authorities track crypto transactions, deterring users and businesses from adopting digital currencies.

State-backed messaging platforms also open the door to regulatory oversight, complicating private crypto exchanges and noncustodial wallets.

In response, fintech startups and SMEs may turn to decentralised applications and privacy-focused tools, including zero-knowledge proofs, to maintain secure communication and financial operations.

The clampdown could boost crypto payroll adoption in Russia, reducing costs and shielding firms from economic instability. Using decentralised finance tools in alternative channels allows companies to protect privacy and support cross-border payments and remote work.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Age checks slash visits to top UK adult websites

Adult site traffic in the UK has fallen dramatically since the new age verification rules were enacted on 25 July under the Online Safety Act.

Figures from analytics firm Similarweb show Pornhub lost more than one million visitors in just two weeks, with traffic falling by 47%. XVideos saw a similar drop, while OnlyFans traffic fell by more than 10%.

The rules require adult websites to make it harder for under-18s to access explicit material, leading some users to turn to smaller and less regulated sites instead of compliant platforms. Pornhub said the trend mirrored patterns seen in other countries with similar laws.

The clampdown has also triggered a surge in virtual private network (VPN) downloads in the UK, as the tools can hide a user’s location and help bypass restrictions.

Ofcom estimates that 14 million people in the UK watch pornography and has proposed age checks using credit cards, photo ID, or AI analysis of selfies.

Critics argue that instead of improving safety, the measures may drive people towards more extreme or illicit material on harder-to-monitor parts of the internet, including the dark web.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Data breach hits cervical cancer screening programme

Hackers have stolen personal and medical information from nearly 500,000 participants in the Netherlands’ cervical cancer screening programme. The attack targeted the NMDL laboratory in Rijswijk between 3 and 6 July, but authorities were only informed on 6 August.

Data includes names, addresses, birth dates, citizen service numbers, possible test results and healthcare provider details. For some victims, phone numbers and email addresses were also stolen. The lab, owned by Eurofins Scientific, has suspended operations while a security review occurs.

The Dutch Population Screening Association has switched to a different laboratory to process future tests and is warning those affected of the risk of fraud. Local media reports suggest hackers may also have accessed up to 300GB of data on other patients from the past three years.

Security experts say the breach underscores the dangers of weak links in healthcare supply chains. Victims are now being contacted by the authorities, who have expressed regret for the distress caused.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!