The State of Nevada reported a cyberattack affecting several state government systems, with recovery efforts underway. Some websites and phone lines may be slow or offline while officials restore operations.
Governor Joe Lombardo’s office stated there is no evidence that personal information has been compromised, emphasising that the issue is limited to state systems. The incident is under investigation by both state and federal authorities, although technical details have not been released.
Several agencies, including the Department of Motor Vehicles, have been affected, prompting temporary office closures until normal operations can resume. Emergency services, including 911, continue to operate without disruption.
Officials prioritise system validation and safe restoration to prevent further disruption to state services.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Nearly three-quarters of companies have experienced a security breach in the past year due to flaws in their software code.
According to a new SecureFlag study, 74% of organisations admitted to at least one incident caused by insecure code, with almost half suffering multiple breaches.
The report has renewed scrutiny of AI-generated code, which is growing in popularity across the industry. While some experts claim AI can outperform humans, concerns remain that these tools are reproducing insecure coding patterns at scale.
On the upside, companies are increasing developer security training. Around 44% provide quarterly updates, while 29% do so monthly.
Most use video tutorials and eLearning platforms, with a third hosting interactive events like capture-the-flag hacking games.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US Federal Trade Commission (FTC) has warned American technology companies that following European Union and United Kingdom rules on online content and encryption could place them in breach of US legislation.
In a letter sent to chief executives, FTC Chair Andrew Ferguson said that restricting access to content for American users to comply with foreign legal requirements might amount to a violation of Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive commercial practices.
Ferguson cited the EU’s Digital Services Act and the UK’s Online Safety Act, as well as reports of British efforts to gain access to encrypted Apple iCloud data, as examples of measures that could put companies at risk under US law.
Although Section 5 has traditionally been used in cases concerning consumer protection, Ferguson noted that the same principles could apply if companies changed their services for US users due to foreign regulation. He argued that such changes could ‘mislead’ American consumers, who would not reasonably expect their online activity to be governed by overseas restrictions.
The FTC chair invited company leaders to meet with his office to discuss how they intend to balance demands from international regulators while continuing to fulfil their legal obligations in the United States.
Earlier this week, a senior US intelligence official said the British government had withdrawn a proposed legal measure aimed at Apple’s encrypted iCloud data after discussions with US Vice President JD Vance.
The issue has arisen amid tensions over the enforcement of UK online safety rules. Several online platforms, including 4chan, Gab, and Kiwi Farms, have publicly refused to comply, and British authorities have indicated that internet service providers could ultimately be ordered to block access to such sites.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Following last week’s announcements on AI-driven cybersecurity, Google Cloud has unveiled further tools at its Security Summit 2025 aimed at protecting enterprise AI deployments and boosting efficiency for security teams.
The updates build on prior innovations instead of replacing them, reinforcing Google’s strategy of integrating AI directly into security operations.
Vice President and General Manager Jon Ramsey highlighted the growing importance of agentic approaches as AI agents operate across increasingly complex enterprise environments.
Building on the previous rollout, Google now introduces Model Armor protections, designed to shield AI agents from prompt injections, jailbreaking, and data leakage, enhancing safeguards without interrupting existing workflows.
Additional enhancements include the Alert Investigation agent, which automates event enrichment and analysis while offering actionable recommendations.
By combining Mandiant threat intelligence feeds with Google’s Gemini AI, organisations can now detect and respond to incidents across distributed agent networks more rapidly and efficiently than before.
SecOps Labs and updated SOAR dashboards provide early access to AI-powered threat detection experiments and comprehensive visualisations of security operations.
These tools allow teams to continue scaling agentic AI security, turning previous insights into proactive, enterprise-ready protections for real-world deployments.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has released its Password Manager as a standalone app for Android, separating the service from Chrome for easier access. The new app allows users to quickly view and manage saved passwords, passkeys and login details directly from their phone.
The app itself does not introduce new features. It functions mainly as a shortcut to the existing Password Manager already built into Android and Chrome.
For users, there is little practical difference between the app and the integrated option, although some may prefer the clarity of having a dedicated tool instead of navigating through browser settings.
For Google, however, the move brings advantages. By listing Password Manager in the Play Store, the company can compete more visibly with rivals like LastPass and 1Password.
Previously, many users were unaware of the built-in feature since it was hidden within Chrome. The Play Store presence also gives Google a direct way to push updates and raise awareness of the service.
The app arrives with Google’s Material 3 design refresh, giving it a cleaner look that aligns with the rest of Android. Functionality remains unchanged for now, but the shift suggests Google may expand the app in the future.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Orange Belgium has confirmed a data breach affecting 850,000 customers, after a cyberattack targeted one of its internal IT systems. The attack, discovered in late July, exposed names, phone numbers, SIM card details, tariff plans and PUK codes. No financial or password data was compromised.
The telecoms provider blocked access to the affected system and notified authorities. A formal complaint has also been filed with the judiciary. All affected users are being informed via email or SMS and are urged to stay alert for phishing and identity fraud attempts.
Orange Belgium has advised users to strengthen account security with strong, unique passwords and to be cautious of suspicious links and messages. This marks the third cyber incident involving Orange in 2025, following earlier attacks, though those breaches varied in impact.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A ransomware attack against dialysis provider DaVita has exposed the personal data of 2.7 million people, according to a notice on the US health department’s website.
The company first disclosed the cyber incident in April, saying it had taken steps to restore operations but could not predict the scale of disruption.
DaVita confirmed that hackers gained unauthorised access to its laboratory database, which contained sensitive information belonging to some current and former patients. The firm said it is now contacting those affected and offering free credit monitoring to help protect against identity theft.
Despite the intrusion, DaVita maintained uninterrupted dialysis services across its network of nearly 3,000 outpatient clinics and home treatment programmes. The company described the cyberattack as a temporary disruption but stressed that patient care was never compromised.
Financial disclosures show the incident led to around $13.5 million in charges during the second quarter of 2025. Most of the costs were linked to system restoration and third-party support, with $1 million attributed to higher patient care expenses.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Microsoft has limited certain Chinese companies’ access to its early warning system for cybersecurity vulnerabilities following suspicions about their involvement in recent SharePoint hacking attempts.
The decision restricts the sharing of proof-of-concept code, which mimics genuine malicious software. While valuable for cybersecurity professionals strengthening their systems, the code can also be misused by hackers.
The restrictions follow Microsoft’s observation of exploitation attempts targeting SharePoint servers in July. Concerns arose that a member of the Microsoft Active Protections Program may have repurposed early warnings for offensive activity.
Microsoft maintains that it regularly reviews participants and suspends those violating contracts, including prohibitions on participating in cyber attacks.
Beijing has denied involvement in the hacking, while Microsoft has refrained from disclosing which companies were affected or details of the ongoing investigation.
Analysts note that balancing collaboration with international security partners and preventing information misuse remains a key challenge for global cybersecurity programmes.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has patched a high-severity flaw in its Chrome browser with the release of version 139, addressing vulnerability CVE-2025-9132 in the V8 JavaScript engine.
The out-of-bounds write issue was discovered by Big Sleep AI, a tool built by Google DeepMind and Project Zero to automate vulnerability detection in real-world software.
Chrome 139 updates (Windows/macOS: 139.0.7258.138/.139, Linux: 139.0.7258.138) are now rolling out to users. Google has not confirmed whether the flaw is being actively exploited.
Users are strongly advised to install the latest update to ensure protection, as V8 powers both JavaScript and WebAssembly within Chrome.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
