Network security

Users warned to update WinRAR after active attacks

A critical flaw in the Windows version of WinRAR is being exploited to install malware that runs automatically at startup. Users are urged to update to version 7.13 immediately, as the software does not update itself.

Tracked as CVE-2025-8088, the vulnerability allows malicious RAR files to place content in protected system folders, including Windows startup locations. Once there, the malware can steal data, install further payloads and maintain persistent access.

ESET researchers linked the attacks to the RomCom hacking group, a Russian-speaking operation known for espionage and ransomware campaigns. The flaw has been used in spear-phishing attacks where victims opened infected archives sent via email.

WinRAR’s July update fixes the cybersecurity issue by blocking extractions outside user-specified folders. Security experts recommend caution with email attachments, antivirus scanning of archives and regular checks of startup folders for suspicious files.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI-generated video misleads as tsunami footage in Japan

An 8.8-magnitude earthquake off Russia’s Kamchatka peninsula at the end of July triggered tsunami warnings across the Pacific, including Japan. Despite widespread alerts and precautionary evacuations, the most significant wave recorded in Japan was only 1.3 metres high.

A video showing large waves approaching a Japanese coastline, which went viral with over 39 million views on platforms like Facebook and TikTok, was found to be AI-generated and not genuine footage.

The clip, appearing as if filmed from a plane, was initially posted online months earlier by a YouTube channel specialising in synthetic visuals.

Analysis of the video revealed inconsistencies, including unnatural water movements and a stationary plane, confirming it was fabricated. Additionally, numerous Facebook pages shared the video and linked it to commercial sites, spreading misinformation.

Official reports from Japanese broadcasters confirmed that the actual tsunami waves were much smaller, and no catastrophic damage occurred.

The incident highlights ongoing challenges in combating AI-generated disinformation related to natural disasters, as similar misleading content continues to circulate online during crisis events.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU member states clash over the future of encrypted private messaging

The ongoing controversy around the EU’s proposed mandatory scanning of private messages has escalated with the European Parliament intensifying pressure on the Council to reach a formal agreement.

A leaked memo reveals that the Parliament threatens to block the extension of the current voluntary scanning rules unless mandatory chat control is agreed upon.

Denmark, leading the EU Council Presidency, has pushed a more stringent version of the so-called Chat Control law that could become binding as soon as 14 October 2025.

While the Parliament argues the law is essential for protecting children online, many legal experts and rights groups warn the proposal still violates fundamental human rights, particularly the right to privacy and secure communication.

The Council’s Legal Service has repeatedly noted that the draft infringes on these rights since it mandates scanning all private communications, undermining end-to-end encryption that most messaging apps rely on.

Some governments, including Germany and Belgium, remain hesitant or opposed, citing these serious concerns.

Supporters like Italy, Spain, and Hungary have openly backed Denmark’s proposal, signalling a shift in political will towards stricter measures. France’s position has also become more favourable, though internal debate continues.

Opponents warn that weakening encryption could open the door to cyber attacks and foreign interference, while proponents emphasise the urgent need to prevent abuse and close loopholes in existing law.

The next Council meeting in September will be critical in shaping the final form of the regulation.

The dispute highlights the persistent tension between digital privacy and security, reflecting broader European challenges in regulating encrypted communications.

As the October deadline approaches, the EU faces a defining moment in balancing child protection with protecting the confidentiality of citizens’ communications.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

ShinyHunters breach Google’s Salesforce database

Google has confirmed a data breach during its investigation into the ShinyHunters group, revealing the tech giant was also affected. The attackers accessed a Salesforce database used for storing small business customer information.

The breach exposed business names and contact details during a short window before access was revoked. Google stated no highly sensitive or personal data was compromised.

ShinyHunters used phishing and vishing tactics to trick users into authorising malicious Salesforce apps disguised as legitimate tools. The technique mirrors previous high-profile breaches involving firms like Santander and Ticketmaster.

Google warned the group may escalate operations by launching a data leak site. Organisations are urged to tighten their cybersecurity measures and access controls, train staff and apply multi-factor authentication across all accounts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Visa boosts cyber defence support for clients

Visa has launched a new Cybersecurity Advisory Practice to support businesses in identifying and countering growing cyber risks. The initiative aims to provide practical insights tailored to clients of all sizes.

The practice will be powered by Visa Consulting & Analytics, which brings together a global team of consultants, product specialists and data scientists. Services include training, threat analysis and cybersecurity maturity assessments.

Jeremiah Dewey, a veteran with over 20 years of experience in the field, has been named global head of cyber products. He will lead product development and build strategic partnerships.

Visa says the goal is to offer scalable solutions to both small businesses and large enterprises, enabling them to stay resilient in an evolving digital threat market.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NVIDIA pushes back against chip backdoor demands

NVIDIA has publicly rejected calls to embed kill switches or backdoors in its AI chips amid growing political pressure. The statement follows proposals from US lawmakers and accusations by Chinese authorities.

Chief Security Officer David Reber Jr. said any such backdoor would endanger global digital infrastructure and open doors for hackers. He reaffirmed NVIDIA’s commitment to fixing vulnerabilities, not creating them.

The controversy arises as the chipmaker navigates strict US export controls while maintaining its foothold in China with the H20 chip. A Chinese agency recently claimed these chips already contain hidden controls.

Reber distinguished transparent, user-controlled tools like remote wipe from covert backdoors, arguing they serve customers without risking the system integrity of the chips.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump Media trials new AI search engine with help from Perplexity

Trump Media and Technology Group has begun testing a new AI-powered search engine called Truth Search AI on its Truth Social platform.

Developed in partnership with AI company Perplexity, the feature is intended to enhance access to information for users of the platform.

Devin Nunes, CEO and Chairman of Trump Media, said the tool will strengthen Truth Social’s position in the so-called ‘Patriot Economy’.

Perplexity’s Chief Business Officer, Dmitry Shevelenko, added that the collaboration brings powerful AI to users who are seeking answers to significant questions.

The search engine is already live on the platform and has responded to politically sensitive queries with measured language.

When asked whether Donald Trump was a liar, the tool noted that the label often depends on context, but acknowledged that fact-checkers have documented many misleading claims.

A similar question about Nancy Pelosi prompted the response that such a claim was partisan rather than factual.

Trump Media plans to expand the feature to its iOS and Android apps shortly. The launch is part of a wider strategy to broaden the company’s digital offerings, which also include ventures in cryptocurrency and finance, such as a proposed Bitcoin ETF in partnership with Crypto.com and Yorkville America Digital.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US court system suffers sweeping cyber intrusion

A sweeping cyberattack has compromised the federal court filing system across multiple US states, exposing sensitive case data and informant identities. The breach affects core systems used by legal professionals and the public.

Sources say the Administrative Office of the US Courts first realised the scale of the hack in early July, with authorities still assessing the damage. Nation-state-linked actors or organised crime are suspected.

Critical systems like CM/ECF and PACER were impacted, raising fears over sealed indictments, search warrants and cooperation records now exposed. A dozen dockets were reportedly tampered with in at least one district.

Calls to modernise the ageing court infrastructure have intensified, with officials warning of rising cyber threats and the urgent need for system replacements.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU proposal to scan private messages gains support

The European Union’s ‘Chat Control’ proposal is gaining traction, with 19 member states now supporting a plan to scan all private messages on encrypted apps. From October, apps like WhatsApp, Signal, and Telegram must scan all messages, photos, and videos on users’ devices before encryption.

France, Denmark, Belgium, Hungary, Sweden, Italy, and Spain back the measure, while Germany has yet to decide. The proposal could pass by mid-October under the EU’s qualified majority voting system if Germany joins.

The initiative aims to prevent child sexual abuse material (CSAM) but has sparked concerns over mass surveillance and the erosion of digital privacy.

In addition to scanning, the proposal would introduce mandatory age verification, which could remove anonymity on messaging platforms. Critics argue the plan amounts to real-time surveillance of private conversations and threatens fundamental freedoms.

Telegram founder Pavel Durov recently warned of societal collapse in France due to censorship and regulatory pressure. He disclosed attempts by French officials to censor political content on his platform, which he refused to comply with.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google adds clever email safety feature

Thanks to a new feature that shows verified brand logos, Gmail users will now find it easier to spot phishing emails. The update uses BIMI, a standard that allows trusted companies to display official logos next to their messages.

To qualify, brands must secure their domain with DMARC and have their logos verified by authorities such as Entrust or DigiCert. Once approved, they receive a Verified Mark Certificate, linking their logo to their domain.

The feature helps users quickly distinguish between genuine emails and fraudulent ones. Early adopters include Bank of America in the US, whose logo now appears directly in inboxes.

Google’s move is expected to drive broader adoption, with services like MailChimp and Verizon Media already supporting the system. The change could significantly reduce phishing risks for Gmail’s vast user base.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!