Network security

Venice Film Festival hit by data breach

The Venice Film Festival has confirmed that a cyberattack compromised the personal data of accredited attendees, including journalists and industry members. The breach affected names, contact details, and tax information.

The cybersecurity attackers accessed the festival’s servers on 7 July and copied and stored documents. Festival organisers responded by isolating systems and informing authorities.

Those affected received a formal notification and are encouraged to contact the event’s data protection officer for support or updates.

Despite the breach, the 82nd edition of the festival will proceed as scheduled from 27 August to 9 September in Italy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Security flaw in Dell models affects millions

Millions of Dell laptops faced a serious security risk due to a flaw in a Broadcom chip used for storing sensitive data. Cisco Talos researchers uncovered the vulnerability, which could have allowed attackers to steal passwords and monitor activity.

Dell confirmed over 100 laptop models were impacted, especially those with its ‘ControlVault’ security software used in sensitive industries. A fix has been issued through security patches since March.

No evidence suggests the flaw was exploited, but experts warn users to install updates promptly to avoid exposure. The issue highlights the risks of storing biometrics and credentials directly on devices.

Users are advised to keep security patches current and use reliable antivirus software to help reduce threats from similar vulnerabilities in future.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Security concerns mount as Microsoft rolls out NLWeb and MCP

Researchers have discovered a critical security flaw in Microsoft’s new NLWeb protocol, designed to bring ChatGPT-style search to websites and apps. The vulnerability, a simple path traversal bug, allowed remote access to sensitive files, including system configurations and API keys.

Although Microsoft has patched it, the incident raises concerns about security oversight, particularly as NLWeb is being adopted by major partners such as Shopify, Snowflake, and TripAdvisor.

According to The Verge, security researchers Aonan Guan and Lei Wang identified the flaw shortly after NLWeb’s launch, warning that traditional vulnerabilities now have the potential to compromise the ‘brains’ of AI systems themselves.

Microsoft issued a fix on 1 July, but has yet to assign the flaw a CVE, the industry standard for tracking security vulnerabilities, despite pressure from the researchers. Assigning a CVE would raise awareness and allow better monitoring of the issue, even though NLWeb is not yet widely used.

Microsoft is also continuing to roll out native support for the Model Context Protocol (MCP) in Windows, despite recent warnings from security researchers about its potential risks.

The NLWeb vulnerability highlights the need for Microsoft to balance the rapid rollout of new AI carefully features with maintaining security as its top priority.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

News Corp CEO warns AI could ‘vandalise’ creativity and IP rights

News Corp chief executive Robert Thomson has warned that AI could damage creativity by undermining intellectual property rights.

At the company’s full-year results briefing in New York, he described the AI era as a historic turning point. He called for stronger protections to preserve America’s ‘comparative advantage in creativity’.

Thomson said allowing AI systems to consume and profit from copyrighted works without permission was akin to ‘vandalising virtuosity’.

He cited Donald Trump’s The Art of the Deal, published by News Corp’s book division, questioning whether it should be used to train AI that might undermine book sales. Despite the criticism, the company has rolled out its AI newsroom tools, NewsGPT and Story Cutter.

News Corp reported a two percent revenue rise to US$8.5 billion ($A13.1 billion), with net income from continuing operations climbing 71 percent to US$648 million.

Growth in the Dow Jones and REA Group segments offset news media subscriptions and advertising declines.

Digital subscribers fell across several mastheads, although The Times and The Sunday Times saw gains. Profitability in news media rose 15 percent, aided by editorial efficiencies and cost-cutting measures.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Android spyware posing as antivirus

LunaSpy is a new Android spyware campaign disguised as an antivirus or banking protection app. It spreads via messenger links and fake channels, tricking users into installing what appears to be a helpful security tool.

Once installed, the app mimics a real scanner, shows fake threat detections and operates unnoticed. In reality, it monitors everything on the device and sends sensitive data to attackers.

Active since at least February 2025, LunaSpy spreads through hijacked contact accounts and emerging Telegram channels. It poses as legitimate software to build trust before beginning surveillance.

Android users must avoid apps from unofficial links, scrutinise messenger invites, and only install from trusted stores. Reliable antivirus software and cautious permission granting provide essential defence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Malaysia tackles online scams with AI and new cyber guidelines

Cybercrime involving financial scams continues to rise in Malaysia, with 35,368 cases reported in 2024, a 2.53 per cent increase from the previous year, resulting in losses of RM1.58 billion.

The situation remains severe in 2025, with over 12,000 online scam cases recorded in the first quarter alone, involving fake e-commerce offers, bogus loans, and non-existent investment platforms. Losses during this period reached RM573.7 million.

Instead of waiting for the situation to worsen, the Digital Ministry is rolling out proactive safeguards. These include new AI-related guidelines under development by the Department of Personal Data Protection, scheduled for release by March 2026.

The documents will cover data protection impact assessments, automated decision-making, and privacy-by-design principles.

The ministry has also introduced an official framework for responsible AI use in the public sector, called GPAISA, to ensure ethical compliance and support across government agencies.

Additionally, training initiatives such as AI Untuk Rakyat and MD Workforce aim to equip civil servants and enforcement teams with skills to handle AI and cyber threats.

In partnership with CyberSecurity Malaysia and Universiti Kebangsaan Malaysia, the ministry is also creating an AI-powered application to verify digital images and videos.

Instead of relying solely on manual analysis, the tool will help investigators detect online fraud, identity forgery, and synthetic media more effectively.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New malware steals 200,000 passwords and credit card details through fake software

Hackers are now using fake versions of familiar software and documents to spread a new info-stealing malware known as PXA Stealer.

First discovered by Cisco Talos, the malware campaign is believed to be operated by Vietnamese-speaking cybercriminals and has already compromised more than 4,000 unique IP addresses across 62 countries.

Instead of targeting businesses alone, the attackers are now focusing on ordinary users in countries including the US, South Korea, and the Netherlands.

PXA Stealer is written in Python and designed to collect passwords, credit card data, cookies, autofill information, and even crypto wallet details from infected systems.

It spreads by sideloading malware into files like Microsoft Word executables or ZIP archives that also contain legitimate-looking programs such as Haihaisoft PDF Reader.

The malware uses malicious DLL files to gain persistence through the Windows Registry and downloads additional harmful files via Dropbox. After infection, it uses Telegram to exfiltrate stolen data, which is then sold on the dark web.

Once activated, the malware even attempts to open a fake PDF in Microsoft Edge, though the file fails to launch and shows an error message — by that point, it has already done the damage.

To avoid infection, users should avoid clicking unknown email links and should not open attachments from unfamiliar senders. Instead of saving passwords and card details in browsers, a trusted password manager is a safer choice.

Although antivirus software remains helpful, hackers in the campaign have used sophisticated methods to bypass detection, making careful online behaviour more important than ever.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cloudflare claims Perplexity circumvented website scraping blocks

Cloudflare has accused AI startup Perplexity of ignoring explicit website instructions not to scrape their content.

According to the internet infrastructure company, Perplexity has allegedly disguised its identity and used technical workarounds to bypass restrictions set out in Robots.txt files, which tell bots which pages they may or may not access.

The behaviour was reportedly detected after multiple Cloudflare customers complained about unauthorised scraping attempts.

Instead of respecting these rules, Cloudflare claims Perplexity altered its bots’ user agent to appear as a Google Chrome browser on macOS and switched its network identifiers to avoid detection.

The company says these tactics were seen across tens of thousands of domains and millions of daily requests, and that it used machine learning and network analysis to identify the activity.

Perplexity has denied the allegations, calling Cloudflare’s report a ‘sales pitch’ and disputing that the bot named in the findings belongs to the company. Cloudflare has since removed Perplexity’s bots from its verified list and introduced new blocking measures.

The dispute arises as Cloudflare intensifies its efforts to grant website owners greater control over AI crawlers. Last month, it launched a marketplace enabling publishers to charge AI firms for scraping, alongside free tools to block unauthorised data collection.

Perplexity has previously faced criticism over content use, with outlets such as Wired accusing it of plagiarism in 2024.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google signs groundbreaking deal to cut data centre energy use

Google has become the first major tech firm to sign formal agreements with US electric utilities to ease grid pressure. The deals come as data centres drive unprecedented energy demand, straining power infrastructure in several regions.

The company will work with Indiana Michigan Power and Tennessee Valley Authority to reduce electricity usage during peak demand. These arrangements will help divert power to general utilities when needed.

Under the agreements, Google will temporarily scale down its data centre operations, particularly those linked to energy-intensive AI and machine learning workloads.

Google described the initiative as a way to speed up data centre integration with local grids while avoiding costly infrastructure expansion. The move reflects growing concern over AI’s rising energy footprint.

Demand-response programmes, once used mainly in heavy manufacturing and crypto mining, are now being adopted by tech firms to stabilise grids in return for lower energy costs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

The US launches $100 million cybersecurity grant for states

The US government has unveiled more than $100 million in funding to help local and tribal communities strengthen their cybersecurity defences.

The announcement came jointly from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA), both part of the Department of Homeland Security.

Instead of a single pool, the funding is split into two distinct grants. The State and Local Cybersecurity Grant Program (SLCGP) will provide $91.7 million to 56 states and territories, while the Tribal Cybersecurity Grant Program (TCGP) allocates $12.1 million specifically for tribal governments.

These funds aim to support cybersecurity planning, exercises and service improvements.

CISA’s acting director, Madhu Gottumukkala, said the grants ensure communities have the tools needed to defend digital infrastructure and reduce cyber risks. The effort follows a significant cyberattack on St. Paul, Minnesota, which prompted a state of emergency and deployment of the National Guard.

Officials say the funding reflects a national commitment to proactive digital resilience instead of reactive crisis management. Homeland Security leaders describe the grant as both a strategic investment in critical infrastructure and a responsible use of taxpayer funds.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!