Privacy and data protection

Drug‑testing firm exposes 748,000 records in breach

In a massive data breach revealed in July 2025, the Texas Alcohol & Drug Testing Service (TADTS) admitted hackers gained access to sensitive information belonging to approximately 748,763 individuals.

Attackers remained inside the network for five days in July 2024 before detection, later leaking hundreds of gigabytes of data via the BianLian ransomware group.

Exposed records include a dangerous mix of personal and financial data—names, Social Security and passport numbers, driver’s licence and bank account details, biometric information, health‑insurance files and login credentials.

The breadth of this data presents a significant risk of identity theft and financial fraud.

Despite identifying the breach shortly after, TADTS delayed notifying those affected until July 2025 and provided no credit monitoring or identity theft services.

The company is now under classic action scrutiny, with law firms investigating its response and breach notification delays.

Security experts warn that the extended timeline and broad data exposure could lead to scams, account takeovers and sustained damage to victims.

Affected individuals are urged to monitor statements, access free credit reports, and remain alert for suspicious activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon targets routers in sweeping campaign

Since early 2025, the Chinese-linked hacking group Salt Typhoon has aggressively targeted telecom infrastructure worldwide, compromising routers, switches and edge devices used by clients of major operators such as Comcast, MTN and LG Uplus.

Exploiting known but unpatched vulnerabilities, attackers gained persistent access to these network devices, potentially enabling further intrusions into core telecom systems.

The pattern suggests a strategic shift: the group broadly sweeps telecom infrastructure to establish ready-made access across critical communication channels.

Affected providers emphasised that only client-owned hardware was breached and confirmed no internal networks were compromised, but the campaign raises deeper concerns.

Experts warn that such indiscriminate telecommunications targeting could threaten data security and disrupt essential services, revealing a long-term cyber‑espionage strategy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nvidia’s container toolkit patched after critical bug

Cloud security researchers at Wiz have uncovered a critical misconfiguration in Nvidia’s Container Toolkit, used widely across managed AI services, that could allow a malicious container to break out and gain full root privileges on the host system.

The vulnerability, tracked as CVE‑2025‑23266 and nicknamed ‘NVIDIAScape’, arises from unsafe handling of OCI hooks. Exploiters can bypass container boundaries by using a simple three‑line Dockerfile, granting them access to server files, memory and GPU resources.

With Nvidia’s toolkit integral to GPU‑accelerated cloud offerings, the risk is systemic. A single compromised container could steal or corrupt sensitive data and AI models belonging to other tenants on the same infrastructure.

Nvidia has released a security advisory alongside updated toolkit versions. Users are strongly advised to apply patches immediately. Experts also recommend deploying additional isolation measures, such as virtual machines, to protect against container escape threats in multi-tenant AI environments.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Irish hospital turns to AI for appointment management

Beaumont Hospital in Dublin plans to deploy AI to predict patient no-shows and late cancellations, aiming to reduce wasted resources.

Instead of relying solely on reminders, the hospital will pilot AI software costing up to €110,000, using patient data to forecast missed appointments. Currently, no-shows account for 15.5% of its outpatient slots.

The system will integrate with Beaumont’s existing two-way text messaging service. Rather than sending uniform reminders, the AI model will tailor messages based on the likelihood of attendance while providing hospital staff with real-time insights to better manage clinic schedules.

The pilot is expected to begin in late 2025 or early 2026, potentially expanding into a full €1.2 million contract.

The move forms part of Beaumont Hospital’s strategic plan through 2030 to reduce outpatient non-attendance. It follows the broader adoption of AI in Irish healthcare, including Mater Hospital’s recent launch of an AI and Digital Health centre designed to tackle clinical challenges using new technologies.

Instead of viewing AI as a future option, Irish hospitals now increasingly treat it as an immediate solution to operational inefficiencies, hoping it will transform healthcare delivery and improve patient service.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum tech could break online security, warns India

The Indian Computer Emergency Response Team (CERT-In), alongside cybersecurity firm SISA, cautions that these powerful machines could soon break the encryption used to protect everything from online banking to personal identity systems.

CERT-In’s new white paper outlines how attackers may already be stockpiling encrypted data to unlock later using quantum tools, a tactic called ‘harvest now, decrypt later’. If left unaddressed, this strategy could expose sensitive data stored today once quantum technology matures.

AI is adding to the urgency. As it becomes more embedded in digital systems, it also increases access to user data, raising the stakes if encryption is compromised. The biggest digital systems in India, including Aadhaar, cryptocurrencies, and smart devices, are seen as particularly exposed to this looming risk.

Everyday users are advised to take precautions: update devices regularly, use strong passwords with multi-factor authentication, and avoid storing sensitive data online long-term. Services like Signal or ProtonMail, which use strong encryption, are also recommended.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Mistral’s chatbot Le Chat takes on ChatGPT with major upgrade

France-based AI startup Mistral has rolled out a major update to Le Chat, its AI chatbot, introducing new features aimed at challenging rivals like ChatGPT, Gemini and Claude. The update includes Deep Research, voice interaction, reasoning capabilities and a refreshed image editor.

According to the company’s latest blog post, the new Deep Research mode transforms Le Chat into a structured assistant that can clarify needs, search sources and deliver summarised findings. The tool enables users to receive comprehensive responses in a neatly formatted report.

In addition, Mistral unveiled Vocal mode, allowing users to speak to the chatbot as if they were talking to a person. The feature is powered by the firm’s voice input model, Voxtral, which handles voice recognition in real time.

The company also introduced Think mode, based on its Magistral reasoning model. Designed for multilingual and complex tasks, the feature provides thoughtful and clear responses, even when answering legal or professional queries in languages like Spanish or Japanese.

For users juggling multiple conversations or tasks, the new Projects tool groups related chats into separate spaces. Each project includes a dedicated Library for storing files and content, while also remembering individual tools and settings.

Users can upload documents directly into Projects and revisit past chats or references. Content from the Library can also be pulled into the active conversation, supporting a more seamless and personalised experience.

A revamped image editor rounds out the update, offering users the ability to tweak AI-generated visuals while maintaining consistency in character design and fine details. Mistral says the upgrade helps improve image customisation without compromising visual integrity.

All features are now available through Le Chat’s web platform at ‘chat.mistral.ai’ or via the company’s mobile apps on Android and iOS. The update reflects Mistral’s growing ambition to differentiate itself in the increasingly competitive AI assistant market.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers hide malware using DNS TXT records

Hackers are increasingly exploiting DNS records to deliver malware undetected, according to new research from DomainTools.

Instead of relying on typical delivery methods such as emails or downloads, attackers now hide malicious code within DNS TXT records, part of the Domain Name System, often overlooked by security systems.

The method involves converting malware into hexadecimal code, splitting it into small segments, and storing each chunk in the TXT record of subdomains under domains like whitetreecollective.com.

Once attackers gain limited access to a network, they retrieve these chunks via ordinary-looking DNS queries, reassembling them into functioning malware without triggering antivirus or firewall alerts.

The rising use of encrypted DNS protocols like DNS-over-HTTPS and DNS-over-TLS makes detecting such queries harder, especially without in-house DNS resolvers equipped for deep inspection.

Researchers also noted that attackers are using DNS TXT records for malware and embedding harmful text designed to manipulate AI systems through prompt injection.

Ian Campbell of DomainTools warns that even organisations with strong security measures struggle to detect such DNS-based threats due to the hidden nature of the traffic.

Instead of focusing solely on traditional defences, organisations are advised to monitor DNS traffic closely, log and inspect queries through internal resolvers, and restrict DNS access to trusted sources. Educating teams on these emerging threats remains essential for maintaining robust cybersecurity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI releases ChatGPT agent with task automation tools

OpenAI has introduced a general-purpose AI agent within ChatGPT, aiming to move beyond answering questions by completing various computer-based tasks.

Known as ChatGPT agent, the tool allows users to navigate calendars, generate editable presentations, and write code simply by using natural language prompts.

Rather than acting as a standalone product, ChatGPT agent integrates capabilities from OpenAI’s earlier tools, combining website navigation and in-depth research features.

Rolling out to Pro, Plus, and Team subscribers, the ChatGPT agent also connects with external apps like Gmail and GitHub. Instead of being limited to basic queries, it can access a terminal and use APIs, enabling tasks such as analysing competitors or planning shopping lists.

OpenAI claims its underlying model delivers state-of-the-art results, scoring significantly higher than previous versions on academic and maths benchmarks.

While positioning ChatGPT as its most capable AI tool yet, OpenAI has implemented several new safety measures due to the agent’s potential risks. The company acknowledges its model could amplify harm in sensitive areas like biological and chemical threats.

To mitigate such dangers, OpenAI monitors prompts in real time and turns off ChatGPT’s memory feature within the agent to avoid data leaks through malicious attacks.

Despite these precautions, questions remain over whether the ChatGPT agent will consistently perform complex tasks in the real world. Earlier agent technologies from various companies have often failed to meet expectations.

OpenAI, however, insists its new release represents a more robust step towards fulfilling the vision of practical AI agents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Afghan data breach prompts secret UK relocation

A serious data breach involving nearly 19,000 Afghans who sought relocation to the UK has come to light following a High Court ruling.

The incident occurred in February 2022 when a UK Special Forces HQ official mistakenly emailed a spreadsheet containing personal details to an unauthorised recipient.

Names, contact details and family information of those who feared Taliban reprisals due to their ties to British forces were exposed.

The breach only surfaced in August 2023 after some names appeared on Facebook, prompting fears the Taliban could gain access to the data.

The government created the Afghanistan Response Route in secret to mitigate the risk, separate from the Arap scheme. Around 20,000 were deemed eligible, with 16,000 already relocated to the UK by May 2025, though an estimated 80,000 remain at risk.

A government review concluded the leak was unlikely to trigger mass reprisals, though those affected still consider it a severe failure. The scheme has already cost £400 million, with a further £450 million expected, contributing to a total Afghan relocation bill of up to £6 billion.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU helps Vietnam prepare for cyber emergencies

The European Union and Vietnam have conducted specialised cyber‑defence training to enhance the resilience of key infrastructure sectors such as power, transportation, telecoms and finance.

Participants, including government officials, network operators and technology experts, engaged in interactive threat-hunting exercises and incident simulation drills designed to equip teams with practical cyber‑response skills.

This effort builds on existing international partnerships, including collaboration with the US Cybersecurity and Infrastructure Security Agency, to align Vietnam’s security posture with global standards.

Vietnam faces an alarming shortfall of more than 700,000 cyber professionals, with over half of organisations reporting at least one breach in recent years.

The training initiative addresses critical skills gaps and contributes to national digital security resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.