Privacy and data protection

Hackers use fake Semrush ads to steal Google accounts

Cybercriminals are using fake adverts for popular SEO platform Semrush to trick users into giving up access to their Google accounts, researchers have warned.

The malvertising campaign features ads that link to a bogus Semrush login page, which only allows users to sign in via Google, a tactic designed to steal high-value credentials.

According to Malwarebytes, Semrush accounts are often linked to critical Google services such as Analytics and Search Console.

These tools store confidential business insights, which threat actors could exploit for strategic and financial gain. The scammers may also access names, phone numbers, business details, and partial card information through compromised Semrush accounts.

By impersonating Semrush support, attackers could deceive users into revealing full card details under the pretence of payment or billing updates. However, this may open the door to wider fraud, such as redirecting funds from vendors or business partners.

With Semrush serving over 117,000 customers, including a significant share of Fortune 500 firms, the attack underscores the growing risks of malvertising on platforms like Google.

Security experts are urging businesses to tighten account access controls and remain cautious when engaging with search ads, even from seemingly reputable brands.

For more information on these topics, visit diplomacy.edu.

MetaAI rolls out in Europe after regulatory hurdles

MetaAI, Meta’s AI chat function, is set to launch across Europe after delays caused by regulatory scrutiny regarding the use of personal data to train its models.

The European Commission is reviewing a risk assessment from Meta to ensure that the new feature complies with the EU’s Digital Services Act (DSA). However, this regulation mandates companies to submit risk assessments in advance of deploying new functions.

MetaAI was first launched in the US in September 2023, followed by India in June 2024, and the UK in October.

However, its European rollout was delayed last summer after the Irish Data Protection Commission raised concerns about using data from Facebook and Instagram users for AI training.

Meta faced criticism over Europe’s regulatory approach, with company officials, including CEO Mark Zuckerberg, expressing frustration with the delays.

Despite the regulatory hurdles, Meta is now moving forward with its plans to bring MetaAI to the EU, with the company noting that the process has taken longer than expected due to Europe’s complex regulatory landscape.

For more information on these topics, visit diplomacy.edu.

Apple plans to add cameras to future Apple Watch

Apple is reportedly planning to introduce cameras to its Apple Watch lineup within the next two years, integrating advanced AI-powered features like Visual Intelligence.

According to Bloomberg’s Mark Gurman, the standard Apple Watch Series will have a camera embedded within the display, while the Apple Watch Ultra will feature one on the side near the digital crown.

These cameras will allow the smartwatch to observe its surroundings and use AI to provide real-time, useful information to users.

Apple is also exploring similar camera technology for future AirPods, aiming to enhance their functionality with AI-driven capabilities.

The concept builds on the Visual Intelligence feature introduced with the iPhone 16, which allows users to extract details from flyers, identify locations, and more using the phone’s camera.

While the current system relies on external AI models, Apple is working on its in-house AI technology, and it is expected to power these features by 2027, when the camera-equipped Apple Watch and AirPods are likely to be released.

The move is part of Apple’s broader push into AI, led by Mike Rockwell, who previously spearheaded the Vision Pro project.

Rockwell is now overseeing the upgrade of Siri’s language model, which has faced delays, and contributing to visionOS, the operating system expected to support AI-enhanced AR glasses in the future. Apple’s increasing focus on AI suggests a shift towards more intelligent, context-aware wearable devices.

For more information on these topics, visit diplomacy.edu.

New Airbyte connectors support AI and data privacy

San Francisco-based data startup Airbyte has unveiled a new set of enterprise tools aimed at helping companies move and manage data more securely, especially as AI becomes more central to operations. The updates, announced Thursday, include new connectors for apps such as NetSuite, SAP, and ServiceNow, as well as support for extracting unstructured data from platforms like Google Drive and SharePoint.

A key highlight of the release is compatibility with Apache Iceberg, an open-source format that enables businesses to centralise data into a single, AI-compatible “lakehouse.” This allows companies to better control how and where their data flows while preserving the flexibility needed for high-performance analytics and machine learning.

Airbyte co-founder and CEO Michel Tricot stressed the importance of data sovereignty in an AI-driven era. He noted that while AI tools can be powerful, giving away sensitive internal data, like employee compensation or strategic business metrics, to external services is a risk many companies are no longer willing to take. Airbyte’s approach ensures that only the enterprise sees and manages its data pipelines.

Founded in 2020, Airbyte now serves over 7,000 enterprise clients, including names like Invesco and Calendly, and has secured more than $181 million in funding. As businesses continue to prioritise secure, scalable infrastructure for AI, Airbyte’s offerings are positioning it as a go-to partner for data portability without compromise.

For more information on these topics, visit diplomacy.edu.

Apple accused of misleading AI advertising

Apple is facing a class-action lawsuit in the United States over delays in delivering its much-promoted Apple Intelligence features.

The legal action, filed in a US based San Jose federal court, claims the company misled customers by advertising advanced AI tools that have yet to materialise on supported devices.

The complaint argues that buyers of new iPhones and other Apple products were promised ‘transformative’ AI capabilities at launch, only to find these features were either severely limited or completely absent.

According to the plaintiffs, Apple’s marketing created a “reasonable consumer expectation” that was ultimately not met.

This legal challenge adds to mounting pressure on the company, which has struggled to roll out its next-generation AI tools.

A recent Bloomberg report suggested internal tensions, revealing that CEO Tim Cook has reportedly lost confidence in AI chief John Giannandrea’s ability to deliver on the company’s ambitions.

The case reflects growing scrutiny of tech firms’ promises around AI, especially as consumer trust becomes more closely tied to the reality behind flashy announcements.

For more information on these topics, visit diplomacy.edu.

US judge says Social Security unlawfully shared data with Musk’s aides

A federal judge has ruled that the Social Security Administration (SSA) likely violated privacy laws by granting Elon Musk’s Department of Government Efficiency (DOGE) unrestricted access to millions of Americans’ personal data.

The ruling halts further data sharing and requires DOGE to delete unlawfully accessed records. United States District Judge Ellen Lipton Hollander stated that while tackling fraud is important, government agencies must not ignore privacy laws to achieve their goals.

The case has drawn attention to the extent of DOGE’s access to sensitive government databases, including Numident, which contains detailed personal information on Social Security applicants.

The SSA’s leadership allowed DOGE staffers to review vast amounts of data in an effort to identify fraudulent payments. Critics, including advocacy groups and labour unions, argue that the process lacked proper oversight and risked compromising individuals’ privacy.

The ruling marks a major legal setback for DOGE, which has been expanding its influence across multiple federal agencies. The White House condemned the decision, calling it judicial overreach, while SSA officials indicated they would comply with the order.

The controversy highlights growing concerns over government data security and the limits of executive power in managing public records.

For more information on these topics, visit diplomacy.edu.

Cyberattack exploits a flaw in ZoneAlarm’s vsdatant.sys driver

A sophisticated cyberattack has targeted vulnerabilities in the vsdatant.sys driver, a component of Checkpoint’s ZoneAlarm antivirus software, allowing attackers to bypass critical Windows security features.

The driver, released in 2016, has been exploited in a Bring Your Own Vulnerable Driver (BYOVD) attack, enabling attackers to elevate privileges and access sensitive data.

The vsdatant.sys driver operates with high kernel-level privileges, containing long-known vulnerabilities that allow attackers to exploit crafted Interrupt Request Packets (IRPs).

These flaws, affecting versions of the driver prior to 7.0.362, allow for arbitrary code execution by improperly validating arguments passed to system function handlers.

BYOVD attacks have become increasingly common, with attackers leveraging legitimate but vulnerable drivers to bypass security measures undetected.

In this case, attackers were able to disable Windows’ Memory Integrity feature, which is designed to protect critical system processes.

By exploiting flaws in vsdatant.sys, the attackers gained full access to the compromised system, enabling them to steal sensitive information.

To mitigate the risk of such attacks, security experts recommend implementing driver blocklisting, enabling Memory Integrity, and ensuring that all security products are kept up to date.

Users are urged to update their ZoneAlarm installations to the latest version to avoid exposure to these vulnerabilities.

For more information on these topics, visit diplomacy.edu.

ChatGPT wrongly accuses man of murder

A Norwegian man has lodged a complaint against OpenAI after ChatGPT falsely claimed he had murdered his two sons and was serving a 21-year prison sentence.

Arve Hjalmar Holmen, who has never been accused of any crime, says the chatbot’s response was deeply damaging, leading him to seek action from the Norwegian Data Protection Authority.

Digital rights group Noyb, representing Holmen, argues the incident violates European data protection laws regarding the accuracy of personal data.

The error highlights a growing concern over AI ‘hallucinations,’ where chatbots generate false information and present it as fact.

Holmen received the incorrect response when searching for his own name, with ChatGPT fabricating a detailed and defamatory account of a crime that never occurred. Although the chatbot carries a disclaimer about potential inaccuracies,

Noyb insists this is not enough, arguing that spreading false information cannot be justified by a simple warning label.

AI-generated hallucinations have plagued multiple platforms, including Apple and Google, with some errors being bizarre but others causing real harm.

Experts remain uncertain about the underlying causes of these inaccuracies in large language models, making them a key focus of ongoing research.

While OpenAI has since updated ChatGPT’s model to incorporate current news sources, the case raises questions about accountability and the transparency of AI-generated content.

For more information on these topics, visit diplomacy.edu.

EU faces pressure to boost semiconductor supply chain

Leading semiconductor firms are calling on the European Commission to introduce a follow-up to the 2023 EU Chips Act, arguing that a new policy must extend beyond manufacturing to include chip design, materials, and equipment.

Industry groups say the original programme, while encouraging investment, has failed to attract advanced chipmakers or build a competitive supply chain. Approval processes have also been criticised for being too slow, delaying key projects.

Following discussions in Brussels with European lawmakers, representatives from industry groups ESIA and SEMI Europe announced plans to formally request a ‘Chips Act 2.0’ from the Commission.

They argue that the EU must take decisive action to strengthen the entire semiconductor industry, including research and development as well as supplier subsidies.

European Parliament Member Oliver Schenk highlighted how other regions, such as Taiwan, have successfully integrated suppliers into their chip manufacturing ecosystem, whereas Europe still lacks such cohesion.

The meeting included major semiconductor companies such as NXP, Infineon, Bosch, and STMicroelectronics, alongside equipment makers ASML, ASM, and Zeiss.

Meanwhile, a coalition of nine EU countries has pledged to work with the Commission to strengthen Europe’s semiconductor capabilities.

The Commission has yet to outline specific plans, but it has previously stated its intention to launch investment initiatives this year, particularly in artificial intelligence and technology.

For more information on these topics, visit diplomacy.edu.

Baidu dismisses claims of leaked user information

Chinese tech giant Baidu has denied claims of an internal data breach after the teenage daughter of a senior executive was accused of sharing users’ personal information online.

The controversy erupted when internet users alleged that the daughter of Baidu vice president Xie Guangjun had posted private details, including phone numbers, following an online dispute.

Baidu insisted that neither employees nor executives have access to user data and claimed the information came from illegally obtained ‘doxing databases’ on foreign platforms.

The company has filed a police report regarding false claims, including allegations that Xie had given his daughter access to Baidu’s databases.

Xie apologised, stating that the data had been sourced from overseas social networking sites.

The case comes amid ongoing crackdown in China on data privacy breaches, with stricter laws in place to prevent unauthorised sharing of personal details.

The controversy has impacted investor confidence, with Baidu’s shares falling more than 4% in Hong Kong trading.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.