Image by Jaanus Jagomägi, from Unsplash

UK Government’s AI Tool Raises Regulation Concerns

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

The UK government’s AI tool raises concerns over copyright, transparency, and civil service dependence.

In a rush? Here are the quick facts:

• All civil servants in England and Wales will receive AI training.
• Government uses pay-as-you-go AI via existing cloud contracts.
• Critics warn AI tools rely on unlicensed copyrighted material.

The UK government’s AI system, known as Humphrey , is built on models from OpenAI, Anthropic, and Google, as reported by The Guardian . The government faces growing criticism, as its increasing dependence on major tech companies becomes more concerningm while AI tools become central to civil service reform.

The government plans to train all English and Welsh civil servants in using AI tools through Humphrey to enhance public sector operational efficiency. The fast implementation of big tech AI systems, often using copyrighted material without authorization, ignites various ethical and regulatory problems, as reported by The Guadian.

“The government can’t effectively regulate these companies if it is simultaneously baking them into its inner workings,” said Ed Newton-Rex, CEO of Fairly Trained, reported The Guardian. “These AI models are built via the unpaid exploitation of creatives’ work,” he added.

The creative industry has strongly opposed the move, backing a campaign that fights for enhanced copyright protection. Members of this movement include Elton John, Kate Bush, and Paul McCartney.

The government recently passed a controversial data bill that enables AI systems to use copyrighted content , unless rights holders specifically choose to opt out.

Labour peer Shami Chakrabarti expressed concern about AI system errors while advising vigilance regarding potential biases and inaccuracies, which The Guardian notes have already been reported in the Horizon computer system.

Despite concerns, government officials defend the approach. A spokesperson from the Department for Science, Innovation and Technology said: “Our use of this technology in no way limits our ability to regulate it,” as reported by The Guardian.

The government operates through cloud contracts with a pay-as-you-go model instead of establishing long-term agreements with tech companies, which enables them to change providers, says The Guardian.

The Humphrey tools, comprising Redbox, Parlex, and AI Minute, have demonstrated their value by reducing costs below 50p while eliminating extensive administrative tasks that take hours to complete.

The ongoing deployment of AI in government operations faces challenges regarding transparency and oversight practices.

Image by ELLA DON, from Unsplash

Malware Campaign Hijacks Old Discord Links To Hack Crypto Users

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

Hackers are hijacking expired Discord invite links to trick users into malware infections that steal crypto wallets and bypass browser security tools.

In a rush? Here are the quick facts:

• Victims redirected to phishing sites through fake Discord verification bots.
• Malware downloaded from trusted platforms like GitHub and Pastebin.
• AsyncRAT and Skuld Stealer target crypto wallets and sensitive user data.

According to CheckPoint research team, cybercriminals are using expired Discord invite links to lead users toward malicious servers that result in advanced malware infections.

Attackers hijack former invite links, which belonged to trusted communities, to send users toward imitation Discord servers. The fake Discord servers trick their users into downloading dangerous malware, including AsyncRAT and Skuld Stealer, cryptocurrency wallet-targeting malware.

The attackers exploit how Discord generates invite links by using both temporary and permanent linking capabilities. Attackers gain access to abandoned links by claiming them back to set harmful Discord servers.

In this way, users who click on what appears to be valid invitations from social media or outdated posts are automatically taken to malicious servers controlled by hackers.

Inside these fake servers, users encounter a bot called “Safeguard” that presents a fake verification process. After users initiate the verification process, they access a phishing website, which runs a dangerous PowerShell command.

The command retrieves malicious software from GitHub, as well as Bitbucket and Pastebin platforms, in order to make the operation blend in with standard web traffic.

The malware executes multiple stages to evade detection systems. A GitHub link serves as the first download target for a PowerShell script. The loader retrieves the encrypted malware from Bitbucket before decrypting it for installation on the user’s computer system.

The last payloads—AsyncRAT and Skuld Stealer—enable attackers to remotely control systems and steal important information, including user credentials, together with crypto wallet details from Exodus and Atomic applications. The malware implements timed delays, up to 15 minutes, to evade automated security systems.

Additionally, the cyberattackers discovered a method to circumvent the protection provided by Google Chrome’s App Bound Encryption for cookies. The attackers modified ChromeKatz to enable direct extraction of login cookies from Chrome, Edge, and Brave browser memory.

The attacks have targeted users throughout the United States, along with Vietnam, France, and Germany, as well as additional nations. The attackers seem to target cryptocurrency users because their malware specifically targets wallet credentials and recovery phrases.

The researchers believe cybercriminals will develop new methods despite Discord disabling the specific bot used in this campaign. Users should protect themselves from such attacks by avoiding outdated Discord invites, while being cautious about verification requests and maintaining current antivirus software.