X Faces Investigation For Using Europeans’ Data To Train AI - 1

Image by Heisenberg Media, from Flickr

X Faces Investigation For Using Europeans’ Data To Train AI

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Ireland’s Data Protection Commission (DPC) has launched an official investigation into Elon Musk’s social media platform X, formerly known as Twitter, over how it used Europeans’ personal data to train its artificial intelligence tool, Grok.

In a rush? Here are the quick facts:

  • Ireland’s DPC is investigating X over AI training with EU user data.
  • X allegedly used public EU posts to train its Grok AI model.
  • Investigation checks if data was processed lawfully under GDPR.

In a statement, the DPC said it will examine “the processing of personal data comprised in publicly-accessible posts posted on the X social media platform by EU/EEA users, for the purposes of training generative artificial intelligence models,” as first reported by Reuters .

X has already faced multiple investigations across Europe. The DPC sued X last year because it wanted EU citizens to have the right to opt out of data use for AI training. X later agreed to stop such practices permanently, and the case was dropped .

Grok, developed by Musk’s AI startup xAI, powers features like the chatbot integrated into the X platform. he chatbot operating on the X platform runs on Grok technology which draws its training data from extensive language models (LLMs) that analyze vast amounts of text information including social media content and blog posts.

The DPC has been the main regulator for X in the EU since its European headquarters is located in Dublin. The Independent says that the regulator has the authority to fine companies up to €20 million or 4% of global revenue for serious violations. Reuters reports that in the past, it has fined big names like Meta, TikTok, and LinkedIn, with total fines against Meta alone reaching nearly €3 billion.

Neither X nor Elon Musk has responded to the latest investigation. Musk, a close adviser to U.S. President Donald Trump, has frequently criticized the EU’s tech regulations, describing them as burdensome and unfair, as noted by Reuters.

Slow Pisces Tricks Crypto Devs With Fake Job Offers - 2

Image by Mohammad Rahmani, from Unsplash

Slow Pisces Tricks Crypto Devs With Fake Job Offers

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A North Korean hacking group known as Slow Pisces is tricking cryptocurrency developers into running malicious code disguised as job application challenges.

In a rush? Here are the quick facts:

  • Malware activates after checking the victim’s location and system configuration.
  • Malware runs in memory, leaving no trace on hard drives.
  • RN Stealer collects usernames, apps, and directories from macOS systems.

The group, also known as Jade Sleet or TraderTraitor, has stolen over $1 billion in crypto assets and continues to launch sophisticated attacks aimed at generating income for the DPRK regime.

According to cybersecurity researchers at Palo Alto Networks’ Unit 42 , Slow Pisces contacts developers on LinkedIn pretending to be recruiters . After engaging in conversation, they send a fake job description in a PDF. If the victim applies, they’re sent a coding test that includes a “real project” hosted on GitHub. That project is laced with malware.

These fake projects often appear legitimate and even pull data from real websites like Wikipedia. But hidden among the sources is one malicious site controlled by the hackers. The malware is only activated after confirming the target’s location and system details, allowing Slow Pisces to avoid detection.

Instead of using obvious hacking tricks that security systems can easily spot, the attackers used a sneakier method called YAML deserialization. Basically, they hide dangerous code inside what looks like harmless setup files, making it harder to detect.

Once installed, the malware runs in memory and doesn’t leave traces on the hard drive. It downloads additional malware, named RN Loader and RN Stealer. RN Loader collects basic system data, while RN Stealer gathers more sensitive info like usernames, installed apps, and directory contents, especially from macOS systems.

Palo Alto Networks reported the malicious LinkedIn and GitHub accounts. Both platforms responded:

Security experts recommend developers stay cautious of unsolicited coding challenges and check URLs linked in job tests.