Privacy commissioners find TikTok collected sensitive data from Canadian children | CBC News
A joint investigation by Canadian privacy authorities found TikTok’s age-verification methods ineffective, leading to the collection of sensitive information from underage users. TikTok has agreed to enhance its age-verification methods to prevent this.
SolarWinds Makes Third Attempt at Patching Exploited Vulnerability - SecurityWeek
SolarWinds released a hotfix for a remote code execution vulnerability (CVE-2025-26399) in Web Help Desk, marking the third attempt to address this issue. The vulnerability is a patch bypass of previous vulnerabilities (CVE-2024-28988 and CVE-2024-28986) and is considered highly critical. Users are advised to apply the hotfix immediately due to the potential for exploitation.
The 2025 SpyCloud Identity Threat Report reveals a disconnect between security leaders’ confidence and the reality of identity-based attacks. While 86% of security leaders feel confident, 85% of organizations experienced a ransomware incident in the past year. The report highlights the need for a holistic approach to identity protection, emphasizing the importance of detecting and remediating identity exposures across all digital footprints.
Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack - SecurityWeek
Supermicro patched two BMC vulnerabilities, CVE-2025-7937 and CVE-2025-6198, discovered by Binarly. These vulnerabilities, allowing malicious firmware updates and bypassing security features, highlight the fragility of firmware validation. While there is no evidence of exploitation, the vulnerabilities pose a significant risk to enterprise organizations.
Gains and Risks for Enterprises With DeepSeek V3.1
DeepSeek’s V3.1 model shows significant performance improvements over previous versions, particularly in software bug-fixing and command-line reasoning. However, security testing by Splx revealed persistent vulnerabilities, including the potential for generating phishing-style messages and harmful content. While hardened prompts improved security and safety scores, adversarial threats remain a concern, especially in risk-averse industries.
USB-C cables look identical — their performance doesn’t
As USB-C becomes ubiquitous in professional environments, understanding cable capabilities is essential for IT and business leaders. Two cables can share the same connector yet behave very differently for power, data and displays. Here’s how to buy the right one — and avoid boardroom surprises.
iPhone 17 telephoto: what “8× optical-quality” really means
Apple put real distance between models this year. The Pro phones add a longer-reach telephoto, while the iPhone Air markets a single rear camera as “four lenses.” Here’s what that language means—and what it doesn’t—so buyers set the right expectations.
iPhone 17 Pro Fast Charging: What Changed, Why It’s Faster and What You Need
Apple has increased wired charging performance with the iPhone 17 Pro models. With a 40-watt (or higher) USB-C power adapter, you can reach about 50 per cent in 20 minutes—a meaningful improvement for professionals who need quick charges during a busy day.
OpenAI Implements AI-Powered Age Estimation to Enhance Youth Safety
Imagine opening ChatGPT and asking:
“Based on everything you know about me, how old do you think I am? If you aren’t sure, estimate.”
Soon, the answer to that question could influence how the AI responds to you. OpenAI has announced it is developing an AI-powered age-estimation system to better protect younger users.
Rather than requiring identification, the system will predict whether a user is likely under 18 based on conversational patterns. If ChatGPT believes a user is a teen, it will automatically apply stricter safety rules, such as blocking explicit content or restricting sensitive topics.
OpenAI has also stated that in some regions or under certain regulations, users may be asked to verify their age with official identification, but this will not be a universal requirement. The company’s goal is to balance youth safety with privacy and accessibility.
OpenAI emphasizes the difference between age estimation and age verification.
- Age estimation uses AI to predict a user’s age group from their conversations. It is seamless, does not block access, and does not require official documents.
- Age verification requires users to confirm their age with government-issued identification, such as a driver’s licence or passport.
The new system relies primarily on age estimation, automatically activating stricter safeguards when a user appears to be under 18. This differs from traditional age-verification systems that act as hard barriers, which OpenAI says it aims to avoid unless local regulations demand it.
OpenAI’s announcement comes at a time of increasing public concern and regulatory pressure.
The death of 16-year-old Adam Raine in April 2025 drew widespread attention to the potential risks of teens interacting with AI chatbots. While the exact circumstances remain under investigation, his case has intensified calls for stronger youth protections and clearer safety measures for AI tools.
Regulators are also stepping up enforcement. In December 2024, Italy fined OpenAI €15 million for violations of GDPR privacy rules. Italy was the first Western country to temporarily ban ChatGPT in March 2023, citing privacy and data protection concerns. OpenAI has announced plans to appeal the fine, while continuing to improve its compliance with European privacy laws.
These events highlight the growing global demand for AI companies to demonstrate accountability and responsibility when handling sensitive data and vulnerable users.
| Feature | Details |
|---|---|
| Age-estimation model | Uses conversational cues to predict whether a user is likely under or over 18. |
| Under-18 experience | Automatically applies stricter filters, blocking explicit sexual content, limiting flirtatious conversations, and restricting discussions of self-harm or suicide. |
| Parental controls | Rolling out over the coming month (late September through October 2025). These tools will allow parents or guardians to manage and monitor teen accounts. Full details have not yet been disclosed. |
OpenAI acknowledges that this system will not be perfect. There is a risk of misclassification, where adults may be mistakenly treated as teens or minors may go undetected. When the system is uncertain, it will default to the safer, restricted experience.
Accuracy: AI predictions can be wrong, frustrating adults whose access is limited or leaving gaps in protection for minors.
Privacy: The system relies on analyzing conversations to estimate age, raising questions about how that data is processed, secured, and stored. Under Canadian law, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), this type of data use must be transparent and privacy-protective. The Office of the Privacy Commissioner (OPC) has stated that age-assurance methods can be done “in a privacy-protective and sufficiently accurate manner” when properly designed.
Bias: Cultural, linguistic, and demographic differences could cause the model to misinterpret language patterns, leading to inconsistent results.
Regulatory complexity: Different countries have different privacy and safety rules, requiring OpenAI to adapt its rollout to a wide range of legal frameworks, especially in Europe and North America.
OpenAI says it processes data on servers located in multiple jurisdictions with safeguards designed to meet local privacy laws. The company stresses that its goal is to protect young users without unnecessarily collecting personal information, using AI-based estimation as a middle ground between safety and privacy.
In Canada, privacy laws such as PIPEDA require companies to handle personal information transparently and securely. Even though OpenAI’s approach avoids collecting government IDs for most users, it still involves using conversational data to infer age.
Canadian regulators will be watching closely to ensure that these systems are both accurate and privacy-protective, especially for youth. The Office of the Privacy Commissioner has emphasized that any age-related data processing must be limited, secure, and accompanied by clear consent mechanisms.
OpenAI’s age-estimation initiative represents a significant step in AI safety. By moving away from self-reported ages and avoiding broad, mandatory ID checks, the company is attempting to balance protecting younger users with respecting privacy and accessibility.
As regulatory pressure grows and public expectations increase, systems like this will likely become standard across major technology platforms. The rollout over the coming month will be closely watched as a test case for how AI companies address one of the most pressing challenges in the industry: keeping young users safe while maintaining trust and transparency.
Why I Moved Away from Google Search — and What I Use Instead
For years, “just Google it” was my reflex whenever I needed to find information — for both work and personal use.
Over time, though, I began to notice a shift: more ads, less relevant results, and a constant feeling of being tracked. What used to feel seamless began to feel noisy and commercialized.
This post isn’t sponsored or financially motivated. People often ask me about the tools I use, and I wanted to share one that has genuinely improved my workflow and privacy.
Discovering Kagi
I switched to Kagi (pronounced kah-gee), a premium, subscription-based search engine. Founded in 2018 by Vladimir Prelovac, Kagi was built on a simple idea: the user should be the customer, not the product.
Because it isn’t ad-supported, Kagi’s focus is entirely on delivering fast, accurate, and uncluttered results — without tracking or selling user data.
How Kagi Works
Kagi aggregates results from multiple sources, including its own index, then puts you in control:
- Boost or block domains — prioritize trusted sources or hide low-quality ones.
- Lenses — search within specific categories like news, forums, or academic papers.
- Bangs — instant, site-specific searches for Wikipedia, YouTube, and more.
The result is a personalized search experience tailored to your needs, not advertiser algorithms.
Privacy and Security
Kagi takes a privacy-first approach:
- Privacy Pass — makes searches completely unlinkable, even within Kagi’s own systems.
- Independent audits — provide external validation of privacy and security practices.
- Minimal data collection — no ads, no tracking, and no sale of search histories.
For those handling sensitive information, this dramatically reduces digital footprint and risk. The companion Orion browser extends this protection with zero telemetry, ensuring your browsing activity remains completely private and eliminating the dozens of “phone home” requests that most browsers make.
Beyond Search: Productivity Tools
Kagi goes beyond traditional search with features designed for modern workflows:
- FastGPT — AI-powered answers combining search context with conversational speed.
- Assistant — a workspace for deeper research and brainstorming with AI support.
- Universal Summarizer — quickly distills long articles into clear summaries.
- Small Web Lens — surfaces independent, human-curated content often buried by SEO-driven results.
These tools have saved me time and improved focus when sifting through large amounts of information.
Final Thoughts
Moving away from Google wasn’t about abandoning a familiar tool — it was about choosing a search experience that aligns with my values: privacy, control, and quality.
Kagi isn’t perfect, but for me, it has brought back something that felt missing: trust. If you’ve been feeling frustrated by ads or privacy concerns, it’s worth exploring — and I’d love to hear what search tools you rely on.
#KagiSearch #PrivacyFirst #SearchEngine #GoogleAlternative #DigitalPrivacy #TechTools #Productivity #OnlinePrivacy #SearchTech #NoTracking #PremiumSearch #PrivateBrowsing #OrionBrowser #ZeroTelemetry #DataProtection #SearchInnovation #TechReview #PrivacyMatters #AdFree #UserFirst #SearchExperience #DigitalSecurity #TechTips #PrivacyTech #AlternativeSearch #SearchPrivacy #TechChoice #OnlineSecurity #PrivateSearch #TechRecommendation
Beyond the Hype: Securing AI's Weakest Link in 2025
AI is transforming business operations, but it is also introducing new vulnerabilities. Attacks targeting AI systems are now active and growing in sophistication, making AI security a board-level concern.
Germany's Top Court Revives Ad Blocker Battle That Could Reshape Online Privacy
Publishers say ad blockers erode journalism's financial foundation. Privacy advocates argue they protect users from tracking and malware. Germany's highest court has just reignited this debate with far-reaching implications.
German publisher Axel Springer has revived its decade-long dispute with Eyeo GmbH, developer of Adblock Plus. On July 31, the German Federal Court of Justice referred the case back to the Hamburg Higher Regional Court, asking it to re-examine copyright questions tied to how browser extensions process website content.
The Evolution of Legal Strategy
The dispute began in 2015 when Springer challenged ad-blocking technology, claiming it undermines advertising revenue needed to sustain free online journalism. The Federal Court of Justice rejected those arguments in 2018, affirming users' right to control their browsing experience. Springer then shifted to copyright, arguing that ad blockers illegally modify website code by altering browser-generated data structures such as DOM trees and CSS objects.
Lower courts dismissed these claims in 2022 and 2023. The Federal Court's latest ruling keeps the matter alive, finding that Hamburg had not sufficiently examined whether website code qualifies as a computer program under German copyright law.
Technical Complexities at the Core
Eyeo maintains its tools operate only on users' devices, filtering content locally without altering server-side code. Supporters highlight benefits including privacy protection and reduced exposure to malicious advertising.
The case now centres on how browsers process website content. Judges must decide whether interpreting code through virtual machines and bytecode qualifies that code as protected software — and whether blocking ads constitutes unauthorized modification.
Broader Implications for Digital Rights
Mozilla has warned that restricting ad blockers could stifle innovation in privacy, accessibility and security tools. Malvertising incidents, in which compromised ads on major news sites spread malware, illustrate the role of blockers in protecting users from security threats.
"This case is about so much more than ad blocking: it puts the privacy and security of millions of users at risk," said Cornelius Witt, Director of Global Public Affairs at Eyeo. "If the claims made by Axel Springer were upheld, blocking invasive trackers, changing font sizes for readability or even zooming in on a webpage might be construed as copyright violations."
Springer counters that widespread ad blocking undermines the economics of independent media. Its legal team argues that when Adblock Plus blocks or modifies website code in users' browsers, it interferes with the intended presentation of content and amounts to unauthorized modification.
What's Next
The case now returns to Hamburg for further examination. For now, ad blocking remains lawful in Germany, but the next ruling could influence how privacy rights and advertising revenue are balanced across the European Union. The decision may also affect cloud applications, browser-based games and enterprise software that rely on similar web technologies.
The outcome could redefine how European courts balance user autonomy, privacy and the financial realities of online media. I welcome your perspectives in the comments.
#DigitalRights #Privacy #Cybersecurity #OnlineSafety #Adblock #Adblocking #MediaRevenue #DigitalEconomy #UserAutonomy #OnlinePrivacy #MalwareProtection #Tracking #Advertising #TechLaw #EURegulation #DataProtection #ConsumerRights #FutureOfMedia #BrowserExtensions #LegalTech #Innovation #DigitalPolicy #DataPrivacy #InternetGovernance #SecurityTools #UserRights #DigitalEthics #DigitalFreedom #PrivacyTools #OnlineSecurity #CyberLaw #BusinessModels #Publishing #MediaInnovation #EuropeanLaw #CourtRuling
AI’s Energy Challenge: Efficiency Gains vs. Rising Demand
Artificial intelligence (AI) is reshaping business and society, but its rapid growth comes with a massive energy cost. Here is a look at the progress being made and the profound challenges that remain.
The Good News: Remarkable Efficiency Gains
In August 2025, Google reported significant improvements in its Gemini platform. A single text prompt now:
Uses 0.24 watt-hours of electricity.
Emits just 0.03 grams of CO₂e.
Consumes 0.26 millilitres of water (about five drops).
Over the past year, the median prompt’s energy use fell 33-fold and its carbon footprint dropped 44-fold. These improvements reflect gains across hardware, software and data centres. Researchers caution, however, that such measurements may not capture all indirect impacts.
The Sobering Reality: Demand is Outpacing Savings
Despite these gains, total consumption is climbing rapidly.
U.S. data centres consumed about 4.4 per cent of national electricity in 2023, and are projected to reach 6.7 to 12 per cent by 2028.
Computational performance per watt has improved by up to 150 per cent annually since 2019, but these efficiency gains are not enough to offset the sheer scale of new demand.
The Ultimate Bottleneck: Energy Itself
Efficiency alone cannot solve the challenge. Industry leaders increasingly frame electricity as the primary bottleneck for scaling AI. During a U.S. Senate hearing in May 2025, OpenAI’s CEO highlighted energy infrastructure as a key limit to AI growth.
Various analyses suggest the United States may need 50 to 90 gigawatts of additional generating capacity in the coming years to decade to meet rising data-centre demand. For context, some estimates indicate utilities could require around $50 billion in new power generation capacity by 2030 for data centres alone.
The Path Forward
Efficiency gains are critical, but they are not a silver bullet. Sustaining AI’s growth requires a three-pronged approach:
Radical Transparency: Clear, standardised reporting on energy and water use.
Continuous Innovation: Ongoing advances in hardware, software and cooling systems.
Clean Energy at Scale: Faster deployment of carbon-free power, including 24/7 matching commitments, where renewable energy procurement aligns with actual consumption patterns in real time.
Conclusion
AI’s growth brings both opportunity and responsibility. Efficiency gains are encouraging, but absolute consumption will continue to rise unless they are paired with clean energy and grid expansion. As of August 2025, the imperative is clear: scale innovation and sustainability in tandem.
What are your thoughts on balancing AI innovation with sustainability? Perspectives from energy experts and AI leaders are welcome in the comments.
#AI #ArtificialIntelligence #Sustainability #EnergyEfficiency #ClimateTech #DataCenters #TechInnovation #CleanEnergy #CarbonNeutral #GreenTech #FutureOfWork #DigitalTransformation #SmartEnergy #EnergyTransition #RenewableEnergy #GridInnovation #CloudComputing #ICT #TechLeadership #Cybersecurity #EmergingTech #Innovation #ClimateAction #BusinessStrategy #ResilientInfrastructure #SmartInfrastructure #EnergyPolicy #GlobalTrends #ResponsibleAI #TechnologyStrategy #ITInfrastructure #SustainableGrowth #GreenEnergy #SustainableTech #EnergyFuture
Discover a Smoother YouTube Experience with yout-ube.com
A Cleaner Way to Watch YouTube Videos
Looking for a cleaner way to watch YouTube videos? Try yout-ube.com—a simple tool that lets you enjoy ad-free, full-screen videos on auto-repeat, perfect for music, tutorials, or live streams.
How It Works
Insert a hyphen after the "t" in any YouTube link (e.g., youtube.com becomes yout-ube.com). The video then plays through YouTube's privacy-enhanced mode (youtube-nocookie.com), which:
- Strips away many non-skippable ads
- Enables auto-loop playback
- Offers a distraction-free full-screen view
No downloads or extra software required.
Why Use It?
- No ads: Skip disruptive breaks for seamless viewing.
- Auto-repeat: Loop your favorite content effortlessly.
- Full-screen: Immerse yourself without clutter.
- Simple & encrypted: Browser-based redirection over HTTPS.
Behind the Scenes
The site is run by an independent third party, not by Google or YouTube. It works by redirecting traffic through the youtube-nocookie.com domain—a lightweight approach that requires little more than standard redirection scripts and hosting, which explains why it can be offered for free.
For security-minded professionals, this raises a few considerations: while connections are encrypted, the domain itself is outside Google's control. As with any third-party service, there are potential risks around privacy, tracking, and long-term reliability. Functionality may change without notice.
For casual use, yout-ube.com is a clever and simple shortcut. For guaranteed ad-free playback with enterprise-grade assurances, YouTube Premium remains the official alternative.
👉 Try it at yout-ube.com and see how it elevates your viewing experience.
#YouTube #AdFree #VideoStreaming #YoutUbe #PrivacyMode #AutoRepeat #FullScreen #NoAds #VideoLoop #Streaming #OnlineVideo #TechTips #YouTubeHack #VideoPlayer #AdBlock #PrivacyEnhanced #VideoWatching #StreamingHacks #YouTubeAlternative #MediaPlayer #NoInterruptions #VideoExperience #TechTools #OnlineStreaming #YouTubeTricks #SeamlessVideo #VideoContent #DigitalMedia #StreamingSolutions #YouTubePremium
The Art of Iteration – How to Refine ChatGPT Responses for Better Results
A common mistake when using ChatGPT is treating the first answer as the final one. The truth is, great results usually come from a little back-and-forth. The most effective users treat ChatGPT like a helpful colleague — someone who needs clear guidance, feedback and a bit of coaching to get things just right. This process is called iteration, and it’s one of the most important skills you can develop in prompt engineering.
Why iteration matters
ChatGPT is powerful, but it can’t read your mind. Your first request is often just a rough starting point. Each time you refine your prompt and give feedback, you’re helping it better understand your needs — whether that’s making information simpler, making it sound friendlier or adding missing details.
Think of it like explaining a recipe to a friend. The first time, they might get the basics right, but when you add “Oh, and make sure it’s vegetarian” or “Add a garnish so it looks great on the table,” the end result becomes exactly what you imagined.
The iteration process – step by step
1. Start with a first-draft prompt
Don’t overcomplicate it — start with a clear, simple request.
Example: “Write a summary of this report.”
2. Review what you get
Ask yourself:
Is it accurate and relevant?
Does it sound right for the audience?
Is it missing anything important?
3. Give helpful, specific feedback
Avoid saying “make it better.” Instead, tell ChatGPT what to change.
Example: “Rewrite this so it focuses on the top three risks, keep it under 200 words, and make it sound like it’s written for busy executives.”
4. Add extra guidance or constraints
Include the format, perspective or tone you want.
Example: “Turn this into three friendly bullet points for a presentation slide.”
5. Repeat until it clicks
Two or three rounds is often enough to get a polished, ready-to-use result.
Examples
Example 1 – Helping a community group
First prompt: “Write an email inviting people to our fundraiser.”
Feedback: “Make it warm and friendly, include the date and location, and explain how the funds will help our local food bank.”
Final iteration: A heartfelt, concise invitation that makes readers feel included and motivated to attend.
Example 2 – Making a family guide
First prompt: “Write tips for travelling with kids.”
Feedback: “Focus on families with children under 10, keep it under 400 words, and add a mix of practical advice and fun ideas.”
Final iteration: A cheerful, reassuring guide with helpful packing tips, snack suggestions and creative ways to keep kids entertained on long journeys.
Example 3 – Writing for a school newsletter
First prompt: “Write an article about recycling.”
Feedback: “Make it engaging for high school students, include three easy recycling tips, and highlight the positive impact on the environment.”
Final iteration: A lively, informative piece with relatable examples, a positive tone and a call to action for students to take part.
Common pitfalls to avoid
Changing too much at once – Small, focused adjustments make it easier to see what works.
Vague feedback – Specific guidance gets better results.
Starting over unnecessarily – If the first draft is close, refine it instead of restarting.
Why this skill matters
Iteration may add a couple of minutes to the process, but it saves time overall by reducing the need to rewrite or correct. More importantly, it builds prompt literacy — the ability to communicate clearly with AI. That’s a skill that will make every future request faster and more effective.
Think of ChatGPT as a creative partner. The more you guide it, the better it becomes at helping you — and the more rewarding the results will be.
#AI #ArtificialIntelligence #GenerativeAI #MachineLearning #PromptEngineering #ChatGPT #OpenAI #AIProductivity #WorkSmarter #DigitalTransformation #FutureOfWork #AIInnovation #TechTools #AIForBusiness #AITrends #AIEducation #AIInTheWorkplace #BusinessProductivity #EfficiencyTools #AITraining #AIBestPractices #TechnologyTips #SmartWorkflows #AIContent #AIAssistant #AITools #AIEnhanced #AIWriting #DigitalSkills #PromptLiteracy
Supercharge Your ChatGPT Results with the Prompt Optimizer
If you’ve ever struggled to get the perfect answer from ChatGPT, you’re not alone. The quality of your output often depends on the quality of your input—your prompt. That’s where OpenAI’s new Prompt Optimizer for GPT-5 and above comes in.
What Is the Prompt Optimizer?
The Prompt Optimizer is a built-in feature that rewrites your request to make it clearer, more specific, and more likely to produce high-quality results. It does the heavy lifting of prompt refinement for you, saving time and boosting the relevance of the output.
You can try it here:
https://platform.openai.com/chat/edit?models=gpt-5&optimize=true
How to Use It
Go to the Prompt Optimizer link above.
Start a new chat in GPT-5 or higher.
Enter your question or task in plain language.
Click Optimise – the tool will refine your prompt automatically.
Review and send the optimised version, or make further edits if needed.
Why Use It?
Saves time by reducing trial and error in prompt creation.
Improves clarity and specificity so ChatGPT better understands your needs.
Produces more relevant results, whether you’re writing, researching, or brainstorming.
Examples in Action
Instead of: “Summarise this report”
→ Optimised: “Summarise the attached Q2 2024 sales performance report in under 300 words, focusing on trends, key wins, and risks.”Instead of: “Write a blog about cloud security”
→ Optimised: “Write a 600-word blog post for a non-technical audience explaining why small businesses should invest in cloud security, using Canadian examples and plain language.”
Best Practices for Better Results
Be clear about your goal—don’t leave intent to guesswork.
Include details about audience, tone, format, and length.
Use the Optimizer for both quick questions and complex projects.
Always review the optimised prompt before sending it.
#AI #ArtificialIntelligence #GenerativeAI #MachineLearning #PromptEngineering #PromptOptimizer #OpenAI #GPT5 #AIProductivity #WorkSmarter #DigitalTransformation #FutureOfWork #AIInnovation #TechTools #AIForBusiness #AITrends #AIEducation #AIinTheWorkplace #BusinessProductivity #EfficiencyTools #AITraining #AIBestPractices #TechnologyTips #SmartWorkflows #AIContent #AIAssistant #InnovationTools #AITools #AIEnhanced #AIWriting
Understanding HTTP 451: Unavailable for Legal Reasons
In today's digital landscape, where access to information is often taken for granted, some barriers are not technical glitches but legal imperatives. One such signal is HTTP status code 451—a response indicating that a resource is inaccessible due to a court order or government directive.
Formally titled "Unavailable for Legal Reasons," this status code transparently distinguishes legal censorship from a technical 404 (Not Found) or a standard 403 (Forbidden) error. It was adopted by the Internet Engineering Task Force (IETF) in 2016 through RFC 7725. The number is a deliberate reference to Fahrenheit 451, Ray Bradbury's classic novel about censorship and state control.
The specification recommends that servers include a clear explanation of the legal demand. Unlike vague denials, the purpose of a 451 response is to be explicit—attributing the restriction to a specific legal mandate, whether related to national security, defamation or intellectual property rights.
A UK Case Study: Hitting a Digital Wall
Picture a user in London attempting to visit a familiar website in July 2025. Instead of the expected content, they hit a digital wall.
This became reality for many when Cloudflare—a major content delivery network (CDN)—began enforcing a High Court injunction obtained by the Motion Picture Association (MPA). In a landmark move, Cloudflare deployed HTTP 451 to block access to roughly 200 domains linked to unauthorized streaming, posting a notice that access was restricted "in response to a legal order."
This marked the first time a CDN—not just a traditional internet service provider such as BT or Virgin Media—participated in the UK's site-blocking regime under the Copyright, Designs and Patents Act 1988. The court order was a "dynamic injunction"—a powerful legal mechanism that allows rights holders to add new domains to a blocklist without seeking a fresh ruling for each addition.
That said, transparency suffers. While UK ISPs have enforced such measures for more than a decade, Cloudflare's compliance extended the reach of the regime—impacting users who may have previously bypassed their provider's blocks.
Broader Implications and an Uncertain Future
Historically, Cloudflare has resisted broad takedown demands, arguing it does not host infringing content. In the interest of transparency, the company submits legal notices it receives to the Lumen Database, a public archive of takedown requests. Still, the opaque nature of dynamic injunctions presents ongoing challenges.
The deployment of HTTP 451 underscores the tension between legal enforcement and open access. Supporters argue such measures are necessary to protect intellectual property. Critics warn of the broader risks to digital rights and the erosion of a free and open internet.
As more jurisdictions explore similar frameworks, a central question looms: where should the line be drawn between lawful restriction and censorship? Each 451 error page stands as a visible marker in the evolving negotiation between digital freedom and legal authority.
Keywords: #HTTP451 #DigitalCensorship #InfoAccess #WebFreedom #LegalBlocking #InternetGovernance #CyberLaw #OnlineRights #DigitalRights #WebTransparency #CensorshipAlert #StatusCode451 #FreeTheWeb #InternetPolicy #LegalTech #Cloudflare #OpenInternet #InternetJustice #DigitalControl #WebEthics #TechPolicy #OnlineCensorship #InternetFreedom #LegalInjunction #DigitalBarriers #WebSecurity #InfoFreedom #NetNeutrality #WebGovernance #HTTPStatusCodes #TechCensorship
Navigating the Complex Cyber Threat Landscape in Mexico: A CISO's Perspective
As global business leaders increasingly leverage Mexico's growing digital economy and strategic supply chain position, we must remain acutely aware of the evolving cyber threats emanating from this region. The Mexican cyber landscape is uniquely challenging due to rapid digitization, substantial cybersecurity skill shortages, a fragmented regulatory environment, and strategic geopolitical positioning. Notably, Mexico endured an estimated 45 billion cyberattack attempts in 2024 and is on pace to exceed that in 2025. This represents approximately 60% of all attacks in Latin America, making it the region's primary battleground.
In this briefing, I provide a concise yet comprehensive overview of key threat actors operating in Mexico, their motivations, tactics, and strategic implications for organizations and security leadership.
The Threat Actors Defining Mexico's Cybersecurity Risk
Greedy Sponge Active since 2021, Greedy Sponge exemplifies persistent financial cyber threats targeting Mexican businesses. Utilizing Spanish-language spear-phishing and modified open-source malware, their historic success from 2021-2024 underscored the systemic gaps that more advanced actors now exploit. They serve as a key case study in how a permissive environment allows even moderately skilled groups to thrive.
FIN13 (Elephant Beetle) A more sophisticated financial threat, FIN13 has operated in Mexico since 2016. Known for exceptionally long dwell times (over two years in some instances), they infiltrate financial, retail, and hospitality sectors through legacy Java application vulnerabilities. Their stealthy operations, deploying custom malware tools, reflect a calculated approach to large-scale financial fraud.
Sophisticated Banking Trojans (Grandoreiro, Mekotio, etc.) A persistent plague on the financial sector, these veteran Delphi-based trojans continuously evolve. They use hyper-localized phishing lures (impersonating the SAT and CFE) and dynamic interface replication for over 40 Mexican banks to capture credentials and execute fraudulent transfers, often propagating laterally through compromised email accounts.
Ransomware Cartels & Access Brokers (e.g., LockBit 3.0, ALPHV affiliates) Highly active RaaS affiliates are systematically targeting Mexico's manufacturing, logistics, and healthcare sectors to exploit supply chain dependencies. On darknet forums like Exploit and XSS, Initial Access Brokers (IABs) are frequently observed selling verified remote access (RDP/VPN) to Mexican corporations for as little as $1,500 USD, providing a constant stream of victims for ransomware gangs and data thieves.
Goldoson/GoldPickaxe.Android A sophisticated mobile malware suite, initially seen in Asia, has been adapted for Mexico. It masquerades as government or banking applications and uses advanced social engineering to trick victims into enabling Accessibility Services. This grants the malware full device control, allowing it to capture credentials, intercept SMS (including 2FA codes), and exfiltrate data from other applications.
Guacamaya This politically motivated hacktivist group gained notoriety through high-impact data leaks. The fallout from their 'Fuerzas Represivas' leak continues to generate significant reputational and political damage, demonstrating the long-tail risk of hack-and-leak operations. This incident remains the benchmark for data-driven ideological attacks in the region.
Cartel-Affiliated Cyber Operations Perhaps most concerning is the convergence of digital and physical threats represented by cartel-linked cyber operations. Groups like CyberCartel and CJNG have leveraged Malware-as-a-Service models, phishing lures imitating tax authorities, deepfake scams, and crypto laundering to extend their criminal enterprises. Recent security bulletins from mid-2025 confirm CJNG-linked cells are using AI-powered voice cloning for CEO fraud. In these attacks, they target the finance departments of mid-sized companies, using a spoofed phone number and a deepfaked voice of the CEO to authorize urgent, fraudulent wire transfers. This hybrid threat necessitates a coordinated security approach integrating cyber and physical security measures.
Strategic Recommendations for CISOs
- Adopt Proactive Threat Hunting: Traditional detection methods often fail against persistent actors like FIN13. Proactive hunting programs focusing on unusual behaviours, lateral movements, and hidden persistence mechanisms are critical.
- Strengthen Identity and Access Controls: Given prevalent credential theft, implement phishing-resistant multi-factor authentication and stringent privileged access management.
- Enhance Supply Chain Security: Mexico's integration into global supply chains requires rigorous third-party risk assessments, penetration testing, and adoption of Zero Trust frameworks.
- Integrate Intelligence-Led Security Programs: Leverage region-specific threat intelligence to anticipate and respond effectively to emerging threats.
- Prepare for Hack-and-Leak Incidents: Develop comprehensive incident response playbooks specifically for managing data leaks, addressing both operational and reputational risks swiftly and transparently.
Concluding Thoughts
Mexico's cyber threat landscape is characterized by a diverse range of actors, from opportunistic financial criminals and sophisticated banking trojans to politically driven hacktivists and organized crime groups leveraging cyber capabilities. Navigating this complexity requires informed, agile, and integrated security strategies. By understanding the unique dynamics of Mexico’s cybersecurity environment, organizations can better protect themselves and maintain trust in an increasingly interconnected global economy.
Keywords: #Cybersecurity #Mexico #CISO #ThreatIntelligence #Ransomware #Malware #Phishing #SupplyChainSecurity #RiskManagement #DataBreach #InfoSec #CyberThreat #LATAM #Guacamaya #FIN13 #BankingTrojans #Cybercrime #Hacktivism #CEOFraud #Deepfake #CyberCartel #SecurityLeadership #IncidentResponse #ZeroTrust #ThreatHunting #CyberResilience #DigitalRisk #CiberseguridadMexico #Nearshoring #GoldPickaxe
Agentic AI: From automation to autonomous action
Understanding the next phase of intelligent systems in business
As artificial intelligence evolves, a new generation of autonomous systems is reshaping how work gets done. These so-called agentic AI systems mark a shift from passive automation to goal-driven autonomy—and they are moving swiftly from theory to enterprise deployment.
For business professionals and future leaders, understanding this transition is foundational.
What is agentic AI?
Agentic AI refers to intelligent systems that can plan, act and adapt with minimal human oversight. These agents do more than respond to prompts. They interpret high-level objectives, break them down into actionable steps, interact with tools and data, and iteratively refine their execution.
While generative AI creates content in response to instructions, agentic AI manages entire workflows—handling decision-making, operations and adjustments without manual intervention (Wikipedia, Medium).
What makes agentic AI distinct?
Agentic systems combine LLMs with reinforcement learning and real-time feedback to deliver four essential capabilities:
- Autonomy – Managing multi-step tasks independently
- Goal orientation – Pursuing outcomes, not just outputs
- Tool integration – Operating across platforms to execute end-to-end workflows
- Continuous learning – Adapting strategies through iterative feedback
This enables agentic AI to act as a digital collaborator (Reuters).
Who is leading the shift?
Global tech leaders and sector innovators are driving development:
- OpenAI, Microsoft, IBM, NVIDIA and UiPath are embedding agentic models into enterprise tools.
- Salesforce (Agentforce) and Google Cloud are advancing multi-agent collaboration.
This cross-sector momentum reflects growing demands for agility, scale and intelligent decision support.
When will it scale?
Agentic AI is now entering production:
- Gartner projects that more than 40 per cent of agentic AI projects will be cancelled by end-2027 due to cost pressures and unclear business value (Reuters, maxitech.com, PR Newswire, hrdive.com).
- Gartner also found 33 per cent of enterprise software apps will include agentic AI by 2028, up from less than 1 per cent in 2024 (Atera).
- Deloitte forecasts that 25 per cent of organisations using generative AI will launch agentic pilot projects in 2025, rising to 50 per cent by 2027 (Axios).
- Salesforce CEO Marc Benioff predicts over one billion AI agents will be in active use globally by the end of fiscal 2026 (maxitech.com).
- Market size is expected to grow from about US$5.1 billion in 2024 to around US$47 billion by 2030 (LinkedIn).
However, analysts caution that scaling agentic AI effectively will require strong governance, cost controls and clear ROI frameworks.
What will it actually do?
Agentic AI will underpin a wide range of business use cases:
- Customer operations – Agents may resolve issues, book services, update records and handle escalations end to end.
- Supply chain – Systems could monitor inventories, predict disruptions and coordinate logistics in real time.
- Finance and compliance – Agents may detect fraud patterns, validate transactions and create audit artefacts automatically.
- Cybersecurity – Multi-agent systems could proactively detect, triage and mitigate threats—suggested recently by RSA and Deloitte as essential to agent risk frameworks (RCR Wireless News, Wikipedia).
- Business strategy – By analysing performance data, agents may support planning cycles or assist with scenario modelling.
These systems are designed to augment—not replace—human expertise, enabling professionals to focus on higher-order judgement and insight.
Why it matters
Agentic AI is not just a technology evolution—it’s a structural shift in enterprise design. As agents become more capable, the professional role transitions: from direct execution to orchestration, from oversight to strategic enablement.
Future leaders must become fluent at defining outcomes, assigning constraints and governing autonomous systems. In this transformation, success lies not in doing more—it lies in guiding better.
Keywords: #AgenticAI #ArtificialIntelligence #AutonomousSystems #AIAutomation #FutureOfWork #DigitalTransformation #BusinessTechnology #EnterpriseAI #AIAgents #LLM #MachineLearning #TechTrends #BusinessInnovation #WorkflowAutomation #IntelligentAutomation #AIStrategy #FutureTech #GenerativeAI #BusinessLeadership #CIO #DigitalStrategy #TechLeadership #Automation #AutonomousAgents #FutureofBusiness #AIinBusiness #OpenAI #NVIDIA #Salesforce #CybersecurityAI
Canada and the UK Launch $5.7 Million Cyber Fund to Protect the Digital Commons
On June 15, 2025, Prime Ministers Mark Carney and Sir Keir Starmer unveiled a significant bilateral initiative: the Joint Canada–UK Common Good Cyber Fund. With an initial commitment of $5.7 million over five years, this initiative was swiftly endorsed by G7 leaders, reinforcing its international relevance.
Strengthening the Digital Frontline
The fund, jointly administered by the Internet Society (ISOC) and the Global Cyber Alliance (GCA), is designed to fortify civil society against growing digital threats. It focuses on underserved, high-risk communities—including journalists, activists, and human rights defenders—often targeted by transnational repression campaigns.
By providing cybersecurity training, incident response support, and free tools, the fund helps non-profits build baseline cyber resilience. It also aims to protect foundational elements of the internet—such as DNS infrastructure, open threat intelligence, and secure communications—ensuring broader systemic security.
An Ecosystem Approach
Key partners in the initiative include the Cyber Threat Alliance, CyberPeace Institute, and Shadowserver Foundation, each bringing deep expertise in cyber threat analysis, remediation, and public-good tooling.
This partnership-based approach recognizes that securing the internet’s most vulnerable actors contributes directly to global cyber stability. In an age where threat actors target both individuals and infrastructure, resilience must begin at the edges.
Strategic Implications
This joint investment signals a shift from reactive cyber strategies to proactive, coalition-driven defence. It reflects an emerging recognition that the cybersecurity of civil society is as vital as that of corporations or governments.
The fund not only supports global norms around digital rights and open internet principles—it also positions Canada and the UK as champions of cyber solidarity in an increasingly fragmented digital landscape.
Article also published on my ThreatIntel site: [threatintel.cc/2025/07/1...](https://threatintel.cc/2025/07/18/canada-uk-launch-m-cyber.html)