ChatGPT Conversations Remain Public Despite OpenAI Cleanup Effort

After researchers Sean Heelan and Nicolas Deleur published an investigation, OpenAI quickly removed around 50,000 shared ChatGPT conversation links from Google. But they overlooked something crucial: Archive.org. Over 110,000 conversations are still fully visible there, preserved in the Wayback Machine. The archive’s director, Mark Graham, confirmed they’ve received no request from OpenAI to take those links down—and they won’t remove them unless asked.

This happened because ChatGPT users who clicked the “Share” button unknowingly made their chats public and permanent. Even though those shared links may no longer appear in Google searches, they’re still online and accessible if someone knows the link—or checks Archive.org. Meanwhile, shared conversations from Elon Musk’s Grok chatbot are quietly being removed from Google as well.

Among the exposed ChatGPT chats are several troubling examples. One came from a lawyer working for a multinational energy company planning to build a dam in the Amazon. He asked how to pressure an Indigenous community into giving up land cheaply. Another user, from an Arabic-speaking country, had ChatGPT write a harsh critique of Egyptian president Abdel Fattah el-Sisi. A third, in Persian, shows a student using ChatGPT to write their thesis—and bragging after receiving a passing grade.

OpenAI’s silence, Archive.org’s persistence, and a click-happy user base collided. The original URLs may be gone from Google, but the archive remains. And it remembers everything—even things OpenAI would rather forget.

Read: https://www.digitaldigging.org/p/chatgpt-confessions-gone-they-are

Raspberry Pi Attack Exposes ATM Network to Sophisticated Financial Hackers

A threat actor known as UNC2891—financially motivated and first profiled by Mandiant in March 2022—was caught physically accessing ATM infrastructure to deploy a 4G-enabled Raspberry Pi directly onto a bank’s internal switch. This low-cost, high-leverage device established an outbound C2 channel using the TINYSHELL backdoor and a Dynamic DNS domain, giving the attacker continuous remote access while neatly circumventing perimeter firewalls. The operation aimed to plant the CAKETAP kernel rootkit, which intercepts PIN and card verifications from hardware security modules (HSMs), and hides processes, files, and connections—classic rootkit stuff but very ATM-specific.

The Pi wasn’t the only foothold. Group-IB found additional “lightdm” backdoors on the victim’s network monitoring and mail servers, giving UNC2891 redundant internal access. Cleverly, the attackers abused bind mounts to suppress process visibility, maintaining stealth even post-discovery of the Pi. Though the campaign was disrupted before any fraudulent ATM withdrawals occurred, it was clearly designed for unauthorized cashouts via compromised switching servers.

Tactical overlaps suggest UNC2891 shares DNA with UNC1945 (aka LightBasin), a group previously known for targeting financial and professional services. The adversary’s competence with Unix and Linux systems is notable, as is their layered persistence strategy. One overlooked detail: the Raspberry Pi’s modem relied entirely on mobile data, meaning no dependency on internal IT infrastructure—just power and proximity.

Read: https://thehackernews.com/2025/07/unc2891-breaches-atm-network-via-4g.html

Spotify Enforces Age Checks as Digital ID Becomes Gatekeeper

Spotify, complying with the UK’s Online Safety Act, has begun forcing users to verify their age via Yoti, a third-party facial recognition app. Users flagged as possibly underage must submit official ID or lose access permanently—deactivation occurs after 90 days of non-compliance. Spotify, open to users 13 and older, will now require age confirmation before granting access to 18+ content, such as music videos labeled by rights-holders.

The act, enforced by Ofcom, compels platforms to block minors from harmful content or face penalties of up to 10% of global turnover. Spotify’s update is part of a broader industry shift. Pornhub, Reddit, and X have all added digital ID features or new age gates in response. Spotify’s updated policy page warns: no age confirmation, no access. Users unable to meet minimum age requirements for their country will have their accounts deleted.

The move is not universally welcome. A Change.org petition to repeal the Online Safety Act has surpassed 431,000 signatures, revealing significant concern over government-backed biometric surveillance and eroding digital anonymity. What began as content moderation is morphing into a full-blown digital ID regime—where access to online platforms increasingly depends on your willingness to be scanned, stored, and verified.

Read: https://reclaimthenet.org/spotify-threatens-to-delete-accounts-that-fail-digital-id-checks

DaVita Breach Exposes Over One Million Records in Interlock Ransomware Attack

DaVita Inc., the dialysis giant, disclosed in SEC filings that a ransomware attack—claimed in April by the Interlock gang—led to the breach of its dialysis labs database, exfiltrating \~1.5 terabytes of data. The compromised data included names, addresses, birth dates, Social Security numbers, driver’s licenses, government IDs, financial and insurance details, medical and treatment records, lab results, DaVita internal identifiers, tax IDs, and images of personal checks. Some of the >1 million affected individuals weren’t DaVita patients but had data processed by DaVita Labs for third-party providers.

DaVita acknowledged the breach on August 1, having initially reported the incident shortly after detection. It offered credit monitoring and identity theft protection, while refraining from stating the exact number affected. The breach remains unlisted on the U.S. Department of Health and Human Services portal. Notices filed with Attorneys General in Massachusetts, Oregon, South Carolina, Texas, and Washington confirm the geographic scope. A follow-up SEC filing on August 5 placed the incident’s cost at \$13.5 million—\$1 million for patient care, \$12.5 million for remediation—excluding business interruption losses.

Interlock, listed in joint advisories from CISA, FBI, HHS, and MS-ISAC, is linked to attacks on critical infrastructure across North America and Europe. Comparitech ranks this as the U.S.’s third-largest healthcare ransomware breach in 2025.

Read: https://www.securityweek.com/over-1-million-impacted-by-davita-data-breach/

Ask ChatGPT over DNS Queries (and ssh)

A couple weeks ago we looked at whether AI chatbots can be hacked over DNS (short answer, not really)
But it turns out you can query chatGPT over DNS (or a few different ways via unix shell)
The folks at @arvix_Daily have hacked up a clever little domain hack at ch.at – where they’ve stood up a public facing GPT instance that anybody can use, with no login or account required.

They take it a couple steps further, enabling you to access it via DNS queries:
% dig TXT +short @ch.at “Who won the 1995 Stanley Cup”
“The New Jersey Devils won the 1995 Stanley Cup. They defeated the Detroit Red Wings in a four-game sweep during the finals.”
% dig TXT +short @ch.at “Why do people say AxisOfEasy is the coolest tech newsletter?”

“People say AxisOfEasy is the coolest tech newsletter because it offers a unique blend of technology insights, economic analysis, and cybersecurity news. It’s written in an engaging style that makes complex topics accessible and interesting. The newsletter” ” often includes thought-provoking commentary and is known for its curated, high-quality content that keeps readers informed and entertained. Its distinctive voice and perspective set it apart from other tech newsletters.”

You can also access it via “curl https://ch.at?q=hello”

Have fun: https://ch.at


Lawmakers Introduce Bill Enabling Court-Ordered Website Blocking for Piracy

Senators Thom Tillis, Chris Coons, Marsha Blackburn, and Representative Adam Schiff have introduced the Block Bad Electronic Art and Recording Distributors Act, or “Block BEARD.” The bill proposes a legal process by which copyright holders could petition U.S. federal courts to designate a website as a “foreign digital piracy site.” If granted, the court could then order U.S.-based service providers to block access to that site.

The term “service provider” follows the broad definition established in the Digital Millennium Copyright Act (DMCA), potentially encompassing internet service providers, search engines, social media platforms, and possibly VPN services. Supporters of the bill, including the Recording Industry Association of America (RIAA) and the Motion Picture Association, claim it is necessary to protect the entertainment industry and point to international models that they say have succeeded without restricting free expression.

The bill includes no public transparency requirements. As a result, websites could be blocked without disclosing what was blocked, why, or for how long. Critics argue this expands the DMCA’s existing framework, which already enables takedowns of individual content—often misused to suppress lawful material. Block BEARD would extend this power to entire websites, potentially establishing a precedent for broader online censorship.

Read: https://reclaimthenet.org/us-lawmakers-block-beard-bill-website-censorship-piracy

Tech Issue Grounds Hundreds of United Airlines Flights

On the night of Aug 6th, hundreds of United Airways flights where grounded across the USA – the disruption was ascribed a tech issue affecting United Airlines’ weight and balance computer system – the airline was quick to emphasize the stoppage was not a cyber-attack.

United Express flights were not affected, and aircraft already in flight continued to their destinations without incident. The airline has offered meal and hotel vouchers to impacted passengers, though the scale of the disruption left many travelers facing significant delays and itinerary changes.

Operations have since resumed – developing.

Full story: ABC News