Consumer protection

Android botnet Kimwolf infects nearly two million smart devices

Cybersecurity researchers have identified a large Android-based botnet capable of more than distributed denial-of-service attacks, highlighting growing risks from compromised consumer devices. The botnet, dubbed Kimwolf, is estimated to control close to two million infected systems worldwide.

The findings come from QiAnXin XLab, which said Kimwolf has infected around 1.8 million devices, mainly smart TVs, set-top boxes and tablets. Most infections were observed in Brazil, India, the US, Argentina, South Africa and the Philippines.

XLab said the infection vector remains unclear, but affected devices were linked to low-cost Android-based brands used for media streaming. Researchers noted repeated attempts to disrupt the Kimwolf, with its command-and-control infrastructure taken down several times before re-emerging.

According to the report, Kimwolf has adapted by shifting to decentralised infrastructure, including the use of Ethereum Name Service domains. Analysts also identified overlaps in code and infrastructure with AISURU, a botnet linked to record-scale DDoS attacks.

Cloudflare recently described AISURU as one of the largest robot networks observed, capable of attacks exceeding 29 terabits per second. XLab said shared infrastructure suggests both botnets are operated by the same threat group.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hedge funds and banks drive growth in crypto-ETF trading

The US crypto market saw a significant shift in 2024 as the Securities and Exchange Commission authorised the first crypto-asset-backed exchange-traded funds (ETFs).

Regulated ETFs allowed institutional investors, including hedge funds and banks, to invest in Bitcoin and Ether, with assets reaching USD 115 billion and USD 17 billion, respectively, by November 2025.

Nearly 2,000 institutional investors gained exposure to Bitcoin ETFs in 2024, accounting for approximately 30% of the market by year-end. Hedge funds and asset managers led investments, while major banks acted as market makers and asset managers, boosting crypto-ETF growth.

The SEC’s 2025 authorisation of direct crypto-asset exchanges between broker-dealers and ETF issuers also enhanced market efficiency. Institutions increasingly use futures contracts to leverage positions and arbitrage between spot ETFs and futures markets.

Hedge funds often hold short positions in futures to profit from price differences, while asset managers and pension funds maintain net long positions. ETFs provide greater liquidity and lower transaction costs compared with direct crypto holdings.

Systemic risk concerns grow as a few custodians, including Coinbase with 80% of crypto-assets, dominate the market. Volatility, liquidity gaps, and concentrated custody could transmit crypto shocks to the wider financial system, underscoring the need for regulatory oversight.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Ripple transforms cross-border payments with XRP

Cross-border payments have long struggled with delays and high costs, but networks like SWIFT could be transformed by systems that leverage blockchain. Ripple, launched by Ripple Labs in 2012, enables faster, more transparent, and cost-effective international transfers.

RippleNet, the company’s unified payment network, connects multiple banks via the interledger standard, removing intermediaries and enabling near-instant settlement. XRP, Ripple’s digital token, acts as a bridge currency to provide liquidity, though transactions can occur without it.

XRP boasts low fees, high scalability, and settlement times of just a few seconds.

Since its creation, Ripple has evolved from individual protocols to the unified RippleNet platform, supported by the XRPL Foundation. Unlike Bitcoin, XRP is premined and relies on a select group of validators, offering a different governance model and centralisation approach.

The network also supports broader financial applications, including central bank digital currencies, DeFi, and NFTs.

Despite its potential, investing in Ripple carries risks typical of crypto assets, including volatility, lack of regulation, and complexity. Investors are advised to research thoroughly and limit high-risk exposure to ensure a diversified portfolio.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU moves to extend child abuse detection rules

The European Commission has proposed extending the Interim Regulation that allows online service providers to voluntarily detect and report child sexual abuse instead of facing a legal gap once the current rules expire.

These measures would preserve existing safeguards while negotiations on permanent legislation continue.

The Interim Regulation enables providers of certain communication services to identify and remove child sexual abuse material under a temporary exemption from e-Privacy rules.

Without an extension beyond April 2026, voluntary detection would have to stop, making it easier for offenders to share illegal material and groom children online.

According to the Commission, proactive reporting by platforms has played a critical role for more than fifteen years in identifying abuse and supporting criminal investigations. Extending the interim framework until April 2028 is intended to maintain these protections until long-term EU rules are agreed.

The proposal now moves to the European Parliament and the Council, with the Commission urging swift agreement to ensure continued protection for children across the Union.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TSA introduces a fee for travellers without ID

From 1 February, the US Transportation Security Administration will charge a $45 fee to travellers who arrive at airports without a valid form of identification, such as a REAL ID or passport.

A measure that is linked to the rollout of a new alternative identity verification system designed to modernise security checks.

The fee applies to passengers using TSA Confirm.ID, a process that may involve biometric or biographic verification. Even after payment, access to the secure area is not guaranteed, and the charge will remain non-refundable, valid for a period of ten days.

According to the TSA, the policy ensures that the traveller, instead of taxpayers, bears the cost of verifying insufficient identification. Officials have urged passengers to obtain a REAL ID or other approved documentation to avoid delays or missed flights.

The agency has indicated that travellers will be encouraged to pay the fee online before arrival. At the same time, further details are expected on how advance payment and verification will operate across different airports.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU sets course for digital euro adoption

The Council of the European Union has agreed on its negotiating position on legislation enabling a digital euro while reinforcing the legal status of euro cash.

An initiative that aims to strengthen the resilience of the EU payments system and support strategic autonomy by ensuring public money remains central in a rapidly digitising economy.

Under the proposal, the digital euro would complement cash, rather than replace it, offering a public payment option backed by the European Central Bank. It would function both online and offline, allow payments with a high degree of privacy, and operate in conjunction with private cards and applications.

Limits on holdings would apply to reduce risks to financial stability, with core services provided free to consumers.

The Council position also clarifies compensation rules for payment service providers and requires fair access to mobile device hardware and software. Interchange and merchant fees would be capped during a transitional period, with future pricing linked to actual operational costs.

At the same time, the Council has moved to strengthen the role of cash by safeguarding acceptance across the € area and guaranteeing access for citizens.

Member states would be required to monitor cash availability and prepare contingency measures for situations where electronic payments are disrupted.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Dubai charities open doors to crypto donations

Dubai charities now accept donations in cryptocurrencies and virtual assets through a new service launched by the Islamic Affairs and Charitable Activities Department. The move signals a shift towards modernised fundraising channels across the emirate.

The service supports Dubai’s wider digital transformation strategy and aims to improve efficiency within the charitable donation ecosystem. Donors can now use globally recognised payment options, highlighting the rising use of virtual assets as valid financial tools.

Regulation remains central to the initiative, with IACAD introducing clear policies to protect donors, enhance transparency, and ensure compliance with approved standards. Introductory workshops have also been organised to guide charities through operational and procedural requirements.

Officials stressed that charities need preliminary authorisation to ensure donations are processed securely and in accordance with regulations. The initiative further reinforces Dubai’s ambition to lead in innovative and technology-driven humanitarian work.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Japan’s mobile competition law forces Apple to adjust iOS app payments

Apple has announced changes to how iOS apps are distributed and monetised in Japan, bringing its platform into compliance with the country’s Mobile Software Competition Act. The updates introduce new options for alternative app marketplaces and payment methods for digital goods.

Under the revised framework, developers in Japan can distribute apps outside the App Store and offer alternative payment processing alongside the In-App Purchase. Apple said the changes aim to meet legal requirements while limiting new risks linked to fraud, malware, and data misuse.

Safeguards include app notarisation, authorisation rules for alternative marketplaces, and baseline security checks for all iOS apps. The measures are aimed at protecting users, including children, even as apps outside the App Store receive fewer protections.

Safeguards include app notarisation, authorisation rules for alternative marketplaces, and baseline security checks for all iOS apps. Apple said the measures aim to protect users, including children, even as apps outside the App Store receive fewer protections.

Additional controls are being rolled out with iOS 26.2, including browser and search engine choice screens, new default app settings, and expanded developer APIs. Apple said it will continue engaging with Japanese regulators as the new framework takes effect.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Digital fraud declines in Russia after rollout of Cyberbez measures

Russia has reported a sharp decline in cyber fraud following the introduction of new regulatory measures in 2025. Officials say legislative action targeting telephone and online scams has begun to deliver measurable results.

State Secretary and Deputy Minister of Digital Development Ivan Lebedev told the State Duma that crimes covered by the first package of reforms, known as ‘Cyberbez 1.0’, have fallen by 40%, according to confirmed statistics.

Earlier this year, Lebedev said Russia records roughly 677,000 cases of phone and online fraud annually, with incidents rising by more than 35% since 2022, highlighting the scale of the challenge faced by authorities.

In April, President Vladimir Putin signed a law introducing a range of countermeasures, including a state information system to combat fraud, limits on unsolicited marketing calls, stricter SIM card issuance rules, and new compliance obligations for banks.

Further steps are now under discussion. Officials say a second package is being prepared, while a third set of initiatives was announced in December as Russia continues to strengthen its digital security framework.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK report quantifies rapid advances in frontier AI capabilities

For the first time, the UK has published a detailed, evidence-based assessment of frontier AI capabilities. The Frontier AI Trends Report draws on two years of structured testing across areas including cybersecurity, software engineering, chemistry, and biology.

The findings show rapid progress in technical performance. Success rates on apprentice-level cyber tasks rose from under 9% in 2023 to around 50% in 2025, while models also completed expert-level cyber challenges previously requiring a decade of experience.

Safeguards designed to limit misuse are also improving, according to the report. Red-team testing found that the time required to identify universal jailbreaks increased from minutes to several hours between model generations, representing an estimated forty-fold improvement in resistance.

The analysis highlights advances beyond cybersecurity. AI systems now complete hour-long software engineering tasks more than 40% of the time, while biology and chemistry models outperform PhD-level researchers in controlled knowledge tests and support non-experts in laboratory-style workflows.

While the report avoids policy recommendations, UK officials say it strengthens transparency around advanced AI systems. The government plans to continue investing in evaluation science through the AI Security Institute, supporting independent testing and international collaboration.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!