Consumer protection

FBI warns BADBOX 2.0 malware is infecting millions

The FBI has issued a warning about the resurgence of BADBOX 2.0, a dangerous form of malware infecting millions of consumer electronics globally.

Often preloaded onto low-cost smart TVs, streaming boxes, and IoT devices, primarily from China, the malware grants cyber criminals backdoor access, enabling theft, surveillance, and fraud while remaining essentially undetectable.

BADBOX 2.0 forms part of a massive botnet and can also infect devices through malicious apps and drive-by downloads, especially from unofficial Android stores.

Once activated, the malware enables a range of attacks, including click fraud, fake account creation, DDoS attacks, and the theft of one-time passwords and personal data.

Removing the malware is extremely difficult, as it typically requires flashing new firmware, an option unavailable for most of the affected devices.

Users are urged to check their hardware against a published list of compromised models and to avoid sideloading apps or purchasing unverified connected tech.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK cracks down on rogue influencers

The UK’s Financial Conduct Authority (FCA) has taken action against unauthorised financial influencers in a coordinated international crackdown, resulting in three arrests. Regulators across six countries, participated in the effort, targeting those offering unlicensed tips or falsely promoting products.

Hundreds of social media posts of websites are being taken down after being linked to misleading financial advice presented under the guise of luxury lifestyles. The FCA issued cease and desist letters and called several influencers in for questioning.

The FCA highlighted that many of these posts fail to explain risks and often encourage followers to pay for unverified trading algorithms. The campaign aims to protect people, especially young users, who increasingly use online sources for financial education.

Meta was questioned by the Treasury Committee over delays, prompting the firm to acknowledge a processing lapse in 2024. Separately, the UK FCA is reviewing a ban on crypto exchange-traded notes, signalling a shift toward regulated crypto investment for retail users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New phase in Malaysia Airlines and Google collaboration

Malaysia Airlines is deepening its partnership with Google to accelerate its digital transformation, focusing on AI-powered marketing and end-to-end innovation across the travel experience.

Building on a successful 2024 collaboration, the renewed agreement will integrate more advanced technologies to enhance customer engagement and streamline services.

The airline and tech giant aims to shift from promotional showcases to a fully integrated ecosystem, using AI and data-driven tools to reshape the travel journey.

A recent highlight was an interactive showcase at the MATTA Fair, where visitors transformed photos into videos using Google’s Veo image-to-video generation tool — part of Malaysia Airlines’ ‘Time For’ campaign.

Dersenish Aresandiran, chief commercial officer of airlines at Malaysia Aviation Group, said the partnership is about more than technology: it’s a strategic move to enrich customer experiences and support national tourism goals ahead of Visit Malaysia Year 2026.

Google Malaysia’s director, Farhan Qureshi, echoed the sentiment, calling the collaboration a powerful example of how innovation and creativity can redefine global travel.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU launches global digital strategy

The European Union has launched a sweeping international digital strategy to bolster its global tech leadership and secure a human-centric digital transformation. With the digital and AI revolution reshaping economies and societies worldwide, the EU is positioning itself as a reliable partner in building resilient, open, and secure digital ecosystems.

The strategy prioritises collaboration with international partners to scale digital infrastructure, strengthen cybersecurity, and support emerging technologies like AI, quantum computing, and semiconductors while promoting democratic values and human rights in digital governance. The EU will deepen and expand its global network of Digital Partnerships and Dialogues to remain competitive and secure in a fast-changing geopolitical landscape.

These collaborations focus on research, industrial innovation, regulatory cooperation, and secure supply chains, while engaging countries across Africa, Latin America, Asia, and the EU’s own neighbourhood. The strategy also leverages trade instruments and investment frameworks such as the Global Gateway to support secure 5G and 6G networks, submarine cables, and digital public infrastructure, helping partner countries improve connectivity, resilience, and sustainability.

To enhance global digital governance, the EU is pushing for international standards that uphold privacy, security, and openness, and opposing efforts to fragment the internet. It supports inclusive multilateralism, working through institutions like the UN, G7, and OECD to shape rules for the digital age.

With initiatives ranging from AI safety cooperation and e-signature mutual recognition to safeguarding children online and combating disinformation, the EU aims to set the benchmark for ethical and secure digital transformation. At the heart of this vision is the EU Tech Business Offer—a modular, cross-border platform combining technology, capacity-building, and financing.

Through Team Europe and partnerships with industry, the EU seeks to bridge the digital divide, export trusted digital solutions, and foster an interconnected world aligned with European democratic principles. The strategy underscores that in today’s interconnected world, the EU’s prosperity and security hinge on shaping a digital future that is competitive, inclusive, and values-driven.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S CEO targeted by hackers in abusive ransom email

Marks & Spencer has been directly targeted by a ransomware group calling itself DragonForce, which sent a vulgar and abusive ransom email to CEO Stuart Machin using a compromised employee email address.

The message, laced with offensive language and racist terms, demanded that Machin engage via a darknet portal to negotiate payment. It also claimed that the hackers had encrypted the company’s servers and stolen customer data, a claim M&S eventually acknowledged weeks later.

The email, dated 23 April, appears to have been sent from the account of an Indian IT worker employed by Tata Consultancy Services (TCS), a long-standing M&S tech partner.

TCS has denied involvement and stated that its systems were not the source of the breach. M&S has remained silent publicly, neither confirming the full scope of the attack nor disclosing whether a ransom was paid.

The cyber attack has caused major disruption, costing M&S an estimated £300 million and halting online orders for over six weeks.

DragonForce has also claimed responsibility for a simultaneous attack on the Co-op, which left some shelves empty for days. While nothing has yet appeared on DragonForce’s leak site, the group claims it will publish stolen information soon.

Investigators believe DragonForce operates as a ransomware-as-a-service collective, offering tools and platforms to cybercriminals in exchange for a 20% share of any ransom.

Some experts suspect the real perpetrators may be young hackers from the West, linked to a loosely organised online community called Scattered Spider. The UK’s National Crime Agency has confirmed it is focusing on the group as part of its inquiry into the recent retail hacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Apple sues European Commission over DMA interoperability ruling

Apple is mounting a legal challenge against the European Commission after being ordered to open up its tightly controlled ecosystem to rival companies under the Digital Markets Act (DMA).

The tech giant filed its appeal with the EU’s General Court, claiming the decision would undermine user privacy and harm innovation.

The dispute centres on a March ruling by the Commission following months of dialogue, which concluded that Apple must guarantee interoperability—a requirement that would allow third-party developers to connect non-Apple products, such as smartwatches and headphones, to iPhones and iPads.

Apple has pushed back strongly, arguing that the mandate is ‘unreasonable, costly and stifles innovation.’ A company spokesperson said the move would benefit what Apple describes as ‘data-hungry companies’ like Meta and Samsung, who could gain access to users’ most sensitive data through third-party connections.

Since December 2024, the European Commission has been pressing Apple to make its ecosystem more open to promote competition across the digital sector. However, Apple maintains that complying with the order would compromise the company’s privacy-first approach and violate its data protection standards.

The Commission, meanwhile, insists the measures are proportionate and fully aligned with the EU’s stringent privacy and security framework. It argues that the order would not strip Apple of control over its devices, but rather enable fairer access for other tech players while keeping user protections intact.

The case is set to become a major test of how far the EU can push tech giants to comply with the Digital Markets Act, which was designed to curb the dominance of so-called ‘gatekeepers’ in digital markets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New SEC chief promises clear crypto rules

New SEC Chairman Paul Atkins has committed to creating a clear regulatory framework for the crypto sector. He aims to replace ambiguity with investor protection and support for innovation.

Speaking before the Senate Appropriations Subcommittee on 3 June, he said outdated and unclear rules have held the industry back.

Atkins stressed that his approach would end the former administration’s ‘regulation-by-enforcement’ model. He plans to use structured rulemaking, with notice-and-comment procedures guiding the creation of clear, tailored regulations for the crypto market.

He also reaffirmed support for the recently launched Crypto Task Force. Atkins praised the leadership of Commissioners Uyeda and Hester Peirce, often referred to as ‘crypto mom’, adding that the SEC’s divisions would act swiftly to provide regulatory certainty.

Appointed under the Trump administration’s crypto-friendly agenda, Atkins’ policy direction signals a significant shift. It embraces digital asset innovation while ensuring strong investor safeguards.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Gmail accounts at risk as attacks rise

Google has urged Gmail users to upgrade their account security after revealing that over 60% have been targeted by cyberattacks. Despite the increasing threat, most people still rely on outdated protections like passwords and SMS-based two-factor authentication.

Google is now pushing users to adopt passkeys and social sign-ins to improve their defences. Passkeys offer phishing-resistant access and use biometric methods such as fingerprint or facial recognition tied to a user’s device, removing the need for traditional passwords.

While digitally savvy Gen Z users are more likely to adopt these new methods, but many still reuse passwords, leaving their accounts exposed to breaches and scams. Google emphasised that passwords are both insecure and inconvenient and called on users to switch to tools that offer stronger protection.

Microsoft, meanwhile, has gone even further by encouraging users to eliminate passwords entirely. Google’s long-term goal is to simplify sign-ins while increasing security across its platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Europe gets new cybersecurity support from Microsoft

Microsoft has launched a free cybersecurity initiative for European governments aimed at countering increasingly sophisticated cyber threats powered by AI. Company President Brad Smith said Europe would benefit from tools already developed and deployed in the US.

The programme is designed to identify and disrupt AI-driven threats, including deepfakes and disinformation campaigns, which have previously been used to target elections and undermine public trust.

Smith acknowledged that AI is a double-edged sword, with malicious actors exploiting it for attacks, while defenders increasingly use it to stay ahead. Microsoft continues to monitor how its AI products are used, blocking known cybercriminals and working to ensure AI serves as a stronger shield than weapon.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

HMRC got targeted in a £47 million UK fraud

A phishing scheme run by organised crime groups cost the UK government £47 million, according to officials from His Majesty’s Revenue and Customs.

Criminals posed as taxpayers to claim payments using fake or hijacked credentials. Rather than a cyberattack, the operation relied on impersonation and did not involve the theft of taxpayer data.

Angela MacDonald, HMRC’s deputy chief executive, confirmed to Parliament’s Treasury Committee that the fraud took place in 2024. The stolen funds were taken through three separate payments, though HMRC managed to block an additional £1.9 million attempt.

Officials began a cross-border criminal investigation soon after discovering the scam, which has led to arrests.

Around 100,000 PAYE accounts — typically used by employers for employee tax and national insurance payments — were either created fraudulently or accessed illegally.

Banks were also targeted through the use of HMRC-linked identity information. Customers first flagged the issue when they noticed unusual activity.

HMRC has shut down the fake accounts and removed false data as part of its response. John-Paul Marks, HMRC’s chief executive, assured the committee that the incident is now under control and contained. ‘That is a lot of money and unacceptable,’ MacDonald told MPs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!