Critical internet resources

Microsoft reveals OAuth redirection abuse powering new phishing attempts

Researchers at Microsoft have identified phishing activity that abuses legitimate OAuth redirection behaviour instead of relying on credential theft.

Threat actors create malicious applications within attacker-controlled tenants and configure redirect pages that lead victims from trusted authentication domains to malware-delivery sites.

A technique that has been used against government and public-sector organisations and is designed to bypass email and browser defences by embedding URLs that appear genuine.

The attack begins with lures themed around documents, financial matters or meeting requests, each containing OAuth URLs crafted to trigger silent authentication.

Validation errors, session checks and Conditional Access evaluations provide attackers with information about session status without granting access to tokens, yet still deliver the victim to a malicious landing page.

Once redirected, victims encounter phishing frameworks or are served ZIP files containing shortcut files and HTML-based loaders. These PowerShell commands launch system discovery and extract files used for DLL side-loading.

Executing a legitimate process allows a malicious DLL to load unseen, decrypt the final payload and establish a connection to a remote command-and-control server for hands-on keyboard activity.

Microsoft Entra has removed identified malicious OAuth applications, although related activity continues to appear.

Microsoft emphasises that OAuth redirection follows standards such as RFC 6749 and RFC 9700, meaning attackers cannot exploit normal protocol behaviour instead of software vulnerabilities.

Stronger governance of OAuth applications, tighter consent controls and cross-domain monitoring are required to prevent trusted authentication flows from being turned into delivery paths for phishing and malware.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Amazon commits €33.7 billion to expand Spain cloud footprint

A €33.7 billion investment in Spain to expand cloud and AI infrastructure marks the most significant technology commitment in the country’s history, as Amazon confirms its major expansion plan.

Announced at MWC26 Barcelona, the package adds €18 billion to funding revealed in 2024 and strengthens the Amazon Web Services (AWS) Europe region based in Aragón.

Total investment in the AWS Europe (Spain) Region is expected to add €31.7 billion to GDP by 2035 and support around 29,900 jobs annually. About 6,700 direct roles stem from Amazon operations, with additional jobs created in construction, logistics, and supply chains.

New manufacturing and fulfilment facilities in Aragón are expected to create about 1,800 additional jobs, including a dedicated AI and machine learning server plant.

Since entering Spain in 2011, Amazon has invested more than €20 billion across retail, logistics, and cloud services. The Amazon Web Services region, launched in 2022, is accelerating AI adoption across Europe, including among Telefónica and BBVA.

A further €30 million will be allocated to community initiatives through 2035, focused on education, sustainability, and local development. Renewable energy projects, including 100 solar and wind sites, support operations and a net-zero carbon goal by 2040, establishing Aragón as a growing European digital hub.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI data centre boom drives global memory chip shortage

Global demand for AI data centres is creating a severe shortage of memory chips, disrupting supply chains across the consumer electronics industry. Manufacturers warn shortages of RAM could lead to higher prices and delayed shipments for devices including laptops, smartphones and gaming consoles.

Only three companies dominate global RAM production, with capacity increasingly redirected towards high-bandwidth memory used in AI systems. Analysts say rapid investment in AI infrastructure has absorbed available supply faster than manufacturers can expand production facilities.

Major technology firms are already feeling pressure as memory costs rise and inventories tighten. Companies including Apple, HP, Dell and Qualcomm have warned investors that pricing increases and weaker forecasts may follow if shortages persist.

Gaming and computer manufacturers are exploring different responses, ranging from price increases to redesigning products that require less memory. Experts expect supply constraints to continue through the year as chipmakers attempt to balance AI demand with consumer electronics needs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Singapore and South Korea expand AI partnership

South Korean President Lee Jae Myung used the opening day of his state visit to Singapore to set out plans for deeper cooperation in emerging technologies and renewable energy.

He framed the partnership as a chance to build a future-oriented agenda shaped by a shared reliance on human capital rather than natural resources.

The visit precedes a summit with Lawrence Wong, their second meeting in four months following the upgrade of bilateral ties to a strategic partnership. Both governments want to broaden collaboration across AI, energy, the green transition and defence while maintaining strong trade and investment links.

Lee told Korean residents in Singapore that the strengthened partnership could guide relations for the next fifty years by opening new routes for collaboration across strategic sectors. He added that expanding cooperation would support wider regional stability and long-term technological development.

The programme also includes a meeting with Tharman Shanmugaratnam and attendance at AI Connect. This forum connects business leaders and entrepreneurs from both countries seeking opportunities in AI research and commercial innovation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

AI data centre planned for East Manchester

Latos Data Centres is preparing plans for a 28,000 sq ft data centre in Monsall, East Manchester, aimed at serving rising demand for AI computing. The scheme would occupy a three acre brownfield site at Bower Street and Ten Acres Lane in Manchester.

The East Manchester project is designed as a neural edge data centre, bringing AI processing closer to end users than traditional cloud facilities. Latos said the Manchester development would form part of a broader plan to deliver 30 UK sites by 2030.

A live consultation in Manchester will run until 16 March, with Create Architecture leading the design. Advisers on the Manchester scheme include Euan Kellie Property Solutions on planning and SK Transport Planning on transport matters.

Latos said the Manchester facility would regenerate a vacant industrial plot and operate to high environmental and safety standards. The developer is also delivering a separate data centre in Tees Valley as it expands its AI-focused portfolio across the UK.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft backs Australia’s next phase of digital government with new AI and cloud agreement

Australia’s rise to second place in the OECD Digital Government Index signals renewed momentum for national digital transformation.

A shift that comes as Microsoft signs a new five-year Volume Sourcing Arrangement with the Federal Government, designed to underpin modernisation across public services and create a secure, future-ready foundation for responsible AI adoption.

The agreement led by the Digital Transformation Agency gives agencies access to Microsoft Copilot, Azure, Microsoft 365, Dynamics 365 and a strengthened security and compliance framework instead of continuing reliance on ageing systems.

The arrangement sets clearer strategic pathways for innovation, procurement and skills development through an enhanced governance structure.

It recommits both sides to national security requirements, including the Security of Critical Infrastructure legislation, the Cloud Hosting Certification Framework and IRAP.

These measures allow agencies to expand AI use while retaining control of data and meeting the expectations placed on government institutions.

A successful Copilot trial in 2024 already demonstrated personal productivity gains of around one hour per day for participating staff.

Microsoft is also establishing a $1.55 million training fund for the Australian Public Service to support capability building in ethical AI use and modern cloud operations.

The company emphasises that Australia’s partner ecosystem will gain new opportunities because the agreement simplifies how local firms engage with government agencies. Such an approach forms an important part of the wider public sector reform agenda announced last year.

The new deal aligns with national priorities set out in the Whole-of-Government Cloud Computing Policy and the National AI Plan.

Australia now enters a pivotal period in which digital transformation is guided not only by technological capacity but by the frameworks of trust, resilience and public benefit that shape how government services evolve.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Democratising AI in business without risking security

Across organisations, AI tools are moving beyond IT teams and into everyday business functions. CIOs now face the challenge of widening access while protecting data, security and trust.

Earlier waves of low-code platforms and citizen data science showed that empowerment can boost innovation but also create shadow IT and technical debt. AI agents and generative systems raise the stakes, with risks ranging from data leaks to flawed automated decisions.

Pressure from boards and business leaders means AI cannot be restricted to a small pilot group. Transparent governance, approved toolkits, and updated data policies are essential to prevent misuse while still enabling experimentation.

Long-term success depends on culture as much as technology. Leaders must define a focused AI vision, invest in literacy and adapt change management so employees use AI to improve decisions rather than accelerate flawed processes.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft expands Sovereign Cloud with secure offline support for large AI models

Digital sovereignty is gaining urgency as organisations seek infrastructure that remains secure and reliable under strict regulatory conditions.

Microsoft is expanding its Sovereign Cloud to help public bodies, regulated industries and enterprises maintain control of data and operations even when environments must operate without external connectivity.

The updated portfolio allows customers to choose how each workload is governed, rather than relying on a single deployment model.

Azure Local now supports disconnected operations, keeping mission-critical systems running with full Azure governance within sovereign boundaries. Management, policies and workloads stay entirely on site, so services continue during periods of isolation.

Microsoft 365 Local extends the resilience to the productivity layer by enabling Exchange Server, SharePoint Server and Skype for Business Server to run locally, giving teams secure collaboration within the same protected boundary as their infrastructure.

Support for large multimodal AI models is delivered through Foundry Local, which enables advanced inference on customer-controlled hardware using technology from partners such as NVIDIA.

Such an approach helps organisations bring modern AI capabilities into highly restricted environments while preserving control over data, identities and operational procedures.

Microsoft positions it as a unified stack that works across connected, hybrid and fully disconnected modes without increasing operational complexity.

These additions create a framework designed for governments and regulated industries that regard sovereignty as a strategic priority.

With global availability for qualified customers, the Sovereign Cloud aims to preserve continuity, reinforce governance and expand AI capability while keeping every layer of the environment within local control.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Over 299 million people gain internet access through global connectivity

Microsoft has exceeded its 2025 internet access target, reaching over 299 million people globally, including more than 124 million in Africa. The milestone reflects years of partnerships to connect communities lacking reliable digital access.

Efforts are shifting from simple coverage to holistic digital participation, combining connectivity with energy, devices, digital skills, and AI tools.

Microsoft aims to enable meaningful adoption, ensuring communities can fully engage in the growing AI economy. Partnerships focus on scalable, community-based models aligned with national development priorities.

As adoption accelerates, Microsoft plans to expand its approach by integrating financing, energy access, and community-first AI solutions. The initiative highlights the need for long-term, locally led strategies for fair participation in the digital and AI economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New Relic advances AI agents for enterprise observability

The expansion into enterprise AI comes with a no-code platform from New Relic that allows companies to build and supervise their own observability agents.

A system that assembles AI-driven monitors designed to detect bugs and performance problems before they affect users, instead of leaving teams to rely on manual tracking.

It also supports the Model Context Protocol so organisations can link external data sources to the agents and integrate them with existing New Relic tools.

The company stresses that the platform is intended to complement other agent systems rather than replace them.

As AI agent software spreads across the market, enterprises are searching for ways to manage risk when giving automated tools access to internal systems.

Industry players such as Salesforce and OpenAI have already introduced their own agent platforms, and assessments from Gartner describe these frameworks as essential infrastructure for wider AI adoption.

New Relic also introduced new tools for the OpenTelemetry framework to remove friction around observability standards.

Its application performance monitoring agents now support OTel data, allowing enterprises to manage these streams in one place instead of operating separate collectors.

The update aims to reduce fragmentation that has slowed OTel deployment across large organisations and to simplify how engineering teams handle diverse observability pipelines.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.