Cybercrime

Malwarebytes highlights Microsoft findings on WhatsApp attachments used in Windows attacks

Malwarebytes has reported on findings from Microsoft researchers about a campaign that uses WhatsApp attachments to trick Windows users into launching a malicious script that grants attackers remote access to the machine.

According to the Malwarebytes report, Microsoft researchers said the attack does not rely on a software flaw in WhatsApp itself. Instead, it depends on social engineering. Victims receive what appears to be a harmless attachment through WhatsApp, but the file is actually a .vbs script that Windows can execute.

Once opened, the script copies built-in Windows tools into a hidden folder and renames them to appear less suspicious. Microsoft’s analysis, as cited by Malwarebytes, says legitimate system tools are then abused to download additional malware, using a living-off-the-land approach that avoids introducing obvious malicious binaries.

The infection chain is also designed to blend in with normal activity. Further scripts are fetched from mainstream cloud providers, making network traffic appear to be accessing services such as AWS, Tencent Cloud, or Backblaze rather than a clearly suspicious server.

Attempts to gain administrator privileges are part of the process as well. The malware reportedly attempts to alter User Account Control behaviour and registry settings to make system-level changes more quietly and remain active after a reboot.

At the final stage, an unsigned MSI installer deploys remote-access software and other payloads, allowing the attacker to maintain access to the compromised device and its data.

Malwarebytes also highlighted practical safety steps for home users and small businesses, including avoiding unsolicited attachments, enabling file extensions in Windows Explorer so misleading filenames are easier to spot, using up-to-date anti-malware tools, downloading software only from official vendor sites, and treating unexpected UAC prompts or sudden system changes as warning signs. Keeping Windows and other applications updated also remains important.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattack on Hasbro exposes vulnerabilities in large enterprise systems

Hasbro has confirmed a cyberattack that disrupted internal systems and may take several weeks to resolve. The company detected unauthorised access on 28 March and responded by shutting down parts of its infrastructure to contain the incident.

Operations continue under contingency measures, allowing order processing and product distribution despite system disruptions.

However, ongoing security efforts suggest the threat may not yet be fully contained, while external cybersecurity specialists have been engaged to support the investigation.

The company has not disclosed the nature of the attack, and it remains unclear whether data has been exfiltrated. Public statements indicate that the full scope and impact of the breach are still under assessment, with uncertainty over potential financial or operational consequences.

The incident reflects a broader trend of cyberattacks targeting large corporations to disrupt operations and extract value.

Previous cases, including disruptions at Jaguar Land Rover, highlight the potential for prolonged economic impact and the increasing importance of resilience in corporate cybersecurity strategies.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

France moves toward social media restrictions for children under 15

Legislative efforts in France signal a shift toward stricter governance of youth access to digital platforms, with policymakers preparing to debate a ban on social media use for children under 15.

A proposal that forms part of a broader strategy to address concerns over online harms and excessive screen exposure among adolescents.

The draft law in France extends beyond access restrictions, proposing a digital curfew for older teenagers and expanding existing school phone bans to include high schools.

These measures reflect increasing reliance on regulatory intervention instead of voluntary platform safeguards, as evidence links prolonged digital engagement with risks such as cyberbullying, disrupted sleep patterns and exposure to harmful content.

Political backing for the initiative has emerged from figures aligned with Emmanuel Macron, reinforcing the government’s position that stronger oversight of digital environments is necessary. The proposal also mirrors developments in Australia, where similar restrictions have already entered into force.

A debate that is further influenced by legal actions targeting major platforms, including TikTok and Meta, amid allegations that algorithmic systems contribute to harmful user experiences.

The outcome of the parliamentary discussions in France is expected to shape future approaches to child safety, platform accountability and digital rights governance across Europe.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Healthcare data breach raises concerns over cloud security

A cybersecurity incident involving CareCloud has exposed vulnerabilities in the protection of sensitive medical information, following unauthorised access to patient records stored within its systems.

A breach was detected on 16 March, allowing attackers to access electronic health records for several hours, which raised concerns about potential data exposure.

The company has stated that the intrusion was contained on the same day, with systems restored and an external investigation launched.

However, uncertainty remains about whether any data were extracted and the scale of the potential impact, particularly given the company’s role in supporting tens of thousands of healthcare providers and millions of patients.

Such an incident reflects broader structural risks within digital healthcare infrastructures, where centralised storage of highly sensitive data increases the potential impact of cyberattacks.

Cloud environments, including services provided by Amazon Web Services, are increasingly integral to such systems, amplifying both efficiency and exposure.

The breach follows a pattern of escalating cyber threats targeting healthcare data, driven by its high value in criminal markets.

As investigations continue, the case underscores the need for stronger data protection measures, enhanced monitoring systems and more robust regulatory oversight to safeguard patient information.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU boosts fact-checking with €5 million disinformation resilience plan

The European Commission has committed €5 million to strengthen independent fact-checking networks, reinforcing efforts to counter disinformation across Europe. The initiative seeks to expand verification capacity in all EU languages while improving coordination among key stakeholders.

The programme introduces a comprehensive support system for fact-checkers, covering legal assistance, cybersecurity protection and psychological support.

It also establishes a centralised European repository of verified information, designed to enhance transparency and improve access to reliable content across the EU.

Led by the European Fact-Checking Standards Network, the project builds on existing frameworks such as the European Digital Media Observatory. The initiative forms part of the EU’s broader strategy to strengthen information integrity and safeguard democratic processes.

By reinforcing independent verification ecosystems, the programme reflects a policy-driven effort to address disinformation threats while supporting a more resilient and trustworthy digital environment across Europe.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

New quantum threat could weaken cryptocurrency encryption systems

A new warning from Google says advances in quantum computing could weaken widely used cryptographic systems protecting cryptocurrencies and digital infrastructure. A new whitepaper suggests future quantum machines may need fewer resources than previously estimated to break elliptic curve cryptography.

The research focuses on the elliptic curve discrete logarithm problem, which underpins much of today’s blockchain security. Findings suggest quantum algorithms like Shor’s could run with fewer qubits and gates, increasing concerns about cryptographic resilience.

To address the risk, the paper recommends a transition to post-quantum cryptography, which is designed to resist quantum attacks. It also outlines short-term blockchain measures, including avoiding reuse of vulnerable wallet addresses and preparing digital asset migration strategies.

Google also introduced a responsible disclosure approach using zero-knowledge proofs to communicate vulnerabilities without exposing exploitable details.

The company says this balances transparency and security, supporting coordinated efforts across crypto and research communities to prepare for quantum threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cloudflare adds LLM layer to client-side security detection pipeline

Cloudflare has announced two changes to its client-side security offering, making Client-Side Security Advanced available to self-serve customers and offering domain-based threat intelligence at no extra cost to all users on the free Client-Side Security bundle. The update is focused on browser-based attacks that can steal data via malicious scripts without visibly disrupting a website’s normal operation.

Cloudflare says its client-side security system assesses 3.5 billion scripts per day and monitors an average of 2,200 scripts per enterprise zone. According to the company, the product relies on browser reporting, including Content Security Policy signals, rather than scanners or application instrumentation, and requires only that traffic be proxied through Cloudflare.

A central part of the announcement is a new detection pipeline combining a Graph Neural Network (GNN) with a Large Language Model (LLM). Cloudflare says the GNN analyses the Abstract Syntax Tree of JavaScript code to identify malicious intent even when scripts are minified or obfuscated. Scripts flagged as suspicious are then passed to an open-source LLM running on Workers AI for a second-stage semantic assessment intended to reduce false positives.

Cloudflare says the GNN is tuned for high recall to identify novel and zero-day threats, but that false alarms remain a challenge at internet scale. Internal evaluation results cited by the company show that the secondary LLM layer reduced false positives in the JS Integrity threat category by nearly three times across the total analysed traffic, lowering the rate from about 0.3% to about 0.1%. On unique scripts, Cloudflare says the false-positive rate fell from about 1.39% to 0.007%.

The company also describes a recent case involving a heavily obfuscated malicious script named core.js. According to Cloudflare, the payload targeted Xiaomi OpenWrt-based home routers, altered DNS settings, and attempted to change admin passwords. Cloudflare says the script was injected through compromised browser extensions rather than by directly compromising a website, and adds that its GNN detected the malicious structure while the LLM confirmed the intent.

Cloudflare argues that the two-stage design provides structural detection via the GNN and broader semantic filtering via the LLM, enabling the company to lower the GNN decision threshold without sharply increasing alert volume. Every script flagged by the GNN is also logged to Cloudflare R2 for later auditing, which the company says helps it review cases where the LLM overrode the initial verdict.

Domain-based threat intelligence is now being made available to all Client-Side Security customers, including those not using the Advanced tier. Cloudflare says the move is partly a response to attacks seen in 2025 against smaller online shops, especially on Magento, where client-side compromises continued for days or weeks after public disclosure. By extending domain-based signals more broadly, the company says site owners can more quickly identify malicious JavaScript or suspicious connections and investigate possible compromises.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Italy fines major bank over data protection failures

The Italian Data Protection Authority has imposed a €31.8 million fine on Intesa Sanpaolo following serious shortcomings in its handling of personal data.

The case stems from unauthorised access by an employee to thousands of customer accounts, raising concerns about internal oversight and data protection safeguards.

Investigations revealed that monitoring systems failed to detect repeated unjustified access to sensitive financial information over an extended period. The breach also involved high-risk individuals, highlighting weaknesses in risk-based controls instead of robust, targeted protection measures.

Authorities in Italy identified violations of core data protection principles, including integrity, confidentiality and accountability. Additional concerns arose from delays in notifying both regulators and affected individuals, limiting the ability to respond effectively to the incident.

The case of Intesa Sanpaolo underscores increasing regulatory scrutiny of data governance practices in the financial sector. Strengthening internal controls and ensuring timely breach reporting remain essential for maintaining trust and compliance in data-driven banking environments.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Ofcom tightens online safety enforcement across major platforms

Enforcement of the Online Safety Act intensifies in 2026, with regulators pushing stronger age verification across social media, gaming, messaging, and adult platforms. Significant progress has been reported in the adult sector, with most major pornography services now using age assurance or restricting UK access.

Ofcom has issued new expectations for major children’s platforms, including stricter age verification, stronger protections against grooming, safer feeds, and tighter product testing. The regulator has warned that further enforcement action may follow if compliance is not met.

New obligations are also being introduced, including a requirement from April 2026 for services to report child sexual exploitation and abuse content to the National Crime Agency.

Providers are being instructed to keep risk assessments up to date and adapt to evolving regulatory guidance, including upcoming consultations and expanded reporting duties.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU investigates cyber attack targeting Commission websites

The European Commission has confirmed a cyber-attack targeting its cloud infrastructure hosting the Europa.eu services, with authorities acting swiftly to contain the incident and prevent disruption to public access.

The attack was identified on 24 March, prompting immediate mitigation measures to secure systems and maintain service continuity.

Preliminary findings indicate that some data may have been accessed from affected websites, although the full scope of the incident remains under investigation.

The Commission has begun notifying the relevant EU entities that may be affected, while continuing efforts to assess the extent of the breach and strengthen safeguards.

Officials confirmed that internal systems were not affected, limiting the overall impact of the attack.

Monitoring efforts remain ongoing, with additional security measures being implemented to protect data and infrastructure, rather than relying solely on existing defences. The Commission has also committed to analysing the incident to improve its cybersecurity capabilities.

The attack comes amid growing cyber and hybrid threats targeting European institutions and critical services.

Existing frameworks, including the NIS2 Directive and the Cyber Solidarity Act, aim to strengthen resilience and coordination across member states, supporting a more unified response to large-scale cyber incidents across the EU.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.