Cybercrime

Nobitex restores wallet access after major hack

Iran’s biggest crypto exchange, Nobitex, has begun restoring wallet access after a cyberattack that stole over $90 million this month. Wallet reactivation is being carried out in phases, starting with verified users and spot wallets, while other wallets will reopen once identity checks are completed.

Users were urged to update their details promptly, as deposits sent to old wallet addresses now risk permanent loss due to a complete system migration.

Nobitex warned that withdrawal, deposit, and trading services for verified users would resume as soon as security checks allow. Timelines may change depending on technical conditions.

Following the breach, Iran’s central bank mandated domestic exchanges to restrict operating hours from 10 am to 8 pm to improve security.

The pro-Israel hacking group Predatory Sparrow claimed responsibility, highlighting rising regional cyber tensions. Nobitex remains central to Iran’s growing crypto market, but the attack has shaken user trust and raised concerns over the country’s financial cybersecurity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Europol backs Spain in dismantling crypto crime ring

Spanish law enforcement, supported by Europol and agencies from Estonia, France, and the United States, arrested five individuals on 25 June 2025 linked to a global cryptocurrency investment scam. The operation uncovered a vast fraud network responsible for laundering around €460 million taken from over 5,000 victims worldwide.

The suspects were detained following coordinated raids in Madrid and the Canary Islands. Authorities conducted five property searches in total.

Europol has been assisting with the case since 2023, providing technical expertise, financial crime analysis, and on-site support during the final phase of the investigation.

The group allegedly operated through a vast web of international sales agents facilitating fund collection via cash, wire transfers, and cryptocurrencies.

The criminal operation reportedly maintained a corporate and banking structure based in Hong Kong, using shell companies and various digital accounts under false identities to move illicit funds.

Online fraud remains a critical threat to EU security, and Europol warns that it is rapidly growing in scale and complexity. According to Europol’s latest threat report, the rise of AI-powered deception tools is expected to fuel the spread of cyber-enabled fraud further.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ahold Delhaize breach hits 2 million with data theft

A ransomware attack on Dutch retailer Ahold Delhaize resulted in a significant data breach affecting more than 2.2 million individuals across US businesses.

The breach occurred in November 2024 following network disruptions at supermarket chains, including Giant Food, Food Lion, and Stop & Shop.

The Inc Ransom group claimed responsibility in April 2025, stating it exfiltrated around 6 TB of data. The company confirmed that stolen files included employment records containing sensitive personal and financial information, with some data already posted on the dark web.

Affected individuals are now notified and offered two years of free identity protection services. The compromised data includes names, Social Security numbers, contact details, and medical and employment information.

Supermarkets have become a growing target in recent cyber campaigns. In April, UK retailers such as M&S and Harrods were also attacked, while distributor UNFI faced major disruptions earlier this month.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware victims still paying, Sophos finds

Nearly half of ransomware victims paid the attackers last year, according to Sophos. In its 2025 survey of 3,400 IT pros, 49% admitted to making payments—just below last year’s record.

Ransom amounts dropped significantly, with median payments falling 50% and demand amounts down a third. Yet backup usage also hit a six-year low, used by just 54% of firms for recovery.

Attackers often exploited known vulnerabilities (32%) or unknown security gaps (40%), highlighting persistent weaknesses. Sophos noted many companies now accept ransomware as a business risk.

CISA warned that CVE-2024-54085 in AMI MegaRAC firmware is under active exploitation elsewhere. The bug allows attackers to bypass authenticating remotely.

Varonis flagged abuse of Microsoft’s Direct Send email feature in a phishing campaign affecting over 70 organisations. Disabling it is advised if not essential.

Rapid7 also found critical vulnerabilities in Brother printers. One flaw rated CVSS 9.8, allows password theft and cannot be patched—users must change defaults.

Finally, Google will roll out new Gemini AI features to Android users starting on July 7, even for those with app activity disabled.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybercrime surge hits airlines across North America

According to the FBI and cybersecurity experts, a well-known cybercrime group has launched fresh attacks on the airline industry, successfully breaching the networks of several airlines in the US and Canada.

The hackers, identified as ‘Scattered Spider’, are known for aggressive extortion tactics and are now shifting their focus to aviation instead of insurance or retail, their previous targets.

Airline security teams remain on high alert despite no flights or operations being disrupted. Hawaiian Airlines and Canada’s WestJet have acknowledged recent cyber incidents, while sources suggest more affected companies may step forward soon.

Both airlines reported no impact on day-to-day services, likely due to solid internal defences and continuity planning.

The attackers often exploit help desks by impersonating employees or customers to access corporate systems. Experts warn that airline call centres are especially vulnerable, given their importance to customer support.

Cybersecurity firms, including Mandiant, are now supporting the response and advising firms to reinforce these high-risk entry points.

Scattered Spider has previously breached major casinos, insurance, and retail companies. The FBI confirmed it is working with aviation partners to contain the threat and assist victims.

Industry leaders remain alert, noting that airlines, IT contractors, and vendors across the aviation sector are at risk from the escalating threat.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hawaiian Airlines confirms flights are safe despite cyberattack

Hawaiian Airlines has reported a cyberattack that affected parts of its IT infrastructure, though the carrier confirmed all flights remain unaffected and are operating as scheduled.

Now part of the Alaska Air Group, the airline stated it is actively working with authorities and cybersecurity experts to investigate and resolve the incident.

In a statement, the airline stressed that the safety and security of passengers and staff remain its highest priority. It has taken steps to protect its systems, restoring affected services while continuing full operations. No disruption to passenger travel has been reported.

The exact nature of the attack has not been disclosed, and no group has claimed responsibility so far. The Federal Aviation Administration (FAA) confirmed it monitors the situation closely and remains in contact with the airline. It added that there has been no impact on flight safety.

Cyberattacks in aviation are becoming increasingly common due to the sector’s heavy reliance on complex digital systems. Earlier incidents this year included cyberattacks on WestJet and Japan Airlines, which caused operational disruptions but did not compromise passenger data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

BT report shows rise in cyber attacks on UK small firms

A BT report has found that 42% of small businesses in the UK suffered a cyberattack in the past year. The study also revealed that 67% of medium-sized firms were targeted, while many lacked basic security measures or staff training.

Phishing was named the most common threat, hitting 85% of businesses in the UK, and ransomware incidents have more than doubled. BT’s new training programme aims to help SMEs take practical steps to reduce risks, covering topics like AI threats, account takeovers and QR code scams.

Tris Morgan from BT highlighted that SMEs face serious risks from cyber attacks, which could threaten their survival. He stressed that security is a necessary foundation and can be achieved without vast resources.

The report follows wider warnings on AI-enabled cyber threats, with other studies showing that few firms feel prepared for these risks. BT’s training is part of its mission to help businesses grow confidently despite digital dangers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NHS patient death linked to cyber attack delays

A patient has died after delays caused by a major cyberattack on NHS services, King’s College Hospital NHS Foundation Trust has confirmed. The attack, targeting pathology services, resulted in a long wait for blood test results that contributed to the patient’s death.

The June 2024 ransomware attack on Synnovis, a provider of blood test services, also delayed 1,100 cancer treatments and postponed more than 1,000 operations. The Russian group Qilin is believed to have been behind the attack that impacted multiple hospital trusts across London.

Healthcare providers struggled to deliver essential services, resorting to using universal O-type blood, which triggered a national shortage. Sensitive data stolen during the attack was later published online, adding to the crisis.

Cybersecurity experts warned that the NHS remains vulnerable because of its dependence on a vast network of suppliers. The incident highlights the human cost of cyber attacks, with calls for stronger protections across critical healthcare systems in the UK.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Irish businesses face cybersecurity reality check

Most Irish businesses believe they are well protected from cyberattacks, yet many neglect essential defences. Research from Gallagher shows most firms do not update software regularly or back up data as needed.

The survey of 300 companies found almost two-thirds of Irish firms feel very secure, with another 28 percent feeling quite safe. Despite this, nearly six in ten fail to apply software updates, leaving systems vulnerable to attacks.

Cybersecurity training is provided by just four in ten Irish organisations, even though it is one of the most effective safeguards. Gallagher warns that overconfidence may lead to complacency, putting businesses at risk of disruption and financial loss.

Laura Vickers of Gallagher stressed the importance of basic measures like updates and data backups to prevent serious breaches. With four in ten Irish companies suffering attacks in the past five years, firms are urged to match confidence with action.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake video claims Nigeria is sending troops to Israel

A video circulating on TikTok falsely claims that Nigeria has announced the deployment of troops to Israel. Since 17 June, the video has been shared more than 6,100 times and presents a fabricated news segment constructed from artificial intelligence-generated visuals and outdated footage.

No official Nigerian authority has made any such announcement regarding military involvement in the ongoing Middle East crisis.

The video, attributed to a fictitious media outlet called ‘TBC News’, combines visuals of soldiers and aircraft with simulated newsroom graphics. However, no broadcaster by that name exists, and the logo and branding do not correspond to any known or legitimate media source.

Upon closer inspection, several anomalies suggest the use of generative AI. The news presenter’s appearance subtly shifts throughout the segment — with clothing changes, facial inconsistencies, and robotic voiceovers indicating non-authentic production.

Similarly, the footage of military activity lacks credible visual markers. For example, a purported official briefing displays a coat of arms inconsistent with Nigeria’s national emblems, and no standard flags or insignia are typically present at such events.

While two brief aircraft clips appear authentic — originally filmed during a May airshow in Lagos — the remainder seems digitally altered or artificially generated.

In reality, Nigerian officials have issued intense public criticism of Israel’s recent military actions in Iran and have not indicated any intent to provide military support to Israel.

The video in question, therefore, significantly distorts Nigeria’s diplomatic position and risks exacerbating tensions during an already sensitive period in international affairs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!