Cybercrime

UK cyber agency warns of growing vulnerability risks from Frontier AI

The UK’s National Cyber Security Centre (NCSC) has issued guidance for network defenders on managing the growing risk associated with software vulnerabilities discovered using Frontier AI.

The guidance states that Frontier AI models represent the most advanced AI systems and have already demonstrated the ability to identify vulnerabilities in software products. According to the NCSC, this has significant implications for the threat landscape because Frontier AI can help both defenders and threat actors identify weaknesses at greater speed and scale. The UK’s National Cyber Security Centre has issued guidance for network defenders on managing the growing risk from software vulnerabilities discovered with Frontier AI.

The guidance states that Frontier AI models represent the most advanced AI systems and have demonstrated the ability to discover vulnerabilities in software products. The NCSC says this has implications for the threat landscape because Frontier AI can help both defenders and threat actors identify weaknesses more quickly.

The NCSC emphasises that organisations using AI for vulnerability discovery should do so within secure and controlled environments. It recommends limiting what the AI system can access, ideally using it only in testing or development environments, running it through a service account with only necessary permissions, and placing it in a sandboxed environment.

Organisations should also consider legal, contractual, and security obligations before using AI-as-a-service tools for vulnerability discovery. Sending source code, intellectual property or other sensitive information to external AI providers could introduce additional security, confidentiality and compliance risks.

The NCSC notes that AI-assisted vulnerability discovery is only effective if organisations have the processes and resources needed to manage the findings. That means having processes for patch management, vulnerability identification, prioritisation, validation, remediation, and reporting, as well as the ability to filter false positives and address root causes rather than only individual flaws.

The NCSC stresses that Frontier AI should complement, rather than replace, human cybersecurity expertise. Staff with experience in cybersecurity or the relevant IT systems should guide and validate AI-based vulnerability discovery to improve speed and accuracy.

The NCSC also warns that threat actors are increasingly using Frontier AI to identify and exploit vulnerabilities, potentially accelerating cyberattack timelines. Frontier AI may reduce the time between discovery and exploitation of newly published vulnerabilities, leaving organisations with less time to patch. The guidance says organisations should therefore adopt an assume-compromised mindset.

The NCSC recommends that organisations meet minimum cybersecurity standards, apply defence-in-depth principles, monitor networks and endpoints for suspicious behaviour and maintain a strong incident response plan.

The guidance also urges organisations to reduce the number of systems exposed to the internet, especially high-risk systems such as admin login panels, legacy systems, and operational technology. Organisations should identify internet-accessible systems and assess whether they need to remain exposed.

The guidance also highlights the growing importance of software supply chain security. Organisations should understand the commercial software, cloud services, open-source software, and dependencies they use, review supplier security and AI assurance policies, apply updates quickly, and use software bills of materials or similar tools to identify vulnerable dependencies.

The NCSC says Frontier AI is likely to be used extensively to discover vulnerabilities in open-source software because source code is accessible. It also notes that open-source supply chains have already been targeted through malware campaigns affecting major packages.

Why does it matter?

The guidance reflects a growing shift in cybersecurity as advanced AI systems become capable of identifying software vulnerabilities at unprecedented speed. While these capabilities can help defenders improve security testing and vulnerability management, they can also enable attackers to discover and exploit weaknesses more quickly, potentially reducing the time organisations have to respond.

The NCSC’s recommendations also point to a broader governance challenge surrounding AI adoption in cybersecurity. Organisations must not only defend against AI-enabled threats but also ensure that their own use of AI tools does not introduce new risks related to sensitive data, software supply chains or overreliance on automated systems. As Frontier AI capabilities continue to improve, cyber resilience will increasingly depend on combining AI-driven analysis with strong human oversight, secure development practices and effective incident response.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

University of Nottingham data breach exposes student and alumni records

The University of Nottingham has confirmed that an external third party accessed a significant amount of data in its student record system during a cyber incident.

The university said the incident affected current students and alums and that it is working with the third-party provider that maintains the affected platform to support a forensic investigation. It has reported the incident to Action Fraud and the Information Commissioner’s Office.

The university has not publicly attributed the attack, but the ShinyHunters extortion group has claimed responsibility. Have I Been Pwned said the breach affected 454,600 accounts and involved tens of gigabytes of data, which was later published online.

According to Have I Been Pwned, the exposed data included names, email addresses, phone numbers, physical addresses, passport numbers, citizenship statuses, dates of birth, academic records, ethnicity, disability information, IP addresses and information relating to enrolments and fee payments.

The university told affected individuals that it was operating on the precautionary assumption that contact information, university-related details, financial information and personal information may have been accessed.

The breach creates risks of identity theft, fraud and follow-up phishing attacks, particularly where exposed records include identity documents, financial data and sensitive personal characteristics.

The University of Nottingham Students’ Union advised students to monitor university communications, use the dedicated support line and remain cautious about unexpected emails, messages or calls.

Why does it matter?

The breach highlights the scale of cyber risk facing higher education institutions, which hold large volumes of sensitive personal, financial and academic data. Exposure of passport numbers, contact details, protected characteristics and payment-related information can create long-term risks for students and alums. The incident also points to the importance of third-party platform security and clear breach communication, especially when student record systems are involved.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

India imposes temporary Telegram ban over exam security concerns

India has restricted access to Telegram until 22 June 2026 ahead of the NEET (UG) 2026 re-examination, citing concerns over exam security and alleged paper leak networks. The decision followed recommendations from the National Testing Agency (NTA), which sought to prevent the misuse of messaging platforms during a high-stakes national examination.

The Ministry of Electronics and Information Technology (MeitY) acted under Section 69A of the Information Technology Act, 2000, citing risks associated with organised cheating networks. Authorities also ordered Telegram to temporarily disable editing of the previously posted messages until 30 June 2026, arguing that the feature had been used to create misleading evidence of alleged paper leaks.

Enforcement efforts follow ongoing investigations coordinated by the Indian Cyber Crime Coordination Centre and state police units, which have previously dismantled multiple fraudulent channels and bot networks. Officials said groups operating under names suggesting exam leaks had demanded significant sums from students and families in exchange for false information.

Why does it matter?

The case illustrates how digital platforms have become a central battleground in efforts to protect the integrity of high-stakes examinations. Messaging applications can facilitate the rapid spread of misinformation, fraudulent schemes and alleged leak networks, prompting authorities to consider increasingly interventionist measures during sensitive national processes.

The decision also raises broader questions about digital governance and platform regulation. By restricting access to a major communication platform and temporarily limiting specific platform features, Indian authorities are signalling a willingness to use digital policy tools to address risks associated with public trust and institutional integrity. The move reflects a wider global debate over the balance between security objectives, platform accountability and access to digital communications.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

INTERPOL report warns of rising cybercrime across Asia-Pacific

INTERPOL has published its 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, covering the period from January 2024 to March 2025. The report documents a rise in cybercrime across the region, attributing the trend to expanding digital infrastructure, the adoption of new technologies and increasingly organised criminal networks.

More than half of the countries surveyed reported that cybercrime accounts for over 30% of all crimes recorded nationally. Phishing and related online scam techniques were identified as the most common and financially damaging forms of cybercrime, with 33 % of surveyed countries recorded over 10,000 such cases.

Neal Jetton, INTERPOL’s Cybercrime Director, said the findings demonstrate how cybercriminals are increasingly exploiting AI, ransomware-as-a-service models and sophisticated social engineering techniques. He noted that operational cooperation, information sharing, and cyber resilience are factors relevant to protecting communities and infrastructure as digital adoption in the region increases.

Growth in internet connectivity, mobile banking, cloud computing, and digital financial services has accompanied this cybercriminal activity, according to the report.

Survey respondents also highlighted challenges for law enforcement, including gaps in specialised forensic tools, cybercrime training and technical capacity. The report also notes differences in cybersecurity capacity across countries.

Some countries have established cybersecurity frameworks and institutional capabilities, while others, including developing countries and small island states, reported resource and capacity constraints.

The report identifies jurisdictions with fragmented enforcement structures, limited technical capabilities, and weaker legislation as more exposed to exploitation by cybercriminal actors.

The report was prepared through the Asia and South Pacific Joint Operations against Cybercrime (ASPJOC) project, funded by the United Kingdom’s Foreign, Commonwealth & Development Office (FCDO). It draws on information submitted by 18 INTERPOL member countries in the Asia and South Pacific region, along with contributions from private sector partners, operational case studies, and analysis of emerging cyber threat trends.

It is one of several regional cyber threat assessments produced by INTERPOL, alongside similar reports covering regions such as Africa. The full report is available from INTERPOL.

Why does this matter?

The report highlights how cybercrime is becoming a major security, economic and governance challenge across Asia and the South Pacific. As countries expand digital infrastructure, online banking, cloud services and digital government initiatives, cybercriminals are finding new opportunities to exploit vulnerabilities and target individuals, businesses and critical sectors.

The findings also illustrate the growing role of AI in cyberspace. While organisations increasingly use AI to strengthen cybersecurity, threat actors are adopting the same technologies to enhance phishing campaigns, generate deepfakes and automate attacks. This accelerating technological competition underscores the importance of international cooperation, cyber capacity-building and information sharing to strengthen resilience across the region.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

US FTC reveals record losses from imposter scams in 2025

The US Federal Trade Commission said consumers reported losing $3.5 billion to imposter scams in 2025, nearly tripling from 2020.

The FTC said imposter scams were the most reported fraud category last year, accounting for nearly one in three fraud reports. Consumers were targeted through text messages, phone calls, email, social media, search engine results and other channels.

Some of the costliest scams began with fake security alerts that often appeared to come from banks. Victims were persuaded to move money to ‘protect’ it, with losses often limited only by the funds they had available.

Consumers reported losing nearly $1 billion to business impersonators in 2025, with the highest losses linked to bank impersonators. Reported losses to government impersonators reached about $920 million, up from $789 million in 2024.

The figures form part of a wider rise in reported fraud losses. The FTC said consumers reported losing about $16 billion to all types of fraud in 2025, the highest figure on record and around 25% higher than in 2024.

The data were released as the FTC, the Department of Justice, the Department of Health and Human Services and members of the Elder Justice Coordinating Council launched the Never Ever campaign. The public-private campaign aims to raise awareness of government and business imposter scams, including scams affecting older adults.

The FTC also pointed to its 2024 Impersonation Rule, which gives the agency stronger tools to pursue scammers impersonating government agencies and businesses. Since the rule was finalised, the FTC said it has brought a dozen enforcement actions and obtained more than $70 million in redress for consumers.

Why does it matter?

Imposter scams exploit trust in digital communications, financial institutions and government services. Fake bank alerts, official-looking messages and multi-channel fraud campaigns can push consumers to act quickly and transfer money before they verify the request. The FTC’s response shows how consumer protection is increasingly combining fraud data, enforcement tools and public education to address digital trust risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic forced to disable Fable 5 after US directive

Anthropic has disabled access to Claude Fable 5 and Claude Mythos 5 after receiving a US government export control directive citing national security authorities.

The company said the directive requires it to suspend access to the models by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. Anthropic said the practical effect is that it must remove access to Fable 5 and Mythos 5 for all customers to ensure compliance. Access to its other models is not affected.

According to Anthropic, it received the directive on 12 June at 5:21 p.m. ET. The company said the order did not provide specific details of the national security concern, but that it understands the government believes it has become aware of a method for bypassing, or jailbreaking, Fable 5.

Anthropic said it reviewed a demonstration of the technique being used to identify a small number of previously known minor vulnerabilities. The company argued that those vulnerabilities appeared relatively simple and could also be identified by other publicly available models without requiring a bypass.

Anthropic said Fable 5 had been red-teamed before launch by its internal teams, the US government, the UK AI Safety Institute and third-party organisations. The company said no tester had found a universal jailbreak capable of broadly bypassing the model’s safeguards.

The company said it is complying with the directive but disagrees that a narrow potential jailbreak should justify recalling a commercial model. It also argued that applying such a standard across the industry could effectively halt new frontier model deployments.

Anthropic said governments should be able to block unsafe AI deployments through a transparent and technically grounded statutory process, but said the current action does not meet those principles. The company said it is working to restore access as soon as possible.

Why does it matter?

The case shows how national security and export-control powers can directly affect access to frontier AI systems after deployment. It raises a major governance question: when should governments be able to suspend access to advanced models, and what evidence, transparency and due-process safeguards should apply? The dispute also highlights the growing tension between frontier AI safety, commercial deployment, cross-border access and government intervention in dual-use technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol warns of rising online exploitation of minors

Europol has warned that criminal networks are increasingly using digital platforms to target, manipulate and recruit minors into criminal activity.

The agency said offenders exploit online environments, including dark web portals, social media networks, games and e-commerce platforms, which can offer anonymity, reach and operational efficiency. Europol and the EU member states have observed growing use of these digital tools to target and recruit minors.

According to Europol, young people are being drawn into offences including cyberattacks, drug distribution, online fraud and money laundering. In some cases, minors are also exposed to extremist ideologies, manipulation and pressure from online communities.

Europol said digital tools have made recruitment easier to scale and harder to detect. Minors may initially be approached as victims, but can later be pressured into carrying out further offences, increasing both the harm to the child and the reach of criminal networks.

The agency said it is working with the EU member states and international partners to strengthen intelligence sharing, operational support and the disruption of criminal groups. Prevention efforts also include awareness-raising and guidance for parents, educators and communities to help identify risks and support vulnerable minors.

Why does it matter?

The warning shows how child safety and organised crime are increasingly overlapping in online spaces. Social media, gaming environments, e-commerce platforms and dark web channels can be used not only to exploit minors, but also to recruit them into cybercrime, fraud, drug distribution or extremist networks. That creates a governance challenge for law enforcement, schools, parents and platforms, especially where manipulation, anonymity and cross-border digital services make early detection difficult.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

EPRS reveals critical Cybersecurity Act impact assessment gaps

The European Parliamentary Research Service has published an initial appraisal of the European Commission’s impact assessment for the proposed revision of the Cybersecurity Act, finding that the Commission makes a strong case for reform while leaving several analytical gaps.

The Commission proposed the revision on 20 January 2026, alongside a directive on simplification measures under the NIS2 Directive. The proposals were referred to the European Parliament’s Committee on Industry, Research and Energy.

The package covers ENISA’s mandate, the European Cybersecurity Certification Framework, NIS2 compliance simplification and a proposed EU-level framework for ICT supply chain security. EPRS said the impact assessment responds to a more complex cybersecurity landscape, stalled implementation of certification rules, fragmented compliance requirements and growing supply chain risks.

The briefing found that the Commission’s assessment effectively substantiates the need to revise the Cybersecurity Act. It praised the problem definition, intervention logic, use of qualitative and quantitative analysis, SME test, competitiveness check and transparency around evidence and methodology.

However, EPRS also identified weaknesses. It said the assessment lacks operational objectives, does not include a subsidiarity grid despite the initiative’s political significance, and has no distinct proportionality section. The briefing also questioned whether some policy options are sufficiently distinct, noting that they appear partly cumulative.

EPRS said stakeholder consultation feedback could have been reflected more clearly, especially in the analysis of policy options, impacts and the preferred approach. It also noted that the Regulatory Scrutiny Board first issued a negative opinion on the draft impact assessment, then later issued a positive opinion with reservations.

The briefing concluded that the Commission’s legislative proposals are mostly aligned with the preferred options in the impact assessment, although some issues remain.

Why does it matter?

The Cybersecurity Act revision could reshape several pillars of the EU cyber policy at once, including ENISA’s role, cybersecurity certification, NIS2 compliance and ICT supply chain security. EPRS’s appraisal matters because it provides lawmakers with an early quality check of the evidence underpinning the Commission’s proposal. The briefing suggests the policy case for reform is strong, but also highlights gaps that may become important during parliamentary scrutiny, especially around proportionality, subsidiarity and the design of policy options.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyber Europe 2026 tests EU response to large-scale cyber crises

The EU Agency for Cybersecurity has led Cyber Europe 2026, a two-day exercise testing Europe’s response to large-scale cyberattacks on rail and maritime transport networks.

The exercise, held on 10 and 11 June, brought together more than 5,000 participants from national cybersecurity agencies, EU and EFTA public and private sector organisations, the EU entities and industry. It was designed to strengthen cyber preparedness and test the continuity of essential services during a major crisis affecting interconnected transport systems.

The scenario simulated coordinated attacks on critical maritime and railway infrastructure across Europe. Port logistics and navigation systems were compromised, cargo movements were halted, and safety risks emerged. Railway networks were also disrupted, with cross-border trains frozen and passengers and supplies delayed.

Participants also had to respond to ransomware attacks affecting transport authorities and ticketing services, as well as exposure of sensitive passenger and emergency information. ENISA said the scenario required information-sharing and coordination at technical, operational and political levels.

Cyber Europe 2026 also tested the EU Cybersecurity Blueprint, revised in 2025 to strengthen crisis management for large-scale incidents. For the first time, the EU Cybersecurity Reserve was tested under Cyber Europe, using a scenario that required participants to follow ENISA procedures for activating incident response support under the mechanism.

ENISA said findings from the exercise will be analysed in after-action reports to identify weaknesses and improve Europe’s preparedness and response processes.

Why does it matter?

The exercise shows how cyber incidents affecting transport infrastructure can quickly move beyond technical disruption into broader economic, safety and crisis-management risks. Ports, railways, logistics systems, ticketing platforms and navigation tools are increasingly interconnected, often combining legacy operational technology with modern digital systems. Testing EU-level coordination matters because attacks on transport networks can affect trade, military mobility, emergency response and public trust across borders.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Singapore warns of Microsoft impersonation scams causing major losses

The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have warned the public about technical support scams that impersonate Microsoft. Authorities said at least 10 cases had been reported since February 2026, with total losses exceeding S$1.7 million.

In this scam variant, victims typically encounter a pop-up alert in their web browser. The alert falsely appears to originate from Microsoft and claims that the user’s device has been hacked or compromised.

Victims are then instructed to contact a so-called technical support officer through an internet-based phone number. After making contact, victims may be transferred to another scammer posing as a police officer, who claims that their device has been used for criminal activities such as money laundering.

Authorities in Singapore said victims may be instructed to make bank transfers, provide banking credentials, or grant remote access to their devices. In some cases, scammers asked victims to download remote access applications or click links that allowed them to take control of bank accounts.

SPF and CSA advised members of the public to verify alerts through official software provider channels. They noted that Microsoft does not include phone numbers in error or warning messages, and that users should not call numbers displayed in suspicious pop-ups or click links or buttons within such alerts.

People who believe they have fallen victim to the scam are advised to disconnect their computer from the internet, contact their bank, remove applications installed under the scammer’s instructions, and run an anti-virus scan. They should also change passwords and banking credentials using a trusted device, remove unauthorised payees, and report the incident to the police and CSA’s SingCERT.

Why does it matter?

Technical support scams remain one of the most effective forms of cyber-enabled fraud because they combine social engineering, impersonation and remote access techniques. By exploiting trust in well-known brands such as Microsoft and creating a sense of urgency, scammers can persuade victims to hand over sensitive information or direct access to their devices.

The cases also highlight how cybersecurity and financial security are increasingly interconnected. Basic cyber hygiene practices, such as verifying security alerts through official channels, avoiding unsolicited remote access requests and reporting incidents quickly, can help prevent account compromise and reduce financial losses.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.