State officials have warned the public about a phishing campaign using the fake domain codify.inc to impersonate official government websites. Cybercriminals aim to steal personal information and login credentials from unsuspecting users.
Several state agencies are affected, including the departments of Labor and Industrial Relations, Education, Health, Transportation, and many others. Fraudulent websites often mimic official URLs, such as dlir.hi.usa.codify.inc, and may use AI-based services to entice users.
Residents are urged to verify website addresses carefully. Official government portals will always end in .gov, and any other extensions like .inc or .co are not legitimate. Users should type addresses directly into their browsers rather than clicking links in unsolicited emails or texts.
Suspicious websites should be reported to the State of Hawaii at soc@hawaii.gov to help protect other residents from falling victim to the scam.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Cybersecurity experts are raising alarms as AI transitions from a theoretical concern to an operational threat. The H2 2025 ESET Threat Report shows AI-powered malware is now targeting systems globally, raising attack sophistication.
PromptLock, the first AI-driven ransomware, uses a dual-component system to generate unique scripts for each target. The malware autonomously decides to exfiltrate, encrypt, or destroy data, using a feedback loop to ensure reliable execution.
Other AI threats include PromptFlux, which rewrites malware for persistence, and PromptSteal, which harvests sensitive files. These developments highlight the growing capabilities of attackers using machine learning models to evade traditional defences.
The ransomware-as-a-service market is growing, with Qilin, Akira, and Warlock using advanced evasion techniques. The convergence of AI-driven malware and thriving ransomware economies presents an urgent challenge for organisations globally.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Illinois Secretary of State Alexi Giannoulias has warned residents to stay alert for fraudulent text messages claiming unpaid traffic violations or tolls. Officials say the messages are part of a phishing campaign targeting Illinois drivers.
The scam texts typically warn recipients that their vehicle registration or driving privileges are at risk of suspension. The messages urge immediate action via links that steal money or personal information.
The Secretary of State’s office said it sends text messages only to remind customers about scheduled DMV appointments. It does not communicate by text about licence status, vehicle registration issues, or enforcement actions.
Officials advised residents not to click on links or provide personal details in response to such messages. The texts are intended to create fear and pressure victims into acting quickly.
Residents who receive scam messages are encouraged to report them to the Federal Trade Commission through its online fraud reporting system.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A ransomware attack has disrupted the Oltenia Energy Complex, Romania’s largest coal-based power producer, after hackers encrypted key IT systems in the early hours of 26 December.
The state-controlled company confirmed that the Gentlemen ransomware strain locked corporate files and disabled core services, including ERP platforms, document management tools, email and the official website.
The organisation isolated affected infrastructure and began restoring services from backups on new systems instead of paying a ransom. Operations were only partially impacted and officials stressed that the national energy system remained secure, despite the disruption across business networks.
A criminal complaint has been filed. Additionally, both the National Directorate of Cyber Security of Romania and the Ministry of Energy have been notified.
Investigators are still assessing the scale of the breach and whether sensitive data was exfiltrated before encryption. The Gentlemen ransomware group has not yet listed the energy firm on its dark-web leak site, a sign that negotiations may still be underway.
An attack that follows a separate ransomware incident that recently hit Romania’s national water authority, underlining the rising pressure on critical infrastructure organisations.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Korean Air has disclosed a data breach affecting about 30,000 employees. Stolen records were taken from systems operated by a former subsidiary.
The breach occurred at catering supplier KC&D, sold off in 2020. Hackers, who had previously attacked the Washington Post accessed employee names and their bank account details, while customer data remained unaffected.
Investigators linked the incident to exploits in Oracle E-Business Suite. Cybercriminals abused zero day flaws during a wider global hacking campaign.
The attack against Korean Air has been claimed by the Cl0p ransomware group. Aviation firms worldwide have reported similar breaches connected to the same campaign.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Aflac, a health and life insurer in the US, revealed that a cyberattack discovered in June affected over 22.6 million individuals. Personal and claims information, including social security numbers, may have been accessed.
The investigation found the attack likely originated from the Scattered Spider cybercrime group. Authorities were notified, and third-party cybersecurity experts were engaged to contain the incident.
Systems remained operational, and no ransomware was detected, with containment achieved within hours. Notifications have begun, and the insurer continues to monitor for potential fraudulent use of data.
Class-action lawsuits have been filed in response to the incident, which also affected employees, agents, and other related individuals. Erie and Philadelphia Insurance previously reported network issues linked to similar threats.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The European Space Agency (ESA) has confirmed that a data breach occurred, but stated that its impact appears to be limited. According to the agency, only a very small number of science servers were affected, and these systems were located outside ESA’s main corporate network.
Claims about the breach began circulating on 26 December, when a hacker using the alias ‘888’ alleged that more than 200 gigabytes of ESA data had been compromised and put up for sale. The hacker claimed the material included source code, internal project documents, API tokens, and embedded login credentials.
ESA acknowledged the allegations on 29 December and launched a forensic investigation. A day later, the agency stated that its initial findings confirmed unauthorised access but suggested the scope was far smaller than online claims implied.
The affected servers were described as unclassified systems used for collaborative engineering work within the scientific community. ESA said it has already informed relevant stakeholders and taken immediate steps to secure any potentially impacted devices.
The investigation is still ongoing, and ESA has stated that it will provide further updates once the forensic analysis is complete.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The presidency of the Council of the European Union next year is expected to see Ireland lead a European drive for ID-verified social media accounts.
Tánaiste Simon Harris said the move is intended to limit anonymous abuse, bot activity and coordinated disinformation campaigns that he views as a growing threat to democracy worldwide.
A proposal that would require users to verify their identity instead of hiding behind anonymous profiles. Harris also backed an Australian-style age verification regime to prevent children from accessing social media, arguing that existing digital consent rules are not being enforced.
Media Minister Patrick O’Donovan is expected to bring forward detailed proposals during the presidency.
The plan is likely to trigger strong resistance from major social media platforms with European headquarters in Ireland, alongside criticism from the US.
However, Harris believes there is growing political backing across Europe, pointing to signals of support from French President Emmanuel Macron and UK Prime Minister Keir Starmer.
Harris said he wanted constructive engagement with technology firms rather than confrontation, while insisting that stronger safeguards are now essential.
He argued that social media companies already possess the technology to verify users and restrict harmful accounts, and that European-level coordination will be required to deliver meaningful change.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A hacker using the name Lovely has allegedly claimed to have accessed subscriber data belonging to WIRED and to have leaked details relating to around 2.3 million users.
The same individual also states that a wider Condé Nast account system covering more than 40 million users could be exposed in future leaks instead of ending with the current dataset.
Security researchers are reported to have matched samples of the claimed leak with other compromised data sources. The information is said to include names, email addresses, user IDs and timestamps instead of passwords or payment information.
Some researchers also believe that certain home addresses could be included, which would raise privacy concerns if verified.
The dataset is reported to be listed on Have I Been Pwned. However, no official confirmation from WIRED or Condé Nast has been issued regarding the authenticity, scale or origin of the claimed breach, and the company’s internal findings remain unknown until now.
The hacker has also accused Condé Nast of failing to respond to earlier security warnings, although these claims have not been independently verified.
Users are being urged by security professionals to treat unexpected emails with caution instead of assuming every message is genuine.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
South Korea has blamed weak femtocell security at KT Corp for a major mobile payment breach that triggered thousands of unauthorised transactions.
Officials said the mobile operator used identical authentication certificates across femtocells and allowed them to stay valid for ten years, meaning any device that accessed the network once could do so repeatedly instead of being re-verified.
More than 22,000 users had identifiers exposed, and 368 people suffered unauthorised payments worth 243 million won.
Investigators also discovered that ninety-four KT servers were infected with over one hundred types of malware. Authorities concluded the company failed in its duty to deliver secure telecommunications services because its overall management of femtocell security was inadequate.
The government has now ordered KT to submit detailed prevention plans and will check compliance in June, while also urging operators to change authentication server addresses regularly and block illegal network access.
Officials said some hacking methods resembled a separate breach at SK Telecom, although there is no evidence that the same group carried out both attacks. KT said it accepts the findings and will soon set out compensation arrangements and further security upgrades instead of disputing the conclusions.
A separate case involving LG Uplus is being referred to police after investigators said affected servers were discarded, making a full technical review impossible.
The government warned that strong information security must become a survival priority as South Korea aims to position itself among the world’s leading AI nations.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
