Cybercrime

UN cybercrime treaty signed in Hanoi amid rights concerns

Around 73 countries signed a landmark UN cybercrime convention in Hanoi, seeking faster cooperation against online crime. Leaders cited trillions in annual losses from scams, ransomware, and trafficking. The pact enters into force after 40 ratifications.

UN supporters say the treaty will streamline evidence sharing, extradition requests, and joint investigations. Provisions target phishing, ransomware, online exploitation, and hate speech. Backers frame the deal as a boost to global security.

Critics warn the text’s breadth could criminalise security research and dissent. The Cybersecurity Tech Accord called it a surveillance treaty. Activists fear expansive data sharing with weak safeguards.

The UNODC argues the agreement includes rights protections and space for legitimate research. Officials say oversight and due process remain essential. Implementation choices will decide outcomes on the ground.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Copilot Mode turns Edge into an active assistant

Edge says the browser should work with you, not just wait for clicks. Copilot Mode adds chat-first tabs, multi-tab reasoning, and a dynamic pane for in-context help. Plan trips, compare options, and generate schedules without tab chaos.

Microsoft Copilot now resumes past sessions, so projects pick up exactly where you stopped. It can execute multi-step actions, like building walking tours, end-to-end. Optional history signals improve suggestions and speed up research-heavy tasks.

Voice controls handle quick actions and deeper chores with conversational prompts. Ask Copilot to open pages, summarise threads, or unsubscribe you from promo emails. Reservations and other multi-step chores are rolling out next.

Journeys groups past browsing into topic timelines for fast re-entry, with explicit opt-in. Privacy controls are prominent: clear cues when Copilot listens, acts, or views. You can toggle Copilot Mode off anytime.

Security features round things out: local AI blocks scareware overlays by default. Built-in password tools continuously create, store, and monitor credentials. Copilot Mode is in all Copilot markets on Edge desktop and mobile and is coming soon.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

US Department of Justice charges former L3Harris executive with selling trade secrets to Russian buyer

The US Department of Justice has accused a former executive at defense contractor L3Harris of stealing and selling trade secrets to a buyer in Russia.

According to court filings, Peter Williams, a 39-year-old Australian citizen and former general manager of L3Harris division Trenchant, allegedly sold eight trade secrets from two unnamed companies between April 2022 and August 2025, earning about $1.3 million.

Williams, known internally as ‘Doogie,’ led Trenchant, which develops hacking and surveillance tools for Western governments, including the United States. He joined the company in October 2024 and left in August 2025, according to U.K. business records.

The DOJ’s ‘criminal information’ document, which, similar to an indictment, represents a formal accusation, did not identify the companies involved or the Russian buyer. Prosecutors are seeking to recover assets they say Williams acquired through the sale of trade secrets.

The case is being prosecuted by the DOJ’s National Security Division under the Counterintelligence and Export Control Section. An arraignment and plea hearing is scheduled for October 29 in Washington, DC.

Would you like to learn more aboutAI, tech and digital diplomacyIf so, ask our Diplo chatbot!

$MELANIA coin faces court claims over price manipulation

Executives behind the $MELANIA cryptocurrency, launched by Melania Trump in January, are accused in court filings of orchestrating a pump-and-dump scheme. The coin surged from a few cents to $13.73 before falling to 10 cents, while $TRUMP dropped from $45.47 to $5.79.

Investors allege the creators planned the price surge and collapse to profit from rapid trading. Court papers allege Meteora executives used accomplices to buy and sell $MELANIA quickly, securing large profits while ordinary investors lost money.

Melania Trump herself is not named in the lawsuit, which describes her as unaware of the alleged scheme.

The $MELANIA allegations are now part of broader legal proceedings involving multiple cryptocurrencies that began earlier this year. Meteora has not commented, while the Trump family reportedly earned over $1bn from crypto ventures in the past year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

CMC pegs JLR hack at £1.9bn with 5,000 firms affected

JLR’s cyberattack is pegged at £1.9bn, the UK’s costliest on record. Production paused for five weeks from 1 September across Solihull, Halewood, and Wolverhampton. CMC says 5,000 firms were hit, with full recovery expected by January 2026.

JLR is restoring manufacturing in phases and declined to comment on the estimate. UK dealer systems were intermittently down, orders were cancelled or delayed, and suppliers faced uncertainty. More than half of the losses fall on JLR; the remainder hits its supply chain and local economies.

The CMC classed the incident as Category 3 on its five-level scale. Chair Ciaran Martin warned organisations to harden critical networks and plan for disruption. The CMC’s assessment draws on public data, surveys, and interviews rather than on disclosed forensic evidence.

Researchers say costs hinge on the attack type, which JLR has not confirmed. Data theft is faster to recover than ransomware; wiper malware would be worse. A claimed hacker group linked to earlier high-profile breaches is unverified.

The CMC’s estimate excludes any ransom, which could add tens of millions of dollars. Earlier this year, retail hacks at M&S, the Co-op, and Harrods were tagged Category 2. Those were pegged at £270m–£440m, below the £506m cited by some victims.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta strengthens protection for older adults against online scams

The US giant, Meta, has intensified its campaign against online scams targeting older adults, marking Cybersecurity Awareness Month with new safety tools and global partnerships.

Additionally, Meta said it had detected and disrupted nearly eight million fraudulent accounts on Facebook and Instagram since January, many linked to organised scam centres operating across Asia and the Middle East.

The social media giant is joining the National Elder Fraud Coordination Center in the US, alongside partners including Google, Microsoft and Walmart, to strengthen investigations into large-scale fraud operations.

It is also collaborating with law enforcement and research groups such as Graphika to identify scams involving fake customer service pages, fraudulent financial recovery services and deceptive home renovation schemes.

Meta continues to roll out product updates to improve online safety. WhatsApp now warns users when they share screens with unknown contacts, while Messenger is testing AI-powered scam detection that alerts users to suspicious messages.

Across Facebook, Instagram and WhatsApp, users can activate passkeys and complete a Security Checkup to reinforce account protection.

The company has also partnered with organisations worldwide to raise scam awareness among older adults, from digital literacy workshops in Bangkok to influencer-led safety campaigns across Europe and India.

These efforts form part of Meta’s ongoing drive to protect users through a mix of education, advanced technology and cross-industry cooperation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Innovation versus risk shapes Australia’s AI debate

Australia’s business leaders were urged to adopt AI now to stay competitive, despite the absence of hard rules, at the AI Leadership Summit in Brisbane. The National AI Centre unveiled revised voluntary guidelines, and Assistant Minister Andrew Charlton said a national AI plan will arrive later this year.

The guidance sets six priorities, from stress-testing and human oversight to clearer accountability, aiming to give boards practical guardrails. Speakers from NVIDIA, OpenAI, and legal and academic circles welcomed direction but pressed for certainty to unlock stalled investment.

Charlton said the plan will focus on economic opportunity, equitable access, and risk mitigation, noting some harms are already banned, including ‘nudify’ apps. He argued Australia will be poorer if it hesitates, and regulators must be ready to address new threats directly.

The debate centred on proportional regulation: too many rules could stifle innovation, said Clayton Utz partner Simon Newcomb, yet delays and ambiguity can also chill projects. A ‘gap analysis’ announced by Treasurer Jim Chalmers will map which risks existing laws already cover.

CyberCX’s Alastair MacGibbon warned that criminals are using AI to deliver sharper phishing attacks and flagged the return of erotic features in some chatbots as an oversight test. His message echoed across panels: move fast with governance, or risk ceding both competitiveness and safety.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Medical group hit with £100,000 penalty after cyberattack exposes patient data

Emails containing sensitive health data were stolen from the Medical Specialist Group (MSG) in a 2021 cyberattack. The data has been later used in phishing campaigns, prompting the Office of the Data Protection Authority (ODPA) to fine MSG £100,000 for insufficiently safeguarding personal data and breaching data protection legislation.

Investigators found the clinic’s email server was compromised in August 2021 and went undetected for more than three months. Health data is sensitive information that requires stringent protection. However, the ODPA found MSG neglected to install routine security updates for thirteen months, and weaknesses in its threat-detection system led to multiple missed chances to identify unauthorised access to its email server.

The ODPA has ordered MSG to pay £75,000 within 60 days and a further £25,000 after 14 months, with the final amount being waived if it completes an agreed security action plan. MSG stated it has invested in new technology, system monitoring and staff training. The exact number of stolen emails remains unclear, though thousands were left exposed to unauthorised access.

The breach adds to a growing list of cyberattacks targeting the healthcare sector over the past year, including incidents like the Anne Arundel Dermatology cyberattack affecting nearly two million patients and the McLaren Health Care ransomware attack, affecting over 700,000 individuals.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AWS outage shows the cost of cloud concentration

A single fault can bring down the modern web. During the outage on Monday, 20 October 2025, millions woke to broken apps, games, banking, and tools after database errors at Amazon Web Services rippled outward. When a shared backbone stumbles, the blast radius engulfs everything from chat to commerce.

The outage underscored cloud concentration risk. Roblox, Fortnite, Pokémon Go, Snapchat, and workplace staples like Slack and Monday.com stumbled together because many depend on the same region and data layer. Failover, throttling, and retries help, but simultaneous strain can swamp safeguards.

On Friday, 19 July 2024, a faulty CrowdStrike update crashed Windows machines worldwide, triggering blue screens that grounded flights, delayed surgeries, and froze point-of-sale systems. The fix was simple; recovery wasn’t. Friday patches gained a new cautionary tale.

Earlier shocks foreshadowed today’s scale. In 1997, a Network Solutions glitch briefly hobbled .com and .net. In 2018, malware in Alaska’s Matanuska-Susitna knocked services offline, sending a community of 100,000 back to paper. Each incident showed how mundane errors cascade into civic life.

Resilience now means multi-region designs, cross-cloud failovers, tested runbooks, rate-limit backstops, and graceful read-only modes. Add regulatory stress tests, clear incident comms, and sector drills with hospitals, airlines, and banks. The internet will keep breaking; our job is to make it bend.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SMEs underinsured as Canada’s cyber landscape shifts

Canada’s cyber insurance market is stabilising, with stronger underwriting, steadier loss trends, and more product choice, the Insurance Bureau of Canada says. But the threat landscape is accelerating as attackers weaponise AI, leaving many small and medium-sized enterprises exposed and underinsured.

Rapid market growth brought painful losses during the ransomware surge: from 2019 to 2023, combined loss ratios averaged about 155%, forcing tighter pricing and coverage. Insurers have recalibrated, yet rising AI-enabled phishing and deepfake impersonations are lifting complexity and potential severity.

Policy is catching up unevenly. Bill C-8 in Canada would revive critical-infrastructure cybersecurity standards, stronger oversight, and baseline rules for risk management and incident reporting. Public–private programmes signal progress but need sustained execution.

SMEs remain the pressure point. Low uptake means minor breaches can cost tens or hundreds of thousands, while severe incidents can be fatal. Underinsurance shifts shock to the wider economy, challenging insurers to balance affordability with long-term viability.

The Bureau urges practical resilience: clearer governance, employee training, incident playbooks, and fit-for-purpose cover. Education campaigns and free guidance aim to demystify coverage, boost readiness, and help SMEs recover faster when attacks hit, supporting a more durable digital economy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!