Researchers at NYU’s Tandon School of Engineering have demonstrated how large language models can be utilised to execute ransomware campaigns autonomously. Their prototype, dubbed Ransomware 3.0, simulated every stage of an attack, from intrusion to the generation of a ransom note.
The system briefly raised an alarm after cybersecurity firm ESET discovered its files on VirusTotal, mistakenly identifying them as live malware. The proof-of-concept was designed only for controlled laboratory use and posed no risk outside testing environments.
Instead of pre-written code, the prototype embedded text instructions that triggered AI models to generate tailored attack scripts. Each execution created unique code, evading traditional detection methods and running across Windows, Linux, and Raspberry Pi systems.
The researchers found that the system identified up to 96% of sensitive files and could generate personalised extortion notes, raising psychological pressure on victims. With costs as low as $0.70 per attack using commercial AI services, such methods could lower barriers for criminals.
The team stressed that the work was conducted ethically and aims to help defenders prepare countermeasures. They recommend monitoring file access patterns, limiting outbound AI connections, and developing defences against AI-generated attack behaviours.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A group of 12 Democratic US senators unveiled a crypto regulation plan, highlighting the need for bipartisan oversight. The proposal comes in response to Republicans’ plan to advance a market structure bill this month.
The Democrats’ framework outlines seven key pillars, including protections against illicit finance and measures to close gaps in the spot market for digital assets not classified as securities. It also calls for fair and effective regulation, highlighting concerns over the SEC, CFTC, and Treasury Department leadership.
The framework criticised Trump for removing Democratic commissioners and noted his family’s financial ties to crypto projects. Senators urged limits on elected officials and family members profiting from digital assets and reinforced disclosure requirements.
With the House passing the CLARITY Act and the GENIUS Act regulating stablecoins, the Senate is expected to prioritise crypto market structure legislation. However, Democrats remain uncertain whether Republicans will adopt their recommendations, with a final bill unlikely before 2026.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A Ukrainian cybercrime suspect has been added to the EU’s Most Wanted list for his role in the 2019 LockerGoga ransomware attack against a major Norwegian aluminium company and other global incidents.
The fugitive is considered a high-value target and is wanted by multiple countries. The US Department of Justice has offered up to USD 10 million for information leading to the arrest.
Europol stated that the identification of the suspect followed a lengthy, multinational investigation supported by Eurojust, with damages from the network estimated to be in the billions. Several members of the group have already been detained in Ukraine.
Investigators have mapped the network’s operations, tracing its hierarchy from malware developers and intrusion experts to money launderers who processed illicit proceeds. The wanted man is accused of directly deploying LockerGoga ransomware.
Europol has urged the public to visit the EU Most Wanted website and share information that could assist in locating the fugitive. The suspect’s profile is now live on the platform.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A senior Russian policymaker has proposed the creation of a national crypto bank, arguing it would raise state revenues and help curb financial crime.
Yevgeny Masharov, a member of the Public Chamber of the Russian Federation, said a national crypto bank would bring vast sums of crypto into the legal economy. He added that lawmakers also aim to ban quasi-legal exchanges while exploring the launch of state-run trading platforms.
Masharov suggested that a crypto bank could be a tool against online fraud, particularly schemes involving ‘droppers’ who launder cash and crypto for criminals. He argued that by keeping transactions within an official system, authorities would have more control over illicit flows.
The initiative follows similar moves in Belarus, where President Alexander Lukashenko has instructed officials to accelerate work on a national crypto bank. Moscow also views such a project as a way to support miners, enable safer cross-border payments, and reduce reliance on Western-controlled financial networks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Sam Altman, X enthusiast and Reddit shareholder, has expressed doubts over whether social media content can still be distinguished from bot activity. His remarks followed an influx of praise for OpenAI Codex on Reddit, where users questioned whether such posts were genuine.
Altman noted that humans are increasingly adopting quirks of AI-generated language, blurring the line between authentic and synthetic speech. He also pointed to factors such as social media optimisation for engagement and astroturfing campaigns, which amplify suspicions of fakery.
Underlying this debate is the wider reality that bots dominate much of the online environment. Imperva estimates that more than half of 2024’s internet traffic was non-human, while X’s own Grok chatbot admitted to hundreds of millions of bots on the platform.
Some observers suggest Altman’s comments may foreshadow an OpenAI-backed social media venture. Whether such a project could avoid the same bot-related challenges remains uncertain, with research suggesting that even bot-only networks eventually create echo chambers of their own.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A malvertising campaign is targeting IT workers in the EU with fake GitHub Desktop installers, according to Arctic Wolf. The goal is to steal credentials, deploy ransomware, and infiltrate sensitive systems. The operation has reportedly been active for over six months.
Attackers used malicious Google Ads that redirected users to doctored GitHub repositories. Modified README files mimicked genuine download pages but linked to a lookalike domain. MacOS users received the AMOS Stealer, while Windows victims downloaded bloated installers hiding malware.
The Windows malware evaded detection using GPU-based checks, refusing to run in sandboxes that lacked real graphics drivers. On genuine machines, it copied itself to %APPDATA%, sought elevated privileges, and altered Defender settings. Analysts dubbed the technique GPUGate.
The payload persisted by creating privileged tasks and sideloading malicious DLLs into legitimate executables. Its modular system could download extra malware tailored to each victim. The campaign was geo-fenced to EU targets and relied on redundant command servers.
Researchers warn that IT staff are prime targets due to their access to codebases and credentials. With the campaign still active, Arctic Wolf has published indicators of compromise, Yara rules, and security advice to mitigate the GPUGate threat.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Stablecoins have become central to the digital economy, with billions in daily transactions and stronger regulatory backing under the GENIUS Act. Yet experts warn that advances in quantum computing could undermine their very foundations.
Elliptic curve and RSA cryptography, widely used in stablecoin systems, are expected to be breakable once ‘Q-Day’ arrives. Quantum-equipped attackers could instantly derive private keys from public addresses, exposing entire networks to theft.
The immutability of blockchains makes upgrading cryptographic schemes especially challenging. Dormant wallets and legacy addresses may prove vulnerable, putting billions of dollars at risk if issuers fail to take action promptly.
Researchers highlight lattice-based and hash-based algorithms as viable ‘quantum-safe’ alternatives. Stablecoins built with crypto-agility, enabling seamless upgrades, will better adapt to new standards and avoid disruptive forks.
Regulators are also moving. NIST is finalising post-quantum cryptographic standards, and new rules will likely be established before 2030. Stablecoins that embed resilience today may set the global benchmark for digital trust in the quantum age.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The United States, Japan, and South Korea held two Trilateral Quantum Cooperation meetings this week in Seoul and Tokyo. Officials and experts from government and industry gathered to discuss securing quantum ecosystems against cyber, physical, and intellectual property threats.
The US State Department stressed that joint efforts will ensure breakthroughs in quantum computing benefit citizens while safeguarding innovation. Officials said cooperation is essential as quantum technologies could reshape industries, global power balances, and economic prosperity.
The President of South Korea, Lee Jae Myung, described the partnership as entering a ‘golden era’, noting that Seoul, Washington, and Tokyo must work together both to address North Korea and to drive technological progress.
The talks come as Paul Dabbar, the former CEO of Bohr Quantum Technology, begins his role as US Deputy Secretary of Commerce. Dabbar brings experience in deploying emerging quantum network technologies to the new trilateral framework.
North Korea has also signalled interest in quantum computing for economic development. Analysts note that quantum’s lower energy demand compared to supercomputers could appeal to a country plagued by chronic power shortages.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Production at Jaguar Land Rover (JLR) is to remain halted until at least next week after a cyberattack crippled the carmaker’s operations. Disruption is expected to last through September and possibly into October.
The UK’s largest car manufacturer, owned by Tata, has suspended activity at its plants in Halewood, Solihull, and Wolverhampton. Thousands of staff have been told to stay home on full pay while ‘banking’ hours are to be recovered later.
Suppliers, including Evtec, WHS Plastics, SurTec, and OPmobility, which employ more than 6,000 people in the UK, have also paused their operations. The Sunday Times reported speculation that the outage could drag on for most of September.
While there is no evidence of a data breach, JLR has notified the Information Commissioner’s Office about potential risks. Dozens of internal systems, including spare parts databases, remain offline, forcing dealerships to revert to manual processes.
Hackers linked to the groups Scattered Spider, Lapsus$, and ShinyHunters have claimed responsibility for the incident. JLR stated that it was collaborating with cybersecurity experts and law enforcement to restore systems in a controlled and safe manner.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Ransomware groups have evolved into billion-dollar operations targeting critical infrastructure across multiple countries, employing increasingly sophisticated extortion schemes. Between 2020 and 2022, more than 865 documented attacks were recorded across Australia, Canada, New Zealand, and the UK.
Criminals have escalated from simple encryption to double and triple extortion, threatening to leak stolen data as added leverage. Attack vectors include phishing, botnets, and unpatched flaws. Once inside, attackers use stealthy tools to persist and spread.
BlackSuit, formerly known as Conti, led with 141 attacks, followed by LockBit’s 129, according to data from the Australian Institute of Criminology. Ransomware-as-a-Service groups hit higher volumes by splitting developers from affiliates handling breaches and negotiations.
Industrial targets bore the brunt, with 239 attacks on manufacturing and building products. The consumer goods, real estate, financial services, and technology sectors also featured prominently. Analysts note that industrial firms are often pressured into quick ransom payments to restore production.
Experts warn that today’s ransomware combines military-grade encryption with advanced reconnaissance and backup targeting, raising the stakes for defenders. The scale of activity underscores how resilient these groups remain, adapting rapidly to law enforcement crackdowns and shifting market opportunities.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
