A new global survey by 11:11 Systems highlights growing concerns among IT leaders over cyber incident recovery. More than 800 senior IT professionals across North America, Europe, and the Asia Pacific report a rising strain from evolving threats, staffing gaps, and limited clean-room infrastructure.
Over 80% of respondents experienced at least one major cyberattack in the past year, with more than half facing multiple incidents. Nearly half see recovery planning complexity as their top challenge, while over 80% say their organisations are overconfident in their recovery capabilities.
The survey also reveals that 74% believe integrating AI could increase cyberattack vulnerability. Despite this, 96% plan to invest in cyber incident recovery within the next 12 months, underlining its growing importance in budget strategies.
The financial stakes are high. Over 80% of respondents reported spending at least six figures during just one hour of downtime, with the top 5% incurring losses of over one million dollars per hour. Yet 30% of businesses do not test their recovery plans annually, despite these risks.
11:11 Systems’ CTO Justin Giardina said organisations must adopt a proactive, AI-driven approach to recovery. He emphasised the importance of advanced platforms, secure clean rooms, and tailored expertise to enhance cyber resilience and expedite recovery after incidents.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Several major gaming and online platforms have reportedly faced simultaneous disruptions across multiple devices and regions. Platforms like Steam and Riot Games experienced connection issues, blocking access to major titles such as Counter-Strike, Dota 2, Valorant, and League of Legends.
Some users reported issues with PlayStation Network, Epic Games, Hulu, AWS, and other services.
Experts suggest the outages may be linked to a possible DDoS attack from the Aisuru botnet. While official confirmations remain limited, reports indicate unusually high traffic, with one source claiming bandwidth levels near 30 terabits per second.
Similar activity from Aisuru has been noted in incidents dating back to 2024, targeting a range of internet-connected devices.
The botnet is thought to exploit vulnerabilities in routers, cameras, and other connected devices, potentially controlling hundreds of thousands of nodes. Researchers say the attacks are widespread across countries and industries, though their full scale and purpose remain uncertain.
Further investigations are ongoing, and platforms continue to monitor and respond to potential threats. Users are advised to remain aware of service updates and exercise caution when accessing online networks during periods of unusual activity.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Brazil is set to approve its first comprehensive Cybersecurity Legal Framework with Bill No. 4752/2025. The legislation creates a National Cybersecurity Authority and requires compliance for government procurement, with shared responsibility for supply chain security incidents.
The framework aims to unify the country’s fragmented cybersecurity policies. Government agencies will follow ANC standards, while companies delivering services to public entities must meet minimum cybersecurity requirements.
The ANC will also publish lists of compliant suppliers, providing a form of certification that could enhance trust in both public and private partnerships.
Supply chain oversight is a key element of the bill. Public bodies must assess supplier risks, and liability will be shared in the event of breaches.
The law encourages investment in national cybersecurity technologies and offers opportunities for companies to access financing and participate in the National Cybersecurity Program.
Approval would make Brazil one of the first Latin American countries with a robust federal cybersecurity law. The framework aims to strengthen protections, encourage innovation, and boost confidence for citizens, businesses, and international partners.
Companies that prepare now will gain a competitive advantage when the law comes into effect.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Discord has disclosed a security incident after a third-party customer service provider was compromised. The breach exposed personal data from users who contacted Discord’s support and Trust & Safety teams.
An unauthorised party accessed the provider’s ticketing system and targeted user data in an extortion attempt. Discord revoked access, launched an investigation with forensic experts, and notified law enforcement. Impacted users will be contacted via official email.
Compromised information may include usernames, contact details, partial billing data, IP addresses, customer service messages, and limited government-ID images. Passwords, authentication data, and full credit card numbers were not affected.
Discord has notified data protection authorities and strengthened security controls for third-party providers. It has also reviewed threat detection systems to prevent similar incidents.
The company urges affected users to remain vigilant against suspicious messages. Service agents are available to answer questions and provide additional support.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A major data breach has affected the Northern Rivers Resilient Homes Program in New South Wales.
Authorities confirmed that personal information was exposed after a former contractor uploaded data to the AI platform ChatGPT between 12 and 15 March 2025.
The leaked file contained over 12,000 records, with details including names, addresses, contact information and health data. Up to 3,000 individuals may be impacted.
While there is no evidence yet that the information has been accessed by third parties, the NSW Reconstruction Authority (RA) and Cyber Security NSW have launched a forensic investigation.
Officials apologised for the breach and pledged to notify all affected individuals in the coming week. ID Support NSW is offering free advice and resources, while compensation will be provided for any costs linked to replacing compromised identity documents.
The RA has also strengthened its internal policies to prevent unauthorised use of AI platforms. An independent review of the incident is underway to determine how the breach occurred and why notification took several months.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Jaguar Land Rover (JLR) is beginning to restart production after a severe cyber-attack forced the company to shut down factories across several countries. Operations will restart at Wolverhampton, with other sites like Solihull and Halewood reopening gradually in the coming weeks.
The attack, which occurred at the end of August, halted manufacturing and paralysed the carmaker’s IT systems.
The disruption has caused significant financial strain across JLR’s supply chain, with many small businesses facing weeks without income. The government has offered a £1.5 billion loan guarantee to support suppliers, but industry leaders warn the assistance does not go far enough.
Evtec Group chairman David Roberts called the policy ‘toothless’, saying companies still struggle to cover labour and payroll costs after six weeks of zero revenue.
Experts believe recovery will take time, as restarting industrial production involves complex processes that cannot resume instantly. Former Aston Martin boss Andy Palmer warned that some suppliers may not survive the prolonged halt, risking further disruption.
JLR has confirmed its recovery programme is ‘firmly underway’ and that its global parts logistics centre is returning to normal operations, yet full production may remain weeks away.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
European Cybersecurity Month (ECSM) 2025 has kicked off, with this year’s campaign centring on the growing threat of phishing attacks.
The initiative, driven by the EU Agency for Cybersecurity (ENISA) and the European Commission, seeks to raise awareness and provide practical guidance to European citizens and organisations.
Phishing is still the primary vector through which threat actors launch social engineering attacks. However, this year’s ECSM materials expand the scope to include variants like SMS phishing (smishing), QR code phishing (quishing), voice phishing (vishing), and business email compromise (BEC).
ENISA warns that as of early 2025, over 80 percent of observed social engineering activity involves using AI in their campaigns, in which language models enable more convincing and scalable scams.
To support the campaign, a variety of tiers of actors, from individual citizens to large organisations, are encouraged to engage in training, simulations, awareness sessions and public outreach under the banner #ThinkB4UClick.
A cross-institutional kick-off event is also scheduled, bringing together the EU institutions, member states and civil society to align messaging and launch coordinated activities.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has warned that hackers are emailing company executives, claiming to have stolen sensitive data from Oracle business applications. The group behind the campaign identifies itself as affiliated with the Cl0p ransomware gang.
In a statement, Google said the attackers target executives at multiple organisations with extortion emails linked to Oracle’s E-Business Suite. The company stated that it lacks sufficient evidence to verify the claims or confirm whether any data has been taken.
Neither Cl0p nor Oracle responded to requests for comment. Google did not provide additional information about the scale or specific campaign targets.
The cl0p ransomware gang has been involved in several high-profile extortion cases, often using claims of data theft to pressure organisations into paying ransoms, even when breaches remain unverified.
Google advised recipients to treat such messages cautiously and report any suspicious emails to security teams while investigations continue.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The US National Institute of Standards and Technology (NIST) has updated its password guidelines, urging organisations to drop strict complexity rules. NIST states that requirements such as mandatory symbols and frequent resets often harm usability without significantly improving security.
Instead, the agency recommends using blocklists for breached or commonly used passwords, implementing hashed storage, and rate limiting to resist brute-force attacks. Multi-factor authentication and password managers are encouraged as additional safeguards.
Password length remains essential. Short strings are easily cracked, but users should be allowed to create longer passphrases. NIST recommends limiting only extremely long passwords that slow down hashing.
The new approach replaces mandatory resets with changes triggered only after suspected compromise, such as a data breach. NIST argues this method reduces fatigue while improving overall account protection.
Businesses adopting these guidelines must audit their existing policies, reconfigure authentication systems, deploy blocklists, and train employees to adapt accordingly. Clear communication of the changes will be key to ensuring compliance.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Researchers have uncovered a phishing toolkit disguised as a PDF attachment to bypass Gmail’s defences. Known as MatrixPDF, the technique blurs document text, embeds prompts, and uses hidden JavaScript to redirect victims to malicious sites.
The method exploits Gmail’s preview function, slipping past filters because the PDF contains no visible links. Users are lured into clicking a fake button to ‘open secure document,’ triggering the attack and fetching malware outside Gmail’s sandbox.
A second variation embeds scripts that connect directly to payload URLs when PDFs are opened in desktop or browser readers. Victims see permission prompts that appear legitimate, but allowing access launches downloads that compromise devices.
Experts warn that PDFs are trusted more than other file types, making this a dangerous evolution of social engineering. Once inside a network, attackers can move laterally, escalate privileges, and plant further malware.
Security leaders recommend restricting personal email access on corporate devices, increasing sandboxing capabilities, and expanding employee training initiatives. Analysts emphasise that awareness and recognition of suspicious files remain crucial in countering this new phishing threat.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
