EU regulators are preparing for a significant shift in crypto oversight as new rules take effect on 1 January 2026. Crypto providers must report all customer transactions and holdings in a uniform digital format, giving tax authorities broader visibility across the bloc.
The DAC8 framework brings mandatory cross-border data sharing, a centralised operator register and unique ID numbers for each reporting entity. These measures aim to streamline supervision and enhance transparency, even though data on delisted firms must be preserved for up to twelve months.
Privacy concerns are rising as the new rules expand the travel rule for transfers above €1,000 and introduce possible ownership checks on private wallets. Combined with MiCA and upcoming AML rules, regulators gain deeper insight into user behaviour, wallet flows and platform operations.
Plans for ESMA to oversee major exchanges are facing pushback from smaller financial hubs, which are concerned about higher compliance costs and reduced competitiveness. Supporters argue that unified supervision is necessary to prevent regulatory gaps and reinforce market integrity across the EU.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Royal Borough of Kensington and Chelsea has activated emergency response plans after a cyberattack disrupted council systems in west London.
Westminster City Council and Hammersmith and Fulham Council are also affected through joint arrangements, with the National Crime Agency and the National Cyber Security Centre, led by GCHQ, leading the investigation. Staff in some areas have been advised to work from home while parts of the network stay offline as a precaution.
An internal memo shows that sections of the network remain closed and that a full return of affected systems is not expected for several days. Phone lines and online forms may face disruption, although alternative contact numbers are available on the council website.
Cybersecurity specialist Nathan Webb advised residents to be cautious about emails or calls referencing the incident, as attackers frequently exploit public attention surrounding a breach to launch scams.
He added that identifying any external supplier involved is essential so that other clients can secure their own systems. Forescout expert Rik Ferguson said the case demonstrates how shared digital services can allow a breach to spread risk across multiple organisations.
Councils have praised the overnight work by IT teams, but are not disclosing technical details while the investigation continues.
BBC cyber correspondent Joe Tidy said taking servers offline is an extreme step usually used for significant incidents. He pointed to the Co-op case earlier this year, where the company also disconnected systems, but only after hackers had already taken data from 6.5 million people.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Researchers have uncovered a large phishing operation, known as Quantum Route Redirect (QRR), that creates fake Microsoft 365 login pages across nearly 1,000 domains. The campaign uses convincing email lures, including DocuSign notices and payment alerts, to steal user credentials.
QRR operations have reached 90 countries, with US users hit hardest. Analysts say the platform evades scanners by sending bots to safe pages while directing real individuals to credential-harvesting sites on compromised domains.
The kit emerged shortly after Microsoft disrupted the RaccoonO365 network, which had stolen thousands of accounts. Similar tools, such as VoidProxy and Darcula, have appeared; yet, QRR stands out for its automation and ease of use, which enable rapid, large-scale attacks.
Cybersecurity experts warn that URL scanning alone can no longer stop such operations. Organisations are urged to adopt layered protection, stronger sign-in controls and behavioural monitoring to detect scams that increasingly mimic genuine Microsoft systems.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Cybersecurity researchers say cybercriminals are turning to a growing underground market of customised large language models designed to support low-level hacking tasks.
A new report from Palo Alto Networks’ Unit 42 describes how dark web forums promote jailbroken, open-source and bespoke AI models as hacking assistants or dual-use penetration testing tools, often sold via monthly or annual subscriptions.
Some appear to be repurposed commercial models trained on malware datasets and maintained by active online communities.
These models help users scan for vulnerabilities, write scripts, encrypt or exfiltrate data and generate exploit or phishing code, tasks that can support both attackers and defenders.
Unit 42’s Andy Piazza compared them to earlier dual-use tools, such as Metasploit and Cobalt Strike, which were developed for security testing but are now widely abused by criminal groups. He warned that AI now plays a similar role, lowering the expertise needed to launch attacks.
One example is a new version of WormGPT, a jailbroken LLM that resurfaced on underground forums in September after first appearing in 2023.
The updated ‘WormGPT 4’ is marketed as an unrestricted hacking assistant, with lifetime access reportedly starting at around $220 and an option to buy the complete source code. Researchers say it signals a shift from simple jailbreaks to commercialised, specialised tools that train AI for cybercrime.
Another model, KawaiiGPT, is available for free on GitHub and brands itself as a playful ‘cyber pentesting’ companion while generating malicious content.
Unit 42 calls it an entry-level but effective malicious LLM, with a casual, friendly style that masks its purpose. Around 500 contributors support and update the project, making it easier for non-experts to use.
Piazza noted that internal tests suggest much of the malware generated by these tools remains detectable and less advanced than code seen in some recent AI-assisted campaigns. The wider concern, he said, is that such models make hacking more accessible by translating technical knowledge into simple prompts.
Users no longer need to know jargon like ‘lateral movement’ and can instead ask everyday questions, such as how to find other systems on a network, and receive ready-made scripts.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A South Tyneside family has spoken publicly after an elderly man lost almost £3,000 to a highly persuasive cryptocurrency scam, according to a recent BBC report. The scammer contacted the victim repeatedly over several weeks, initially offering help with online banking before shifting to an ‘investment opportunity’.
According to the family, the caller built trust by using personal details, even fabricating a story about ‘free Bitcoin’ awarded to the man years earlier.
Police said the scam fits a growing trend of crypto-related fraud. The victim, under the scammer’s guidance, opened multiple new bank accounts and was eventually directed to transfer nearly £3,000 into a Coinbase-linked crypto wallet.
Attempts by the family to recover the funds were unsuccessful. Coinbase said it advises users to research any investment carefully and provides guidance on recognising scams.
Northumbria Police and national fraud agencies have been alerted. Officers said crypto scams present particular challenges because, unlike traditional banking fraud, the transferred funds are far harder to trace.
Community groups in Sunderland, such as Pallion Action Group, are now running sessions to educate older residents about online threats, noting that rapid changes in technology can make such scams especially daunting for pensioners.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The EU member states have endorsed a position for new rules to counter child sexual abuse online. The plan introduces duties for digital services to prevent the spread of abusive material. It also creates an EU Centre to coordinate enforcement and support national authorities.
Service providers must assess how their platforms could be misused and apply mitigation measures. These may include reporting tools, stronger privacy defaults for minors, and controls over shared content. National authorities will review these steps and can order additional action where needed.
A three-tier risk system will categorise services as high, medium, or low risk. High-risk platforms may be required to help develop protective technologies. Providers that fail to comply with obligations could face financial penalties under the regulation.
Victims will be able to request the removal or disabling of abusive material depicting them. The EU Centre will verify provider responses and maintain a database to manage reports. It will also share relevant information with Europol and law enforcement bodies.
The Council supports extending voluntary scanning for abusive content beyond its current expiry. Negotiations with the European Parliament will now begin on the final text. The Parliament adopted its position in 2023 and will help decide the Centre’s location.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Digital violence against women is rising sharply, fuelled by AI, online anonymity, and weak legal protections, leaving millions exposed.
UN Women warns that abuse on digital platforms often spills into real life, threatening women’s safety, livelihoods, and ability to participate freely in public life.
Public figures, journalists, and activists are increasingly targeted with deepfakes, coordinated harassment campaigns, and gendered disinformation designed to silence and intimidate.
One in four women journalists report receiving online death threats, highlighting the urgent scale and severity of the problem.
Experts call for stronger laws, safer digital platforms, and more women in technology to address AI-driven abuse effectively. Investments in education, digital literacy, and culture-change programmes are also vital to challenge toxic online communities and ensure digital spaces promote equality rather than harm.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Multiple London councils are responding to a cyberattack that has disrupted shared IT systems and raised concerns about data exposure. Kensington and Chelsea and Westminster councils detected the incident on Monday and alerted the Information Commissioner’s Office as investigations began.
The councils say they are working with specialist incident teams and the National Cyber Security Centre (NCSC) to protect systems and keep key services running. Several platforms have been affected, and staff have been redeployed to support residents through monitored phone lines and email channels.
Hammersmith and Fulham, which shares IT services with the affected councils, has also reported disruption. Local leaders say it is too early to confirm who was responsible or whether personal data has been compromised. Overnight mitigation work has been carried out as monitoring continues.
Security researchers describe indications of a serious intrusion involving lateral movement across shared infrastructure. They warn that attackers may escalate to data theft or encryption, given the sensitivity of the information held by local authorities.
National security agencies and police are assessing the incident’s potential impact. Analysts say the attack highlights long-standing risks facing councils that manage extensive services on limited budgets and with inconsistent cyber safeguards.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The internet has become part of almost everything we do. It helps us work, stay in touch with friends and family, buy things, plan trips, and handle tasks that would have felt impossible until recently. Most people cannot imagine getting through the day without it.
But there is a hidden cost to all this convenience. Most of the time, online services run smoothly, with countless systems working together in the background. But every now and then, though, a key cog slips out of place.
When that happens, the effects can spread fast, taking down apps, websites, and even entire industries within minutes. These moments remind us how much we rely on digital services, and how quickly everything can unravel when something goes wrong. It raises an uncomfortable question. Is digital dependence worth the convenience, or are we building a house of cards that could collapse, pulling us back into reality?
Warning shots of the dot-com Era and the infancy of Cloud services
In its early years, the internet saw several major malfunctions that disrupted key online services. Incidents like the Morris worm in 1988, which crashed about 10 percent of all internet-connected systems, and the 1996 AOL outage that left six million users offline, revealed how unprepared the early infrastructure was for growing digital demand.
A decade later, the weaknesses were still clear. In 2007, Skype, then with over 270 million users, went down for nearly two days after a surge in logins triggered by a Windows update overwhelmed its network. Since video calls were still in their early days, the impact was not as severe, and most users simply waited it out, postponing chats with friends and family until the issue was fixed.
As the dot-com era faded and the 2010s began, the shift to cloud computing introduced a new kind of fragility. When Amazon’s EC2 and EBS systems in the US-East region went down in 2011, the outage took down services like Reddit, Quora, and IMDb for days, exposing how quickly failures in shared infrastructure can cascade.
A year later, GoDaddy’s DNS failure took millions of websites offline, while large-scale Gmail disruptions affected users around the world, early signs that the cloud’s growing influence came with increasingly high stakes.
By the mid-2010s, it was clear that the internet had evolved from a patchwork of standalone services to a heavily interconnected ecosystem. When cloud or DNS providers stumbled, their failures rippled simultaneously across countless platforms. The move to centralised infrastructure made development faster and more accessible, but it also marked the beginning of an era where a single glitch could shake the entire web.
Centralised infrastructure and the age of cascading failures
The late 2000s and early 2010s saw a rapid rise in internet use, with nearly 2 billion people worldwide online. As access grew, more businesses moved into the digital space, offering e-commerce, social platforms, and new forms of online entertainment to a quickly expanding audience.
With so much activity shifting online, the foundation beneath these services became increasingly important, and increasingly centralised, setting the stage for outages that could ripple far beyond a single website or app.
The next major hit came in 2016, when a massive DDoS attack crippled major websites across the USA and Europe. Platforms like Netflix, Reddit, Twitter, and CNN were suddenly unreachable, not because they were directly targeted, but because Dyn, a major DNS provider, had been overwhelmed.
The attack used the Mirai botnet malware to hijack hundreds of thousands of insecure IoT devices and flood Dyn’s servers with traffic. It was one of the clearest demonstrations yet that knocking out a single infrastructure provider could take down major parts of the internet in one stroke.
In 2017, another major outage occurred, with Amazon at the centre once again. On 28 February, the company’s Simple Storage Service (S3) went down for about 4 hours, disrupting access across a large part of the US-EAST-1 region. While investigating a slowdown in the billing system, an Amazon engineer accidentally entered a typo in a command, taking more servers offline than intended.
That small error was enough to knock out services like Slack, Quora, Coursera, Expedia and countless other websites that relied on S3 for storage or media delivery. The financial impact was substantial; S&P 500 companies alone were estimated to have lost roughly 150 million dollars during the outage.
Amazon quickly published a clear explanation and apology, but transparency could not undo the economic damage nor (yet another) sudden reminder that a single mistake in a centralised system could ripple across the entire web.
Outages in the roaring 2020s
The S3 incident made one thing clear. Outages were no longer just about a single platform going dark. As more services leaned on shared infrastructure, even small missteps could take down enormous parts of the internet. And this fragility did not stop at cloud storage.
Over the next few years, attention shifted to another layer of the online ecosystem: content delivery networks and edge providers that most people had never heard of but that nearly every website depended on.
The 2020s opened with one of the most memorable outages to date. On 4 October 2021, Facebook and its sister platforms, Instagram, WhatsApp, and Messenger, vanished from the internet for nearly 7 hours after a faulty BGP configuration effectively removed the company’s services from the global routing table.
Millions of users flocked to other platforms to vent their frustration, overwhelming Twitter, Telegram, Discord, and Signal’s servers and causing performance issues across the board. It was a rare moment when a single company’s outage sent measurable shockwaves across the entire social media ecosystem.
But what happens when outages hit industries far more essential than social media? In 2023, the Federal Aviation Administration was forced to delay more than 10,000 flights, the first nationwide grounding of air traffic since the aftermath of September 11.
A corrupted database file brought the agency’s Notice to Air Missions (NOTAM) system to a standstill, leaving pilots without critical safety updates and forcing the entire aviation network to pause. The incident sent airline stocks dipping and dealt another blow to public confidence, showing just how disruptive a single technical failure can be when it strikes at the heart of critical infrastructure.
Outages that defined 2025
The year 2025 saw an unprecedented wave of outages, with server overloads, software glitches and coding errors disrupting services across the globe. The Microsoft 365 suite outage in January, the Southwest Airlines and FAA synchronisation failure in April, and the Meta messaging blackout in July all stood out for their scale and impact.
But the most disruptive failures were still to come. In October, Amazon Web Services suffered a major outage in its US-East-1 region, knocking out everything from social apps to banking services and reminding the world that a fault in a single cloud region can ripple across thousands of platforms.
Just weeks later, the Cloudflare November outage became the defining digital breakdown of the year. A logic bug inside its bot management system triggered a cascading collapse that took down social networks, AI tools, gaming platforms, transit systems and countless everyday websites in minutes. It was the clearest sign yet that when core infrastructure falters, the impact is immediate, global and largely unavoidable.
And yet, we continue to place more weight on these shared foundations, trusting they will hold because they usually do. Every outage, whether caused by a typo, a corrupted file, or a misconfigured update, exposes how quickly things can fall apart when one key piece gives way.
Going forward, resilience needs to matter as much as innovation. That means reducing single points of failure, improving transparency, and designing systems that can fail without dragging everything down. The more clearly we see the fragility of the digital ecosystem, the better equipped we are to strengthen it.
Outages will keep happening, and no amount of engineering can promise perfect uptime. But acknowledging the cracks is the first step toward reinforcing what we’ve built — and making sure the next slipped cog does not bring the whole machine to a stop.
The smoke and mirrors of the digital infrastructure
The internet is far from destined to collapse, but resilience can no longer be an afterthought. Redundancy, decentralisation and smarter oversight need to be part of the discussion, not just for engineers, but for policymakers as well.
Outages do not just interrupt our routines. They reveal the systems we have quietly built our lives around. Each failure shows how deeply intertwined our digital world has become, and how fast everything can stop when a single piece gives way.
Will we learn enough from each one to build a digital ecosystem that can absorb the next shock instead of amplifying it? Only time will tell.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Enterprise AI entered a new phase as organisations transitioned from simple, prompt-driven tools to autonomous agents capable to acting within complex workflows.
Leaders now face a reality where agentic systems can accelerate development, improve decision-making, and support employees, yet concerns over unreliable data and inconsistent behaviour still weaken trust.
AI adoption has risen sharply, although many remain cautious about committing fully without stronger safeguards in place.
The next stage will rely on multi-agent models where an orchestrator coordinates specialised agents across departments. Single agents will lose effectiveness if they fail to offer scalable value, as enterprises require communication protocols, unified context, and robust governance.
Agents will increasingly pursue outcomes rather than follow instructions. At the same time, event-driven automation will allow them to detect problems, initiate analysis, and collaborate with other agents without waiting for human prompts. Simulation environments will further accelerate learning and strengthen reliability.
Trusted AI will become a defining competitive factor. Brands will be judged by the quality, personalisation, and relational intelligence of their agents rather than traditional identity markers.
Effective interfaces, transparent governance, and clear metrics for agent adherence will shape customer loyalty and shareholder confidence.
Cybersecurity will shift toward autonomous, self-healing digital immune systems, while advances in spatially aware AI will accelerate robotics and immersive simulations across various industries.
Broader impacts will reshape workplace culture. AI-native engineers will shorten development cycles, while non-technical employees will create personal applications, rather than relying solely on central teams.
Ambient intelligence may push new hardware into the mainstream, and sustainability debates will increasingly focus on water usage in data-intensive AI systems. Governments are preparing to upskill public workforces, and consumer agents will pressure companies to offer better value.
Long-term success will depend on raising AI literacy and selecting platforms designed for scalable, integrated, and agentic operations.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
