Cybercrime

Misconfigurations drive major global data breaches

Misconfigurations in cloud systems and enterprise networks remain one of the most persistent and damaging causes of data breaches worldwide.

Recent incidents have highlighted the scale of the issue, including a cloud breach at the US Department of Homeland Security, where sensitive intelligence data was inadvertently exposed to thousands of unauthorised users.

Experts say such lapses are often more about people and processes than technology. Complex workflows, rapid deployment cycles and poor oversight allow errors to spread across entire systems. Misconfigured servers, storage buckets or access permissions then become easy entry points for attackers.

Analysts argue that preventing these mistakes requires better governance, training and process discipline rather. Building strong safeguards and ensuring staff have the knowledge to configure systems securely are critical to closing one of the most exploited doors in cybersecurity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

US Treasury opens consultation on stablecoin regulation

The US Treasury has issued an Advance Notice of Proposed Rulemaking (ANPRM) to gather public input on implementing the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act. The consultation marks an early step in shaping rules around digital assets.

The GENIUS Act instructs the Treasury to draft rules that foster stablecoin innovation while protecting consumers, preserving stability, and reducing financial crime risks. The Treasury aims to balance technological progress with safeguards for the wider economic system by opening this process.

Through the ANPRM, the public is encouraged to submit comments, data, and perspectives that may guide the design of the regulatory framework. Although no new rules have been set yet, the consultation allows stakeholders to shape future stablecoin policies.

The initiative follows an earlier request for comment on methods to detect illicit activity involving digital assets, which remains open until 17 October 2025. Submissions in response to the ANPRM must be filed within 30 days of its publication in the Federal Register.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cyberattack disrupts major European airports

Airports across Europe faced severe disruption after a cyberattack on check-in software used by several major airlines.

Heathrow, Brussels, Berlin and Dublin all reported delays, with some passengers left waiting hours as staff reverted to manual processes instead of automated systems.

Brussels Airport asked airlines to cancel half of Monday’s departures after Collins Aerospace, the US-based supplier of check-in technology, could not provide a secure update. Heathrow said most flights were expected to operate but warned travellers to check their flight status.

Berlin and Dublin also reported long delays, although Dublin said it planned to run a full schedule.

Collins, a subsidiary of aerospace and defence group RTX, confirmed that its Muse software had been targeted by a cyberattack and said it was working to restore services. The UK’s National Cyber Security Centre coordinates with airports and law enforcement to assess the impact.

Experts warned that aviation is particularly vulnerable because airlines and airports rely on shared platforms. They said stronger backup systems, regular updates and greater cross-border cooperation are needed instead of siloed responses, as cyberattacks rarely stop at national boundaries.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK and USA sign technology prosperity deal

The UK and the USA have signed a Memorandum of Understanding (MOU) regarding the technology prosperity deal. The aim is to facilitate collaboration on joint opportunities of mutual interest across strategic science and technology areas, including AI, civil energy, and quantum technologies.

The two countries intend to collaborate on building powerful AI infrastructure, expanding access to computing for researchers, and developing high-impact datasets.

Key focus areas include joint flagship research programs in priority domains such as biotechnology, precision medicine, and fusion energy, supported by leading science agencies from both the UK and the USA.

The partnership will also explore AI applications in space, foster secure infrastructure and hardware innovation, and promote AI exports. Efforts will be made to align AI policy frameworks, support workforce development, and ensure broad public benefit.

The US Center for AI Standards and Innovation and the UK AI Security Institute will work together to advance AI safety, model evaluation, and global standards through shared expertise and talent exchange.

Additionally, the deal aims to fast-track breakthrough technologies, streamline regulation, secure supply chains, and outpace strategic competitors.

In the nuclear sector, the countries plan joint efforts in advanced reactors, next-generation fuels, and fusion energy, while upholding the highest standards of safety and non-proliferation.

Lastly, the deal aims to develop powerful machines with real-world applications in defence, healthcare, and logistics, while prioritising research security, cyber resilience, and protection of critical infrastructure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Researchers for OpenAI and Apollo find scheming behaviour in frontier AI models

OpenAI and Apollo Research developed evaluations to reveal hidden misalignment in advanced AI systems, often labelled scheming, and observed scheming-like behaviour in several frontier models, including OpenAI o3, o4-mini, Gemini 2.5 pro and Claude Opus-4.

Researchers treated covert actions, such as deliberately withholding or distorting task-relevant information, as a measurable proxy and stress-tested models across dozens of scenarios.

Scheming occurs when a model outwardly appears aligned while pursuing an alternate goal. The teams used a trader analogy to explain the risk: a rule-breaking broker who covers tracks can seem more compliant than an honest operator who accepts lower gains.

They trained models with deliberative alignment to counter the behaviour, asking them to read and reason about an anti-scheming specification before acting. Hence, models follow safety principles instead of merely avoiding detection.

That training produced about a thirtyfold reduction in covert actions on out-of-distribution tests, with o3 falling from 13 percent to 0.4 percent and o4-mini dropping from 8.7 percent to 0.3 percent.

Nevertheless, rare but serious failures remained, and measurement proved complex. Models often became more aware of being evaluated, and situational awareness can suppress observable scheming without altering underlying aims.

The study relied heavily on access to the models’ chain of thought to probe motivations, so preserving reasoning transparency is crucial for reliable oversight. The teams warned that training practices eroding transparency could make monitoring far harder and let misalignment hide rather than vanish.

OpenAI and Apollo called for broader cross-lab safety evaluations, stronger monitoring tools and continued research into anti-scheming techniques. They renewed their partnership, launched a $500,000 red-teaming challenge focused on scheming and proposed shared testing protocols.

The researchers emphasised there is no evidence that today’s deployed AI models would abruptly begin harmful scheming. Still, the risk will grow as systems take on more ambiguous, long-term, real-world responsibilities instead of short, narrow tasks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Japan investigates X for non-compliance with the harmful content law

Japanese regulators are reviewing whether the social media platform X fails to comply with new content removal rules.

The law, which took effect in April, requires designated platforms to allow victims of harmful online posts to request deletion without facing unnecessary obstacles.

X currently obliges non-users to register an account before they can file such requests. Officials say that it could represent an excessive burden for victims who violate the law.

The company has also been criticised for not providing clear public guidance on submitting removal requests, prompting questions over its commitment to combating online harassment and defamation.

Other platforms, including YouTube and messaging service Line, have already introduced mechanisms that meet the requirements.

The Ministry of Internal Affairs and Communications has urged all operators to treat non-users like registered users when responding to deletion demands. Still, X and the bulletin board site bakusai.com have yet to comply.

As said, it will continue to assess whether X’s practices breach the law. Experts on a government panel have called for more public information on the process, arguing that awareness could help deter online abuse.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

West London borough approves AI facial recognition CCTV rollout

Hammersmith and Fulham Council has approved a £3m upgrade to its CCTV system to see facial recognition and AI integrated across the west London borough.

With over 2,000 cameras, the council intends to install live facial recognition technology at crime hotspots and link it with police databases for real-time identification.

Alongside the new cameras, 500 units will be equipped with AI tools to speed up video analysis, track vehicles, and provide retrospective searches. The plans also include the possible use of drones, pending approval from the Civil Aviation Authority.

Council leader Stephen Cowan said the technology will provide more substantial evidence in a criminal justice system he described as broken, arguing it will help secure convictions instead of leaving cases unresolved.

Civil liberties group Big Brother Watch condemned the project as mass surveillance without safeguards, warning of constant identity checks and retrospective monitoring of residents’ movements.

Some locals also voiced concern, saying the cameras address crime after it happens instead of preventing it. Others welcomed the move, believing it would deter offenders and reassure those who feel unsafe on the streets.

The Metropolitan Police currently operates one pilot site in Croydon, with findings expected later in the year, and the council says its rollout depends on continued police cooperation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybersecurity researchers identify ransomware using open-source tools

A ransomware group calling itself Yurei first emerged on 5 September, targeting a food manufacturing company in Sri Lanka. Within days, the group had added victims in India and Nigeria, bringing the total confirmed incidents to three.

The Check Point researchers identified that Yurei’s code is largely derived from Prince-Ransomware, an open-source project, and this reuse includes retaining function and module names because the developers did not strip symbols from the compiled binary, making the link to Prince-Ransomware clear.

Yurei operates using a double-extortion model, combining file encryption with theft of sensitive data. Victims are pressured to pay not only for a decryption key but also to prevent stolen data from being leaked.

Yurei’s extortion workflow involves posting victims on a darknet blog, sharing proof of compromise such as internal document screenshots, and offering a chat interface for negotiation. If a ransom is paid, the group promises a decryption tool and a report detailing the vulnerabilities exploited during the attack, akin to a pen-test report.

Preliminary findings (with ‘low confidence’) suggest that Yurei may be based in Morocco, though attribution remains uncertain.

The emergence of Yurei illustrates how open-source ransomware projects lower the barrier to entry, enabling relatively unsophisticated actors to launch effective campaigns. The focus on data theft rather than purely encryption may represent an escalating trend in modern cyberextortion.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Prolonged JLR shutdown threatens UK export targets

Jaguar Land Rover (JLR) has confirmed that its production halt will continue until at least Wednesday, 24 September, as it works to recover from a major cyberattack that disrupted its IT systems and paralysed production at the end of August.

JLR stated that the extension was necessary because forensic investigations were ongoing and the controlled restart of operations was taking longer than anticipated. The company stressed that it was prioritising a safe and stable restart and pledged to keep staff, suppliers, and partners regularly updated.

Reports suggest recovery could take weeks, impacting production and sales channels for an extended period. Approximately 33,000 employees remain at home as factory and sales processes are not fully operational, resulting in estimated losses of £1 billion in revenue and £70 million in profits.

The shutdown also poses risks to the wider UK economy, as JLR represents roughly four percent of British exports. The incident has renewed calls for the Cyber Security and Resilience Bill, which aims to strengthen defenses against digital threats to critical industries.

No official attribution has been made, but a group calling itself Scattered Lapsus$ Hunters has claimed responsibility. The group claims to have deployed ransomware and published screenshots of JLR’s internal SAP system, linking itself to extortion groups, including Scattered Spider, Lapsus$, and ShinyHunters.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattack compromises personal data used for DBS checks at UK college

Bracknell and Wokingham College has confirmed a cyberattack that compromised data collected for Disclosure and Barring Service (DBS) checks. The breach affects data used by Activate Learning and other institutions, including names, dates of birth, National Insurance numbers, and passport details.

Access Personal Checking Services (APCS) was alerted by supplier Intradev on August 17 that its systems had been accessed without authorisation. While payment card details and criminal conviction records were not compromised, data submitted between December 2024 and May 8, 2025, was copied.

APCS stated that its own networks and those of Activate Learning were not breached. The organisation is contacting only those data controllers where confirmed breaches have occurred and has advised that its services can continue to be used safely.

Activate Learning reported the incident to the Information Commissioner’s Office following a risk assessment. APCS is still investigating the full scope of the breach and has pledged to keep affected institutions and individuals informed as more information becomes available.

Individuals have been advised to closely monitor their financial statements, exercise caution when opening phishing emails, and regularly update security measures, including passwords and two-factor authentication. Activate Learning emphasised the importance of staying vigilant to minimise risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!