Critical infrastructure

Huawei and ZTE expand 5G foothold in Vietnam amid US concern

Vietnam has moved to expand its use of Chinese 5G technology, awarding Huawei and ZTE a series of new contracts. Under recent deals, the two companies will supply advanced 5G radio equipment to strengthen network coverage, while European vendors remain responsible for core systems.

Vietnam, which borders China, Laos, and Cambodia, previously echoed allies’ warnings that Chinese-made 5G gear posed an unacceptable security risk. Recent tariff frictions with the United States and shifting economic priorities have since pushed officials to reconsider that stance.

According to local reports, Huawei and ZTE have together secured contracts worth about 43 million dollars for non-core 5G equipment. Ericsson and Nokia are expected to continue supplying the 5G core, with Chinese vendors focused on antennas and related infrastructure at the network edge.

In April, a consortium including Huawei won a 23 million dollar deal to provide 5G gear, shortly after new US tariffs on Vietnamese exports came into force. Analysts say those measures have strained ties between Hanoi and Washington while nudging Vietnam to deepen economic and technological links with Beijing.

Vietnamese supply chain specialist Nguyen Hung says Hanoi is prioritising its own strategic interests, seeing closer ties with Chinese vendors as a route to deeper regional integration. US officials warn the deals could damage network trust and limit access to advanced American technology.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

SAP expands sovereign cloud vision with EU AI Cloud

SAP introduced the EU AI Cloud as part of a unified plan that aims to support Europe’s digital sovereignty goals.

The offering consolidates SAP’s existing sovereign cloud work under one structure and provides organisations with a way to meet strict regulatory and operational needs, ensuring full EU data residency.

Customers can select deployment options that match their level of required control, ranging from SAP’s European data centres to on-site infrastructure.

SAP is also expanding its partnership with Cohere to integrate advanced multimodal and agentic AI features through Cohere North.

Incorporation into SAP Business Technology Platform enables enterprises with data residency constraints to apply AI within core processes without undermining compliance or performance.

A collaboration that is intended to improve insight generation and decision support across a wide range of industries.

EU AI Cloud is backed by a broad ecosystem that includes Cohere, Mistral AI, OpenAI and other partners whose models and applications can be accessed through SAP BTP.

European enterprises and public bodies gain access to routes for developing and deploying AI tools while maintaining flexibility and sovereignty.

The range of options includes SAP Sovereign Cloud, customer-operated on-site deployments and, where chosen, commercial services on selected hyperscalers with sovereignty controls. The approach also includes Delos Cloud for organisations in Germany that require dedicated public sector safeguards.

SAP positions the initiative as a means to advance AI adoption in Europe, aligning with regional standards on data protection and operational independence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

South Korea accelerates AI adoption as NVIDIA strengthens national ecosystem

NVIDIA AI Day Seoul drew more than 1,000 visitors who gathered to explore sovereign AI and the rapid progress shaping South Korea’s digital landscape.

Attendees joined workshops, technical sessions and startup showcases designed to highlight the country’s expanding ecosystem instead of focusing only on theoretical advances.

Five finalists from the Inception Grand Challenge also presented their work, reflecting the growing strength of South Korea’s startup community.

Speakers outlined how AI now supports robotics, industrial production, entertainment and public administration.

Conglomerates from South Korea, such as Samsung, SK Group, Hyundai Motor Group and NAVER Cloud, have intensified their investment in AI, while government agencies rely on accelerated computing to process documents and policy information at scale.

South Korea’s ecosystem continues to expand with hundreds of Inception startups, sovereign LLM initiatives and major supercomputing deployments.

Developers engaged directly with NVIDIA engineers through workshops and a Q&A area covering AI infrastructure, LLMs, robotics and automotive technologies. Plenary sessions examined agentic AI, reasoning models and the evolution of AI factories.

Partners presented advances in training efficiency, agentic systems and large-scale AI infrastructure built with NVIDIA’s platforms instead of legacy hardware.

South Korea’s next phase of development will be supported by access to 260,000 GPUs announced during the APEC Summit. Officials expect the infrastructure to accelerate startup growth, stimulate national AI priorities and attract new collaboration across research and industry.

The Seoul event marks another step in the country’s effort to reinforce its digital foundation while expanding its role in global AI innovation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Asahi faces major disruption after cyberattack

Growing concern surrounds Asahi Group after the company acknowledged a possible leak of nearly two million personal records linked to a cyberattack that began in late September.

Company president Atsushi Katsuki apologised publicly and confirmed that operations remain heavily disrupted as logistics teams work towards full recovery by February.

Investigators found that attackers infiltrated network equipment at one of Asahi’s facilities, obtained administrator credentials and accessed servers repeatedly.

Atsushi Katsuki noted that the breach demonstrated significant vulnerabilities, although he stressed that improvements had already been implemented and no ransom had been paid.

Production and shipments across most domestic factories were halted, forcing employees to handle orders manually and slowing the resumption of supply lines.

Competitors Kirin, Suntory and Sapporo have struggled to meet unexpected demand, triggering shipping limits and suspensions on some products across the wider beer industry.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Malicious Chrome extension siphons SOL from Solana swaps

Security researchers have uncovered a malicious Chrome extension that secretly diverts SOL from users conducting swaps on the Solana blockchain. The extension, called Crypto Copilot, injects an undisclosed transfer into every Raydium transaction, quietly routing funds to a hardcoded attacker wallet.

The tool presents itself as a convenience app that enables Solana swaps directly from X posts, connecting to wallets such as Phantom and Solflare. Behind the interface, the code appends a hidden SystemProgram.transfer instruction to each transaction.

The fee is set at either 0.0013 SOL or 0.05% of the trade amount, whichever is higher, and remains invisible unless the user inspects the complete instruction list.

External services lend the app legitimacy, utilising DexScreener data, Helius RPC calls, and a backend dashboard that provides no actual functionality. Researchers warn that the disposable infrastructure, misspelt domains, and obfuscated code point to clear malicious intent, not an unfinished product.

On-chain analysis indicates limited gains for attackers so far, likely due to the low distribution. The mechanism, however, scales directly with swap volume, placing high-frequency and large-volume traders at the most significant risk.

Security teams are urging users to avoid closed-source trading extensions and to scrutinise Solana transactions before signing.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU prepares tougher oversight for crypto operators

EU regulators are preparing for a significant shift in crypto oversight as new rules take effect on 1 January 2026. Crypto providers must report all customer transactions and holdings in a uniform digital format, giving tax authorities broader visibility across the bloc.

The DAC8 framework brings mandatory cross-border data sharing, a centralised operator register and unique ID numbers for each reporting entity. These measures aim to streamline supervision and enhance transparency, even though data on delisted firms must be preserved for up to twelve months.

Privacy concerns are rising as the new rules expand the travel rule for transfers above €1,000 and introduce possible ownership checks on private wallets. Combined with MiCA and upcoming AML rules, regulators gain deeper insight into user behaviour, wallet flows and platform operations.

Plans for ESMA to oversee major exchanges are facing pushback from smaller financial hubs, which are concerned about higher compliance costs and reduced competitiveness. Supporters argue that unified supervision is necessary to prevent regulatory gaps and reinforce market integrity across the EU.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

London councils activate emergency plans after serious cyber attack

The Royal Borough of Kensington and Chelsea has activated emergency response plans after a cyberattack disrupted council systems in west London.

Westminster City Council and Hammersmith and Fulham Council are also affected through joint arrangements, with the National Crime Agency and the National Cyber Security Centre, led by GCHQ, leading the investigation. Staff in some areas have been advised to work from home while parts of the network stay offline as a precaution.

An internal memo shows that sections of the network remain closed and that a full return of affected systems is not expected for several days. Phone lines and online forms may face disruption, although alternative contact numbers are available on the council website.

Cybersecurity specialist Nathan Webb advised residents to be cautious about emails or calls referencing the incident, as attackers frequently exploit public attention surrounding a breach to launch scams.

He added that identifying any external supplier involved is essential so that other clients can secure their own systems. Forescout expert Rik Ferguson said the case demonstrates how shared digital services can allow a breach to spread risk across multiple organisations.

Councils have praised the overnight work by IT teams, but are not disclosing technical details while the investigation continues.

BBC cyber correspondent Joe Tidy said taking servers offline is an extreme step usually used for significant incidents. He pointed to the Co-op case earlier this year, where the company also disconnected systems, but only after hackers had already taken data from 6.5 million people.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

New phishing kit targets Microsoft 365 users

Researchers have uncovered a large phishing operation, known as Quantum Route Redirect (QRR), that creates fake Microsoft 365 login pages across nearly 1,000 domains. The campaign uses convincing email lures, including DocuSign notices and payment alerts, to steal user credentials.

QRR operations have reached 90 countries, with US users hit hardest. Analysts say the platform evades scanners by sending bots to safe pages while directing real individuals to credential-harvesting sites on compromised domains.

The kit emerged shortly after Microsoft disrupted the RaccoonO365 network, which had stolen thousands of accounts. Similar tools, such as VoidProxy and Darcula, have appeared; yet, QRR stands out for its automation and ease of use, which enable rapid, large-scale attacks.

Cybersecurity experts warn that URL scanning alone can no longer stop such operations. Organisations are urged to adopt layered protection, stronger sign-in controls and behavioural monitoring to detect scams that increasingly mimic genuine Microsoft systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Underground AI tools marketed for hacking raise alarms among cybersecurity experts

Cybersecurity researchers say cybercriminals are turning to a growing underground market of customised large language models designed to support low-level hacking tasks.

A new report from Palo Alto Networks’ Unit 42 describes how dark web forums promote jailbroken, open-source and bespoke AI models as hacking assistants or dual-use penetration testing tools, often sold via monthly or annual subscriptions.

Some appear to be repurposed commercial models trained on malware datasets and maintained by active online communities.

These models help users scan for vulnerabilities, write scripts, encrypt or exfiltrate data and generate exploit or phishing code, tasks that can support both attackers and defenders.

Unit 42’s Andy Piazza compared them to earlier dual-use tools, such as Metasploit and Cobalt Strike, which were developed for security testing but are now widely abused by criminal groups. He warned that AI now plays a similar role, lowering the expertise needed to launch attacks.

One example is a new version of WormGPT, a jailbroken LLM that resurfaced on underground forums in September after first appearing in 2023.

The updated ‘WormGPT 4’ is marketed as an unrestricted hacking assistant, with lifetime access reportedly starting at around $220 and an option to buy the complete source code. Researchers say it signals a shift from simple jailbreaks to commercialised, specialised tools that train AI for cybercrime.

Another model, KawaiiGPT, is available for free on GitHub and brands itself as a playful ‘cyber pentesting’ companion while generating malicious content.

Unit 42 calls it an entry-level but effective malicious LLM, with a casual, friendly style that masks its purpose. Around 500 contributors support and update the project, making it easier for non-experts to use.

Piazza noted that internal tests suggest much of the malware generated by these tools remains detectable and less advanced than code seen in some recent AI-assisted campaigns. The wider concern, he said, is that such models make hacking more accessible by translating technical knowledge into simple prompts.

Users no longer need to know jargon like ‘lateral movement’ and can instead ask everyday questions, such as how to find other systems on a network, and receive ready-made scripts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Character AI blocks teen chat and introduces new interactive Stories feature

A new feature called ‘Stories’ from Character.AI allows users under 18 to create interactive fiction with their favourite characters. The move replaces open-ended chatbot access, which has been entirely restricted for minors amid concerns over mental health risks.

Open-ended AI chatbots can initiate conversations at any time, raising worries about overuse and addiction among younger users.

Several lawsuits against AI companies have highlighted the dangers, prompting Character.AI to phase out access for minors and introduce a guided, safety-focused alternative.

Industry observers say the Stories feature offers a safer environment for teens to engage with AI characters while continuing to explore creative content.

The decision aligns with recent AI regulations in California and ongoing US federal proposals to limit minors’ exposure to interactive AI companions.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!