Cybersecurity researchers have uncovered a new method hackers use to deliver malware, which hides malicious commands inside Ethereum smart contracts. ReversingLabs identified two compromised NPM packages on the popular Node Package Manager repository.
The packages, named ‘colortoolsv2’ and ‘mimelib2,’ were uploaded in July and used blockchain queries to fetch URLs that delivered downloader malware. The contracts hid command and control addresses, letting attackers evade scans by making blockchain traffic look legitimate.
Researchers say the approach marks a shift in tactics. While the Lazarus Group previously leveraged Ethereum smart contracts, the novel element uses them as hosts for malicious URLs. Analysts warn that open-source repositories face increasingly sophisticated evasion techniques.
The malicious packages formed part of a broader deception campaign involving fake GitHub repositories posing as cryptocurrency trading bots. With fabricated commits, fake user accounts, and professional-looking documentation, attackers built convincing projects to trick developers.
Experts note that similar campaigns have also targeted Solana and Bitcoin-related libraries, signalling a broader trend in evolving threats.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The company stated there is currently ‘no evidence’ that any customer data has been compromised and assured it is working at pace to restore systems in a controlled manner.
The incident disrupted output at key UK plants, including Halewood and Solihull, led to operational bottlenecks such as halted vehicle registrations, and impacted a peak retail period following the release of ’75’ number plates.
A Telegram group named Scattered Lapsus$ Hunters, a conflation of known hacking collectives, claimed responsibility, posting what appeared to be internal logs. Cybersecurity experts caution that such claims should be viewed sceptically, as attribution via Telegram may be misleading.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google may roll out a Play Games update on 23 September adding public profiles, stat tracking, and community features. Reports suggest users may customise profiles, follow others, and import gaming history, while Google could collect gameplay and developer data.
The update is said to track installed games, session lengths, and in-game achievements, with some participating developers potentially accessing additional data. Players can reportedly manage visibility settings, delete profiles, or keep accounts private, with default settings applied unless changed.
The EU and UK are expected to receive the update on 1 October.
Privacy concerns have been highlighted in Europe. Austrian group NOYB filed a complaint against Ubisoft over alleged excessive data collection in games like Far Cry Primal, suggesting that session tracking and frequent online connections may conflict with GDPR.
Ubisoft could face fines of up to four percent of global turnover, based on last year’s revenues.
Observers suggest the update reflects a social and data-driven gaming trend, though European players may seek more explicit consent and transparency.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A new partnership between the federal government and New Mexico’s state and local businesses aims to establish the state as a leader in quantum computing.
The initiative will see the Defence Advanced Research Projects Agency (DARPA) working alongside local researchers and companies to develop and commercialise next-generation technology. A total of up to $120 million could be invested in the project over four years.
New Mexico’s selection for the project is due to its long history of innovation, its two national defence labs, and a high concentration of leading scientists in the field.
The goal is to harness the ‘brainpower’ of the state to build computers that can solve currently impossible problems, such as developing materials that resist corrosion or finding cures for diseases. One of the project’s aims is to test the technology and differentiate between genuine breakthroughs and mere hype.
Roadrunner Venture Studios will be assisting in developing new quantum computing businesses within the state. A successful venture would bring economic gains and jobs and position New Mexico to lead the nation in solving some of its most pressing challenges.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US General Services Administration (GSA) has agreed on a significant deal with Microsoft to provide federal agencies with discounted access to its AI and cloud tools suite.
Instead of managing separate contracts, the government-wide pact offers unified pricing on products including Microsoft 365, the Copilot AI assistant, and Azure cloud services, potentially saving agencies up to $3.1 billion in its first year.
The arrangement is designed to accelerate AI adoption and digital transformation across the federal government. It includes free access to the generative AI chatbot Microsoft 365 Copilot for up to 12 months, alongside discounts on cybersecurity tools and Dynamics 365.
Agencies can opt into any of the offers through September next year.
The deal leverages the federal government’s collective purchasing power to reduce costs and foster innovation.
It delivers on a White House AI action plan and follows similar arrangements the GSA announced last month with other tech giants, including Google, Amazon Web Services, and OpenAI.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
In one operation, termed ‘vibe hacking’, attackers used Claude Code to automate reconnaissance, ransomware creation, credential theft, and ransom-demand generation across 17 organisations, including those in healthcare, emergency services and government.
The firm also documents other troubling abuses: North Korean operatives used Claude to fabricate identities, successfully get hired at Fortune 500 companies and maintain access, all with minimal real-world technical skills. In another case, AI-generated ransomware variants were developed, marketed and sold to other criminals on the dark web.
Experts warn that such agentic AI systems enable single individuals to carry out complex cybercrime acts once reserved for well-trained groups.
While Anthropic has deactivated the compromised accounts and strengthened its safeguards, the incident highlights an urgent need for proactive risk management and regulation of AI systems.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
WhatsApp has disclosed a hacking attempt that combined flaws in its app with a vulnerability in Apple’s operating system. The company has since fixed the issues.
The exploit, tracked as CVE-2025-55177 in WhatsApp and CVE-2025-43300 in iOS, allowed attackers to hijack devices via malicious links. Fewer than 200 users worldwide are believed to have been affected.
Amnesty International reported that some victims appeared to be members of civic organisations. Its Security Lab is collecting forensic data and warned that iPhone and Android users were impacted.
WhatsApp credited its security team for identifying the loopholes, describing the operation as highly advanced but narrowly targeted. The company also suggested that other apps could have been hit in the same campaign.
The disclosure highlights ongoing risks to secure messaging platforms, even those with end-to-end encryption. Experts stress that keeping apps and operating systems up to date remains essential to reducing exposure to sophisticated exploits.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The US Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) have announced a joint effort to clarify spot cryptocurrency trading. Regulators confirmed that US and foreign exchanges can list spot crypto products- leveraged and margin ones.
The guidance follows the President’s Working Group on Digital Asset Markets recommendations, which called for rules that keep blockchain innovation within the country.
Regulators said they are ready to review filings, address custody and clearing, and ensure spot markets meet transparency and investor protection standards.
Under the new approach, major venues such as the New York Stock Exchange, Nasdaq, CME Group and Cboe Global Markets could seek to list spot crypto assets. Foreign boards of trade recognised by the CFTC may also be eligible.
The move highlights a policy shift under President Donald Trump’s administration, with Congress and the White House pressing for greater regulatory clarity.
In July, the House of Representatives passed the CLARITY Act, a bill on crypto market structure now before the Senate. The moves and the regulators’ statement mark a key step in aligning US digital assets with established financial rules.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A report has highlighted a potential exposure of Apple ID logins after a 47.42 GB database was discovered on an unsecured web server, reportedly affecting up to 184 million accounts.
The database was identified by security researcher Jeremiah Fowler, who indicated it may include unencrypted credentials across Apple services and other platforms.
Security experts recommend users review account security, including updating passwords and enabling two-factor authentication.
The alleged database contains usernames, email addresses, and passwords, which could allow access to iCloud, App Store accounts, and data synced across devices.
Observers note that centralised credential management carries inherent risks, underscoring the importance of careful data handling practices.
Reports suggest that Apple’s email software flaws could theoretically increase risk if combined with exposed credentials.
Apple has acknowledged researchers’ contributions in identifying server issues and has issued security updates, while ongoing vigilance and standard security measures are recommended for users.
The case illustrates the challenges of safeguarding large-scale digital accounts and may prompt continued discussion about regulatory standards and personal data protection.
Users are advised to maintain strong credentials and monitor account activity.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Microsoft, Accenture, and Avanade are deepening their 25-year partnership to bring AI into some of the UK’s most vital sectors, including healthcare and finance. NHS England is piloting AI-powered tools to streamline patient services and cut down on time-consuming administrative tasks, while Nationwide Building Society is deploying machine learning to improve customer services, speed up mortgage approvals, and enhance fraud detection.
The three companies have different responsibilities in tackling the challenges of enterprise AI. Microsoft provides the Azure cloud platform and pre-built AI models, Accenture contributes sector-specific expertise and governance frameworks, and Avanade integrates the technology into existing systems and workflows. That structure helps organisations move beyond experimental AI pilots and scale solutions reliably in highly regulated industries.
Unlike consumer applications, enterprise AI must meet strict compliance requirements, especially concerning sensitive patient data or financial transactions. The partnership emphasises embedding AI directly into day-to-day operations rather than treating it as an add-on, reducing disruption for staff and ensuring systems work seamlessly once live.
With regulators tightening oversight, the alliance highlights responsible AI as a key focus. By prioritising transparency, security, and ethical use, Microsoft, Accenture, and Avanade are positioning their collaboration as a blueprint for how AI can be adopted across critical institutions without compromising trust or reliability.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
