Cybercrime

Microsoft restores Exchange and Teams after Microsoft 365 disruption

The US tech giant, Microsoft, investigated a service disruption affecting Exchange Online, Teams and other Microsoft 365 services after users reported access and performance problems.

An incident that began late on Wednesday affected core communication tools used by enterprises for daily operations.

Engineers initially focused on diagnosing the fault, with Microsoft indicating that a potential third-party networking issue may have interfered with access to Outlook and Teams.

During the disruption, users experienced intermittent connectivity failures, latency and difficulties signing in across parts of the Microsoft 365 ecosystem.

Microsoft later confirmed that service access had been restored, although no detailed breakdown of the outage scope was provided.

The incident underlined the operational risks associated with cloud productivity platforms and the importance of transparency and resilience in enterprise digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

GPT-5.2 shows how AI can generate real-world cyber exploits

Advanced language models have demonstrated the ability to generate working exploits for previously unknown software vulnerabilities. Security researcher Sean Heelan tested two systems built on GPT-5.2 and Opus 4.5 by challenging them to exploit a zero-day flaw in the QuickJS JavaScript interpreter.

Across multiple scenarios with varying security protections, GPT-5.2 completed every task, while Opus 4.5 failed only 2. The systems produced more than 40 functional exploits, ranging from basic shell access to complex file-writing operations that bypassed modern defences.

Most challenges were solved in under an hour, with standard attempts costing around $30. Even the most complex exploit, which bypassed protections such as address space layout randomisation, non-executable memory, and seccomp sandboxing, was completed in just over three hours for roughly $50.

The most advanced task required GPT-5.2 to write a specific string to a protected file path without access to operating system functions. The model achieved this by chaining seven function calls through the glibc exit handler mechanism, bypassing shadow stack protections.

The findings suggest exploit development may increasingly depend on computational resources rather than human expertise. While QuickJS is less complex than browsers such as Chrome or Firefox, the approach demonstrated could scale to larger and more secure software environments.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

YouTube’s 2026 strategy places AI at the heart of moderation and monetisation

As announced yesterday, YouTube is expanding its response to synthetic media by introducing experimental likeness detection tools that allow creators to identify videos where their face appears altered or generated by AI.

The system, modelled conceptually on Content ID, scans newly uploaded videos for visual matches linked to enrolled creators, enabling them to review content and pursue privacy or copyright complaints when misuse is detected.

Participation requires identity verification through government-issued identification and a biometric reference video, positioning facial data as both a protective and governance mechanism.

While the platform stresses consent and limited scope, the approach reflects a broader shift towards biometric enforcement as platforms attempt to manage deepfakes, impersonation, and unauthorised synthetic content at scale.

Alongside likeness detection, YouTube’s 2026 strategy places AI at the centre of content moderation, creator monetisation, and audience experience.

AI tools already shape recommendation systems, content labelling, and automated enforcement, while new features aim to give creators greater control over how their image, voice, and output are reused in synthetic formats.

The move highlights growing tensions between creative empowerment and platform authority, as safeguards against AI misuse increasingly rely on surveillance, verification, and centralised decision-making.

As regulators debate digital identity, biometric data, and synthetic media governance, YouTube’s model signals how private platforms may effectively set standards ahead of formal legislation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New EU cybersecurity package strengthens resilience and ENISA powers

The European Commission has unveiled a broad cybersecurity package that moves the EU beyond certification reform towards systemic resilience across critical digital infrastructure.

Building on plans to expand EU cybersecurity certification beyond products and services, the revised Cybersecurity Act introduces a risk-based framework for securing ICT supply chains, with particular focus on dependencies, foreign interference, and high-risk third-country suppliers.

A central shift concerns supply-chain security as a geopolitical issue. The proposal enables mandatory derisking of mobile telecommunications networks, reinforcing earlier efforts under the 5G security toolbox.

Certification reform continues through a redesigned European Cybersecurity Certification Framework, promising clearer governance, faster scheme development, and voluntary certification that can cover organisational cyber posture alongside technical compliance.

The package also tackles regulatory complexity. Targeted amendments to the NIS2 Directive aim to ease compliance for tens of thousands of companies by clarifying jurisdictional rules, introducing a new ‘small mid-cap’ category, and streamlining incident reporting through a single EU entry point.

Enhanced ransomware data collection and cross-border supervision are intended to reduce fragmentation while strengthening enforcement consistency.

ENISA’s role is further expanded from coordination towards operational support. The agency would issue early threat alerts, assist in ransomware recovery with national authorities and Europol, and develop EU-wide vulnerability management and skills attestation schemes.

Together, the measures signal a shift from fragmented safeguards towards a more integrated model of European cyber sovereignty.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU considers further action against Grok over AI nudification concerns

The European Commission has signalled readiness to escalate action against Elon Musk’s AI chatbot Grok, following concerns over the spread of non-consensual sexualised images on the social media platform X.

The EU tech chief Henna Virkkunen told Members of the European Parliament that existing digital rules allow regulators to respond to risks linked to AI-driven nudification tools.

Grok has been associated with the circulation of digitally altered images depicting real people, including women and children, without consent. Virkkunen described such practices as unacceptable and stressed that protecting minors online remains a central priority for the EU enforcement under the Digital Services Act.

While no formal investigation has yet been launched, the Commission is examining whether X may breach the DSA and has already ordered the platform to retain internal information related to Grok until the end of 2026.

Commission President Ursula von der Leyen has also publicly condemned the creation of sexualised AI images without consent.

The controversy has intensified calls from EU lawmakers to strengthen regulation, with several urging an explicit ban on AI-powered nudification under the forthcoming AI Act.

A debate that reflects wider international pressure on governments to address the misuse of generative AI technologies and reinforce safeguards across digital platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Browser extension malware hits millions worldwide

Millions of browser users installed popular extensions that later became spyware as part of a long-running malware operation. Researchers linked over 100 Chrome, Edge and Firefox extensions to the DarkSpectre hacker group.

Attackers kept extensions legitimate for years before quietly activating malicious behaviour. Hidden code embedded in image files helped bypass security reviews in official browser stores.

The campaign enabled large-scale surveillance by collecting real-time browsing activity and corporate meeting data. Analysts warn that such information supports phishing, impersonation and corporate espionage.

Experts urge users to remove unused extensions and question excessive permission requests. Regular browser updates and cautious extension management remain essential cyber defences.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyberviolence against women rises across Europe amid deepfake abuse

Digital violence targeting women and girls is spreading across Europe, according to new research highlighting cyberstalking, surveillance and online threats as the most common reported abuses.

Digital tools have expanded opportunities for communication, yet online environments increasingly expose women to persistent harassment instead of safety and accountability.

Image-based abuse has grown sharply, with deepfake pornography now dominating synthetic sexual content and almost exclusively targeting women.

More than half of European countries report rising cases of non-consensual intimate image sharing, while national data show women forming a clear majority of cyberstalking and online threat victims.

Algorithmic systems accelerate the circulation of misogynistic material, creating enclosed digital spaces where abuse is normalised rather than challenged. Researchers warn that automated recommendation mechanisms can quickly spread harmful narratives, particularly among younger audiences.

Recent generative technologies have further intensified concerns by enabling sexualised image manipulation with limited safeguards.

Investigations into chatbot-generated images prompted new restrictions, yet women’s rights groups argue that enforcement and prevention still lag behind the scale of online harm.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Gemini flaw exposed Google Calendar data through hidden prompts

A vulnerability in Google Calendar allowed attackers to bypass privacy controls by embedding hidden instructions in standard calendar invitations. The issue exploited how Gemini interprets natural language when analysing user schedules.

Researchers at Miggo found that malicious prompts could be placed inside event descriptions. When Gemini scanned calendar data to answer routine queries, it unknowingly processed the embedded instructions.

The exploit used indirect prompt injection, a technique in which harmful commands are hidden within legitimate content. The AI model treated the text as trusted context rather than a potential threat.

In the proof-of-concept attack, Gemini was instructed to summarise a user’s private meetings and store the information in a new calendar event. The attacker could then access the data without alerting the victim.

Google confirmed the findings and deployed a fix after responsible disclosure. The case highlights growing security risks linked to how AI systems interpret natural language inputs.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Finnish data breach exposed thousands of patients

A major data breach at Finnish psychotherapy provider Vastaamo exposed the private therapy records of around 33,000 patients in 2020. Hackers demanded bitcoin payments and threatened to publish deeply personal notes if victims refused to pay.

Among those affected was Meri-Tuuli Auer, who described intense fear after learning her confidential therapy details could be accessed online. Stolen records included discussions of mental health, abuse, and suicidal thoughts, causing nationwide shock.

The breach became the largest criminal investigation in Finland, prompting emergency government talks led by then prime minister Sanna Marin. Despite efforts to stop the leak, the full database had already circulated on the dark web.

Finnish courts later convicted cybercriminal Julius Kivimäki, sentencing him to more than six years in prison. Many victims say the damage remains permanent, with trust in therapy and digital health systems severely weakened.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

French regulator fines Free and Free Mobile €42 million

France’s data protection regulator CNIL has fined telecom operators Free Mobile and Free a combined €42 million over a major customer data breach. The sanctions follow an October 2024 cyberattack that exposed personal data linked to 24 million subscriber contracts.

Investigators found security safeguards were inadequate, allowing attackers to access sensitive personal data, including bank account details. Weak VPN authentication and poor detection of abnormal system activity were highlighted as key failures under the GDPR.

The French regulator also ruled that affected customers were not adequately informed about the risks they faced. Notification emails lacked sufficient detail to explain potential consequences or protective steps, thereby breaching obligations to clearly communicate data breach impacts.

Free Mobile faced an additional penalty for retaining former customer data longer than permitted. Authorities ordered both companies to complete security upgrades and data clean-up measures within strict deadlines.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot