Ofcom finalises tougher rules against mobile messaging scams

Ofcom has finalised new rules requiring mobile providers to block, limit and disrupt mobile messaging scams, alongside strengthened guidance to tackle international calls that spoof UK mobile numbers.

The regulator said criminals increasingly use text messages and business messaging services to impersonate friends, companies and public bodies, pressuring victims to transfer money, disclose sensitive information or click malicious links.

Fraud accounted for an estimated 45% of reported crime incidents in England and Wales, with £1.28 billion lost to criminals in 2025. Ofcom also found that 40% of UK mobile users had received at least one suspicious message during the previous three months.

The measures target two main forms of messaging fraud: person-to-person messages sent through SIM cards and mass business messages distributed through commercial messaging infrastructure.

For person-to-person scams, mobile providers must collect intelligence on fraudulent messages, malicious links and phone numbers from customers and anti-fraud organisations. They must use that information to block numbers associated with scammers and stop messages containing malicious links or phone numbers from being delivered across their networks.

Providers must also impose volume limits on pay-as-you-go SIM cards, making it harder for criminal groups to send large numbers of fraudulent messages. The measures complement the government’s proposed ban on SIM farms and commitments made by operators under the Fraud Sector Charter.

Business messaging providers and aggregators must carry out initial and ongoing Know Your Customer (KYC) checks on organisations sending messages and monitor their activity through Know Your Traffic controls.

Providers will also verify alphanumeric sender IDs, which display company names instead of telephone numbers. The checks are intended to prevent scammers from impersonating trusted businesses, delivery services and government agencies.

Where providers identify fraudulent messaging activity, they must investigate its source, apply incident management procedures, and block malicious sender IDs, links and telephone numbers. Companies that fail to carry out appropriate checks may also face regulatory action.

Ofcom has separately strengthened its guidance on international calls that spoof UK mobile numbers. Telecoms companies should withhold the caller ID for calls that appear to originate from a UK mobile number roaming abroad unless they can verify that the number is genuine.

The regulator said spoofing makes overseas calls appear more trustworthy and increases the likelihood that potential victims will answer. However, it cautioned that legitimate organisations may also use withheld numbers, meaning users should continue to assess unexpected calls carefully.

Mobile providers already block more than 600 million suspected scam messages each year, but Ofcom said inconsistent protections across the sector continue to leave consumers exposed.

Consumers can report suspicious calls and messages by forwarding them to 7726, enabling mobile operators to update their fraud-detection and network-protection systems.

Why does it matter?

The new rules shift greater responsibility onto mobile providers to prevent scams before they reach consumers. By requiring stronger customer verification, sender authentication, network-level filtering and SIM controls, Ofcom is moving fraud prevention further upstream rather than relying primarily on users to recognise suspicious messages.

The measures also reflect a broader regulatory trend towards placing more accountability on communications providers to combat digital fraud. If successful, the framework could reduce large-scale messaging scams while serving as a model for other jurisdictions seeking to strengthen telecoms security.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Spain promotes national cybersecurity support helpline

Spain’s National Cybersecurity Institute (INCIBE) has highlighted its free and confidential 017 helpline, which provides specialist advice on digital security issues for citizens, businesses, professionals and educational institutions.

The helpline provides guidance on scams, phishing, identity theft, compromised accounts, social media privacy, cyberbullying, device security and protecting personal information. It also advises on parental controls, online child safety, digital identity management and the safe use of apps and social media platforms.

INCIBE stressed that 017 is a cybersecurity advisory service rather than a reporting channel or technical support line. Specialists explain appropriate reporting procedures, direct users to the relevant authorities where necessary and assess each case individually.

The service is available daily from 8:00 to 23:00 via telephone, WhatsApp, Telegram, an online form and, by appointment, in person at INCIBE’s headquarters in León.

Why does it matter?

As cyber threats become more common, many users need trusted advice before or after an incident rather than only technical assistance or law enforcement support. Services such as INCIBE’s 017 helpline can help individuals and organisations respond more effectively while improving awareness of everyday cyber risks.

The initiative also reflects a broader shift towards strengthening national cyber resilience through public support services. By combining technical, legal and practical guidance in a single point of contact, governments can encourage earlier reporting, better cyber hygiene and more effective responses to digital security incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI is beginning to carry out live cyberattacks, Check Point warns

AI is moving beyond assisting cybercriminals to carrying out operational tasks during live intrusions, according to Check Point Research’s Annual AI Security Report 2026.

The report argues that AI-enabled cyber operations are entering a new phase in which AI systems can execute parts of an attack rather than simply helping attackers write code, research targets or prepare phishing campaigns. The shift could make cyber operations faster and less dependent on continuous human oversight.

Check Point said it observed AI carrying out hands-on tasks during incidents ranging from China-linked campaigns to a criminal breach affecting several Mexican government agencies. According to the company, these capabilities are spreading beyond state-backed actors to financially motivated cybercriminals.

AI is also being used to create deployment-ready malware and offensive frameworks. One developer reportedly used an AI coding environment to build VoidLink, an 88,000-line command-and-control framework, in less than a week. Check Point noted that AI involvement may be difficult to identify once the finished tool is deployed.

According to the report, attackers increasingly favour commercial AI models over self-hosted alternatives. Rather than relying solely on jailbreak prompts, some are targeting agentic architectures by planting configuration files that AI agents continue to trust across multiple sessions.

The market supporting AI cyberattacks is also becoming more established. Check Point identified phishing-as-a-service products that embed language models with built-in restrictions bypasses, alongside conversational voice-agent services used for vishing and one-time-password theft.

The report warns that synthetic identities are weakening traditional trust signals. Convincing imitations of voices, faces, identity documents, and live video can now be combined across multiple channels, making social engineering operations more coordinated and harder to detect.

AI systems themselves are also emerging as an important attack surface. Models may struggle to distinguish instructions from the content they process, allowing attackers to manipulate AI agents through malicious files, webpages and other external data sources.

Indirect prompt injection is emerging as one of the most important threats to AI systems. Check Point said detections of longer malicious payloads increased roughly fivefold between March and May 2026, reaching close to 1% of observed prompts. Longer payloads are commonly associated with content-based and agentic attack paths.

Enterprise data leakage through generative AI also remains a growing concern. The share of prompts classified as high risk doubled from 2% to 4% over the previous year, while organisations used an average of ten AI applications each month, including tools that had not received official approval.

Exposure varied considerably by sector. Business services recorded the highest rate of high-risk generative AI prompts, at 5.91%, meaning approximately one in every 17 interactions presented a significant risk of exposing sensitive information.

The findings suggest organisations must prepare for threats from two directions: adversaries using AI to automate cyber operations and employees or AI systems exposing sensitive data through insecure adoption.

Why does it matter?

The report suggests AI is reshaping cybersecurity on both sides of the equation. Attackers are increasingly using AI to automate complex tasks, while organisations adopting AI are creating new attack surfaces and data security risks.

As AI systems become more autonomous, cybersecurity strategies will need to extend beyond traditional endpoint and network protection to include AI agents, model security, prompt injection defences, identity verification and governance over how AI is deployed across the enterprise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

MIT develops safer way to detect harmful AI models

MIT researchers have developed a new auditing method to detect whether generative AI models have been adapted to produce child sexual abuse material without generating illegal content during testing.

The technique was developed with Thorn, a child safety nonprofit focused on protecting children from sexual abuse and exploitation online.

Traditional AI safety testing often involves prompting a model and checking its outputs, but that approach cannot be used for child sexual abuse material, which is illegal to generate in the US and many other jurisdictions.

MIT said the problem has become more urgent as open-source generative AI models become easier to download, adapt and redistribute.

The researchers’ method examines internal changes during fine-tuning, rather than testing the model by generating images.

In tests, the auditing procedure identified model variants adapted to generate child sexual abuse material with 100% accuracy.

MIT said hosting platforms could use the method to flag unsafe models, block uploads or remove harmful adaptations before they spread more widely online.

The researchers also plan to test whether the approach can detect harmful capabilities in a larger set of model variants and in base models before adaptation.

Why does it matter?

The research addresses a serious AI safety blind spot: some harmful model capabilities cannot be tested safely or legally by generating outputs. A non-generative auditing method could give hosting platforms, auditors and law enforcement a safer way to detect models adapted for child sexual abuse material before they are distributed. It also points to a broader governance challenge around open-source generative AI: platforms may need scalable tools to assess harmful adaptations without exposing reviewers to illegal or traumatic content.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cybercrime accounts for one in five crimes in Spain

Spain recorded 488,426 cybercrimes in 2025, accounting for 19.8% of all reported crime, according to the Spanish Ministry of Interior’s latest Cybercrime Report. The figure shows a 5.1% increase from 2024, demonstrating the growing threat of digital crime nationwide.

Computer fraud and online scams continued to dominate cybercrime, accounting for nearly nine in ten reported offences with 429,677 cases. Internet-related forgery increased by 11.3% to 21,690 cases, while sexual offences rose by 21% and illegal access or interception offences surged by 40.7%, highlighting the growing diversity of cybercriminal activity.

The number of cybercrime victims reached 383,285, up 9.3% from 2024. People aged 51 to 65 were the most frequently targeted, particularly through credit card fraud and travel cheque scams, accounting for 146,737 victims. Although most victims were male, the types of cybercrime varied considerably across age groups and demographics.

Critical infrastructure operators experienced 90 cyberattacks in 2025, a 43.8% decrease from the previous year. The transport sector accounted for 42.2% of incidents, followed by the information and communications technology sector with 15.5%.

Why does it matter?

The report shows that cybercrime has become a mainstream form of criminal activity, accounting for nearly one in five reported offences in Spain. The continued growth in fraud, online scams and unauthorised access highlights how digital crime is evolving alongside greater reliance on online services by individuals, businesses and public institutions.

Although attacks on critical infrastructure declined, the overall increase in cybercrime and victim numbers suggests that law enforcement and cybersecurity authorities will need stronger investigative capabilities, cross-border cooperation and preventive measures to keep pace with increasingly sophisticated digital threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

CISA shares lessons from GitHub credential exposure

CISA has published details of an internal CISA incident response triggered after an investigative reporter alerted the agency to Amazon AWS GovCloud keys and other internal information exposed in a public GitHub repository.

The agency said the information was identified by a security researcher whose company continuously scans public code repositories. The repository was not part of CISA’s official GitHub environment but belonged to a contractor’s personal GitHub account.

According to CISA, its Office of the Chief Information Officer immediately took the repository offline and preserved it for forensic analysis. The agency also suspended its development environment, reset affected credentials and revoked the contractor’s system access.

The investigation found that the contractor had uploaded copies of a CISA build and deployment repository to a personal GitHub account while attempting to build cloud infrastructure independently. The repository contained infrastructure-as-code, build scripts, administrator credentials and build credentials.

Forensic analysis found no evidence that the exposed credentials had been used outside CISA environments and no customer or mission data was compromised.

CISA subsequently rotated all credentials associated with environments where the contractor had administrator privileges, expanded repository allow and deny lists, and restricted users’ ability to upload code to public repositories before restoring the development environment.

The agency said the incident reinforced the value of taking external vulnerability reports seriously, applying Zero Trust principles to development environments and maintaining detailed logging that enabled rapid investigation.

It also identified several areas for improvement, including stricter controls over public repositories, better secrets detection, clearer GitHub and cloud incident response playbooks, simpler reporting channels for security researchers, stronger development environment guardrails and more mature cryptographic key management.

CISA also said organisations should maintain clear reporting channels for incidents affecting their own environments and publish reporting instructions in multiple locations rather than relying solely on a security.txt file.

The agency said publishing its own incident response experience is intended to help other organisations strengthen their security practices and improve preparedness for similar incidents.

Why does it matter?

The incident illustrates how easily sensitive credentials can be exposed through routine developer workflows and personal code repositories, even within organisations responsible for cybersecurity. It also highlights the importance of rapid detection, credential rotation and strong access controls when managing cloud infrastructure.

By publicly documenting both its response and the lessons learned, CISA is encouraging organisations to treat incident reporting, secrets management, Zero Trust architecture and developer governance as integral parts of software security rather than afterthoughts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission launches AI cyber defence strategy

The European Commission has presented an Action Plan on Cybersecurity and Artificial Intelligence to strengthen Europe’s response to AI-related cyber risks.

The plan aims to help member states, businesses and public authorities use AI safely while addressing the cybersecurity risks created by advanced AI models.

The Commission said AI can help detect vulnerabilities, prevent cyberattacks and protect critical infrastructure. However, it warned that malicious actors can also use AI to automate attacks, identify weaknesses and carry out cyber operations at greater speed and scale.

The Action Plan focuses on three objectives: promoting the safe and responsible use of advanced AI, reinforcing EU cybersecurity and resilience, and scaling up Europe’s AI capabilities for cybersecurity.

The Commission said it will strengthen Europe’s capacity to evaluate AI models before they are placed on the EU market, in line with the AI Act.

It will also work with ENISA to develop a European Blueprint for secure access to advanced AI systems for cybersecurity purposes.

A secure testing platform will support organisations in critical sectors, including energy, transport, health, finance and public administration, in testing and deploying AI solutions safely.

The plan also encourages the use of AI, including open-source models where appropriate, to detect vulnerabilities faster and improve prevention and response to cyberattacks.

The Commission said it will launch an EU Grand Challenge on AI for cybersecurity to support the development of new AI-powered security solutions.

Why does it matter?

AI is becoming central to both cyber defence and cybercrime. The EU Action Plan recognises that advanced models can help defenders detect vulnerabilities and respond faster, but can also help attackers automate operations and scale incidents. By linking AI model evaluation, critical-sector testing, ENISA cooperation, existing cybersecurity laws and investment in sovereign AI capabilities, the Commission is trying to turn AI cybersecurity into a coordinated EU policy area rather than leaving it to fragmented national or private-sector responses.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

ENISA warns frontier AI is compressing cyberattack timelines

The European Union Agency for Cybersecurity has warned that frontier AI models are compressing cyberattack timelines and challenging traditional defence practices.

In a July 2026 paper, ENISA said advanced AI models are reducing the time between vulnerability discovery and exploitation, creating new pressure on vulnerability management, patching and incident response.

The agency said open-weight models may reach similar capabilities within 9 to 12 months, while existing models combined with skilled security experts can already produce comparable results.

ENISA warned that attackers may gain access to exploits before fixes are available, while legacy systems and end-of-life products could become more exposed to AI-assisted vulnerability discovery.

The agency also said more frequent patch releases may increase the risk of service disruption, while open-source maintainers could be overwhelmed by AI-generated vulnerability reports.

Security fundamentals still matter, but ENISA said defenders must apply them faster. It recommended shifting resources from vulnerability discovery towards risk-based prioritisation, rapid triage, remediation and risk reduction.

The paper also calls for defensive AI tools to be integrated into software development, incident response and threat modelling, with human-gated workflows and stronger workforce skills.

At the EU level, ENISA said existing frameworks, including NIS2, the Cyber Resilience Act, and the EU AI Act, should be used to assess and mitigate systemic risks linked to advanced AI models.

For defenders, the agency recommended near-real-time security operations, AI-assisted threat modelling, dynamic incident response pipelines and single-digit-minute detection and response targets.

Why does it matter?

ENISA’s paper frames frontier AI as a structural cybersecurity challenge, not just another tool for attackers or defenders. If vulnerability discovery, exploit development, and lateral movement happen at machine speed, organisations will need faster triage, stronger automation and clearer human oversight. The report also connects AI cybersecurity to the EU’s wider regulatory framework, showing that NIS2, the Cyber Resilience Act and the AI Act will all matter in managing systemic cyber risks from advanced models.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol denies bypassing EU data protection rules

Europol has rejected allegations that it operated a ‘secret’ or ‘shadow’ database outside the EU data protection rules.

In a new fact-check, the agency said recent reports misrepresented two long-established operational environments used to support digital investigations and online information analysis.

Europol said its Computer Forensic Network is used to analyse complex digital evidence securely in support of criminal investigations.

It also said the Internet-Facing Operational Environment is used to collect and triage publicly available online information before relevant material is transferred to Europol’s operational systems in accordance with applicable legal requirements.

The agency said neither environment was created to bypass oversight or data protection obligations.

Europol also published a timeline showing that both systems have existed for many years and have evolved alongside changes to its legal framework, governance and supervisory arrangements.

The agency said it has worked with the European Data Protection Supervisor on governance improvements, technical modernisation and safeguards, including after regulatory changes introduced in 2022.

Europol said public debate on law enforcement and privacy should be based on accurate descriptions of operational systems and their oversight.

Why does it matter?

The dispute highlights the tension between law enforcement’s need to process large volumes of digital evidence and the privacy safeguards required under the EU law. Europol’s response is important because operational data systems used in cybercrime, terrorism and serious organised crime investigations can affect fundamental rights if oversight, retention and access rules are unclear. The case also shows why transparency about investigative infrastructure matters for public trust, especially as law enforcement agencies modernise their data-processing capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Australia records highest data breach notifications since 2018

Australia recorded its highest annual number of data breach notifications in 2025 since mandatory reporting began in 2018, according to the Office of the Australian Information Commissioner.

The regulator received 1,205 notifications under the Notifiable Data Breaches scheme in 2025, an 8% increase from 1,112 in 2024.

Organisations covered by the Privacy Act must notify the OAIC of data breaches that are likely to result in serious harm to affected individuals.

Malicious or criminal activity remained the leading cause of reported breaches, accounting for 716 notifications. Cyber hacking continued to be the main cause of reported incidents.

Health service providers were the most affected sector, reporting 225 breaches, or 19% of the annual total. Financial services, Australian government agencies, business and professional associations, education providers and legal, accounting and management services were also among the most affected sectors.

The OAIC has released a new quick reference guide to help organisations assess potential breaches, decide whether notification is required and understand how to report incidents.

Privacy Commissioner of Australia, Carly Kind, said the threat posed by data breaches to Australian businesses and organisations is substantial and rising year on year.

The regulator’s latest privacy attitudes survey also found that data breaches remain the top privacy concern for Australians, with 82% expressing concern, up from 74% in 2023.

Why does it matter?

Rising breach notifications show that data protection is becoming a persistent operational and regulatory challenge for Australian organisations. The dominance of malicious activity and cyber hacking links privacy compliance directly to cybersecurity preparedness, especially in sensitive sectors such as health. OAIC’s new guide also signals a push towards faster, clearer breach assessment and notification, which matters for affected individuals as well as regulated entities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!