Almost 3.5 million students, staff and suppliers linked to the University of Phoenix have been affected by a data breach tied to a sophisticated cyber extortion campaign. The incident followed unauthorised access to internal systems, exposing highly sensitive personal and financial information.
Investigations indicate attackers exploited a zero-day vulnerability in Oracle E-Business Suite, a widely used enterprise financial application. The breach surfaced publicly after the Clop ransomware group listed the university on its leak site, prompting internal reviews and regulatory disclosures.
Compromised data includes names, contact details, dates of birth, social security numbers and banking information. University officials have confirmed that affected individuals are being notified, while filings with US regulators outline the scale and nature of the incident.
The attack forms part of a broader wave of intrusions targeting American universities and organisations using Oracle platforms. As authorities offer rewards for intelligence on Clop’s operations, the breach highlights growing risks facing educational institutions operating complex digital infrastructures.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
France’s national postal service, La Poste, suffered a cyber incident days before Christmas that disrupted websites, mobile applications and parts of its delivery network.
The organisation confirmed a distributed denial of service attack temporarily knocked key digital systems offline, slowing parcel distribution during the busiest period of the year.
A disruption that also affected La Banque Postale, with customers reporting limited access to online banking and mobile services. Card payments in stores, ATM withdrawals, and authenticated online payments continued to function, easing concerns over wider financial instability.
La Poste stated there was no evidence of customer data exposure, although several post offices in France operated at reduced capacity. Staff were deployed to restore services while maintaining in-person banking and postal transactions where possible.
The incident added to growing anxiety over digital resilience in critical public services, particularly following a separate data breach disclosed at France’s Interior Ministry last week. Authorities have yet to identify those responsible for the attack on La Poste.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google Cloud’s 2026 AI Agent Trends Report shows AI agents are moving from experimental tools to central business systems. Employees are shifting from routine execution to oversight and strategic decision-making.
The report highlights agents managing end-to-end workflows across teams, thereby improving efficiency and streamlining complex processes. Personalised customer service is becoming faster and more accurate thanks to these systems.
Security operations are seeing benefits as AI agents handle alerts, investigations and fraud detection more effectively. Human analysts can now focus on higher-value tasks while routine work is automated.
Companies are investing in continuous training to build an AI-ready workforce. The report emphasises that people, not just technology, will determine the success of AI adoption.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Ghana has formally legalised Bitcoin and cryptocurrency trading after parliament approved the Virtual Asset Service Providers Bill, 2025, closing a long-standing regulatory gap in the country’s digital asset market.
The legislation establishes a licensing and supervisory regime for crypto businesses under the Bank of Ghana. The central bank will oversee the sector, prioritising consumer protection and financial stability, while unlicensed operators may face sanctions or closure.
Under the new framework, individuals can trade crypto legally, while companies must meet reporting and compliance requirements. Officials say the law responds to fraud and money laundering risks while acknowledging the scale of crypto adoption nationwide.
Around 3 million Ghanaians have used cryptocurrency, with transactions totalling roughly $3 billion by June 2024. Licensing rules will be introduced gradually in 2026, as Ghana aligns with a broader African shift toward formal crypto regulation.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Cybersecurity researchers have identified a large Android-based botnet capable of more than distributed denial-of-service attacks, highlighting growing risks from compromised consumer devices. The botnet, dubbed Kimwolf, is estimated to control close to two million infected systems worldwide.
The findings come from QiAnXin XLab, which said Kimwolf has infected around 1.8 million devices, mainly smart TVs, set-top boxes and tablets. Most infections were observed in Brazil, India, the US, Argentina, South Africa and the Philippines.
XLab said the infection vector remains unclear, but affected devices were linked to low-cost Android-based brands used for media streaming. Researchers noted repeated attempts to disrupt the Kimwolf, with its command-and-control infrastructure taken down several times before re-emerging.
According to the report, Kimwolf has adapted by shifting to decentralised infrastructure, including the use of Ethereum Name Service domains. Analysts also identified overlaps in code and infrastructure with AISURU, a botnet linked to record-scale DDoS attacks.
Cloudflare recently described AISURU as one of the largest robot networks observed, capable of attacks exceeding 29 terabits per second. XLab said shared infrastructure suggests both botnets are operated by the same threat group.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The European Commission has proposed extending the Interim Regulation that allows online service providers to voluntarily detect and report child sexual abuse instead of facing a legal gap once the current rules expire.
These measures would preserve existing safeguards while negotiations on permanent legislation continue.
The Interim Regulation enables providers of certain communication services to identify and remove child sexual abuse material under a temporary exemption from e-Privacy rules.
Without an extension beyond April 2026, voluntary detection would have to stop, making it easier for offenders to share illegal material and groom children online.
According to the Commission, proactive reporting by platforms has played a critical role for more than fifteen years in identifying abuse and supporting criminal investigations. Extending the interim framework until April 2028 is intended to maintain these protections until long-term EU rules are agreed.
The proposal now moves to the European Parliament and the Council, with the Commission urging swift agreement to ensure continued protection for children across the Union.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Britain plans to banAI-nudification apps that digitally remove clothing from images. Creating or supplying these tools would become illegal under new proposals.
The offence would build on existing UK laws covering non-consensual sexual deepfakes and intimate image abuse. Technology Secretary Liz Kendall said developers and distributors would face harsh penalties.
Experts warn that nudification apps cause serious harm, mainly when used to create child sexual abuse material. Children’s Commissioner Dame Rachel de Souza has called for a total ban on the technology.
Child protection charities welcomed the move but want more decisive action from tech firms. The government said it would work with companies to stop children from creating or sharing nude images.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A video circulating online, purported to show a US military officer announcing that the United States would take control of the Nigerian Army, is false.
Independent analysis has revealed that the clip was likely generated or heavily manipulated using AI, and no official announcement or credible source supports this claim.
Fact-checkers used AI-detection tools and found high levels of manipulation, and investigations uncovered inconsistencies in uniform insignia and microphones linked to non-existent media outlets. No verified reports indicate that US military forces are intervening in Nigerian defence operations.
The false claim has spread on platforms including X (formerly Twitter), generating alarm and misinterpretation about foreign military involvement in Nigeria.
Experts warn that deepfakes and AI-generated misinformation are becoming harder to spot without specialised tools and verification.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK Foreign, Commonwealth and Development Office was hacked in October, according to minister Chris Bryant. Officials say there is a low risk to any individual from the breach.
Reports suggest that a Chinese group, Storm 1849, may have been involved, but Bryant cautioned that the perpetrator has not been confirmed. Tens of thousands of visa details could have been targeted, though the exact scope remains unclear.
The attack shares similarities with a 2024 campaign called ArcaneDoor, linked to state-sponsored actors. Cybersecurity experts warn that the incidents may be connected and highlight risks of large-scale data targeting.
Officials have quickly closed the vulnerability and continue to investigate the matter. Bryant emphasised that speculation is unhelpful and said the investigation could take some time to identify the responsible party.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Russia has reported a sharp decline in cyber fraud following the introduction of new regulatory measures in 2025. Officials say legislative action targeting telephone and online scams has begun to deliver measurable results.
State Secretary and Deputy Minister of Digital Development Ivan Lebedev told the State Duma that crimes covered by the first package of reforms, known as ‘Cyberbez 1.0’, have fallen by 40%, according to confirmed statistics.
Earlier this year, Lebedev said Russia records roughly 677,000 cases of phone and online fraud annually, with incidents rising by more than 35% since 2022, highlighting the scale of the challenge faced by authorities.
In April, President Vladimir Putin signed a law introducing a range of countermeasures, including a state information system to combat fraud, limits on unsolicited marketing calls, stricter SIM card issuance rules, and new compliance obligations for banks.
Further steps are now under discussion. Officials say a second package is being prepared, while a third set of initiatives was announced in December as Russia continues to strengthen its digital security framework.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
