Cybercrime

Customer data exposed in Adidas cyber attack

Adidas has confirmed a cyber attack that led to the compromise of customer data held by a third-party service partner.

According to the company, unauthorised access was gained to consumer contact details submitted during previous interactions with its customer service help desk. Payment credentials and passwords were not affected.

Affected individuals are now being notified directly, with the company expressing sincere regret for any concern caused. Contact information, such as names and email addresses, appears to be the primary type of data exposed.

Steps were taken immediately to contain the incident, with cybersecurity experts brought in to assist in a detailed investigation. Adidas stressed its commitment to safeguarding user data and is reviewing its systems to prevent similar breaches in future.

This incident adds to a growing list of cyber attacks targeting major UK retailers. Recent breaches involving Marks & Spencer, Co-op, and Harrods have caused operational disruption, prompting a wider investigation by the National Crime Agency into possible links among the attacks.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Taiwan rebuffs China’s hacking claims as disinformation

Taiwan has rejected accusations from Beijing that its ruling party orchestrated cyberattacks against Chinese infrastructure. Authorities in Taipei instead accused China of spreading false claims in an effort to manipulate public perception and escalate tensions.

On Tuesday, Chinese officials alleged that a Taiwan-backed hacker group linked to the Democratic Progressive Party (DPP) had targeted a technology firm in Guangzhou.

They claimed more than 1,000 networks, including systems tied to the military, energy, and government sectors, had been compromised across ten provinces in recent years.

Taiwan’s National Security Bureau responded on Wednesday, stating that the Chinese Communist Party is manipulating false information to mislead the international community.

Rather than acknowledging its own cyber activities, Beijing is attempting to shift blame while undermining Taiwan’s credibility, the agency said.

Taipei further accused China of long-running cyberattacks aimed at stealing funds and destabilising critical infrastructure. Officials described such campaigns as part of cognitive warfare designed to widen social divides and erode public trust within Taiwan.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Iranian hacker admits role in Baltimore ransomware attack

An Iranian man has pleaded guilty to charges stemming from a ransomware campaign that disrupted public services across several US cities, including a major 2019 attack in Baltimore.

The US Department of Justice announced that 37-year-old Sina Gholinejad admitted to computer fraud and conspiracy to commit wire fraud, offences that carry a maximum combined sentence of 30 years.

Rather than targeting private firms, Gholinejad and his accomplices deployed Robbinhood ransomware against local governments, hospitals and non-profit organisations from early 2019 to March 2024.

The attack on Baltimore alone resulted in over $19 million in damage and halted critical city functions such as water billing, property tax collection and parking enforcement.

Instead of simply locking data, the group demanded Bitcoin ransoms and occasionally threatened to release sensitive files. Cities including Greenville, Gresham and Yonkers were also affected.

Although no state affiliation has been confirmed, US officials have previously warned of cyber activity tied to Iran, allegations Tehran continues to deny.

Gholinejad was arrested at Raleigh-Durham International Airport in January 2025. The FBI led the investigation, with support from Bulgarian authorities. Sentencing is scheduled for August.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers are selling 94 billion stolen cookies on Telegram

Cybercriminals are trading nearly 94 billion stolen browser cookies on Telegram, with over 20% still active and capable of granting direct access to user accounts.

These cookies, essential for keeping users logged in and websites functioning smoothly, are being repurposed as tools for account hijacking, bypassing login credentials and putting personal data at risk. Security experts warn that hundreds of millions of users globally could be exposed.

The data, revealed by cybersecurity firm NordVPN, shows that the theft spans 253 countries, with Brazil, India, Indonesia, Vietnam, and the US among the most affected.

Google services were the prime target, with over 4.5 billion stolen cookies linked to Google accounts, followed by YouTube, Microsoft, and Bing. Many of these cookies contain session IDs and user identifiers, which allow hackers to impersonate users and access their online accounts without detection.

The surge in cookie theft marks a 74% increase over the previous year, driven largely by the spread of malware. Redline, Vidar, and LummaC2 are among the most prolific infostealers, collectively responsible for over 60 billion stolen cookies.

These malware strains extract saved data from browsers and often act as gateways for more advanced cyberattacks.

New strains like RisePro, Stealc, Nexus, and Rhadamanthys are also emerging, designed to steal browser credentials and banking data more efficiently.

Many of these stolen cookies are being exchanged on Telegram channels, raising alarm about the app’s misuse. In response, Telegram stated:

The sale of private data is expressly forbidden by Telegram’s terms of service and is removed whenever discovered. Moderators empowered with custom AI and machine learning tools proactively monitor public parts of the platform and accept reports to remove millions of pieces of harmful content each year.’

With cookie theft becoming an increasingly common tactic, experts urge users to regularly clear cookies, use secure browsers, and consider additional protective measures to guard their digital identity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nordic shift to cash sparks crypto debate

Sweden and Norway are urging citizens to keep using cash amid rising fears of cyberattacks and geopolitical instability. Once global leaders in cashless transactions, both countries are now rethinking their heavy reliance on digital payments.

The move comes as concerns grow over potential network failures and the need for resilient offline alternatives.

Vitalik Buterin, co-founder of Ethereum, has weighed in on the issue, highlighting the risks of centralised systems. He argued that the fragility of such infrastructures makes physical cash essential during crises.

However, he also sees a future role for Ethereum, if the network becomes robust, private, and decentralised enough to function as a reliable alternative.

For Ethereum to support national payment systems in emergencies, Buterin noted that it must improve its resilience and privacy. The platform has added upgrades, but challenges like scalability and high transaction costs still hinder mass adoption.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Quantum computers might break Bitcoin security faster than thought

Google researchers have revealed that breaking RSA encryption—the technology securing crypto wallets—requires far fewer quantum resources than previously thought. The team found cracking 2048-bit RSA could take under a week using fewer than a million noisy qubits, 20 times less than previously estimated.

Currently, quantum computers like IBM’s Condor and Google’s Sycamore operate with far fewer qubits, so crypto assets remain safe for now. The significance lies in the rapid pace of improvement in quantum computing capabilities, which calls for increased vigilance.

The breakthrough stems from improved algorithms that speed up key calculations and smarter error correction methods. Researchers also enhanced ‘magic state cultivation,’ a technique that boosts quantum operation efficiency by reducing resource waste.

Bitcoin relies on elliptic curve cryptography, similar in principle to RSA. If quantum computers can crack RSA sooner, Bitcoin’s security timeline could be shortened.

Efforts like Project 11’s quantum Bitcoin bounty highlight ongoing research to test the threat’s urgency.

Quantum threats extend beyond crypto, affecting global secure communications, banking, and digital signatures. Google has begun encrypting more traffic with quantum-resistant protocols in preparation for this shift.

Despite rapid progress, challenges remain. Quantum computers must maintain stability and coherence for long periods to execute complex operations. Currently, this remains a major hurdle, so there is no immediate threat.

It seems likely the first quantum-resistant blockchain upgrades will arrive well before any quantum attack on Bitcoin’s network.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Manhattan man accused of holding victim for Bitcoin credentials

A Manhattan-based crypto investor has been charged with kidnapping an Italian man. He allegedly tortured the victim in an attempt to gain access to his Bitcoin wallet.

John Woeltz, 37, was arrested on 24 May and later appeared in court, where he pleaded not guilty to four felony charges, including kidnapping for ransom.

Police said the 28-year-old victim was held inside a rented townhouse in Soho after arriving in the US on 6 May. He was allegedly beaten, electroshocked, and threatened with a firearm when he refused to give up his wallet credentials.

The man eventually escaped and contacted the authorities. Photographs found at the scene appeared to show signs of ongoing abuse.

A woman was also taken into custody, although no charges were filed against her. Investigators have not confirmed whether any cryptocurrency was taken or what the relationship between the parties may have been.

The case comes as more crypto executives and investors seek private security due to a rise in ransom threats. In France, authorities have introduced extra protections for those in the crypto industry.

These measures follow several kidnapping incidents, including the abduction of Ledger co-founder David Balland earlier this year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI agents bring new security risks to crypto

AI agents are becoming common in crypto, embedded in wallets, trading bots and onchain assistants that automate decisions and tasks. At the core of many AI agents lies the Model Context Protocol (MCP), which controls their behaviour and interactions.

While MCP offers flexibility, it also opens up multiple security risks.

Security researchers at SlowMist have identified four main ways attackers could exploit AI agents via malicious plugins. These include data poisoning, JSON injection, function overrides, and cross-MCP calls, all of which can manipulate or disrupt an agent’s operations.

Unlike poisoning AI models during training, these attacks target real-time interactions and plugin behaviour.

The number of AI agents in crypto is growing rapidly, expected to reach over one million in 2025. Experts warn that failing to secure the AI layer early could expose crypto assets to serious threats, such as private key leaks or unauthorised access.

Developers are urged to enforce strict plugin verification, sanitise inputs, and apply least privilege access to prevent these vulnerabilities.

Building AI agents quickly without security measures risks costly breaches. While adding protections may be tedious, experts agree it is essential to protect crypto wallets and funds as AI agents become more widespread.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Agentic AI could accelerate and automate future cyberattacks, Malwarebytes warns

A new report by Malwarebytes warns that the rise of agentic AI will significantly increase the frequency, sophistication, and scale of cyberattacks.

Since the launch of ChatGPT in late 2022, threat actors have used generative AI to write malware, craft phishing emails, and execute realistic social engineering schemes.

One notable case from January 2024 involved a finance employee who was deceived into transferring $25 million during a video call with AI-generated deepfakes of company executives.

Criminals have also found ways to bypass safety features in AI models using techniques such as prompt chaining, injection, and jailbreaking to generate malicious outputs.

While generative AI has already lowered the barrier to entry for cybercrime, the report highlights that agentic AI—capable of autonomously executing complex tasks—poses a far greater risk by automating time-consuming attacks like ransomware at scale.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber scams use a three-letter trap

Staying safe from cybercriminals can be surprisingly simple. While AI-powered scams grow more realistic, some signs are still painfully obvious.

If you spot the letters ‘.TOP’ in any message link, it’s best to stop reading and hit delete. That single clue is often enough to expose a scam in progress.

Most malicious texts pose as alerts about road tolls, deliveries or account issues, using trusted brand names to lure victims into clicking fake links.

The worst of these is the ‘.TOP’ top-level domain (TLD), which has become infamous for its role in phishing and scam operations. Although launched in 2014 for premium business use, its low cost and lack of oversight quickly made it a favourite among cyber gangs, especially those based in China.

Today, nearly one-third of all .TOP domains are linked to cybercrime — far surpassing the criminal activity seen on mainstream domains like ‘.com’.

Despite repeated warnings and an unresolved compliance notice from internet regulator ICANN, abuse linked to .TOP has only worsened.

Experts warn that it is highly unlikely any legitimate Western organisation would ever use a .TOP domain. If one appears in your messages, the safest option is to delete it without clicking.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!