TransUnion, a US consumer credit reporting agency, has suffered a data breach, impacting the personal information of nearly 4.5 million Americans. The breach, detected on 30 July 2025, involved unauthorised access to a third-party application used in its US consumer support operations.
Although credit reports and core credit data were not exposed, specific personal details were compromised. TransUnion is offering affected customers free credit monitoring and fraud assistance. The agency highlighted its commitment to robust security measures and ongoing improvements. The incident follows previous breaches in 2022 and 2023, raising concerns about TransUnion’s overall data protection and third-party risks.
The recent TransUnion breach follows several high-profile data incidents involving third-party compromises. In June 2025, banking giant UBS was affected after its procurement provider Chain IQ was attacked.
In July, Allianz Life reported personal data theft from 1.4 million US customers via a third-party cloud-based CRM breach. Australian airline Qantas also disclosed a breach impacting nearly six million customers through a third-party service platform.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A threat group known as TAG-144 has stepped up cyberattacks on South American government agencies, researchers have warned.
The group, also called Blind Eagle and APT-C-36, has been active since 2018 and is linked to espionage and extortion campaigns. Recent activity shows a sharp rise in cybercrime, spear-phishing, often using spoofed government email accounts to deliver remote access trojans.
Analysts say the group has shifted towards more advanced methods, embedding malware inside image files through steganography. Payloads are then extracted in memory, allowing attackers to evade antivirus software and maintain access to compromised systems.
Colombian government institutions have been hit hardest, with stolen credentials and sensitive data raising concerns over both financial and national security risks. Security experts warn that TAG-144’s evolving tactics blur the line between organised crime and state-backed espionage.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Microsoft Threat Intelligence team has warned about a financially motivated threat actor known as Storm-0501. The group has been adapting tactics to steal data stored in the cloud and lock companies out of their systems. Essentially, these cloud-based ransomware tactics enable the threat actors to rapidly exfiltrate large volumes of data while destroying backups and demanding ransoms.
It was also found that they targeted subsidiaries lacking Microsoft security tools to evade detection, moved laterally across the network, and exploited an account that did not have multi-factor authentication enabled. After resetting the account’s password and registering their own Multi-Factor Authentication (MFA) method, they gained full access to the cloud environment, created a backdoor, and accessed critical assets. The hacker stole sensitive data, deleted backups, and demanded a ransom, demonstrating a calculated and strategic approach to breaching the organisation’s defences.
According to The Record, several security firms have reported that former ransomware hackers are now targeting data stored in the cloud. Over the past year, major breaches have involved the theft of data from providers such as Snowflake and Salesforce.
Recently, Google identified a campaign in which attackers used a third-party service to steal Salesforce data. Their goal was to obtain login credentials, allowing them to compromise victim environments further and potentially pivot into the systems of clients or partners, signalling a shift towards more strategic, credential-focused cloud attacks.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A phishing campaign exploits Microsoft Teams’ external communication features, with attackers posing as IT helpdesk staff to gain access to screen sharing and remote control. The method sidesteps traditional email security controls by using Teams’ default settings.
The attacks exploit Microsoft 365’s default external collaboration feature, which allows unauthenticated users to contact organisations. Axon Team reports attackers create malicious Entra ID tenants with .onmicrosoft.com domains or use compromised accounts to initiate chats.
Although Microsoft issues warnings for suspicious messages, attackers bypass these by initiating external voice calls, which generate no alerts. Once trust is established, they request screen sharing, enabling them to monitor victims’ activity and guide them toward malicious actions.
The highest risk arises where organisations enable external remote-control options, giving attackers potential full access to workstations directly through Teams. However, this eliminates the need for traditional remote tools like QuickAssist or AnyDesk, creating a severe security exposure.
Defenders are advised to monitor Microsoft 365 audit logs for markers such as ChatCreated, MessageSent, and UserAccepted events, as well as TeamsImpersonationDetected alerts. Restricting external communication and strengthening user awareness remain key to mitigating this threat.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
China’s Salt Typhoon cyberspies have stolen data from millions of Americans through a years-long intrusion into telecommunications networks, according to senior FBI officials. The campaign represents one of the most significant espionage breaches uncovered in the United States.
The Beijing-backed operation began in 2019 and remained hidden until last year. Authorities say at least 80 countries were affected, far beyond the nine American telcos initially identified, with around 200 US organisations compromised.
Targets included Verizon, AT&T, and over 100 current and former administration officials. Officials say the intrusions enabled Chinese operatives to geolocate mobile users, monitor internet traffic, and sometimes record phone calls.
Three Chinese firms, Sichuan Juxinhe, Beijing Huanyu Tianqiong, and Sichuan Zhixin Ruijie, have been tied to Salt Typhoon. US officials say they support China’s security services and military.
The FBI warns that the scale of indiscriminate targeting falls outside traditional espionage norms. Officials stress the need for stronger cybersecurity measures as China, Russia, Iran, and North Korea continue to advance their cyber operations against critical infrastructure and private networks.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
AI company Anthropic has reported that its chatbot Claude was misused in cyber incidents, including attempts to carry out hacking operations and employment-related fraud.
The firm said its technology had been used to help write malicious code and assist threat actors in planning attacks. However, it also stated that it could disrupt the activity and notify authorities. Anthropic said it is continuing to improve its monitoring and detection systems.
In one case, the company reported that AI-supported attacks targeted at least 17 organisations, including government entities. The attackers allegedly relied on the tool to support decision-making, from choosing which data to target to drafting ransom demands.
Experts note that the rise of so-called agentic AI, which can operate with greater autonomy, has increased concerns about potential misuse.
Anthropic also identified attempts to use AI models to support fraudulent applications for remote jobs at major companies. The AI was reportedly used to create convincing profiles, generate applications, and assist in work-related tasks once jobs had been secured.
Analysts suggest that AI can strengthen such schemes, but most cyber incidents still involve long-established techniques like phishing and exploiting software vulnerabilities.
Cybersecurity specialists emphasise the importance of proactive defence as AI tools evolve. They caution that organisations should treat AI platforms as sensitive systems requiring strong safeguards to prevent their exploitation.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A ransomware group has destroyed data and backups in a Microsoft Azure environment after exfiltrating sensitive information, which experts describe as a significant escalation in cloud-based attacks.
The threat actor, tracked as Storm-0501, gained complete control over a victim’s Azure domain by exploiting privileged accounts.
Microsoft researchers said the group used native Azure tools to copy data before systematically deleting resources to block recovery efforts.
After exfiltration, Storm-0501 used AzCopy to steal storage account contents and erase cloud assets. Immutable resources were encrypted instead.
The group later contacted the victim via Microsoft Teams using a compromised account to issue ransom demands.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Region of Gotland in Sweden was notified that Miljödata, a Swedish software provider used for managing sick leave and other HR-related records, had been hit by a cyberattack. Later that day, it was confirmed that sensitive personal data may have been leaked, although it remains unclear whether Region Gotland’s data was affected.
Miljödata, which provides systems handling medical certificates, rehabilitation plans, and work-related injuries, immediately isolated its systems and reported the incident to the police. The region of Gotland is one of several regions affected. Investigations are ongoing, and the region is closely monitoring the situation while following standard data protection procedures, according to HR Director Lotta Israelsson.
Swedish Minister for Civil Defence, Carl-Oskar Bohlin, confirmed that the full scope and consequences of the cyberattack remain unclear. Around 200 of Sweden’s 290 municipalities and 21 regions were reportedly affected, many of which use Miljödata systems to manage employee data such as medical certificates and rehabilitation plans.
Miljödata is working with external experts to investigate the breach and restore services. The government is closely monitoring the situation, with CERT-SE and the National Cybersecurity Centre providing support. A police investigation is underway. Bohlin emphasised the need for stronger cybersecurity and announced a forthcoming bill to tighten national cyber regulations.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Slovak software company specialising in cybersecurity has discovered a GenAI-powered ransomware named PromptLock in its latest research report. The researchers describe it as the ‘first known AI-powered ransomware’. Although it has not been observed in an actual attack, it is considered a proof of concept (PoC) or a work in progress.
Researchers also found that this type of ransomware may have the ability to exfiltrate, encrypt, and possibly even destroy data.
They noted: ‘The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes.’
The report highlights how AI tools have made it easier to create convincing phishing messages and deepfakes, lowering the barrier for less-skilled attackers. As ransomware becomes more widespread, often deployed by advanced persistent threat (APT) groups, AI is expected to increase both the scale and effectiveness of such attacks.
PromptLock demonstrates how AI can automate key ransomware stages, such as reconnaissance and data theft, faster than ever. The emergence of malware capable of adapting its tactics in real time signals a new and more dangerous frontier in cybercrime.
One involved a cybercriminal group using Claude to automate data theft and extortion, targeting 17 organisations. Another detailed how North Korean actors used Claude to create fake identities, pass interviews, and secure remote IT jobs to fund the regime. A third case involved a criminal using Claude to create sophisticated ransomware variants with strong encryption and advanced evasion techniques. Most attempts were detected and disrupted before being carried out.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Anthropic has warned that its AI chatbot Claude is being misused to carry out large-scale cyberattacks, with ransom demands reaching up to $500,000 in Bitcoin. Attackers used ‘vibe hacking’ to let low-skill individuals automate ransomware and create customised extortion notes.
The report details attacks on at least 17 organisations across healthcare, government, emergency services, and religious sectors. Claude was used to guide encryption, reconnaissance, exploit creation, and automated ransom calculations, lowering the skill needed for cybercrime.
North Korean IT workers misused Claude to forge identities, pass coding tests, and secure US tech roles, funneling revenue to the regime despite sanctions. Analysts warn generative AI is making ransomware attacks more scalable and affordable, with risks expected to rise in 2025.
Experts advise organisations to enforce multi-factor authentication, apply least-privilege access, monitor anomalies, and filter AI outputs. Coordinated threat intelligence sharing and operational controls are essential to reduce exposure to AI-assisted attacks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
