Cybercrime

Apple support scam targets users with real tickets

Cybercriminals are increasingly exploiting Apple’s support system to trick users into surrendering their accounts. Fraudsters open real support tickets in a victim’s name, which triggers official Apple emails and creates a false sense of legitimacy. These messages appear professional, making it difficult for users to detect the scam.

Victims often receive a flood of alerts, including two-factor authentication notifications, followed by phone calls from callers posing as Apple agents. The scammers guide users through steps that appear to secure their accounts, often directing them to convincing fake websites that request sensitive information.

Entering verification codes or following instructions on these fraudulent pages gives attackers access to the account. Even experienced users can fall prey because the emails come from official Apple domains, and the phone calls are carefully scripted to build trust.

Experts recommend checking support tickets directly within your Apple ID account, never sharing verification codes, and reviewing all devices linked to your account. Using antivirus software, activating two-factor authentication, and limiting personal information online further strengthen protection against such sophisticated phishing attacks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore and the EU advance their digital partnership

The European Union met Singapore in Brussels for the second Digital Partnership Council, reinforcing a joint ambition to strengthen cooperation across a broad set of digital priorities.

Both sides expressed a shared interest in improving competitiveness, expanding innovation and shaping common approaches to digital rules instead of relying on fragmented national frameworks.

Discussions covered AI, cybersecurity, online safety, data flows, digital identities, semiconductors and quantum technologies.

Officials highlighted the importance of administrative arrangements in AI safety. They explored potential future cooperation on language models, including the EU’s work on the Alliance for Language Technologies and Singapore’s Sea-Lion initiative.

Efforts to protect consumers and support minors online were highlighted, alongside the potential role of age verification tools.

Further exchanges focused on trust services and the interoperability of digital identity systems, as well as collaborative research on semiconductors and quantum technologies.

Both sides emphasised the importance of robust cyber resilience and ongoing evaluation of cybersecurity risks, rather than relying on reactive measures. The recently signed Digital Trade Agreement was welcomed for improving legal certainty, building consumer trust and reducing barriers to digital commerce.

The meeting between the EU and Singapore confirmed the importance of the partnership in supporting economic security, strengthening research capacity and increasing resilience in critical technologies.

It also reflected the wider priorities outlined in the European Commission’s International Digital Strategy, which placed particular emphasis on cooperation with Asian partners across emerging technologies and digital governance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Poetic prompts reveal gaps in AI safety, according to study

Researchers in Italy have found that poetic language can weaken the safety barriers used by many leading AI chatbots.

A work by Icaro Lab, part of DexAI, that examined whether poems containing harmful requests could provoke unsafe answers from widely deployed models across the industry. The team wrote twenty poems in English and Italian, each ending with explicit instructions that AI systems are trained to block.

The researchers tested the poems on twenty-five models developed by nine major companies. Poetic prompts produced unsafe responses in more than half of the tests.

Some models appeared more resilient than others. OpenAI’s GPT-5 Nano avoided unsafe replies in every case, while Google’s Gemini 2.5 Pro generated harmful content in all tests. Two Meta systems produced unsafe responses to twenty percent of the poems.

Researchers also argue that poetic structure disrupts the predictive patterns large language models rely on to filter harmful material. The unconventional rhythm and metaphor common in poetry make the underlying safety mechanisms less reliable.

Additionally, the team warned that adversarial poetry can be used by anyone, which raises concerns about how easily safety systems may be manipulated in everyday use.

Before releasing the study, the researchers contacted all companies involved and shared the full dataset with them.

Anthropic confirmed receipt and stated that it was reviewing the findings. The work has prompted debate over how AI systems can be strengthened as creative language becomes an increasingly common method for attempting to bypass safety controls.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Europol backs major takedown of Cryptomixer in Switzerland

Europol has supported a coordinated action week in Zurich, where Swiss and German authorities dismantled the illegal cryptocurrency mixing service Cryptomixer.

Three servers were seized in Switzerland, together with the cryptomixer.io domain, leading to the confiscation of more than €25 million in Bitcoin and over 12 terabytes of operational data.

Cryptomixer operated on both the clear web and the dark web, enabling cybercriminals to conceal the origins of illicit funds. The platform has mixed over €1.3 billion in Bitcoin since 2016, aiding ransomware groups, dark web markets, and criminals involved in drug trafficking, weapons trafficking, and credit card fraud.

Its randomised pooling system effectively blocked the traceability of funds across the blockchain.

Mixing services, such as Cryptomixer, are used to anonymise illegal funds before moving them to exchanges or converting them into other cryptocurrencies or fiat. The takedown halts further laundering and disrupts a key tool used by organised cybercrime networks.

Europol facilitated information exchange through the Joint Cybercrime Action Taskforce and coordinated operational meetings throughout the investigation. The agency deployed cybercrime specialists on the final day to provide on-site support and forensics.

Earlier efforts included support for the 2023 takedown of Chipmixer, then the largest mixer of its kind.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Coupang breach prompts scrutiny from South Korean regulators

South Korea is examining a significant data breach at Coupang after the retailer confirmed exposure of personal details linked to millions of users. Officials say the incident involves only domestic accounts. Regulators have opened a formal investigation.

Coupang first reported a small number of affected users, then revised its estimate to 33.7 million. The firm states that the leaked data includes names and contact details. It maintains that passwords and payment information remain secure.

Authorities believe the breach may date back several months and may involve an overseas server. Local media reports suspicion of a former employee in China. Investigators are assessing whether safety rules were breached.

The incident adds to a series of cyberattacks on major firms in South Korea this year. Commentators say repeated lapses point to structural weaknesses. Previous breaches at SK Telecom and Lotte Card remain fresh in public memory.

Coupang has apologised and warned customers to watch for scams using stolen information. Regulators pledge to enforce swiftly if violations are confirmed. The case has reignited debate over corporate safeguards and national cyber resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

South Korea retailer admits worst-ever data leak

Coupang disclosed a major data breach on 30 November 2025 that exposed 33.7 million customer accounts. The leaked data includes names, email addresses, phone numbers, shipping addresses and some order history but excludes payment or login credentials.

The company said it first detected unauthorised access on 18 November. Subsequent investigations revealed that attacks likely began on 24 June through overseas servers and may involve a former employee’s still-active authentication key.

South Korean authorities launched an emergency probe to determine if Coupang violated data-protection laws. The government warned customers to stay alert to phishing and fraud attempts using the leaked information.

Cybersecurity experts say the breach may be one of the worst personal-data leaks in Korean history. Critics claim the incident underlines deep structural weaknesses in corporate cybersecurity practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Fraud and scam cases push FIDReC workloads to new highs

FIDReC recorded 4,355 claims in FY2024/2025, marking its highest volume in twenty years and a sharp rise from the previous year. Scam activity and broader dispute growth across financial institutions contributed to the increase. Greater public awareness of the centre’s role also drove more filings.

Fraud and scam disputes climbed to 1,285 cases, up more than 50% and accounting for nearly half of all claims. FIDReC accepted 2,646 claims for handling, with early resolution procedures reducing formal caseload growth. The phased approach encourages direct negotiation between consumers and providers.

Chief Executive Eunice Chua said rising claim volumes reflect fast-evolving financial risks and increasingly complex products. National indicators show similar pressures, with Singapore ranked second globally for payment card scams. Insurance fraud reports also continued to grow during the year.

Compromised credentials accounted for most scam-related cases, often involving unauthorised withdrawals or card charges. Consumers reported incidents without knowing how their details were obtained. The share of such complaints rose markedly compared with the previous year.

Banks added safeguards on large digital withdrawals as part of wider anti-scam measures. Regulators introduced cooling-off periods, stronger information sharing and closer monitoring of suspicious activity. Authorities say the goal is to limit exposure to scams and reinforce public confidence.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Concerns grow over WhatsApp rules as Italy probes Meta AI practices

Italy’s competition authority has launched an investigation into Meta over potential dominance in AI chatbots. Regulators are reviewing the new WhatsApp Business terms and upcoming Meta AI features. They say the changes could restrict rivals’ access to the platform.

Officials in Italy warn that the revised conditions may limit innovation and reduce consumer choice in emerging AI services. The concerns fall under Article 102 TFEU. The authority states that early action may be necessary to prevent distortions.

The case expands an existing Italian investigation into Meta and its regional subsidiaries. Regulators say technical integration of Meta AI could strengthen exclusionary effects. They argue that WhatsApp’s scale gives Meta significant structural advantages.

Low switching rates among users may entrench Meta’s market position further in Italy and beyond. Officials say rival chatbot providers would struggle to compete if access is constrained. They warn that competition could be permanently harmed.

Meta has announced significant new AI investments in the United States. Italian regulators say this reflects the sector’s growing influence. They argue that strong oversight is needed to ensure fair access to key platforms.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU faces new battles over digital rights

EU policy debates intensified after Denmark abandoned plans for mandatory mass scanning in the draft Child Sexual Abuse Regulation. Advocates welcomed the shift yet warned that new age checks and potential app bans still threaten privacy.

France and the UK advanced consultations on good practice guidelines for cyber intrusion firms, seeking more explicit rules for industry responsibility. Civil society groups also marked two years of the Digital Services Act by reflecting on enforcement experience and future challenges.

Campaigners highlighted rising concerns about tech-facilitated gender violence during the 16 Days initiative. The Centre for Democracy and Technology launched fresh resources stressing encryption protection, effective remedies and more decisive action against gendered misinformation.

CDT Europe also criticised the Commission’s digital omnibus package for weakening safeguards under laws, including the AI Act. The group urged firm enforcement of existing frameworks while exploring better redress options for AI-related harms in the EU legislation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Mixpanel breach exposes limited OpenAI API metadata

OpenAI says a security incident at Mixpanel exposed limited metadata linked to the API interface. Mixpanel’s systems, not OpenAI’s, were compromised during the intrusion. No chat content, passwords, API keys, or payment information was affected.

Mixpanel told OpenAI that an attacker exported a dataset containing basic user profile fields. The information includes names, email addresses, coarse location data, and browser details. OpenAI has removed Mixpanel from production and is notifying impacted users.

OpenAI maintains that its internal infrastructure remains secure with no evidence of unauthorised access. Wider reviews across the vendor ecosystem are underway to assess potential risks. The company has raised security requirements for partners and continues to monitor for misuse.

Security teams warn that the leaked data could fuel phishing or social-engineering attempts. Users are urged to treat unsolicited messages with caution and verify communications sent under the OpenAI name. Multi-factor authentication remains strongly recommended for all accounts as an added safeguard.

OpenAI reiterates that trust and privacy remain core to its products and operations. The organisation has ended its use of Mixpanel and is reviewing supporting services to prevent similar issues. Impacted organisations will receive direct notifications as the investigation continues.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!