Cybercrime

Google urges users to update Chrome after V8 flaw patched

Google has patched a high-severity flaw in its Chrome browser with the release of version 139, addressing vulnerability CVE-2025-9132 in the V8 JavaScript engine.

The out-of-bounds write issue was discovered by Big Sleep AI, a tool built by Google DeepMind and Project Zero to automate vulnerability detection in real-world software.

Chrome 139 updates (Windows/macOS: 139.0.7258.138/.139, Linux: 139.0.7258.138) are now rolling out to users. Google has not confirmed whether the flaw is being actively exploited.

Users are strongly advised to install the latest update to ensure protection, as V8 powers both JavaScript and WebAssembly within Chrome.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Vulnerabilities in municipal software expose sensitive data in Wisconsin

Two critical vulnerabilities have been discovered in an accounting application developed by Workhorse Software and used by more than 300 municipalities in Wisconsin.

The first flaw, CVE-2025-9037, involved SQL server connection credentials stored in plain text within a shared network folder. The second, CVE-2025-9040, allowed backups to be created and restored from the login screen without authentication.

Both issues were disclosed by the CERT Coordination Centre at Carnegie Mellon University following a report from Sparrow IT Solutions. Exploitation could give attackers access to personally identifiable information such as Social Security numbers, financial records and audit logs.

Workhorse has since released version 1.9.4.48019 with security patches, urging municipalities to update their systems immediately. The incident underscores the risks posed by vulnerable software in critical public infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK colleges hit by phishing incident

Weymouth and Kingston Maurward College in Dorset is investigating a recent phishing attack that compromised several email accounts. The breach occurred on Friday, 15 August, during the summer holidays.

Spam emails were sent from affected accounts, though the college confirmed that personal data exposure was minimal.

The compromised accounts may have contained contact information from anyone who previously communicated with the college. Early detection allowed the college to lock down affected accounts promptly, limiting the impact.

A full investigation is ongoing, with additional security measures now in place to prevent similar incidents. The matter has been reported to the Information Commissioner’s Office (ICO).

Phishing attacks involve criminals impersonating trusted entities to trick individuals into revealing sensitive information such as passwords or personal data. The college reassured students, staff, and partners that swift action and robust systems limited the disruption.

The colleges, which merged just over a year ago, recently received a ‘Good’ rating across all areas in an Ofsted inspection, reflecting strong governance and oversight amid the cybersecurity incident.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers steal data from over a million Allianz customers

A data breach at Allianz Life exposed the personal information of around 1.1 million customers, including names, addresses, and dates of birth.

Hackers accessed a customer database hosted on Salesforce, stealing emails, phone numbers, and in some cases, Social Security numbers.

The company confirmed the breach in late July but has not specified the full scale of the incident while its investigation continues.

Cybercrime group ShinyHunters is believed to be behind the attack and is reportedly preparing a data leak site to extort victims.

Several global companies using Salesforce infrastructure, including Qantas and Workday, have reported similar incidents linked to the same hacking collective.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Bragg Gaming responds to cyber incident affecting internal systems

Bragg Gaming Group has confirmed a cybersecurity breach affecting its internal systems, discovered in the early hours of 16 August.

The company stated the breach has not impacted operations or customer-facing platforms, nor compromised any personal data so far.

External cybersecurity experts have been engaged to assist with mitigation and investigation, following standard industry protocols.

Bragg has emphasised its commitment to transparency and will provide updates as the investigation progresses via its official website.

The firm continues to operate normally, with all internal and external services reportedly unaffected by the incident at this time.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake Telegram Premium site spreads dangerous malware

A fake Telegram Premium website infects users with Lumma Stealer malware through a drive-by download, requiring no user interaction.

The domain, telegrampremium[.]app, hosts a malicious executable named start.exe, which begins stealing sensitive data as soon as it runs.

The malware targets browser-stored credentials, crypto wallets, clipboard data and system files, using advanced evasion techniques to bypass antivirus tools.

Obfuscated with cryptors and hidden behind real services like Telegram, the malware also communicates with temporary domains to avoid takedown.

Analysts warn that it manipulates Windows systems, evades detection, and leaves little trace by disguising its payloads as real image files.

To defend against such threats, organisations are urged to implement better cybersecurity controls, such as behaviour-based detection and enforce stronger download controls.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Bitcoin case deepens in Czech politics with arrest

Czech police have detained convicted drug trafficker Tomas Jirikovsky in connection with a $45 million Bitcoin donation that triggered a political crisis earlier this year. Assets linked to him were seized in raids by the National Centre for Combating Organised Crime.

Prosecutors confirmed the case is now focused on suspected money laundering and drug trafficking, separated from a more exhaustive investigation disclosed in May. Jirikovsky, identified as the donor of 468 Bitcoin to the Ministry of Justice, was taken into custody in Breclav.

Former Justice Minister Pavel Blazek accepted the donation without verifying its origins. He resigned in May after revelations that Jirikovsky was behind the transfer. An audit later concluded the ministry should never have accepted the funds.

The scandal has shaken Czech politics, prompting a failed no-confidence vote and renewed calls from the opposition for further ministerial departures. Current Justice Minister Eva Decroix has pledged to release a detailed case timeline as scrutiny mounts before the October elections.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK links Lazarus Group to Lykke cryptocurrency theft

The British Treasury has linked state-backed North Korean hackers to a significant theft of Bitcoin, Ethereum, and other cryptocurrencies from the Swiss platform Lykke. The hack forced Lykke to suspend trading and enter liquidation, leaving founder Richard Olsen bankrupt and under legal scrutiny.

The Lazarus Group, Pyongyang’s cyber unit, has reportedly carried out a series of global cryptocurrency heists to fund weapons programmes and bypass international sanctions. Although evidence remains inconclusive, Stolen Lykke funds may have been laundered through crypto firms.

Regulators had previously warned that Lykke was not authorised to offer financial services in the UK. Over 70 customers have filed claims totalling £5.7 million in UK courts, while Olsen’s Swiss parent company entered liquidation last year.

He was declared bankrupt in January and faces ongoing criminal investigations in Switzerland.

The Lazarus Group continues to be implicated in high-profile cryptocurrency attacks worldwide, highlighting vulnerabilities in digital asset exchanges and the challenges authorities face in recovering stolen funds.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Top cybersecurity vendors double down on AI-powered platforms

The cybersecurity market is consolidating as AI reshapes defence strategies. Platform-based solutions replace point tools to cut complexity, counter AI threats, and ease skill shortages. IDC predicts that security spending will rise 12% in 2025 to $377 billion by 2028.

Vendors embed AI agents, automation, and analytics into unified platforms. Palo Alto Networks’ Cortex XSIAM reached $1 billion in bookings, and its $25 billion CyberArk acquisition expands into identity management. Microsoft blends Azure, OpenAI, and Security Copilot to safeguard workloads and data.

Cisco integrates AI across networking, security, and observability, bolstered by its acquisition of Splunk. CrowdStrike rebounds from its 2024 outage with Charlotte AI, while Cloudflare shifts its focus from delivery to AI-powered threat prediction and optimisation.

Fortinet’s platform spans networking and security, strengthened by Suridata’s SaaS posture tools. Zscaler boosts its Zero Trust Exchange with Red Canary’s MDR tech. Broadcom merges Symantec and Carbon Black, while Check Point pushes its AI-driven Infinity Platform.

Identity stays central, with Okta leading access management and teaming with Palo Alto on integrated defences. The companies aim to platformise, integrate AI, and automate their operations to dominate an increasingly complex cyberthreat landscape.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

North Korean hackers switch to ransomware in major cyber campaign

A North Korean hacking unit has launched a ransomware campaign targeting South Korea and other countries, marking a shift from pure espionage. Security firm S2W identified the subgroup, ‘ChinopuNK’, as part of the ScarCruft threat actor.

The operation began in July, utilising phishing emails and a malicious shortcut file within a RAR archive to deploy multiple malware types. These included a keylogger, stealer, ransomware, and a backdoor.

ScarCruft, active since 2016, has targeted defectors, journalists, and government agencies. Researchers say the move to ransomware indicates either a new revenue stream or a more disruptive mission.

The campaign has expanded beyond South Korea to Japan, Vietnam, Russia, Nepal, and the Middle East. Analysts note the group’s technical sophistication has improved in recent years.

Security experts advise monitoring URLs, file hashes, behaviour-based indicators, and ongoing tracking of ScarCruft’s tools and infrastructure, to detect related campaigns from North Korea and other countries early.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!