Cybercrime

Europe pressed to slow digital age-verification push amid privacy fears

Hundreds of academics urged governments to halt plans for mandatory age checks on social media, rather than accelerating deployment without assessing the risks.

The warning arrives as several European states consider restrictions on children’s access to online platforms and as companies promote verification tools such as live selfies or uploads of government-issued IDs.

Researchers argue that current systems expose people to privacy breaches, security vulnerabilities and malicious sites that ignore verification rules instead of offering meaningful protection.

They say scientific consensus has not yet formed on the benefits or harms of age-assurance technologies, making large-scale implementation premature and potentially discriminatory.

The letter stresses that any credible system would require cryptographic safeguards for every query, protecting data in transit rather than leaving identity checks to platforms without robust technical guarantees.

Academics believe such infrastructure would be complex to build globally and would create friction that many providers may refuse to adopt.

Concern escalated after early deployments in Italy and France, where verification is already mandatory.

Signatories, including Ronald Rivest and Bart Preneel, warn that governments risk introducing a socially unacceptable system that increases exposure to data misuse instead of ensuring children’s safety online.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Microsoft reveals OAuth redirection abuse powering new phishing attempts

Researchers at Microsoft have identified phishing activity that abuses legitimate OAuth redirection behaviour instead of relying on credential theft.

Threat actors create malicious applications within attacker-controlled tenants and configure redirect pages that lead victims from trusted authentication domains to malware-delivery sites.

A technique that has been used against government and public-sector organisations and is designed to bypass email and browser defences by embedding URLs that appear genuine.

The attack begins with lures themed around documents, financial matters or meeting requests, each containing OAuth URLs crafted to trigger silent authentication.

Validation errors, session checks and Conditional Access evaluations provide attackers with information about session status without granting access to tokens, yet still deliver the victim to a malicious landing page.

Once redirected, victims encounter phishing frameworks or are served ZIP files containing shortcut files and HTML-based loaders. These PowerShell commands launch system discovery and extract files used for DLL side-loading.

Executing a legitimate process allows a malicious DLL to load unseen, decrypt the final payload and establish a connection to a remote command-and-control server for hands-on keyboard activity.

Microsoft Entra has removed identified malicious OAuth applications, although related activity continues to appear.

Microsoft emphasises that OAuth redirection follows standards such as RFC 6749 and RFC 9700, meaning attackers cannot exploit normal protocol behaviour instead of software vulnerabilities.

Stronger governance of OAuth applications, tighter consent controls and cross-domain monitoring are required to prevent trusted authentication flows from being turned into delivery paths for phishing and malware.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Claude AI experiences temporary global outage

Anthropic’s AI chatbot, Claude, experienced a global outage, leaving users unable to access the platform. Visitors reported error messages indicating the system had broken down, though the company said it was working to resolve the issue.

The Claude API, used by other websites to integrate the chatbot, remained operational. Anthropic confirmed that the outage was limited to the Claude web interface and did not affect other integrations, emphasising that engineers were actively resolving the issue.

The outage, tracked by Down Detector, began around noon in the UK and affected users worldwide. Messages on the platform reassured users that Claude would return soon and that the problem had been identified and was being fixed.

The interruption comes at a sensitive time for Anthropic, as the company navigates heightened attention surrounding access to its Claude AI system. The situation unfolds amid broader discussions about the role of advanced AI tools in defence contexts, with industry players facing increasing scrutiny over their policies and partnerships.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum-safe security upgrades SIM and eSIM cards

Thales has successfully demonstrated a world-first capability that prepares 5G networks for the era of quantum computing. The test proved that SIM and eSIM cards can be remotely upgraded to support post-quantum cryptography, boosting security without disrupting services or user experience.

The breakthrough highlights the potential of crypto-agile networks to evolve securely as quantum threats emerge.

Replacing millions of devices is impractical, so Thales enables operators to deploy quantum-safe algorithms directly to existing devices. Remote upgrades preserve data and connectivity while instantly boosting security, keeping 5G networks resilient and trusted.

The demonstration reinforces Thales’ leadership in post-quantum cryptography, with dedicated research teams developing quantum-resistant methods and contributing to international standards, including NIST initiatives.

Operators can now protect long-term investments, secure critical services, and prepare for the next generation of quantum computing without operational disruptions.

Thales’ approach offers a practical roadmap for telecoms to adopt quantum-safe security today, ensuring continuity, trust, and resilience across mobile networks as digital threats evolve.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Central bank in Russia cracks down on crypto-enabled pyramid schemes

Russia’s central bank reports that two-thirds of pyramid scheme operators use crypto, with funds sent to over 4,600 fraudster-controlled wallets in 2025. Authorities identified 7,087 online scams last year, most of which used crypto and money mules to collect illicit funds.

Officials highlighted that these schemes typically operate without physical offices, engaging victims via social media, chat apps, and phone calls. Nearly 1,500 firms offered fake crypto investments, and 84% of scammers used cryptocurrency to raise funds, up from 77% in 2024.

The central bank has blocked 21,500 web pages and social media posts linked to fraudulent operators.

The government is fast-tracking regulations, warning that only licensed firms can offer investments to Russian retail investors. Authorities plan to continue monitoring sophisticated online schemes and enhance public awareness to combat crypto-enabled fraud.

Crypto markets remain active, with Bitcoin trading at $66,566, up 3.8%, and Ethereum at $1,990, up more than 6% in the past 24 hours.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Finance ministry in South Korea pledges reform for public crypto management

South Korea’s finance minister, Koo Yun-cheol, has pledged urgent reforms to how government agencies manage digital assets following high-profile failures in state custody.

Recent incidents revealed that police and tax authorities mishandled seized cryptocurrency, highlighting weaknesses in oversight and security practices. Authorities will review current management methods and implement measures to prevent future losses.

Operational risks around securing crypto in public institutions have become increasingly apparent. A notable case involved Seoul police in Gangnam losing access to 22 BTC, worth around $1.4 million, after failing to retain private keys and allowing a third-party firm to manage the assets.

Prosecutors are now investigating potential bribery linked to the case.

The government says it holds only digital assets acquired through lawful enforcement, such as seizures for unpaid taxes or criminal cases. The reforms aim to strengthen security, improve operational controls, and restore confidence in the public sector’s handling of crypto amid growing scrutiny.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Action-capable AI highlights new security challenges

AI agents are evolving from demos into autonomous tools, with OpenClaw emerging as a leading example. Unlike chatbots, these agents execute tasks directly, interacting with software and systems without constant human input.

The rise of action-capable AI introduces new security challenges. Agents can be manipulated through untrusted input or prompt injection. Persistent memory can also prolong mistakes or unintended behaviour.

The combination of access to sensitive data, external actions, and unverified content, sometimes called the ‘lethal trifecta’, amplifies risks, making careful configuration and oversight essential.

Self-hosted agents offer more control, while cloud-based versions simplify setup but shift security responsibility. Experts recommend running agents in isolated environments, limiting permissions, and requiring approval for sensitive actions.

These precautions reduce the chance of accidental or malicious harm while allowing users to experiment safely.

OpenClaw illustrates the potential of AI agents to automate workflows, handle repetitive tasks, and act proactively rather than passively advising. These tools show the future of consumer AI, but broader adoption requires stronger safety measures and awareness of risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Financial crime risks are reshaped by the rise of autonomous AI agents

Autonomous AI agents are transforming finance by executing transactions independently and speeding up workflows in digital assets and programmable finance. Software can manage wallets and move funds across blockchains in seconds, narrowing detection windows.

AI agents don’t create new crimes but increase speed and complexity, making accountability essential. Responsibility rests with developers, operators, and beneficiaries, with investigators tracing control, configuration, and economic benefit to determine liability.

Weak oversight or misconfigured rules can lead to significant compliance and enforcement consequences.

Investigations face new challenges as autonomous agents operate across multiple blockchains, decentralised exchanges, and global jurisdictions.

Real-time analytics and automated tracing are essential to link transactions to accountable actors before funds move. Governance architecture and monitoring systems increasingly serve as evidence in regulatory or criminal actions.

Institutions and law enforcement are using AI monitoring, anomaly detection, and automated containment systems. Autonomous AI impacts sanctions and national security, emphasising the need for human oversight alongside automation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Scotland considers new offence for AI intimate images

The Scottish government has launched a consultation proposing a specific criminal offence for creating AI-generated intimate images without consent. Existing Scots law covers the sharing of such photos, but ministers in Scotland say gaps remain around their creation.

The consultation in Scotland also seeks views on criminalising digital tools designed solely to produce intimate images and videos. Ministers aim to address harms linked to emerging AI technologies affecting women and girls across Scotland.

Additional proposals in Scotland include a statutory aggravation where domestic abuse involves a pregnant woman, requiring courts to treat such cases more seriously at sentencing. Measures to strengthen protections against spiking offences are also under review in Scotland.

Justice Secretary Angela Constance said responses in Scotland would inform future action to reduce violence against women and girls. The consultation also considers changes to non-harassment orders and examines whether further laws on non-fatal strangulation are needed in Scotland.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI misuse in online scams involving OpenAI models

OpenAI has reported new instances of its models being exploited in online scams and coordinated information campaigns. The company detailed actions to remove offending accounts and strengthen safeguards, highlighting misuse in fraud and deceptive content creation.

Several cases involved romance and ‘task’ scams, in which AI-generated messages built emotional engagement before requesting payment. One network, dubbed ‘Operation Date Bait,’ used chatbots to promote a fictitious dating service targeting young men in Indonesia.

Another, ‘Operation False Witness,’ saw actors posing as legal professionals to solicit advance fees for non-existent recovery services.

The report also outlined coordinated campaigns leveraging AI to produce articles, social media posts, and comments on geopolitical topics. In ‘Operation Trolling Stone,’ AI-generated content on a Russian arrest in Argentina was shared widely in multiple languages to mimic grassroots engagement.

OpenAI stressed that AI was sometimes used, but reach and account size largely drove engagement.

The company continues monitoring misuse and collaborates with partners and authorities to curb fraudulent or deceptive activity. Systems have been updated to decline policy-violating requests, and not all suspicious content online was generated using its tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.