Cybercrime

Shadow AI becomes a new governance challenge for European organisations

Employees are adopting generative tools at work faster than organisations can approve or secure them, giving rise to what is increasingly described as ‘shadow AI‘. Unlike earlier forms of shadow IT, these tools can transform data, infer sensitive insights, and trigger automated actions beyond established controls.

For European organisations, the issue is no longer whether AI should be used, but how to regain visibility and control without undermining productivity, as shadow AI increasingly appears inside approved platforms, browser extensions, and developer tools, expanding risks beyond data leakage.

Security experts warn that blanket bans often push AI use further underground, reducing transparency and trust. Instead, guidance from EU cybersecurity bodies increasingly promotes responsible enablement through clear policies, staff awareness, and targeted technical controls.

Key mitigation measures include mapping AI use across approved and informal tools, defining safe prompt data, and offering sanctioned alternatives, with logging, least-privilege access, and approval steps becoming essential as AI acts across workflows.

With the EU AI Act introducing clearer accountability across the AI value chain, unmanaged shadow AI is also emerging as a compliance risk. As AI becomes embedded across enterprise software, organisations face growing pressure to make safe use the default rather than the exception.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU strengthens cyber defence after attack on Commission mobile systems

A cyber-attack targeting the European Commission’s central mobile infrastructure was identified on 30 January, raising concerns that staff names and mobile numbers may have been accessed.

The Commission isolated the affected system within nine hours instead of allowing the breach to escalate, and no mobile device compromise was detected.

Also, the Commission plans a full review of the incident to reinforce the resilience of internal systems.

Officials argue that Europe faces daily cyber and hybrid threats targeting essential services and democratic institutions, underscoring the need for stronger defensive capabilities across all levels of the EU administration.

CERT-EU continues to provide constant threat monitoring, automated alerts and rapid responses to vulnerabilities, guided by the Interinstitutional Cybersecurity Board.

These efforts support the broader legislative push to strengthen cybersecurity, including the Cybersecurity Act 2.0, which introduces a Trusted ICT Supply Chain to reduce reliance on high-risk providers.

Recent measures are complemented by the NIS2 Directive, which sets a unified legal framework for cybersecurity across 18 critical sectors, and the Cyber Solidarity Act, which enhances operational cooperation through the European Cyber Shield and the Cyber Emergency Mechanism.

Together, they aim to ensure collective readiness against large-scale cyber threats.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OpenClaw faces rising security pushback in South Korea

Major technology companies in South Korea are tightening restrictions on OpenClaw after rising concerns about security and data privacy.

Kakao, Naver and Karrot Market have moved to block the open-source agent within corporate networks, signalling a broader effort to prevent sensitive information from leaking into external systems.

Their decisions follow growing unease about how autonomous tools may interact with confidential material, rather than remaining contained within controlled platforms.

OpenClaw serves as a self-hosted agent that performs actions on behalf of a large language model, acting as the hands of a system that can browse the web, edit files and run commands.

Its ability to run directly on local machines has driven rapid adoption, but it has also raised concerns that confidential data could be exposed or manipulated.

Industry figures argue that companies are acting preemptively to reduce regulatory and operational risks by ensuring that internal materials never feed external training processes.

China has urged organisations to strengthen protections after identifying cases of OpenClaw running with inadequate safeguards.

Security analysts in South Korea warn that the agent’s open-source design and local execution model make it vulnerable to misuse, especially when compared to cloud-based chatbots that operate in more restricted environments.

Wiz researchers recently uncovered flaws in agents linked to OpenClaw that exposed personal information.

Despite the warnings, OpenClaw continues to gain traction among users who value its ability to automate complex tasks, rather than rely on manual workflows.

Some people purchase separate devices solely to run the agent, while an active South Korea community on X has drawn more than 1,800 members who exchange advice and share mitigation strategies.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

New Cyber Startup Programme unveiled as Infosecurity Europe boosts early innovation

Infosecurity Europe has launched a new Cyber Startup Programme to support early-stage cybersecurity innovation and strengthen ecosystem resilience. The initiative will debut at Infosecurity Europe 2026, offering founders and investors a dedicated experience focused on emerging technologies and growth.

The programme centres on a new Cyber Startups Zone, an exhibition area showcasing young companies and novel security solutions. Founders will gain industry visibility, along with tailored ticket access and curated networking.

Delivery will take place in partnership with UK Cyber Flywheel, featuring a dedicated founder- and investor-focused day on Tuesday 2 June. Sessions will cover scaling strategies, go-to-market planning, funding, and live pitching opportunities.

Infosecurity Europe will also introduce the Cyber Startup Award 2026, recognising early-stage firms with live products and growth potential. Finalists will pitch on stage, with winners receiving exhibition space, PR support, and a future-brand workshop.

Alongside the programme, the Cyber Innovation Zone, delivered with the UK Department for Science, Innovation and Technology, will spotlight innovative UK cybersecurity businesses and emerging technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Social engineering breach exposes 1.4 million Betterment customer records

Betterment has confirmed a data breach affecting around 1.4 million customers after a January 2026 social engineering attack on a third-party platform. Attackers used the access to send fraudulent crypto scam messages posing as official promotions.

The breach occurred after an employee was tricked into sharing login credentials, allowing unauthorised access to internal messaging systems rather than core investment infrastructure. Attackers used the access to send messages promising to multiply cryptocurrency deposits sent to external wallets.

Subsequent forensic analysis and breach monitoring services confirmed that more than 1.4 million unique records were exposed. Betterment said investment accounts and login credentials were not compromised during the incident.

Exposed information included names, email addresses, phone numbers, physical addresses, dates of birth, job titles, location data, and device metadata. Security experts warn that such datasets can enable targeted phishing, identity fraud, and follow-on social engineering campaigns.

Betterment revoked access the same day, notified customers, and launched an external investigation. The breach was formally added to public exposure databases in early February, highlighting the growing risk of human-focused attacks against financial platforms.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

User emails and phone numbers leaked in Substack security incident

Substack confirmed a data breach that exposed user email addresses and phone numbers. The company said passwords and financial information were not affected. The incident occurred in October and was later investigated.

Chief executive Chris Best told users the vulnerability was identified in February and has since been fixed, with an internal investigation now underway. The company has not disclosed the technical cause of the breach or why the intrusion went undetected for several months.

Substack also did not confirm how many users were affected or provide evidence showing whether the exposed data has been misused. Users were advised to remain cautious about unexpected emails and text messages following the incident.

The breach was first reported by TechCrunch, which said the company declined to provide further operational details. Questions remain around potential ransom demands or broader system access.

Substack reports more than 50 million active subscriptions, including 5 million paid users, and raised $100 million in Series C funding in 2025, led by BOND and The Chernin Group, with participation from Andreessen Horowitz and other investors.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU split widens over ban on AI nudification apps

European lawmakers remain divided over whether AI tools that generate non-consensual sexual images should face an explicit ban in the EU legislation.

The split emerged as debate intensified over the AI simplification package, which is moving through Parliament and the Council rather than remaining confined to earlier negotiations.

Concerns escalated after Grok was used to create images that digitally undressed women and children.

The EU regulators responded by launching an investigation under the Digital Services Act, and the Commission described the behaviour as illegal under existing European rules. Several lawmakers argue that the AI Act should name pornification apps directly instead of relying on broader legal provisions.

Lead MEPs did not include a ban in their initial draft of the Parliament’s position, prompting other groups to consider adding amendments. Negotiations continue as parties explore how such a restriction could be framed without creating inconsistencies within the broader AI framework.

The Commission appears open to strengthening the law and has hinted that the AI omnibus could be an appropriate moment to act. Lawmakers now have a limited time to decide whether an explicit prohibition can secure political agreement before the amendment deadline passes.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

TikTok access restored as Albania adopts new protective filters

Albania has lifted its temporary ban on TikTok after nearly a year, the government announced, saying that concerns about public, social and digital safety have now been addressed and that access will resume nationwide.

The restriction was introduced in March 2025 following a fatal stabbing linked to a social media dispute and aimed to protect younger users instead of exposing them to harmful online content.

Under the new arrangement, authorities are partnering with TikTok to introduce protective filters based on keywords and content controls and to strengthen reporting mechanisms for harmful material.

The government described the decision as a shift from restrictive measures to a phase of active monitoring, inter-institutional cooperation, and shared responsibility with digital platforms.

Although the ban has now been lifted, a court challenge contends that the earlier suspension violated the constitutional right to freedom of expression, and a ruling is expected later in February. Opposition figures also criticised the original ban when it was applied ahead of parliamentary elections.

Despite the formal ban, TikTok remained accessible to many users in Albania through virtual private networks during the year it was in force, highlighting the challenge of enforcing such blocks in practice.

Critics have also noted that addressing the impact on youth may require broader digital education and safety measures.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Info stealing malware spreads from Windows to macOS

Microsoft has warned that info stealing malware is increasingly targeting macOS alongside Windows, using cross platform tools and social engineering. The company said the trend accelerated from late 2025.

Attackers are luring macOS users to fake websites and malicious installers, often promoted through online ads. Microsoft said these campaigns steal credentials, crypto wallets and browser sessions on macOS and Windows.

Python based malware is also playing a larger role, enabling attackers to target macOS and Windows with the same code. Microsoft reported growing abuse of trusted platforms such as WhatsApp to spread infostealers.

Microsoft urged organisations and individuals to strengthen layered cybersecurity on macOS and Windows. The company said better user awareness and monitoring could reduce the risk of data theft and account compromise.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New multi-stage scams use PDF files to harvest corporate credentials

Phishing continues to succeed despite increasingly sophisticated AI-driven threats, with attackers relying on familiar tools such as PDFs and cloud services. Researchers have identified a new campaign using legitimate-looking documents to redirect victims to credential-harvesting pages impersonating Dropbox.

The attack starts with professional emails framed as procurement or tender requests. When recipients open the attached PDF, they are quietly redirected through trusted cloud infrastructure before reaching a fake Dropbox login page designed to steal corporate credentials.

Each stage appears legitimate in isolation, allowing the campaign to bypass standard filters and authentication checks. Business-style language, reputable hosting platforms, and realistic branding reduce suspicion while exploiting everyday workplace routines.

Security specialists warn that long-standing trust in PDFs and mainstream cloud services has lowered user vigilance. Employees have been conditioned to view these formats as safe, creating opportunities for attackers to weaponise familiar business tools.

Experts say phishing awareness must evolve beyond basic link warnings to reflect modern multi-stage attacks. Alongside training, layered defences such as multi-factor authentication and anomaly detection remain essential for limiting damage.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.