Cybersecurity

Guns N’ Roses’ Slash quits X after account hacked to promote fake Solana meme coin 

Guns N’ Roses guitarist Slash has permanently quit the social media platform X after his account was repeatedly hacked to promote a Solana-based meme coin. The attack, which occurred on 2 April, involved hackers using his verified account to falsely present the coin, called GUNS, as an official Guns N’ Roses project.

In his farewell tweet, Slash explained that his decision was driven by the repeated hacks. He signalled a shift in how he intends to stay connected with fans. He encouraged followers to explore his presence on other platforms.

The hack came just after April Fool’s Day, with hackers posting several promotional messages about the fake GUNS coin. The posts, which were eventually deleted, claimed the coin would launch soon and announced a $1M investment. While the token is still live, its market value has plummeted to around $3,300.

For more information on these topics, visit diplomacy.edu.

Victims of AI-driven sex crimes in Korea continue to grow

South Korea is facing a sharp rise in AI-related digital sex crimes, with deepfake pornography and online abuse increasingly affecting young women and children.

According to figures released by the Ministry of Gender Equality and Family and the Women’s Human Rights Institute, over 10,000 people sought help last year, marking a 14.7 percent increase from 2023.

Women made up more than 70 percent of those who contacted the Advocacy Center for Online Sexual Abuse Victims.

The majority were in their teens or twenties, with abuse often occurring via social media, messaging apps, and anonymous platforms. A growing portion of victims, including children under 10, were targeted due to the easy accessibility of AI tools.

The most frequently reported issue was ‘distribution anxiety,’ where victims feared the release of sensitive or manipulated videos, followed by blackmail and illegal filming.

Deepfake cases more than tripled in one year, with synthetic content often involving the use of female students’ images. In one notable incident, a university student and his peers used deepfake techniques to create explicit fake images of classmates and shared them on Telegram.

With over 300,000 pieces of illicit content removed in 2024, authorities warn that the majority of illegal websites are hosted overseas, complicating efforts to take down harmful material.

The South Korean government plans to strengthen its response by expanding educational outreach, supporting victims further, and implementing new laws to prevent secondary harm by allowing the removal of personal information alongside explicit images.

For more information on these topics, visit diplomacy.edu.

Former Facebook executive says Meta misled over China

Former Facebook executive Sarah Wynn-Williams has accused Meta of compromising US national security to grow its business in China.

Testifying before the Senate Judiciary Committee, Wynn-Williams alleged that company executives misled employees, lawmakers, and the public about their dealings with the Chinese Communist Party.

Wynn-Williams claimed Meta aimed to gain favour in Beijing while secretly pursuing an $18 billion venture there.

In her remarks, Wynn-Williams said Meta removed the Facebook account of Chinese dissident Guo Wengui under pressure from Beijing. While the company maintains the removal was due to violations of its policies, she framed it as part of a broader pattern of submission to Chinese demands.

She also accused Meta of ignoring security warnings linked to the proposed Pacific Light Cable Network, a project that could have allowed China access to United States user data. According to her, the plans were only halted after lawmakers intervened.

Meta has denied the claims, calling her testimony false and out of touch with reality. A spokesperson noted that the company does not operate in China and that Mark Zuckerberg’s interest in the market had long been public.

The allegations arrive days before Meta’s major antitrust trial, which could result in the breakup of its ownership of Instagram and WhatsApp.

For more information on these topics, visit diplomacy.edu.

Microsoft pauses $1 billion data centre project in Ohio

Microsoft has announced it is ‘slowing or pausing’ some data centre construction projects, including a $1 billion plan in Ohio, amid shifting demand for AI infrastructure.

The company confirmed it would halt early-stage development on rural land in Licking County, near Columbus, and will repurpose two of the sites for farmland.

The decision follows Microsoft’s rapid scaling of infrastructure to meet the soaring demand for AI and cloud services, which has since softened. The company acknowledged that such large projects require continuous adaptation to align with customer needs.

While Microsoft did not specify other paused projects, it revealed the suspension of later stages of a Wisconsin data centre expansion.

The slowdown also coincides with changes in Microsoft’s partnership with OpenAI, with the two companies revising their agreement to allow OpenAI to build its own AI infrastructure. This move reflects broader trends in AI computing needs, which are expensive and energy-intensive.

Despite the pause in Ohio, Microsoft plans to invest over $80 billion in AI infrastructure this fiscal year, continuing its global expansion, though it will now strategically pace its growth to align with evolving business priorities.

Local officials in Licking County expressed their disappointment, as the area had been a hub for significant tech investments, including those from Google and Meta.

For more information on these topics, visit diplomacy.edu.

Brinc drones raises $75M to boost emergency drone tech

Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, has secured $75 million in fresh funding led by Index Ventures.

Known for its police and public safety drones, Brinc is scaling its presence across emergency services, with the new funds bringing total investment to over $157 million. The round also includes participation from Motorola Solutions, a major player in US security infrastructure.

The company, founded in 2017, is part of a growing wave of American drone startups benefiting from tightened restrictions on Chinese drone manufacturers.

Brinc’s drones are designed for rapid response in hard-to-reach areas and boast unique features, such as the ability to break windows or deliver emergency supplies.

The new partnership with Motorola will enable tighter integration into 911 call centres, allowing AI systems to dispatch drones directly to emergency scenes.

Despite growing competition from other US startups like Flock Safety and Skydio, Brinc remains confident in the market’s potential.

With its enhanced funding and Motorola collaboration, the company is aiming to position itself as a leader in AI-integrated public safety technology while helping shift drone manufacturing back to the US.

For more information on these topics, visit diplomacy.edu.

DeepSeek highlights the risk of data misuse

The launch of DeepSeek, a Chinese-developed LLM, has reignited long-standing concerns about AI, national security, and industrial espionage.

While issues like data usage and bias remain central to AI discourse, DeepSeek’s origins in China have introduced deeper geopolitical anxieties. Echoing the scrutiny faced by TikTok, the model has raised fears of potential links to the Chinese state and its history of alleged cyber espionage.

With China and the US locked in a high-stakes AI race, every new model is now a strategic asset. DeepSeek’s emergence underscores the need for heightened vigilance around data protection, especially regarding sensitive business information and intellectual property.

Security experts warn that AI models may increasingly be trained using data acquired through dubious or illicit means, such as large-scale scraping or state-sponsored hacks.

The practice of data hoarding further complicates matters, as encrypted data today could be exploited in the future as decryption methods evolve.

Cybersecurity leaders are being urged to adapt to this evolving threat landscape. Beyond basic data visibility and access controls, there is growing emphasis on adopting privacy-enhancing technologies and encryption standards that can withstand future quantum threats.

Businesses must also recognise the strategic value of their data in an era where the lines between innovation, competition, and geopolitics have become dangerously blurred.

For more information on these topics, visit diplomacy.edu.

Malware hidden in fake Office add-ins targets crypto users

Hackers are using bogus Microsoft Office extensions uploaded to SourceForge to spread malware. Cybersecurity firm Kaspersky has warned that the malware is designed to steal cryptocurrency.

One listing, posing as ‘officepackage,’ contains genuine Office add-ins. However, it also hides ClipBanker — a virus that swaps copied crypto wallet addresses with those belonging to attackers.

The malware tricks users by mimicking legitimate Office add-in pages, complete with download buttons and developer-style layouts. Once installed, ClipBanker monitors the clipboard and replaces wallet addresses without users’ knowledge.

It also gathers IP addresses, usernames, and system data, which it sends to the attackers via Telegram. In some cases, the virus checks for antivirus software or previous infections and self-deletes if detected.

Kaspersky noted that the malicious files are suspiciously small or padded with junk data to appear legitimate. While the primary goal is to steal cryptocurrency, attackers may sell access to infected systems to other malicious actors.

The malware’s interface is in Russian, and most victims so far — over 4,600 — have been located in Russia.

To stay safe, Kaspersky advises downloading software only from trusted sources. The company noted a growing trend of hackers hiding malware in pirated or unofficial software to exploit users chasing free apps.

For more information on these topics, visit diplomacy.edu.

Hydropower infrastructure vulnerable to cyberattacks

Cybersecurity threats to hydropower dams are becoming more frequent and severe, with attacks linked to state-backed actors from Iran, Russia, and elsewhere causing concern worldwide.

Recent incidents, including a major cyberattack on Hydro Quebec in 2023 and a thwarted attempt at Ethiopia’s Grand Renaissance Dam, show how vulnerable critical infrastructure has become.

The integration of Internet of Things (IoT) devices has only heightened these risks, expanding attack surfaces and introducing new vulnerabilities through outdated systems, dispersed equipment, and inconsistent security standards.

In the United States, authorities are growing increasingly alarmed at the lack of coordinated cybersecurity oversight for dams. Senator Ron Wyden, chairing a subcommittee hearing in April 2024, warned that many non-federal hydropower dams have never been audited for cybersecurity.

With only four cybersecurity experts overseeing 2,500 dams, and with outdated rules that only apply to internet-managed sites, he criticised the Federal Energy Regulatory Commission (FERC) for lacking the capacity and tools to safeguard the sector effectively.

Experts from the Idaho National Laboratory and FERC agree that the fragmented regulatory landscape poses a major challenge. Different agencies oversee various parts of dam operations, with no unified framework in place.

Cyberattacks on dams can cause more than just blackouts—they can also trigger devastating floods, disrupt water supplies, and endanger lives.

Calls are growing for Congress to address this vulnerability by improving funding, updating regulations, and implementing a national strategy to protect critical hydropower infrastructure from increasingly sophisticated cyber threats.

For more information on these topics, visit diplomacy.edu.

Adaptive Security raises millions to fight AI scams

OpenAI has made its first move into the cybersecurity space by co-leading a US$43 million Series A funding round for New York-based startup Adaptive Security.

The round was also backed by venture capital firm Andreessen Horowitz, highlighting growing investor interest in solutions aimed at tackling AI-driven threats.

Adaptive Security specialises in simulating social engineering attacks powered by AI, such as fake phone calls, text messages, and emails. These simulations are designed to train employees and identify weak points within an organisation’s defences.

With over 100 customers already on board, the platform is proving to be a timely solution as generative AI continues to fuel increasingly convincing cyber scams.

The funding will be used to scale up the company’s engineering team and enhance its platform to meet growing demand.

As AI-powered threats evolve, Adaptive Security aims to stay ahead of the curve by helping organisations better prepare their staff to recognise and respond to sophisticated digital deception.

For more information on these topics, visit diplomacy.edu.

Apple challenges UK government over encrypted iCloud access order

A British court has confirmed that Apple is engaged in legal proceedings against the UK government concerning a statutory notice linked to iCloud account encryption. The Investigatory Powers Tribunal (IPT), which handles cases involving national security and surveillance, disclosed limited information about the case, lifting previous restrictions on its existence.

The dispute centres on a government-issued Technical Capability Notice (TCN), which, according to reports, required Apple to provide access to encrypted iCloud data for users in the UK. Apple subsequently removed the option for end-to-end encryption on iCloud accounts in the region earlier this year. While the company has not officially confirmed the connection, it has consistently stated it does not create backdoors or master keys for its products.

The government’s position has been to neither confirm nor deny the existence of individual notices. However, in a rare public statement, a government spokesperson clarified that TCNs do not grant direct access to data and must be used in conjunction with appropriate warrants and authorisations. The spokesperson also stated that the notices are designed to support existing investigatory powers, not expand them.

The IPT allowed the basic facts of the case to be released following submissions from media outlets, civil society organisations, and members of the United States Congress. These parties argued that public interest considerations justified disclosure of the case’s existence. The tribunal concluded that confirming the identities of the parties and the general subject matter would not compromise national security or the public interest.

Previous public statements by US officials, including the former President and the current Director of National Intelligence, have acknowledged concerns surrounding the TCN process and its implications for international technology companies. In particular, questions have been raised regarding transparency and oversight of such powers.

Legal academics and members of the intelligence community have also commented on the broader implications of government access to encrypted platforms, with some suggesting that increased openness may be necessary to maintain public trust.

The case remains ongoing. Future proceedings will be determined once both parties have reviewed a private judgment issued by the court. The IPT is expected to issue a procedural timetable following input from both Apple and the UK Home Secretary.

For more information on these topics, visit diplomacy.edu.