Cybersecurity

Hackers exploit flaw in two million Cisco devices

Hackers have targeted up to two million Cisco devices using a newly disclosed vulnerability in the company’s networking software. The flaw, tracked as CVE-2025-20352, affects all supported versions of Cisco IOS and IOS XE, which power many routers and switches.

Cisco confirmed that attackers have exploited the weakness in the wild, crashing systems, implanting malware, and potentially extracting sensitive data. The campaign builds on previous activity by the same threat group, which has also exploited Cisco Adaptive Security Appliance devices.

Attackers gained access after local administrator credentials were compromised, allowing them to implant malware and execute commands. The company’s Product Security Incident Response Team urged customers to upgrade immediately to fixed software releases to secure their systems.

The Canadian Centre for Cyber Security has warned organisations about sophisticated malware exploiting flaws in outdated Cisco ASA devices, urging immediate patching and stronger defences to protect critical systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Semicon Coalition unites EU on chip strategy and autonomy

European ministers have signed the Declaration of the Semicon Coalition, calling for a revised EU Chips Act 2.0 to boost semiconductor resilience, innovation, and competitiveness. The declaration outlines five priorities: collaboration, investment, skills, sustainability, and global partnerships.

The coalition, launched by the Netherlands in March, includes Austria, Belgium, Finland, France, Germany, Italy, Poland, and Spain. Other EU states joined today in Brussels, where Dutch minister Vincent Karremans presented the declaration to the European Commission.

Over fifty leading European and international semiconductor players have endorsed the declaration. This support strengthens momentum for placing end-markets at the core of the EU’s semiconductor strategy and aligns with Mario Draghi’s report on competitiveness.

The priorities include aligning EU and national funding, accelerating approvals for strategic projects, building a skilled talent pipeline, and promoting circular, energy-efficient manufacturing. International partnerships will also be deepened while safeguarding European strategic autonomy.

Minister Karremans said the strategy demonstrates Europe’s response to global tensions and its commitment to boosting semiconductor capacity, research funding, and readiness for demand in AI, automotive, energy, and defense.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Sam Altman predicts AGI could arrive before 2030

OpenAI CEO Sam Altman has warned that AI could soon automate up to 40 percent of the tasks humans currently perform. He made the remarks in an interview with German newspaper Die Welt, highlighting the potential economic shift AI will trigger.

Altman described OpenAI’s latest model, GPT-5, as the most advanced yet and claimed it is ‘smarter than me and most people’. He said artificial general intelligence (AGI), capable of outperforming humans in all areas, could arrive before 2030.

Instead of focusing on job losses, Altman suggested examining the percentage of tasks that AI will automate. He predicted that 30 to 40 per cent of tasks currently carried out by humans may soon be completed by AI systems.

These comments contribute to the growing debate about the societal impact of AI, with mass layoffs already being linked to automation. Altman emphasised that this wave of change will reshape economies and workplaces, requiring businesses and governments to prepare for disruption.

As AGI approaches, Altman urged individuals to focus on acquiring in-demand skills to stay relevant in an AI-enabled economy. The relationship between humans and machines, he said, will be permanently reshaped by these developments.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum leap as Caltech builds 6,100-qubit processor

A team of physicists at the California Institute of Technology has unveiled a quantum computing breakthrough, creating an array of 6,100 qubits, the largest of its kind to date.

The leap surpasses previous systems, which typically contained around a thousand qubits, and marks a step closer to practical quantum algorithms.

Researchers used caesium atoms as qubits, trapping them with laser tweezers inside an ultra-high-vacuum chamber.

These qubits maintained superposition for almost 13 seconds, nearly ten times longer than previous benchmarks. They could also be manipulated with 99.98 percent accuracy, proving that scaling up need not compromise precision.

Unlike classical bits, qubits exploit superposition, allowing a spread of probabilities instead of fixed binary states. It enables powerful computations but also demands error correction to overcome qubit fragility. The surplus qubits in this new array provide a path to large, error-corrected machines.

Physicists believe the next milestone will involve harnessing entanglement, enabling the shift from storing quantum information to processing it. If progress continues, quantum computers could soon revolutionise science by uncovering new materials, forms of matter, and fundamental laws of physics.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK supports JLR supply chain with £1.5 billion loan guarantee

The UK Government will guarantee a £1.5 billion loan to Jaguar Land Rover (JLR) in response to the cyber-attack that forced the carmaker to halt production.

An Export Development Guarantee, administered by UK Export Finance, will back a commercial bank loan repaid over five years to stabilise JLR’s finances and protect its supply chain.

Business Secretary Peter Kyle described the attack as a strike on the UK’s automotive sector and said the guarantee would safeguard jobs across the West Midlands, Merseyside and beyond.

Chancellor Rachel Reeves called JLR a ‘jewel in the crown’ of the UK economy, stressing that the package would protect tens of thousands of jobs directly and indirectly linked to the manufacturer.

JLR employs 34,000 people in the UK and supports an automotive supply chain of 120,000 workers, many in SMEs.

The guarantee forms part of the Government’s modern Industrial Strategy, which includes backing for electric vehicle adoption, reduced energy costs for manufacturers, and multi-billion-pound commitments to research and development.

An announcement follows ministerial visits to JLR headquarters and supplier Webasto, with ministers promising to keep working with industry leaders to get production back online and strengthen Britain’s automotive resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

The strategic shift toward open-source AI

The release of DeepSeek’s open-source reasoning model in January 2025, followed by the Trump administration’s July endorsement of open-source AI as a national priority, has marked a turning point in the global AI race, writes Jovan Kurbalija in his blog ‘The strategic imperative of open source AI’.

What once seemed an ideological stance is now being reframed as a matter of geostrategic necessity. Despite their historical reliance on proprietary systems, China and the United States have embraced openness as the key to competitiveness.

Kurbalija adds that history offers clear lessons that open systems tend to prevail. Just as TCP/IP defeated OSI in the 1980s and Linux outpaced costly proprietary operating systems in the 1990s, today’s open-source AI models are challenging closed platforms. Companies like Meta and DeepSeek have positioned their tools as the new foundations of innovation, while proprietary players such as OpenAI are increasingly seen as constrained by their closed architectures.

The advantages of open-source AI are not only philosophical but practical. Open models evolve faster through global collaboration, lower costs by sharing development across vast communities, and attract younger talent motivated by purpose and impact.

They are also more adaptable, making integrating into industries, education, and governance easier. Importantly, breakthroughs in efficiency show that smaller, smarter models can now rival giant proprietary systems, further broadening access.

The momentum is clear. Open-source AI is emerging as the dominant paradigm. Like the internet protocols and operating systems that shaped previous digital eras, openness is proving more ethical and strategically effective. As researchers, governments, and companies increasingly adopt this approach, open-source AI could become the backbone of the next phase of the digital world.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Persistent WordPress malware campaign hides as fake plugin to evade detection

A new malware campaign targets WordPress sites, utilising steganography and persistent backdoors to maintain unauthorised admin access. It uses two components that work together to maintain control.

The attack begins with malicious files disguised as legitimate WordPress components. These files are heavily obfuscated, create administrator accounts with hardcoded credentials, and bypass traditional detection tools. However, this ensures attackers can retain access even after security teams respond.

Researchers say the malware exploits WordPress plugin infrastructure and user management functions to set up redundant access points. It then communicates with command-and-control servers, exfiltrating system data and administrator credentials to attacker-controlled endpoints.

This campaign can allow threat actors to inject malicious code, redirect site visitors, steal sensitive data, or deploy additional payloads. Its persistence and stealth tactics make it difficult to detect, leaving websites vulnerable for long periods.

The main component poses as a fake plugin called ‘DebugMaster Pro’ with realistic metadata. Its obfuscated code creates admin accounts, contacts external servers, and hides by allowing known admin IPs.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI SHIELD unveiled to protect financial AI systems

Ant International has introduced AI SHIELD, a security framework to protect AI systems used in financial services. The toolkit aims to reduce risks such as fraud, bias, and misuse in AI applications like fraud detection, payment authorisation, and customer chatbots.

At the centre of AI SHIELD is the AI Security Docker, which applies safeguards throughout development and deployment. The framework includes authentication of AI agents, continuous monitoring to block threats in real time, and ongoing adversarial testing.

Ant said the system will support over 100 million merchants and 1.8 billion users worldwide across services like Alipay+, Antom, Bettr, and WorldFirst. It will also defend against deepfake attacks and account takeovers, with the firm claiming its EasySafePay 360 tool can cut such incidents by 90%.

The initiative is part of Ant’s wider role in setting industry standards, including its work with Google on the Agent Payments Protocol, which defines how AI agents transact securely with user approval.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

CISA warns of advanced campaign exploiting Cisco appliances in federal networks

US cybersecurity officials have issued an emergency directive after hackers breached a federal agency by exploiting critical flaws in Cisco appliances. CISA warned the campaign poses a severe risk to government networks.

Experts told CNN they believe the hackers are state-backed and operating out of China, raising alarm among officials. Hundreds of compromised devices are reportedly in use across the federal government, CISA stated, issuing a directive to rapidly assess the scope of this major breach.

Cisco confirmed it was urgently alerted to the breaches by US government agencies in May and quickly assigned a specialised team to investigate. The company provided advanced detection tools, worked intensely to analyse compromised environments, and examined firmware from infected devices.

Cisco stated that the attackers exploited multiple zero-day flaws and employed advanced evasion techniques. It suspects a link to the ArcaneDoor campaign reported in early 2024.

CISA has withheld details about which agencies were affected or the precise nature of the breaches, underscoring the gravity of the situation. Investigations are currently underway to contain the ongoing threat and prevent further exploitation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK government considers supplier aid after JLR cyberattack

Jaguar Land Rover (JLR) is recovering from a disruptive cyberattack, gradually bringing its systems back online. The company is focused on rebuilding its operations, aiming to restore confidence and momentum as key digital functions are restored.

JLR said it has boosted its IT processing capacity for invoicing to clear its payment backlog. The Global Parts Logistics Centre is also resuming full operations, restoring parts distribution to retailers.

The financial system used for processing vehicle wholesales has been restored, allowing the company to resume car sales and registration. JLR is collaborating with the UK’s NCSC and law enforcement to ensure a secure restart of operations.

Production remains suspended at JLR’s three UK factories in Halewood, Solihull, and Wolverhampton. The company typically produces around 1,000 cars a day, but staff have been instructed to stay at home since the August cyberattack.

The government is considering support packages for the company’s suppliers, some of whom are under financial pressure. A group identifying itself as Scattered Lapsus$ Hunters has claimed responsibility for the incident.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!