Cybersecurity

Tether CEO unveils offline password manager

Paolo Ardoino, CEO of Tether, has introduced PearPass, an open-source, offline password manager. The launch comes in response to the most significant credential breach on record, which exposed 16 billion passwords.

Ardoino criticised cloud storage, stating the time has come to abandon reliance on it for security.

The leaked data reportedly covers login details from major platforms like Apple, Meta, and Google, leaving billions vulnerable to identity theft and fraud. Experts have not yet identified the perpetrators but point to systemic flaws in cloud-based data protection.

PearPass is designed to operate entirely offline, storing credentials only on users’ devices without syncing to the internet or central servers. It aims to reduce the risks of mass hacking attempts targeting large cloud vaults.

The tool’s open-source nature allows transparency and encourages the adoption of safer, decentralised security methods.

Cybersecurity authorities urge users to change passwords immediately, enable multi-factor authentication, and monitor accounts closely.

As investigations proceed, PearPass’s launch renews the debate on personal data ownership and may set a new standard for password security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Africa reflects on 20 years of WSIS at IGF 2025

At the Internet Governance Forum (IGF) 2025, a high-level session brought together African government officials, private sector leaders, civil society advocates, and international experts to reflect on two decades of the continent’s engagement in the World Summit on the Information Society (WSIS) process. Moderated by Mactar Seck of the UN Economic Commission for Africa, the WSIS+20 Africa review highlighted both remarkable progress and ongoing challenges in digital transformation.

Seck opened the discussion with a snapshot of Africa’s connectivity leap from 2.6% in 2005 to 38% today. Yet, he warned, ‘Cybersecurity costs Africa 10% of its GDP,’ underscoring the urgency of coordinated investment and inclusion. Emphasising multi-stakeholder collaboration, he called for ‘inclusive policy-making across government, private sector, academia and civil society,’ aligned with frameworks such as the AU Digital Strategy and the Global Digital Compact.

Tanzania’s Permanent Secretary detailed the country’s 10-year National Digital Strategic Framework, boasting 92% 3G and 91% 4G coverage and regional infrastructure links. Meanwhile, Benin’s Hon. Adjara presented the Cotonou Declaration and proposed an African Digital Performance Index to monitor broadband, skills, cybersecurity, and inclusion. From the private sector, Jimson Odufuye called for ‘annual WSIS reviews at national level’ and closer alignment with Sustainable Development Goals, stating, “If we cannot measure progress, we cannot reach the SDGs.”

Gender advocate Baratang Pil called for a revision of WSIS action lines to include mandatory gender audits and demanded that ‘30% of national AI and DPI funding go to women-led tech firms.’ Youth representative Louvo Gray stressed the need for $100 billion to close the continent’s digital divide, reminding participants that by 2050, 42% of the world’s youth will be African. Philippe Roux of the UN Emerging Technology Office urged policymakers to focus on implementation over renegotiation: ‘People are not connected because it costs too much — we must address the demand side.’

The panel concluded with a call for enhanced continental cooperation and practical action. As Seck summarised, ‘Africa has the youth, knowledge, and opportunity to lead in the Fourth Industrial Revolution. We must make sure digital inclusion is not a slogan — it must be a shared commitment.’

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

Lawmakers at IGF 2025 call for global digital safeguards

At the Internet Governance Forum (IGF) 2025 in Norway, a high‑level parliamentary roundtable convened global lawmakers to tackle the pressing challenge of digital threats to democracy. Led by moderator Nikolis Smith, the discussion included Martin Chungong, Secretary‑General of the Inter‑Parliamentary Union (via video), and MPs from Norway, Kenya, California, Barbados, and Tajikistan. The central concern was how AI, disinformation, deepfakes, and digital inequality jeopardise truth, electoral integrity, and public trust.

Grunde Almeland, Member of the Norwegian Parliament, warned: ‘Truth is becoming less relevant … it’s hard and harder to pierce [confirmation‑bias] bubbles with factual debate and … facts.’ He championed strong, independent media, noting Norway’s success as “number one on the press freedom index” due to its editorial independence and extensive public funding. Almeland emphasised that legislation exists, but practical implementation and international coordination are key.

Kenyan Senator Catherine Mumma described a comprehensive legal framework—including cybercrime, data protection, and media acts—but admitted gaps in tackling misinformation. ‘We don’t have a law that specifically addresses misinformation and disinformation,’ she said, adding that social‑media rumours ‘[sometimes escalate] to violence’ especially around elections. Mumma called for balanced regulation that safeguards innovation, human rights, and investment in digital infrastructure and inclusion.

California Assembly Member Rebecca Bauer‑Kahn outlined her state’s trailblazing privacy and AI regulations. She highlighted a new law mandating watermarking of AI‑generated content and requiring political‑advert disclosures, although these face legal challenges as potentially ‘forced speech.’ Bauer‑Kahn stressed the need for ‘technology for good,’ including funding universities to develop watermarking and authentication tools—like Adobe’s system for verifying official content—emphasising that visual transparency restores trust.

Barbados MP Marsha Caddle recounted a recent deepfake falsely attributed to her prime minister, saying it risked ‘put[ting] at risk … global engagement.’ She promoted democratic literacy and transparency, explaining that parliamentary meetings are broadcast live to encourage public trust. She also praised local tech platforms such as Zindi in Africa, saying they foster home‑grown solutions to combat disinformation.

Tajikistan MP Zafar Alizoda highlighted regional disparities in data protections, noting that while EU citizens benefit from GDPR, users in Central Asia remain vulnerable. He urged platforms to adopt uniform global privacy standards: ‘Global platforms … must improve their policies for all users, regardless of the country of the user.’

Several participants—including John K.J. Kiarie, MP from Kenya—raised the crucial issue of ‘technological dumping,’ whereby wealthy nations and tech giants export harmful practices to vulnerable regions. Kiarie warned: ‘My people will be condemned to digital plantations… just like … slave trade.’ The consensus called for global digital governance treaties akin to nuclear or climate accords, alongside enforceable codes of conduct for Big Tech.

Despite challenges—such as balancing child protection, privacy, and platform regulation—parliamentarians reaffirmed shared goals: strengthening independent media, implementing watermarking and authentication technologies, increasing public literacy, ensuring equitable data protections, and fostering global cooperation. As Grunde Almeland put it: ‘We need to find spaces where we work together internationally… to find this common ground, a common set of rules.’ Their unified message: safeguarding democracy in the digital age demands national resilience and collective global action.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

Cybersecurity vs freedom of expression: IGF 2025 panel calls for balanced, human-centred digital governance

At the 2025 Internet Governance Forum in Lillestrøm, Norway, experts from government, civil society, and the tech industry convened to discuss one of the thorniest challenges of the digital age: how to secure cyberspace without compromising freedom of expression and fundamental human rights. The session, moderated by terrorism survivor and activist Bjørn Ihler, revealed a shared urgency across sectors to move beyond binary thinking and craft nuanced, people-centred approaches to online safety.

Paul Ash, head of the Christchurch Call Foundation, warned against framing regulation and inaction as the only options, urging legislators to build human rights safeguards directly into cybersecurity laws. Echoing him, Mallory Knodel of the Global Encryption Coalition stressed the foundational role of end-to-end encryption, calling it a necessary boundary-setting tool in an era where digital surveillance and content manipulation pose systemic risks. She warned that weakening encryption compromises privacy and invites broader security threats.

Representing the tech industry, Meta’s Cagatay Pekyrour underscored the complexity of moderating content across jurisdictions with over 120 speech-restricting laws. He called for more precise legal definitions, robust procedural safeguards, and a shift toward ‘system-based’ regulatory frameworks that assess platforms’ processes rather than micromanage content.

Meanwhile, Romanian regulator and former MP Pavel Popescu detailed his country’s recent struggles with election-related disinformation and cybercrime, arguing that social media companies must shoulder more responsibility, particularly in responding swiftly to systemic threats like AI-driven scams and coordinated influence operations.

While perspectives diverged on enforcement and regulation, all participants agreed that lasting digital governance requires sustained multistakeholder collaboration grounded in transparency, technical expertise, and respect for human rights. As the digital landscape evolves rapidly under the influence of AI and new forms of online harm, this session underscored that no single entity or policy can succeed alone, and that the stakes for security and democracy have never been higher.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

Spyware accountability demands Global South leadership at IGF 2025

At the Internet Governance Forum 2025 in Lillestrøm, Norway, a powerful roundtable titled ‘Spyware Accountability in the Global South’ brought together experts, activists, and policymakers to confront the growing threat of surveillance technologies in the world’s most vulnerable regions. Moderated by Nighat Dad of Pakistan’s Digital Rights Foundation, the session featured diverse perspectives from Mexico, India, Lebanon, the UK, and the private sector, each underscoring how spyware like Pegasus has been weaponised to target journalists, human rights defenders, and civil society actors across Latin America, South Asia, and the Middle East.

Ana Gaitán of R3D Mexico revealed how Mexican military forces routinely deploy spyware to obstruct investigations into abuses like the Ayotzinapa case. Apar Gupta from India’s Internet Freedom Foundation warned of the enduring legacy of colonial surveillance laws enabling secret spyware use. At the same time, Mohamad Najem of Lebanon’s SMEX explained how post-Arab Spring authoritarianism has fueled a booming domestic and export market for surveillance tools in the Gulf region. All three pointed to the urgent need for legal reform and international support, noting the failure of courts and institutions to provide effective remedies.

Representing regulatory efforts, Elizabeth Davies of the UK Foreign Commonwealth and Development Office outlined the Pall Mall Process, a UK-France initiative to create international norms for commercial cyber intrusion tools. Former UN Special Rapporteur David Kaye emphasised that such frameworks must go beyond soft law, calling for export controls, domestic legal safeguards, and litigation to ensure enforcement.

Rima Amin of Meta added a private sector lens, highlighting Meta’s litigation against NSO Group and pledging to reinvest any damages into supporting surveillance victims. Despite emerging international efforts, the panel agreed that meaningful spyware accountability will remain elusive without centring Global South voices, expanding technical and legal capacity, and bridging the North-South knowledge gap.

With spyware abuse expanding faster than regulation, the call from Lillestrøm was clear: democratic protections and digital rights must not be a privilege of geography.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

FC Barcelona documents leaked in ransomware breach

A recent cyberattack on French insurer SMABTP’s Spanish subsidiary, Asefa, has led to the leak of over 200GB of sensitive data, including documents related to FC Barcelona.

The ransomware group Qilin has claimed responsibility for the breach, highlighting the growing threat posed by such actors. With high-profile victims now in the spotlight, the reputational damage could be substantial for Asefa and its clients.

The incident comes amid growing concern among UK small and medium-sized enterprises (SMEs) about cyber threats. According to GlobalData’s UK SME Insurance Survey 2025, more than a quarter of SMEs have been influenced by media reports of cyberattacks when purchasing cyber insurance.

Meanwhile, nearly one in five cited a competitor’s victimisation as a motivating factor.

Over 300 organisations have fallen victim to Qilin in the past year alone, reflecting a broader trend in the rise of AI-enabled cybercrime.

AI allows cybercriminals to refine their methods, making attacks more effective and challenging to detect. As a result, companies are increasingly recognising the importance of robust cybersecurity measures.

With threats escalating, there is an urgent call for insurers to offer more tailored cyber coverage and proactive services. The breach involving FC Barcelona is a stark reminder that no organisation is immune and that better risk assessment and resilience planning are now business essentials.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Generative AI and the continued importance of cybersecurity fundamentals

The introduction of generative AI (GenAI) is influencing developments in cybersecurity across industries.

AI-powered tools are being integrated into systems such as end point detection and response (EDR) platforms and security operations centres (SOCs), while threat actors are reportedly exploring ways to use GenAI to automate known attack methods.

While GenAI presents new capabilities, common cybersecurity vulnerabilities remain a primary concern. Issues such as outdated patching, misconfigured cloud environments, and limited incident response readiness are still linked to most breaches.

Cybersecurity researchers have noted that GenAI is often used to scale familiar techniques rather than create new attack methods.

Social engineering, privilege escalation, and reconnaissance remain core tactics, with GenAI accelerating their execution. There are also indications that some GenAI systems can be manipulated to reveal sensitive data, particularly when not properly secured or configured.

Security experts recommend maintaining strong foundational practices such as access control, patch management, and configuration audits. These measures remain critical, regardless of the integration of advanced AI tools.

Some organisations may prioritise tool deployment over training, but research suggests that incident response skills are more effective when developed through practical exercises. Traditional awareness programmes may not sufficiently prepare personnel for real-time decision-making.

Some companies implement cyber drills that simulate attacks under realistic conditions to address this. These exercises can help teams practise protocols, identify weaknesses in workflows, and evaluate how systems perform under pressure. Such drills are designed to complement, not replace, other security measures.

Although GenAI is expected to continue shaping the threat landscape, current evidence suggests that most breaches stem from preventable issues. Ongoing training, configuration management, and response planning efforts remain central to organisational resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

IGF 2025 opens in Norway with focus on inclusive digital governance

Norway will host the 20th annual Internet Governance Forum (IGF) from 23 to 27 June 2025 in a hybrid format, with the main venue set at Nova Spektrum in Lillestrøm, just outside Oslo.

This milestone event marks two decades of the UN-backed forum that brings together diverse stakeholders to discuss how the internet should be governed for the benefit of all.

The overarching theme, Building Governance Together, strongly emphasises inclusivity, democratic values, and sustainable digital cooperation.

With participation expected from governments, the private sector, civil society, academia, and international organisations, IGF 2025 will continue to promote multistakeholder dialogue on critical topics, including digital trust, cybersecurity, AI, and internet access.

A key feature will be the IGF Village, where companies and organisations will showcase technologies and products aligned with global internet development and governance.

Norway’s Minister of Digitalisation and Public Governance, Karianne Oldernes Tung, underlined the significance of this gathering in light of current geopolitical tensions and the forthcoming WSIS+20 review later in 2025.

Reaffirming Norway’s support for the renewal of the IGF mandate at the UN General Assembly, Minister Tung called for unity and collaborative action to uphold an open, secure, and inclusive internet. The forum aims to assess progress and help shape the next era of digital policy.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

DeepSeek under fire for alleged military ties and export control evasion

The United States has accused Chinese AI startup DeepSeek of assisting China’s military and intelligence services while allegedly seeking to evade export controls to obtain advanced American-made semiconductors.

The claims, made by a senior US State Department official speaking anonymously to Reuters, add to growing concerns over the global security risks posed by AI.

DeepSeek, based in Hangzhou, China, gained international attention earlier this year after claiming its AI models rivalled those of leading United States firms like OpenAI—yet at a fraction of the cost.

However, US officials now say that the firm has shared data with Chinese surveillance networks and provided direct technological support to the People’s Liberation Army (PLA). According to the official, DeepSeek has appeared in over 150 procurement records linked to China’s defence sector.

The company is also suspected of transmitting data from foreign users, including Americans, through backend infrastructure connected to China Mobile, a state-run telecom operator. DeepSeek has not responded publicly to questions about these privacy or security issues.

The official further alleges that DeepSeek has been trying to access Nvidia’s restricted H100 AI chips by creating shell companies in Southeast Asia and using foreign data centres to run AI models on US-origin hardware remotely.

While Nvidia maintains it complies with export restrictions and has not knowingly supplied chips to sanctioned parties, DeepSeek is said to have secured several H100 chips despite the ban.

US officials have yet to place DeepSeek on a trade blacklist, though the company is under scrutiny. Meanwhile, Singapore has already charged three men with fraud in investigating the suspected illegal movement of Nvidia chips to DeepSeek.

Questions have also been raised over the credibility of DeepSeek’s technological claims. Experts argue that the reported $5.58 million spent on training their flagship models is unrealistically low, especially given the compute scale typically required to match OpenAI or Meta’s performance.

DeepSeek has remained silent amid the mounting scrutiny. Still, with the US-China tech race intensifying, the firm could soon find itself at the centre of new trade sanctions and geopolitical fallout.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Onnuri Church probes hack after broadcast hijacked by North Korean flag

A North Korean flag briefly appeared during a live-streamed worship service from one of Seoul’s largest Presbyterian churches, prompting an urgent investigation into what church officials are calling a cyberattack.

The incident occurred Wednesday morning during an early service at Onnuri Church’s Seobinggo campus in Yongsan, South Korea.

While Pastor Park Jong-gil was delivering his sermon, the broadcast suddenly cut to a full-screen image of the flag of North Korea, accompanied by unidentified background music. His audio was muted during the disruption, which lasted around 20 seconds.

The unexpected clip appeared on the church’s official YouTube channel and was quickly captured by viewers, who began sharing it across online platforms and communities.

On Thursday, Onnuri Church issued a public apology on its website and confirmed it was treating the event as a deliberate cyber intrusion.

‘An unplanned video was transmitted during the livestream of our early morning worship on 18 June. We believe this resulted from a hacking incident,’ the statement read. ‘An internal investigation is underway, and we are taking immediate measures to identify the source and prevent future breaches.’

A church official told Yonhap News Agency that the incident had been reported to the relevant authorities, and no demands or threats had been received regarding the breach. The investigation continues as the church works with authorities to determine the origin and intent of the attack.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!