Cybersecurity

UK health sector adopts AI while legacy tech lags

The UK’s healthcare sector has rapidly embraced AI, with adoption rising from 47% in 2024 to 94% in 2025, according to SOTI’s new report ‘Healthcare’s Digital Dilemma’.

AI is no longer confined to administrative tasks, as 52% of healthcare professionals now use it for diagnosis and 57% to personalise treatments. SOTI’s Stefan Spendrup said AI is improving how care is delivered and helping clinicians make more accurate, patient-specific decisions.

However, outdated systems continue to hamper progress. Nearly all UK health IT leaders report challenges from legacy infrastructure, Internet of Things (IoT) tech and telehealth tools.

While connected devices are widely used to support patients remotely, 73% rely on outdated, unintegrated systems, significantly higher than the global average of 65%.

These systems limit interoperability and heighten security risks, with 64% experiencing regular tech failures and 43% citing network vulnerabilities.

The strain on IT teams is evident. Nearly half report being unable to deploy or manage new devices efficiently, and more than half struggle to offer remote support or access detailed diagnostics. Time lost to troubleshooting remains a common frustration.

The UK appears more affected by these challenges than other countries surveyed, indicating a pressing need to modernise infrastructure instead of continuing to patch ageing technology.

While data security remains the top IT concern in UK healthcare, fewer IT teams see it as a priority, falling from 33% in 2024 to 24% in 2025. Despite a sharp increase in data breaches, the number rose from 71% to 84%.

Spendrup warned that innovation risks being undermined unless the sector rebalances priorities, with more focus on securing systems and replacing legacy tools instead of delaying necessary upgrades.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India urges preference for state telecom providers

The Department of Telecommunications (DoT) in India has introduced a policy urging all state governments and Union Territories to prioritise state-run telecom operators Bharat Sanchar Nigam Ltd (BSNL) and Mahanagar Telephone Nigam Ltd (MTNL) for their communication needs. Although not legally binding, that policy directive emphasises data security as a key reason for favouring these public sector providers.

DoT Secretary underscored the increasing competitiveness of BSNL and MTNL, noting that BSNL now manages MTNL’s operations and will set up a dedicated nodal point to cater to state governments efficiently. The move marks a significant strategic shift toward promoting state-owned telecom companies in government communications.

The policy has raised concerns among private telecom companies, who fear losing valuable government contracts to BSNL and MTNL. Private providers currently hold over 92% of the market’s revenue, and government contracts are especially important for smaller ISPs with tight margins. Diverting these contracts could significantly hurt their financial stability.

BSNL and MTNL were initially created to operate independently and compete fairly with private firms. This new policy, favouring them, risks undermining that independence and disrupting the telecom sector’s competitive balance in India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Major internet outage disrupts Google Cloud and popular platforms

A sweeping internet outage on Wednesday, 12 June 2025, caused significant disruptions to services relying on Google Cloud and Cloudflare. Popular platforms such as Spotify, Discord, Twitch, and Fubo experienced widespread downtime, with many users reporting service interruptions through Downdetector.

Despite rampant speculation online about a large-scale cyberattack, neither Google nor Cloudflare has confirmed any such link. Google Cloud reported an incident affecting users globally, stating engineers had identified the root cause and were actively working on mitigation.

While some services have begun to recover, there is no definitive timeline for full restoration. Google attributed the issue to internal authentication problems, though details remain limited.

Adding to the confusion, social media posts speculated that multiple cloud providers, including AWS and Azure, were affected. However, this was quickly challenged, and Cloudflare clarified that only a small portion of its services, which rely on Google Cloud, experienced issues—its core systems remained fully operational.

While investigations are ongoing and recovery efforts are in progress, the full extent and exact cause of the outage remain unclear. For now, users are advised to monitor official updates from service providers as the situation develops.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NSA and allies set AI data security standards

The National Security Agency (NSA), in partnership with cybersecurity agencies from the UK, Australia, New Zealand, and others, has released new guidance aimed at protecting the integrity of data used in AI systems.

The Cybersecurity Information Sheet (CSI), titled AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems, outlines emerging threats and sets out 10 recommendations for mitigating them.

The CSI builds on earlier joint guidance from 2024 and signals growing global urgency around safeguarding AI data instead of allowing systems to operate without scrutiny.

The report identifies three core risks across the AI lifecycle: tampered datasets in the supply chain, deliberately poisoned data intended to manipulate models, and data drift—where changes in data over time reduce performance or create new vulnerabilities.

These threats may erode accuracy and trust in AI systems, particularly in sensitive areas like defence, cybersecurity, and critical infrastructure, where even small failures could have far-reaching consequences.

To reduce these risks, the CSI recommends a layered approach—starting with sourcing data from reliable origins and tracking provenance using digital credentials. It advises encrypting data at every stage, verifying integrity with cryptographic tools, and storing data securely in certified systems.

Additional measures include deploying zero trust architecture, using digital signatures for dataset updates, and applying access controls based on data classification instead of relying on broad administrative trust.

The CSI also urges ongoing risk assessments using frameworks like NIST’s AI RMF, encouraging organisations to anticipate emerging challenges such as quantum threats and advanced data manipulation.

Privacy-preserving techniques, secure deletion protocols, and infrastructure controls round out the recommendations.

Rather than treating AI as a standalone tool, the guidance calls for embedding strong data governance and security throughout its lifecycle to prevent compromised systems from shaping critical outcomes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Denmark moves to replace Microsoft software as part of digital sovereignty strategy

Prior to the Danish government’s formal decision, the cities of Copenhagen and Aarhus had already announced plans to reduce reliance on Microsoft software and cloud services. The national government has now followed suit.

Caroline Stage, Denmark’s Minister of Digitalisation, confirmed that the government will begin transitioning from Microsoft Office to the open-source alternative, LibreOffice. The decision aligns with broader European Union efforts to enhance digital sovereignty—a concept referring to the ability of states to maintain control over their digital infrastructure, data, and technologies.

EU member states have increasingly prioritised digital sovereignty in response to a range of concerns, including security, economic resilience, regulatory control, and the geopolitical implications of dependency on non-European technology providers.

Among the considerations are questions about data governance, operational autonomy, and the risks associated with potential service disruptions in times of political tension. For example, reports following US sanctions against the International Criminal Court (ICC) suggest that Microsoft temporarily restricted access to email services for the ICC’s Chief Prosecutor, Karim Khan, highlighting the potential vulnerabilities linked to foreign service providers.

Denmark’s move is part of a wider trend within the EU aimed at diversifying digital service providers and strengthening domestic or European alternatives. LibreOffice is developed by The Document Foundation (TDF), an independent, non-profit organisation based in Germany.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK National Cyber Security Centre calls for strategic cybersecurity policy agenda

The United Kingdom’s National Cyber Security Centre (NCSC), part of GCHQ, has called for the adoption of a long-term, strategic policy agenda to address increasing cybersecurity risks. That appeal follows prolonged delays in the introduction of updated cybersecurity legislation by the UK government.

In a blog post, co-authored by Ollie Whitehouse, NCSC’s Chief Technology Officer, and Paul W., the Principal Technical Director, the agency underscored the need for more political engagement in shaping the country’s cybersecurity landscape. Although the NCSC does not possess policymaking powers, its latest message highlights its growing concern over the UK’s limited progress in implementing comprehensive cybersecurity reforms.

Whitehouse has previously argued that the current technology market fails to incentivise the development and maintenance of secure digital products. He asserts that while the technical community knows how to build secure systems, commercial pressures and market conditions often favour speed, cost-cutting, and short-term gains over security. That, he notes, is a structural issue that cannot be resolved through voluntary best practices alone and likely requires legislative and regulatory measures.

The UK government has yet to introduce the long-anticipated Cyber Security and Resilience Bill to Parliament. Initially described by its predecessor as a step toward modernising the country’s cyber legislation, the bill remains unpublished. Another delayed effort is a consultation led by the Home Office on ransomware response policy, which was postponed due to the snap election and is still awaiting an official government response.

The agency’s call mirrors similar debates in the United States, where former Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly advocated for holding software vendors accountable for product security. The Biden administration’s national cybersecurity strategy introduced early steps toward vendor liability, a concept that has gained traction among experts like Whitehouse.

However, the current US administration under President Trump has since rolled back some of these requirements, most notably through a recent executive order eliminating obligations for government contractors to attest to their products’ security.

By contrast, the European Union has advanced several legislative initiatives aimed at strengthening digital security, including the Cyber Resilience Act. Yet, these efforts face challenges of their own, such as reconciling economic priorities with cybersecurity requirements and adapting EU-wide standards to national legal systems.

In its blog post, the NCSC reiterated that the financial and societal burden of cybersecurity failures is currently borne by consumers, governments, insurers, and other downstream actors. The agency argues that addressing these issues requires a reassessment of underlying market dynamics—particularly those that do not reward secure development practices or long-term resilience.

While the NCSC lacks the authority to enforce regulations, its increasingly direct communications reflect a broader shift within parts of the UK’s cybersecurity community toward advocating for more comprehensive policy intervention.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake DeepSeek ads deliver ‘BrowserVenom’ malware to curious AI users

Cybercriminals are exploiting the surge in interest around local AI tools by spreading a new malware strain via Google ads.

According to antivirus firm Kaspersky, attackers use fake ads for DeepSeek’s R1 AI model to deliver ‘BrowserVenom,’ malware designed to intercept and manipulate a user’s internet traffic instead of merely infecting the device.

The attackers purchased ads appearing in Google search results for ‘deep seek r1.’ Users who clicked were redirected to a fake website—deepseek-platform[.]com—which mimicked the official DeepSeek site and offered a file named AI_Launcher_1.21.exe.

Kaspersky’s analysis of the site’s source code uncovered developer notes in Russian, suggesting the campaign is operated by Russian-speaking actors.

Once launched, the fake installer displayed a decoy installation screen for the R1 model, but silently deployed malware that altered browser configurations.

BrowserVenom rerouted web traffic through a proxy server controlled by the hackers, allowing them to decrypt browsing sessions and capture sensitive data, while evading most antivirus tools.

Kaspersky reports confirmed infections across multiple countries, including Brazil, Cuba, India, and South Africa.

The malicious domain has since been taken down. However, the incident highlights the dangers of downloading AI tools from unofficial sources. Open-source models like DeepSeek R1 require technical setup, typically involving multiple configuration steps, instead of a simple Windows installer.

As interest in running local AI grows, users should verify official domains and avoid shortcuts that could lead to malware.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Crypto conferences face rising phishing risks

Crypto events have grown rapidly worldwide in recent years. Unfortunately, this expansion has led to an increase in scams targeting attendees, according to Kraken’s chief security officer, Nick Percoco.

Recent conferences have seen lax personal security, with exposed devices and careless sharing of sensitive information. These lapses make it easier for criminals to launch phishing campaigns and impersonation attacks.

Phishing remains the top threat at these events, exploiting typical conference activities such as QR code scanning and networking. Attackers distribute malicious links disguised as legitimate follow-ups, allowing them to gain access to wallets and sensitive data with minimal technical skill.

Use of public Wi-Fi, unverified QR codes, and openly discussing high-value trades in public areas further increase risks. Attendees are urged to use burner wallets and verify every QR code carefully.

The dangers have become very real, highlighted by violent crimes in France, where prominent crypto professionals were targeted in kidnappings and ransom demands. These incidents show that risks are no longer confined to the digital world.

Basic security mistakes such as leaving devices unlocked or oversharing personal information can have severe consequences. Experts call for a stronger security culture at events and beyond, including multi-factor authentication, cautious password management, and heightened situational awareness.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hackers target recruiters with fake CVs and malware

A financially driven hacking group known as FIN6 has reversed the usual job scam model by targeting recruiters instead of job seekers. Using realistic LinkedIn and Indeed profiles, the attackers pose as candidates and send malware-laced CVs hosted on reputable cloud platforms.

to type in resume URLs, bypassing email security tools manually. These URLs lead to fake portfolio sites hosted on Amazon Web Services that selectively deliver malware to users who pass as humans.

Victims receive a zip file containing a disguised shortcut that installs the more_eggs malware, which is capable of credential theft and remote access.

However, this JavaScript-based tool, linked to another group known as Venom Spider, uses legitimate Windows utilities to evade detection.

The campaign includes stealthy techniques such as traffic filtering, living-off-the-land binaries, and persistent registry modifications. Domains used include those mimicking real names, allowing attackers to gain trust while launching a powerful phishing operation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cisco to reinvent network security for the AI era

Cisco has introduced a major evolution in security policy management, aiming to help enterprises scale securely without increasing complexity. At the centre of this transformation is Cisco’s Security Cloud Control, a unified policy framework designed to simplify and centralise the enforcement of security policies across a wide range of environments and technologies.

With the introduction of the Mesh Policy Engine, organisations can now define a single, intent-based policy that applies seamlessly across Cisco and third-party firewalls. Cisco is also upgrading its network security infrastructure to support AI-ready environments.

The new Hybrid Mesh Firewall includes the high-performance 6100 Series for data centres and the cost-efficient 200 Series for branch deployments, offering advanced threat inspection and integrated SD-WAN. Enforcement is extended across SD-WAN, smart switches, and ACI fabric, ensuring consistent protection.

Additionally, Cisco has deepened its integration with Splunk to enhance threat detection, investigation, and response (TDIR). Firewall log data feeds into Splunk for advanced analytics, while new SOAR integrations automate key responses like host isolation and policy enforcement.

Combined with telemetry from Cisco’s broader ecosystem, these tools provide faster, more informed threat management. Together, these advancements position Cisco as a leader in AI-era cybersecurity, offering a unified and intelligent platform that reduces complexity, improves detection and response, and secures emerging technologies like agentic AI. By embedding policy-driven security into the core of enterprise networks, Cisco is enabling organisations to innovate with AI safely and securely.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!