Cybersecurity

OpenAI and India plan AI infrastructure push

OpenAI is in discussions with the Indian government to collaborate on data centre infrastructure as part of its new global initiative, ‘OpenAI for Countries’.

The programme aims to help partner nations expand AI capabilities through joint investment and strategic coordination with the US. India could become one of the ten initial countries in the effort, although specific terms remain under wraps.

During a visit to Delhi, OpenAI’s chief strategy officer Jason Kwon emphasised India’s potential, citing the government’s clear focus on infrastructure and AI talent.

Similar to the UAE’s recently announced Stargate project in Abu Dhabi, India may host large-scale AI computing infrastructure while also investing in the US under the same framework.

To nurture AI skills, OpenAI and the Ministry of Electronics and IT’s IndiaAI Mission launched the ‘OpenAI Academy’. It marks OpenAI’s first international rollout of its educational platform.

The partnership will provide free access to AI tools, developer training, and events, with content in English, Hindi, and four additional regional languages. It will also support government officials and startups through dedicated learning platforms.

The collaboration includes hackathons, workshops in six cities, and up to $100,000 in API credits for selected IndiaAI fellows and startups. The aim is to accelerate innovation and help Indian developers and researchers scale AI solutions more efficiently, according to IT Minister Ashwini Vaishnaw.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Gmail accounts at risk as attacks rise

Google has urged Gmail users to upgrade their account security after revealing that over 60% have been targeted by cyberattacks. Despite the increasing threat, most people still rely on outdated protections like passwords and SMS-based two-factor authentication.

Google is now pushing users to adopt passkeys and social sign-ins to improve their defences. Passkeys offer phishing-resistant access and use biometric methods such as fingerprint or facial recognition tied to a user’s device, removing the need for traditional passwords.

While digitally savvy Gen Z users are more likely to adopt these new methods, but many still reuse passwords, leaving their accounts exposed to breaches and scams. Google emphasised that passwords are both insecure and inconvenient and called on users to switch to tools that offer stronger protection.

Microsoft, meanwhile, has gone even further by encouraging users to eliminate passwords entirely. Google’s long-term goal is to simplify sign-ins while increasing security across its platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Europe gets new cybersecurity support from Microsoft

Microsoft has launched a free cybersecurity initiative for European governments aimed at countering increasingly sophisticated cyber threats powered by AI. Company President Brad Smith said Europe would benefit from tools already developed and deployed in the US.

The programme is designed to identify and disrupt AI-driven threats, including deepfakes and disinformation campaigns, which have previously been used to target elections and undermine public trust.

Smith acknowledged that AI is a double-edged sword, with malicious actors exploiting it for attacks, while defenders increasingly use it to stay ahead. Microsoft continues to monitor how its AI products are used, blocking known cybercriminals and working to ensure AI serves as a stronger shield than weapon.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK NCSC releases principles for strengthening organisational cybersecurity culture

The UK’s National Cyber Security Centre (NCSC) has published a framework of six principles aimed at supporting organisations in developing a strong internal cybersecurity culture. The principles are based on research conducted with government and industry stakeholders and are intended to guide organisations in embedding cyber-resilient behaviours among their personnel.

The principles are outlined as follows:

  1. Frame cyber security as an enabler that supports the organisation’s core objectives.
  2. Encourage openness by building trust, safety, and processes that support transparency around security issues.
  3. Adapt to change to address new threats and take advantage of opportunities to improve resilience.
  4. Acknowledge the role of social norms in shaping secure behaviours within the organisation.
  5. Recognise leadership responsibility in influencing cyber security culture.
  6. Maintain accessible and clear security rules and guidance to support user understanding and compliance.

Each principle is accompanied by practical examples illustrating effective and ineffective application.

Ice, Nature, Outdoors, Iceberg, Dynamite, Weapon
UK NCSC releases principles for strengthening organisational cybersecurity culture 6

The NCSC notes that building a cybersecurity culture requires ongoing and coordinated efforts across multiple organisational roles, including cybersecurity professionals, cultural specialists, and leadership. The centre highlights that the ability of staff to support security objectives is influenced by the overall organisational environment and approach to cyber risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

WhatsApp to add usernames for better privacy

WhatsApp is preparing to introduce usernames, allowing users to hide their phone numbers and opt for a unique ID instead. Meta’s push reflects growing demand for more secure and anonymous communication online.

Currently in development and not yet available for testing, the new feature will let users create usernames with letters, numbers, periods, and underscores, while blocking misleading formats like web addresses.

The move aims to improve privacy by letting users connect without revealing personal contact details. A system message will alert contacts whenever a username is updated, adding transparency to the process.

Although still in beta, the feature is expected to roll out soon, bringing WhatsApp in line with other major messaging platforms that already support username-based identities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China accuses Taiwan of cyber attacks and offers a bounty

Authorities in Guangzhou have placed a secret bounty on more than 20 individuals suspected of launching cyber attacks on Chinese targets, according to state news agency Xinhua.

One named suspect, Ning Enwei, is reportedly linked to Taiwan’s government. While the size of the reward remains undisclosed, officials claim the accused hackers targeted sectors including defence, aerospace, energy, and science—alongside agencies in Hong Kong and Macau.

Xinhua stated that Taiwan’s ‘information, communication and digital army’ has coordinated with US forces to carry out cyber and cognitive warfare against China.

These accusations form part of a broader Chinese narrative suggesting Taiwan is seeking independence through foreign alliances, particularly with US intelligence agencies. State media also claimed the US has trained Taiwanese personnel and helped orchestrate cyber attacks on the mainland.

In response, a senior Taiwanese security official, speaking anonymously, dismissed the claims as fabricated. The official argued that Beijing is attempting to deflect criticism following allegations of Chinese cyber activities in Europe, especially in the Czech Republic.

‘It is typical of the Chinese Communist Party’s efforts to change the narrative,’ the official said, branding Beijing an international cyber threat instead of a victim.

Taiwan’s government has yet to issue an official statement.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Morocco detains suspect in France’s crypto abduction cases

Moroccan police arrested 24-year-old dual French-Moroccan Bajjou Badiss Mohamed AmiDe, wanted for kidnappings of cryptocurrency holders in France. An Interpol red notice issued by French authorities led to his identification and arrest.

Charges include organised crime, kidnapping, and extortion. Due to his dual nationality, he will face trial in Morocco, with French prosecutors sharing the case files.

The arrest follows a recent surge in violent attacks on crypto entrepreneurs in France. Interior Minister Bruno Retailleau has introduced emergency security measures, including private consultations and home risk assessments for those at risk.

France has seen 14 of the world’s 50 known attacks on crypto figures over the past year, according to Ledger co-founder Éric Larchevêque.

High-profile incidents include the attempted abduction of Paymium CEO Pierre Noizat’s daughter and the arrest of seven suspects linked to a victim found with a severed finger. Officials stress the urgency of judicial action to prevent further violence.

French authorities have thanked Morocco for its cooperation, while proceedings against Bajjou will continue under Moroccan jurisdiction.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Czech justice minister resigns over Bitcoin scandal

The Czech government faces a no-confidence vote after Justice Minister Pavel Blazek resigned amid controversy over a Bitcoin donation. The digital contribution, worth millions, came from Tomas Jirikovsky, a convicted drug trafficker linked to Sheep Marketplace.

The donation, made in March, was sold for over $45 million at a public auction, sparking political backlash.

Blazek denied any wrongdoing in accepting the donation but stepped down amid growing pressure. Opposition party ANO criticised the government’s handling of the affair, calling for immediate resignation.

The scandal adds to mounting concerns as the October elections approach, with polls showing the ruling coalition trailing behind ANO.

Jirikovsky was convicted in 2017 and released in 2021, after which he sought to reclaim seized Bitcoin. Investigations revealed a dark web trail tied to the donation, but no formal links to other marketplaces were confirmed.

Political analysts suggest Prime Minister Petr Fiala could also face scrutiny due to his close association with Blazek.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Salt Typhoon and Silk Typhoon reveal weaknesses

Recent revelations about Salt Typhoon and Silk Typhoon have exposed severe weaknesses in how organisations secure their networks.

These state-affiliated hacking groups have demonstrated that modern cyber threats come from well-resourced and coordinated actors instead of isolated individuals.

Salt Typhoon, responsible for one of the largest cyber intrusions into US infrastructure, exploited cloud network vulnerabilities targeting telecom giants like AT&T and Verizon, forcing companies to reassess their reliance on traditional private circuits.

Many firms continue to believe private circuits offer better protection simply because they are off the public internet. Some even add MACsec encryption for extra defence. However, MACsec’s ‘hop-by-hop’ design introduces new risks—data is repeatedly decrypted and re-encrypted at each routing point.

Every one of these hops becomes a possible target for attackers, who can intercept, manipulate, or exfiltrate data without detection, especially when third-party infrastructure is involved.

Beyond its security limitations, MACsec presents high operational complexity and cost, making it unsuitable for today’s cloud-first environments. In contrast, solutions like Internet Protocol Security (IPSec) offer simpler, end-to-end encryption.

Although not perfect in cloud settings, IPSec can be enhanced through parallel connections or expert guidance. The Cybersecurity and Infrastructure Security Agency (CISA) urges organisations to prioritise complete encryption of all data in transit, regardless of the underlying network.

Silk Typhoon has further amplified concerns by exploiting privileged credentials and cloud APIs to infiltrate both on-premise and cloud systems. These actors use covert networks to maintain long-term access while remaining hidden.

As threats evolve, companies must adopt Zero Trust principles, strengthen identity controls, and closely monitor their cloud environments instead of relying on outdated security models.

Collaborating with cloud security experts can help shut down exposure risks and protect sensitive data from sophisticated and persistent threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

HMRC got targeted in a £47 million UK fraud

A phishing scheme run by organised crime groups cost the UK government £47 million, according to officials from His Majesty’s Revenue and Customs.

Criminals posed as taxpayers to claim payments using fake or hijacked credentials. Rather than a cyberattack, the operation relied on impersonation and did not involve the theft of taxpayer data.

Angela MacDonald, HMRC’s deputy chief executive, confirmed to Parliament’s Treasury Committee that the fraud took place in 2024. The stolen funds were taken through three separate payments, though HMRC managed to block an additional £1.9 million attempt.

Officials began a cross-border criminal investigation soon after discovering the scam, which has led to arrests.

Around 100,000 PAYE accounts — typically used by employers for employee tax and national insurance payments — were either created fraudulently or accessed illegally.

Banks were also targeted through the use of HMRC-linked identity information. Customers first flagged the issue when they noticed unusual activity.

HMRC has shut down the fake accounts and removed false data as part of its response. John-Paul Marks, HMRC’s chief executive, assured the committee that the incident is now under control and contained. ‘That is a lot of money and unacceptable,’ MacDonald told MPs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!