Cybersecurity

Weak cyber hygiene in smart devices risks national infrastructure

The UK’s designation of data centres as Critical National Infrastructure highlights their growing strategic importance, yet a pressing concern remains over vulnerabilities in their OT and IoT systems. While IT security often receives significant investment, the same cannot be said for other technologies.

Attackers increasingly target these overlooked systems, gaining access through insecure devices such as IP cameras and biometric scanners. Many of these operate on outdated firmware and lack even basic protections, making them ideal footholds for malicious actors.

There have already been known breaches, with OT systems used in botnet activity and crypto mining, often without detection. These attacks not only compromise security in the UK but can destabilise infrastructure by overloading resources or bypassing safeguards.

Addressing these threats requires full visibility across all connected systems, with real-time monitoring, wireless traffic analysis, and network segmentation. Experts urge data centre operators to act now, not in response to a breach, but to prevent one entirely.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI’s transformation of work habits, mindset and lifestyle

At Mindvalley’s AI Summit, former Google Chief Decision Scientist Cassie Kozyrkov described AI as not a substitute for human thought but a magnifier of what the human mind can produce. Rather than replacing us, AI lets us offload mundane tasks and focus on deeper cognitive and creative work.

Work structures are being transformed, not just in factories, but behind computer screens. AI now handles administrative ‘work about work,’ multitasking, scheduling, and research summarisation, lowering friction in knowledge work and enabling people to supervise agents rather than execute tasks manually.

Personal life is being reshaped, too. AI tools for finance or health, such as budgeting apps or personalised diagnostics, move decisions into data-augmented systems with faster insight and fewer human biases.

Meanwhile, creativity is co-authored via AI-generated design, music or writing, requiring humans to filter, refine and ideate beyond the algorithm.

Recognising cognitive change, AI thought leaders envision a new era where ‘blended work’ prevails: humans manage AI agents, call the shots, and wield ethical oversight, while the AI executes pipelines of repetitive or semi-intelligent tasks.

Scholars warn that this model demands new fairness, transparency, and collaboration skills.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers infiltrate Southeast Asian telecom networks

A cyber group breached telecoms across Southeast Asia, deploying advanced tracking tools instead of stealing data. Palo Alto Networks’ Unit 42 assesses the activity as ‘associated with a nation-state nexus’.

A hacking group gained covert access to telecom networks across Southeast Asia, most likely to track users’ locations, according to cybersecurity analysts at Palo Alto Networks’ Unit 42.

The campaign lasted from February to November 2024.

Instead of stealing data or directly communicating with mobile devices, the hackers deployed custom tools such as CordScan, designed to intercept mobile network protocols like SGSN. These methods suggest the attackers focused on tracking rather than data theft.

Unite42 assessed the activity ‘with high confidence’ as ‘associated with a nation state nexus’. The Unit notes that ‘this cluster heavily overlaps with activity attributed to Liminal Panda, a nation state adversary tracked by CrowdStrike’; according to CrowdStrike, Liminal Panda is considered to be a ‘likely China-nexus adversary’. It further states that ‘while this cluster significantly overlaps with Liminal Panda, we have also observed overlaps in attacker tooling with other reported groups and activity clusters, including Light Basin, UNC3886, UNC2891 and UNC1945.’

The attackers initially gained access by brute-forcing SSH credentials using login details specific to telecom equipment.

Once inside, they installed new malware, including a backdoor named NoDepDNS, which tunnels malicious data through port 53 — typically used for DNS traffic — in order to avoid detection.

To maintain stealth, the group disguised malware, altered file timestamps, disabled system security features and wiped authentication logs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

The US considers chip tracking to prevent smuggling to China

The US is exploring how to build better location-tracking into advanced chips, as part of an effort to prevent American semiconductors from ending up in China.

Michael Kratsios, a senior official behind Donald Trump’s AI strategy, confirmed that software or physical updates to chips are being considered to support traceability.

Instead of relying on external enforcement, Washington aims to work directly with the tech industry to improve monitoring of chip movements. The strategy forms part of a broader national plan to counter smuggling and maintain US dominance in cutting-edge technologies.

Beijing recently summoned Nvidia representatives to address concerns over American proposals linked to tracking features and perceived security risks in the company’s H20 chips.

Although US officials have not directly talked with Nvidia or AMD on the matter, Kratsios clarified that chip tracking is now a formal objective.

The move comes even as Trump’s team signals readiness to lift certain export restrictions to China in return for trade benefits, such as rare-earth magnet sales to the US.

Kratsios criticised China’s push to lead global AI regulation, saying countries should define their paths instead of following a centralised model. He argued that the US innovation-first approach offers a more attractive alternative.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI tools like Grok 4 may make developers obsolete, Musk suggests

Elon Musk has predicted a major shift in software development, claiming that AI is turning coding from a job into a recreational activity. The xAI CEO believes AI has removed much of the ‘drudgery’ from writing software.

Replying to OpenAI President Greg Brockman, Musk compared the future of coding to painting. He suggested that software creation will be more creative and expressive, no longer requiring professional expertise for functional outcomes.

Musk, a co-founder of OpenAI, left the organisation after a public dispute with the current CEO, Sam Altman. He later launched xAI, which now operates the Grok chatbot as a rival to ChatGPT, Gemini and Claude.

Generative AI firms are accelerating efforts in automated coding. OpenAI recently launched Codex to create a cloud-based software engineering agent, while Microsoft released GitHub Spark AI to generate apps from natural language.

xAI’s latest offering, Grok 4, supports over 20 programming languages and integrates with code editors. It enables developers to write, debug, and understand code using commands.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers use steganography to evade Windows defences

North Korea-linked hacking group APT37 is using malicious JPEG image files to deploy advanced malware on Windows systems, according to Genians Security Centre. The new campaign showcases a more evasive version of RoKRAT malware, which hides payloads in image files through steganography.

These attacks rely on large Windows shortcut files embedded in email attachments or cloud storage links, enticing users with decoy documents while executing hidden code. Once activated, the malware launches scripts to decrypt shellcode and inject it into trusted apps like MS Paint and Notepad.

This fileless strategy makes detection difficult, avoiding traditional antivirus tools by leaving minimal traces. The malware also exfiltrates data through legitimate cloud services, complicating efforts to trace and block the threat.

Researchers stress the urgency for organisations to adopt cybersecurity measures, behavioural monitoring, robust end point management, and ongoing user education. Defenders must prioritise proactive strategies to protect critical systems as threat actors evolve.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Eswatini advances digital vision with new laws, 5G and skills training

Eswatini is moving forward with a national digital transformation plan focused on infrastructure, legislation and skills development.

The country’s Minister of ICT, Savannah Maziya, outlined key milestones during the 2025 Eswatini Economic Update, co-hosted with the World Bank.

In her remarks, Maziya said that digital technology plays a central role in job creation, governance and economic development. She introduced several regulatory frameworks, including a Cybersecurity Bill, a Critical Infrastructure Bill and an E-Commerce Strategy.

Additional legislation is planned for emerging technologies such as AI, robotics and satellite systems.

Infrastructure improvements include the nationwide expansion of fibre optic networks and a rise in international connectivity capacity from 47 Gbps to 72 Gbps.

Mbabane, the capital, is being developed as a Smart City with 5G coverage, AI-enabled surveillance and public Wi-Fi access.

The Ministry of ICT has launched more than 11 digital public services and plans to add 90 more in the next three years.

A nationwide coding initiative will offer digital skills training to over 300,000 citizens, supporting wider efforts to increase access and participation in the digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI breaches push data leak costs to new heights despite global decline

IBM’s 2025 Cost of a Data Breach Report revealed a sharp gap between rapid AI adoption and the oversight needed to secure it.

Although the global average data breach cost fell slightly to $4.44 million, security incidents involving AI systems remain more severe and disruptive.

Around 13% of organisations reported breaches involving AI models or applications, while 8% were unsure whether they had been compromised.

Alarmingly, nearly all AI-related breaches occurred without access controls, leading to data leaks in 60% of cases and operational disruption in almost one-third. Shadow AI (unsanctioned or unmanaged systems) played a central role, with one in five breaches traced back to it.

Organisations without AI governance policies or detection systems faced significantly higher costs, especially when personally identifiable information or intellectual property was exposed.

Attackers increasingly used AI tools such as deepfakes and phishing, with 16% of studied breaches involving AI-assisted threats.

Healthcare remained the costliest sector, with an average breach price of $7.42 million and the most extended recovery timeline of 279 days.

Despite the risks, fewer organisations plan to invest in post-breach security. Only 49% intend to strengthen defences, down from 63% last year.

Even fewer will prioritise AI-driven security tools. With many organisations also passing costs on to consumers, recovery now often includes long-term financial and reputational fallout, not just restoring systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

VPN use surges in UK as age checks go live

The way UK internet users access adult content has undergone a significant change, with new age-verification rules now in force. Under Ofcom’s directive, anyone attempting to visit adult websites must now prove they are over 18, typically by providing credit card or personal ID details.

The move aims to prevent children from encountering harmful content online, but it has raised serious privacy and cybersecurity concerns.

Experts have warned that entering personal and financial information could expose users to cyber threats. Jake Moore from cybersecurity firm ESET pointed out that the lack of clear implementation standards leaves users vulnerable to data misuse and fraud.

There’s growing unease that ID verification systems might inadvertently offer a goldmine to scammers.
In response, many have started using VPNs to bypass the restrictions, with providers reporting a surge in UK downloads.

VPNs mask user locations, allowing access to blocked content, but free versions often lack the security features of paid services. As demand rises, cybersecurity specialists are urging users to be cautious.

Free VPNs can compromise user data through weak encryption or selling browsing histories to advertisers. Mozilla and EC-Council have stressed the importance of avoiding no-cost VPNs unless users know the risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nvidia refutes chip backdoor allegations as China launches probe

Nvidia has firmly denied claims that its AI chips contain backdoors allowing remote control or tracking, following questioning by China’s top cybersecurity agency.

The investigation, which focuses on the H20 chip explicitly designed for the Chinese market, comes as Beijing intensifies scrutiny over foreign tech used in sensitive systems.

The H20 was initially blocked from export in April under US restrictions, but is now expected to return to Chinese shelves.

China’s Cyberspace Administration (CAC) summoned Nvidia officials to explain whether the chip enables unauthorised access or surveillance. The agency cited demands from US lawmakers for mandatory tracking features in advanced AI hardware as grounds for its concern.

In a statement, Nvidia insisted it does not include remote access capabilities in its products, reaffirming its commitment to cybersecurity.

Meanwhile, China’s state-backed People’s Daily questioned the company’s trustworthiness, stating that ‘network security is as vital as national territory’ and warning against reliance on what it described as ‘sick chips’.

The situation highlights Nvidia’s delicate position as it attempts to maintain dominance in China’s AI chip market while complying with mounting US export rules.

Tensions have escalated since similar actions were taken against other US firms, including a 2022 ban on Micron’s chips and recent antitrust scrutiny over Nvidia’s Mellanox acquisition.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!