Cybersecurity

Global cyber stability conference set for May 2026 in Geneva

The Cyber Stability Conference 2026 will take place on 4–5 May at the Centre International de Conférences Genève in Geneva, bringing together global stakeholders to discuss the future of ICT security and cyber governance.

Organised by the United Nations Institute for Disarmament Research, the event will run in a hybrid format during Geneva Cyber Week.

The conference comes amid growing international efforts to strengthen frameworks for responsible state behaviour in cyberspace and improve coordination on digital security challenges. It is positioned within a broader push to adapt governance systems to rapid technological change.

Discussions will focus on how cyber governance can respond to emerging technologies such as AI and quantum computing. Emphasis will be placed on aligning regulatory and security approaches with technological development to reinforce international stability.

Participants from government, academia, industry, and civil society will review past lessons, assess current risks, and explore future pathways for global ICT security governance.

Cyber stability is becoming a core pillar of global security as digital infrastructure underpins economies, governance systems, and critical services. Stronger coordination on cyber governance is essential to reducing systemic risks and ensuring technological progress does not outpace security frameworks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Malwarebytes highlights Microsoft findings on WhatsApp attachments used in Windows attacks

Malwarebytes has reported on findings from Microsoft researchers about a campaign that uses WhatsApp attachments to trick Windows users into launching a malicious script that grants attackers remote access to the machine.

According to the Malwarebytes report, Microsoft researchers said the attack does not rely on a software flaw in WhatsApp itself. Instead, it depends on social engineering. Victims receive what appears to be a harmless attachment through WhatsApp, but the file is actually a .vbs script that Windows can execute.

Once opened, the script copies built-in Windows tools into a hidden folder and renames them to appear less suspicious. Microsoft’s analysis, as cited by Malwarebytes, says legitimate system tools are then abused to download additional malware, using a living-off-the-land approach that avoids introducing obvious malicious binaries.

The infection chain is also designed to blend in with normal activity. Further scripts are fetched from mainstream cloud providers, making network traffic appear to be accessing services such as AWS, Tencent Cloud, or Backblaze rather than a clearly suspicious server.

Attempts to gain administrator privileges are part of the process as well. The malware reportedly attempts to alter User Account Control behaviour and registry settings to make system-level changes more quietly and remain active after a reboot.

At the final stage, an unsigned MSI installer deploys remote-access software and other payloads, allowing the attacker to maintain access to the compromised device and its data.

Malwarebytes also highlighted practical safety steps for home users and small businesses, including avoiding unsolicited attachments, enabling file extensions in Windows Explorer so misleading filenames are easier to spot, using up-to-date anti-malware tools, downloading software only from official vendor sites, and treating unexpected UAC prompts or sudden system changes as warning signs. Keeping Windows and other applications updated also remains important.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattack on Hasbro exposes vulnerabilities in large enterprise systems

Hasbro has confirmed a cyberattack that disrupted internal systems and may take several weeks to resolve. The company detected unauthorised access on 28 March and responded by shutting down parts of its infrastructure to contain the incident.

Operations continue under contingency measures, allowing order processing and product distribution despite system disruptions.

However, ongoing security efforts suggest the threat may not yet be fully contained, while external cybersecurity specialists have been engaged to support the investigation.

The company has not disclosed the nature of the attack, and it remains unclear whether data has been exfiltrated. Public statements indicate that the full scope and impact of the breach are still under assessment, with uncertainty over potential financial or operational consequences.

The incident reflects a broader trend of cyberattacks targeting large corporations to disrupt operations and extract value.

Previous cases, including disruptions at Jaguar Land Rover, highlight the potential for prolonged economic impact and the increasing importance of resilience in corporate cybersecurity strategies.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EIB highlights AI as key driver of Croatia’s economic growth

The European Investment Bank and the Croatian National Bank have emphasised the strategic importance of AI in strengthening Croatia’s economic competitiveness. Discussions at a joint conference focused on accelerating AI adoption through coordinated investment, policy development and skills enhancement.

Despite strong investment activity among firms in Croatia, the uptake of advanced technologies remains limited. Only a small share of companies systematically use generative AI, with applications largely confined to internal processes, highlighting significant untapped potential for productivity gains.

Participants identified key structural barriers, including limited access to finance, shortages of skilled workers and regulatory uncertainty.

Addressing these challenges requires a combined approach that mobilises private capital, improves access to funding for smaller firms and supports the development of a more robust innovation ecosystem.

The EIB continues to play a central role in Europe’s digital transformation, with major funding initiatives aimed at scaling AI technologies and strengthening strategic infrastructure.

By aligning financial instruments with policy priorities, the initiative seeks to enhance long-term growth, resilience and integration into global value chains.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EPO accelerates digital patent shift with paperless system by 2027

The European Patent Office (EPO) is accelerating its transition towards a fully digital patent system, with plans to implement a paperless patent-granting process by 2027.

Discussions at the latest eSACEPO meeting highlighted steady progress and broad stakeholder support for modernising patent workflows.

Electronic filing and communication are set to become the default, with paper-based processes limited to exceptional cases. The shift aims to improve efficiency and accessibility, supported by legal adjustments and the gradual introduction of structured data formats to enhance processing accuracy.

Digital tools continue to evolve, with the MyEPO platform expanding its functionality through interface upgrades, self-service features and new capabilities such as colour drawing submissions.

The rollout of DOCX filing, alongside optional PDF backups, reflects a cautious approach designed to balance innovation with reliability.

AI is increasingly integrated into patent examination processes, supporting tasks such as search and documentation.

However, the EPO maintains a human-centric model, ensuring that decision-making authority remains with patent examiners while AI enhances productivity and consistency.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UN Global Mechanism on ICT security discusses procedures, debates co-facilitator appointments

The United Nations Global Mechanism on developments in the field of ICTs in the context of international security and advancing responsible state behaviour in the use of ICTs held its third organisational meeting, focusing on operational arrangements for the newly established permanent forum.

The session, chaired by Ambassador Egriselda López of El Salvador, addressed decision-making procedures, meeting schedules for 2026, and the structure of two dedicated thematic groups (DTGs), which will complement plenary sessions.

Delegations discussed the mechanism’s working methods, with López noting that decisions would be taken by consensus in line with UN General Assembly rules of procedure.

A central point of discussion was the appointment of co-facilitators for the two DTGs, one focusing on ICT security challenges and the other on capacity development. López indicated that she intended to appoint co-facilitators, taking into account geographic balance.

Several delegations, including the Russian Federation, the Islamic Republic of Iran, China, and Belarus, said that such appointments should be agreed upon by consensus among member states. Other delegations, including the European Union, the United States, and Australia, expressed support for the Chair’s approach and emphasised the need to proceed with preparations for substantive work.

Delegations also addressed stakeholder participation, noting that non-governmental organisations, the private sector, and academia would contribute in a consultative manner, while decision-making would remain intergovernmental.

The provisional agenda for future substantive plenary sessions was discussed, with some delegations, including Iran and the Russian Federation, requesting adjustments to ensure alignment with the agreed mandate. Other delegations supported the structure proposed by the Chair, which is organised around the five pillars of the framework for responsible state behaviour in cyberspace.

The meeting concluded without agreement on the provisional agenda or the appointment of co-facilitators. The Chair said she would conduct informal consultations with member states to address outstanding issues ahead of the first substantive plenary session scheduled for July 2026.

The Global Mechanism is mandated to advance discussions on threats, norms and principles, the application of international law, confidence-building measures, and capacity development, as part of its role as a permanent UN forum on ICT security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

France moves toward social media restrictions for children under 15

Legislative efforts in France signal a shift toward stricter governance of youth access to digital platforms, with policymakers preparing to debate a ban on social media use for children under 15.

A proposal that forms part of a broader strategy to address concerns over online harms and excessive screen exposure among adolescents.

The draft law in France extends beyond access restrictions, proposing a digital curfew for older teenagers and expanding existing school phone bans to include high schools.

These measures reflect increasing reliance on regulatory intervention instead of voluntary platform safeguards, as evidence links prolonged digital engagement with risks such as cyberbullying, disrupted sleep patterns and exposure to harmful content.

Political backing for the initiative has emerged from figures aligned with Emmanuel Macron, reinforcing the government’s position that stronger oversight of digital environments is necessary. The proposal also mirrors developments in Australia, where similar restrictions have already entered into force.

A debate that is further influenced by legal actions targeting major platforms, including TikTok and Meta, amid allegations that algorithmic systems contribute to harmful user experiences.

The outcome of the parliamentary discussions in France is expected to shape future approaches to child safety, platform accountability and digital rights governance across Europe.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

California challenges federal approach with new AI rules

The government of California is advancing a more interventionist approach to AI governance, signalling a divergence from federal deregulatory preferences.

An executive order signed by Gavin Newsom mandates the development of comprehensive AI policies within 4 months, prioritising public safety and protecting fundamental rights.

The proposed framework requires companies seeking state contracts to demonstrate safeguards against harmful outputs, including the prevention of child exploitation material and violent content.

It also calls for measures addressing algorithmic bias and unlawful discrimination, alongside increased transparency through mechanisms such as watermarking AI-generated media.

Federal guidance has discouraged state-level intervention, framing such efforts as obstacles to technological leadership.

The evolving policy landscape reflects growing concern over the societal impact of AI systems, including risks to employment, content integrity and civil liberties.

An initiative by California that may therefore serve as a testing ground for future regulatory models, shaping broader debates on balancing innovation with accountability in digital governance.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Healthcare data breach raises concerns over cloud security

A cybersecurity incident involving CareCloud has exposed vulnerabilities in the protection of sensitive medical information, following unauthorised access to patient records stored within its systems.

A breach was detected on 16 March, allowing attackers to access electronic health records for several hours, which raised concerns about potential data exposure.

The company has stated that the intrusion was contained on the same day, with systems restored and an external investigation launched.

However, uncertainty remains about whether any data were extracted and the scale of the potential impact, particularly given the company’s role in supporting tens of thousands of healthcare providers and millions of patients.

Such an incident reflects broader structural risks within digital healthcare infrastructures, where centralised storage of highly sensitive data increases the potential impact of cyberattacks.

Cloud environments, including services provided by Amazon Web Services, are increasingly integral to such systems, amplifying both efficiency and exposure.

The breach follows a pattern of escalating cyber threats targeting healthcare data, driven by its high value in criminal markets.

As investigations continue, the case underscores the need for stronger data protection measures, enhanced monitoring systems and more robust regulatory oversight to safeguard patient information.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Australia reviews compliance with under-16 social media age ban

Australia’s eSafety Commissioner has released an update on rules requiring platforms to prevent users under 16 from holding accounts. Early results show significant action by companies, but also ongoing challenges in fully enforcing the restrictions.

By mid-December 2025, around 4.7 million accounts were removed or restricted, with more than 300,000 additional accounts blocked by March 2026. Despite these reductions, many children continue to retain accounts, create new ones, or pass age assurance checks.

Regulators identified several compliance concerns, including platforms that allow repeated attempts at age verification and encourage some users to update their ages. Reporting systems for underage accounts were often difficult to access, particularly for parents.

Investigations into five major platforms are ongoing to determine whether they have taken reasonable steps to meet their legal obligations. Authorities are assessing systems and processes rather than individual accounts, with enforcement decisions expected by mid-2026.

A new legislative rule introduced in March 2026 targets platform features linked to potential harm, such as recommender systems and continuous content feeds. Regulators will continue working with industry while gathering evidence and maintaining transparency during the enforcement process.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

Diplo chatbot can make mistakes. Consider checking important information.