Cybersecurity

WhatsApp seeks contempt order against NSO over spyware targeting

WhatsApp has asked a US court to hold NSO Group in contempt, alleging that the spyware company violated a permanent injunction barring it from targeting WhatsApp and its users.

The company said it disrupted spear-phishing attempts linked to NSO after investigating user reports. According to WhatsApp, the activity involved malicious links that sought to redirect users to external websites outside the messaging platform.

WhatsApp also said it identified and removed test accounts and groups created on its service as part of the suspected NSO-linked activity. The company is sharing threat indicators to help users and researchers check whether targeting attempts may have occurred across WhatsApp, text messages, email, or other channels.

The latest filing follows WhatsApp’s earlier legal victory against NSO. The company said a court found that NSO violated federal and state anti-hacking laws and issued a permanent injunction barring NSO from targeting WhatsApp and its users.

WhatsApp described commercial spyware as a national security threat, arguing that surveillance-for-hire firms target not only messaging services but also browsers, operating systems, and other applications.
The company said the targets reported for such tools include journalists, government officials, military personnel, and humanitarian organisations. It also warned against easing US restrictions on NSO, which remains on the US government’s Entity List.

WhatsApp said it is contributing to the Spyware Accountability Initiative, which supports organisations working on forensic research, user support, and advocacy against spyware.

Why does it matter?

The case shows how legal orders against spyware companies may still require active technical monitoring and enforcement. WhatsApp’s contempt request also keeps pressure on the commercial spyware industry, where surveillance tools can move across platforms, devices, browsers, and operating systems. The story matters for encrypted communications because it shows that protecting users depends not only on encryption, but also on legal accountability, threat intelligence, vulnerability research, and support for civil society targets.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Commission welcomes the new G7 cybersecurity declaration

The European Commission has welcomed a new G7 Cybersecurity Working Group Declaration aimed at strengthening international cooperation in response to growing cyber threats.

Adopted under France’s G7 Presidency, the declaration calls for coordinated action to address cybersecurity challenges associated with quantum computing, AI, telecommunications infrastructure, and the protection of small and medium-sized enterprises (SMEs).

One of the declaration’s central priorities is accelerating the transition to post-quantum cryptography. As quantum computing capabilities continue to advance, governments and industry are being urged to accelerate preparations for new encryption standards capable of resisting future quantum attacks. The declaration describes migration to quantum-resistant encryption as an urgent cybersecurity priority that organisations should begin addressing now.

AI is another major focus of the declaration. The G7 declaration recognises that AI can both strengthen and threaten cybersecurity. Concerns include AI-enabled cyberattacks, model manipulation, data breaches, and software vulnerabilities.

The European Commission noted that it is preparing an action plan on AI and cybersecurity to help Member States and businesses address emerging risks while strengthening Europe’s cyber resilience.

The declaration also emphasises the importance of resilient telecommunications infrastructure and stronger protection for SMEs. Building on initiatives such as the NIS2 Directive and the Cyber Resilience Act, the EU said it will continue working with international partners to strengthen cybersecurity standards, protect critical infrastructure and support organisations facing increasingly sophisticated cyber threats.

Why does it matter?

The declaration reflects growing international recognition that cybersecurity challenges are increasingly transnational and require coordinated responses. Emerging technologies such as AI and quantum computing are creating new opportunities for innovation, but also introducing new vulnerabilities that could affect governments, businesses and critical infrastructure.

The emphasis on post-quantum cryptography is particularly significant, as organisations worldwide face the long-term challenge of protecting sensitive data against future quantum-enabled attacks. The declaration also highlights the growing importance of international cooperation in building cyber resilience and securing digital ecosystems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

US unveils new strategy to accelerate AI adoption in national security

The Trump administration has issued a new National Security Presidential Memorandum aimed at accelerating the adoption of AI across the US national security apparatus.

According to the White House, the framework is intended to ensure that military personnel, intelligence professionals and national security agencies have access to advanced AI systems while maintaining accountability and operational control.

The memorandum directs federal agencies to expand the use of commercial and open-source AI technologies in support of national security missions. It also calls for investment in next-generation secure computing infrastructure capable of supporting increasingly advanced AI models and computational workloads.

The memorandum also proposes the creation of an AI National Security Strategic Reserve, bringing together leading non-governmental experts to support national security priorities.

The new framework places emphasis on accountability, reliability and command authority. The White House emphasised that agency leaders and military commanders will remain accountable for decisions and operations supported by AI systems.

Why does it matter?

AI is increasingly viewed as a strategic capability across defence, intelligence, cybersecurity and military planning. Governments are investing heavily in AI systems that can enhance analysis, decision support, operational planning and threat detection.

The memorandum signals Washington’s intention to accelerate the integration of AI into national security operations while maintaining human oversight and accountability. It also reflects broader geopolitical competition over advanced technologies, as major powers seek to secure advantages in AI-driven security capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Spain calls for United Nations Action on children’s digital rights

Spain has proposed the creation of a permanent multilateral working group within the UN to strengthen the regulation of digital environments and improve protections for children online.

The proposal was presented by Minister of Youth and Childhood, Sira Rego, during a ministerial roundtable at the Global Alliance of Pioneer Countries to End Violence Against Children in Turin.

According to Rego, stronger international cooperation is needed to regulate digital environments and protect children’s rights in response to abuses by major technology platforms. She said protecting children online requires regulations, rules, and control mechanisms that safeguard their rights and freedoms.

The proposal builds on earlier Ibero-American ministerial discussions on youth and childhood, during which countries agreed to establish an Ibero-American Observatory for the Well-being of Children, with a focus on protecting minors in digital environments. Spain is now proposing a similar approach within the UN framework.

A central element of Spain’s position is algorithmic transparency. Rego said algorithms are not neutral systems and can affect children’s ability to exercise their rights. She argued that such systems should be auditable and subject to democratic oversight by public authorities.

Alongside regulatory measures, Spain is advancing a National Strategy for Digital Environments to improve digital literacy among children, adolescents, and families. The strategy will combine education, pedagogical tools, and content creation to help protect children’s rights in digital spaces.

Why does it matter?

Spain’s proposal reflects growing pressure for international coordination on children’s digital rights. National rules alone often struggle to address platforms that operate across borders and use algorithmic systems that shape what children see, how they interact, and how their data is used. A UN-level working group could provide child online safety with a more permanent multilateral forum, especially on platform accountability and algorithmic transparency.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Microsoft urges stronger biosecurity safeguards as AI transforms biotechnology

Microsoft has argued that rapid advances in AI and biotechnology are creating new biosecurity challenges that require stronger safeguards and closer cooperation between governments, industry, and the scientific community.

The company said AI is accelerating scientific discovery across areas such as healthcare, drug development, and materials science, while also increasing concerns about accidental harm and deliberate misuse of biological technologies.

Microsoft identifies a growing convergence between general-purpose AI models, specialised biological design tools, laboratory automation systems, and agentic AI technologies. The company argues that these capabilities can accelerate legitimate research but also complicate the biosecurity policy landscape.

A central focus of Microsoft’s recommendations is nucleic acid synthesis screening. The company describes synthetic DNA providers as a critical checkpoint in the biotechnology ecosystem because they are often where digital biological designs are translated into physical materials.

Microsoft said current DNA synthesis screening practices remain largely voluntary and unevenly applied across providers. It warned that gaps in screening become more consequential as AI-enabled biological design tools become more powerful.

The company pointed to its Paraphrase Project, which stress-tested existing screening systems against AI-designed biological sequences. Microsoft said the project showed where safeguards could fail and how they could be improved through responsible disclosure, red teaming, and rapid deployment of fixes.

Microsoft also highlighted growing bipartisan attention to biosecurity in the United States, including a 2025 executive order on biological research safety and the proposed Biosecurity Modernization and Innovation Act. The company said stronger screening requirements, conformity assessments, enforcement mechanisms, and public-private collaboration could help reduce risk while sustaining scientific innovation.

Why does it matter?

AI is becoming part of the biotechnology research pipeline, from biological design tools to automated laboratories. Microsoft’s intervention shows that AI safety debates are expanding beyond model behaviour and content safeguards into the physical infrastructure of science, including DNA synthesis providers, laboratory workflows, technical standards, and biosecurity screening. The key policy question is how to preserve scientific openness while preventing AI-enabled misuse of biological capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UNICEF warns of AI risks to child online safety

UNICEF Vietnam has warned that rapid advances in AI are creating new risks for child online safety, including AI-generated child sexual abuse material and deepfakes.

The UNICEF Vietnam Representative, Silvia Danailov, issued a warning to mark International Children’s Day and Vietnam’s Month of Action for Children, which is held under the theme ‘Happy, safe and confident children in the digital world.’

Danailov said digital technologies can help children learn, connect, and develop future skills, but also create new forms of harm. She warned that generative AI can now be used to create highly realistic sexual images or videos of children without their knowledge or consent.

UNICEF, ECPAT, and INTERPOL research across 11 countries found that at least 1.2 million children reported that their images had been manipulated into sexually explicit deepfakes in the past year. Danailov said such harms can have lasting effects, even when images are digitally created, because children experience fear, shame, and loss of trust.

Nearly nine in ten children aged 12 to 17 in Vietnam are online, with many spending five to seven hours a day on the internet. Danailov said AI-driven risks add a new layer to existing challenges, such as cyberbullying and online exploitation, while also exposing inequalities between children who are supported online and those who are not.

Vietnam has strengthened its legal and policy framework, including a new government decree effective from 16 May 2026 that reinforces children’s right to privacy by prohibiting the disclosure of a child’s personal information without the child’s consent, when aged seven or older, and with the consent of their parents or caregivers.

The country has also approved the National Programme on Child Online Protection and Support for Development for 2026–2030, aimed at protecting children and empowering them as confident digital citizens through stronger legal frameworks, improved systems, education, and coordinated action.

UNICEF called for laws and enforcement to keep pace with technology, stronger child protection systems, safer platform design by technology companies, and better support for schools and families. Danailov also stressed that children must be heard and involved in creating safer digital environments.

Why does it matter?

The warning shows how generative AI is changing the landscape of child online safety. Children can now be harmed even without direct interaction with an offender, including through manipulated images and deepfake abuse. That makes child protection harder for families, schools, platforms, and regulators, and increases the need for safety-by-design, stronger reporting systems, legal safeguards, and trusted support channels for children.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK Ofcom sets out AI safety and innovation strategy

Ofcom has outlined its approach to enabling safe and secure AI adoption across the UK communications sectors it regulates and within its own work.

The regulator said its approach is technology-neutral and outcomes-based, aligning AI oversight with its wider mission of making communications work for everyone while supporting innovation and growth.

Ofcom’s report uses case studies to show how AI is already shaping regulatory work and the sectors it oversees. Planned and recent initiatives include building a pilot data lake to make spectrum licensing and online safety data more accessible, engaging with innovators to identify regulatory uncertainty, and assessing public trust in AI chatbots.

The regulator is also examining the impact of AI on telecoms customer experience, exploring AI deployment in broadcasting, assessing AI use in cybersecurity for telecommunications networks, and considering how AI could support network management and optimisation.

Alongside innovation support, Ofcom said it is monitoring AI-related risks and emerging harms. Its work includes guidance on technology-led mitigation against deepfakes, research into chatbot-related harms, and action to address risks posed by AI systems to users.

Ofcom said it coordinated with the AI Security Institute and the National Cyber Security Centre to brief stakeholders on the frontier AI cybersecurity implications following Anthropic’s preview of Claude Mythos, which caused concern. It also said it launched a formal investigation into X’s Grok chatbot.

The regulator is also piloting responsible AI use internally, including tools to support policy development, research, consultation processes, tracking of technical standards, and operational efficiency. Ofcom said it will take a safety-first approach and roll out internal AI tools only once it is confident they are safe and secure.

Why does it matter?

Ofcom’s approach shows how AI governance is becoming operational inside sector regulators, not only debated at the government level. The strategy links innovation support with risk monitoring across online safety, telecoms, broadcasting, cybersecurity, spectrum management, and consumer protection. It also shows regulators experimenting with AI in their own workflows while trying to maintain safety, accountability, and public trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Commission unveils roadmap for AI and digitalisation in energy

The European Commission has published a Strategic Roadmap for Digitalisation and AI in the Energy Sector, outlining how digital technologies could support a more resilient, competitive and secure European energy system.

The roadmap outlines how digital tools and AI could help consumers and businesses reduce energy costs through greater efficiency, smarter energy consumption and improved management of electricity demand. It also highlights the role of digital technologies in supporting the integration of renewable energy into electricity grids.

The Commission has structured the roadmap around three main priorities. These priorities include integrating data centres into energy systems in a sustainable manner, accelerating the deployment of digital and AI-enabled technologies such as smart meters and intelligent grid solutions, and establishing a framework for secure cross-border energy data sharing.

The Commission said the plan will also focus on cybersecurity, AI trust, digital skills and international cooperation. As part of the next phase, the Commission plans to support industry cooperation initiatives and launch the AI.grids community, which will focus on developing AI models for energy network management across the EU.

Why does it matter?

The energy sector is becoming increasingly dependent on digital technologies to manage growing electricity demand, integrate renewable energy sources and maintain grid stability. AI and advanced data analytics could help improve efficiency, reduce costs and support more flexible energy systems.

At the same time, greater digitalisation introduces new challenges related to cybersecurity, data governance and infrastructure resilience. The roadmap signals the EU’s intention to ensure that digital transformation in the energy sector supports both sustainability goals and long-term energy security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

European Central Bank warns banks to strengthen resilience as AI reshapes cyber threats

Europe’s banking sector must strengthen its operational resilience as AI transforms the cyber threat landscape and increases systemic risks, according to the European Central Bank (ECB). Speaking at a financial conference, Executive Board member Frank Elderson warned that technological disruption and geopolitical fragmentation are increasing pressure on financial infrastructure.

The ECB said Europe’s reliance on external providers for technology, energy and financial services creates vulnerabilities that could expose critical functions to operational disruptions. While banks remain financially stable, their ability to maintain critical services during cyberattacks or system failures has become key to long-term competitiveness and stability.

According to the ECB, AI is accelerating cyber risks by lowering barriers to sophisticated attacks, enabling faster identification of vulnerabilities and expanding the range of actors capable of conducting cyber operations. While supervisors have strengthened oversight through measures such as stress testing and the implementation of the Digital Operational Resilience Act (DORA), the ECB warned that cyber and operational risks continue to evolve rapidly.

Authorities are now urging banks to invest more heavily in systems, governance, and third-party risk management to ensure continuity of services under stress. The ECB emphasised that operational resilience should be viewed not only as a technical challenge but as a strategic priority for maintaining trust in financial services and supporting Europe’s wider economic transformation.

Why does it matter?

Financial stability increasingly depends not only on the financial health of banks but also on their ability to maintain critical services during cyber incidents, technology failures and operational disruptions.

As AI enables more sophisticated cyberattacks and financial institutions become more dependent on complex digital infrastructure and third-party providers, regulators are placing greater emphasis on operational resilience as a core component of financial stability, economic competitiveness and public trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Tech firms and law enforcement disrupt Southeast Asia scam networks

A major international operation involving Meta, Microsoft, Coinbase, Starlink, and law enforcement agencies from several countries has disrupted large-scale criminal scam networks operating across Southeast Asia.

The coordinated effort combined digital intelligence, financial investigations, platform enforcement, and real-world law enforcement action to target organised groups responsible for online fraud, investment scams, and other cyber-enabled crimes.

According to Meta, the operation removed more than 1.4 million fraudulent accounts, pages, and groups across Facebook and Instagram. Microsoft suspended around 20,000 malicious accounts linked to scam activity, while Coinbase froze more than $3 million in cryptocurrency assets associated with criminal operations.

Starlink also shut down thousands of internet terminals allegedly used by fraud operations, while law enforcement authorities arrested 63 individuals linked to scam centres.

The initiative brought together the US Department of Justice, the FBI, the US Secret Service, the Royal Thai Police, and law enforcement agencies from the UK, Australia, Canada and New Zealand.

Meta said intelligence sharing between technology companies and law enforcement helped identify additional scam locations and uncover previously unknown criminal networks operating across multiple jurisdictions.

Why does it matter?

The operation shows how online scam networks now rely on a full digital stack: social media accounts, messaging, cryptocurrency payments, connectivity infrastructure, and cross-border money movement. Disrupting these networks increasingly requires coordination between platforms, financial services, internet providers, and law enforcement. The case also highlights the link between digital fraud and physical scam compounds in Southeast Asia, where cybercrime operations often operate across multiple jurisdictions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.