Cybersecurity

Huawei and ZTE expand 5G foothold in Vietnam amid US concern

Vietnam has moved to expand its use of Chinese 5G technology, awarding Huawei and ZTE a series of new contracts. Under recent deals, the two companies will supply advanced 5G radio equipment to strengthen network coverage, while European vendors remain responsible for core systems.

Vietnam, which borders China, Laos, and Cambodia, previously echoed allies’ warnings that Chinese-made 5G gear posed an unacceptable security risk. Recent tariff frictions with the United States and shifting economic priorities have since pushed officials to reconsider that stance.

According to local reports, Huawei and ZTE have together secured contracts worth about 43 million dollars for non-core 5G equipment. Ericsson and Nokia are expected to continue supplying the 5G core, with Chinese vendors focused on antennas and related infrastructure at the network edge.

In April, a consortium including Huawei won a 23 million dollar deal to provide 5G gear, shortly after new US tariffs on Vietnamese exports came into force. Analysts say those measures have strained ties between Hanoi and Washington while nudging Vietnam to deepen economic and technological links with Beijing.

Vietnamese supply chain specialist Nguyen Hung says Hanoi is prioritising its own strategic interests, seeing closer ties with Chinese vendors as a route to deeper regional integration. US officials warn the deals could damage network trust and limit access to advanced American technology.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

DeepSeek use halted across Belgian federal workplaces

Belgium has ordered all federal government officials to cease using the Chinese AI tool DeepSeek, effective 1 December. All applications linked to the system must be removed from government devices by Monday, according to a letter from Vanessa Matz, Minister of Government Modernisation.

The decision follows an assessment by the Centre for Cybersecurity Belgium, which warned of risks tied to data protection and the handling of sensitive information.

The Belgian government first signalled its concerns in September, after cybersecurity analysts highlighted the tool’s potential to expose transmitted data. Minister Matz stated that the ban is a preventive measure to ensure that federal workplaces remain ‘safe, secure, and exemplary,’ emphasising that vigilance is crucial when dealing with high-risk digital systems, particularly those developed abroad.

Belgium joins a growing list of countries restricting DeepSeek due to security concerns. Taiwan and Australia have already barred the AI system from government devices, citing the risk of data exposure and espionage.

South Korea also banned its use among civil servants after its intelligence service concluded that DeepSeek collected an excessive amount of personal data. Although the company’s app was later restored to app stores, government restrictions remain in place.

Several European governments have taken similar steps. The Czech Republic and the Netherlands have issued limitations, with Dutch civil servants prohibited from installing the chatbot on work devices. Meanwhile, Canada, India, Italy and the United States have imposed their own restrictions, reflecting a broad international push to limit the tool’s reach within public administrations.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU moves forward on new online child protection rules

EU member states reached a common position on a regulation intended to reduce online child sexual abuse.

The proposal introduces obligations for digital service providers to prevent the spread of harmful content and to respond when national authorities require the removal, blocking or delisting of material.

A framework that requires providers to assess how their services could be misused and to adopt measures that lower the risk.

Authorities will classify services into three categories based on objective criteria, allowing targeted obligations for higher-risk environments. Victims will be able to request assistance when seeking the removal or disabling of material that concerns them.

The regulation establishes an EU Centre on Child Sexual Abuse, which will support national authorities, process reports from companies and maintain a database of indicators. The Centre will also work with Europol to ensure that relevant information reaches law enforcement bodies in member states.

The Council position makes permanent the voluntary activities already carried out by companies, including scanning and reporting, which were previously supported by a temporary exemption.

Formal negotiations with the European Parliament can now begin with the aim of adopting the final regulation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SAP expands sovereign cloud vision with EU AI Cloud

SAP introduced the EU AI Cloud as part of a unified plan that aims to support Europe’s digital sovereignty goals.

The offering consolidates SAP’s existing sovereign cloud work under one structure and provides organisations with a way to meet strict regulatory and operational needs, ensuring full EU data residency.

Customers can select deployment options that match their level of required control, ranging from SAP’s European data centres to on-site infrastructure.

SAP is also expanding its partnership with Cohere to integrate advanced multimodal and agentic AI features through Cohere North.

Incorporation into SAP Business Technology Platform enables enterprises with data residency constraints to apply AI within core processes without undermining compliance or performance.

A collaboration that is intended to improve insight generation and decision support across a wide range of industries.

EU AI Cloud is backed by a broad ecosystem that includes Cohere, Mistral AI, OpenAI and other partners whose models and applications can be accessed through SAP BTP.

European enterprises and public bodies gain access to routes for developing and deploying AI tools while maintaining flexibility and sovereignty.

The range of options includes SAP Sovereign Cloud, customer-operated on-site deployments and, where chosen, commercial services on selected hyperscalers with sovereignty controls. The approach also includes Delos Cloud for organisations in Germany that require dedicated public sector safeguards.

SAP positions the initiative as a means to advance AI adoption in Europe, aligning with regional standards on data protection and operational independence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU faces new battles over digital rights

EU policy debates intensified after Denmark abandoned plans for mandatory mass scanning in the draft Child Sexual Abuse Regulation. Advocates welcomed the shift yet warned that new age checks and potential app bans still threaten privacy.

France and the UK advanced consultations on good practice guidelines for cyber intrusion firms, seeking more explicit rules for industry responsibility. Civil society groups also marked two years of the Digital Services Act by reflecting on enforcement experience and future challenges.

Campaigners highlighted rising concerns about tech-facilitated gender violence during the 16 Days initiative. The Centre for Democracy and Technology launched fresh resources stressing encryption protection, effective remedies and more decisive action against gendered misinformation.

CDT Europe also criticised the Commission’s digital omnibus package for weakening safeguards under laws, including the AI Act. The group urged firm enforcement of existing frameworks while exploring better redress options for AI-related harms in the EU legislation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

South Korea accelerates AI adoption as NVIDIA strengthens national ecosystem

NVIDIA AI Day Seoul drew more than 1,000 visitors who gathered to explore sovereign AI and the rapid progress shaping South Korea’s digital landscape.

Attendees joined workshops, technical sessions and startup showcases designed to highlight the country’s expanding ecosystem instead of focusing only on theoretical advances.

Five finalists from the Inception Grand Challenge also presented their work, reflecting the growing strength of South Korea’s startup community.

Speakers outlined how AI now supports robotics, industrial production, entertainment and public administration.

Conglomerates from South Korea, such as Samsung, SK Group, Hyundai Motor Group and NAVER Cloud, have intensified their investment in AI, while government agencies rely on accelerated computing to process documents and policy information at scale.

South Korea’s ecosystem continues to expand with hundreds of Inception startups, sovereign LLM initiatives and major supercomputing deployments.

Developers engaged directly with NVIDIA engineers through workshops and a Q&A area covering AI infrastructure, LLMs, robotics and automotive technologies. Plenary sessions examined agentic AI, reasoning models and the evolution of AI factories.

Partners presented advances in training efficiency, agentic systems and large-scale AI infrastructure built with NVIDIA’s platforms instead of legacy hardware.

South Korea’s next phase of development will be supported by access to 260,000 GPUs announced during the APEC Summit. Officials expect the infrastructure to accelerate startup growth, stimulate national AI priorities and attract new collaboration across research and industry.

The Seoul event marks another step in the country’s effort to reinforce its digital foundation while expanding its role in global AI innovation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Mixpanel breach exposes limited OpenAI API metadata

OpenAI says a security incident at Mixpanel exposed limited metadata linked to the API interface. Mixpanel’s systems, not OpenAI’s, were compromised during the intrusion. No chat content, passwords, API keys, or payment information was affected.

Mixpanel told OpenAI that an attacker exported a dataset containing basic user profile fields. The information includes names, email addresses, coarse location data, and browser details. OpenAI has removed Mixpanel from production and is notifying impacted users.

OpenAI maintains that its internal infrastructure remains secure with no evidence of unauthorised access. Wider reviews across the vendor ecosystem are underway to assess potential risks. The company has raised security requirements for partners and continues to monitor for misuse.

Security teams warn that the leaked data could fuel phishing or social-engineering attempts. Users are urged to treat unsolicited messages with caution and verify communications sent under the OpenAI name. Multi-factor authentication remains strongly recommended for all accounts as an added safeguard.

OpenAI reiterates that trust and privacy remain core to its products and operations. The organisation has ended its use of Mixpanel and is reviewing supporting services to prevent similar issues. Impacted organisations will receive direct notifications as the investigation continues.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Australia moves to curb nudify tools after eSafety action

A major provider of three widely used nudify services has cut off Australian access after enforcement action from eSafety.

The company received an official warning in September for allowing its tools to be used to produce AI-generated material that harmed children.

A withdrawal that follows concerns about incidents involving school students and repeated reminders that online services must meet Australia’s mandatory safety standards.

eSafety stated that Australia’s codes and standards are encouraging companies to adopt stronger safeguards.

The Commissioner noted that preventing the misuse of consumer tools remains central to reducing the risk of harm and that more precise boundaries can lower the likelihood of abuse affecting young people.

Attention has also turned to underlying models and the hosting platforms that distribute them.

Hugging Face has updated its terms to require users to take steps to mitigate the risks associated with uploaded models, including preventing misuse for generating harmful content. The company is required to act when reports or internal checks reveal breaches of its policies.

eSafety indicated that failure to comply with industry codes or standards can lead to enforcement measures, including significant financial penalties.

The agency is working with the government on further reforms intended to restrict access to nudify tools and strengthen protections across the technology stack.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Asahi faces major disruption after cyberattack

Growing concern surrounds Asahi Group after the company acknowledged a possible leak of nearly two million personal records linked to a cyberattack that began in late September.

Company president Atsushi Katsuki apologised publicly and confirmed that operations remain heavily disrupted as logistics teams work towards full recovery by February.

Investigators found that attackers infiltrated network equipment at one of Asahi’s facilities, obtained administrator credentials and accessed servers repeatedly.

Atsushi Katsuki noted that the breach demonstrated significant vulnerabilities, although he stressed that improvements had already been implemented and no ransom had been paid.

Production and shipments across most domestic factories were halted, forcing employees to handle orders manually and slowing the resumption of supply lines.

Competitors Kirin, Suntory and Sapporo have struggled to meet unexpected demand, triggering shipping limits and suspensions on some products across the wider beer industry.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Malicious Chrome extension siphons SOL from Solana swaps

Security researchers have uncovered a malicious Chrome extension that secretly diverts SOL from users conducting swaps on the Solana blockchain. The extension, called Crypto Copilot, injects an undisclosed transfer into every Raydium transaction, quietly routing funds to a hardcoded attacker wallet.

The tool presents itself as a convenience app that enables Solana swaps directly from X posts, connecting to wallets such as Phantom and Solflare. Behind the interface, the code appends a hidden SystemProgram.transfer instruction to each transaction.

The fee is set at either 0.0013 SOL or 0.05% of the trade amount, whichever is higher, and remains invisible unless the user inspects the complete instruction list.

External services lend the app legitimacy, utilising DexScreener data, Helius RPC calls, and a backend dashboard that provides no actual functionality. Researchers warn that the disposable infrastructure, misspelt domains, and obfuscated code point to clear malicious intent, not an unfinished product.

On-chain analysis indicates limited gains for attackers so far, likely due to the low distribution. The mechanism, however, scales directly with swap volume, placing high-frequency and large-volume traders at the most significant risk.

Security teams are urging users to avoid closed-source trading extensions and to scrutinise Solana transactions before signing.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot