Cybersecurity

UK’s Royal Mail investigates major data breach

Royal Mail is investigating a significant cybersecurity incident after a hacker known as ‘GHNA’ claimed to have leaked 144GB of sensitive customer data. The files were allegedly obtained through Spectos, a third-party analytics provider, and posted on the BreachForums platform. While the leaked information includes names, addresses, parcel data, and internal recordings, Royal Mail stated that its delivery services remain unaffected.

Spectos confirmed a breach on 29 March, explaining that the attack stemmed from a 2021 malware infection that compromised an employee’s credentials. Cybersecurity firm Hudson Rock linked the same login data to another recent attack involving Samsung. The exposed dataset includes thousands of files containing mailing lists from Mailchimp, Zoom meetings, logistics details, and a WordPress database, raising concerns about the security of Royal Mail’s extended network.

The breach is the latest in a series of cyber incidents targeting the UK’s Royal Mail, following a 2023 ransomware attack that halted international shipping and a 2022 outage in its tracking systems. While the full extent of the latest leak remains under investigation, experts warn that prolonged access to internal systems may have occurred before the data was released. No public notification procedures have yet been confirmed.

For more information on these topics, visit diplomacy.edu.

North Korean hacker group cashes in on crypto trade

A wallet linked to North Korea’s notorious Lazarus Group has reportedly sold 40.78 Wrapped Bitcoin (WBTC) for $3.51 million, exchanging it for 1,847 Ethereum (ETH), according to data from SpotOnChain.

Instead of holding onto the ETH, the wallet redistributed 2,507 ETH across three separate addresses, with the largest portion of 1,865 ETH sent to another wallet allegedly tied to the hacker group.

The wallet originally purchased the 40.78 WBTC in February 2023 for around $999,900, when the price of WBTC averaged $24,521. Instead of selling earlier, the group waited until WBTC surged to $83,459, securing a realised profit of $2.51 million, representing a 251% gain over two years.

Lazarus Group, instead of operating openly, has been using complex laundering techniques to move stolen funds, particularly after its attack on crypto exchange Bybit.

In March, the group allegedly laundered nearly 500,000 ETH—worth $1.39 billion—through various transactions in just ten days, instead of keeping the stolen assets in a single location. At least $605 million was processed via the THORChain platform in a single day.

According to Arkham Intelligence, a wallet linked to the group still holds approximately $1.1 billion in crypto, with substantial reserves in Bitcoin, Ethereum, and Tether.

Meanwhile, Google’s Threat Intelligence Group has reported increased efforts by North Korean IT workers to infiltrate European tech and crypto firms, acting as insider operatives for state-sponsored cybercrime networks like Lazarus Group instead of working as legitimate employees.

For more information on these topics, visit diplomacy.edu.

UK government announces new cyber bill to strengthen national defences and protect critical infrastructure

The UK government has unveiled plans for a new Cyber Security and Resilience Bill aimed at enhancing the country’s ability to defend against the growing risk of cyber threats. Scheduled to be introduced later this year, the Bill forms a key part of the government’s broader strategy to protect critical national infrastructure (CNI), support economic growth, and ensure the resilience of the UK’s digital landscape.

The forthcoming legislation will focus on bolstering the cyber resilience of essential services—such as healthcare, energy, and IT providers—that underpin the economy and daily life. Around 1,000 vital service providers will be required to meet strengthened cyber security standards under the new rules. These measures are designed to safeguard supply chains and key national functions from increasingly sophisticated cyber attacks affecting both public and private sectors.

In addition, the government is considering extending cyber security regulations to over 200 data centres across the country. These centres are integral to the functioning of modern finance, e-commerce, and digital communication. By improving their security, the government hopes to safeguard services that rely heavily on data, such as online banking, shopping platforms, and social media.

If adopted, the government’s proposals include:

  • Expanding the scope of the NIS Regulations. The scope of the Network and Information Systems (NIS) Regulations would be broadened to include a wider range of organisations and suppliers. This expansion would bring data centres, Managed Service Providers (MSPs), and other critical suppliers under the regulatory framework, ensuring that more entities are held to high standards of cyber security and resilience.
  • Enhanced regulatory powers. Regulators would be equipped with additional tools to strengthen cyber resilience within the sectors they oversee. This includes new obligations for organisations to report a broader range of significant cyber incidents, enabling faster and more informed responses to emerging threats.
  • Greater Flexibility to Adapt. The government would gain increased flexibility to update the framework in line with the evolving threat landscape. This means regulations could be swiftly extended to cover new and emerging sectors, ensuring the UK remains agile in the face of dynamic cyber risks.
  • New Executive Powers for National Security. In circumstances where national security is at stake, the government would be granted new executive powers to act decisively in response to serious cyber threats.

For more information on these topics, visit diplomacy.edu.

Japan passes landmark cyber defence bill

Japan has passed the Active Cyber Defence Bill, which permits the country’s military and law enforcement agencies to undertake pre-emptive measures in response to cyber threats.

The legislation adopts a two-pronged approach, focusing on both passive and active cyber defence. It includes the establishment of a cybersecurity council and an oversight committee to enhance threat analysis and information-gathering capabilities. The bill also introduces new requirements for critical infrastructure providers to report cybersecurity incidents promptly. Additionally, it enables the government to collect technical information—such as IP addresses and timestamps—from telecommunications providers in cases where a potential cyberattack is identified, to monitor communications between Japan and external actors.

The legislation also grants the military powers to carry out active measures against cyber threats. This includes the deployment of ‘cyber harm-prevention officers’, tasked with actions such as disrupting servers involved in cyberattacks and responding to critical incidents.

While the bill is positioned as part of Japan’s broader efforts to strengthen its cyber resilience, some commentary has raised questions about the balance between security and oversight.

For more information on these topics, visit diplomacy.edu.

Google report exposes North Korea’s growing cyber presence in blockchain industry

North Korean cyber operatives have expanded their activities by targeting blockchain startups in the United Kingdom and European Union.

A report from Google’s Threat Intelligence Group (GTIG) revealed that IT workers linked to the Democratic People’s Republic of Korea (DPRK) have embedded themselves in crypto projects beyond the United States, across the UK, Germany, Portugal, and Serbia.

These operatives, posing as remote developers, have left compromised data and extortion attempts in their wake.

Affected projects include blockchain marketplaces, AI web applications, and Solana-based smart contracts. Some developers worked under multiple fake identities, using falsified university degrees and residency documents to gain employment.

Payments were routed through services like TransferWise and Payoneer, obscuring funds flowing back to the North Korean regime. Cybersecurity experts warn that companies hiring these workers risk espionage, data theft, and security breaches.

GTIG reports that these cyber operations are generating revenue for North Korea, which has been accused of using overseas IT specialists to finance its sanctioned weapons programmes.

Financial service providers, including Wise, have stated that they monitor transactions closely and report any suspicious activity. With increasing global scrutiny, experts caution businesses to remain vigilant against fraudulent hires in the blockchain sector.

For more information on these topics, visit diplomacy.edu.

Parents gain more oversight in latest Roblox update

Roblox is expanding its parental controls, offering more ways for parents to manage their children’s interactions and gaming experiences.

The update builds on safety measures introduced last year following concerns about child protection on the platform.

Parents who link their accounts with their child’s can now block or report specific people from the child’s friends list.

Children under 13 cannot unblock restricted users without parental approval. The update also allows parents to block access to specific games rather than just setting general content maturity limits.

A new feature provides parents with insights into their child’s gaming habits by showing the 20 experiences they have spent the most time on in the past week. Roblox continues to refine its safety tools to create a more secure environment for young players.

For more information on these topics, visit diplomacy.edu.

Nokia expands 5G partnership with Airtel

Nokia has signed a multi-year deal with Bharti Airtel to expand their core network collaboration instead of maintaining a limited partnership, aiming to enhance 5G service delivery.

The move will integrate 5G and 4G technologies into a unified server setup instead of running them separately, while also helping Airtel grow its 4G/5G customer base.

Nokia’s Fixed Wireless Access (FWA) will provide additional solutions for home broadband and enterprise-critical applications instead of relying solely on traditional infrastructure.

The rollout will cover network automation across most Airtel service regions in India, helping the telecom giant optimise its hardware footprint and reduce costs per bit by using appliance-based Packet Core gateways.

Airtel CTO Randeep Sekhon highlighted that Nokia’s Packet Core deployment will improve network quality and reliability instead of allowing congestion to impact customers.

Nokia’s president of cloud and network services, Raghav Sahgal, emphasised that this collaboration strengthens Airtel’s 5G standalone (SA) readiness, reinforcing Nokia’s leadership in core network solutions in India and globally.

For more information on these topics, visit diplomacy.edu.

Meta’s Hypernova smart glasses promise cutting-edge features and advanced display technology

Meta is preparing to launch an advanced pair of smart glasses under the codename Hypernova, featuring a built-in display and gesture control capabilities.

The new device, developed in partnership with Ray-Ban, aims to enhance user convenience by offering features such as media viewing, map navigation, and app notifications.

Unlike previous models, the Hypernova glasses will have a display located in the lower right corner of the right lens, allowing users to maintain a clear view through the left lens.

The glasses will be powered by Qualcomm silicon and run on a customised version of Android. Meta is also developing a wristband, codenamed Ceres, which will provide gesture-based controls, including pinch-to-zoom and wrist rotation.

The wristband is expected to be bundled with the glasses, offering users a more seamless and intuitive experience.

Retail pricing for the Hypernova smart glasses is expected to range between $1,000 and $1,400, significantly higher than current VR-ready smart glasses like the Viture Pro and Xreal One.

However, Meta aims to differentiate its product through enhanced functionality and fashionable design, making it an appealing option for consumers looking for both style and utility.

The Hypernova glasses are projected to hit the market by the end of 2025. Meta is also developing additional augmented reality products, including the Orion holographic glasses and research-focused Aria Gen 2 AR glasses.

Competitors like Samsung are expected to launch similar Android-based smart glasses around the same time, setting the stage for an exciting year in the wearable tech market.

For more information on these topics, visit diplomacy.edu.

Gemini AI for kids: A new era of safe, smart learning

Google appears to be working on a child-friendly version of its Gemini AI, offering young users a safer and more controlled experience. A recent teardown of the Google app (version 16.12.39) uncovered strings referencing ‘kid users,’ hinting at an upcoming feature tailored specifically for children.

While Gemini already assists users with creating stories, answering questions, and helping with homework, this kid-friendly version is expected to include stricter content policies and additional safeguards.

Google’s existing safety measures for teens suggest that Gemini for Kids may offer even tighter restrictions and enhanced content moderation.

It remains unclear how Google plans to implement this feature, but it is likely that Gemini for Kids will be automatically enabled for Google accounts registered under a child’s name.

Given global regulations on data collection for minors, Google will reportedly process children’s data in accordance with its privacy policies and the Gemini Apps Privacy Notice.

As AI increasingly integrates into education and daily life, a safer, child-focused version of Gemini could provide a more secure way for kids to engage with technology while ensuring parental peace of mind.

For more information on these topics, visit diplomacy.edu.

Hackers exploit AI: The hidden dangers of open-source models

As AI adoption grows, security experts warn that malicious actors are finding new ways to exploit vulnerabilities in open-source models.

Yuval Fernbach, CTO of machine learning operations at JFrog, notes that hackers are increasingly embedding harmful code within AI models, making it easier to steal information, manipulate outputs, or disrupt services.

A recent study by JFrog and Hugging Face found that of over one million AI models analyzed, 400 contained malicious code—roughly a 1% chance of encountering a tainted model.

However, the risk has escalated: while the number of available AI models has tripled, attacks have increased sevenfold.

The widespread use of open-source models, often chosen over costly proprietary alternatives, exacerbates security concerns.

Many companies lack proper oversight, with 58% of surveyed firms admitting to having no formal policy for vetting AI models. Meanwhile, banks and other industries worry that AI’s rapid evolution outpaces their ability to implement safeguards.

With agentic AI poised to automate decision-making, businesses face an urgent need to strengthen AI security measures before vulnerabilities lead to significant financial and operational consequences.

For more information on these topics, visit diplomacy.edu.