Cybersecurity

Microsoft drops passwords in Authenticator app to support passkeys

Microsoft has announced that its Authenticator app will stop supporting the saving of new passwords from 1 June, with autofill features to be removed in July. By August, users will no longer have access to any passwords stored in the app.

The decision marks a shift in Microsoft’s focus from app-based password management to browser-based solutions, particularly via Microsoft Edge.

The company recommends that users move their saved passwords to a dedicated password manager or the Edge browser immediately.

Instead of continuing to develop Authenticator as a full password manager, Microsoft is encouraging users to adopt passkeys—digital credentials that offer stronger security.

Passkeys use cryptographic keys stored locally on devices, making them much harder to steal or guess compared to traditional passwords.

Microsoft insists this change is part of a broader push to phase out outdated password systems in favour of safer, faster authentication methods.

Security experts support this move but caution users to take immediate action to prevent losing access to important logins.

Microsoft itself admits that Authenticator was never a proper password manager in the traditional sense, and that dedicated apps such as 1Password or Apple’s built-in password tools provide better options for storing credentials securely.

Users should ensure they export or migrate their stored information well before the August cutoff.

A change like this also reflects Microsoft’s alignment with industry trends, alongside Apple and Google, to accelerate the adoption of passkeys.

The company argues that with attackers increasingly exploiting weak or reused passwords, replacing them altogether with newer technology is not just advisable—it’s essential.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S halts meal deals amid ongoing cyber attack disruption

Marks & Spencer has temporarily suspended some of its popular meal deal offers as the retailer continues to grapple with the fallout from a serious cyber attack.

Signs in stores, including at major transport hubs such as Victoria Station, explain that availability issues have made it impossible to fulfil certain promotions, and ask customers for patience while the company works through the disruption.

Instead of offering its usual lunchtime combinations and dine-in meal deals priced between £6 and £15, M&S is facing stock shortfalls due to the hack, which is now in its third week.

The attack is reportedly linked to a group of teenage hackers using ransomware tactics, locking computer systems and demanding payment for their release.

The breach has already caused significant operational challenges, with fears internally that the disruption could drag on for weeks. Sources suggest the financial impact could run into tens of millions in lost orders, as systems remain frozen and supply chains struggle to recover.

Meal deal suspensions are the latest sign of the broader strain the retailer is under as it scrambles to restore normal service.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers hijack NY Post X account to scam crypto users

Cybercriminals reportedly breached the New York Post’s X account. They targeted cryptocurrency enthusiasts by luring them into a Telegram-based scam, disguised as a podcast invitation.

The fraudulent message, impersonating journalist Paul Sperry, invited users to a supposed editorial feature, offering both in-person and virtual interview options.

Kerberus CEO Alex Katz flagged the issue, confirming the scam was being pushed from NYP’s verified X profile.

Cybersecurity expert ‘Drew’ noted the attackers blocked replies to prevent the real NYP team from spotting the breach. He warned users not to respond to Telegram messages, emphasising that the invite was fake.

Unlike typical crypto scams involving phishing links or wallet drainers, this attack focused on private messaging and trust manipulation.

Victims reported that the scammer used detailed, personal references and staged interviews. These interviews enabled audio-triggered suspicious pop-ups, including one labelled ‘WiFi.’

Security experts say such methods exploit user trust built through prior interactions. As social engineering tactics evolve, crypto users are urged to verify every identity, even those they communicate with regularly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cyberattacks against US soar in early 2025

Cyberattacks targeting the US surged dramatically in early 2025, according to a new report from cybersecurity firm Trellix. Between October 2024 and March 2025, advanced persistent threats (APTs) increased by 136% compared to the previous quarter.

China’s cyber operations showed significant sophistication, with groups such as APT40 and Mustang Panda leading the charge. APT41, another Chinese-affiliated group, intensified its activities by 113%, focusing on exploiting both new and known vulnerabilities rather than relying on phishing tactics.

Analysts noted that nearly half of these threats originated from China, while over a third were linked to Russia. Meanwhile, Russia’s APT29, also known as Midnight Blizzard, primarily targeted transportation, shipping, and telecommunications sectors.

The report highlighted that government institutions remained the primary focus of hostile cyber actors. However, the telecommunications industry experienced a sharp 92% increase in APT attacks, while the technology sector faced a staggering 119% rise.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New AI app offers early support for parents of neurodivergent children

A new app called Hazel, developed by Bristol-based company Spicy Minds, offers parents a powerful tool to understand better and support their neurodivergent children while waiting for formal diagnoses. Using AI, the app runs a series of tests and then provides personalised strategies tailored to everyday challenges like school routines or holidays.

While it doesn’t replace a medical diagnosis, Hazel aims to fill a critical gap for families stuck in long waiting queues. Spicy Minds CEO Ben Cosh emphasised the need for quicker support, noting that many families wait years before receiving an autism diagnosis through the UK’s NHS.

‘Parents shouldn’t have to wait years to understand their child’s needs and get practical support,’ he said.

In Bristol alone, around 7,000 children are currently on waiting lists for an autism assessment, a number that continues to rise. Parents like Nicola Bennett, who waited five years for her son’s diagnosis, believe the app could be life-changing.

She praised Hazel for offering real-time guidance for managing sensory needs and daily planning—tools she wished she’d had much earlier. She also suggested integrating links to local support groups and services to make the app even more impactful.

By helping reduce stress and giving families a head start on understanding neurodiversity, Hazel represents a meaningful step toward more accessible, tech-driven support for parents navigating a complex and often delayed healthcare system.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hackers target UK retailers with fake IT calls

British retailers are facing a new wave of cyberattacks as hackers impersonate IT help desk staff to infiltrate company systems. The National Cyber Security Centre (NCSC) has issued an urgent warning following breaches at major firms including Marks & Spencer, Co-op, and Harrods.

Attackers use sophisticated social engineering tactics—posing as locked-out employees or IT support staff—to trick individuals into giving up passwords and security details. The NCSC urges companies to strengthen how their IT help desks verify employee identities, particularly when handling password resets for senior staff.

Security experts in the UK recommend using multi-step verification methods and even code words to confirm identities over the phone. These additional layers are vital, as attackers increasingly exploit trust and human error rather than technical vulnerabilities.

While the NCSC hasn’t named any group officially, the style of attack closely resembles the methods of Scattered Spider, a loosely connected network of young, English-speaking hackers. Known for high-profile cyber incidents—including attacks on Las Vegas casinos and public transport systems—the group often coordinates via platforms like Discord and Telegram.

However, those claiming responsibility for the latest breaches deny links to Scattered Spider, calling themselves ‘DragonForce.’ Speaking to the BBC, the group claimed to have stolen significant customer and employee data from Co-op and hinted at more disruptions in the future.

The NCSC is investigating with law enforcement to determine whether DragonForce is a new player or simply a rebranded identity of the same well-known threat actors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

How digital twins are being weaponised in crypto scams

Digital twins are virtual models of real-world objects, systems, or processes. They enable real-time simulations, monitoring, and predictions, helping industries like healthcare and manufacturing optimise resources. In the crypto world, cybercriminals have found a way to exploit this technology for fraudulent activities.

Scammers create synthetic identities by gathering personal data from various sources. These digital twins are used to impersonate influencers or executives, promoting fake investment schemes or stealing funds. The unregulated nature of crypto platforms makes it easier for criminals to exploit users.

Real-world scams are already happening. Deepfake CEO videos have tricked executives into transferring funds under false pretences. Counterfeit crypto platforms have also stolen sensitive information from users. These scams highlight the risks of AI-powered digital twins in the crypto space.

Blockchain offers solutions to combat these frauds. Decentralised identities (DID) and NFT identity markers can verify interactions. Blockchain’s immutable audit trails and smart contracts can help secure transactions and protect users from digital twin scams.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Trump signals new extension for TikTok divestment deadline

President Donald Trump indicated he would extend the deadline set for the Chinese-owned company ByteDance to sell TikTok’s US operations if negotiations remain unfinished by 19 June.

The popular short-video app, used by around 170 million Americans, played a significant role in Trump’s appeal to younger voters during his 2024 election campaign. Trump described TikTok positively, hinting at protective measures rather than outright prohibition.

Originally mandated by Congress, the TikTok ban was supposed to be enforced starting on 19 January. Trump, however, has twice extended this deadline amid ongoing negotiations.

A potential agreement to spin off TikTok’s US operations into a new, US-majority-owned firm was suspended after China objected, a reaction spurred by Trump’s substantial tariffs on Chinese goods.

Democratic senators have challenged Trump’s authority to postpone the deadline further, arguing that the proposed spin-off arrangement does not satisfy legal conditions outlined in the original legislation.

Insiders indicate negotiations continue behind the scenes, though a resolution remains dependent on settling broader trade conflicts between the US and China.

Trump remains firm about maintaining high tariffs on China, now at 145%, which he insists significantly impacts the Chinese economy.

Yet, he has left the door open to eventually lowering these tariffs within a more comprehensive trade agreement, acknowledging China’s strong desire to resume business with the U.S.

Despite multiple extensions, the fate of TikTok’s US operations remains uncertain, as political and economic factors continue shaping negotiations. Trump’s willingness to extend deadlines reflects broader geopolitical dynamics between Washington and Beijing, linking digital platform regulation closely with international trade policy.

New Zealand central bank warns of AI risks

The Reserve Bank of New Zealand has warned that the swift uptake of AI in the financial sector could pose a threat to financial stability.

A report released on Monday highlighted how errors in AI systems, data privacy breaches and potential market distortions might magnify existing vulnerabilities instead of simply streamlining operations.

The central bank also expressed concern over the increasing dependence on a handful of third-party AI providers, which could lead to market concentration instead of healthy competition.

A reliance like this, it said, could create new avenues for systemic risk and make the financial system more susceptible to cyber-attacks.

Despite the caution, the report acknowledged that AI is bringing tangible advantages, such as greater modelling accuracy, improved risk management and increased productivity. It also noted that AI could help strengthen cyber resilience rather than weaken it.

The analysis was published just ahead of the central bank’s twice-yearly Financial Stability Report, scheduled for release on Wednesday.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US lawmakers push for app store age checks

A new bill introduced by US lawmakers could force app stores like Apple’s App Store and Google Play to verify the age of all users, in a move aimed at increasing online safety for minors.

Known as the App Store Accountability Act, the legislation would require age categorisation and parental consent before minors can download apps or make in-app purchases. If passed, the law would apply to platforms with at least five million users and would come into effect one year after approval.

The bill proposes dividing users into age brackets — from ‘young child’ to ‘adult’ — and holding app stores accountable for enforcing access restrictions.

Lawmakers behind the bill, Republican Senator Mike Lee and Representative John James, argue that Big Tech companies must take responsibility for limiting children’s exposure to harmful content. They believe app stores are the right gatekeepers for verifying age and protecting minors online.

Privacy advocates and tech companies have voiced concern about the bill’s implications. Legal experts warn that verifying users’ ages may require sensitive personal data, such as ID documents or facial recognition scans, raising the risk of data misuse.

Apple said such verification would apply to all users, not just children, and criticised the idea as counterproductive to privacy.

The proposal has widened a rift between app store operators and social media platforms. While Meta, X, and Snap back centralised age checks at the app store level, Apple and Google accuse them of shifting the burden of responsibility.

Both tech giants emphasise the importance of shared responsibility and continue to engage with lawmakers on crafting practical and privacy-conscious solutions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.