Cybersecurity

Certified randomness achieved with quantum tech

Quantum researchers from JPMorgan Chase, Quantinuum and others have achieved a major milestone in cybersecurity by generating certified random numbers using a quantum computer.

The team’s work, recently published in Nature, showcases how quantum systems can create randomness that is mathematically proven to be unpredictable—an essential leap forward in securing systems like online banking and digital voting.

Traditional computers rely on pseudo-random algorithms to mimic randomness, which are ultimately deterministic and vulnerable if the algorithm or seed is uncovered.

By contrast, the team used Quantinuum’s 56-qubit trapped-ion quantum processor to produce over 70,000 certified random bits. The process is so complex that replicating it with current supercomputers would be practically impossible.

The results were independently verified, confirming that no algorithm was involved in generating the sequence.

The breakthrough goes beyond theoretical exercises often associated with quantum computing and demonstrates practical, real-world impact in cryptography, where random numbers must be truly unguessable to keep digital systems secure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SEC targets crypto executive in $198 million Ponzi case

Ramil Palafox, CEO of PGI Global, has been charged by the US Securities and Exchange Commission. He is accused of orchestrating a $198 million crypto-based Ponzi scheme.

According to the SEC, Palafox marketed unregistered ‘membership packages’ between 2020 and 2021. He promised returns of up to 200% through a fake AI-driven trading platform.

Investor funds were reportedly diverted to finance an extravagant lifestyle, including a $1.7 million Las Vegas home, luxury cars, and high-end jewellery.

SEC alleges PGI Global manipulated user dashboards and faked trading activity to deceive investors. The company, also known as PGI Global UK Ltd, was shut down by the UK High Court in 2022.

The case marks the first crypto enforcement action under new SEC Chair Paul Atkins. Prosecutors filed a related criminal case and seek a permanent ban on Palafox’s crypto involvement. Several family members are named to receive assets linked to the scheme.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Russian hackers target NGOs with fake video calls

Hackers linked to Russia are refining their techniques to infiltrate Microsoft 365 accounts, according to cybersecurity firm Volexity.

Their latest strategy targets non-governmental organisations (NGOs) associated with Ukraine by exploiting OAuth, a protocol used for app authorisation without passwords.

Victims are lured into fake video calls through apps like Signal or WhatsApp and tricked into handing over OAuth codes, which attackers then use to access Microsoft 365 environments.

The campaign, first detected in March, involved messages claiming to come from European security officials proposing meetings with political representatives. Instead of legitimate video links, these messages directed recipients to OAuth code generators.

Once a code was shared, attackers could gain entry into accounts containing sensitive data. Staff at human rights organisations were especially targeted due to their work on Ukraine-related issues.

Volexity attributed the scheme to two threat actors, UTA0352 and UTA0355, though it did not directly connect them to any known Russian advanced persistent threat groups.

A previous attack from the same actors used Microsoft Device Code Authentication, usually reserved for connecting smart devices, instead of traditional login methods. Both campaigns show a growing sophistication in social engineering tactics.

Given the widespread use of Microsoft 365 tools like Outlook and Teams, experts urge organisations to heighten awareness among staff.

Rather than trusting unsolicited messages on encrypted apps, users should remain cautious when prompted to click links or enter authentication codes, as these could be cleverly disguised attempts to breach secure systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom probes cyberattack after weekend breach

SK Telecom, South Korea’s largest mobile operator, has confirmed that hackers breached its internal systems, possibly exposing sensitive data linked to USIM cards.

The company discovered the intrusion late Saturday night and responded swiftly by removing malware and isolating affected equipment.

Investigations are underway, with the Korea Internet & Security Agency and the Ministry of Science and ICT examining the breach’s scope and root cause.

Officials have asked SK Telecom to preserve evidence and cooperate with technical experts sent to the site.

In response, SK Telecom is boosting defences against USIM-related fraud and offering a free protection service to concerned users.

Legal consequences could follow if the breach is found to have violated data protection laws, with potential fines reaching up to 3 percent of related revenue or 50 million won.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Scammers target Zhao with fake Grok tokens amid rising Musk-related fraud

Changpeng Zhao, former Binance CEO, was hit with 90 million fake Grok tokens. Scammers are ramping up their efforts to target crypto investors with Elon Musk-related fraud.

According to blockchain security firm PeckShield, the tokens are likely part of a phishing attack. These tokens are unrelated to Musk’s official AI chatbot, Grok, which has not issued any cryptocurrency.

Scammers have long exploited high-profile figures like Musk to gain trust from victims. Fake Grok-related tokens first appeared in 2023, leading to significant losses after scammers sold a portion of the supply.

Recent Elon Musk scams have resurfaced, featuring fake giveaways and memecoins on the BNB Smart Chain.

The rise in scams reflects a growing trend of phishing attacks, such as address poisoning, which trick victims into sending assets to fraudulent wallets.

In 2024, phishing incidents cost the crypto industry over $1 billion, highlighting the need for increased vigilance and security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Adyen services disrupted by cyber blitz

Adyen fell victim to three coordinated DDoS attacks on Monday evening, severely disrupting debit card and online payments.

The first surge of malicious traffic struck at around 7 pm, with follow‑up waves at 8:35 pm and 11:35 pm, overloading Adyen’s servers and hindering transactions.

Customers reported failures at checkouts in shops, restaurants and on e‑commerce sites until Adyen announced at 3:40 am that all its services were back online.

The firm attributed the interruptions to ‘limited availability’ caused by the data floods and reassured merchants that normal operations had resumed.

Handling nearly €1.3 trillion in payments last year, Adyen serves high‑profile clients such as Meta, Uber, eBay, HelloFresh and Spotify.

While the precise economic impact of the outages remains unclear, the episode highlights the vulnerability of global payment networks to cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google spoofed in sophisticated phishing attack

A sophisticated phishing attack recently targeted Google users, exploiting a well-known email authentication method to bypass security measures.

The attackers sent emails appearing to be from Google’s legitimate address, no-reply@accounts.google.com, and claimed the recipient needed to comply with a subpoena.

The emails contained a link to a Google Sites page, prompting users to log in and revealing a fake legal support page.

What made this phishing attempt particularly dangerous was that it successfully passed both DMARC and DKIM email authentication checks, making it appear entirely genuine to recipients.

In another cyber-related development, Microsoft issued a warning regarding the use of Node.js in distributing malware. Attackers have been using the JavaScript runtime environment to deploy malware through scripts and executables, particularly targeting cryptocurrency traders via malvertising campaigns.

The new technique involves executing JavaScript directly from the command line, making it harder to detect by traditional security tools.

Meanwhile, the US has witnessed a significant change in its disinformation-fighting efforts.

The State Department has closed its Counter Foreign Information Manipulation and Interference group, previously known as the Global Engagement Center, after accusations that it was overreaching in its censorship activities.

The closure, led by Secretary of State Marco Rubio, has sparked criticism, with some seeing it as a victory for foreign powers like Russia and China.

Finally, gig workers face new challenges as the Tech Transparency Project revealed that Facebook groups are being used to trade fake gig worker accounts for platforms like Uber and Lyft.

Sellers offer access to verified accounts, bypassing safety checks, and putting passengers and customers at risk. Despite reports to Meta, many of these groups remain active, with the social media giant’s automated systems failing to curb the activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

D3FEND 1.0 brings structured security graphs

MITRE has unveiled its new Cyber Attack–Defense (CAD) tool as part of the D3FEND 1.0 release, offering security teams a structured way to model and counter cyber threats.

The browser‑based interface lets users build ‘D3FEND Graphs’—knowledge graphs grounded in a rich cybersecurity ontology—instead of relying on ad hoc PowerPoint diagrams.

Graph components include Attack nodes (tied to MITRE ATT&CK techniques), Countermeasure nodes (D3FEND defensive measures) and Digital Artifact nodes (elements from the D3FEND artifact ontology).

A drag‑and‑drop canvas enables rapid scene‑setting, while an ‘explode’ feature reveals related attack paths, defences or artefacts drawn from the ontology’s knowledge base.

Organisations can apply the CAD tool across threat intelligence, security engineering, detection scenario planning, incident investigation and risk assessments.

Exports in JSON, TTL or PNG support collaboration, and STIX 2.1 import ensures seamless threat data integration. Users may also extend the underlying ontology to capture emerging techniques.

Built in partnership with the NSA and various defence departments, D3FEND 1.0 and its CAD tool establish a common vocabulary and conceptual framework for cybersecurity operations.

As threats grow ever more complex, a methodical, semantically rigorous approach to modelling defences is set to become indispensable.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TSMC profits surge despite trade concerns

Taiwan Semiconductor Manufacturing Company (TSMC) posted a significant jump in quarterly profits, driven by robust demand for AI chips. Net income rose by just over 60% year-on-year to NT$360.7bn (£9.77bn), outpacing analysts’ expectations.

Revenue also grew by 41.6% compared to the same period in 2024, although it dipped slightly from the previous quarter due to weaker smartphone sales.

The world’s largest contract chipmaker has not yet seen any major changes in customer behaviour, including from Apple and Nvidia, despite increasing uncertainty over potential US tariffs on Taiwanese semiconductors.

While concerns about trade tensions grow, particularly with former President Donald Trump suggesting the US should reclaim chip production, TSMC says it is continuing with business as usual for now.

Instead of scaling back, TSMC is expanding its investment in the US, with plans to spend up to $160bn. Analysts believe this move could help the firm argue for a more favourable position should tariff negotiations intensify.

The company’s Chief Financial Officer, Wendell Huang, acknowledged the risks posed by changing trade policies but said revenue growth is still expected in the next quarter.

Despite global pressures, TSMC remains optimistic, forecasting revenue between $28.4bn and $29.2bn. Although the company’s shares have fallen more than 20% so far this year, some analysts say the stock is now undervalued and well-positioned to rebound once market conditions stabilise.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake banking apps leave sellers thousands out of pocket

Scammers are using fake mobile banking apps to trick people into handing over valuable items without receiving any payment.

These apps, which convincingly mimic legitimate platforms, display false ‘successful payment’ screens in person, allowing fraudsters to walk away with goods while the money never arrives.

Victims like Anthony Rudd and John Reddock have lost thousands after being targeted while selling items through social media marketplaces. Mr Rudd handed over £1,000 worth of tools from his Salisbury workshop, only to realise the payment notification was fake.

Mr Reddock, from the UK, lost a £2,000 gold bracelet he had hoped to sell to fund a holiday for his children.

BBC West Investigations found that some of these fake apps, previously removed from the Google Play store, are now being downloaded directly from the internet onto Android phones.

The Chartered Trading Standards Institute described this scam as an emerging threat, warning that in-person fraud is growing more complex instead of fading away.

With police often unable to track down suspects, small business owners like Sebastian Liberek have been left feeling helpless after being targeted repeatedly.

He has lost hundreds of pounds to fake transfers and believes scammers will continue striking, while enforcement remains limited and platforms fail to do enough to stop the spread of fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.