Cybersecurity

EU launches global digital strategy

The European Union has launched a sweeping international digital strategy to bolster its global tech leadership and secure a human-centric digital transformation. With the digital and AI revolution reshaping economies and societies worldwide, the EU is positioning itself as a reliable partner in building resilient, open, and secure digital ecosystems.

The strategy prioritises collaboration with international partners to scale digital infrastructure, strengthen cybersecurity, and support emerging technologies like AI, quantum computing, and semiconductors while promoting democratic values and human rights in digital governance. The EU will deepen and expand its global network of Digital Partnerships and Dialogues to remain competitive and secure in a fast-changing geopolitical landscape.

These collaborations focus on research, industrial innovation, regulatory cooperation, and secure supply chains, while engaging countries across Africa, Latin America, Asia, and the EU’s own neighbourhood. The strategy also leverages trade instruments and investment frameworks such as the Global Gateway to support secure 5G and 6G networks, submarine cables, and digital public infrastructure, helping partner countries improve connectivity, resilience, and sustainability.

To enhance global digital governance, the EU is pushing for international standards that uphold privacy, security, and openness, and opposing efforts to fragment the internet. It supports inclusive multilateralism, working through institutions like the UN, G7, and OECD to shape rules for the digital age.

With initiatives ranging from AI safety cooperation and e-signature mutual recognition to safeguarding children online and combating disinformation, the EU aims to set the benchmark for ethical and secure digital transformation. At the heart of this vision is the EU Tech Business Offer—a modular, cross-border platform combining technology, capacity-building, and financing.

Through Team Europe and partnerships with industry, the EU seeks to bridge the digital divide, export trusted digital solutions, and foster an interconnected world aligned with European democratic principles. The strategy underscores that in today’s interconnected world, the EU’s prosperity and security hinge on shaping a digital future that is competitive, inclusive, and values-driven.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S CEO targeted by hackers in abusive ransom email

Marks & Spencer has been directly targeted by a ransomware group calling itself DragonForce, which sent a vulgar and abusive ransom email to CEO Stuart Machin using a compromised employee email address.

The message, laced with offensive language and racist terms, demanded that Machin engage via a darknet portal to negotiate payment. It also claimed that the hackers had encrypted the company’s servers and stolen customer data, a claim M&S eventually acknowledged weeks later.

The email, dated 23 April, appears to have been sent from the account of an Indian IT worker employed by Tata Consultancy Services (TCS), a long-standing M&S tech partner.

TCS has denied involvement and stated that its systems were not the source of the breach. M&S has remained silent publicly, neither confirming the full scope of the attack nor disclosing whether a ransom was paid.

The cyber attack has caused major disruption, costing M&S an estimated £300 million and halting online orders for over six weeks.

DragonForce has also claimed responsibility for a simultaneous attack on the Co-op, which left some shelves empty for days. While nothing has yet appeared on DragonForce’s leak site, the group claims it will publish stolen information soon.

Investigators believe DragonForce operates as a ransomware-as-a-service collective, offering tools and platforms to cybercriminals in exchange for a 20% share of any ransom.

Some experts suspect the real perpetrators may be young hackers from the West, linked to a loosely organised online community called Scattered Spider. The UK’s National Crime Agency has confirmed it is focusing on the group as part of its inquiry into the recent retail hacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Apple sues European Commission over DMA interoperability ruling

Apple is mounting a legal challenge against the European Commission after being ordered to open up its tightly controlled ecosystem to rival companies under the Digital Markets Act (DMA).

The tech giant filed its appeal with the EU’s General Court, claiming the decision would undermine user privacy and harm innovation.

The dispute centres on a March ruling by the Commission following months of dialogue, which concluded that Apple must guarantee interoperability—a requirement that would allow third-party developers to connect non-Apple products, such as smartwatches and headphones, to iPhones and iPads.

Apple has pushed back strongly, arguing that the mandate is ‘unreasonable, costly and stifles innovation.’ A company spokesperson said the move would benefit what Apple describes as ‘data-hungry companies’ like Meta and Samsung, who could gain access to users’ most sensitive data through third-party connections.

Since December 2024, the European Commission has been pressing Apple to make its ecosystem more open to promote competition across the digital sector. However, Apple maintains that complying with the order would compromise the company’s privacy-first approach and violate its data protection standards.

The Commission, meanwhile, insists the measures are proportionate and fully aligned with the EU’s stringent privacy and security framework. It argues that the order would not strip Apple of control over its devices, but rather enable fairer access for other tech players while keeping user protections intact.

The case is set to become a major test of how far the EU can push tech giants to comply with the Digital Markets Act, which was designed to curb the dominance of so-called ‘gatekeepers’ in digital markets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google warns users to switch to passkeys after new phishing attacks

Google is once again urging users to upgrade their account security by moving away from password-only access, as cyber scams grow increasingly sophisticated.

The warning follows an attempted phishing attack on Instagram boss Adam Mosseri, who revealed he had been targeted by a convincing scam involving a fake Google phone call and a seemingly legitimate email prompting him to change his password.

Though Google quickly traced and suspended the accounts involved, the incident highlights the evolving nature of online threats. The company has reiterated that it never contacts users by phone or email about password changes or account issues. Any such message should be considered a scam.

In response, Google is encouraging users to adopt stronger security methods, such as Passkeys—a login system that replaces passwords with biometric authentication via a trusted device like a smartphone. This can include fingerprint recognition, facial scan, or the phone’s screen lock.

The tech giant also recommends using two-factor authentication (2FA), but advises against relying on SMS codes or email-based verification, which can be intercepted. Instead, users should opt for an authentication app or use Passkeys for greater protection.

With scams becoming more difficult to detect, Google’s message is clear: take proactive steps to secure your account. Users who receive suspicious communication claiming to be from Google are advised to avoid engaging and verify concerns through Google’s official support channels.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI and India plan AI infrastructure push

OpenAI is in discussions with the Indian government to collaborate on data centre infrastructure as part of its new global initiative, ‘OpenAI for Countries’.

The programme aims to help partner nations expand AI capabilities through joint investment and strategic coordination with the US. India could become one of the ten initial countries in the effort, although specific terms remain under wraps.

During a visit to Delhi, OpenAI’s chief strategy officer Jason Kwon emphasised India’s potential, citing the government’s clear focus on infrastructure and AI talent.

Similar to the UAE’s recently announced Stargate project in Abu Dhabi, India may host large-scale AI computing infrastructure while also investing in the US under the same framework.

To nurture AI skills, OpenAI and the Ministry of Electronics and IT’s IndiaAI Mission launched the ‘OpenAI Academy’. It marks OpenAI’s first international rollout of its educational platform.

The partnership will provide free access to AI tools, developer training, and events, with content in English, Hindi, and four additional regional languages. It will also support government officials and startups through dedicated learning platforms.

The collaboration includes hackathons, workshops in six cities, and up to $100,000 in API credits for selected IndiaAI fellows and startups. The aim is to accelerate innovation and help Indian developers and researchers scale AI solutions more efficiently, according to IT Minister Ashwini Vaishnaw.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Gmail accounts at risk as attacks rise

Google has urged Gmail users to upgrade their account security after revealing that over 60% have been targeted by cyberattacks. Despite the increasing threat, most people still rely on outdated protections like passwords and SMS-based two-factor authentication.

Google is now pushing users to adopt passkeys and social sign-ins to improve their defences. Passkeys offer phishing-resistant access and use biometric methods such as fingerprint or facial recognition tied to a user’s device, removing the need for traditional passwords.

While digitally savvy Gen Z users are more likely to adopt these new methods, but many still reuse passwords, leaving their accounts exposed to breaches and scams. Google emphasised that passwords are both insecure and inconvenient and called on users to switch to tools that offer stronger protection.

Microsoft, meanwhile, has gone even further by encouraging users to eliminate passwords entirely. Google’s long-term goal is to simplify sign-ins while increasing security across its platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Europe gets new cybersecurity support from Microsoft

Microsoft has launched a free cybersecurity initiative for European governments aimed at countering increasingly sophisticated cyber threats powered by AI. Company President Brad Smith said Europe would benefit from tools already developed and deployed in the US.

The programme is designed to identify and disrupt AI-driven threats, including deepfakes and disinformation campaigns, which have previously been used to target elections and undermine public trust.

Smith acknowledged that AI is a double-edged sword, with malicious actors exploiting it for attacks, while defenders increasingly use it to stay ahead. Microsoft continues to monitor how its AI products are used, blocking known cybercriminals and working to ensure AI serves as a stronger shield than weapon.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK NCSC releases principles for strengthening organisational cybersecurity culture

The UK’s National Cyber Security Centre (NCSC) has published a framework of six principles aimed at supporting organisations in developing a strong internal cybersecurity culture. The principles are based on research conducted with government and industry stakeholders and are intended to guide organisations in embedding cyber-resilient behaviours among their personnel.

The principles are outlined as follows:

  1. Frame cyber security as an enabler that supports the organisation’s core objectives.
  2. Encourage openness by building trust, safety, and processes that support transparency around security issues.
  3. Adapt to change to address new threats and take advantage of opportunities to improve resilience.
  4. Acknowledge the role of social norms in shaping secure behaviours within the organisation.
  5. Recognise leadership responsibility in influencing cyber security culture.
  6. Maintain accessible and clear security rules and guidance to support user understanding and compliance.

Each principle is accompanied by practical examples illustrating effective and ineffective application.

Ice, Nature, Outdoors, Iceberg, Dynamite, Weapon
UK NCSC releases principles for strengthening organisational cybersecurity culture 10

The NCSC notes that building a cybersecurity culture requires ongoing and coordinated efforts across multiple organisational roles, including cybersecurity professionals, cultural specialists, and leadership. The centre highlights that the ability of staff to support security objectives is influenced by the overall organisational environment and approach to cyber risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

WhatsApp to add usernames for better privacy

WhatsApp is preparing to introduce usernames, allowing users to hide their phone numbers and opt for a unique ID instead. Meta’s push reflects growing demand for more secure and anonymous communication online.

Currently in development and not yet available for testing, the new feature will let users create usernames with letters, numbers, periods, and underscores, while blocking misleading formats like web addresses.

The move aims to improve privacy by letting users connect without revealing personal contact details. A system message will alert contacts whenever a username is updated, adding transparency to the process.

Although still in beta, the feature is expected to roll out soon, bringing WhatsApp in line with other major messaging platforms that already support username-based identities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China accuses Taiwan of cyber attacks and offers a bounty

Authorities in Guangzhou have placed a secret bounty on more than 20 individuals suspected of launching cyber attacks on Chinese targets, according to state news agency Xinhua.

One named suspect, Ning Enwei, is reportedly linked to Taiwan’s government. While the size of the reward remains undisclosed, officials claim the accused hackers targeted sectors including defence, aerospace, energy, and science—alongside agencies in Hong Kong and Macau.

Xinhua stated that Taiwan’s ‘information, communication and digital army’ has coordinated with US forces to carry out cyber and cognitive warfare against China.

These accusations form part of a broader Chinese narrative suggesting Taiwan is seeking independence through foreign alliances, particularly with US intelligence agencies. State media also claimed the US has trained Taiwanese personnel and helped orchestrate cyber attacks on the mainland.

In response, a senior Taiwanese security official, speaking anonymously, dismissed the claims as fabricated. The official argued that Beijing is attempting to deflect criticism following allegations of Chinese cyber activities in Europe, especially in the Czech Republic.

‘It is typical of the Chinese Communist Party’s efforts to change the narrative,’ the official said, branding Beijing an international cyber threat instead of a victim.

Taiwan’s government has yet to issue an official statement.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!