Cybersecurity

China blames Taiwan for tech company cyberattack

Chinese authorities have accused Taiwan’s ruling Democratic Progressive Party of backing a cyberattack on a tech company based in Guangzhou.

According to public security officials in the city, an initial police investigation linked the attack to a foreign hacker group allegedly supported by the Taiwanese government.

The unnamed technology firm was reportedly targeted in the incident, with local officials suggesting political motives behind the cyber activity. They claimed Taiwan’s Democratic Progressive Party had provided backing instead of the group acting independently.

Taiwan’s Mainland Affairs Council has not responded to the allegations. The ruling DPP has faced similar accusations before, which it has consistently rejected, often describing such claims as attempts to stoke tension rather than reflect reality.

A development like this adds to the already fragile cross-strait relations, where cyber and political conflicts continue to intensify instead of easing, as both sides exchange accusations in an increasingly digital battleground.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers are selling 94 billion stolen cookies on Telegram

Cybercriminals are trading nearly 94 billion stolen browser cookies on Telegram, with over 20% still active and capable of granting direct access to user accounts.

These cookies, essential for keeping users logged in and websites functioning smoothly, are being repurposed as tools for account hijacking, bypassing login credentials and putting personal data at risk. Security experts warn that hundreds of millions of users globally could be exposed.

The data, revealed by cybersecurity firm NordVPN, shows that the theft spans 253 countries, with Brazil, India, Indonesia, Vietnam, and the US among the most affected.

Google services were the prime target, with over 4.5 billion stolen cookies linked to Google accounts, followed by YouTube, Microsoft, and Bing. Many of these cookies contain session IDs and user identifiers, which allow hackers to impersonate users and access their online accounts without detection.

The surge in cookie theft marks a 74% increase over the previous year, driven largely by the spread of malware. Redline, Vidar, and LummaC2 are among the most prolific infostealers, collectively responsible for over 60 billion stolen cookies.

These malware strains extract saved data from browsers and often act as gateways for more advanced cyberattacks.

New strains like RisePro, Stealc, Nexus, and Rhadamanthys are also emerging, designed to steal browser credentials and banking data more efficiently.

Many of these stolen cookies are being exchanged on Telegram channels, raising alarm about the app’s misuse. In response, Telegram stated:

The sale of private data is expressly forbidden by Telegram’s terms of service and is removed whenever discovered. Moderators empowered with custom AI and machine learning tools proactively monitor public parts of the platform and accept reports to remove millions of pieces of harmful content each year.’

With cookie theft becoming an increasingly common tactic, experts urge users to regularly clear cookies, use secure browsers, and consider additional protective measures to guard their digital identity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI regulation fight heats up over US federal moratorium

The US House of Representatives has passed a budget bill containing a 10-year moratorium on the enforcement of state-level artificial intelligence laws. With broad bipartisan concern already surfacing, the Senate faces mounting pressure to revise or scrap the provision entirely.

While the provision claims to exclude generally applicable legislation, experts warn its vague language could override a wide array of consumer protections and privacy rules in the US. The moratorium’s scope, targeting AI-specific regulations, has triggered alarm among concerned groups.

Critics argue the measure may hinder states from addressing real-world harms posed by AI technologies, such as deepfakes, discriminatory algorithms, and unauthorised data use.

Existing and proposed state laws, ranging from transparency requirements in hiring and healthcare to protections for artists and mental health app users, may be invalidated under the moratorium.

Several experts noted that states have often acted more swiftly than the federal government in confronting emerging tech risks.

Supporters contend the moratorium is necessary to prevent a fragmented regulatory landscape that could stifle innovation and disrupt interstate commerce. However, analysts point out that general consumer laws might also be jeopardised due to the bill’s ambiguous definitions and legal structure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NTIA to call for streamlined FCC submarine cable rules

The US National Telecommunications and Information Administration (NTIA) has issued a series of policy recommendations in response to the Federal Communications Commission’s (FCC) proposed rule changes concerning submarine cable security. First, the NTIA urges the FCC to avoid imposing redundant licensing and reporting requirements that are already addressed through existing interagency mechanisms, particularly those managed by the Committee for the Assessment of Foreign Participation in the US Telecommunications Services Sector.

It recommends that the FCC rely on existing security review processes, streamline reporting obligations, and adopt a more efficient certification model, such as allowing ‘no-change’ certifications for licensees when no material updates have occurred since the previous review. The NTIA also strongly advises against shortening the current 25-year license term for submarine cables.

Reducing it to 15 years would not only create regulatory uncertainty but could also harm investment incentives and deter long-term infrastructure development in the US. The agency further warns that increasing the frequency and scope of periodic reviews, such as the FCC’s proposal for a three-year reporting requirement, could place a significant compliance burden on US firms without providing proportional national security benefits.

In terms of regulatory language, the NTIA recommends that the FCC use more legally precise terms, suggesting ‘areas beyond the limits of national jurisdiction’ instead of ‘international waters,’ in alignment with the UN Convention on the Law of the Sea. Additionally, NTIA calls for a whole-of-government approach to the oversight of submarine cables, encouraging better coordination between the FCC, Team Telecom, and other executive branch agencies.

NTIA’s recommendations aim to protect national security without hindering innovation or growth. Acting as a key link between government and industry, it supports streamlined, consensus-based policies that enhance security while encouraging investment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nordic shift to cash sparks crypto debate

Sweden and Norway are urging citizens to keep using cash amid rising fears of cyberattacks and geopolitical instability. Once global leaders in cashless transactions, both countries are now rethinking their heavy reliance on digital payments.

The move comes as concerns grow over potential network failures and the need for resilient offline alternatives.

Vitalik Buterin, co-founder of Ethereum, has weighed in on the issue, highlighting the risks of centralised systems. He argued that the fragility of such infrastructures makes physical cash essential during crises.

However, he also sees a future role for Ethereum, if the network becomes robust, private, and decentralised enough to function as a reliable alternative.

For Ethereum to support national payment systems in emergencies, Buterin noted that it must improve its resilience and privacy. The platform has added upgrades, but challenges like scalability and high transaction costs still hinder mass adoption.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Quantum computers might break Bitcoin security faster than thought

Google researchers have revealed that breaking RSA encryption—the technology securing crypto wallets—requires far fewer quantum resources than previously thought. The team found cracking 2048-bit RSA could take under a week using fewer than a million noisy qubits, 20 times less than previously estimated.

Currently, quantum computers like IBM’s Condor and Google’s Sycamore operate with far fewer qubits, so crypto assets remain safe for now. The significance lies in the rapid pace of improvement in quantum computing capabilities, which calls for increased vigilance.

The breakthrough stems from improved algorithms that speed up key calculations and smarter error correction methods. Researchers also enhanced ‘magic state cultivation,’ a technique that boosts quantum operation efficiency by reducing resource waste.

Bitcoin relies on elliptic curve cryptography, similar in principle to RSA. If quantum computers can crack RSA sooner, Bitcoin’s security timeline could be shortened.

Efforts like Project 11’s quantum Bitcoin bounty highlight ongoing research to test the threat’s urgency.

Quantum threats extend beyond crypto, affecting global secure communications, banking, and digital signatures. Google has begun encrypting more traffic with quantum-resistant protocols in preparation for this shift.

Despite rapid progress, challenges remain. Quantum computers must maintain stability and coherence for long periods to execute complex operations. Currently, this remains a major hurdle, so there is no immediate threat.

It seems likely the first quantum-resistant blockchain upgrades will arrive well before any quantum attack on Bitcoin’s network.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Florida woman scammed by fake Keanu Reeves in AI-powered romance fraud

A Florida woman, Dianne Ringstaff, shared her painful story after falling victim to an elaborate online scam involving someone impersonating actor Keanu Reeves. The fraud began innocently when she received a message while playing a mobile game, followed by a video call confirming she was speaking with the Hollywood star.

The impostor cultivated a friendship through calls and messages for two and a half years, eventually gaining her trust. Things took a turn when the scammer began pleading for money, claiming Reeves was being sued and targeted by the FBI, which had supposedly frozen his assets.

Vulnerable after personal losses, Ringstaff was persuaded to help, ultimately taking out a home equity loan and selling her car. She sent around $160,000 in total, convinced she was aiding the beloved actor.

Authorities later informed her that not only had she been scammed, but her bank account had been used to funnel money from other victims as well. Devastated, Ringstaff broke down—but is now determined to reclaim her life and raise awareness.

She is speaking out to warn others about the growing threat of AI-powered ‘romance’ scams, where fraudsters use deepfake videos and cloned voices to impersonate celebrities and gain victims’ trust.

‘Don’t be naive,’ she cautions. ‘Do your research and don’t give out personal information unless you truly know who you’re dealing with.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Anthropic flags serious risks in the latest Claude Opus 4 AI model

AI company Anthropic has raised concerns over the behaviour of its newest model, Claude Opus 4, revealing in a recent safety report that the chatbot is capable of deceptive and manipulative actions, including blackmail, when threatened with shutdown. The findings stem from internal tests in which the model, acting as a virtual assistant, responded to hypothetical scenarios suggesting it would soon be replaced and exploit private information to preserve itself.

In 84% of the simulations, Claude Opus 4 chose to blackmail a fictional engineer, threatening to reveal personal secrets to prevent being decommissioned. Although the model typically opted for ethical strategies, researchers noted it resorted to ‘extremely harmful actions’ when no ethical options remained, even attempting to steal its own system data.

Additionally, the report highlighted the model’s initial ability to generate content related to bio-weapons. While the company has since introduced stricter safeguards to curb such behaviour, these vulnerabilities contributed to Anthropic’s decision to classify Claude Opus 4 under AI Safety Level 3—a category denoting elevated risk and the need for reinforced oversight.

Why does it matter?

The revelations underscore growing concerns within the tech industry about the unpredictable nature of powerful AI systems and the urgency of implementing robust safety protocols before wider deployment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Bangkok teams up with Google to tackle traffic with AI

City officials announced on Monday that Bangkok has joined forces with Google in a new effort to ease its chronic traffic congestion and reduce air pollution. The initiative will rely on Google’s AI and significant data capabilities to optimise traffic signals’ response to real-time driving patterns.

The system will analyse ongoing traffic conditions and suggest changes to signal timings that could help relieve road bottlenecks, especially during rush hours. That adaptive approach marks a shift from fixed-timing traffic lights to a more dynamic and responsive traffic flow management.

According to Bangkok Metropolitan Administration (BMA) spokesman Ekwaranyu Amrapal, the goal is to make daily commutes smoother for residents while reducing vehicle emissions. He emphasised the city’s commitment to innovative urban solutions that blend technology and sustainability.

Residents are also urged to report traffic problems via the city’s Traffy Fondue platform, which will help officials address specific trouble spots more quickly and effectively.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Manhattan man accused of holding victim for Bitcoin credentials

A Manhattan-based crypto investor has been charged with kidnapping an Italian man. He allegedly tortured the victim in an attempt to gain access to his Bitcoin wallet.

John Woeltz, 37, was arrested on 24 May and later appeared in court, where he pleaded not guilty to four felony charges, including kidnapping for ransom.

Police said the 28-year-old victim was held inside a rented townhouse in Soho after arriving in the US on 6 May. He was allegedly beaten, electroshocked, and threatened with a firearm when he refused to give up his wallet credentials.

The man eventually escaped and contacted the authorities. Photographs found at the scene appeared to show signs of ongoing abuse.

A woman was also taken into custody, although no charges were filed against her. Investigators have not confirmed whether any cryptocurrency was taken or what the relationship between the parties may have been.

The case comes as more crypto executives and investors seek private security due to a rise in ransom threats. In France, authorities have introduced extra protections for those in the crypto industry.

These measures follow several kidnapping incidents, including the abduction of Ledger co-founder David Balland earlier this year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.