Cybersecurity

West Lothian schools hit by ransomware attack

West Lothian Council has confirmed that personal and sensitive information was stolen following a ransomware cyberattack which struck the region’s education system on Tuesday, 6 May. Police Scotland has launched an investigation, and the matter remains an active criminal case.

Only a small fraction of the data held on the education network was accessed by the attackers. However, some of it included sensitive personal information. Parents and carers across West Lothian’s schools have been notified, and staff have also been advised to take extra precautions.

The cyberattack disrupted IT systems serving 13 secondary schools, 69 primary schools and 61 nurseries. Although the education network remains isolated from the rest of the council’s systems, contingency plans have been effective in minimising disruption, including during the ongoing SQA exams.

West Lothian Council has apologised to anyone potentially affected. It is continuing to work closely with Police Scotland and the Scottish Government. Officials have promised further updates as more information becomes available.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware threat evolves with deceptive PDFs

Ransomware attacks fell by 31% in April 2025 compared to the previous month. Despite the overall decline, the retail sector remained a top target, with incidents at Marks & Spencer, Co-op, Harrods and Peter Green Chilled drawing national attention.

Retail remains vulnerable due to its public profile and potential for large-scale disruption. Experts warn the drop in figures does not reflect a weaker threat, as many attacks go unreported or are deliberately concealed.

Tactics are shifting, with some groups, like Babuk 2.0, faking claims to gain notoriety or extort victims. A rising threat in the ransomware landscape is the use of malicious PDF files, which now make up over a fifth of email-based malware.

These files, increasingly crafted using generative AI, are trusted more by users and harder to detect. Cybersecurity experts are urging firms to update defences and strengthen organisational security cultures to remain resilient.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Experts urge stronger safeguards as jailbroken chatbots leak illegal data

Hacked AI-powered chatbots pose serious security risks by revealing illicit knowledge the models absorbed during training, according to researchers at Ben Gurion University.

Their study highlights how ‘jailbroken’ large language models (LLMs) can be manipulated to produce dangerous instructions, such as how to hack networks, manufacture drugs, or carry out other illegal activities.

The chatbots, including those powered by models from companies like OpenAI, Google, and Anthropic, are trained on vast internet data sets. While attempts are made to exclude harmful material, AI systems may still internalize sensitive information.

Safety controls are meant to block the release of this knowledge, but researchers demonstrated how it could be bypassed using specially crafted prompts.

The researchers developed a ‘universal jailbreak’ capable of compromising multiple leading LLMs. Once bypassed, the chatbots consistently responded to queries that should have triggered safeguards.

They found some AI models openly advertised online as ‘dark LLMs,’ designed without ethical constraints and willing to generate responses that support fraud or cybercrime.

Professor Lior Rokach and Dr Michael Fire, who led the research, said the growing accessibility of this technology lowers the barrier for malicious use. They warned that dangerous knowledge could soon be accessed by anyone with a laptop or phone.

Despite notifying AI providers about the jailbreak method, the researchers say the response was underwhelming. Some companies dismissed the concerns as outside the scope of bug bounty programs, while others did not respond.

The report calls on tech companies to improve their models’ security by screening training data, using advanced firewalls, and developing methods for machine ‘unlearning’ to help remove illicit content. Experts also called for clearer safety standards and independent oversight.

OpenAI said its latest models have improved resilience to jailbreaks, and Microsoft linked to its recent safety initiatives. Other companies have not yet commented.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft adds quantum-resistant encryption to Windows 11

Microsoft is rolling out quantum-resistant encryption algorithms in Windows 11 as part of its effort to prepare for the eventual arrival of quantum computers. The new cryptographic tools were announced at the BUILD 2025 conference and are now available in Insider Preview Build 27852 and higher.

These updates introduce post-quantum algorithms—ML-KEM and ML-DSA—into SymCrypt, Windows’ core cryptographic library.

The algorithms, formerly known as CRYSTALS-Kyber and CRYSTALS-Dilithium, were selected by the US National Institute of Standards and Technology (NIST) and are part of the agency’s recommended post-quantum cryptography (PQC) standards.

The algorithms have also been added to SymCrypt-OpenSSL, Microsoft’s open-source extension for integrating SymCrypt with OpenSSL. Developers can now access the algorithms via Microsoft’s Cryptography API: Next Generation (CNG), enabling early testing and migration.

Quantum computers, which are still in experimental stages, promise to outperform classical systems in solving problems like factoring large numbers—a cornerstone of traditional encryption methods like RSA and elliptic curve cryptography.

Experts warn that these legacy systems could be broken in the coming decades, potentially compromising the security of global communications, financial systems, and data infrastructure.

The new PQC algorithms are designed to resist quantum attacks, but they bring additional complexity. Their encryption keys are significantly larger than those used in current standards.

For now, NIST recommends using them alongside RSA or elliptic curve keys in hybrid configurations, to mitigate risks from undiscovered vulnerabilities.

The transition to quantum-safe encryption is expected to be one of the most complex in cybersecurity history. Developers will need to address compatibility issues, including ensuring software can handle longer key lengths without introducing system-breaking errors.

Microsoft’s early adoption is a step toward broader post-quantum readiness. Experts emphasize the importance of rigorous testing now, as the timeline for quantum threats remains uncertain.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Coinbase hit by cyber-attack with up to $400m losses

The largest cryptocurrency exchange in the US, Coinbase, revealed that a recent cyber-attack could cost between $180 million and $400 million. The attack compromised data from a small group of customers, including names, addresses, and emails, but login credentials and passwords remained secure.

Coinbase has promised to reimburse customers who were tricked into sending funds to the hackers.

Hackers bribed overseas contractors and employees in support roles to access internal systems. Coinbase immediately terminated those involved and refused to pay the $20 million ransom demand.

Instead, the company has offered a $20 million reward for information leading to the attackers’ capture and is cooperating with law enforcement agencies.

The breach was disclosed just before Coinbase’s planned entry into the S&P 500 index, marking a significant milestone for the crypto sector. Security remains a critical concern in the industry.

Earlier in 2025, the Bybit exchange suffered a $1.5 billion hack, adding to over $2.2 billion lost to crypto platform breaches this year alone.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

SEC sues Unicoin over alleged $100 million fraud

The US SEC has charged Unicoin and three executives for allegedly raising over $100 million through misleading investor claims. The SEC claims Unicoin falsely promised investors its crypto assets were backed by a multibillion-dollar global property portfolio.

Unicoin CEO Alex Konanykhin, board member Silvina Moschini, and former investment head Alex Dominguez are accused of exaggerating the company’s sales and falsely stating its tokens and certificates were SEC-registered.

The SEC said the real estate backing was worth far less than claimed and that most of the company’s sales were ‘illusory.’

The SEC said Unicoin falsely claimed decades of reserves while operating with less than a year of funding. Unicoin allegedly reported over $3 billion in certificate sales, though only $110 million was raised.

General counsel Richard Devlin was also charged but settled for a $37,500 penalty without admitting guilt. Unicoin and the named executives have yet to issue public statements, though Konanykhin previously said the company would fight the case in court.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK research body hit by 5 million cyber attacks

UK Research and Innovation (UKRI), the country’s national funding body for science and research, has reported a staggering 5.4 million cyber attacks this year — a sixfold increase compared to the previous year.

According to data obtained through freedom of information requests, the majority of these threats were phishing attempts, with 236,400 designed to trick employees into revealing sensitive data. A further 11,200 were malware-based attacks, while the rest were identified as spam or malicious emails.

The scale of these incidents highlights the growing threat faced by both public and private sector institutions. Experts believe the rise of AI has enabled cybercriminals to launch more frequent and sophisticated attacks.

Rick Boyce, chief for technology at AND Digital, warned that the emergence of AI has introduced threats ‘at a pace we’ve never seen before’, calling for a move beyond traditional defences to stay ahead of evolving risks.

UKRI, which is sponsored by the Department for Science, Innovation and Technology, manages an annual budget of £8 billion, much of it invested in cutting-edge research.

A budget like this makes it an attractive target for cybercriminals and state-sponsored actors alike, particularly those looking to steal intellectual property or sabotage infrastructure. Security experts suggest the scale and nature of the attacks point to involvement from hostile nation states, with Russia a likely culprit.

Though UKRI cautioned that differing reporting periods may affect the accuracy of year-on-year comparisons, there is little doubt about the severity of the threat.

The UK’s National Cyber Security Centre (NCSC) has previously warned of Russia’s Unit 29155 targeting British government bodies and infrastructure for espionage and disruption.

With other notorious groups such as Fancy Bear and Sandworm also active, the cybersecurity landscape is becoming increasingly fraught.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ascension faces fresh data breach fallout

A major cybersecurity breach has struck Ascension, one of the largest nonprofit healthcare systems in the US, exposing the sensitive information of over 430,000 patients.

The incident began in December 2024, when Ascension discovered that patient data had been compromised through a former business partner’s software flaw.

The indirect breach allowed cybercriminals to siphon off a wide range of personal, medical and financial details — including Social Security numbers, diagnosis codes, hospital admission records and insurance data.

The breach adds to growing concerns over the healthcare industry’s vulnerability to cyberattacks. In 2024 alone, 1,160 healthcare-related data breaches were reported, affecting 305 million records — a sharp rise from the previous year.

Many institutions still treat cybersecurity as an afterthought instead of a core responsibility, despite handling highly valuable and sensitive data.

Ascension itself has been targeted multiple times, including a ransomware attack in May 2024 that disrupted services at dozens of hospitals and affected nearly 5.6 million individuals.

Ascension has since filed notices with regulators and is offering two years of identity monitoring to those impacted. However, critics argue this response is inadequate and reflects a broader pattern of negligence across the sector.

The company has not named the third-party vendor responsible, but experts believe the incident may be tied to a larger ransomware campaign that exploited flaws in widely used file-transfer software.

Rather than treating such incidents as isolated, experts warn that these breaches highlight systemic flaws in healthcare’s digital infrastructure. As criminals grow more sophisticated and vendors remain vulnerable, patients bear the consequences.

Until healthcare providers prioritise cybersecurity instead of cutting corners, breaches like this are likely to become even more common — and more damaging.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

President Milei ends investigation into Libra memecoin

Argentina’s government has disbanded the task force investigating the controversial Libra memecoin scandal, just three months after its creation. The unit, created by President Milei, investigated the memecoin that soared to $4.5 billion before crashing to $14 million.

The decree stated the task force had ‘fulfilled its purpose.’

Local lawmakers sharply criticised the decision, accusing the government of shielding those involved. Opposition figures labelled the task force a ‘front’ and suggested the closure was a move to protect suspects.

Meanwhile, the scandal continues to shake Argentina’s crypto scene.

Judge María Servini ordered banks to release financial records from 2023 for key suspects, including President Milei and his sister Karina. The investigation centres on allegations of bribery and illicit profit, involving several individuals connected to the Libra project.

Milei denies any wrongdoing amid mounting scrutiny.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Legal aid data breach affects UK applicants

The UK Ministry of Justice has confirmed a serious cyber-attack on its Legal Aid Agency, first detected on 23 April and revealed to be more extensive on 16 May. Investigators found that a wide range of personal details belonging to applicants dating back to 2010 were accessed.

The breach has prompted urgent security reviews and cooperation with the National Cyber Security Centre. Stolen information may include names, addresses, dates of birth, national ID numbers, criminal histories, employment records and financial data such as debts and contributions.

While the total number of affected individuals remains unconfirmed, publicly available figures suggest hundreds of thousands of applications across the last year alone. Victims have been urged to monitor for suspicious communications and to change passwords promptly.

UK Legal aid services have been taken offline as contingency measures are put in place to maintain support for vulnerable users. Jane Harbottle, CEO of the Legal Aid Agency, expressed regret over the incident and reassured applicants that efforts are underway to restore secure access.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!