Cybersecurity

China launches first AI satellites in orbital supercomputer network

China has launched the first 12 satellites in a planned network of 2,800 that will function as an orbiting supercomputer, according to Space News.

Developed by ADA Space in partnership with Zhijiang Laboratory and Neijang High-Tech Zone, the satellites can process their own data instead of relying on Earth-based stations, thanks to onboard AI models.

Each satellite runs an 8-billion parameter AI model capable of 744 tera operations per second, with the group already achieving 5 peta operations per second in total. The long-term goal is a constellation that can reach 1,000 POPS.

The network uses high-speed laser links to communicate and shares 30 terabytes of data between satellites. The current batch also carries scientific tools, such as an X-ray detector for studying gamma-ray bursts, and can generate 3D digital twin data for uses like disaster response or virtual tourism.

The space-based computing approach is designed to overcome Earth-based limitations like bandwidth and ground station availability, which means less than 10% of satellite data typically reaches the surface.

Experts say space supercomputers could reduce energy use by relying on solar power and dissipating heat into space. The EU and the US may follow China’s lead, as interest in orbital data centres grows.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Coinbase hit by multiple data breach lawsuits

Coinbase faces multiple lawsuits after revealing a data breach involving bribed support agents leaking user information. At least six lawsuits were filed between 15 and 16 May, accusing the exchange of poor security and mishandling the breach.

One lawsuit filed in New York claims Coinbase failed to protect sensitive data of millions, including names, addresses, phone numbers, and partial Social Security numbers.

The complaint says the exchange’s response was slow and inadequate, putting users at risk of identity theft and fraud.

Other lawsuits allege Coinbase did not spend enough on security and demand compensation and stronger protections. One case asks the court to order Coinbase to delete sensitive data and hire third-party auditors.

Coinbase declined to comment on the lawsuits but confirmed it refused a $20 million ransom. It plans to reimburse users who lost crypto to phishing scams related to the breach. The company also fired involved customer support agents.

Following the breach announcement, Coinbase shares fell 7% but rebounded quickly, closing higher on 16 May.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Coinbase hit by breach and SEC probe ahead of S&P 500 entry

Cryptocurrency exchange Coinbase has disclosed a potential financial impact of $180 million to $400 million following a cyberattack that compromised customer data, according to a regulatory filing on Thursday.

The company said it received an email from an unidentified threat actor on Sunday, claiming to possess internal documents and account data for a limited number of customers.

Although hackers gained access to personal information such as names, addresses, and email addresses, Coinbase confirmed that no login credentials or passwords were compromised.

Coinbase stated it would reimburse users who were deceived into transferring funds to the attackers. It also revealed that multiple contractors and support staff outside the US had provided information to the hackers. Those involved have been terminated, the company said.

In parallel, the US Securities and Exchange Commission (SEC) is reportedly investigating whether Coinbase previously misrepresented its verified user figures.

Two sources familiar with the matter told Reuters that the SEC inquiry is ongoing, though it does not focus on know-your-customer (KYC) compliance or Bank Secrecy Act obligations. Coinbase has denied any such investigation into its compliance practices.

The SEC declined to comment. Coinbase’s chief legal officer, Paul Grewal, characterised the probe as a continuation of a past investigation into a user metric the company stopped reporting over two years ago. He said Coinbase is cooperating with the SEC but believes the inquiry should be closed.

The news comes ahead of Coinbase’s upcoming addition to the S&P 500 index, potentially overshadowing what had been viewed as a major milestone for the industry. Shares fell 7.2% following the disclosure.

Coinbase has rejected a $20 million ransom demand from the attackers and is cooperating with law enforcement. It has also offered a $20 million reward for information leading to the identification of the hackers.

The firm is opening a new US-based support hub and taking further measures to strengthen its cybersecurity framework.

The cyberattack adds to broader concerns about digital asset platform vulnerabilities. In 2024, hacks have resulted in over $2.2 billion in stolen funds, according to Chainalysis. Bybit alone reported a $1.5 billion theft in February, the largest on record.

Coinbase is also facing a lawsuit filed in the Southern District of New York, alleging the company failed to protect personal data belonging to millions of current and former customers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Deepfake voice scams target US officials in phishing surge

Hackers are using deepfake voice and video technology to impersonate senior US government officials and high-profile tech figures in sophisticated phishing campaigns designed to steal sensitive data, the FBI has warned.

Since April, cybercriminals have been contacting current and former federal and state officials through fake voice messages and text messages claiming to be from trusted sources.

The scammers attempt to establish rapport and then direct victims to malicious websites to extract passwords and other private information.

The FBI cautions that if hackers compromise one official’s account, they may use that access to impersonate them further and target others in their network.

The agency urges individuals to verify identities, avoid unsolicited links, and enable multifactor authentication to protect sensitive accounts.

Separately, Polygon co-founder Sandeep Nailwal reported a deepfake scam in which bad actors impersonated him and colleagues via Zoom, urging crypto users to install malicious scripts. He described the attack as ‘horrifying’ and noted the difficulty of reporting such incidents to platforms like Telegram.

The FBI and cybersecurity experts recommend examining media for visual inconsistencies, avoiding software downloads during unverified calls, and never sharing credentials or wallet access unless certain of the source’s legitimacy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU to propose new rules and app to protect children online

The European Commission is taking significant steps to create a safer online environment for children by introducing draft guidelines under the Digital Services Act. These guidelines aim to ensure that online platforms accessible to minors maintain a high level of privacy, safety, and security.

The draft guidelines propose several key measures to safeguard minors online. These include verifying users’ ages to restrict access where appropriate, improving content recommendation systems to reduce children’s exposure to harmful or inappropriate material, and setting children’s accounts to private by default.

Additionally, the guidelines recommend best practices for child-safe content moderation, as well as providing child-friendly reporting channels and user support. They also offer guidance on how platforms should govern themselves internally to maintain a child-safe environment.

These guidelines will apply to all online platforms that minors can access, except for very small enterprises, and will also cover very large platforms with over 45 million monthly users in the EU. The European Commission has involved a wide range of stakeholders in developing the guidelines, including Better Internet for Kids (BIK+) Youth ambassadors, children, parents, guardians, national authorities, online platform providers, and experts.

The inclusive consultation process helps ensure the guidelines are practical and comprehensive. The guidelines are open for feedback until June 10, 2025, with adoption expected by summer.

Meanwhile, the Commission is creating an open-source age-verification app to confirm users’ age without risking privacy, as a temporary measure before the EU Digital Identity Wallet launches in 2026.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Japan approves preemptive cyberdefence law

Japan’s parliament has passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Instead of reacting only after incidents, this law lets the government take preventive steps to counter threats before they escalate.

Operators of vital infrastructure, such as electricity and railway companies, must now report cyber breaches directly to the government. The shift follows recent cyber incidents targeting banks and an airline, prompting Japan to put a full framework in place by 2027.

Although the law permits monitoring of IP addresses in communications crossing Japanese borders, it explicitly bans surveillance of domestic messages and their contents.

A new independent panel will authorise all monitoring and response actions beforehand, instead of leaving decisions solely to security agencies.

Police will handle initial countermeasures, while the Self-Defense Forces will act only when attacks are highly complex or planned. The law, revised to address opposition concerns, includes safeguards to ensure personal rights are protected and that government surveillance remains accountable.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

du and Microsoft launch $544M AI data centre in UAE

Emirates Integrated Telecommunications Company PJSC (du) has partnered with Microsoft to build a 2 billion dirham (US$544.5 million) hyperscale data centre in the UAE, unveiled during Dubai AI Week.

Microsoft will be the facility’s primary tenant, and the project will be delivered in phases. This marks du’s sixth data centre, reinforcing the UAE’s growing status as a regional AI and data infrastructure hub.

The partnership aligns with the UAE’s National Strategy for AI 2031, which aims to generate US$96 billion in economic value by 2030.

Hyperscale data centres like this one are expected to form the backbone of the country’s AI ecosystem, which is projected to reach a value of US$46.33 billion by the same year.

The GCC data centre market is booming, with expected growth from US$3.48 billion in 2024 to US$9.49 billion by 2030. du’s move comes amid a regional race between cloud giants like Google, AWS, and Oracle, as well as local providers including Khazna, Equinix, and Gulf Data Hub.

Sustainability is also a growing focus, with new builds like Khazna’s Ajman facility incorporating energy-efficient cooling for high-performance AI workloads.

As AI-driven transformation accelerates across logistics, finance, and smart cities, the UAE is using these strategic partnerships and infrastructure investments to move from a resource-based economy to a data-driven one.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI warns against AI-powered text scams

The FBI has issued a fresh warning urging the public not to trust unsolicited texts or voice messages, even if they appear to come from senior officials. A new wave of AI-powered attacks is reportedly so convincing that traditional signs of fraud are almost impossible to spot.

These campaigns involve voice and text messages crafted with AI, mimicking the voices of known individuals and spoofing phone numbers of trusted contacts or organisations. US victims are lured into clicking malicious links, often under the impression that the messages are urgent or official.

The FBI advises users to verify all communications independently, avoid clicking links or downloading attachments from unknown sources, and listen for unnatural speech patterns or visual anomalies in videos and images.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NatWest hit by 100 million cyber attacks every month

NatWest is defending itself against an average of 100 million cyber attacks each month, according to the bank’s head of cybersecurity.

Speaking to Holyrood’s Criminal Justice Committee, Chris Ulliott outlined the ‘staggering’ scale of digital threats targeting the bank’s systems. Around a third of all incoming emails are blocked before reaching staff, as they are suspected to be the start of an attack.

Instead of relying on basic filters, NatWest analyses every email for malicious content and has a cybersecurity team of hundreds, supported by a multi-million-pound budget.

Mr Ulliott also warned of the growing use of AI by cyber criminals to make scams more convincing—such as altering their appearance during video calls to build trust with victims.

Police Scotland reported that cybercrime has more than doubled since 2020, with incidents rising from 7,710 to 18,280 in 2024. Officials highlighted the threat posed by groups like Scattered Spider, believed to consist of young hackers sharing techniques online.

MSP Rona Mackay called the figures ‘absolutely staggering,’ while Ben Macpherson said he had even been impersonated by fraudsters.

Law enforcement agencies, including the FBI, are now working together to tackle online crime. Meanwhile, Age Scotland warned that many older people lack confidence online, making them especially vulnerable to scams that can lead to financial ruin and emotional distress.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Valve denies Steam data breach

Valve has confirmed that a cache of old Steam two-factor authentication codes and phone numbers, recently circulated by a hacker known as ‘Machine1337’, is indeed real, but insists it did not suffer a data breach.

Instead of pointing to its own systems, Valve explained that the leak involves outdated SMS messages, which are typically sent unencrypted and routed through multiple providers. These codes, once valid for only 15 minutes, were not linked to specific Steam accounts, passwords, or payment information.

The leaked data sparked early speculation that third-party messaging provider Twilio was the source of the breach, especially after their name appeared in the dataset. However, both Valve and Twilio denied any direct involvement, with Valve stating it does not even use Twilio’s services.

The true origin of the breach remains uncertain, and Valve acknowledged that tracing it may be difficult, as SMS messages often pass through several intermediaries before reaching users.

While the leaked information may not immediately endanger Steam accounts, Valve advised users to remain cautious. Phone numbers, when combined with other data, could still be used for phishing attacks.

Instead of relying on SMS for security, users are encouraged to activate the Steam Mobile Authenticator, which offers a more secure alternative for account verification.

Despite the uncertainty surrounding the source of the breach, Valve reassured users there’s no need to change passwords or phone numbers. Still, it urged vigilance, recommending that users routinely review their security settings and remain wary of any unsolicited account notifications.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!