Cybersecurity

TSMC profits surge despite trade concerns

Taiwan Semiconductor Manufacturing Company (TSMC) posted a significant jump in quarterly profits, driven by robust demand for AI chips. Net income rose by just over 60% year-on-year to NT$360.7bn (£9.77bn), outpacing analysts’ expectations.

Revenue also grew by 41.6% compared to the same period in 2024, although it dipped slightly from the previous quarter due to weaker smartphone sales.

The world’s largest contract chipmaker has not yet seen any major changes in customer behaviour, including from Apple and Nvidia, despite increasing uncertainty over potential US tariffs on Taiwanese semiconductors.

While concerns about trade tensions grow, particularly with former President Donald Trump suggesting the US should reclaim chip production, TSMC says it is continuing with business as usual for now.

Instead of scaling back, TSMC is expanding its investment in the US, with plans to spend up to $160bn. Analysts believe this move could help the firm argue for a more favourable position should tariff negotiations intensify.

The company’s Chief Financial Officer, Wendell Huang, acknowledged the risks posed by changing trade policies but said revenue growth is still expected in the next quarter.

Despite global pressures, TSMC remains optimistic, forecasting revenue between $28.4bn and $29.2bn. Although the company’s shares have fallen more than 20% so far this year, some analysts say the stock is now undervalued and well-positioned to rebound once market conditions stabilise.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake banking apps leave sellers thousands out of pocket

Scammers are using fake mobile banking apps to trick people into handing over valuable items without receiving any payment.

These apps, which convincingly mimic legitimate platforms, display false ‘successful payment’ screens in person, allowing fraudsters to walk away with goods while the money never arrives.

Victims like Anthony Rudd and John Reddock have lost thousands after being targeted while selling items through social media marketplaces. Mr Rudd handed over £1,000 worth of tools from his Salisbury workshop, only to realise the payment notification was fake.

Mr Reddock, from the UK, lost a £2,000 gold bracelet he had hoped to sell to fund a holiday for his children.

BBC West Investigations found that some of these fake apps, previously removed from the Google Play store, are now being downloaded directly from the internet onto Android phones.

The Chartered Trading Standards Institute described this scam as an emerging threat, warning that in-person fraud is growing more complex instead of fading away.

With police often unable to track down suspects, small business owners like Sebastian Liberek have been left feeling helpless after being targeted repeatedly.

He has lost hundreds of pounds to fake transfers and believes scammers will continue striking, while enforcement remains limited and platforms fail to do enough to stop the spread of fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Spotify fixes widespread app issues

Spotify has resolved a global outage that left tens of thousands of users unable to stream music, with the company confirming the app is now ‘back up and functioning normally.’

The disruption, which began on Wednesday, affected search functions and artist pages, though downloaded music remained accessible during the issue.

The platform denied online rumours of a security breach, stating reports of a hack were ‘completely inaccurate.’

Users experienced timeout messages and errors when attempting to search for music, prompting frustration on social media, where many expressed disappointment and called for swift resolution.

With over 675 million users worldwide, Spotify’s brief downtime sparked threats from some users to switch to rival services such as Apple Music and YouTube.

The company responded on social media during the outage, acknowledging the problem and assuring users it was being investigated.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CISA extends MITRE’s CVE program for 11 months

The US Cybersecurity and Infrastructure Security Agency (CISA) has extended its contract with the MITRE Corporation to continue operating the Common Vulnerabilities and Exposures (CVE) program for an additional 11 months. The decision was made one day before the existing contract was set to expire.

A CISA spokesperson confirmed that the agency exercised the option period in its $57.8 million contract with MITRE to prevent a lapse in CVE services. The contract, which originally concluded on April 17, includes provisions for optional extensions through March 2026.

‘The CVE Program is invaluable to the cyber community and a priority of CISA,’ the spokesperson stated, expressing appreciation for stakeholder support.

Yosry Barsoum, vice president of MITRE and director of its Center for Securing the Homeland, said that CISA identified incremental funding to maintain operations.

He noted that MITRE remains committed to supporting both the CVE and CWE (Common Weakness Enumeration) programs, and acknowledged the widespread support from government, industry, and the broader cybersecurity community.

The extension follows public concern raised earlier this week after Barsoum issued a letter indicating that program funding was at risk of expiring without renewal.

MITRE officials noted that, in the event of a contract lapse, the CVE program website would eventually go offline and no new CVEs would be published. Historical data would remain accessible via GitHub.

Launched in 1999, the CVE program serves as a central catalogue for publicly disclosed cybersecurity vulnerabilities. It is widely used by governments, private sector organisations, and critical infrastructure operators for vulnerability identification and coordination.

Amid recent uncertainty about the program’s future, a group of CVE Board members announced the formation of a new non-profit organisation — the CVE Foundation — aimed at supporting the long-term sustainability and governance of the initiative.

In a public statement, the group noted that while US government sponsorship had enabled the program’s growth, it also introduced concerns around reliance on a single national sponsor for what is considered a global public good.

The CVE Foundation is intended to provide a neutral, independent structure to ensure continuity and community oversight.

The foundation aims to enhance global governance, eliminate single points of failure in vulnerability management, and reinforce the CVE program’s role as a trusted and collaborative resource. Further information about the foundation’s structure and plans is expected to be released in the coming days.

CISA did not comment on the creation of the CVE Foundation. A MITRE spokesperson indicated the organisation intends to work with federal agencies, the CVE Board, and the cybersecurity community on options for ongoing support.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Report highlights growing cyber risks to aviation

A recent report by the Foundation for Defense of Democracies notes that while both government agencies and private sector actors have taken steps to strengthen cybersecurity in aviation, the increasing demands on outdated systems are outpacing current mitigation efforts.

Commercial aviation is operating at near full capacity, placing strain on legacy technologies and logistical frameworks.

According to Jiwon Ma, senior policy analyst at the Foundation for Defense of Democracies’ Center on Cyber and Policy Innovation, these pressures can result in major disruptions even in the absence of cyberattacks.

Ma referenced past incidents such as the 2022 Southwest Airlines operational failure and the widespread IT outage linked to CrowdStrike in 2024.

As part of the Biden administration’s national cybersecurity strategy, the Transportation Security Administration (TSA) implemented new aviation security measures in 2023.

The Federal Aviation Administration (FAA) declined to detail its specific cybersecurity practices, but a spokesperson stated that the agency employs a comprehensive approach to protect the National Airspace System in coordination with federal and private partners.

The report emerges amid a series of cybersecurity incidents affecting aviation and related infrastructure. In July 2024, Delta Air Lines cancelled thousands of flights due to a software update failure attributed to CrowdStrike, resulting in a $500 million lawsuit against the company.

In August 2024, Seattle-Tacoma International Airport experienced disruptions linked to a Rhysida ransomware attack, which affected key services and prompted the Port of Seattle to issue data breach notifications to approximately 90,000 individuals.

Boeing has also been targeted in recent years, including a 2023 ransomware attack by LockBit that resulted in data leaks, and a 2022 cyber incident affecting its Jeppesen subsidiary, which provides flight navigation and planning tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Sweden unable to determine cause of Baltic Sea cable damage

The Swedish Accident Investigation Authority (SHK) has published its final report on the damage to the C-Lion 1 subsea cable in the Baltic Sea on 18 November 2024, concluding that it cannot determine whether the incident was the result of an accident or intentional sabotage.

The investigation focused on the Chinese bulk carrier Yi Peng 3, which was initially identified as having caused the damage.

While investigators from several neighbouring countries, including Sweden, were allowed to board the vessel, the SHK reported that the visit was time-constrained and that access to key evidence—such as surveillance footage and the vessel’s Voyage Data Recorder—was not granted.

Interviews with the crew were conducted in the presence of Chinese officials.

The SHK outlined two possible scenarios: one in which the anchor was deliberately released to damage seabed infrastructure, and another in which it detached due to improper security.

The report noted that certain technical details—such as the absence of damage to key anchor components—make the accidental scenario less likely, but acknowledged that neither hypothesis could be confirmed due to investigative limitations.

Under international maritime law, flag states typically lead investigations in international waters, though exceptions may apply in cases involving suspected criminal activity.

While some analysts have raised concerns about potential state-sponsored sabotage, officials from several European countries have indicated increasing confidence that the recent cable breaks were not the result of coordinated or intentional activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AMD warns of financial hit from US AI chip export ban

AMD has warned that new US government restrictions on exporting AI chips to China and several other countries could materially affect its earnings.

The company said it may face charges of up to $800 million related to unsold inventory, purchase commitments, and reserves if it fails to secure export licences for its MI308 GPUs, now subject to strict control measures.

In a filing to the US Securities and Exchange Commission, AMD confirmed it would seek the necessary licences but admitted there is no guarantee they will be granted.

The move follows broader export restrictions aimed at protecting national security interests, with US officials arguing that unrestricted access to advanced chips would weaken the country’s strategic lead in AI, instead of preserving it.

AMD’s stock dropped around 6% following the announcement. Competitors are also feeling the impact. Nvidia expects charges of $5.5 billion from similar restrictions, and Intel’s Gaudi hardware line has reportedly been affected as well.

The US Commerce Department has defended the move as necessary to safeguard economic and national interests.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Businesses face Meta account lockouts

Small businesses are increasingly falling victim to scams targeting their Instagram and Facebook accounts, with many reporting long and frustrating recovery processes.

Wedding dress designer Catherine Deane, whose Instagram account was hacked through a fake verification link, described the experience as ‘devastating’ and said it took four months and persistent efforts to regain access.

Despite repeated emails to Meta, the issue was only resolved after a team member contacted someone within the company directly.

Cybersecurity experts say such cases are far from isolated. Jonas Borchgrevink, head of US-based firm Hacked.com, said thousands of business accounts are compromised every day, with some clients paying for help after months of failed recovery attempts.

Scammers often pose as Meta support, using convincing branding and AI-generated messages to trick victims into revealing passwords or verifying accounts on fake websites. These tactics allow them to gain control of business profiles and demand ransoms or post fraudulent content.

Meta has declined to disclose the full scale of the problem but says it encourages users to enable security features like two-factor authentication and regularly check their account safety. Some businesses, however, report being locked out despite not being hacked.

Others say Meta has wrongly removed pages without notice, with limited recourse or explanation. Calls are growing for the company to improve its support systems and take faster action to help affected businesses recover access to their vital online platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US and Canadian authorities launch operation to combat Ethereum scam

The US Secret Service, in collaboration with Canadian officials, launched ‘Operation Avalanche‘ to target compromised wallets on the Ethereum blockchain.

The operation focused on disrupting an ongoing approval phishing scam, which had already cost victims $4.3 million.

Approval phishing occurs when scammers trick victims into signing illicit blockchain transactions, allowing fraudsters to drain funds from their wallets.

The US Secret Service assisted Canadian officials, helping to disrupt the scam and prevent further losses.

Both US and Canadian authorities have committed to continuing their efforts to identify stolen assets and return them to the victims. The operation highlights the importance of global law enforcement collaboration in combating crypto-related crimes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Europe struggles to explain quantum to its citizens

Most Europeans remain unclear about quantum technology, despite increasing attention from EU leaders. A new survey, released on World Quantum Day, reveals that while 78 per cent of adults in France and Germany are aware of quantum, only a third truly understand what it is.

Nearly half admitted they had heard of the term but didn’t know what it means.

Quantum science studies the smallest building blocks of the universe, particles like electrons and atoms, that behave in ways classical physics can’t explain. Though invisible even to standard microscopes, they already power technologies such as GPS, MRI scanners and semiconductors.

Quantum tools could lead to breakthroughs in healthcare, cybersecurity, and climate change, by enabling ultra-precise imaging, improved encryption, and advanced environmental monitoring.

The survey showed that 47 per cent of respondents expect quantum to positively impact their country within five years, with many hopeful about its role in areas like energy, medicine and fraud prevention.

For example, quantum computers might help simulate complex molecules for drug development, while quantum encryption could secure communications better than current systems.

The EU has committed to developing a European quantum chip and is exploring a potential Quantum Act, backed by €65 million in funding under the EU Chips Act. The UK has pledged £121 million for quantum initiatives.

However, Europe still trails behind China and the US, mainly due to limited private investment and slower deployment. Former ECB president Mario Draghi warned that Europe must build a globally competitive quantum ecosystem instead of falling behind further.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!