Cybersecurity

CISOs warn AI-driven cyberattacks are rising, with DNS infrastructure at risk

A new report warns that chief information security officers (CISOs) are bracing for a sharp increase in cyber-attacks as AI continues to reshape the global threat landscape. According to CSC’s report, 98% of CISOs expect rising attacks over the next three years, with domain infrastructure a key concern.

AI-powered domain generation algorithms (DGAs) have been flagged as a key threat by 87% of security leaders. Cyber-squatting, DNS hijacking, and DDoS attacks remain top risks, with nearly all CISOs expressing concern over bad actors’ increasing use of AI.

However, only 7% said they feel confident in defending against domain-based threats.

Concerns have also been raised about identity verification. Around 99% of companies worry their domain registrars fail to apply adequate Know Your Customer (KYC) policies, leaving them vulnerable to infiltration.

Meanwhile, half of organisations have not implemented or tested a formal incident response plan or adopted AI-driven monitoring tools.

Budget constraints continue to limit cybersecurity readiness. Despite the growing risks, only 7% of CISOs reported a significant increase in security budgets between 2024 and 2025. CSC’s Ihab Shraim warned that DNS infrastructure is a prime target and urged firms to act before facing technical and reputational fallout.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Workplace deepfake abuse: What employers must know

Deepfake technology—AI-generated videos, images, and audio—has entered the workplace in alarming ways.

Once difficult to produce, deepfakes are now widely accessible and are being used to harass, impersonate, or intimidate employees. These synthetic media attacks can cause deep psychological harm, damage reputations, and expose employers to serious legal risks.

While US federal law hasn’t yet caught up, new legislation like the Take It Down Act and Florida’s Brooke’s Law require platforms to remove non-consensual deepfake content within 48 hours.

Meanwhile, employers could face claims under existing workplace laws if they fail to act on deepfake harassment. Inaction may lead to lawsuits for creating a hostile environment or for negligent oversight.

Most workplace policies still don’t mention synthetic media and something like this creates blind spots, especially during investigations, where fake images or audio could wrongly influence decisions.

Employers need to shift how they assess evidence and protect both accused and accuser fairly. It’s time to update handbooks, train staff, and build clear response plans that include digital impersonation and deepfake abuse.

By treating deepfakes as a modern form of harassment instead of just a tech issue, organisations can respond faster, protect staff, and maintain trust. Proactive training, updated policies, and legal awareness will be crucial to workplace safety in the age of AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Anubis ransomware threatens permanent data loss

A new ransomware threat known as Anubis is making waves in the cybersecurity world, combining file encryption with aggressive monetisation tactics and a rare file-wiping feature that prevents data recovery.

Victims discover their files renamed with the .anubis extension and are presented with a ransom note warning that stolen data will be leaked unless payment is made.

What sets Anubis apart is its ability to permanently erase file contents using a command that overwrites them with zero-byte shells. Although the filenames remain, the data inside is lost forever, rendering recovery impossible.

Researchers have flagged the destructive feature as highly unusual for ransomware, typically seen in cyberespionage rather than financially motivated attacks.

The malware also attempts to change the victim’s desktop wallpaper to reinforce the impact, although in current samples, the image file was missing. Anubis spreads through phishing emails and uses tactics like command-line scripting and stolen tokens to escalate privileges and evade defences.

It operates as a ransomware-as-a-service model, meaning less-skilled cybercriminals can rent and use it easily.

Security experts urge organisations to treat Anubis as more than a typical ransomware threat. Besides strong backup practices, firms are advised to improve email security, limit user privileges, and train staff to spot phishing attempts.

As attackers look to profit from stolen access and unrecoverable destruction, prevention becomes the only true line of defence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Judge halts OPM data sharing with DOGE amid privacy concerns

A federal judge in New York ordered the US Office of Personnel Management (OPM) to stop sharing sensitive personal data with the Department of Government Efficiency (DOGE) agents.

The preliminary injunction, issued on 6 June by Judge Denise Cote, cited a strong likelihood that OPM and DOGE violated both the Privacy Act of 1974 and the Administrative Procedures Act.

The lawsuit, led by the Electronic Frontier Foundation and several advocacy groups, alleges that OPM unlawfully disclosed information from one of the largest federal employee databases to DOGE, a controversial initiative reportedly linked to billionaire Elon Musk.

The database includes names, social security numbers, health and financial data, union affiliations, and background check records for millions of federal employees, applicants, and retirees.

Union representatives and privacy advocates called the ruling a significant win for data protection and government accountability. AFGE President Everett Kelley criticised the involvement of ‘Musk’s DOGE cronies’, arguing that unelected individuals should not have access to such sensitive material.

The legal action also seeks to delete any data handed over to DOGE. The case comes amid ongoing concerns about federal data security following OPM’s 2015 breach, which compromised information on more than 22 million people.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Crypto scandal sparks no-confidence vote in Czech Parliament

The Czech government faced pressure as Parliament debated a no-confidence motion over a scandal tied to a Bitcoin donation. The Justice Ministry sold a crypto donation worth nearly 1 billion koruna ($47 million), triggering outrage over the donor’s criminal record for drug offences.

Justice Minister Pavel Blazek resigned in May, stating he wanted to avoid further damage to the coalition. Prime Minister Petr Fiala accepted his resignation and praised him for acting responsibly.

Eva Decroix, also from the Civic Democratic Party, took over the post and announced an independent investigation into the ministry’s donation handling.

Opposition leaders, including Andrej Babis of the ANO movement, accused the government of possibly laundering money. The organised crime unit is investigating, but the origin and reason for the Bitcoin donation remain unclear.

The four-party coalition still holds a majority, making it unlikely that the no-confidence motion will succeed. However, the affair arrives just months before crucial elections in October, with polls predicting a win for Babis.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hacktivists target Iran’s Bank Sepah in major cyberattack

A cyberattack has reportedly hit Iran’s Bank Sepah by the hacktivist group Predatory Sparrow. The group announced on Tuesday that it had ‘destroyed all data’ at the bank, which is closely linked to the Islamic Revolutionary Guard Corps (IRGC) and Iran’s military.

Several Bank Sepah branches were closed, and customers reported being unable to access their accounts.
The attack coincided with broader banking disruptions in Iran, affecting services at Kosar and Ansar banks, both associated with military entities and subject to US sanctions.

Authorities in Iran have yet to publicly acknowledge the attack, though the IRGC-linked Fars news agency claimed the issues would be resolved in a few hours.

Predatory Sparrow said it targeted Bank Sepah for its alleged role in financing Iran’s missile and nuclear programmes and in helping the country circumvent international sanctions.

The group has previously claimed responsibility for attacks on Iranian steel plants and fuel stations and is widely believed by Tehran to receive foreign support, particularly from Israel.

Bank Sepah, one of the country’s oldest financial institutions, operates around 1,800 branches within Iran and maintains offices across Europe. The United States sanctioned the bank in 2019 following Iran’s withdrawal from the 2015 nuclear deal.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Indonesia’s cyber push faces capacity challenges in the provinces

Indonesia is decentralising its approach to cybersecurity, launching eight regional Cyber Crime Directorates within provincial police forces in September 2024.

These directorates, located in areas including Jakarta, East Java, Bali, and Papua, aim to boost local responses to increasingly complex cyber threats—from data breaches and financial fraud to hacktivism and disinformation.

The move marks a shift from Jakarta-led cybersecurity efforts toward a more distributed model, aligning with Indonesia’s broader decentralisation goals. It reflects the state’s recognition that digital threats are not only national in scope, but deeply rooted in local contexts.

However, experts warn that regionalising cyber governance comes with significant challenges. Provincial police commands often lack specialised personnel, digital forensics capabilities, and adaptive institutional structures.

Many still rely on rotations from central agencies or basic training programs—insufficient for dealing with fast-moving and technically advanced cyberattacks.

Moreover, the culture of rigid hierarchy and limited cross-agency collaboration may further hinder rapid response and innovation at the local level. Without reforms to increase flexibility, autonomy, and inter-agency cooperation, these new directorates risk becoming symbolic rather than operationally impactful.

The inclusion of provinces like Central Sulawesi and Papua also reveals a political dimension. These regions are historically security-sensitive, and the presence of cyber directorates could serve both policing and state surveillance functions, raising concerns over the balance between security and civil liberties.

To be effective, the initiative requires more than administrative expansion. It demands sustained investment in talent development, modern infrastructure, and trusted partnerships with local stakeholders—including the private sector and academia.

If these issues are not addressed, Indonesia’s push to regionalise cybersecurity may reinforce old hierarchies rather than build meaningful local capacity. Stronger, smarter institutions—not just new offices—will determine whether Indonesia can secure its digital future.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Graphite spyware used against European reporters, experts warn

A new surveillance scandal has emerged in Europe as forensic evidence confirms that an Israeli spyware firm Paragon used its Graphite tool to target journalists through zero-click attacks on iOS devices. The attacks, requiring no user interaction, exposed sensitive communications and location data.

Citizen Lab and reports from Schneier on Security identified the spyware on multiple journalists’ devices on April 29, 2025. The findings mark the first confirmed use of Paragon’s spyware against members of the press, raising alarms over digital privacy and press freedom.

Backed by US investors, Paragon has operated outside of Israel under claims of aiding national security. But its spyware is now at the center of a widening controversy, particularly in Italy, where the government recently ended its contract with the company after two journalists were targeted.

Experts warn that such attacks undermine the confidentiality crucial to journalism and could erode democratic safeguards. Even Apple’s secure devices proved vulnerable, according to Bleeping Computer, highlighting the advanced nature of Graphite.

The incident has sparked calls for tighter international regulation of spyware firms. Without oversight, critics argue, tools meant for fighting crime risk being used to silence dissent and target civil society.

The Paragon case underscores the urgent need for transparency, accountability, and stronger protections in an age of powerful, invisible surveillance tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Smart machines, dark intentions: UN urges global action on AI threats

The United Nations has warned that terrorists could seize control of AI-powered vehicles to launch devastating attacks in public spaces. A new report outlines how extremists might exploit autonomous cars and drones to bypass traditional defences.

AI is also feared to be a tool for facial recognition targeting and mass ‘swarm’ assaults using aerial devices. Experts suggest that key parts of modern infrastructure could be turned against the public if hacked.

Britain’s updated counter-terrorism strategy now reflects these growing concerns, including the risk of AI-generated propaganda and detailed attack planning. The UN has called for immediate global cooperation to limit how such technologies can be misused.

Security officials maintain that AI also offers valuable tools in the fight against extremism, enabling quicker intelligence processing and real-time threat identification. Nonetheless, authorities have been urged to prepare for worst-case scenarios involving AI-directed violence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New cyberattack method poses major threat to smart grids, study finds

A new study published in ‘Engineering’ highlights a growing cybersecurity threat to smart grids as they become more complex due to increased integration of distributed energy sources.

The research, conducted by Zengji Liu, Mengge Liu, Qi Wang, and Yi Tang, focuses on a sophisticated form of cyberattack known as a false data injection attack (FDIA) that targets data-driven algorithms used in smart grid operations.

As modern power systems adopt technologies like battery storage and solar panels, they rely more heavily on algorithms to manage energy distribution and grid stability. However, these algorithms can be exploited.

The study introduces a novel black-box FDIA method that injects false data directly at the measurement modules of distributed power supplies, using generative adversarial networks (GANs) to produce stealthy attack vectors.

What makes this method particularly dangerous is that it doesn’t require detailed knowledge of the grid’s internal workings, making it more practical and harder to detect in real-world scenarios.

The researchers also proposed an approach to estimate controller and filter parameters in distributed energy systems, making it easier to launch these attacks.

To test the method, the team simulated attacks on the New England 39-bus system, specifically targeting a deep learning model used for transient stability prediction. Results showed a dramatic drop in accuracy—from 98.75% to 56%—after the attack.

The attack also proved effective across multiple neural network models and on larger grid systems, such as IEEE’s 118-bus and 145-bus networks.

These findings underscore the urgent need for better cybersecurity defenses in the evolving smart grid landscape. As systems grow more complex and reliant on AI-driven management, developing robust protection against FDIA threats will be critical.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!