Development

Attackers bypass email security by abusing Microsoft Teams defaults

A phishing campaign exploits Microsoft Teams’ external communication features, with attackers posing as IT helpdesk staff to gain access to screen sharing and remote control. The method sidesteps traditional email security controls by using Teams’ default settings.

The attacks exploit Microsoft 365’s default external collaboration feature, which allows unauthenticated users to contact organisations. Axon Team reports attackers create malicious Entra ID tenants with .onmicrosoft.com domains or use compromised accounts to initiate chats.

Although Microsoft issues warnings for suspicious messages, attackers bypass these by initiating external voice calls, which generate no alerts. Once trust is established, they request screen sharing, enabling them to monitor victims’ activity and guide them toward malicious actions.

The highest risk arises where organisations enable external remote-control options, giving attackers potential full access to workstations directly through Teams. However, this eliminates the need for traditional remote tools like QuickAssist or AnyDesk, creating a severe security exposure.

Defenders are advised to monitor Microsoft 365 audit logs for markers such as ChatCreated, MessageSent, and UserAccepted events, as well as TeamsImpersonationDetected alerts. Restricting external communication and strengthening user awareness remain key to mitigating this threat.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ENISA takes charge of new EU Cybersecurity Reserve operations with €36 million in funding

The European Commission has signed a contribution agreement with the European Union Agency for Cybersecurity (ENISA), assigning the agency responsibility for operating and administering the EU Cybersecurity Reserve.

The arrangement includes a €36 million allocation over three years, complementing ENISA’s existing budget.

The EU Cybersecurity Reserve, established under the EU Cyber Solidarity Act, will provide incident response services through trusted managed security providers.

The services are designed to support EU Member States, institutions, and critical sectors in responding to large-scale cybersecurity incidents, with access also available to third countries associated with the Digital Europe Programme.

ENISA will oversee the procurement of these services and assess requests from national authorities and EU bodies, while also working with the Commission and EU-CyCLONe to coordinate crisis response.

If not activated for incident response, the pre-committed services may be redirected towards prevention and preparedness measures.

The reserve is expected to become fully operational by the end of 2025, aligning with the planned conclusion of ENISA’s existing Cybersecurity Support Action in 2026.

ENISA is also preparing a candidate certification scheme for Managed Security Services, with a focus on incident response, in line with the Cyber Solidarity Act.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum computing production expands with Shenzhen’s factory project in China

China has begun construction on its first facility dedicated to the production of photonic quantum computers in Shenzhen, Guangdong Province. The project marks a step toward the development of large-scale quantum computing capabilities in the country.

The factory, led by Beijing-based quantum computing company QBoson, is expected to manufacture several dozen photonic quantum computers each year once operations begin.

QBoson’s founder, Wen Kai, explained that photonic quantum computing uses the quantum properties of light and is viewed as a promising path in the field.

Compared with other approaches, it does not require extremely low temperatures to function and offers advantages such as stable operation at room temperature, a higher number of qubits, and longer coherence times.

The upcoming facility will be divided into three core areas: module development, full-system production, and quality testing. Construction is already underway, and equipment installation is scheduled to begin by the end of October.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nigeria drafts framework for AI use in governance and services

According to the IT regulator, Nigeria is preparing a national framework to guide responsible use of AI in governance, healthcare, education and agriculture.

NITDA Director General Kashifu Abdullahi told a policy lecture in Abuja that AI could accelerate economic transformation if properly harnessed. He emphasised that Nigeria’s youthful population should move from being consumers to becoming innovators and creators.

He urged stakeholders to view automation as an opportunity to generate jobs, highlighting that over 60% of Nigerians are under 25. Abdullahi described this demographic as a key asset in positioning the nation for global competitiveness.

Meanwhile, a joint report from the Digital Education Council and the Global Finance & Technology Network found that AI boosts productivity, though adoption remains uneven. It warned of a growing divide between organisations that use AI effectively and those falling behind.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

FBI says China’s Salt Typhoon breached millions of Americans’ data

China’s Salt Typhoon cyberspies have stolen data from millions of Americans through a years-long intrusion into telecommunications networks, according to senior FBI officials. The campaign represents one of the most significant espionage breaches uncovered in the United States.

The Beijing-backed operation began in 2019 and remained hidden until last year. Authorities say at least 80 countries were affected, far beyond the nine American telcos initially identified, with around 200 US organisations compromised.

Targets included Verizon, AT&T, and over 100 current and former administration officials. Officials say the intrusions enabled Chinese operatives to geolocate mobile users, monitor internet traffic, and sometimes record phone calls.

Three Chinese firms, Sichuan Juxinhe, Beijing Huanyu Tianqiong, and Sichuan Zhixin Ruijie, have been tied to Salt Typhoon. US officials say they support China’s security services and military.

The FBI warns that the scale of indiscriminate targeting falls outside traditional espionage norms. Officials stress the need for stronger cybersecurity measures as China, Russia, Iran, and North Korea continue to advance their cyber operations against critical infrastructure and private networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Pixel Care+ launches for Pixel, Fitbit, and Pixel Watch devices

Google has launched Pixel Care+, a new device protection programme that replaces Preferred Care and Fi Device Protection in the US. Existing subscribers will be transitioned to the new plan over the coming months.

The programme offers unlimited accidental damage claims, extended warranty coverage, and $0 repairs for screen, battery, and malfunction issues. It also guarantees genuine Google parts, priority support, and optional theft and loss protection.

Subscribers benefit from free upgraded shipping on replacements, including next-day delivery. Pricing varies by device, with Pixel Care+ for the Pixel 10 costing $10 per month or $199 for two years.

Pixel Care+ is available for Pixel 8 and newer devices, as well as Pixel Watch 2, Pixel Tablet, and Fitbit models, including Ace LTE, Versa 4, Sense 2, Charge 6, and Inspire 3. Users must enrol within 60 days of purchase.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europe adds 12 new unicorn startups in first half of 2025

Funding season is restarting in Europe, with investors expecting to add several new unicorns in the coming months. Despite fewer mega-rounds than in 2021, a dozen startups passed the $1 billion mark in the first half of 2025.

AI, biotech, defence technology, and renewable energy are among the sectors attracting major backing. Recent unicorns include Lovable, an AI coding firm from Sweden, UK-based Fuse Energy, and Isar Aerospace from Germany.

London-based Isomorphic Labs, spun out of DeepMind, raised $600 million to enter unicorn territory. In biotech, Verdiva Bio hit unicorn status after a $410 million Series A, while Neko Health reached a $1.8 billion valuation.

AI and automation continue to drive investor appetite. Dublin’s Tines secured a $125 million Series C at a $1.125 billion valuation, and German AI customer service startup Parloa raised $120 million at a $1 billion valuation.

Dual-use drone companies also stood out. Portugal-based Tekever confirmed its unicorn status with plans for a £400 million UK expansion, while Quantum Systems raised €160 million to scale its AI-driven drones globally.

Film-streaming platform Mubi and encryption startup Zama also joined the unicorn club, showing the breadth of sectors gaining traction. With Bristol, Manchester, Munich, and Stockholm among the hotspots, Europe’s tech ecosystem continues to diversify.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Generative AI music takes ethical turn with Beatoven.ai’s Maestro launch

Beatoven.ai has launched Maestro, a generative AI model for instrumental music that will later expand to vocals and sound effects. The company claims it is the first fully licensed AI model, ensuring royalties for artists and rights holders.

Trained on licensed datasets from partners such as Rightsify and Symphonic Music, Maestro avoids scraping issues and guarantees attribution. Beatoven.ai, with two million users and 15 million tracks generated, says Maestro can be fine-tuned for new genres.

The platform also includes tools for catalogue owners, allowing labels and publishers to analyse music, generate metadata, and enhance back-catalogue discovery. CEO Mansoor Rahimat Khan said Maestro builds an ‘AI-powered music ecosystem’ designed to push creativity forward rather than mimic it.

Industry figures praised the approach. Ed Newton-Rex of Fairly Trained said Maestro proves AI can be ethical, while Musical AI’s Sean Power called it a fair licensing model. Beatoven.ai also plans to expand its API into gaming, film, and virtual production.

The launch highlights the wider debate over licensing versus scraping. Scraping often exploits copyrighted works without payment, while licensed datasets ensure royalties, higher-quality outputs, and long-term trust. Advocates argue that licensing offers a more sustainable and fairer path for GenAI music.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Parental controls and crisis tools added to ChatGPT amid scrutiny

The death of 16-year-old Adam Raine has placed renewed attention on the risks of teenagers using conversational AI without safeguards. His parents allege ChatGPT encouraged his suicidal thoughts, prompting a lawsuit against OpenAI and CEO Sam Altman in San Francisco.

The case has pushed OpenAI to add parental controls and safety tools. Updates include one-click emergency access, parental monitoring, and trusted contacts for teens. The company is also exploring connections with therapists.

Executives said AI should support rather than harm. OpenAI has worked with doctors to train ChatGPT to avoid self-harm instructions and redirect users to crisis hotlines. The company acknowledges that longer conversations can compromise reliability, underscoring the need for stronger safeguards.

The tragedy has fuelled wider debates about AI in mental health. Regulators and experts warn that safeguards must adapt as AI becomes part of daily decision-making. Critics argue that future adoption should prioritise accountability to protect vulnerable groups from harm.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Global agencies and the FBI issue a warning on Salt Typhoon operations

The FBI, US agencies, and international partners have issued a joint advisory on a cyber campaign called ‘Salt Typhoon.’

The operation is said to have affected more than 200 US companies across 80 countries.

The advisory, co-released by the FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Department of Defence Cyber Crime Centre, was also supported by agencies in the UK, Canada, Australia, Germany, Italy and Japan.

According to the statement, Salt Typhoon has focused on exploiting network infrastructure such as routers, virtual private networks and other edge devices.

The group has been previously linked to campaigns targeting US telecommunications networks in 2024. It has also been connected with activity involving a US National Guard network, the advisory names three Chinese companies allegedly providing products and services used in their operations.

Telecommunications, defence, transportation and hospitality organisations are advised to strengthen cybersecurity measures. Recommended actions include patching vulnerabilities, adopting zero-trust approaches and using the technical details included in the advisory.

Salt Typhoon, also known as Earth Estrie and Ghost Emperor, has been observed since at least 2019 and is reported to maintain long-term access to compromised devices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.