Consumer protection

New Kimwolf Android botnet linked to a record-breaking DDoS attacks

Cybersecurity researchers have uncovered a rapidly expanding Android botnet known as Kimwolf, which has already compromised approximately 1.8 million devices worldwide.

The malware primarily targets smart TVs, set-top boxes, and tablets connected to residential networks, with infections concentrated in countries including Brazil, India, the US, Argentina, South Africa, and the Philippines.

Analysis by QiAnXin XLab indicates that Kimwolf demonstrates a high degree of operational resilience.

Despite multiple disruptions to its command-and-control infrastructure, the botnet has repeatedly re-emerged with enhanced capabilities, including the adoption of Ethereum Name Service to harden its communications against takedown efforts.

Researchers also identified significant similarities between Kimwolf and AISURU, one of the most powerful botnets observed in recent years. Shared source code, infrastructure, and infection scripts suggest both botnets are operated by the same threat group and have coexisted on large numbers of infected devices.

AISURU has previously drawn attention for launching record-setting distributed denial-of-service attacks, including traffic peaks approaching 30 terabits per second.

The emergence of Kimwolf alongside such activity highlights the growing scale and sophistication of botnet-driven cyber threats targeting global internet infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI and security trends shape the internet in 2025

Cloudflare released its sixth annual Year in Review, providing a comprehensive snapshot of global Internet trends in 2025. The report highlights rising digital reliance, AI progress, and evolving security threats across Cloudflare’s network and Radar data.

Global Internet traffic rose 19 percent year-on-year, reflecting increased use for personal and professional activities. A key trend was the move from large-scale AI training to continuous AI inference, alongside rapid growth in generative AI platforms.

Google and Meta remained the most popular services, while ChatGPT led in generative AI usage.

Cybersecurity remained a critical concern. Post-quantum encryption now protects 52 percent of Internet traffic, yet record-breaking DDoS attacks underscored rising cyber risks.

Civil society and non-profit organisations were the most targeted sectors for the first time, while government actions caused nearly half of the major Internet outages.

Connectivity varied by region, with Europe leading in speed and quality and Spain ranking highest globally. The report outlines 2025’s Internet challenges and progress, providing insights for governments, businesses, and users aiming for greater resilience and security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Crypto theft soars in 2025 with fewer but bigger attacks

Cryptocurrency theft intensified in 2025, with total stolen funds exceeding $3.4 billion despite fewer large-scale incidents. Losses became increasingly concentrated, with a few major breaches driving most of the annual damage and widening the gap between typical hacks and extreme outliers.

North Korea remained the dominant threat actor, stealing at least $2.02 billion in digital assets during the year, a 51% increase compared with 2024.

Larger thefts were achieved through fewer operations, often relying on insider access, executive impersonation, and long-term infiltration of crypto firms rather than frequent attacks.

Laundering activity linked to North Korean actors followed a distinctive and disciplined pattern. Stolen funds moved in smaller tranches through Chinese-language laundering networks, bridges, and mixing services, usually following a structured 45-day cycle.

Individual wallet attacks surged, impacting tens of thousands of victims, while the total value stolen from personal wallets fell. Decentralised finance remained resilient, with hack losses low despite rising locked capital, indicating stronger security practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US platforms signal political shift in DSA risk reports

Major online platforms have submitted their 2025 systemic risk assessments under the Digital Services Act as the European Commission moves towards issuing its first fine against a Very Large Online Platform.

The reports arrive amid mounting political friction between Brussels and Washington, placing platform compliance under heightened scrutiny on both regulatory and geopolitical fronts.

Several US-based companies adjusted how risks related to hate speech, misinformation and diversity are framed, reflecting political changes in the US while maintaining formal alignment with EU law.

Meta softened enforcement language, reclassified hate speech under broader categories and reduced visibility of civil rights structures, while continuing to emphasise freedom of expression as a guiding principle.

Google and YouTube similarly narrowed references to misinformation, replaced established terminology with less charged language and limited enforcement narratives to cases involving severe harm.

LinkedIn followed comparable patterns, removing references to earlier commitments on health misinformation, civic integrity and EU voluntary codes that have since been integrated into the DSA framework.

X largely retained its prior approach, although its report continues to reference cooperation with governments and civil society that contrasts with the platform’s public positioning.

TikTok diverged from other platforms by expanding disclosures on hate speech, election integrity and fact-checking, likely reflecting its vulnerability to regulatory action in both the EU and the US.

European regulators are expected to assess whether these shifts represent genuine risk mitigation or strategic alignment with US political priorities.

As systemic risk reports increasingly inform enforcement decisions, subtle changes in language, scope and emphasis may carry regulatory consequences well beyond their formal compliance function.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Instacart faces FTC scrutiny over AI pricing tool

US regulators are examining Instacart’s use of AI in grocery pricing, after reports that shoppers were shown different prices for identical items. Sources told Reuters the Federal Trade Commission has opened a probe into the company’s AI-driven pricing practices.

The FTC has issued a civil investigative demand seeking information about Instacart’s Eversight tool, which allows retailers to test different prices using AI. The agency said it does not comment on ongoing investigations, but expressed concern over reports of alleged pricing behaviour.

Scrutiny follows a study of 437 shoppers across four US cities, which found average price differences of 7 percent for the same grocery lists at the same stores. Some shoppers reportedly paid up to 23 percent more than others for identical items, according to the researchers.

Instacart said the pricing experiments were randomised and not based on personal data or individual behaviour. The company maintains that retailers, not Instacart, set prices on the platform, with the exception of Target, where prices are sourced externally and adjusted to cover costs.

The investigation comes amid wider regulatory focus on technology-driven pricing as living costs remain politically sensitive in the United States. Lawmakers have urged greater transparency, while the FTC continues broader inquiries into AI tools used to analyse consumer data and set prices.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Russia considers restoring Roblox access after compliance talks

Roblox has signalled willingness to comply with Russian law, opening the possibility of the platform being unblocked in Russia following earlier access restrictions.

Roskomnadzor stated that cooperation could resume if Roblox demonstrates concrete steps instead of declarations towards meeting domestic legal requirements.

The regulator said Roblox acknowledged shortcomings in moderating game content and ensuring the safety of user chats, particularly involving minors.

Russian authorities stressed that compliance would require systematic measures to remove harmful material and prevent criminal communication rather than partial adjustments.

Access to Roblox was restricted in early December after officials cited the spread of content linked to extremist and terrorist activity.

Roskomnadzor indicated that continued engagement and demonstrable compliance could allow the platform to restore operations under the regulatory oversight of Russia.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta updates AI glasses with voice and music features

Meta has updated its AI smart glasses with a conversation-focused feature that amplifies voices in noisy environments. Users can adjust the volume by swiping to the right on the temple or through device settings.

The conversation-focused feature is designed for busy environments such as restaurants, trains or bars. It is similar to Apple AirPods’ Conversation Boost, which helps users focus on a single speaker.

The update also adds Spotify integration, allowing the glasses to play songs based on what the wearer sees, such as an album cover or festive decorations. The feature links visual cues with interactive actions in apps.

The software update (v21) will initially roll out to participants in Meta’s Early Access Program. The conversation-focused feature will initially be available in the US and Canada, while the Spotify feature is offered in English across multiple markets.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI-generated ads face new disclosure rules in South Korea

South Korea will require advertisers to label AI-generated or AI-assisted advertising from early 2026, marking a shift in how the country governs AI in online commerce and consumer protection.

The measure responds to a sharp rise in deceptive ads using synthetic imagery and deepfakes, particularly in healthcare and financial promotions. Regulators say transparency at the point of content delivery is intended to reduce manipulation and restore consumer trust.

Authorities in South Korea acknowledge that mandatory labelling alone may not deter malicious actors, who can bypass rules through offshore hosting or rapidly changing content. Detection challenges and uneven enforcement capacity across platforms remain open concerns.

South Korea’s industry groups warn that the policy could have uneven economic effects within the country’s advertising ecosystem. Large platforms and agencies are expected to adapt quickly, while smaller firms may face higher compliance costs that slow experimentation with generative tools.

Policymakers argue the framework aligns with South Korea’s broader AI governance strategy, positioning the country between innovation-led and precautionary regulatory models as synthetic media becomes more widespread.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI helps Everbloom create sustainable cashmere alternatives

Everbloom has developed Braid.AI, an AI system that transforms waste fibres into high-quality textiles. The process can use poultry feathers, wool, and other keratin-rich materials to replicate fabrics like cashmere.

The system works with standard textile machinery, combining chopped waste with proprietary compounds to produce biodegradable fibres. Everbloom aims to reduce environmental impact while maintaining material quality comparable to traditional cashmere.

Co-founder Sim Gulati said the startup aims to make materials economically accessible. Products are designed to offer both environmental benefits and cost-effectiveness, avoiding a ‘sustainable premium’ for consumers.

The AI can fine-tune fibre properties for multiple fabrics beyond cashmere, including polyester alternatives. Everbloom collects waste from farms, mills, and other sources to create a sustainable supply chain.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Brazilian bank executive promotes Bitcoin for diversification

Itaú Asset Management partner Renato Eid has advised investors to consider allocating between 1% and 3% of their portfolios to Bitcoin. The recommendation, described as a measured approach, aims to strike a balance between diversification benefits and protection against currency weakness.

As head of beta strategies at Brazil’s largest private bank, Eid stressed the importance of a long-term perspective rather than attempting to time market cycles. Bitcoin, in his view, should function as a complementary asset rather than a central holding in a portfolio.

The guidance highlights explicitly Itaú’s BITI11 fund, a Brazilian-listed Bitcoin ETF that began trading on the B3 exchange in 2022 through a partnership with Galaxy Digital. The fund currently manages about $115.6 million and offers regulated exposure to Bitcoin for local investors.

Brazil’s currency volatility supports the case, with the real hitting record lows in December 2024 before partially recovering. Eid linked the strategy to Itaú Unibanco’s wider crypto expansion and increasing acceptance of crypto allocations among central global banks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot