Encryption

UK research body hit by 5 million cyber attacks

UK Research and Innovation (UKRI), the country’s national funding body for science and research, has reported a staggering 5.4 million cyber attacks this year — a sixfold increase compared to the previous year.

According to data obtained through freedom of information requests, the majority of these threats were phishing attempts, with 236,400 designed to trick employees into revealing sensitive data. A further 11,200 were malware-based attacks, while the rest were identified as spam or malicious emails.

The scale of these incidents highlights the growing threat faced by both public and private sector institutions. Experts believe the rise of AI has enabled cybercriminals to launch more frequent and sophisticated attacks.

Rick Boyce, chief for technology at AND Digital, warned that the emergence of AI has introduced threats ‘at a pace we’ve never seen before’, calling for a move beyond traditional defences to stay ahead of evolving risks.

UKRI, which is sponsored by the Department for Science, Innovation and Technology, manages an annual budget of £8 billion, much of it invested in cutting-edge research.

A budget like this makes it an attractive target for cybercriminals and state-sponsored actors alike, particularly those looking to steal intellectual property or sabotage infrastructure. Security experts suggest the scale and nature of the attacks point to involvement from hostile nation states, with Russia a likely culprit.

Though UKRI cautioned that differing reporting periods may affect the accuracy of year-on-year comparisons, there is little doubt about the severity of the threat.

The UK’s National Cyber Security Centre (NCSC) has previously warned of Russia’s Unit 29155 targeting British government bodies and infrastructure for espionage and disruption.

With other notorious groups such as Fancy Bear and Sandworm also active, the cybersecurity landscape is becoming increasingly fraught.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ascension faces fresh data breach fallout

A major cybersecurity breach has struck Ascension, one of the largest nonprofit healthcare systems in the US, exposing the sensitive information of over 430,000 patients.

The incident began in December 2024, when Ascension discovered that patient data had been compromised through a former business partner’s software flaw.

The indirect breach allowed cybercriminals to siphon off a wide range of personal, medical and financial details — including Social Security numbers, diagnosis codes, hospital admission records and insurance data.

The breach adds to growing concerns over the healthcare industry’s vulnerability to cyberattacks. In 2024 alone, 1,160 healthcare-related data breaches were reported, affecting 305 million records — a sharp rise from the previous year.

Many institutions still treat cybersecurity as an afterthought instead of a core responsibility, despite handling highly valuable and sensitive data.

Ascension itself has been targeted multiple times, including a ransomware attack in May 2024 that disrupted services at dozens of hospitals and affected nearly 5.6 million individuals.

Ascension has since filed notices with regulators and is offering two years of identity monitoring to those impacted. However, critics argue this response is inadequate and reflects a broader pattern of negligence across the sector.

The company has not named the third-party vendor responsible, but experts believe the incident may be tied to a larger ransomware campaign that exploited flaws in widely used file-transfer software.

Rather than treating such incidents as isolated, experts warn that these breaches highlight systemic flaws in healthcare’s digital infrastructure. As criminals grow more sophisticated and vendors remain vulnerable, patients bear the consequences.

Until healthcare providers prioritise cybersecurity instead of cutting corners, breaches like this are likely to become even more common — and more damaging.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

President Milei ends investigation into Libra memecoin

Argentina’s government has disbanded the task force investigating the controversial Libra memecoin scandal, just three months after its creation. The unit, created by President Milei, investigated the memecoin that soared to $4.5 billion before crashing to $14 million.

The decree stated the task force had ‘fulfilled its purpose.’

Local lawmakers sharply criticised the decision, accusing the government of shielding those involved. Opposition figures labelled the task force a ‘front’ and suggested the closure was a move to protect suspects.

Meanwhile, the scandal continues to shake Argentina’s crypto scene.

Judge María Servini ordered banks to release financial records from 2023 for key suspects, including President Milei and his sister Karina. The investigation centres on allegations of bribery and illicit profit, involving several individuals connected to the Libra project.

Milei denies any wrongdoing amid mounting scrutiny.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Supreme Court pushes India to regulate crypto

India’s Supreme Court has urged the government to regulate cryptocurrencies, citing a gap between taxing digital assets and failing to govern them properly. The court raised concerns about the economic risks posed by unregulated crypto activity, particularly Bitcoin.

Justice Surya Kant called crypto a ‘parallel economy’ and questioned the 30% tax without proper regulation. The court made its remarks during a hearing concerning an ongoing investigation into a Bitcoin-related transaction.

A government legal representative responded by indicating that a regulatory review may be considered.

Cryptocurrency use is growing in India. However, the country has yet to introduce dedicated laws to regulate the sector. It has raised concerns among legal experts, regulators, and crypto participants.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Legal aid data breach affects UK applicants

The UK Ministry of Justice has confirmed a serious cyber-attack on its Legal Aid Agency, first detected on 23 April and revealed to be more extensive on 16 May. Investigators found that a wide range of personal details belonging to applicants dating back to 2010 were accessed.

The breach has prompted urgent security reviews and cooperation with the National Cyber Security Centre. Stolen information may include names, addresses, dates of birth, national ID numbers, criminal histories, employment records and financial data such as debts and contributions.

While the total number of affected individuals remains unconfirmed, publicly available figures suggest hundreds of thousands of applications across the last year alone. Victims have been urged to monitor for suspicious communications and to change passwords promptly.

UK Legal aid services have been taken offline as contingency measures are put in place to maintain support for vulnerable users. Jane Harbottle, CEO of the Legal Aid Agency, expressed regret over the incident and reassured applicants that efforts are underway to restore secure access.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Dubai sets June deadline for crypto firms

Dubai’s crypto regulator has given virtual asset service providers (VASPs) until 19 June to comply with a new set of rules designed to improve transparency and oversight. VARA released Version 2.0 of its Rulebooks, adding stricter oversight and updated standards across key activities.

The changes include stricter requirements for margin trading, clearer definitions for terms such as ‘client assets’ and ‘qualified custodians,’ and consistent risk management obligations.

VARA aims to reduce regulatory uncertainty and make it easier for companies to meet cross-functional compliance.

The rules also introduce tougher conditions for token distribution and new restrictions on marketing, particularly for retail-facing offers. All licensed crypto firms must complete the transition within the 30-day window to avoid penalties.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

JPMorgan to allow clients to buy Bitcoin

JPMorgan CEO Jamie Dimon announced plans to let the bank’s customers buy Bitcoin, though the firm will not hold the cryptocurrency on their behalf. Instead, Bitcoin purchases will be reflected in client statements, without JPMorgan providing custody services.

Dimon has long expressed scepticism about Bitcoin. He defended clients’ right to buy the asset despite concerns over its use in illegal activities like money laundering and trafficking.

Until now, JPMorgan’s crypto exposure was limited to futures products rather than direct digital asset ownership.

The move follows similar steps by Morgan Stanley, which recently offered spot Bitcoin ETFs to select clients. Spot Bitcoin ETFs have gained traction in the US, attracting nearly $42 billion in inflows since their January 2024 debut.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Democrats shift stance on GENIUS Act

Senators voted 66-32 to advance the GENIUS Act, a bill aimed at regulating stablecoins. Sixteen Democrats joined Republicans in backing the measure, reversing a previous block.

The legislation introduces the first formal rules for stablecoin issuers, a move seen as vital for consumer protection and financial clarity.

Bipartisan negotiations helped push the bill forward. A new amendment addresses key Democratic concerns, including tougher consumer safeguards and limits on stablecoin issuance by tech firms.

It also extends ethics rules to figures like Elon Musk and David Sacks, at least temporarily. Despite the uncertainty over whether the amendment will pass, Democrats agreed to support the bill either way.

The Senate had stalled the proposal two weeks earlier over demands for stronger national security provisions. While Republicans have yet to back the amendment, more Democrats are now expected to vote for the bill.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Buterin suggests lightweight Ethereum nodes

Ethereum co-founder Vitalik Buterin has proposed a major update to make running a node more accessible to ordinary users. His idea aims to reduce the hardware and storage needed to run a full Ethereum node.

Instead of storing Ethereum’s full history—now over 1.3 terabytes—users would only keep data relevant to them and request older records when needed. The approach, similar to how library branches share books, would bring Ethereum nodes to standard devices, including smartphones.

Buterin says this shift reduces reliance on powerful cloud services and avoids centralised risks. The proposal arrives just ahead of Ethereum’s ambitious Pectra upgrade, which will lay the foundation for better scalability and decentralisation.

Meanwhile, other voices in the Ethereum space are pushing bold ideas. Researcher Dankrad Feist has proposed boosting the network’s gas limit by 100 times to handle up to 2,000 transactions per second.

Former developer Eric Connor believes Ethereum could help solve AI’s centralisation issues. But critics like Nic Carter warn that layer-2 networks and excessive token creation are diluting Ether’s value.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New crypto rules may ban Tether trading in Russia

Russia’s new Central Bank regulations could effectively ban the trading of Tether (USDT) within the country’s crypto sandbox, experts have said. The rules, effective 26 May, target coins linked to ‘hostile issuers’ or at risk of being blocked or frozen.

The crypto sandbox, supervised by the Central Bank, allows Russian firms to use digital assets in international trade. Plans to expand the sandbox will let qualified investors trade on approved platforms, but only coins meeting strict criteria will be permitted.

While USDT trading appears under threat, stablecoins may still be used for cross-border payments and settlements.

Experts note that the rules’ broad definitions mean popular USD-pegged stablecoins, including Tether, likely will not comply. Tether’s requirements for Know-Your-Customer (KYC) checks enable it to block or freeze tokens at its discretion.

Such controls have already been seen in actions against Russian exchanges, highlighting potential complications for Russian crypto users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot