Encryption

Quantum encryption achieves new milestone without cryogenics

Computer scientists at Toshiba Europe have set a new record by distributing quantum encryption keys across 158 miles using standard computer equipment and existing fibre-optic infrastructure.

Instead of relying on expensive cryogenic cooling, which is often required in quantum computing, the team achieved this feat at room temperature, marking a significant breakthrough in the field.

Experts believe this development could lead to the arrival of metropolitan-scale quantum encryption networks within a decade.

David Awschalom, a professor at the University of Chicago, expressed optimism that quantum encryption would soon become commonplace, reflecting a growing confidence in the potential of quantum technologies instead of viewing them as distant possibilities.

Quantum encryption differs sharply from modern encryption, which depends on mathematical algorithms to scramble data. Instead of mathematical calculations, quantum encryption uses the principles of quantum mechanics to secure data through Quantum Key Distribution (QKD).

Thanks to the laws of quantum physics, any attempt to intercept quantum-encrypted data would immediately alert the original sender, offering security that may prove virtually unbreakable.

Until recently, the challenge was distributing quantum keys over long distances because traditional fibre-optic lines distort delicate quantum signals. However, Toshiba’s team found a cost-effective solution using twin-field quantum key distribution (TF-QKD) instead of resorting to expensive new infrastructure.

Their success could pave the way for a quantum internet within decades, transforming what was once considered purely theoretical into a real-world possibility.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

MTN confirms cybersecurity breach and data exposure

MTN Group has confirmed a cybersecurity breach that exposed personal data of some customers in certain markets. The telecom giant assured the public, however, that its core infrastructure remains secure and fully operational.

The breach involved an unknown third party gaining unauthorised access to parts of MTN’s systems, though the company emphasised that critical services, including mobile money and digital wallets, were unaffected.

In a statement released on Thursday, MTN clarified that investigations are ongoing, but no evidence suggests any compromise of its central infrastructure, such as its network, billing, or financial service platforms.

MTN has alerted the law enforcement of South Africa and is collaborating with regulatory bodies in the affected regions.

The company urged customers to take steps to safeguard their data, such as monitoring financial statements, using strong passwords, and being cautious with suspicious communications.

MTN also recommended enabling multi-factor authentication and avoiding sharing sensitive information like PINs or passwords through unsecured channels.

While investigations continue, MTN has committed to providing updates as more details emerge, reiterating its dedication to transparency and customer protection.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK introduces landmark online safety rules to protect children

The UK’s regulator, Ofcom, has unveiled new online safety rules to provide stronger protections for children, requiring platforms to adjust algorithms, implement stricter age checks, and swiftly tackle harmful content by 25 July or face hefty fines. These measures target sites hosting pornography or content promoting self-harm, suicide, and eating disorders, demanding more robust efforts to shield young users.

Ofcom chief Dame Melanie Dawes called the regulations a ‘gamechanger,’ emphasising that platforms must adapt if they wish to serve under-18s in the UK. While supporters like former Facebook safety officer Prof Victoria Baines see this as a positive step, critics argue the rules don’t go far enough, with campaigners expressing disappointment over perceived gaps, particularly in addressing encrypted private messaging.

The rules, part of the Online Safety Act pending parliamentary approval, include over 40 obligations such as clearer terms of service for children, annual risk reviews, and dedicated accountability for child safety. The NSPCC welcomed the move but urged Ofcom to tighten oversight, especially where hidden online risks remain unchecked.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware decline masks growing threat

A recent drop in reported ransomware attacks might seem encouraging, yet experts warn this is likely misleading. Figures from the NCC Group show a 32% decline in March 2025 compared to the previous month, totalling 600 incidents.

However, this dip is attributed to unusually large-scale attacks in earlier months, rather than an actual reduction in cybercrime. In fact, incidents were up 46% compared with March last year, highlighting the continued escalation in threat activity.

Rather than fading, ransomware groups are becoming more sophisticated. Babuk 2.0 emerged as the most active group in March, though doubts surround its legitimacy. Security researchers believe it may be recycling leaked data from previous breaches, aiming to trick victims instead of launching new attacks.

A tactic like this mirrors behaviours seen after law enforcement disrupted other major ransomware networks, such as LockBit in 2024.

Industrials were the hardest hit, followed by consumer-focused sectors, while North America bore the brunt of geographic targeting.

With nearly half of all recorded attacks occurring in the region, analysts expect North America, especially Canada, to remain a prime target amid rising political tensions and cyber vulnerability.

Meanwhile, cybercriminals are turning to malvertising, malicious code hidden in online advertisements, as a stealthier route of attack. This tactic has gained traction through the misuse of trusted platforms like GitHub and Dropbox, and is increasingly being enhanced with generative AI tools.

Instead of relying solely on technical expertise, attackers now use AI to craft more convincing and complex threats. As these strategies grow more advanced, experts urge organisations to stay alert and prioritise threat intelligence and collaboration to navigate this volatile cyber landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom investigates data breach after cyberattack

South Korean telecom leader SK Telecom has confirmed a cyberattack that compromised customer data following a malware infection.

The breach was detected on 19 April, prompting an immediate internal investigation and response. Authorities, including the Korea Internet Security Agency, have been alerted.

Personal information of South Korean customers was accessed during the attack, although the extent of the breach remains under review. In response, SK Telecom is offering a complimentary SIM protection service, hinting at potential SIM swapping risks linked to the leaked data.

The infected systems were quickly isolated and the malware removed. While no group has claimed responsibility, concerns remain over possible state-sponsored involvement, as telecom providers are frequent targets for cyberespionage.

It is currently unknown whether ransomware played a role in the incident. Investigations are ongoing as officials continue to assess the scope and origin of the breach.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Russian hackers target NGOs with fake video calls

Hackers linked to Russia are refining their techniques to infiltrate Microsoft 365 accounts, according to cybersecurity firm Volexity.

Their latest strategy targets non-governmental organisations (NGOs) associated with Ukraine by exploiting OAuth, a protocol used for app authorisation without passwords.

Victims are lured into fake video calls through apps like Signal or WhatsApp and tricked into handing over OAuth codes, which attackers then use to access Microsoft 365 environments.

The campaign, first detected in March, involved messages claiming to come from European security officials proposing meetings with political representatives. Instead of legitimate video links, these messages directed recipients to OAuth code generators.

Once a code was shared, attackers could gain entry into accounts containing sensitive data. Staff at human rights organisations were especially targeted due to their work on Ukraine-related issues.

Volexity attributed the scheme to two threat actors, UTA0352 and UTA0355, though it did not directly connect them to any known Russian advanced persistent threat groups.

A previous attack from the same actors used Microsoft Device Code Authentication, usually reserved for connecting smart devices, instead of traditional login methods. Both campaigns show a growing sophistication in social engineering tactics.

Given the widespread use of Microsoft 365 tools like Outlook and Teams, experts urge organisations to heighten awareness among staff.

Rather than trusting unsolicited messages on encrypted apps, users should remain cautious when prompted to click links or enter authentication codes, as these could be cleverly disguised attempts to breach secure systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google spoofed in sophisticated phishing attack

A sophisticated phishing attack recently targeted Google users, exploiting a well-known email authentication method to bypass security measures.

The attackers sent emails appearing to be from Google’s legitimate address, no-reply@accounts.google.com, and claimed the recipient needed to comply with a subpoena.

The emails contained a link to a Google Sites page, prompting users to log in and revealing a fake legal support page.

What made this phishing attempt particularly dangerous was that it successfully passed both DMARC and DKIM email authentication checks, making it appear entirely genuine to recipients.

In another cyber-related development, Microsoft issued a warning regarding the use of Node.js in distributing malware. Attackers have been using the JavaScript runtime environment to deploy malware through scripts and executables, particularly targeting cryptocurrency traders via malvertising campaigns.

The new technique involves executing JavaScript directly from the command line, making it harder to detect by traditional security tools.

Meanwhile, the US has witnessed a significant change in its disinformation-fighting efforts.

The State Department has closed its Counter Foreign Information Manipulation and Interference group, previously known as the Global Engagement Center, after accusations that it was overreaching in its censorship activities.

The closure, led by Secretary of State Marco Rubio, has sparked criticism, with some seeing it as a victory for foreign powers like Russia and China.

Finally, gig workers face new challenges as the Tech Transparency Project revealed that Facebook groups are being used to trade fake gig worker accounts for platforms like Uber and Lyft.

Sellers offer access to verified accounts, bypassing safety checks, and putting passengers and customers at risk. Despite reports to Meta, many of these groups remain active, with the social media giant’s automated systems failing to curb the activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake banking apps leave sellers thousands out of pocket

Scammers are using fake mobile banking apps to trick people into handing over valuable items without receiving any payment.

These apps, which convincingly mimic legitimate platforms, display false ‘successful payment’ screens in person, allowing fraudsters to walk away with goods while the money never arrives.

Victims like Anthony Rudd and John Reddock have lost thousands after being targeted while selling items through social media marketplaces. Mr Rudd handed over £1,000 worth of tools from his Salisbury workshop, only to realise the payment notification was fake.

Mr Reddock, from the UK, lost a £2,000 gold bracelet he had hoped to sell to fund a holiday for his children.

BBC West Investigations found that some of these fake apps, previously removed from the Google Play store, are now being downloaded directly from the internet onto Android phones.

The Chartered Trading Standards Institute described this scam as an emerging threat, warning that in-person fraud is growing more complex instead of fading away.

With police often unable to track down suspects, small business owners like Sebastian Liberek have been left feeling helpless after being targeted repeatedly.

He has lost hundreds of pounds to fake transfers and believes scammers will continue striking, while enforcement remains limited and platforms fail to do enough to stop the spread of fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Colorado’s experiment with crypto tax payments shows limited adoption

Since Colorado began accepting cryptocurrency for tax payments in September 2022, the amount paid via crypto has been minimal. Out of the $11 billion in income tax collected since 2022, just 0.0005%, or roughly $57,000, has been paid using digital assets.

The state initially saw eight crypto payments totalling $16,426 in 2022, which rose to 22 payments amounting to $23,241 in 2023. However, the number declined again in 2024 to $17,544 across 48 payments.

Governor Jared Polis’ initiative allows taxpayers to use PayPal’s Crypto Hub, converting their crypto into US dollars. It means Colorado doesn’t directly receive crypto, undermining the notion that digital assets are widely used for tax payments.

Bitcoin, primarily a store of value, doesn’t lend itself to transactions like these, according to experts.

Although Colorado leads in this innovation, Utah is the only other state accepting cryptocurrency for taxes. Looking ahead, commentators suggest that stablecoins, rather than Bitcoin, will become the primary method for crypto-based transactions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Europe struggles to explain quantum to its citizens

Most Europeans remain unclear about quantum technology, despite increasing attention from EU leaders. A new survey, released on World Quantum Day, reveals that while 78 per cent of adults in France and Germany are aware of quantum, only a third truly understand what it is.

Nearly half admitted they had heard of the term but didn’t know what it means.

Quantum science studies the smallest building blocks of the universe, particles like electrons and atoms, that behave in ways classical physics can’t explain. Though invisible even to standard microscopes, they already power technologies such as GPS, MRI scanners and semiconductors.

Quantum tools could lead to breakthroughs in healthcare, cybersecurity, and climate change, by enabling ultra-precise imaging, improved encryption, and advanced environmental monitoring.

The survey showed that 47 per cent of respondents expect quantum to positively impact their country within five years, with many hopeful about its role in areas like energy, medicine and fraud prevention.

For example, quantum computers might help simulate complex molecules for drug development, while quantum encryption could secure communications better than current systems.

The EU has committed to developing a European quantum chip and is exploring a potential Quantum Act, backed by €65 million in funding under the EU Chips Act. The UK has pledged £121 million for quantum initiatives.

However, Europe still trails behind China and the US, mainly due to limited private investment and slower deployment. Former ECB president Mario Draghi warned that Europe must build a globally competitive quantum ecosystem instead of falling behind further.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.