Encryption

Facial recognition trial targets repeat offenders in New Zealand supermarkets

Teenagers account for most of the serious threats reported against supermarket staff across South Island stores, according to a privacy report released on Foodstuffs South Island’s facial recognition trial.

The company is testing the technology in three Christchurch supermarkets to identify only adult repeat offenders, rather than minors, even though six out of the ten worst offenders are under eighteen.

A system that creates a biometric template of every shopper at the trial stores and deletes it if there is no match with a watchlist. Detections remain stored within the Auror platform for seven years, while personal images are deleted on the same day.

The technology is supplied by the Australian firm Vix Vizion, in collaboration with Auror, which is already known for its vehicle plate recognition systems.

Foodstuffs argues the trial is justified by rising threatening and violent behaviour towards staff across all age groups.

A previous North Island pilot scanned 226 million faces and generated more than 1700 alerts, leading the Privacy Commissioner of New Zealand to conclude that strong safeguards could reduce privacy intrusion to an acceptable level.

The watchlist only includes adults previously involved in violence or serious threats, and any matches undergo human checks before action is taken.

Foodstuffs continues to provide regular updates to the Office of the Privacy Commissioner as the South Island trial proceeds.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Italy fines Apple €98 million over App Store competition breach

Apple has been fined €98 million by Italy’s competition authority after regulators concluded that its App Tracking Transparency framework distorted competition in the app store market.

Authorities stated that the policy strengthened Apple’s dominant position while limiting how third-party developers collect advertising data.

The investigation found that developers were required to request consent multiple times for the same data processing purposes, creating friction that disproportionately affected competitors.

Regulators in Italy argued that equivalent privacy protections could have been achieved through a single consent mechanism instead of duplicated prompts.

According to the Italian authority, the rules were imposed unilaterally across the App Store ecosystem and harmed commercial partners reliant on targeted advertising. The watchdog also questioned whether the policy was proportionate from a data protection perspective under the EU law.

Apple rejected the findings and confirmed plans to appeal, stating that App Tracking Transparency prioritises user privacy over the interests of ad technology firms.

The decision follows similar penalties and warnings issued in France and Germany, reinforcing broader European scrutiny of platform governance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

University of Phoenix breach exposes millions in major Oracle attack

Almost 3.5 million students, staff and suppliers linked to the University of Phoenix have been affected by a data breach tied to a sophisticated cyber extortion campaign. The incident followed unauthorised access to internal systems, exposing highly sensitive personal and financial information.

Investigations indicate attackers exploited a zero-day vulnerability in Oracle E-Business Suite, a widely used enterprise financial application. The breach surfaced publicly after the Clop ransomware group listed the university on its leak site, prompting internal reviews and regulatory disclosures.

Compromised data includes names, contact details, dates of birth, social security numbers and banking information. University officials have confirmed that affected individuals are being notified, while filings with US regulators outline the scale and nature of the incident.

The attack forms part of a broader wave of intrusions targeting American universities and organisations using Oracle platforms. As authorities offer rewards for intelligence on Clop’s operations, the breach highlights growing risks facing educational institutions operating complex digital infrastructures.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber incident hits France’s postal and banking networks

France’s national postal service, La Poste, suffered a cyber incident days before Christmas that disrupted websites, mobile applications and parts of its delivery network.

The organisation confirmed a distributed denial of service attack temporarily knocked key digital systems offline, slowing parcel distribution during the busiest period of the year.

A disruption that also affected La Banque Postale, with customers reporting limited access to online banking and mobile services. Card payments in stores, ATM withdrawals, and authenticated online payments continued to function, easing concerns over wider financial instability.

La Poste stated there was no evidence of customer data exposure, although several post offices in France operated at reduced capacity. Staff were deployed to restore services while maintaining in-person banking and postal transactions where possible.

The incident added to growing anxiety over digital resilience in critical public services, particularly following a separate data breach disclosed at France’s Interior Ministry last week. Authorities have yet to identify those responsible for the attack on La Poste.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU moves to extend child abuse detection rules

The European Commission has proposed extending the Interim Regulation that allows online service providers to voluntarily detect and report child sexual abuse instead of facing a legal gap once the current rules expire.

These measures would preserve existing safeguards while negotiations on permanent legislation continue.

The Interim Regulation enables providers of certain communication services to identify and remove child sexual abuse material under a temporary exemption from e-Privacy rules.

Without an extension beyond April 2026, voluntary detection would have to stop, making it easier for offenders to share illegal material and groom children online.

According to the Commission, proactive reporting by platforms has played a critical role for more than fifteen years in identifying abuse and supporting criminal investigations. Extending the interim framework until April 2028 is intended to maintain these protections until long-term EU rules are agreed.

The proposal now moves to the European Parliament and the Council, with the Commission urging swift agreement to ensure continued protection for children across the Union.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TSA introduces a fee for travellers without ID

From 1 February, the US Transportation Security Administration will charge a $45 fee to travellers who arrive at airports without a valid form of identification, such as a REAL ID or passport.

A measure that is linked to the rollout of a new alternative identity verification system designed to modernise security checks.

The fee applies to passengers using TSA Confirm.ID, a process that may involve biometric or biographic verification. Even after payment, access to the secure area is not guaranteed, and the charge will remain non-refundable, valid for a period of ten days.

According to the TSA, the policy ensures that the traveller, instead of taxpayers, bears the cost of verifying insufficient identification. Officials have urged passengers to obtain a REAL ID or other approved documentation to avoid delays or missed flights.

The agency has indicated that travellers will be encouraged to pay the fee online before arrival. At the same time, further details are expected on how advance payment and verification will operate across different airports.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU sets course for digital euro adoption

The Council of the European Union has agreed on its negotiating position on legislation enabling a digital euro while reinforcing the legal status of euro cash.

An initiative that aims to strengthen the resilience of the EU payments system and support strategic autonomy by ensuring public money remains central in a rapidly digitising economy.

Under the proposal, the digital euro would complement cash, rather than replace it, offering a public payment option backed by the European Central Bank. It would function both online and offline, allow payments with a high degree of privacy, and operate in conjunction with private cards and applications.

Limits on holdings would apply to reduce risks to financial stability, with core services provided free to consumers.

The Council position also clarifies compensation rules for payment service providers and requires fair access to mobile device hardware and software. Interchange and merchant fees would be capped during a transitional period, with future pricing linked to actual operational costs.

At the same time, the Council has moved to strengthen the role of cash by safeguarding acceptance across the € area and guaranteeing access for citizens.

Member states would be required to monitor cash availability and prepare contingency measures for situations where electronic payments are disrupted.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New Kimwolf Android botnet linked to a record-breaking DDoS attacks

Cybersecurity researchers have uncovered a rapidly expanding Android botnet known as Kimwolf, which has already compromised approximately 1.8 million devices worldwide.

The malware primarily targets smart TVs, set-top boxes, and tablets connected to residential networks, with infections concentrated in countries including Brazil, India, the US, Argentina, South Africa, and the Philippines.

Analysis by QiAnXin XLab indicates that Kimwolf demonstrates a high degree of operational resilience.

Despite multiple disruptions to its command-and-control infrastructure, the botnet has repeatedly re-emerged with enhanced capabilities, including the adoption of Ethereum Name Service to harden its communications against takedown efforts.

Researchers also identified significant similarities between Kimwolf and AISURU, one of the most powerful botnets observed in recent years. Shared source code, infrastructure, and infection scripts suggest both botnets are operated by the same threat group and have coexisted on large numbers of infected devices.

AISURU has previously drawn attention for launching record-setting distributed denial-of-service attacks, including traffic peaks approaching 30 terabits per second.

The emergence of Kimwolf alongside such activity highlights the growing scale and sophistication of botnet-driven cyber threats targeting global internet infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI and security trends shape the internet in 2025

Cloudflare released its sixth annual Year in Review, providing a comprehensive snapshot of global Internet trends in 2025. The report highlights rising digital reliance, AI progress, and evolving security threats across Cloudflare’s network and Radar data.

Global Internet traffic rose 19 percent year-on-year, reflecting increased use for personal and professional activities. A key trend was the move from large-scale AI training to continuous AI inference, alongside rapid growth in generative AI platforms.

Google and Meta remained the most popular services, while ChatGPT led in generative AI usage.

Cybersecurity remained a critical concern. Post-quantum encryption now protects 52 percent of Internet traffic, yet record-breaking DDoS attacks underscored rising cyber risks.

Civil society and non-profit organisations were the most targeted sectors for the first time, while government actions caused nearly half of the major Internet outages.

Connectivity varied by region, with Europe leading in speed and quality and Spain ranking highest globally. The report outlines 2025’s Internet challenges and progress, providing insights for governments, businesses, and users aiming for greater resilience and security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Crypto theft soars in 2025 with fewer but bigger attacks

Cryptocurrency theft intensified in 2025, with total stolen funds exceeding $3.4 billion despite fewer large-scale incidents. Losses became increasingly concentrated, with a few major breaches driving most of the annual damage and widening the gap between typical hacks and extreme outliers.

North Korea remained the dominant threat actor, stealing at least $2.02 billion in digital assets during the year, a 51% increase compared with 2024.

Larger thefts were achieved through fewer operations, often relying on insider access, executive impersonation, and long-term infiltration of crypto firms rather than frequent attacks.

Laundering activity linked to North Korean actors followed a distinctive and disciplined pattern. Stolen funds moved in smaller tranches through Chinese-language laundering networks, bridges, and mixing services, usually following a structured 45-day cycle.

Individual wallet attacks surged, impacting tens of thousands of victims, while the total value stolen from personal wallets fell. Decentralised finance remained resilient, with hack losses low despite rising locked capital, indicating stronger security practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!