Human rights principles

University of Phoenix breach exposes millions in major Oracle attack

Almost 3.5 million students, staff and suppliers linked to the University of Phoenix have been affected by a data breach tied to a sophisticated cyber extortion campaign. The incident followed unauthorised access to internal systems, exposing highly sensitive personal and financial information.

Investigations indicate attackers exploited a zero-day vulnerability in Oracle E-Business Suite, a widely used enterprise financial application. The breach surfaced publicly after the Clop ransomware group listed the university on its leak site, prompting internal reviews and regulatory disclosures.

Compromised data includes names, contact details, dates of birth, social security numbers and banking information. University officials have confirmed that affected individuals are being notified, while filings with US regulators outline the scale and nature of the incident.

The attack forms part of a broader wave of intrusions targeting American universities and organisations using Oracle platforms. As authorities offer rewards for intelligence on Clop’s operations, the breach highlights growing risks facing educational institutions operating complex digital infrastructures.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber incident hits France’s postal and banking networks

France’s national postal service, La Poste, suffered a cyber incident days before Christmas that disrupted websites, mobile applications and parts of its delivery network.

The organisation confirmed a distributed denial of service attack temporarily knocked key digital systems offline, slowing parcel distribution during the busiest period of the year.

A disruption that also affected La Banque Postale, with customers reporting limited access to online banking and mobile services. Card payments in stores, ATM withdrawals, and authenticated online payments continued to function, easing concerns over wider financial instability.

La Poste stated there was no evidence of customer data exposure, although several post offices in France operated at reduced capacity. Staff were deployed to restore services while maintaining in-person banking and postal transactions where possible.

The incident added to growing anxiety over digital resilience in critical public services, particularly following a separate data breach disclosed at France’s Interior Ministry last week. Authorities have yet to identify those responsible for the attack on La Poste.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI fuels online abuse of women in public life

Generative AI is increasingly being weaponised to harass women in public roles, according to a new report commissioned by UN Women. Journalists, activists, and human rights defenders face AI-assisted abuse that endangers personal safety and democratic freedoms.

The study surveyed 641 women from 119 countries and found that nearly one in four of those experiencing online violence reported AI-generated or amplified abuse.

Writers, communicators, and influencers reported the highest exposure, with human rights defenders and journalists also at significant risk. Rapidly developing AI tools, including deepfakes, facilitate the creation to harmful content that spreads quickly on social media.

Online attacks often escalate into offline harm, with 41% of women linking online abuse to physical harassment, stalking, or intimidation. Female journalists are particularly affected, with offline attacks more than doubling over five years.

Experts warn that such violence threatens freedom of expression and democratic processes, particularly in authoritarian contexts.

Researchers call for urgent legal frameworks, platform accountability, and technological safeguards to prevent AI-assisted attacks on women. They advocate for human rights-focused AI design and stronger support systems to protect women in public life.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU renews UK data adequacy decisions until 2031

The European Commission has renewed its two adequacy decisions allowing the continued free flow of personal data between the European Union and the United Kingdom. The decision confirms that UK data protection rules remain essentially equivalent to EU standards.

The adequacy findings cover both the General Data Protection Regulation and the Law Enforcement Directive, enabling personal data to move freely between the European Economic Area and the UK without additional safeguards.

In June 2025, the Commission adopted a temporary six-month extension after the original decisions were due to expire, allowing time to assess changes introduced by the UK’s Data (Use and Access) Act.

The renewal follows a positive opinion from the European Data Protection Board and approval from EU member states through the comitology procedure, completing the formal adoption process.

The renewed decisions include a six-year sunset clause, running until December 2031. A joint review by the Commission and the European Data Protection Board is scheduled after four years.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Android botnet Kimwolf infects nearly two million smart devices

Cybersecurity researchers have identified a large Android-based botnet capable of more than distributed denial-of-service attacks, highlighting growing risks from compromised consumer devices. The botnet, dubbed Kimwolf, is estimated to control close to two million infected systems worldwide.

The findings come from QiAnXin XLab, which said Kimwolf has infected around 1.8 million devices, mainly smart TVs, set-top boxes and tablets. Most infections were observed in Brazil, India, the US, Argentina, South Africa and the Philippines.

XLab said the infection vector remains unclear, but affected devices were linked to low-cost Android-based brands used for media streaming. Researchers noted repeated attempts to disrupt the Kimwolf, with its command-and-control infrastructure taken down several times before re-emerging.

According to the report, Kimwolf has adapted by shifting to decentralised infrastructure, including the use of Ethereum Name Service domains. Analysts also identified overlaps in code and infrastructure with AISURU, a botnet linked to record-scale DDoS attacks.

Cloudflare recently described AISURU as one of the largest robot networks observed, capable of attacks exceeding 29 terabits per second. XLab said shared infrastructure suggests both botnets are operated by the same threat group.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

How Microsoft is teaching AI to understand biological systems

Medicine still relies largely on population averages, even though genetic and cellular differences shape how diseases develop and respond to treatment.

Researchers at Microsoft argue that AI could transform healthcare by learning the language of biology and enabling truly personalised medicine instead of one-size-fits-all therapies.

Ava Amini, principal researcher at Microsoft Research, explains that AI can detect biological patterns at a scale impossible for human analysis.

Single cancer biopsies can generate tens of millions of data points, allowing AI models to identify meaningful signals and support precision treatment strategies tailored to individual patients.

Building on decades of biological coding systems, Microsoft has developed generative models such as EvoDiff and the Dayhoff Atlas to design new proteins using biological language.

Lab testing has shown a marked improvement in functional success, demonstrating that AI-driven protein design is moving beyond theory into real-world application.

Challenges remain in modelling entire human cells, where current AI systems still predict averages rather than biological diversity. Microsoft researchers continue to pursue integrated experimental and computational approaches, aiming to bring precision oncology closer to everyday clinical practice.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU moves to extend child abuse detection rules

The European Commission has proposed extending the Interim Regulation that allows online service providers to voluntarily detect and report child sexual abuse instead of facing a legal gap once the current rules expire.

These measures would preserve existing safeguards while negotiations on permanent legislation continue.

The Interim Regulation enables providers of certain communication services to identify and remove child sexual abuse material under a temporary exemption from e-Privacy rules.

Without an extension beyond April 2026, voluntary detection would have to stop, making it easier for offenders to share illegal material and groom children online.

According to the Commission, proactive reporting by platforms has played a critical role for more than fifteen years in identifying abuse and supporting criminal investigations. Extending the interim framework until April 2028 is intended to maintain these protections until long-term EU rules are agreed.

The proposal now moves to the European Parliament and the Council, with the Commission urging swift agreement to ensure continued protection for children across the Union.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TSA introduces a fee for travellers without ID

From 1 February, the US Transportation Security Administration will charge a $45 fee to travellers who arrive at airports without a valid form of identification, such as a REAL ID or passport.

A measure that is linked to the rollout of a new alternative identity verification system designed to modernise security checks.

The fee applies to passengers using TSA Confirm.ID, a process that may involve biometric or biographic verification. Even after payment, access to the secure area is not guaranteed, and the charge will remain non-refundable, valid for a period of ten days.

According to the TSA, the policy ensures that the traveller, instead of taxpayers, bears the cost of verifying insufficient identification. Officials have urged passengers to obtain a REAL ID or other approved documentation to avoid delays or missed flights.

The agency has indicated that travellers will be encouraged to pay the fee online before arrival. At the same time, further details are expected on how advance payment and verification will operate across different airports.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Dubai charities open doors to crypto donations

Dubai charities now accept donations in cryptocurrencies and virtual assets through a new service launched by the Islamic Affairs and Charitable Activities Department. The move signals a shift towards modernised fundraising channels across the emirate.

The service supports Dubai’s wider digital transformation strategy and aims to improve efficiency within the charitable donation ecosystem. Donors can now use globally recognised payment options, highlighting the rising use of virtual assets as valid financial tools.

Regulation remains central to the initiative, with IACAD introducing clear policies to protect donors, enhance transparency, and ensure compliance with approved standards. Introductory workshops have also been organised to guide charities through operational and procedural requirements.

Officials stressed that charities need preliminary authorisation to ensure donations are processed securely and in accordance with regulations. The initiative further reinforces Dubai’s ambition to lead in innovative and technology-driven humanitarian work.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK plans ban on deepfake AI nudification apps

Britain plans to ban AI-nudification apps that digitally remove clothing from images. Creating or supplying these tools would become illegal under new proposals.

The offence would build on existing UK laws covering non-consensual sexual deepfakes and intimate image abuse. Technology Secretary Liz Kendall said developers and distributors would face harsh penalties.

Experts warn that nudification apps cause serious harm, mainly when used to create child sexual abuse material. Children’s Commissioner Dame Rachel de Souza has called for a total ban on the technology.

Child protection charities welcomed the move but want more decisive action from tech firms. The government said it would work with companies to stop children from creating or sharing nude images.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!