Multiple London councils are responding to a cyberattack that has disrupted shared IT systems and raised concerns about data exposure. Kensington and Chelsea and Westminster councils detected the incident on Monday and alerted the Information Commissioner’s Office as investigations began.
The councils say they are working with specialist incident teams and the National Cyber Security Centre (NCSC) to protect systems and keep key services running. Several platforms have been affected, and staff have been redeployed to support residents through monitored phone lines and email channels.
Hammersmith and Fulham, which shares IT services with the affected councils, has also reported disruption. Local leaders say it is too early to confirm who was responsible or whether personal data has been compromised. Overnight mitigation work has been carried out as monitoring continues.
Security researchers describe indications of a serious intrusion involving lateral movement across shared infrastructure. They warn that attackers may escalate to data theft or encryption, given the sensitivity of the information held by local authorities.
National security agencies and police are assessing the incident’s potential impact. Analysts say the attack highlights long-standing risks facing councils that manage extensive services on limited budgets and with inconsistent cyber safeguards.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The internet has become part of almost everything we do. It helps us work, stay in touch with friends and family, buy things, plan trips, and handle tasks that would have felt impossible until recently. Most people cannot imagine getting through the day without it.
But there is a hidden cost to all this convenience. Most of the time, online services run smoothly, with countless systems working together in the background. But every now and then, though, a key cog slips out of place.
When that happens, the effects can spread fast, taking down apps, websites, and even entire industries within minutes. These moments remind us how much we rely on digital services, and how quickly everything can unravel when something goes wrong. It raises an uncomfortable question. Is digital dependence worth the convenience, or are we building a house of cards that could collapse, pulling us back into reality?
Warning shots of the dot-com Era and the infancy of Cloud services
In its early years, the internet saw several major malfunctions that disrupted key online services. Incidents like the Morris worm in 1988, which crashed about 10 percent of all internet-connected systems, and the 1996 AOL outage that left six million users offline, revealed how unprepared the early infrastructure was for growing digital demand.
A decade later, the weaknesses were still clear. In 2007, Skype, then with over 270 million users, went down for nearly two days after a surge in logins triggered by a Windows update overwhelmed its network. Since video calls were still in their early days, the impact was not as severe, and most users simply waited it out, postponing chats with friends and family until the issue was fixed.
As the dot-com era faded and the 2010s began, the shift to cloud computing introduced a new kind of fragility. When Amazon’s EC2 and EBS systems in the US-East region went down in 2011, the outage took down services like Reddit, Quora, and IMDb for days, exposing how quickly failures in shared infrastructure can cascade.
A year later, GoDaddy’s DNS failure took millions of websites offline, while large-scale Gmail disruptions affected users around the world, early signs that the cloud’s growing influence came with increasingly high stakes.
By the mid-2010s, it was clear that the internet had evolved from a patchwork of standalone services to a heavily interconnected ecosystem. When cloud or DNS providers stumbled, their failures rippled simultaneously across countless platforms. The move to centralised infrastructure made development faster and more accessible, but it also marked the beginning of an era where a single glitch could shake the entire web.
Centralised infrastructure and the age of cascading failures
The late 2000s and early 2010s saw a rapid rise in internet use, with nearly 2 billion people worldwide online. As access grew, more businesses moved into the digital space, offering e-commerce, social platforms, and new forms of online entertainment to a quickly expanding audience.
With so much activity shifting online, the foundation beneath these services became increasingly important, and increasingly centralised, setting the stage for outages that could ripple far beyond a single website or app.
The next major hit came in 2016, when a massive DDoS attack crippled major websites across the USA and Europe. Platforms like Netflix, Reddit, Twitter, and CNN were suddenly unreachable, not because they were directly targeted, but because Dyn, a major DNS provider, had been overwhelmed.
The attack used the Mirai botnet malware to hijack hundreds of thousands of insecure IoT devices and flood Dyn’s servers with traffic. It was one of the clearest demonstrations yet that knocking out a single infrastructure provider could take down major parts of the internet in one stroke.
In 2017, another major outage occurred, with Amazon at the centre once again. On 28 February, the company’s Simple Storage Service (S3) went down for about 4 hours, disrupting access across a large part of the US-EAST-1 region. While investigating a slowdown in the billing system, an Amazon engineer accidentally entered a typo in a command, taking more servers offline than intended.
That small error was enough to knock out services like Slack, Quora, Coursera, Expedia and countless other websites that relied on S3 for storage or media delivery. The financial impact was substantial; S&P 500 companies alone were estimated to have lost roughly 150 million dollars during the outage.
Amazon quickly published a clear explanation and apology, but transparency could not undo the economic damage nor (yet another) sudden reminder that a single mistake in a centralised system could ripple across the entire web.
Outages in the roaring 2020s
The S3 incident made one thing clear. Outages were no longer just about a single platform going dark. As more services leaned on shared infrastructure, even small missteps could take down enormous parts of the internet. And this fragility did not stop at cloud storage.
Over the next few years, attention shifted to another layer of the online ecosystem: content delivery networks and edge providers that most people had never heard of but that nearly every website depended on.
The 2020s opened with one of the most memorable outages to date. On 4 October 2021, Facebook and its sister platforms, Instagram, WhatsApp, and Messenger, vanished from the internet for nearly 7 hours after a faulty BGP configuration effectively removed the company’s services from the global routing table.
Millions of users flocked to other platforms to vent their frustration, overwhelming Twitter, Telegram, Discord, and Signal’s servers and causing performance issues across the board. It was a rare moment when a single company’s outage sent measurable shockwaves across the entire social media ecosystem.
But what happens when outages hit industries far more essential than social media? In 2023, the Federal Aviation Administration was forced to delay more than 10,000 flights, the first nationwide grounding of air traffic since the aftermath of September 11.
A corrupted database file brought the agency’s Notice to Air Missions (NOTAM) system to a standstill, leaving pilots without critical safety updates and forcing the entire aviation network to pause. The incident sent airline stocks dipping and dealt another blow to public confidence, showing just how disruptive a single technical failure can be when it strikes at the heart of critical infrastructure.
Outages that defined 2025
The year 2025 saw an unprecedented wave of outages, with server overloads, software glitches and coding errors disrupting services across the globe. The Microsoft 365 suite outage in January, the Southwest Airlines and FAA synchronisation failure in April, and the Meta messaging blackout in July all stood out for their scale and impact.
But the most disruptive failures were still to come. In October, Amazon Web Services suffered a major outage in its US-East-1 region, knocking out everything from social apps to banking services and reminding the world that a fault in a single cloud region can ripple across thousands of platforms.
Just weeks later, the Cloudflare November outage became the defining digital breakdown of the year. A logic bug inside its bot management system triggered a cascading collapse that took down social networks, AI tools, gaming platforms, transit systems and countless everyday websites in minutes. It was the clearest sign yet that when core infrastructure falters, the impact is immediate, global and largely unavoidable.
And yet, we continue to place more weight on these shared foundations, trusting they will hold because they usually do. Every outage, whether caused by a typo, a corrupted file, or a misconfigured update, exposes how quickly things can fall apart when one key piece gives way.
Going forward, resilience needs to matter as much as innovation. That means reducing single points of failure, improving transparency, and designing systems that can fail without dragging everything down. The more clearly we see the fragility of the digital ecosystem, the better equipped we are to strengthen it.
Outages will keep happening, and no amount of engineering can promise perfect uptime. But acknowledging the cracks is the first step toward reinforcing what we’ve built — and making sure the next slipped cog does not bring the whole machine to a stop.
The smoke and mirrors of the digital infrastructure
The internet is far from destined to collapse, but resilience can no longer be an afterthought. Redundancy, decentralisation and smarter oversight need to be part of the discussion, not just for engineers, but for policymakers as well.
Outages do not just interrupt our routines. They reveal the systems we have quietly built our lives around. Each failure shows how deeply intertwined our digital world has become, and how fast everything can stop when a single piece gives way.
Will we learn enough from each one to build a digital ecosystem that can absorb the next shock instead of amplifying it? Only time will tell.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
OpenAI has unveiled an updated ChatGPT interface that combines voice and text features in a single view. Users can speak naturally at any point in a chat and receive responses in text, audio, or images. The new layout also introduces real-time map displays.
The redesign adds a scrolling transcript within the chat window. It allows users to revisit earlier exchanges and move easily between reading and listening. OpenAI states that the goal is to support voice-led tasks without compromising clarity.
With the unified experience, conversations no longer require switching modes. ChatGPT can deliver audio, written, and visual replies simultaneously. Maps and images appear directly alongside the voice response.
Every spoken message is automatically transcribed. However, this helps users follow more extended discussions and keep a record for later reference. OpenAI says the feature supports both accessibility and everyday convenience.
The update is rolling out gradually across web and mobile platforms. Users who prefer the earlier voice-only layout can revert to it in settings. OpenAI says the unified mode will remain the default as development continues.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Deepfake abuse is accelerating across India as AI tools make it easy to fabricate convincing videos and images. Researchers warn that manipulated media now fuels fraud, political disinformation and targeted harassment. Public awareness often lags behind the pace of generative technology.
Recent cases involving Ranveer Singh and Aamir Khan showed how synthetic political endorsements can spread rapidly online. Investigators say cloned voices and fabricated footage circulated widely during election periods. Rights groups warn that such incidents undermine trust in media and public institutions.
Women face rising risks from non-consensual deepfakes used for harassment, blackmail and intimidation. Cases involving Rashmika Mandanna and Girija Oak intensified calls for stronger protections. Victims report significant emotional harm as edited images spread online.
Security analysts warn that deepfakes pose growing risks to privacy, dignity and personal safety. Users can watch for cues such as uneven lighting, distorted edges, or overly clean audio. Experts also advise limiting the sharing of media and using strong passwords and privacy controls.
Digital safety groups urge people to avoid engaging with manipulated content and to report suspected abuse promptly. Awareness and early detection remain critical as cases continue to rise. Policymakers are being encouraged to expand safeguards and invest in public education on emerging risks associated with AI.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
DeepSeek made a rare public appearance at the World Internet Conference in Wuzhen, where senior researcher Chen Deli restated the firm’s ambition to develop AGI. He joined other companies known as China’s ‘six little dragons’ of AI and acknowledged the potential risks of advanced systems.
Chen represented founder Liang Wenfeng, who has remained out of the public eye since meeting President Xi Jinping earlier this year. He said AI’s current limits create a short ‘honeymoon phase’ before automation reshapes employment and social stability.
The start-up, founded in 2023 as a High-Flyer spin-out, continues to focus on long-term AGI research rather than short-lived commercial trends. Chen said it was reasonable to consider the dangers of highly capable systems while still pursuing them.
His comments echoed an open letter calling for a pause on superintelligence work until strong public support and scientific consensus on safety emerge. Hundreds of experts and public figures backed the appeal for tighter oversight.
Chen argued that market incentives make slowing progress unrealistic and said widespread job replacement may ultimately define the AI revolution. Other firms from China, including Zhipu AI and Alibaba, outlined plans for more powerful infrastructure to meet rising compute demand.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Google Maps is rolling out new Gemini-powered features to streamline travel planning and reduce everyday friction. The update includes Insider Tips for venues, a refreshed Explore tab, predictions of EV-charger availability, and the option to review businesses under a nickname.
Insider Tips uses Gemini to analyse reviews and local data, offering practical guidance on parking details, dress codes, and lesser-known menu items. The feature is launching first in the United States on Android and iOS before expanding further.
The Explore tab has been redesigned with curated lists of trending restaurants, attractions, and activities. Google says the update will be available globally this month, helping users discover new places without having to sort through lengthy reviews.
EV drivers will gain predictive insights into charger availability, with Maps estimating how many ports are likely to be free when they arrive. The feature will begin rolling out next week on Android Auto and Google-built-in vehicles.
Users can also choose to leave business reviews under a nickname and profile picture instead of their real name, offering greater privacy without losing review protections. Google says the option will roll out across Android, iOS, and desktop.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
India has activated new Digital Personal Data Protection rules that sharply restrict how technology firms collect and use personal information. The framework limits data gathering to what is necessary for a declared purpose and requires clear explanations, opt-outs, and breach notifications for Indian users.
The rules apply across digital platforms, from social media and e-commerce to banks and public services. Companies must obtain parental consent for individuals under 18 and are prohibited from using children’s data for targeted advertising. Firms have 18 months to comply with the new safeguards.
Users can request access to their data, ask why it was collected, and demand corrections or updates. They may withdraw consent at any time and, in some cases, request deletion. Companies must respond within 90 days, and individuals can appoint someone to exercise these rights.
Civil society groups welcomed stronger user rights but warned that the rules may also expand state access to personal data. The Internet Freedom Foundation criticised limited oversight and said the provisions risk entrenching government control, reducing transparency for citizens.
India is preparing further digital regulations, including new requirements for AI and social media firms. With nearly a billion online users, the government has urged platforms to label AI-generated content amid rising concerns about deepfakes, online misinformation, and election integrity.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Google has issued an emergency update to fix the seventh Chrome zero-day exploited in attacks this year. The flaw, tracked as CVE-2025-13223, is caused by a type confusion bug in the browser’s V8 JavaScript engine and was used in the wild before the patch was released.
The company says updates will roll out across the Stable Desktop channel in the coming weeks, though users can install the fix immediately by checking for updates in Chrome’s settings. Google is withholding technical details until most users have upgraded to avoid encouraging further exploitation.
The vulnerability was reported by a member of Google’s Threat Analysis Group and allowed attackers to trigger code execution or browser crashes through malicious HTML pages. It continues a pattern of high-severity zero-days discovered and patched throughout 2025.
Google stresses that prompt updates remain essential, as attackers often target unpatched systems. Automatic updates can help ensure that newly released fixes reach users quickly and reduce exposure to emerging threats.
Security experts also recommend enabling scheduled antivirus scans and using protective features, such as hardened browsers or VPNs. With multiple zero-days already patched this year, analysts say more are likely, and users should keep Chrome’s update settings enabled.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Cloudflare has resolved a technical issue that briefly disrupted access to major platforms, including X, ChatGPT, and Letterboxd. Users had earlier reported internal server error messages linked to Cloudflare’s network, indicating that pages could not be displayed.
The disruption began around midday UK time, with some sites loading intermittently as the problem spread across the company’s infrastructure. Cloudflare confirmed it was investigating an incident affecting multiple customers and issued rolling updates as engineers worked to identify the fault.
Outage tracker Down Detector also experienced difficulties during the incident, later showing a sharp rise in reports once it came back online. The pattern pointed to a broad network-level failure rather than isolated platform issues.
Users saw repeated internal server error warnings asking them to try again, though services began recovering as Cloudflare isolated the cause. The company has not yet released full technical details, but said the fault has been fixed and that systems are stabilising.
Cloudflare provides routing, security, and reliability tools for a wide range of online services, making a single malfunction capable of cascading globally. The company said it would share further information on the incident and steps taken to prevent similar failures.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Cloudflare says its global outage on 18 November was caused by an internal configuration error, not a cyberattack. CEO Matthew Prince apologised to users after a permissions update to a ClickHouse cluster generated a malformed feature file that caused systems worldwide to crash.
The oversized file exceeded a hard limit in Cloudflare’s routing software, triggering failures across its global edge. Intermittent recoveries during the first hours of the incident led engineers to suspect a possible attack, as the network randomly stabilised when a non-faulty file propagated.
Confusion intensified when Cloudflare’s externally hosted status page briefly became inaccessible, raising fears of coordinated targeting. The root cause was later traced to metadata duplication from an unexpected database source, which doubled the number of machine-learning features in the file.
The outage affected Cloudflare’s CDN, security layers, and ancillary services, including Turnstile, Workers KV, and Access. Some legacy proxies kept limited traffic moving, but bot scores and authentication systems malfunctioned, causing elevated latencies and blocked requests.
Engineers halted the propagation of the faulty file by mid-afternoon and restored a clean version before restarting affected systems. Prince called it Cloudflare’s most serious failure since 2019 and said lessons learned will guide major improvements to the company’s infrastructure resilience.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
