The EU Council, along with its member states, has adopted a declaration for the first time on this specific topic establishing a unified understanding of how international law applies to cyberspace. This declaration underscores that cyberspace is not a lawless realm and reaffirms that international law, including the UN Charter, international human rights law, and international humanitarian law, is fully applicable to activities conducted in cyberspace.
The declaration highlights the escalating threat of malicious cyber activities, such as ransomware, which have grown in scale, sophistication, and impact, posing significant risks to European societies and economies. Recognising these challenges, the EU emphasizes that adherence to the UN framework of responsible state behavior in cyberspace is essential for preserving international peace, security, and stability.
In the declaration, the EU and its member states have commented on principle of non-intervention, state sovereignty, due diligence, attribution, and countermeasures. In particular, the document highlights that “States exercise territorial jurisdiction over Information and Communications Technology (ICT) infrastructure located in their territory, and persons engaged in cyber activities, within their territory”.
The official press release notes that the declaration’s foundation was laid in April 2024, when the European External Action Service (EEAS) presented a non-paper on the topic. After careful deliberation and collaboration between the Horizontal Working Party on Cyber Issues (HWPCI) and the Working Party on Public International Law (COJUR), the text was finalized and approved by the Permanent Representatives Committee (COREPER) on 13 November 2024.
Australia has raised concerns about the growing number of cyberattacks on critical infrastructure, with over 11% of reported incidents last year targeting essential services like electricity, water, transport, and education. The Australian Signals Directorate’s latest report highlights state-sponsored actors and cybercriminals as key threats, employing advanced techniques such as phishing, brute-force attacks, and exploiting public-facing systems.
Defence Minister Richard Marles warned of an increasing focus on critical infrastructure by both criminal groups and foreign governments. Australia has attributed cyber incidents to countries including China, Russia, and Iran, with China allegedly shifting from espionage to disruptive cyber operations. Beijing has denied these accusations, dismissing them as baseless.
The report underscores the evolving cyber landscape and the urgent need for bolstered defences to safeguard Australia’s essential systems.
Germany‘s Federal Court of Justice (BGH) has ruled that Facebook users affected by data breaches in 2018 and 2019 are entitled to compensation, even without proving financial losses. The court determined that the loss of control over personal data is sufficient grounds for damages, marking a significant step in data protection law.
The case stems from a 2021 breach involving Facebook’s friend search feature, where third parties accessed user accounts by exploiting phone number guesses. Lower courts in Cologne previously dismissed compensation claims, but the BGH ordered a re-examination, suggesting around €100 in damages could be awarded per user without proof of financial harm.
Meta, Facebook’s parent company, has resisted compensation, arguing that users did not suffer concrete damages. A spokesperson for Meta described the ruling as inconsistent with recent European Court of Justice decisions and noted that similar claims have been dismissed by German courts in thousands of cases. The breach reportedly impacted around six million users in Germany.
The court also instructed a review of Facebook’s terms of use, questioning whether they were transparent and whether user consent for data handling was voluntary. The decision adds pressure on companies to strengthen data protection measures and could set a precedent for future claims across Europe.
The US Senate Judiciary subcommittee will convene a hearing on Tuesday to investigate recent Chinese cyberattacks targeting American telecommunications companies. The hearing, led by Senator Richard Blumenthal, will delve into the national security threats posed by these breaches and their impact on the US economy.
Authorities allege that China-linked hackers accessed surveillance data from telecom networks, intercepting sensitive communications tied to government and political figures. This breach has heightened concerns over the security of critical infrastructure, especially as bipartisan lawmakers scrutinise the role of major providers like AT&T and Verizon.
The session will also include discussions on Elon Musk’s business ties with China amid his growing involvement in US government affairs. Witnesses, including cybersecurity and industry experts, are expected to shed light on the scale and potential consequences of these incidents. Beijing, however, has denied any involvement in cyber espionage activities.
Swiss and Nepalese regulators have raised red flags about the growing risks of cryptocurrency misuse. In its latest Risk Monitor report, Switzerland’s financial watchdog FINMA identified digital assets, especially stablecoins, as a high-risk area for money laundering. The agency highlighted their role in sanctions evasion, dark web transactions, and cyberattacks. FINMA has tightened oversight of financial institutions offering crypto-related services to safeguard the sector’s reputation.
Meanwhile, Nepal’s Financial Intelligence Unit (FIU) reported a surge in crypto misuse for cross-border money laundering and fraudulent investment schemes. Despite a national ban on crypto trading, fraudsters continue exploiting digital assets to obscure illicit funds. Victims often avoid reporting crimes, fearing legal repercussions or social stigma, hindering enforcement efforts.
Authorities in both countries are calling for robust measures to combat these threats, emphasising the need for heightened vigilance and better reporting mechanisms.
Roblox has announced new measures to protect users under 13, permanently removing their ability to send messages outside of games. In-game messaging will remain available, but only with parental consent. Parents can now remotely manage accounts, oversee friend lists, set spending controls, and enforce screen time limits.
The gaming platform, which boasts 89 million users, has faced scrutiny over claims of child abuse on its service. In August, Turkish authorities blocked Roblox, citing concerns over user-generated content. A lawsuit filed in 2022 accused the company of facilitating exploitation, including sexual and financial abuse of a young girl in California.
New rules also limit communication for younger players, allowing under-13 users to receive public broadcast messages only within specific games. Roblox will implement updated content descriptors such as ‘Minimal’ and ‘Restricted’ to classify games, restricting access for users under nine to appropriate experiences.
Access to restricted content will now require users to be at least 17 years old and verify their age. These changes aim to enhance child safety amid growing concerns and highlight Roblox’s efforts to address ongoing challenges in its community.
Russian security experts have uncovered a new deepfake scam exploiting the image of Donald Trump, targeting English-speaking audiences. FACCT, a Moscow-based cybercrime prevention firm, reported that scammers are using a bot to create deepfake videos of prominent figures like Trump, Elon Musk, and Tucker Carlson. These videos are being shared on platforms such as TikTok and YouTube to promote fraudulent crypto exchanges.
The bot allows users to generate customised videos with text up to 400 characters long, which fraudsters use to advertise fake trading platforms. FACCT identified three primary scams: fake exchanges where victims’ tokens are stolen, malware links that compromise crypto wallets, and bogus tokens that can’t be sold.
This warning follows a rise in crypto-related scams in Russia, including digital ruble frauds. Authorities are urging vigilance as the Russian Central Bank prepares to launch its central bank digital currency nationwide next year.
David Attenborough has criticised American AI firms for cloning his voice to narrate partisan reports. Outlets such as The Intellectualist have used his distinctive voice for topics including US politics and the war in Ukraine.
The broadcaster described these acts as ‘identity theft’ and expressed profound dismay over losing control of his voice after decades of truthful storytelling. Scarlett Johansson has faced a similar issue, with AI mimicking her voice for an online persona called ‘Sky’.
Experts warn that such technology poses risks to reputations and legacies. Dr Jennifer Williams of Southampton University highlighted the troubling implications for Attenborough’s legacy and authenticity in the public eye.
Regulations to prevent voice cloning remain absent, raising concerns about its misuse. The Intellectualist has yet to comment on Attenborough’s allegations.
Japan, the United States, and South Korea concluded a three-day joint military exercise, Freedom Edge, showcasing their commitment to strengthening multi-domain defence cooperation amidst escalating tensions in East Asia. Select training sessions were open to media in the second iteration of Freedom Edge. The drills spanned maritime, aerial, and cyber domains, and operations were conducted in strategic areas, including the East China Sea near South Korea’s Jeju Island.
Designed to counter various threats — from ballistic missiles and cyberattacks to fighter jets and submarines — the drills emphasised seamless coordination among the three nations’ forces. By refining joint response procedures, the exercise bolstered deterrence and preparedness for complex regional challenges.
President Joe Biden and China’s President Xi Jinping held a two-hour meeting on the sidelines of the APEC summit on Saturday. Both leaders reached a significant agreement to prevent AI from controlling nuclear weapons systems and made progress on securing the release of two US citizens wrongfully detained in China. Biden also pressured Xi to reduce North Korea’s support for Russia in the ongoing Ukraine conflict.
The breakthrough in nuclear safety, particularly the commitment to maintain human control over nuclear decisions, was reported as an achievement for Biden’s foreign policy. Xi, in contrast, called for greater dialogue and cooperation with the US and cautioned against efforts to contain China. His remarks also acknowledged rising geopolitical challenges, hinting at the difficulties that may arise under a Trump presidency. The meeting showcased a shift in tone from their previous encounter in 2023, reflecting a more constructive dialogue despite underlying tensions.
Reuters reported that it remains uncertain whether the statement will result in additional talks or concrete actions on the issue. The US has long held the position that AI should assist and enhance military capabilities, but not replace human decision-making in high-stakes areas such as nuclear weapons control. Last year, the Biden-Harris administration announced the Political declaration on responsible military use of AI and autonomy, and more than 20 countries endorsed the declaration. The declaration specifically underlines that “military use of AI capabilities needs to be accountable, including through such use during military operations within a responsible human chain of command and control”.
