The EU is facing a significant divide among its member states regarding the regulation of high-risk telecom suppliers, particularly Huawei and ZTE, in the context of 5G network infrastructure. Eleven of the 27 EU countries have enacted legal measures to restrict these suppliers following the European Commission’s adoption of the 5G Cybersecurity Toolbox in 2020.
The following divide reflects varying levels of concern about national security, economic interests, and diplomatic relations. Scepticism surrounding Huawei and ZTE intensified in 2018 when numerous countries, including the US and Japan, began excluding these companies from public tenders due to allegations of espionage and their ties to the Chinese government.
Sweden was among the first EU nations to ban Huawei, mandating the removal of its equipment from 5G networks by 1 January 2025. Despite Huawei’s denials of wrongdoing, distrust persists within the EU. Responses to these security concerns vary significantly. Germany has announced that components from Huawei and ZTE must be removed from its 5G core networks by the end of 2026, aligning with its National Security Strategy.
In contrast, Italy has taken a more cautious approach, evaluating cases involving Huawei individually. Despite signing a 5G security declaration with the US, Slovenia rejected a bill to exclude high-risk manufacturers, indicating a more lenient stance.
NATO’s initiative to enhance global internet resilience through satellite communications has made significant strides since its launch on 31 July 2024. With a $2.5 million investment from NATO’s Science for Peace and Security (SPS) programme, the project aims to create a hybrid network that can reroute data during emergencies when undersea cables are compromised.
Collaborating with prestigious institutions like Cornell University and Johns Hopkins University, the consortium known as HEIST is focused on developing a working prototype within the next two years, with a demonstration planned at the Blekinge Institute of Technology in Sweden.
The initiative seeks to bolster internet security by integrating satellite and submarine cable technologies and addresses the complex legal challenges associated with international telecommunications. By promoting collaboration among NATO Allies and partners, this project represents a proactive approach to safeguarding critical infrastructure and ensuring the stability of global communications in an increasingly digital landscape.
A massive data breach has resulted in the exposure of over 2.7 billion records from National Public Data (NPD), now available on a criminal forum. The leaked data includes sensitive information such as names, mailing addresses, and Social Security numbers. Although the exact accuracy of the records is unclear, the breach is substantial, potentially affecting a significant portion of the US population.
The stolen database was posted on Breachforums, a site known for distributing such leaks, and was made available for free download. NPD, which compiles and sells personal data from public sources, is facing multiple lawsuits for failing to protect this information. The breach highlights ongoing issues with data security, as this is not the first time NPD’s data has been compromised.
In response to the data breach, there are increased calls for improved data protection measures and identity theft protection. Affected individuals are advised to monitor their accounts and be cautious of phishing attempts. This incident underscores the need for stronger encryption and security practices to safeguard personal data.
NPD has not yet responded to requests for comment. The breach raises serious concerns about the company’s data management practices and its responsibility to protect the information it collects.
The Pakistan Software Houses Association (P@SHA) has warned that Pakistan’s new internet firewall could cost the economy up to $300 million. The firewall, designed to monitor and regulate online content, has already led to significant disruptions including prolonged internet outages and unstable VPN performance, threatening business operations across the country. P@SHA describes these issues as a severe blow to the industry’s viability.
The government, which denies using the firewall for censorship, has faced criticism for its lack of transparency. This yhas sparked fears among internet users and international IT clients about data privacy and security. The firewall’s impact on the economy is exacerbated by existing restrictions, such as the blocking of the social media platform X.
P@SHA has called for an immediate halt to the firewall, urging the government to collaborate with the industry to establish a robust cybersecurity framework. IT sector of Pakistan, which recorded a significant increase in exports this year, stands to suffer considerable losses if the disruptions continue.
California is set to vote on SB 1047, a bill designed to prevent catastrophic harm from AI systems. The bill targets large AI models—those costing over $100 million to train and using immense computing power—requiring their developers to implement strict safety protocols. These include emergency shut-off mechanisms and third-party audits. The Frontier Model Division (FMD) will oversee compliance and enforce penalties for violations.
Supporters of the bill, including State Senator Scott Wiener and prominent AI researchers, contend that preemptive regulation is essential to safeguard against potential AI disasters. They believe it’s crucial to establish regulations before serious incidents occur. The bill is expected to be approved by the Senate and is now awaiting a decision from Governor Gavin Newsom.
If passed, SB 1047 would not take effect immediately, with the FMD scheduled to be established by 2026. The bill is anticipated to face legal challenges from various stakeholders who are concerned about its implications for the tech industry.
Two US lawmakers have called on the Biden administration to investigate Chinese company TP-Link Technology Co. over concerns that its WiFi routers could pose a national security risk. The request was made in a letter to the Commerce Department, highlighting the potential for cyber attacks using vulnerabilities in TP-Link firmware. The company, a global leader in WiFi router sales, has not yet responded to the inquiry.
Concerns were raised after reports surfaced that TP-Link routers were exploited in cyber attacks targeting government officials in Europe. The lawmakers expressed fears that similar attacks could be carried out against the US infrastructure. They have urged the Commerce Department to assess the threat posed by Chinese-affiliated routers, particularly TP-Link’s, given its market dominance.
TP-Link, founded in China in 1996, has been linked to cybersecurity concerns before. Last year, the US Cybersecurity and Infrastructure Agency flagged vulnerabilities in the company’s routers that could be used for remote attacks. Around the same time, a Chinese state-sponsored hacking group was found to have targeted European officials using malicious implants in TP-Link routers.
The Commerce Department has the authority to impose bans or restrictions on technology transactions with companies from nations considered adversarial to US interests, including China. The investigation could lead to new measures aimed at preventing potential security risks from Chinese-made equipment in critical US infrastructure.
Hackers connected to Russian intelligence have been targeting Kremlin critics worldwide through phishing emails, as revealed by research from Citizen Lab and Access Now. The cyberattacks, which began in 2022, have affected Russian opposition figures in exile, former US officials, and EU non-profits, among others. These attacks are part of a broader internet espionage operation aimed at accessing sensitive networks and contacts.
A key feature of the campaign is the use of malicious emails that appear to come from known contacts, making them particularly deceptive. Victims include a former US ambassador to Ukraine, who received an email impersonating a colleague. Many of those targeted fell for the scam, which led them to fake login pages designed to steal their credentials.
The hacking groups behind the attacks, identified as Cold River and Coldwastrel, have been linked to Russia’s Federal Security Service (FSB). Cold River, known for its prolific activity since 2016, has intensified its efforts against Kyiv’s allies since the invasion of Ukraine. Some of its members have faced sanctions from the US and Britain.
Citizen Lab warns that the consequences of these cyberattacks could be severe, particularly for those still in Russia, where successful breaches could lead to imprisonment. Despite the serious implications, the Russian embassy has not commented on the allegations, continuing to deny involvement in previous hacking incidents.
GitHub, a major platform for developers and code repositories, experienced a significant outage on Wednesday, affecting its website and multiple services. The issues were linked to changes in the platform’s database infrastructure, which have since been rolled back. As of 8:26PM ET, GitHub confirmed that all services are now fully operational.
Earlier, many users encountered an error message when trying to access the site, which stated, ‘no server is currently available to service your request.’ Alongside this message, users were greeted by an image of an angry unicorn. The outage impacted core services, including pull requests, GitHub Pages, Copilot, and the GitHub API.
The outage escalated quickly, with GitHub’s first status message at 7:11PM ET, followed by reports of issues with several key services. According to Downdetector, more than 10,000 users reported problems within minutes of the first alert. International outages were confirmed by internet monitoring service NetBlocks just two minutes later.
GitHub, which was acquired by Microsoft in 2018, has not yet provided a detailed comment on the incident. However, services have now returned to normal, and the platform continues to monitor its systems for any lingering issues.
The White House and the Department of Homeland Security (DHS) have announced an $11 million initiative to explore and enhance the security of open-source software (OSS) used in critical infrastructure sectors such as healthcare, transportation, and energy production. This effort, known as the Open-Source Software Prevalence Initiative (OSSPI), aims to map out the use of open-source software across these vital areas, enabling the federal government and private sector to bolster national cybersecurity.
The initiative was officially announced by the White House, and further details were shared over the weekend at the DEF CON cybersecurity conference by National Cyber Director Harry Coker. A key component of this initiative is the formation of a public-private working group, set to be established later this year, to develop strategies for enhancing the security of OSS. Although specific details about the initiative are not known yet, the White House released a summary report last year containing a dozen recommendations from the cybersecurity community on areas for federal focus in open source security.
The report outlines several ongoing and planned activities, including:
Securing software package repositories
Strengthening collaboration between the federal government and open-source communities
Expanding the use of Software Bill of Materials (SBOMs)
Enhancing the security of the software supply chain
Establishing an ‘Open-Source Program Office’
Implementing vulnerability severity metrics
Boosting educational initiatives
Phasing out legacy software
While the White House has clarified that it does not intend to penalise underfunded open-source developers, Coker has repeatedly stressed that software manufacturers must be held accountable when they prioritize speed over security. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly echoed these sentiments at the Black Hat cybersecurity conference, advocating for a software liability regime with clear standards of care and safe harbor provisions for vendors who prioritise secure development practices.
Government agencies in Australia must disclose their use of AI within six months under a new policy effective from 1st September. The policy mandates that agencies prepare a transparency statement detailing their AI adoption and usage, which must be publicly accessible. Agencies must also designate a technology executive responsible for ensuring the policy’s implementation.
The transparency statements, updated annually or after significant changes, will include information on compliance, monitoring effectiveness, and measures to protect the public from potential AI-related harm. Although staff training on AI is strongly encouraged, it is not a mandatory requirement under the new policy.
The policy was developed in response to concerns about public trust, recognising that a lack of transparency and accountability in AI use could hinder its adoption. The government in Australia aims to position itself as a model of safe and responsible AI usage by integrating the new policy with existing frameworks and legislation.
Minister for Finance and the APS, Katy Gallagher, emphasised the importance of the policy in guiding agencies to use AI responsibly, ensuring Australians’ confidence in the government’s application of these technologies.
