Network security

Ransomware disrupts Ingram Micro’s systems and operations

Ingram Micro has confirmed a ransomware attack that affected internal systems and forced some services offline. The global IT distributor says it acted quickly to contain the incident, implemented mitigation steps, and involved cybersecurity experts.

The company is working with a third-party firm to investigate the breach and has informed law enforcement. Order processing and shipping operations have been disrupted while systems are being restored.

While details remain limited, the attack is reportedly linked to the SafePay ransomware group.

According to BleepingComputer, the gang exploited Ingram’s GlobalProtect VPN to gain access last Thursday.

In response, Ingram Micro shut down multiple platforms, including GlobalProtect VPN and its Xvantage AI platform. Employees were instructed to work remotely as a precaution during the response effort.

SafePay first appeared in late 2024 and has targeted over 220 companies. It often breaches networks using password spraying and compromised credentials, primarily through VPNs.

Ingram Micro has not disclosed what data was accessed or the size of the ransom demand.

The company apologised for the disruption and said it is working to restore systems as quickly as possible.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Scammers shift focus to businesses amid surge in attacks

Businesses increasingly fall prey to scams, with more than 74,000 attacks reported to the FBI between 2023 and 2024. The Better Business Bureau (BBB) warns that companies face significant threats from data breaches, impersonation, and fake services.

In the US, losses from data breaches alone averaged $4.9 million per company in 2024, up to $1.4 billion. Scammers use familiar tactics, such as posing as trusted individuals and making urgent demands for payment or sensitive data.

Smaller businesses are especially at risk, often lacking dedicated IT support or robust security teams. Juggling multiple responsibilities makes them easier targets for sophisticated scam operations.

The BBB advises businesses to train staff to recognise suspicious behaviour and to enforce secure payment processes. Strengthening cybersecurity with tools like firewalls and multi-factor authentication can also reduce the attack risk.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google hit with EU complaint over AI Overviews

After a formal filing by the Independent Publishers Alliance, Google has faced an antitrust complaint in the European Union over its AI Overviews feature.

The group alleges that Google has been using web content without proper consent to power its AI-generated summaries, causing considerable harm to online publishers.

The complaint claims that publishers have lost traffic, readers and advertising revenue due to these summaries. It also argues that opting out of AI Overviews is not a real choice unless publishers are prepared to vanish entirely from Google’s search results.

AI Overviews were launched over a year ago and now appear at the top of many search queries, summarising information using AI. Although the tool has expanded rapidly, critics argue it drives users away from original publisher websites, especially news outlets.

Google has responded by stating its AI search tools allow users to ask more complex questions and help businesses and creators get discovered. The tech giant also insisted that web traffic patterns are influenced by many factors and warned against conclusions based on limited data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU rejects delay for AI Act rollout

The EU has confirmed it will enforce its originally scheduled AI Act, despite growing calls from American and European tech firms to delay the rollout.

Major companies, including Alphabet, Meta, ASML and Mistral, have urged the European Commission to push back the timeline by several years, citing concerns over compliance costs.

Rejecting the pressure, a Commission spokesperson clarified there would be no pause or grace period. The legislation’s deadlines remain, with general-purpose AI rules taking effect this August and stricter requirements for high-risk systems following August 2026.

The AI Act represents the EU’s effort to regulate AI across various sectors, aiming to balance innovation and public safety. While tech giants argue that the rules are too demanding, the EU insists legal certainty is vital and the framework must move forward as planned.

The Commission intends to simplify the process later in the year, such as easing reporting demands for smaller businesses. Yet the core structure and deadlines of the AI Act will not be altered.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Regions seek role in EU hospital cyber strategy

The European Commission’s latest plan to strengthen hospital cybersecurity has drawn attention from regional authorities across the EU, who say they were excluded from key decisions.

Their absence, they argue, could weaken the strategy’s overall effectiveness.

With cyberattacks on healthcare systems growing, regional representatives insist they should have a seat at the table.

As those directly managing hospitals and public health, they warn that top-down decisions may overlook urgent local challenges and lead to poorly matched policies.

The Commission’s plan includes creating a dedicated health cybersecurity centre under the EU Agency for Cybersecurity (ENISA) and setting up an EU-wide threat alert system.

Yet doubts remain over how these goals will be met without extra funding or clear guidance on regional involvement.

The concerns point to the need for a more collaborative approach that values regional knowledge.

Without it, the EU risks designing cybersecurity protections that fail to reflect the realities inside Europe’s hospitals.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom unveils $700B cybersecurity upgrade

SK Telecom has announced a major cybersecurity initiative worth KRW 700 billion, designed to restore trust and enhance information security after a recent incident.

The company’s new programme, called the Accountability and Commitment Program, includes four elements to protect customers and reinforce transparency.

A central part of the initiative is the Information Protection Innovation Plan, which involves a five-year investment to build a world-class cybersecurity system.

The project will follow the US National Institute of Standards and Technology’s Cybersecurity Framework and aims to position SK Telecom as Korea’s leader in information security by 2028.

To further support affected customers, the company is upgrading its Customer Assurance Package and introducing a Customer Appreciation Package to thank users for their patience and loyalty.

A subscription cancellation fee waiver has also been included to reduce friction for those reconsidering their service.

SK Telecom says it will maintain its commitment to customer safety and service reliability, pledging to fully address all concerns and enhance security and service quality across the board.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Council of Europe picks Jylo to power AI platform

The Council of Europe has chosen Jylo, a European enterprise AI provider, to support over 3,000 users across its organisation.

The decision followed a competitive selection process involving multiple AI vendors, with Jylo standing out for its regulatory compliance and platform adaptability.

As Europe’s leading human rights body, the Council aims to use AI responsibly to support its legal and policy work. Jylo’s platform will streamline document-based workflows and reduce administrative burdens, helping staff focus on critical democratic and legal missions.

Leaders from both Jylo and the Council praised the collaboration. Jylo CEO Shawn Curran said the partnership reflects shared values around regulatory compliance and innovation.

The Council’s CIO, John Hunter, described Jylo’s commitment to secure AI as a perfect fit for the institution’s evolving digital strategy.

Jylo’s AI Assistant and automation features are designed specifically for knowledge-driven organisations. The rollout is expected to strengthen the Council’s internal efficiency and reinforce Jylo’s standing as a trusted AI partner across the European public and legal sectors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Spotify hit by AI band hoax controversy

A band called The Velvet Sundown has gone viral on Spotify, gaining over 850,000 monthly listeners, yet almost nothing is known about the people behind it.

With no live performances, interviews, or social media presence for its supposed members, the group has fuelled growing speculation that both it and its music may be AI-generated.

The mystery deepened after Rolling Stone first reported that a spokesperson had admitted the tracks were made using an AI tool called Suno, only to later reveal the spokesperson himself was fake.

The band denies any connection to the individual, stating on Spotify that the account impersonating them on X is also false.

AI detection tools have added to the confusion. Rival platform Deezer flagged the music as ‘100% AI-generated’, although Spotify has remained silent.

While CEO Daniel Ek has said AI music isn’t banned from the platform, he expressed concerns about mimicking real artists.

The case has reignited industry fears over AI’s impact on musicians. Experts warn that public trust in online content is weakening.

Musicians and advocacy groups argue that AI is undercutting creativity by training on human-made songs without permission. As copyright battles continue, pressure is mounting for stronger government regulation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers use AI to create phishing sites in seconds

Hackers are now using generative AI tools to build convincing phishing websites in under a minute, researchers at Okta have warned. The company discovered that a tool developed by Vercel had been abused to replicate login portals for platforms such as Okta, Microsoft 365 and crypto services.

Using simple prompts like ‘build a copy of the website login.okta.com’, attackers can create fake login pages with little effort or technical skill. Okta’s investigation found no evidence of successful breaches, but noted that threat actors repeatedly used v0 to target new platforms.

Vercel has since removed the fraudulent sites and is working with Okta to create a system for reporting abuse. Security experts are concerned the speed and accessibility of generative AI tools could accelerate low-effort cybercrime on a massive scale.

Researchers also found cloned versions of the v0 tool on GitHub, which may allow continued abuse even if access to the original is restricted. Okta urges organisations to adopt passwordless systems, as traditional phishing detection methods are becoming obsolete.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TikTok struggles to stop the spread of hateful AI videos

Google’s Veo 3 video generator has enabled a new wave of racist AI content to spread across TikTok, despite both platforms having strict policies banning hate speech.

According to MediaMatters, several TikTok accounts have shared AI-generated videos promoting antisemitic and anti-Black stereotypes, many of which still circulated widely before being removed.

These short, highly realistic videos often included offensive depictions, and the visible ‘Veo’ watermark confirmed their origin from Google’s model.

While both TikTok and Google officially prohibit the creation and distribution of hateful material, enforcement has been patchy. TikTok claims to use both automated systems and human moderators, yet the overwhelming volume of uploads appears to have delayed action.

Although TikTok says it banned over half the accounts before MediaMatters’ findings were published, harmful videos still managed to reach large audiences.

Google also maintains a Prohibited Use Policy banning hate-driven content. However, Veo 3’s advanced realism and difficulty detecting coded prompts make it easier for users to bypass safeguards.

Testing by reporters suggests the model is more permissive than previous iterations, raising concerns about its ability to filter out offensive material before it is created.

With Google planning to integrate Veo 3 into YouTube Shorts, concerns are rising that harmful content may soon flood other platforms. TikTok and Google appear to lack the enforcement capacity to keep pace with the abuse of generative AI.

Despite strict rules on paper, both companies are struggling to prevent their technology from fuelling racist narratives at scale.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!