UK’s Ofcom fines adult website over missing age checks

UK regulator Ofcom has fined adult content provider Youngtek Solutions £600,000 after finding that the company failed to implement legally required age assurance measures designed to prevent children from accessing pornographic content online.

According to Ofcom, Youngtek Solutions operated four adult websites without ‘highly effective age assurance’ from 25 July to 22 September 2025, breaching obligations introduced under the UK’s Online Safety Act. The regulator imposed a £500,000 financial penalty for the age-check failures, alongside a further £100,000 fine for failing to respond on time to a legally binding request for information.

Ofcom said sites that allow pornographic material must use highly effective age assurance to prevent children from readily accessing such content. The regulator warned that companies that fail to comply with or miss deadlines for formal information requests can face enforcement action.

If a provider fails to pay a fine, Ofcom can seek recovery of the penalty. Where appropriate, it can also seek court orders for business-disruption measures, including requiring payment providers or advertisers to withdraw services from a platform or requiring internet service providers to block a site in the UK.

Youngtek Solutions has since implemented age assurance on all sites covered by the investigation. Ofcom said it will continue monitoring the sites to ensure their age-checking methods remain effective in preventing children from accessing pornographic content.

Why does it matter?

The fine shows Ofcom beginning to use its enforcement powers under the Online Safety Act against adult services that fail to implement child protection measures. The case also signals that age assurance obligations are not merely a compliance formality: non-compliant services may face financial penalties, information-gathering enforcement, and potentially business-disruptive measures if they fail to meet their legal duties.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

CrowdStrike disrupts Glassworm botnet targeting software developers worldwide

CrowdStrike has announced the coordinated disruption of the Glassworm botnet, a cyber operation targeting software developers through open-source software supply chains.

Working with Google and the Shadowserver Foundation, the cybersecurity company said it simultaneously disabled four command-and-control channels used by the malware infrastructure.

According to CrowdStrike, Glassworm targeted developers through trojanised VSCode extensions, malicious npm and Python packages, and compromised GitHub repositories containing poisoned code. The campaign affected Windows, macOS, and Linux systems and targeted the theft of developer credentials and the maintenance of persistent access to development environments.

CrowdStrike said the botnet had compromised hundreds of GitHub repositories using stolen developer credentials, posing risks to downstream software supply chains. The company warned that attackers are increasingly targeting developers because compromising a single workstation, repository, or package can spread malicious code across many organisations, services, and users.

The company also highlighted the growing resilience of cybercriminal infrastructure. It said Glassworm combined blockchain technology, peer-to-peer systems, legitimate online services, and traditional servers to make takedown attempts more difficult.

The disruption cuts off the botnet’s known command-and-control channels, but CrowdStrike said organisations should continue checking for compromised developer environments, malicious packages, and exposed credentials.

Why does it matter?

The Glassworm campaign shows how developer tools and open-source ecosystems have become critical attack surfaces. Rather than attacking only large enterprises directly, threat actors can compromise repositories, extensions, libraries, or credentials used by developers and then move through the software supply chain. Such attacks can create cascading risks for cloud services, enterprise software, financial systems, public services, and other organisations that rely on shared code and development infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Australia’s ASD outlines AI opportunities and risks in cyber defence

The Australian Signals Directorate (ASD) has published new guidance outlining how organisations can use AI to strengthen cyber defence while managing risks associated with AI adoption.

According to ASD, malicious actors are increasingly using AI to scale and accelerate cyber operations, including reconnaissance, vulnerability analysis, and the generation of tailored malicious content. The guidance warns that AI may lower technical barriers for less experienced threat actors and shorten the time between vulnerability discovery and exploitation.

ASD says AI can support cyber defence by improving threat detection, vulnerability analysis, incident response, and prioritisation of security risks. However, ASD stresses that AI should complement rather than replace existing cybersecurity practices and controls.

The guidance maps AI use in cyber defence to six Information Security Manual functions: Govern, Identify, Protect, Detect, Respond, and Recover. Suggested uses include analysing supply chain risks, improving asset discovery, prioritising hardening actions, scanning source code, detecting anomalous behaviour, supporting incident triage, and assisting restoration planning.

The guidance also addresses so-called ‘agentic AI’ systems capable of autonomous planning and decision-making, warning that such technologies require clear operational limits, sandboxing, and strong human oversight. ASD warns that such systems require careful adoption, clear limits, permissions, sandboxing, and strong human oversight.

Organisations adopting AI for cybersecurity are advised to apply a strong baseline aligned with the Information Security Manual and Essential Eight. ASD recommends protecting AI systems from prompt injection, model evasion, and model extraction, while ensuring least-privilege access, auditability, secure integration, and validation of AI-assisted outputs.

ASD also recommends that organisations assess AI and cybersecurity vendors against criteria including explainability, human oversight, resilience, supply-chain dependencies, fallback mechanisms, and data protection practices.

ASD concludes that AI can strengthen cyber defence when deployed securely and responsibly, but warns that poorly governed systems may introduce new vulnerabilities and operational risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU adopts unified cyber incident reporting templates under NIS2

The NIS Cooperation Group has adopted common templates for cybersecurity incident reporting across the EU, marking a step towards more harmonised compliance requirements for companies subject to the NIS2 Directive.

The templates were adopted during the group’s 39th plenary meeting in Cyprus and are intended to provide a uniform format for reporting cyber incidents across member states. The NIS Cooperation Group brings together the EU member states, the European Commission, and the EU Agency for Cybersecurity (ENISA) as part of wider EU cybersecurity coordination efforts.

According to the Commission, the standardised templates are designed to reduce administrative burdens and simplify compliance for companies required to report cybersecurity incidents under NIS2. The move also aligns with broader EU efforts to create a single-entry point for incident reporting under the proposed Digital Omnibus initiative.

The Commission now plans to adopt the templates through an implementing act, which would make them mandatory for all member states. The EU officials say harmonised reporting fields should reduce fragmentation, simplify reporting obligations, and help strengthen cybersecurity resilience across the bloc.

Why does it matter?

Cybersecurity reporting requirements across Europe have often created complexity for companies operating in multiple jurisdictions. Common templates could reduce duplication, make reporting procedures more predictable, and improve coordination between national authorities. The move also fits into the EU’s broader push to simplify digital compliance while strengthening cyber resilience under NIS2.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

BEREC to present Digital Networks Act assessment

The Body of European Regulators for Electronic Communications (BEREC) will hold a public debriefing on 10 June 2026 in Brussels to present its final assessment of the Digital Networks Act proposal and the outcomes of its latest plenary meetings.

The event will take place at the IRG Secretariat and will be held in a hybrid format, allowing both in-person and online participation. BEREC Chair Marko Mismas of AKOS Slovenia will present the assessment with Working Group Co-Chairs and take questions from stakeholders.

The debriefing will also cover key outcomes from BEREC’s 67th plenary meetings, including updates on ongoing work and upcoming initiatives. The full agenda will be published on BEREC’s website after the plenary meetings.

BEREC experts will also introduce a newly launched public consultation on further draft guidance on 5G network slicing, prepared by the Open Internet Working Group.

The event is aimed at policymakers, industry stakeholders, and other interested parties following the evolving EU regulatory framework for electronic communications. Participants can submit questions in advance via the registration form, while online participants will be able to use a Q&A chat function during the livestream.

Why does it matter?

BEREC’s assessment will feed into the debate over the EU’s future telecoms framework, including how regulators approach network investment, competition, open internet rules, and emerging technical practices such as 5G network slicing. The debriefing also offers stakeholders an opportunity to engage directly with regulators before the Digital Networks Act debate advances further.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic says AI system identified thousands of critical software flaws

Anthropic has published an update on Project Glasswing, a cybersecurity initiative focused on identifying software vulnerabilities using AI systems.

According to Anthropic, partner organisations used Claude Mythos Preview to identify thousands of high- and critical-severity vulnerabilities across software platforms and infrastructure systems.

The company said the initiative demonstrated how AI systems are increasing the speed and scale of vulnerability discovery processes. Anthropic reported that participating organisations observed substantial increases in software vulnerability detection capabilities during testing.

Evaluations cited by Anthropic suggested the system performed strongly in vulnerability identification and exploit-detection tasks compared with earlier AI cybersecurity models.

Anthropic also said the model analysed more than 1,000 open-source projects and identified vulnerabilities affecting widely used software components. The company highlighted a vulnerability identified in the open-source cryptography library wolfSSL as one example from the project.

According to Anthropic, the vulnerability was patched after disclosure.

Anthropic said AI-assisted vulnerability discovery may increasingly shift cybersecurity challenges toward verification, disclosure, and remediation processes. The company also said similar AI cybersecurity capabilities are likely to become more widely available across the industry.

Why does it matter?

The rapid growth of AI-driven cybersecurity is becoming increasingly important as AI is fundamentally changing the balance between cyber defence and cyber threats. Systems such as Anthropic’s Project Glasswing demonstrate that advanced AI models can identify software vulnerabilities at a speed far beyond traditional human-led security testing, potentially making critical infrastructure, financial systems, cloud platforms, and open-source software both safer and more exposed at the same time.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ofcom report highlights growing AI use among UK children online

The UK’s Ofcom has released new research indicating that children in the UK are using digital devices and online services at increasingly younger ages.

According to Ofcom’s Children’s Online Experiences report, screen use begins early in childhood, and smartphone ownership increases significantly during secondary school years. The report found that teenagers aged 15 to 17 spend a substantial amount of time online each week.

The report also noted declining use of traditional media formats such as live television, radio, and print among younger audiences. Live television, radio, and print media were described as increasingly absent from children’s routines, with social media, messaging platforms, and gaming dominating digital engagement.

Ofcom also warned that exposure to harmful content remains a significant issue despite the introduction of new online safety rules. Ofcom said many children reported exposure to harmful online content, including material surfaced through recommendation systems and personalised feeds.

The report also highlighted growing use of AI tools among children and teenagers. More than half of UK children aged 8 to 17 said they use AI tools, with some teenagers increasingly relying on AI systems for learning, creativity, communication, and companionship. Researchers said some children found it difficult to distinguish between AI-generated and human-created content.

The report suggested that passive content consumption plays an increasingly significant role in children’s online activity. Most younger users primarily scroll, watch, follow, or like content instead of actively creating or sharing material themselves.

Gaming remained one of the most important online social environments for children, with many users interacting regularly with people they had only met online through multiplayer gaming communities and communication platforms.

Why does it matter?

Ofcom’s findings highlight growing concerns surrounding children’s digital well-being, algorithmic exposure, AI literacy, and online safety regulation. Policymakers and regulators increasingly face pressure to address how recommendation systems, generative AI, and social platforms shape behaviour, attention, and trust among younger audiences.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Europol dismantles cybercriminal VPN linked to ransomware investigations

Europol has announced that international law enforcement agencies dismantled the cybercriminal VPN platform known as First VPN during a coordinated operation targeting ransomware infrastructure and wider cybercrime networks.

The operation, led by authorities in France and the Netherlands with support from Eurojust, targeted infrastructure allegedly used by cybercriminals to conceal ransomware attacks, fraud, data theft and other illegal online activities.

Europol described the service as deeply embedded in the cybercrime ecosystem and said it had featured in almost every major Europol-supported cybercrime investigation over the past few years. The platform was allegedly promoted as an anonymity service for criminal use, offering anonymous payments, concealed infrastructure and tools intended to help users evade law enforcement detection.

Coordinated action days took place on 19 and 20 May, during which authorities dismantled 33 servers connected to the service and shut down associated domain names. Investigators also interviewed the alleged administrator in Ukraine and carried out a residential search linked to the operation.

According to Europol, investigators gained access to the platform’s infrastructure and user database during the investigation, which began in December 2021. The agency said the data helped identify users allegedly connected to ransomware campaigns, fraud schemes and other cybercrime operations across several jurisdictions.

Intelligence generated through the operation led to 83 intelligence packages being distributed internationally, information linked to 506 users being shared with partner agencies, and 21 Europol-supported investigations advancing through newly obtained evidence.

The operation also received support from cybersecurity company Bitdefender, while a joint investigation team coordinated by Eurojust facilitated judicial cooperation and evidence sharing among participating countries.

Why does it matter?

The takedown shows how law enforcement is increasingly targeting the infrastructure that enables cybercrime, not only the attackers themselves. VPN services marketed for criminal use can help ransomware actors and fraud networks hide their identity, route attacks and evade detection. By dismantling First VPN and obtaining user data, investigators can disrupt multiple cybercrime operations at once and strengthen ongoing ransomware investigations.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK government launches cyber resilience measures amid AI-related risks

The UK Department for Science, Innovation and Technology has warned that cyber threats are becoming more frequent and complex, with AI contributing to faster and more scalable attacks. Digital Minister Baroness Lloyd of Effra said cyber resilience is increasingly important for national security and economic stability.

According to the government’s Cyber Security Breaches Survey, 43% of businesses reported experiencing a cyber breach or attack during the past year. The minister said AI tools are making some cyber capabilities more accessible by automating tasks such as vulnerability detection and reconnaissance.

The government also encouraged technology providers to adopt a ‘secure by design’ approach and referred to existing cybersecurity guidance frameworks.

The Department additionally announced a £90 million cyber resilience fund intended to support businesses, including SMEs and NHS suppliers. The government said a broader National Cyber Action Plan is expected later this summer.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot