Telecommunications infrastructure

Alleged Apple ID exposure affects 184 million accounts

A report has highlighted a potential exposure of Apple ID logins after a 47.42 GB database was discovered on an unsecured web server, reportedly affecting up to 184 million accounts.

The database was identified by security researcher Jeremiah Fowler, who indicated it may include unencrypted credentials across Apple services and other platforms.

Security experts recommend users review account security, including updating passwords and enabling two-factor authentication.

The alleged database contains usernames, email addresses, and passwords, which could allow access to iCloud, App Store accounts, and data synced across devices.

Observers note that centralised credential management carries inherent risks, underscoring the importance of careful data handling practices.

Reports suggest that Apple’s email software flaws could theoretically increase risk if combined with exposed credentials.

Apple has acknowledged researchers’ contributions in identifying server issues and has issued security updates, while ongoing vigilance and standard security measures are recommended for users.

The case illustrates the challenges of safeguarding large-scale digital accounts and may prompt continued discussion about regulatory standards and personal data protection.

Users are advised to maintain strong credentials and monitor account activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI boom drives massive surge in data centre power demand

According to Goldman Sachs, the surge in AI is set to transform global energy markets, with data centres expected to consume 165% more electricity by 2030 compared to 2023. The bank reports that US spending on data centre construction has tripled in just three years, while occupancy rates at existing facilities remain close to record highs.

The demand is driven by hyperscale operators like Amazon Web Services, Microsoft Azure, and Google Cloud, which are rapidly expanding their infrastructure to meet the power-hungry needs of AI systems.

Global data centres use about 55 gigawatts of electricity, more than half of which supports cloud computing. Traditional workloads like email and storage still account for a third, while AI represents just 14%.

However, Goldman Sachs projects that by 2027, overall consumption could rise to 84 gigawatts, with AI’s share growing to over a quarter. That shift is straining grids and pushing operators toward new solutions as AI servers can consume ten times more electricity than traditional racks.

Meeting this demand will require massive investment. Goldman Sachs estimates that global grid upgrades could cost as much as US$720 billion by 2030, with US utilities alone needing an additional US$50 billion in new generation capacity for data centres.

While renewables like wind and solar are increasingly cost-competitive, their intermittent output means operators lean on hybrid models with backup gas and battery storage. At the same time, technology companies are reviving interest in nuclear power, with contracts for over 10 gigawatts of new capacity signed in the US last year.

The expansion is most evident in Europe and North America, with Nordic countries, Spain, and France attracting investment due to their renewable energy resources. At the same time, hubs like Germany, Britain, and Ireland rely on incentives and established ecosystems. Yet, uncertainty remains.

Advances like DeepSeek, a Chinese AI model reportedly as capable as US systems but more efficient, could temper power demand growth. For now, however, the trajectory is clear, AI is reshaping the data centre industry and the global energy landscape.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Azure Active Directory flaw exposes sensitive credentials

A critical security flaw in Azure Active Directory has exposed application credentials stored in appsettings.json files, allowing attackers unprecedented access to Microsoft 365 tenants.

By exploiting these credentials, threat actors can masquerade as trusted applications and gain unauthorised entry to sensitive organisational data.

The vulnerability leverages the OAuth 2.0 Client Credentials Flow, enabling attackers to generate valid access tokens.

Once authenticated, they can access Microsoft Graph APIs to enumerate users, groups, and directory roles, especially when applications have been granted excessive permissions such as Directory.Read.All or Mail.Read. Such access permits data harvesting across SharePoint, OneDrive, and Exchange Online.

Attackers can also deploy malicious applications under compromised tenants, escalating privileges from limited read access to complete administrative control.

Additional exposed secrets like storage account keys or database connection strings enable lateral movement, modification of critical data, and the creation of persistent backdoors within cloud infrastructure.

Organisations face profound compliance implications under GDPR, HIPAA, or SOX. The vulnerability emphasises the importance of auditing configuration files, storing credentials securely in solutions like Azure Key Vault, and monitoring authentication patterns to prevent long-term, sophisticated attacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon hack reveals fragility of global communications networks

The FBI has warned that Chinese hackers are exploiting structural weaknesses in global telecom infrastructure, following the Salt Typhoon incident that penetrated US networks on an unprecedented scale. Officials say the Beijing-linked group has compromised data from millions of Americans since 2019.

Unlike previous cyber campaigns focused narrowly on government targets, Salt Typhoon’s intrusions exposed how ordinary mobile users can be swept up in espionage. Call records, internet traffic, and even geolocation data were siphoned from carriers, with the operation spreading to more than 80 countries.

Investigators linked the campaign to three Chinese tech firms supplying products to intelligence agencies and China’s People’s Liberation Army. Experts warn that the attacks demonstrate the fragility of cross-border telecom systems, where a single compromised provider can expose entire networks.

US and allied agencies have urged providers to harden defences with encryption and stricter monitoring. Analysts caution that global telecoms will continue to be fertile ground for state-backed groups without structural reforms.

The revelations have intensified geopolitical tensions, with the FBI describing Salt Typhoon as one of the most reckless and far-reaching espionage operations ever detected.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

India to host OpenAI’s new Stargate data centre

OpenAI is preparing to build a significant new data centre in India as part of its Stargate AI infrastructure initiative. The move will expand the company’s presence in Asia and strengthen its operations in its second-largest market by user base.

OpenAI has already registered as a legal entity in India and begun assembling a local team.

The company plans to open its first office in New Delhi later this year. Details regarding the exact location and timeline of the proposed data centre remain unclear, though CEO Sam Altman may provide further information during his upcoming visit to India.

The project represents a strategic step to support the company’s growing regional AI ambitions.

OpenAI’s Stargate initiative, announced by US President Donald Trump in January, involves private sector investment of up to $500 billion for AI infrastructure, backed by SoftBank, OpenAI, and Oracle.

The initiative seeks to develop large-scale AI capabilities across major markets worldwide, with the India data centre potentially playing a key role in the efforts.

The expansion highlights OpenAI’s focus on scaling its AI infrastructure while meeting regional demand. The company intends to strengthen operational efficiency, improve service reliability, and support its long-term growth in Asia by establishing local offices and a significant data centre.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Schneider joins SK Telecom on new AI data centre project in Ulsan

SK Telecom has expanded its partnership with Schneider Electric to develop an AI Data Centre (AIDC) in Ulsan.

Under the deal, Schneider Electric will supply mechanical, electrical and plumbing equipment, such as switchgear, transformers, automated control systems and Uninterruptible Power Supply units.

The agreement builds on a partnership announced at Mobile World Congress 2025 and includes using Schneider’s Electrical Transient Analyser Program within SK Telecom’s data centre management system.

It will allow operations to be optimised through a digital twin model instead of relying only on traditional monitoring tools.

Both companies have also agreed on prefabricated solutions to shorten construction times, reference designs for new facilities, and joint efforts to grow the Energy-as-a-Service business.

A Memorandum of Understanding extends the partnership to other SK Group affiliates, combining battery technologies with Uninterruptible Power Supply and Energy Storage Systems.

Executives said the collaboration would help set new standards for AI data centres and create synergies across the SK Group. It is also expected to support SK Telecom’s broader AI strategy while contributing to sustainable and efficient infrastructure development.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Attackers bypass email security by abusing Microsoft Teams defaults

A phishing campaign exploits Microsoft Teams’ external communication features, with attackers posing as IT helpdesk staff to gain access to screen sharing and remote control. The method sidesteps traditional email security controls by using Teams’ default settings.

The attacks exploit Microsoft 365’s default external collaboration feature, which allows unauthenticated users to contact organisations. Axon Team reports attackers create malicious Entra ID tenants with .onmicrosoft.com domains or use compromised accounts to initiate chats.

Although Microsoft issues warnings for suspicious messages, attackers bypass these by initiating external voice calls, which generate no alerts. Once trust is established, they request screen sharing, enabling them to monitor victims’ activity and guide them toward malicious actions.

The highest risk arises where organisations enable external remote-control options, giving attackers potential full access to workstations directly through Teams. However, this eliminates the need for traditional remote tools like QuickAssist or AnyDesk, creating a severe security exposure.

Defenders are advised to monitor Microsoft 365 audit logs for markers such as ChatCreated, MessageSent, and UserAccepted events, as well as TeamsImpersonationDetected alerts. Restricting external communication and strengthening user awareness remain key to mitigating this threat.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

FBI says China’s Salt Typhoon breached millions of Americans’ data

China’s Salt Typhoon cyberspies have stolen data from millions of Americans through a years-long intrusion into telecommunications networks, according to senior FBI officials. The campaign represents one of the most significant espionage breaches uncovered in the United States.

The Beijing-backed operation began in 2019 and remained hidden until last year. Authorities say at least 80 countries were affected, far beyond the nine American telcos initially identified, with around 200 US organisations compromised.

Targets included Verizon, AT&T, and over 100 current and former administration officials. Officials say the intrusions enabled Chinese operatives to geolocate mobile users, monitor internet traffic, and sometimes record phone calls.

Three Chinese firms, Sichuan Juxinhe, Beijing Huanyu Tianqiong, and Sichuan Zhixin Ruijie, have been tied to Salt Typhoon. US officials say they support China’s security services and military.

The FBI warns that the scale of indiscriminate targeting falls outside traditional espionage norms. Officials stress the need for stronger cybersecurity measures as China, Russia, Iran, and North Korea continue to advance their cyber operations against critical infrastructure and private networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Samsung and Chinese brands prepare Max rollout

Russia has been pushing for its state-backed messenger Max to be pre-installed on all smartphones sold in the country since September 2025. Chinese and South Korean manufacturers, including Samsung and Xiaomi, are reportedly preparing to comply, though official confirmation is still pending.

The Max platform, developed by VK (formerly Vkontakte), offers messaging, audio and video calls, file transfers, and payments. It is set to replace VK Messenger on the mandatory app list, signalling a shift away from foreign apps like Telegram and WhatsApp.

Integration may occur via software updates or prompts when inserting a Russian SIM card.

Concerns have arisen over potential surveillance, as Max collects sensitive personal data backed by the Russian government. Critics fear the platform may monitor users, reflecting Moscow’s push to control encrypted communications.

The rollout reflects Russia’s broader push for digital sovereignty. While companies navigate compliance, the move highlights the increasing tension between state-backed applications and widely used foreign messaging services in Russia.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Countries join stablecoin race to counter US dollar power

The GENIUS Act in the United States has given stablecoin issuers a clear legal framework, boosting the role of dollar-pegged tokens in the global economy. Their widespread use has strengthened demand for US dollars and Treasury bills, solidifying American financial dominance.

Other nations are now working on stablecoin projects to protect local currencies. China is developing a yuan-pegged stablecoin aimed at international trade, following the recent adoption of Hong Kong’s Stablecoins Bill.

Japan is also preparing to launch a yen-pegged token backed by government bills later this year, with Monex Group leading the initiative.

The European Union has accelerated its plans for a digital € in response to the rise of USD-backed stablecoins. Reports suggest the project could be launched on Ethereum or Solana, a move that has sparked criticism from the crypto community over privacy and data control.

Despite several euro-pegged tokens already in circulation, their market share remains negligible compared to dollar-backed stablecoins.

Stablecoins are increasingly seen as tools for remittances and savings and for strategic influence in the global financial system. Other countries may struggle to rival USD-pegged coins, but the race to launch national stablecoins is underway.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot