cybersecurity

Quantum breakthroughs could threaten Bitcoin in the 2030s

The rise of quantum computing is sparking fresh concerns over the long-term security of Bitcoin. Unlike classical systems, quantum machines could eventually break the cryptography protecting digital assets.

Experts warn that Shor’s algorithm, once run on a sufficiently powerful quantum computer, could recover private keys from public ones in hours, leaving exposed funds vulnerable. Analysts see the mid-to-late 2030s as the key period for cryptographically relevant breakthroughs.

ChatGPT-5’s probability model indicates less than a 5% chance of Bitcoin being cracked before 2030, but risk rises to 45–60% between 2035 and 2039, and nearly certainty by 2050. Sudden progress in large-scale, fault-tolerant qubits or government directives could accelerate the timeline.

Mitigation strategies include avoiding key reuse, auditing exposed addresses, and gradually shifting to post-quantum or hybrid cryptographic solutions. Experts suggest that critical migrations should be completed by the mid-2030s to secure the Bitcoin network against future quantum threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hackers use ChatGPT for fake ID attack

A hacking group has reportedly used ChatGPT to generate a fake military ID in a phishing attack targeting South Korea. The incident, uncovered by cybersecurity firm Genians, shows how AI can be misused to make malicious campaigns more convincing.

Researchers said the group, known as Kimsuky, crafted a counterfeit South Korean military identification card to support a phishing email. While the document looked genuine, the email instead contained links to malware designed to extract data from victims’ devices.

Targets included journalists, human rights activists and researchers. Kimsuky has a history of cyber-espionage. US officials previously linked the group to global intelligence-gathering operations.

The findings highlight a wider trend of AI being exploited for cybercrime, from creating fake résumés to planning attacks and developing malware. Genians warned that attackers are rapidly using AI to impersonate trusted organisations, while the full scale of the breach is unknown.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attacks pose growing threat to shipping industry

The maritime industry faces rising cyber threats, with Nigerian gangs among the most active attackers of shipping firms. HFW lawyers say ‘man-in-the-middle’ frauds are now common, letting hackers intercept communications and steal sensitive financial or operational data.

Costs from cyber attacks are rising sharply, with average mitigation expenses for shipping firms doubling to $550,000 (£410,000) between 2022 and 2023. In cases where hackers remain embedded, ransom payments can reach $3.2m.

The rise in attacks coincides with greater digitisation, satellite connectivity such as Starlink, and increased use of onboard sensors.

Threats now extend beyond financial extortion, with GPS jamming and spoofing posing risks to navigation. Incidents such as the grounding of MSC Antonia in the Red Sea illustrate potential physical damage from cyber interference.

Industry regulators are responding, with the International Maritime Organization introducing mandatory cyber security measures into ship management systems. Experts say awareness has grown, and shipping firms are gradually strengthening defences against criminal and state cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Apple notifies French users after commercial spyware threats surge

France’s national cybersecurity agency, CERT-FR, has confirmed that Apple issued another set of threat notifications on 3 September 2025. The alerts inform certain users that devices linked to their iCloud accounts may have been targeted by spyware.

These latest alerts mark this year’s fourth campaign, following earlier waves in March, April and June. Targeted individuals include journalists, activists, politicians, lawyers and senior officials.

CERT-FR says the attacks are highly sophisticated and involve mercenary spyware tools. Many intrusions appear to exploit zero-day or zero-click vulnerabilities, meaning no victim interaction must be compromised.

Apple advises victims to preserve threat notifications, avoid altering device settings that could obscure forensic evidence, and contact authorities and cybersecurity specialists. Users are encouraged to enable features like Lockdown Mode and update devices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU enforces tougher cybersecurity rules under NIS2

The European Union’s NIS2 directive has officially come into force, imposing stricter cybersecurity duties on thousands of organisations.

Adopted in 2022 and implemented into national law by late 2024, the rules extend beyond critical infrastructure to cover more industries. Energy, healthcare, transport, ICT, and even waste management firms now face mandatory compliance.

Measures include multifactor authentication, encryption, backup systems, and stronger supply chain security. Senior executives are held directly responsible for failures, with penalties ranging from heavy fines to operational restrictions.

Companies must also report major incidents promptly to national authorities. Unlike ISO certifications, NIS2 requires organisations to prove compliance through internal processes or independent audits, depending on national enforcement.

Analysts warn that firms still reliant on legacy systems face a difficult transition. Yet experts agree the directive signals a decisive shift: cybersecurity is now a legal duty, not simply best practice.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK launches CAF 4.0 for cybersecurity

The UK’s National Cyber Security Centre has released version 4.0 of its Cyber Assessment Framework to help organisations protect essential services from rising cyber threats.

An updated CAF that provides a structured approach for assessing and improving cybersecurity and resilience across critical sectors.

Version 4.0 introduces a deeper focus on attacker methods and motivations to inform risk decisions, ensures software in essential services is developed and maintained securely, and strengthens guidance on threat detection through security monitoring and threat hunting.

AI-related cyber risks are also now covered more thoroughly throughout the framework.

The CAF primarily supports energy, healthcare, transport, digital infrastructure, and government organisations, helping them meet regulatory obligations such as the NIS Regulations.

Developed in consultation with UK cyber regulators, the framework provides clear benchmarks for assessing security outcomes relative to threat levels.

Authorities encourage system owners to adopt CAF 4.0 alongside complementary tools such as Cyber Essentials, the Cyber Resilience Audit, and Cyber Adversary Simulation services. These combined measures enhance confidence and resilience across the nation’s critical infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI and cyber priorities headline massive US defence budget bill

The US House of Representatives has passed an $848 billion defence policy bill with new provisions for cybersecurity and AI. Lawmakers voted 231 to 196 to approve the chamber’s version of the National Defence Authorisation Act (NDAA).

The bill mandates that the National Security Agency brief Congress on plans for its Cybersecurity Coordination Centre and requires annual reports from combatant commands on the levels of support provided by US Cyber Command.

It also calls for a software bill of materials for AI-enabled technology that the Department of Defence uses. The Pentagon will be authorised to create up to 12 generative AI projects to improve cybersecurity and intelligence operations.

An adopted amendment allows the NSA to share threat intelligence with the private sector to protect US telecommunications networks. Another requirement is that the Pentagon study the National Guard’s role in cyber response at the federal and state levels.

Proposals to renew the Cybersecurity Information Sharing Act and the State and Local Cybersecurity Grant Program were excluded from the final text. The Senate is expected to approve its version of the NDAA next week.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cybersecurity protections for US companies at risk as key law nears expiration

As cyber threats grow, a vital legal safeguard encouraging US companies to share threat intelligence is on the verge of expiring.

The US Cybersecurity Information Sharing Act of 2015 (CISA 2015), which grants liability protection to firms that voluntarily share cyber threat data with peers and the federal government, is set to lapse at the end of the month unless Congress acts swiftly.

The potential loss of this law could leave companies, especially small and mid-sized organisations, isolated in defending against cyberattacks, including those powered by emerging technologies like agentic AI. Companies may revert to lengthy legal reviews without liability protection or avoid information-sharing altogether.

On 3 September 2025, the House Homeland Security Committee unanimously approved a bill to extend these protections, but it still needs full congressional approval and the president’s signature.

According to Bloomberg, the Cybersecurity and Infrastructure Security Agency (CISA) has suffered budget cuts and workforce reductions under the Trump administration. Despite the administration’s criticism of the agency, its nominee to lead CISA, Sean Plankey, has publicly supported extending CISA 2015.

Industry leaders warn that losing these protections could slow down vital threat coordination. ‘This is the last line of defence,’ said Carole House, a former White House cybersecurity advisor.

With the potential expiration of CISA 2015, industry-focused Information Sharing and Analysis Centres (ISACs), now numbering at least 28 in the USA, may serve as a fallback for cybersecurity collaboration.

While some ISACs already offer legal protections like NDAs and anonymous sharing, experts warn that companies may hesitate to participate without federal liability protections.

Complex legal agreements could become necessary, potentially limiting engagement. ‘You run the risk of some companies deciding it’s too risky,’ said Scott Algeier, executive director of the IT-ISAC, despite hopes for continued collaboration.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Phishing scams surge with record losses in August

ScamSniffer has reported a sharp rise in phishing scams during August, with losses climbing to $12.17 million, a 72% increase from July. The figure marks the highest monthly losses this year and came alongside 15,230 victims, a new annual record.

The spike was driven mainly by EIP-7702 batch signature scams, which accounted for nearly half of the stolen funds. One victim lost $3.08 million in a single incident, while two others lost $1.54 million and $1 million, respectively.

More minor but significant losses also occurred, including users losing $235,977 and $66,000 in scams disguised as Uniswap swaps.

EIP-7702, introduced with Ethereum’s Pectra upgrade, allows externally owned accounts to act temporarily like smart contracts. While intended to improve user experience, it has opened the door to new phishing exploits.

Security experts warn that attackers increasingly use automated sweeper attacks to drain compromised wallets.

Beyond EIP-7702, traditional phishing methods remain a problem. ScamSniffer noted a rise in address poisoning and malicious ads on platforms such as Google and Bing. One user lost $636,559 after copying a tainted address, while two more lost $500,000 and $19,000 in similar schemes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

NSA, CISA and others urge for unified approach to strengthen cybersecurity resilience

The National Security Agency (NSA) has joined the Cybersecurity and Infrastructure Security Agency (CISA) and other partners to release a new Cybersecurity Information Sheet (CSI) titled ‘A Shared Vision of Software Bill of Materials’ (SBOM) for Cybersecurity.

Aimed at promoting the adoption of SBOM practices, the report highlights their role in improving transparency and addressing risks within the software supply chain.

By integrating SBOM generation, analysis, and sharing into existing security processes, organisations can better manage vulnerabilities and strengthen cyber resilience.

Practical risk management strategies and real-world examples outlined in the CSI support the broader Secure by Design initiative.

Authors urge a unified SBOM approach across the cybersecurity community to prevent fragmentation, lower implementation costs, and enhance long-term effectiveness.

Inconsistent or siloed adoption, they caution, could limit the sustainability and impact of SBOM as a core cybersecurity tool.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!