Exploiting known but unpatched vulnerabilities, attackers gained persistent access to these network devices, potentially enabling further intrusions into core telecom systems.
Affected providers emphasised that only client-owned hardware was breached and confirmed no internal networks were compromised, but the campaign raises deeper concerns.
The European Union and Vietnam have conducted specialised cyber‑defence training to enhance the resilience of key infrastructure sectors such as power, transportation, telecoms and finance.
Participants, including government officials, network operators and technology experts, engaged in interactive threat-hunting exercises and incident simulation drills designed to equip teams with practical cyber‑response skills.
This effort builds on existing international partnerships, including collaboration with the US Cybersecurity and Infrastructure Security Agency, to align Vietnam’s security posture with global standards.
Vietnam faces an alarming shortfall of more than 700,000 cyber professionals, with over half of organisations reporting at least one breach in recent years.
The training initiative addresses critical skills gaps and contributes to national digital security resilience.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has confirmed that attackers have exploited a high-risk vulnerability in its Chrome browser. Users have been advised to update their browsers before 23 July, with cybersecurity agencies stressing the urgency.
The flaw, CVE-2025-6554, involves a type confusion issue in Chrome’s V8 JavaScript engine. The US Cybersecurity and Infrastructure Security Agency (CISA) has made the update mandatory for federal departments and recommends all users take immediate action.
Although Chrome updates are applied automatically, users must restart their browsers to activate the security patches. Many fail to do so, leaving them exposed despite downloading the latest version.
CISA highlighted that timely updates are essential for reducing vulnerability to attacks, especially for organisations managing critical infrastructure. Enterprises are at risk if patching delays allow attackers to exploit known weaknesses.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Congress has under 90 days to renew the Cybersecurity Information Sharing Act (CISA) of 2015 and avoid a regulatory setback. The law protects companies from liability when they share cyber threat indicators with the government or other firms, fostering collaboration.
Before CISA, companies hesitated due to antitrust and data privacy concerns. CISA removed ambiguity by offering explicit legal protections. Without reauthorisation, fear of lawsuits could silence private sector warnings, slowing responses to significant cyber incidents across critical infrastructure sectors.
Debates over reauthorisation include possible expansions of CISA’s scope. However, many lawmakers and industry groups in the United States now support a simple renewal. Health care, finance, and energy groups say the law is crucial for collective defence and rapid cyber threat mitigation.
Security experts warn that a lapse would reverse years of progress in information sharing, leaving networks more vulnerable to large-scale attacks. With only 35 working days left for Congress before the 30 September deadline, the pressure to act is mounting.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Summing up the past five years of negotiations, the Final Report reflects the consensus on existing and potential threats, rules, norms and principles of responsible state behaviour, international law, confidence-building measures, and capacity building in a challenging geopolitical environment. The recommendations in all of the areas call for continued discussions and deepening the understanding of topics, including tangible outcomes of the OEWG 2021-2025, such as the Global Points of Contact (POC) Directory and corresponding Template for Communication. In all of the areas, the Final Report puts great emphasis on the capacity building efforts in its recommendations for future work.
The Final report also sets up a new single track permanent mechanism called ‘Global Mechanism on developments in the field of ICTs in the context of international security and advancing responsible State behaviour in the use of ICTs’ that will continue discussions about five pillars of the framework for responsible state behaviour in the use of ICTs. The Global Mechanism, a subsidiary body of the UN General Assembly reporting to the First Committee, will start its work by March 2026.
The Global Mechanism will convene in different formats. It will hold substantive plenary sessions once a year during each biennial cycle, work in two dedicated thematic groups (one general, one on capacity building) that will allow for more in-depth discussions to build on the plenary’s work, and hold a review conference every five years. The process also may set up intersessional meetings if needed.
The Final Report also sets up modalities for stakeholder participation in the Global Mechanism. Relevant non-governmental organisations with ECOSOC status can be accredited to participate in the substantive plenary sessions and review conferences of the Global Mechanism, while other stakeholders would have to undergo an accreditation on a non-objection basis.
The European Commission has unveiled a new draft law introducing cybersecurity requirements for space infrastructure, aiming to protect ground and orbital systems.
Operators must implement rigorous cyber risk management measures, including supply chain oversight, encryption, access control and incident response systems. A notable provision places direct accountability on company boards, which could be held personally liable for failures to comply.
The proposed law builds on existing EU regulations such as NIS 2 and DORA, with additional tailored obligations for the space domain. Non-EU firms will also fall within scope unless their home jurisdictions are recognised as offering equivalent regulatory protections.
Fines of up to 2% of global revenue are foreseen, with member states and the EU’s space agency EUSPA granted inspection and enforcement powers. Industry stakeholders are encouraged to engage with the legislative process and align existing cybersecurity frameworks with the Act’s provisions.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Marks & Spencer has revealed that the major cyberattack it suffered in April stemmed from a sophisticated impersonation of a third-party user.
The breach began on 17 April and was detected two days later, sparking weeks of disruption and a crisis response effort described as ‘traumatic’ by Chairman Archie Norman.
The retailer estimates the incident will cost it £300 million in operating profit and says it remains in rebuild mode, although customer services are expected to normalise by month-end.
Norman confirmed M&S is working with UK and US authorities, including the National Crime Agency, the National Cyber Security Centre, and the FBI.
While the ransomware group DragonForce has claimed responsibility, Norman declined to comment on whether any ransom was paid. He said such matters were better left to law enforcement and not in the public interest to discuss further.
The company expects to recover some of its losses through insurance, although the process may take up to 18 months. Other UK retailers, including Co-op and Harrods, were also targeted in similar attacks around the same time, reportedly using impersonation tactics to bypass internal security systems.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US Cybersecurity and Infrastructure Security Agency (CISA) has resumed its seaport cybersecurity exercise programme. Initially paused due to the pandemic and other delays, the initiative is now returning to ports such as Savannah, Charleston, Wilmington and potentially Tampa.
These proof-of-concept tabletop exercises are intended to help ports prepare for cyber threats by developing a flexible, replicable framework. Each port functions uniquely, yet common infrastructure and shared vulnerabilities make standardised preparation critical for effective crisis response.
CISA warns that threats targeting ports have grown more severe, with nation states exploiting AI-powered techniques. Some US ports, including Houston, have already fended off cyberattacks, and Chinese-made systems dominate critical logistics, raising national security concerns.
Private ownership of most port infrastructure demands strong public-private partnerships to maintain cybersecurity. CISA aims to offer a shared model that ports across the country can adapt to improve cooperation, resilience, and threat awareness.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Activision has removedCall of Duty: WWII from the Microsoft Store and PC Game Pass following reports that hackers exploited a serious vulnerability in the game. Only the PC versions from Microsoft’s platforms are affected, while the game remains accessible via Steam and consoles.
The decision came after several players reported their computers being hijacked during gameplay. Streamed footage showed remote code execution attacks, where malicious code was deployed through the game to seize control of victims’ devices.
AN outdated and insecure build of the game, which had previously been patched elsewhere, was uploaded to the Microsoft platforms. Activision has yet to restore access and continues to investigate the issue.
Call of Duty: WWII was only added to Game Pass in June. The vulnerability highlights the dangers of pushing old game builds without sufficient review, exposing users to significant cybersecurity risks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Nearly four in ten UK businesses (38 %) do not allocate a dedicated cybersecurity budget, even as cybercrime costs hit an estimated £64 billion over three years.
Smaller enterprises are particularly vulnerable, with 15 % reporting breaches linked to underfunding.
Almost half of organisations (45 %) rely solely on in‑house defences, with only 8 % securing standalone cyber insurance, exposing many to evolving threats.
Common attacks include phishing campaigns, AI‑powered malware and DDoS, yet cybersecurity typically receives just 11 % of IT budgets.
Security professionals call for stronger board‑level involvement and increased collaboration with specialists and regulators.
They caution that businesses risk suffering further financial and reputational damage without proactive budgeting and external expertise.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
