cybersecurity Archives | Page 12 of 35 | Digital Watch Observatory

Hackers target recruiters with fake CVs and malware

A financially driven hacking group known as FIN6 has reversed the usual job scam model by targeting recruiters instead of job seekers. Using realistic LinkedIn and Indeed profiles, the attackers pose as candidates and send malware-laced CVs hosted on reputable cloud platforms.

to type in resume URLs, bypassing email security tools manually. These URLs lead to fake portfolio sites hosted on Amazon Web Services that selectively deliver malware to users who pass as humans.

Victims receive a zip file containing a disguised shortcut that installs the more_eggs malware, which is capable of credential theft and remote access.

However, this JavaScript-based tool, linked to another group known as Venom Spider, uses legitimate Windows utilities to evade detection.

The campaign includes stealthy techniques such as traffic filtering, living-off-the-land binaries, and persistent registry modifications. Domains used include those mimicking real names, allowing attackers to gain trust while launching a powerful phishing operation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI tools are not enough without basic cybersecurity

At London Tech Week, Darktrace and UK officials warned that many firms are over-relying on AI tools while failing to implement basic cybersecurity practices.

Despite the hype around AI, essential measures like user access control and system segmentation remain missing in many organisations.

Cybercriminals are already exploiting AI to automate phishing and accelerate intrusions in the UK, while outdated infrastructure and short-term thinking leave companies vulnerable.

Boards often struggle to assess AI tools properly, buying into trends rather than addressing real threats.

Experts stressed that AI is not a silver bullet and must be used alongside human expertise and solid security foundations.

Domain-specific AI models, built with transparency and interpretability, are needed to avoid the dangers of overconfidence and misapplication in high-risk areas.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo highlights cybersecurity at AfriSIG

The African School of Internet Governance (AfriSIG) convened in Dar Es Salaam, Tanzania, from 23 to 28 May 2025, bringing together a broad mix of African and international stakeholders for intensive internet, ICT, and data governance training. As a precursor to the African Internet Governance Forum (AfIGF), the school aimed to strengthen civil society, public, and private sector expertise in navigating Africa’s rapidly evolving digital landscape.

Katherine Getao spoke about cybersecurity and #GenevaDialogue at the African School on Internet Governance (AfriSIG), highlighting the importance of multistakeholder cooperation in implementing cyber norms.

We thank AfriSIG for the opportunity to engage with leaders shaping… pic.twitter.com/OCtj5ONP63
— DiploFoundation (@DiplomacyEdu) June 11, 2025

Representing Diplo, Dr Katherine Getao delivered a keynote on ‘Cybersecurity and Cybercrime in Africa,’ emphasising the continent’s urgent need to build strong digital defences amid rising cyber threats. While the challenges are pressing, she pointed out that they also open avenues for youth employment and entrepreneurship, especially in the cybersecurity sector.

Dr Getao also stressed the significance of African participation in global policy dialogues, such as the Geneva Dialogue, to ensure the continent’s digital priorities are heard and reflected in international frameworks. Drawing from her experience with the UN Group of Governmental Experts, she advocated for Africa to be more active in shaping responsible state behaviour in cyberspace.

The event’s panel discussions and workshops further explored how African voices can better leverage platforms like the Internet Governance Forum to influence global tech governance. For Diplo and initiatives like the Geneva Dialogue, AfriSIG was a key venue for aligning African digital development with international policy momentum.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Massive leak exposes data of millions in China

Cybersecurity researchers have uncovered a brief but significant leak of over 600 gigabytes of data, exposing information on millions of Chinese citizens.

The haul, containing WeChat, Alipay, banking, and residential records, is part of a centralised system, possibly aimed at large-scale surveillance instead of a random data breach.

According to research from Cybernews and cybersecurity consultant Bob Diachenko, the data was likely used to build individuals’ detailed behavioural, social and economic profiles.

They warned the information could be exploited for phishing, fraud, blackmail or even disinformation campaigns instead of remaining dormant. Although only 16 datasets were reviewed before the database vanished, they indicated a highly organised and purposeful collection effort.

The source of the leak remains unknown, but the scale and nature of the data suggest it may involve government-linked or state-backed entities rather than lone hackers.

The exposed information could allow malicious actors to track residence locations, financial activity and personal identifiers, placing millions at risk instead of keeping their lives private and secure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Digital Social Security cards coming this summer

The US Social Security Administration is launching digital access to Social Security numbers in the summer of 2025 through its ‘My Social Security’ portal. The initiative aims to improve convenience, reduce physical card replacement delays, and protect against identity theft.

The digital rollout responds to the challenges of outdated paper cards, rising fraud risks, and growing demand for remote access to US government services. Cybersecurity experts also recommend using VPNs, antivirus software, and identity monitoring services to guard against phishing scams and data breaches.

While it promises faster and more secure access, experts urge users to bolster account protection through strong passwords, two-factor authentication, and avoidance of public Wi-Fi when accessing sensitive data.

Users should regularly check their credit reports and SSA records and consider requesting an IRS PIN to prevent tax-related fraud. The SSA says this move will make Social Security more efficient without compromising safety.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Paraguay denies Bitcoin legal tender announcement

Paraguay’s government warned of possible unauthorised access to President Santiago Peña’s X account after a false Bitcoin legal tender claim. The now-deleted message announced a $5 million Bitcoin reserve fund and featured a decree with the national coat of arms.

Officials quickly noted inconsistencies in the statement’s formatting and tone. No matching information was published on government websites or state-run media. These red flags led observers to question the post’s authenticity almost immediately.

Authorities confirmed that the president’s account had shown signs of ‘irregular activity’, suggesting it may have been compromised. Citizens have been urged to ignore the claim and await verified updates through official channels.

Although countries like El Salvador have formally adopted Bitcoin as legal tender, Paraguay has made no such move. At the time of writing, no further details had been released regarding the source or method of the suspected breach.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybersecurity alarm after 184 million credentials exposed

A vast unprotected database containing over 184 million credentials from major platforms and sectors has highlighted severe weaknesses in data security worldwide.

The leaked credentials, harvested by infostealer malware and stored in plain text, pose significant risks to consumers and businesses, underscoring an urgent need for stronger cybersecurity and better data governance.

Cybersecurity researcher Jeremiah Fowler discovered the 47 GB database exposing emails, passwords, and authorisation URLs from tech giants like Google, Microsoft, Apple, Facebook, and Snapchat, as well as banking, healthcare, and government accounts.

The data was left accessible without any encryption or authentication, making it vulnerable to anyone with the link.

The credentials were reportedly collected by infostealer malware such as Lumma Stealer, which silently steals sensitive information from infected devices. The stolen data fuels a thriving underground economy involving identity theft, fraud, and ransomware.

The breach’s scope extends beyond tech, affecting critical infrastructure like healthcare and government services, raising concerns over personal privacy and national security. With recurring data breaches becoming the norm, industries must urgently reinforce security measures.

Chief Data Officers and IT risk leaders face mounting pressure as regulatory scrutiny intensifies. The leak highlights the need for proactive data stewardship through encryption, access controls, and real-time threat detection.

Many organisations struggle with legacy systems, decentralised data, and cloud adoption, complicating governance efforts.

Enterprise leaders must treat data as a strategic asset and liability, embedding cybersecurity into business processes and supply chains. Beyond technology, cultivating a culture of accountability and vigilance is essential to prevent costly breaches and protect brand trust.

The massive leak signals a new era in data governance where transparency and relentless improvement are critical. The message is clear: there is no room for complacency in safeguarding the digital world’s most valuable assets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DW Weekly #215 – Japan is boosting its cyberdefence, NATO shifts digital priorities, EU’s International Digital Strategy

30 May – 6 June 2025

Person, Reading, Computer, Electronics, Laptop, Pc, Art, Face, Head, Book, Publication, Drawing, Painting, La Parka

Dear readers,

Amid heightened cybersecurity tensions in East Asia, exemplified by China’s recent accusations against Taiwan for alleged cyberattacks and bounty offers targeting Taiwanese hackers, Japan is taking proactive steps to strengthen its cyberdefence capabilities. In May, the Japanese parliament approved a cyberdefence law, empowering authorities to monitor international communications through domestic infrastructure and neutralise overseas servers preemptively if they’re suspected of initiating cyberattacks. To complement these legislative measures, Japan is also formulating a comprehensive new cybersecurity strategy by the end of 2025, which will prioritise advanced encryption, proactive threat detection, and enhanced resilience of critical national infrastructure.

Cybersecurity policy strengthening is frequent these days, not only in Asia but also across the EU, as the UK and NATO bring important shifts in their cyberdefence strategies. The UK Ministry of Defence recently announced the establishment of a new Cyber and Electromagnetic Command aimed at integrating defensive cyber operations with offensive cyber and electronic warfare capabilities. Concurrently, NATO is considering formally incorporating cybersecurity into its defence spending guidelines, potentially including cyber capabilities within the alliance’s new 5% GDP target for defence expenditures.

Related to state security, another notable military development from the past week is the announcement that Chinese scientists have created the world’s first AI-based system capable of distinguishing real nuclear warheads from decoys, marking a significant breakthrough in arms control verification.

Cryptocurrencies continue to reshape Europe’s financial landscape, prompting varying responses from institutions across the continent. While the EU is actively advancing its ambitions for a digital euro, viewing it as a strategic tool to enhance the eurozone’s global currency influence and financial sovereignty, the Bank of Italy has expressed scepticism about current regulatory efforts. Specifically, Italy’s central bank criticised the Markets in Crypto-Assets (MiCA) regulation, pointing out its limited impact on boosting crypto adoption or effectively addressing consumer protection and market stability concerns.

The EU continues its legal battle with tech companies that do not comply with its digital market policies. Namely, the European Commission has imposed a €329 million fine on Berlin-based Delivery Hero and its Spanish subsidiary, Glovo, for participating in what it described as ‘a cartel’ in the online food delivery market.

A content policy correction initiative from France: TikTok has globally banned the hashtag ‘SkinnyTok’ after pressure from the French government, which accused the platform of promoting harmful eating habits among young users.

EU’s International Digital Strategy

On 5 June 2025, the European Commission and the High Representative unveiled a new International Digital Strategy for the EU, aiming to enhance the EU’s global tech competitiveness and security amid a rapidly evolving digital landscape. The strategy emphasises deepening existing Digital Partnerships and Dialogues, establishing new ones, and creating a Digital Partnership Network to foster collaboration on emerging technologies like AI, 5G/6G, semiconductors, and quantum computing, while promoting secure connectivity through initiatives like the Global Gateway. It also introduces an EU Tech Business Offer, a modular approach to combine technology solutions with capacity-building, supporting trusted partners in building secure digital infrastructure, such as submarine cables and AI Factories.

Prioritising cybersecurity, the EU plans to strengthen defences against cyber threats and Foreign Information Manipulation (FIMI) by enhancing resilience and promoting algorithmic transparency on online platforms. The strategy reaffirms the EU’s commitment to shaping global digital governance by advocating for human-centric standards in forums like the UN and G7, ensuring the digital transformation aligns with democratic values and fundamental rights.

Last week in Geneva

Water, Waterfront, City, Urban, Harbor, Pier, Metropolis, Architecture, Building, Cityscape, Outdoors, Boat, Transportation, Vehicle, High Rise, Windmill

In Geneva, the 113th Session of the International Labour Conference (ILC), convened by the International Labour Organisation (ILO), is currently taking place from 2 to 13 June 2025 at the Palais des Nations and ILO headquarters, where delegates are deliberating on pressing global labour issues.

On 5 June, the Giga Research Lab, in collaboration with Giga and the Geneva Innovation Movement, hosted a high-level event titled Bridging the Digital Divide: Cross-Sector Insights for Scaling School Connectivity. Held on Giga premises, the event welcomed invited guests for an exchange of ideas on expanding digital access in education.

On the same day, the International Telecommunications Union (ITU) held a webinar to launch the fourth edition of the landmark report, Greening Digital Companies: Monitoring Emissions and Climate Commitments 2025.

For the main updates, reflections and events, consult the RADAR, the READING CORNER and the UPCOMING EVENTS section below.

DW Team

RADAR

Highlights from the week of 30 May – 6 June 2025

EU launches global digital strategy

As the global race for digital dominance accelerates, the European Union is stepping forward with a bold strategy that blends technological ambition with a commitment to democratic values and international…

AI copyright clash stalls UK data bill

Peers warn the UK’s creative sector could suffer if AI firms are allowed to use copyrighted content without consent or fair compensation.

Colt, Honeywell and Nokia to trial quantum cryptography in space

Space-based cryptography aims to secure sensitive data from quantum threats.

NVIDIA unveils world’s largest quantum research supercomputer

New centre aims to accelerate real-world use of quantum computing.

enter new era computing with large quantum computer generative ai

Netherlands unveils open-architecture quantum computer

The open-architecture Tuna-5 showcases how academic labs and startups can build a functional quantum machine with interoperable components from the local supply chain.

Czech justice minister quits over bitcoin scandal

Opposition seeks answers in emergency parliament session on 5 June.

Vodafone fined €45 million in Germany over data privacy violations

Vodafone is facing one of the largest privacy-related fines in Germany’s telecom sector, revealing deep concerns over how personal data is handled behind the scenes.

Crypto-friendly legislation advances in California

The lawmakers have approved a bill allowing crypto payments for state services under a pilot programme.

Meta Clinton Clean Energy Center Illinois Constellation nuclear energy AI

Meta inks 20-year nuclear deal to power AI expansion

Meta’s AI infrastructure plans include $65 billion in spending for 2025.

amazon india beverly hills polo club Lifestyle equities trademark lawsuit

Amazon invests $10 billion in AI data centres

However, an expert warned that Amazon’s investment shows how costly AI infrastructure has become, pushing out smaller developers.

nord quantique qubit quantum computers photons multimode encoding

Nord Quantique says fewer qubits needed for fault tolerance

Quantum computers may need fewer qubits, thanks to new photon-based encoding.

View all updates

READING CORNER

Cognitive offloading and the future of the mind in the AI age

The rise of AI is transforming work and education, but raises questions about its impact on critical thinking and cognitive independence.

UPCOMING EVENTS

9 Jun 2025 – 10 Jun 2025

Informal interactive WSIS stakeholder consultation on the review of implementation of the outcomes of the WSIS+20

The consultation, organised by the the President of the General Assembly, aims to gather input from all relevant WSIS stakeholders on the preparatory process for the review of the implementation…

9 Jun 2025 – 12 Jun 2025

ICANN 83

The event will focus on ongoing policy development, community outreach, and collaboration among global stakeholders.

10 Jun 2025, 14:00h – 15:00h

Final Brief on the WSIS+20 High-Level Event 2025

The session aims to foster open dialogue, encourage active stakeholder engagement, and support continued progress toward the WSIS+20 High-Level Event 2025

12 June 2025 – 13 June 2025

Digital Democracy for All (D4ALL): Capacity Building Programme for Armenia – Diplo Event

Digital Democracy for All (D4ALL): Capacity Building Programme for Armenia The Digital Democracy for All (DD4ALL) project is a collaborative initiative

23 Jun 2025 – 27 Jun 2025

Internet Governance Forum 2025

The Government of Norway will host the 20th annual Internet Governance Forum (IGF) in Lillestrøm from 23 to 27 June 2025.

23 June 2025 – 27 June 2025

Diplo/GIP at IGF 2025 – Diplo Event

Diplo/GIP at IGF 2025 The 20th annual meeting of the Internet Governance Forum (IGF) will be hosted by the Government of Norway, in Lillestrøm, from 23 to 27 June.

24 Jun 2025 – 27 Jun 2025

Global Forum on the Ethics of AI 2025

Thailand will host the 3rd UNESCO Global Forum on the Ethics of Artificial Intelligence from 24 to 27 June 2025.

Europe gets new cybersecurity support from Microsoft

Microsoft has launched a free cybersecurity initiative for European governments aimed at countering increasingly sophisticated cyber threats powered by AI. Company President Brad Smith said Europe would benefit from tools already developed and deployed in the US.

The programme is designed to identify and disrupt AI-driven threats, including deepfakes and disinformation campaigns, which have previously been used to target elections and undermine public trust.

Smith acknowledged that AI is a double-edged sword, with malicious actors exploiting it for attacks, while defenders increasingly use it to stay ahead. Microsoft continues to monitor how its AI products are used, blocking known cybercriminals and working to ensure AI serves as a stronger shield than weapon.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK NCSC releases principles for strengthening organisational cybersecurity culture

The UK’s National Cyber Security Centre (NCSC) has published a framework of six principles aimed at supporting organisations in developing a strong internal cybersecurity culture. The principles are based on research conducted with government and industry stakeholders and are intended to guide organisations in embedding cyber-resilient behaviours among their personnel.

The principles are outlined as follows:

Frame cyber security as an enabler that supports the organisation’s core objectives.
Encourage openness by building trust, safety, and processes that support transparency around security issues.
Adapt to change to address new threats and take advantage of opportunities to improve resilience.
Acknowledge the role of social norms in shaping secure behaviours within the organisation.
Recognise leadership responsibility in influencing cyber security culture.
Maintain accessible and clear security rules and guidance to support user understanding and compliance.

Each principle is accompanied by practical examples illustrating effective and ineffective application.

Ice, Nature, Outdoors, Iceberg, Dynamite, Weapon — UK NCSC releases principles for strengthening organisational cybersecurity culture 34

The NCSC notes that building a cybersecurity culture requires ongoing and coordinated efforts across multiple organisational roles, including cybersecurity professionals, cultural specialists, and leadership. The centre highlights that the ability of staff to support security objectives is influenced by the overall organisational environment and approach to cyber risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!