cybersecurity

UN treaty sparks debate over digital cybersecurity

A new UN cybercrime treaty opened for signature on 25 October, raising concerns about digital cybersecurity and privacy protections. The treaty allows broad cross-border cooperation on serious crimes, potentially requiring states to assist investigations that conflict with domestic laws.

Negotiations revealed disagreements over the treaty’s scope and human rights standards, primarily because it grants broad surveillance powers without clearly specifying safeguards for privacy and digital rights. Critics warn that these powers could be misused, putting digital cybersecurity and the rights of citizens at risk.

Governments supporting the treaty are advised to adopt safeguards, including limiting intrusive monitoring, conditioning cooperation on dual criminality, and reporting requests for assistance transparently. Even with these measures, experts caution that the treaty could pose challenges to global digital cybersecurity protection.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Cyber and energy leaders meet to harden EU power grid resilience

Europe’s 8th Cybersecurity Forum in Brussels brought together more than 200 officials and operators from energy, cybersecurity and technology to discuss how to protect the bloc’s increasingly digital, decentralised grids. ENISA said strengthening energy infrastructure security is urgent as geopolitics and digitalisation raise risk.

Discussions focused on turning new EU frameworks into real-world protection: the Cyber Resilience Act placing board-level responsibility for security, the NIS2 Directive updating obligations across critical sectors, and the Network Code on Cybersecurity setting common rules for cross-border electricity flows. Speakers pressed for faster implementation, better public-private cooperation and stronger supply-chain security.

Case studies highlighted live threats. Ukraine’s National Cybersecurity Coordination Center warned of the growing threat of hybrid warfare, citing repeated Russian cyberattacks on its power grid dating back to 2015. ENCS demonstrated how insecure consumer-energy devices like EV chargers, PV inverters, and home batteries can be easily exploited when security-by-design measures are absent.

Organisers closed with a call to standardise best practice, improve information sharing and coordinate operators, regulators and suppliers. As DG Energy’s Michaela Kollau noted, the resilience of Europe’s grids depends on a shared commitment to implementing current legislation and sector cybersecurity measures.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

AI-driven cybercrime rises across Asia

Cybersecurity experts met in Dubai for the World Economic Forum’s Annual Global Future Councils and Cybersecurity meetings. More than 500 participants, including 150 top cybersecurity leaders, discussed how emerging technologies such as AI are reshaping digital security.

UAE officials highlighted the importance of resilience, trust and secure infrastructure as fundamental to future prosperity. Sessions examined how geopolitical shifts and technological advances are changing the cyber landscape and stressed the need for coordinated global action.

AI-driven cybercrime is rising sharply in Japan, with criminals exploiting advanced technology to scale attacks and target data. Recent incidents include a cyber attack on Asahi Breweries, which temporarily halted production at its domestic factories.

Authorities are calling for stronger cross-border collaboration and improved cybersecurity measures, while Japan’s new Prime Minister, Sanae Takaichi, pledged to enhance cooperation on AI and cybersecurity with regional partners.

Significant global developments include the signing of the first UN cybercrime treaty by 65 nations in Viet Nam, establishing a framework for international cooperation, rapid-response networks and stronger legal protections.

High-profile cyber incidents in the UK, including attacks on Jaguar Land Rover and a nursery chain, have highlighted the growing economic and social costs of cybercrime. These events are prompting calls for businesses to prioritise cyber resilience.

Experts warn that technology is evolving faster than cyber defences, leaving small businesses and less developed regions highly vulnerable. Integrating AI, automation and proactive security strategies is seen as essential to protect organizations and ensure global digital stability.

Cyber resilience is increasingly recognised not just as an IT issue but as a strategic imperative for economic and national security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Poland indicts former deputy justice minister in Pegasus spyware case

Poland’s former deputy justice minister, Michał Woś, has been indicted for allegedly authorising the transfer of $6.9 million from a fund intended for crime victims to a government office that later used the money to purchase commercial spyware.

Prosecutors claim the transfer took place in 2017. If convicted, Woś could face up to 10 years in prison.

The indictment is part of a broader investigation into the use of Pegasus, spyware developed by Israel’s NSO Group, in Poland between 2017 and 2022. The software was reportedly deployed against opposition politicians during that period.

In April 2024, Prime Minister Donald Tusk announced that nearly 600 individuals in Poland had been targeted with Pegasus under the previous Law and Justice (PiS) government, of which Woś is a member.

Responding on social media, Woś defended the purchase, writing that Pegasus was used to fight crime, and “that Prime Minister Tusk and Justice Minister Waldemar Żurek oppose such equipment is not surprising—just as criminals dislike the police, those involved in wrongdoing dislike crime detection tools.”

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Lawmakers urge EU to curb Huawei’s role in solar inverters over security risks

Lawmakers and security officials are increasingly worried that Huawei’s dominant role in solar inverters could create a new supply-chain vulnerability for Europe’s power grids. Two MEPs have written to the European Commission urging immediate steps to limit ‘high-risk’ vendors in energy systems.

Inverters are a technology that transforms solar energy into the electrical current fed into the power network; many are internet-connected so vendors can perform remote maintenance. Cyber experts warn that remote access to large numbers of inverters could be abused to shut devices down or change settings en masse, creating surges, drops or wider instability across the grid.

Chinese firms, led by Huawei and Sungrow, supply a large share of Europe’s installed inverter capacity. SolarPower Europe estimates Chinese companies account for roughly 65 per cent of the market. Some member states are already acting: Lithuania has restricted remote access to sizeable Chinese installations, while agencies in the Czech Republic and Germany have flagged specific Huawei components for further scrutiny.

The European Commission is preparing an ICT supply-chain toolbox to de-risk critical sectors, with solar inverters listed among priority areas. Suspicion of Chinese technology has surged in recent years. Beijing, under President Xi Jinping, requires domestic firms to comply with government requests for data sharing and to report software vulnerabilities, raising Western fears of potential surveillance.

Would you like to learn more aboutAI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Scouts can now earn AI and cybersecurity badges

In the United States, Scouting America, formerly known as the Boy Scouts, has introduced two new merit badges in AI and cybersecurity. The badges give scouts the opportunity to explore modern technology and understand its applications, while the organisation continues to adapt its programs to a digital era. Scouting America has around a million members and offers hundreds of merit badges across a wide range of skills.

The AI badge challenges scouts to examine AI’s effects on daily life, study deepfakes, and complete projects that demonstrate AI concepts. The cybersecurity badge teaches practical tools to stay safe online, emphasises ethical behaviour, and introduces scouts to a career field with thousands of unfilled positions.

Earlier this year, Scouting America launched Scoutly, an AI-powered chatbot designed to answer questions about the organisation and its merit badges. The initiative is part of Scouting America’s broader effort to modernise its programs and prepare young people for opportunities in an increasingly digital world.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Unapproved AI tools boom in UK workplaces

Microsoft research reveals 71% of UK employees use unapproved AI tools at work, with 51% doing so weekly, raising concerns about data privacy and cybersecurity risks. Organisations face heightened risks to data privacy and cybersecurity as sensitive information enters unregulated platforms.

Despite these dangers, awareness remains low, as only 32% express concern over data privacy and 29% over IT system vulnerabilities.

Workers favour Shadow AI for its simplicity, with 41% citing familiarity from personal use and 28% noting the absence of approved alternatives at their firms. Common applications include drafting communications (49%), creating reports or presentations (40%), and handling finance tasks (22%).

Generative AI assistants now permeate the workforce, saving an average of 7.75 hours weekly per user- equivalent to 12.1 billion hours annually across the economy, valued at £208 billion.

Sector leaders in IT, telecoms, sales, media, marketing, architecture, engineering, and finance report the highest adoption rates. Employees plan to redirect saved time towards better work-life balance (37%), skill development (31%), and more fulfilling tasks (28%).

Darren Hardman, CEO of Microsoft UK and Ireland, urges businesses to prioritise enterprise-grade tools that blend productivity with robust safeguards.

Optimism about AI has climbed, with 57% of staff feeling excited or confident- up from 34% in January 2025. Familiarity grows too, as confusion over starting points drops from 44% to 36%, and clarity on organisational AI strategies rises from 24% to 43%.

Frontier firms leading in adoption see twice the thriving rates, aligning with global trends where 82% of leaders deem 2025 pivotal for AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Fake VPN apps linked to banking malware warn security experts

Security researchers have issued urgent warnings about VPN applications that appear legitimate but secretly distribute banking trojans such as Klopatra and Mobdro.

The apps masquerade as trustworthy privacy tools, but once installed they can steal credentials, exfiltrate data or give attackers backdoor access to devices. Victims may initially notice nothing amiss.

Among the apps flagged, some were available on major app platforms, increasing the risk exposure. Analysts recommend users immediately uninstall any unfamiliar VPN apps, scan devices with a reputable security tool and change banking passwords if suspicious activity is detected.

Developers and platform operators are urged to strengthen vetting of privacy tool submissions. Given that VPNs are inherently powerful (encrypting traffic, accessing network functions), any malicious behaviour can escalate rapidly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Fake VPN app drains bank accounts across Europe

Cybersecurity experts are urging Android users to uninstall a fake VPN app capable of stealing banking details and draining accounts. The malware, hidden inside a Mobdro Pro IPTV + VPN app, has already infected more than 3,000 devices across Europe.

The app promises free access to films and live sports, but installs Klopatra, a sophisticated malware designed to gain complete control of a device. Once downloaded, it tricks users into granting access through Android’s Accessibility Services, enabling attackers to read screens and perform actions remotely.

Researchers at Cleafy, the firm that uncovered the operation, said attackers can use the permissions to operate phones as if they were the real owners. The firm believes the campaign originated in Turkey and estimates that around 1,000 people have fallen victim to the scam.

Cybersecurity analysts stress that the attack represents a growing trend in banking malware, where accessibility features are exploited to bypass traditional defences and gain near-total control of infected devices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New report finds IT leaders unprepared for evolving cyber threats

A new global survey by 11:11 Systems highlights growing concerns among IT leaders over cyber incident recovery. More than 800 senior IT professionals across North America, Europe, and the Asia Pacific report a rising strain from evolving threats, staffing gaps, and limited clean-room infrastructure.

Over 80% of respondents experienced at least one major cyberattack in the past year, with more than half facing multiple incidents. Nearly half see recovery planning complexity as their top challenge, while over 80% say their organisations are overconfident in their recovery capabilities.

The survey also reveals that 74% believe integrating AI could increase cyberattack vulnerability. Despite this, 96% plan to invest in cyber incident recovery within the next 12 months, underlining its growing importance in budget strategies.

The financial stakes are high. Over 80% of respondents reported spending at least six figures during just one hour of downtime, with the top 5% incurring losses of over one million dollars per hour. Yet 30% of businesses do not test their recovery plans annually, despite these risks.

11:11 Systems’ CTO Justin Giardina said organisations must adopt a proactive, AI-driven approach to recovery. He emphasised the importance of advanced platforms, secure clean rooms, and tailored expertise to enhance cyber resilience and expedite recovery after incidents.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!