cybersecurity

UK launches CAF 4.0 for cybersecurity

The UK’s National Cyber Security Centre has released version 4.0 of its Cyber Assessment Framework to help organisations protect essential services from rising cyber threats.

An updated CAF that provides a structured approach for assessing and improving cybersecurity and resilience across critical sectors.

Version 4.0 introduces a deeper focus on attacker methods and motivations to inform risk decisions, ensures software in essential services is developed and maintained securely, and strengthens guidance on threat detection through security monitoring and threat hunting.

AI-related cyber risks are also now covered more thoroughly throughout the framework.

The CAF primarily supports energy, healthcare, transport, digital infrastructure, and government organisations, helping them meet regulatory obligations such as the NIS Regulations.

Developed in consultation with UK cyber regulators, the framework provides clear benchmarks for assessing security outcomes relative to threat levels.

Authorities encourage system owners to adopt CAF 4.0 alongside complementary tools such as Cyber Essentials, the Cyber Resilience Audit, and Cyber Adversary Simulation services. These combined measures enhance confidence and resilience across the nation’s critical infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI and cyber priorities headline massive US defence budget bill

The US House of Representatives has passed an $848 billion defence policy bill with new provisions for cybersecurity and AI. Lawmakers voted 231 to 196 to approve the chamber’s version of the National Defence Authorisation Act (NDAA).

The bill mandates that the National Security Agency brief Congress on plans for its Cybersecurity Coordination Centre and requires annual reports from combatant commands on the levels of support provided by US Cyber Command.

It also calls for a software bill of materials for AI-enabled technology that the Department of Defence uses. The Pentagon will be authorised to create up to 12 generative AI projects to improve cybersecurity and intelligence operations.

An adopted amendment allows the NSA to share threat intelligence with the private sector to protect US telecommunications networks. Another requirement is that the Pentagon study the National Guard’s role in cyber response at the federal and state levels.

Proposals to renew the Cybersecurity Information Sharing Act and the State and Local Cybersecurity Grant Program were excluded from the final text. The Senate is expected to approve its version of the NDAA next week.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cybersecurity protections for US companies at risk as key law nears expiration

As cyber threats grow, a vital legal safeguard encouraging US companies to share threat intelligence is on the verge of expiring.

The US Cybersecurity Information Sharing Act of 2015 (CISA 2015), which grants liability protection to firms that voluntarily share cyber threat data with peers and the federal government, is set to lapse at the end of the month unless Congress acts swiftly.

The potential loss of this law could leave companies, especially small and mid-sized organisations, isolated in defending against cyberattacks, including those powered by emerging technologies like agentic AI. Companies may revert to lengthy legal reviews without liability protection or avoid information-sharing altogether.

On 3 September 2025, the House Homeland Security Committee unanimously approved a bill to extend these protections, but it still needs full congressional approval and the president’s signature.

According to Bloomberg, the Cybersecurity and Infrastructure Security Agency (CISA) has suffered budget cuts and workforce reductions under the Trump administration. Despite the administration’s criticism of the agency, its nominee to lead CISA, Sean Plankey, has publicly supported extending CISA 2015.

Industry leaders warn that losing these protections could slow down vital threat coordination. ‘This is the last line of defence,’ said Carole House, a former White House cybersecurity advisor.

With the potential expiration of CISA 2015, industry-focused Information Sharing and Analysis Centres (ISACs), now numbering at least 28 in the USA, may serve as a fallback for cybersecurity collaboration.

While some ISACs already offer legal protections like NDAs and anonymous sharing, experts warn that companies may hesitate to participate without federal liability protections.

Complex legal agreements could become necessary, potentially limiting engagement. ‘You run the risk of some companies deciding it’s too risky,’ said Scott Algeier, executive director of the IT-ISAC, despite hopes for continued collaboration.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Phishing scams surge with record losses in August

ScamSniffer has reported a sharp rise in phishing scams during August, with losses climbing to $12.17 million, a 72% increase from July. The figure marks the highest monthly losses this year and came alongside 15,230 victims, a new annual record.

The spike was driven mainly by EIP-7702 batch signature scams, which accounted for nearly half of the stolen funds. One victim lost $3.08 million in a single incident, while two others lost $1.54 million and $1 million, respectively.

More minor but significant losses also occurred, including users losing $235,977 and $66,000 in scams disguised as Uniswap swaps.

EIP-7702, introduced with Ethereum’s Pectra upgrade, allows externally owned accounts to act temporarily like smart contracts. While intended to improve user experience, it has opened the door to new phishing exploits.

Security experts warn that attackers increasingly use automated sweeper attacks to drain compromised wallets.

Beyond EIP-7702, traditional phishing methods remain a problem. ScamSniffer noted a rise in address poisoning and malicious ads on platforms such as Google and Bing. One user lost $636,559 after copying a tainted address, while two more lost $500,000 and $19,000 in similar schemes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

NSA, CISA and others urge for unified approach to strengthen cybersecurity resilience

The National Security Agency (NSA) has joined the Cybersecurity and Infrastructure Security Agency (CISA) and other partners to release a new Cybersecurity Information Sheet (CSI) titled ‘A Shared Vision of Software Bill of Materials’ (SBOM) for Cybersecurity.

Aimed at promoting the adoption of SBOM practices, the report highlights their role in improving transparency and addressing risks within the software supply chain.

By integrating SBOM generation, analysis, and sharing into existing security processes, organisations can better manage vulnerabilities and strengthen cyber resilience.

Practical risk management strategies and real-world examples outlined in the CSI support the broader Secure by Design initiative.

Authors urge a unified SBOM approach across the cybersecurity community to prevent fragmentation, lower implementation costs, and enhance long-term effectiveness.

Inconsistent or siloed adoption, they caution, could limit the sustainability and impact of SBOM as a core cybersecurity tool.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Coinbase relies on AI for nearly half of its code

Coinbase CEO Brian Armstrong said AI now generates around 40 per cent of the exchange’s code, expected to surpass 50 per cent by October 2025. He emphasised that human oversight remains essential, as AI cannot be uniformly applied across all areas of the platform.

Armstrong confirmed that engineers were instructed to adopt AI development tools within a week, with those resisting the mandate dismissed. The move places Coinbase ahead of technology giants such as Microsoft and Google, which use AI for roughly 30 per cent of their code.

Security experts have raised concerns about the heavy reliance on AI. Industry figures warn that AI-generated code could contain bugs or miss critical context, posing risks for a platform holding over $420 billion in digital assets.

Larry Lyu called the strategy ‘a giant red flag’ for security-sensitive businesses.

Supporters argue that Coinbase’s approach is measured. Richard Wu of Tensor said AI could generate up to 90 per cent of high-quality code within five years if paired with thorough review and testing, similar to junior engineer errors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fintech CISO says AI is reshaping cybersecurity skills

Financial services firms are adapting rapidly to the rise of AI in cybersecurity, according to David Ramirez, CISO at Broadridge. He said AI is changing the balance between attackers and defenders while also reshaping the skills security teams require.

On the defensive side, AI is already streamlining governance, risk management and compliance tasks, while also speeding up incident detection and training. He highlighted its growing role in areas like access management and data loss prevention.

He also stressed the importance of aligning cyber strategy with business goals and improving board-level visibility. While AI tools are advancing quickly, he urged CISOs not to lose sight of risk assessments and fundamentals in building resilient systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

WhatsApp fixes flaw exploited in Apple device hacks

WhatsApp has fixed a vulnerability that exposed Apple device users to highly targeted cyberattacks. The flaw was chained with an iOS and iPadOS bug, allowing hackers to access sensitive data.

According to researchers at Amnesty’s Security Lab, the malicious campaign lasted around 90 days and impacted fewer than 200 people. WhatsApp notified victims directly, which urged all users to update their apps immediately.

Apple has also acknowledged the issue and released security patches to close the cybersecurity loophole. Experts warn that other apps beyond WhatsApp may have been exploited in the same campaign.

The identity of those behind the spyware attacks remains unclear. Both companies have stressed that prompt updates are the best protection for users against similar threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Salt Typhoon espionage campaign revealed through global cybersecurity advisory

Intelligence and cybersecurity agencies from 13 countries, including the NSA, CISA, the UK’s NCSC and Canada’s CSIS, have jointly issued an advisory on Salt Typhoon, a Chinese state-sponsored advanced persistent threat group.

The alert highlights global intrusions into telecommunications, military, government, transport and lodging sectors.

Salt Typhoon has exploited known, unpatched vulnerabilities in network-edge appliances, such as routers and firewalls, to gain initial access. Once inside, it covertly embeds malware and employs living-off-the-land tools for persistence and data exfiltration.

The advisory also warns that stolen data from compromised ISPs can help intelligence services track global communications and movements.

It pinpoints three Chinese companies with links to the Ministry of State Security and the People’s Liberation Army as central to Salt Typhoon’s operations.

Defensive guidelines accompany the advisory, urging organisations to apply urgent firmware patches, monitor for abnormal network activity, verify firmware integrity and tighten device configurations, especially for telecom infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers exploit Ethereum smart contracts to spread malware

Cybersecurity researchers have uncovered a new method hackers use to deliver malware, which hides malicious commands inside Ethereum smart contracts. ReversingLabs identified two compromised NPM packages on the popular Node Package Manager repository.

The packages, named ‘colortoolsv2’ and ‘mimelib2,’ were uploaded in July and used blockchain queries to fetch URLs that delivered downloader malware. The contracts hid command and control addresses, letting attackers evade scans by making blockchain traffic look legitimate.

Researchers say the approach marks a shift in tactics. While the Lazarus Group previously leveraged Ethereum smart contracts, the novel element uses them as hosts for malicious URLs. Analysts warn that open-source repositories face increasingly sophisticated evasion techniques.

The malicious packages formed part of a broader deception campaign involving fake GitHub repositories posing as cryptocurrency trading bots. With fabricated commits, fake user accounts, and professional-looking documentation, attackers built convincing projects to trick developers.

Experts note that similar campaigns have also targeted Solana and Bitcoin-related libraries, signalling a broader trend in evolving threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot