The FBI has warned Windows users about the rising threat of fake Chrome update installers quietly distributing malware when downloaded from unverified sites.
Windows PCs remain especially vulnerable when users sideload these installers based on aggressive prompts or misleading advice.
These counterfeit Chrome updates often bypass security defences, installing malicious software that can steal data, turn off protections, or give attackers persistent access to infected machines.
In contrast, genuine Chrome updates, distributed through the browser’s built‑in update mechanism, remain secure and advisable.
To reduce risk, the FBI recommends that users remove any Chrome software that is not sourced directly from Google’s official site or the browser’s automatic updater.
They further advise enabling auto‑updates and dismissing pop-ups urging urgent manual downloads. This caution aligns with previous security guidance targeting fake installers masquerading as browser or system updates.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A leading cybersecurity expert has raised concerns that Bitcoin’s underlying cryptography could be broken within five years. David Carvalho, CEO of Naoris Protocol, warned that quantum computers could soon break the cryptography securing Bitcoin transactions.
He believes the threat could materialise sooner than most anticipate, urging immediate action.
Carvalho pointed to Shor’s algorithm as the core concern. Once sufficiently advanced quantum machines are deployed, they could crack Bitcoin’s defences in seconds.
Roughly 30% of all Bitcoin—around 6 to 7 million BTC—is currently held in wallets with exposed public keys, making them especially vulnerable.
He also referenced major breakthroughs in the field, including Microsoft’s Majorana chip and IBM’s planned release of a fault-tolerant quantum computer by 2029.
With over 100 quantum systems already active and thousands more expected by 2030, Carvalho advised investors to migrate funds to quantum-secure wallets and update their security protocols.
However, Adam Back, CEO of Blockstream and an early Bitcoin contributor, believes the technology is still decades away from posing a real threat. He did acknowledge that future advancements may force even early adopters to move their coins to quantum-resistant addresses.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A 158‑year‑old UK transport firm, KNP Logistics, has collapsed after falling victim to a crippling ransomware attack. Hackers exploited a single weak password to infiltrate its systems and encrypted critical data, rendering the company inoperable.
Cybercriminals linked to the Akira gang locked out staff and demanded what experts believe could have been around £5 million, an amount KNP could not afford. The company ceased all operations, leaving approximately 700 employees without work.
The incident highlights how even historic companies with insurance and standard safeguards can be undone by basic cybersecurity failings. National Cyber Security Centre chief Richard Horne urged businesses to bolster defences, warning that attackers exploit the simplest vulnerabilities.
This case follows a string of high‑profile UK data breaches at firms like M&S, Harrods and Co‑op, signalling a growing wave of ransomware threats across industries. National Crime Agency data shows these attacks have nearly doubled recently.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Marks & Spencer has fully reinstated its Sparks loyalty programme following a damaging cyberattack that disrupted operations earlier this year. The retailer confirmed that online services are back and customers can access offers, discounts, and rewards again.
In April, a cyber breach forced M&S to suspend parts of its IT system and halt Sparks communications. Customers had raised concerns about missing benefits, prompting the company to promise a full recovery of its loyalty platform.
M&S has introduced new Sparks perks to thank users for their patience, including enhanced birthday rewards and complimentary coffees. Staff will also receive a temporary discount boost to 30 percent on selected items this weekend.
Marketing director Sharry Cramond praised staff efforts and customer support during the disruption, calling the recovery a team effort. Meanwhile, according to the UK National Crime Agency, four individuals suspected of involvement in cyber attacks against M&S and other retailers have been released on bail.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Singapore is addressing cyberattacks on its critical information infrastructure attributed to the state-sponsored cyberespionage group UNC3886. On 18 July, Coordinating Minister for National Security K. Shanmugam identified the group as an advanced persistent threat (APT) actor capable of long-term network infiltration to gather intelligence or disrupt essential services. He noted that UNC3886 is currently targeting high-value strategic assets in Singapore but did not name any state sponsor.
Cybersecurity firm Mandiant, which first reported on UNC3886 in 2022, has characterised it as a ‘China-nexus espionage group‘ that has previously targeted organisations in the defence, technology, and telecommunications sectors across the United States and Asia.
In response, the Chinese embassy in Singapore denied any connection to UNC3886. In a statement published over the weekend, it described the allegations as ‘groundless smears and accusations’ and reiterated that China opposes all forms of cyberattacks under its laws. The embassy stated that China does not encourage, support, or condone hacking activities.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
South Korea’s Cyber Operations Command is participating in a US-led multinational cyber exercise this week, the Ministry of National Defence in Seoul announced on Monday.
Seven personnel from the command are taking part in the five-day Cyber Flag exercise, which began in Virginia, United States. This marks South Korea’s fourth participation in the exercise since first joining in 2022.
Launched in 2011, Cyber Flag is an annual exercise designed to enhance cooperation between the United States and its allies, particularly the Five Eyes intelligence alliance, which includes Australia, Canada, New Zealand, the United Kingdom, and the United States. The exercise provides a platform for partner nations to strengthen their collective ability to detect, respond to, and mitigate cyber threats through practical, scenario-based training.
According to the Ministry, Cyber Flag, together with bilateral exercises between South Korean and US cyber commands and the exchange of personnel and technologies, is expected to further advance cooperation between the two countries in the cyber domain.
The Cyber Flag exercise involves the Five Eyes intelligence alliance—comprising the United States, United Kingdom, Australia, Canada, and New Zealand—alongside other partner countries. The program focuses on enhancing collective capabilities to counter cyber threats through practical training.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
In a massive data breach revealed in July 2025, the Texas Alcohol & Drug Testing Service (TADTS) admitted hackers gained access to sensitive information belonging to approximately 748,763 individuals.
Attackers remained inside the network for five days in July 2024 before detection, later leaking hundreds of gigabytes of data via the BianLian ransomware group.
Exposed records include a dangerous mix of personal and financial data—names, Social Security and passport numbers, driver’s licence and bank account details, biometric information, health‑insurance files and login credentials.
The breadth of this data presents a significant risk of identity theft and financial fraud.
Despite identifying the breach shortly after, TADTS delayed notifying those affected until July 2025 and provided no credit monitoring or identity theft services.
The company is now under classic action scrutiny, with law firms investigating its response and breach notification delays.
Security experts warn that the extended timeline and broad data exposure could lead to scams, account takeovers and sustained damage to victims.
Affected individuals are urged to monitor statements, access free credit reports, and remain alert for suspicious activity.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Exploiting known but unpatched vulnerabilities, attackers gained persistent access to these network devices, potentially enabling further intrusions into core telecom systems.
Affected providers emphasised that only client-owned hardware was breached and confirmed no internal networks were compromised, but the campaign raises deeper concerns.
The European Union and Vietnam have conducted specialised cyber‑defence training to enhance the resilience of key infrastructure sectors such as power, transportation, telecoms and finance.
Participants, including government officials, network operators and technology experts, engaged in interactive threat-hunting exercises and incident simulation drills designed to equip teams with practical cyber‑response skills.
This effort builds on existing international partnerships, including collaboration with the US Cybersecurity and Infrastructure Security Agency, to align Vietnam’s security posture with global standards.
Vietnam faces an alarming shortfall of more than 700,000 cyber professionals, with over half of organisations reporting at least one breach in recent years.
The training initiative addresses critical skills gaps and contributes to national digital security resilience.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has confirmed that attackers have exploited a high-risk vulnerability in its Chrome browser. Users have been advised to update their browsers before 23 July, with cybersecurity agencies stressing the urgency.
The flaw, CVE-2025-6554, involves a type confusion issue in Chrome’s V8 JavaScript engine. The US Cybersecurity and Infrastructure Security Agency (CISA) has made the update mandatory for federal departments and recommends all users take immediate action.
Although Chrome updates are applied automatically, users must restart their browsers to activate the security patches. Many fail to do so, leaving them exposed despite downloading the latest version.
CISA highlighted that timely updates are essential for reducing vulnerability to attacks, especially for organisations managing critical infrastructure. Enterprises are at risk if patching delays allow attackers to exploit known weaknesses.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
