cybersecurity

Meta and PayPal users targeted in new phishing scam

Cybersecurity experts are warning of a rapid and highly advanced phishing campaign that targets Meta and PayPal users with instant account takeovers. The attack exploits Google’s AppSheet platform to send emails from a legitimate domain, bypassing standard security checks.

Victims are tricked into entering login details and two-factor authentication codes, which are then harvested in real time. Emails used in the campaign pose as urgent security alerts from Meta or PayPal, urging recipients to click a fake appeal link.

A double-prompt technique falsely claims an initial login attempt failed, increasing the likelihood of accurate information being submitted. KnowBe4 reports that 98% of detected threats impersonated Meta, with the remaining targeting PayPal.

Google confirmed it has taken steps to reduce the campaign’s impact by improving AppSheet security and deploying advanced Gmail protections. The company advised users to stay alert and consult their guide to spotting scams. Meta and PayPal have not yet commented on the situation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ascension faces fresh data breach fallout

A major cybersecurity breach has struck Ascension, one of the largest nonprofit healthcare systems in the US, exposing the sensitive information of over 430,000 patients.

The incident began in December 2024, when Ascension discovered that patient data had been compromised through a former business partner’s software flaw.

The indirect breach allowed cybercriminals to siphon off a wide range of personal, medical and financial details — including Social Security numbers, diagnosis codes, hospital admission records and insurance data.

The breach adds to growing concerns over the healthcare industry’s vulnerability to cyberattacks. In 2024 alone, 1,160 healthcare-related data breaches were reported, affecting 305 million records — a sharp rise from the previous year.

Many institutions still treat cybersecurity as an afterthought instead of a core responsibility, despite handling highly valuable and sensitive data.

Ascension itself has been targeted multiple times, including a ransomware attack in May 2024 that disrupted services at dozens of hospitals and affected nearly 5.6 million individuals.

Ascension has since filed notices with regulators and is offering two years of identity monitoring to those impacted. However, critics argue this response is inadequate and reflects a broader pattern of negligence across the sector.

The company has not named the third-party vendor responsible, but experts believe the incident may be tied to a larger ransomware campaign that exploited flaws in widely used file-transfer software.

Rather than treating such incidents as isolated, experts warn that these breaches highlight systemic flaws in healthcare’s digital infrastructure. As criminals grow more sophisticated and vendors remain vulnerable, patients bear the consequences.

Until healthcare providers prioritise cybersecurity instead of cutting corners, breaches like this are likely to become even more common — and more damaging.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Legal aid data breach affects UK applicants

The UK Ministry of Justice has confirmed a serious cyber-attack on its Legal Aid Agency, first detected on 23 April and revealed to be more extensive on 16 May. Investigators found that a wide range of personal details belonging to applicants dating back to 2010 were accessed.

The breach has prompted urgent security reviews and cooperation with the National Cyber Security Centre. Stolen information may include names, addresses, dates of birth, national ID numbers, criminal histories, employment records and financial data such as debts and contributions.

While the total number of affected individuals remains unconfirmed, publicly available figures suggest hundreds of thousands of applications across the last year alone. Victims have been urged to monitor for suspicious communications and to change passwords promptly.

UK Legal aid services have been taken offline as contingency measures are put in place to maintain support for vulnerable users. Jane Harbottle, CEO of the Legal Aid Agency, expressed regret over the incident and reassured applicants that efforts are underway to restore secure access.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

ENISA unveils cyber stress testing handbook to strengthen critical infrastructure resilience under NIS2

The European Union Agency for Cybersecurity (ENISA) has released a Handbook for Cyber Stress Testing to support national and sectoral authorities in assessing the cybersecurity and resilience of critical infrastructure, in line with the NIS2 Directive. The guidance is intended for use at the national, regional, and EU levels and complements regulatory frameworks such as the Digital Operational Resilience Act (DORA) and the Critical Entities Resilience (CER) directive.

Cyber stress tests are defined as targeted assessments of an organisation’s capacity to maintain critical services during and after significant cybersecurity incidents. The handbook outlines five main steps for organising these tests:

  1. Defining scope and objectives – identifying relevant sectors, entities, risk scenarios, and test goals;
  2. Designing the test – developing methodologies, resilience metrics, and timelines;
  3. Executing the test – engaging participants and providing guidance;
  4. Conducting a gap analysis – identifying key findings and resilience gaps;
  5. Concluding and follow-up – compiling lessons learned and formulating recommendations.

The structured process enables authorities to evaluate both organizational preparedness and systemic sectoral risks. Practical recommendations are provided for each step, and an example from the health sector illustrates potential applications.

Authorities may use cyber stress tests to inform national risk assessments, prepare for cyber exercises, identify sector-wide vulnerabilities, and support supervisory planning. Tests can also serve as a basis for dialogue between regulators and operators.

While audits and certifications remain standard supervisory tools, stress tests offer an additional method tailored to specific risk scenarios. Depending on sector maturity and regulatory context, authorities may adopt either a voluntary or more prescriptive approach to testing. ENISA recommends clearly communicating the scope, purpose, and use of test results in advance.

Cyber stress tests can be conducted at national, regional, or EU-wide levels. National-level exercises are typically overseen by authorities responsible for specific critical sectors, either broadly assessing sector maturity or focusing on selected entities. Cooperation with sectoral regulators—such as those in finance or civil protection—can enhance the design and implementation of tests.

Regional and EU-wide stress tests, though more complex to coordinate, may be suited to sectors with cross-border dependencies. Recent examples include joint efforts in the energy and financial sectors, coordinated by the European Commission and the European Central Bank. EU funding through the Digital Europe Programme is available to support such initiatives, including development of common tools and methodologies.

In parallel, ENISA has launched the European Vulnerability Database (EUVD), mandated under NIS2. The EUVD is a centralised, authoritative source of publicly available vulnerability information, supporting coordination among national CSIRTs, vendors, and regulators.

The Handbook for Cyber Stress Testing contributes to broader efforts to strengthen risk-informed cybersecurity oversight across the EU and encourages the consistent integration of cyber stress testing into national and sectoral supervisory practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Netherlands expands espionage laws to include cyber activities

The Dutch government has adopted new legislation expanding the scope of its espionage laws to include digital espionage and other activities carried out on behalf of foreign states that may harm Dutch national interests. The updated law complements existing provisions that criminalise the disclosure of state secrets by adding penalties for leaking sensitive, but not classified, information and for conducting harmful activities linked to foreign entities.

Under the revised legal framework, penalties for computer-related offenses associated with espionage have been increased. Individuals found guilty of such offenses could face up to eight years in prison, or up to twelve years in particularly severe cases.

Netherlands Justice and Security Minister David van Weel stated that the measures aim to enhance national resilience against foreign threats.

In parallel, the government is moving forward with plans to implement vetting procedures for researchers and students seeking access to sensitive technologies at Dutch academic institutions. This follows growing concern over foreign interest in strategic research, particularly from China, as noted by Dutch intelligence services.

In recent assessments, Dutch authorities have reported both Chinese cyber activities targeting intellectual property and Russian state-linked attempts to disrupt national infrastructure. Incidents include reported efforts to infiltrate institutions based in The Hague, such as the International Criminal Court and the Organisation for the Prohibition of Chemical Weapons.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Japan approves preemptive cyberdefence law

Japan’s parliament has passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Instead of reacting only after incidents, this law lets the government take preventive steps to counter threats before they escalate.

Operators of vital infrastructure, such as electricity and railway companies, must now report cyber breaches directly to the government. The shift follows recent cyber incidents targeting banks and an airline, prompting Japan to put a full framework in place by 2027.

Although the law permits monitoring of IP addresses in communications crossing Japanese borders, it explicitly bans surveillance of domestic messages and their contents.

A new independent panel will authorise all monitoring and response actions beforehand, instead of leaving decisions solely to security agencies.

Police will handle initial countermeasures, while the Self-Defense Forces will act only when attacks are highly complex or planned. The law, revised to address opposition concerns, includes safeguards to ensure personal rights are protected and that government surveillance remains accountable.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum AI interest surges in data science and cybersecurity

Quantum AI is no longer a distant concept for many businesses, with over 60 percent actively investing in or exploring the technology, according to new research from SAS.

The report highlights that the most common area of application is in data analytics and machine learning, accounting for 48 percent of use cases. Research and development follows at 41 percent, while cybersecurity ranks third at 35 percent.

The emerging field of quantum AI combines current AI with the immense processing power of quantum computing. This fusion promises breakthroughs in algorithm development, complex model training, and solving data problems that today’s systems struggle with.

Industries are also examining its potential in supply chain and logistics (31 percent), finance and risk management (26 percent), and even marketing (20 percent).

Despite growing interest, several barriers still hinder adoption. These include high costs (38 percent), a lack of understanding (35 percent), uncertainty around practical use cases (31 percent), a shortage of skilled workers (31 percent), and limited regulatory guidance (26 percent).

SAS Principal Quantum Architect Bill Wisotsky acknowledged the surrounding hype but stressed that research underway today is crucial groundwork.

Key sectors poised to benefit include life sciences, financial services, and manufacturing, particularly in areas such as drug discovery, risk analysis, and process optimisation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

LockBit ransomware platform breached again

LockBit, one of the most notorious ransomware groups of recent years, has suffered a significant breach of its dark web platform. Its admin and affiliate panels were defaced and replaced with a message linking to a leaked MySQL database, seemingly exposing sensitive operational details.

The message mocked the gang with the line ‘Don’t do crime CRIME IS BAD xoxo from Prague,’ raising suspicions of a rival hacker or vigilante group behind the attack.

The leaked database, first flagged by a threat actor known as Rey, contains 20 tables revealing details about LockBit’s affiliate network, tactics, and operations. Among them are nearly 60,000 Bitcoin addresses, payload information tied to specific targets, and thousands of extortion chat messages.

A ‘users’ table lists 75 affiliate and admin identities, many with passwords stored in plain text—some comically weak, like ‘Weekendlover69.’

While a LockBit spokesperson confirmed the breach via Tox chat, they insisted no private keys were exposed and that losses were minimal. However, the attack echoes a recent breach of the Everest ransomware site, suggesting the same actor may be responsible.

Combined with past law enforcement actions—such as Operation Cronos, which dismantled parts of LockBit’s infrastructure in 2024—the new leak could harm the group’s credibility with affiliates.

LockBit has long operated under a ransomware-as-a-service model, providing malware to affiliates in exchange for a cut of ransom profits. It has targeted both Linux and Windows systems, used double extortion tactics, and accounted for a large share of global ransomware attacks in 2022.

Despite ongoing pressure from authorities, the group has continued its operations—though this latest breach could prove harder to recover from.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CrowdStrike cuts jobs amid AI shift

Cybersecurity firm CrowdStrike is laying off 500 employees—5% of its workforce—as it shifts towards an AI-led operating model to boost efficiency and hit a $10 billion annual revenue goal.

In a letter to staff, CEO George Kurtz described AI as a ‘force multiplier’ meant to reduce hiring needs instead of expanding headcount.

The restructure, expected to cost up to $53 million through mid-2026, will still see hiring in customer-facing and engineering roles.

Yet despite its optimism, the company’s regulatory filings flag notable risks in depending on AI, such as faulty outputs, legal uncertainty, and the challenge of managing fast-moving systems. Analysts have also linked the shift to wider market pressures, not merely strategic innovation.

Principal analyst Sofia Ali warned that the AI-first approach may backfire if transparency, governance, and human oversight are not prioritised. Over-reliance on automation—especially in threat detection or customer support—could erode user trust instead of reinforcing it, particularly during critical incidents.

CrowdStrike’s move mirrors a broader tech trend: over 52,000 tech jobs were cut in early 2025 as firms embraced AI to replace automatable roles. For cybersecurity leaders, the challenge now lies in balancing AI’s promise with the human expertise essential to trust and resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Indian stock exchanges curb foreign access amid cybersecurity concerns

India’s two largest stock exchanges, the National Stock Exchange (NSE) and BSE Ltd, have temporarily restricted overseas access to their websites amid rising concerns over cyber threats. The move does not affect foreign investors’ ability to trade on Indian markets.

Sources familiar with the matter confirmed the decision followed a joint meeting between the exchanges, although no recent direct attack has been specified.

Despite the restrictions, market operations remain fully functional, with officials emphasising that the measures are purely preventive.

The precautionary step comes during heightened regional tensions between India and Pakistan, though no link to the geopolitical situation has been confirmed. The NSE has yet to comment publicly on the situation.

A BSE spokesperson noted that the exchanges are monitoring cyber risks both domestically and internationally and that website access is now granted selectively to protect users and infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!