UK

Hackers target UK retailers with fake IT calls

British retailers are facing a new wave of cyberattacks as hackers impersonate IT help desk staff to infiltrate company systems. The National Cyber Security Centre (NCSC) has issued an urgent warning following breaches at major firms including Marks & Spencer, Co-op, and Harrods.

Attackers use sophisticated social engineering tactics—posing as locked-out employees or IT support staff—to trick individuals into giving up passwords and security details. The NCSC urges companies to strengthen how their IT help desks verify employee identities, particularly when handling password resets for senior staff.

Security experts in the UK recommend using multi-step verification methods and even code words to confirm identities over the phone. These additional layers are vital, as attackers increasingly exploit trust and human error rather than technical vulnerabilities.

While the NCSC hasn’t named any group officially, the style of attack closely resembles the methods of Scattered Spider, a loosely connected network of young, English-speaking hackers. Known for high-profile cyber incidents—including attacks on Las Vegas casinos and public transport systems—the group often coordinates via platforms like Discord and Telegram.

However, those claiming responsibility for the latest breaches deny links to Scattered Spider, calling themselves ‘DragonForce.’ Speaking to the BBC, the group claimed to have stolen significant customer and employee data from Co-op and hinted at more disruptions in the future.

The NCSC is investigating with law enforcement to determine whether DragonForce is a new player or simply a rebranded identity of the same well-known threat actors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber incident disrupts services at Marks & Spencer

Marks & Spencer has confirmed that a cyberattack has disrupted food availability in some stores and forced the temporary shutdown of online services. The company has not officially confirmed the nature of the breach, but cybersecurity experts suspect a ransomware attack.

The retailer paused clothing and home orders on its website and app after issues arose over the Easter weekend, affecting contactless payments and click-and-collect systems. M&S said it took some systems offline as a precautionary measure.

Reports have linked the incident to the hacking group Scattered Spider, although M&S has declined to comment further or provide a timeline for the resumption of online orders. The disruption has already led to minor product shortages and analysts anticipate a short-term hit to profits.

Still, M&S’s food division had been performing strongly, with grocery spending rising 14.4% year-on-year, according to Kantar. The retailer, which operates around 1,000 UK stores, earns about one-third of its non-food sales online. Shares dropped earlier in the week but closed Tuesday slightly up.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK refuses to include Online Safety Act in US trade talks

The UK government has ruled out watering down the Online Safety Act as part of any trade negotiations with the US, despite pressure from American tech giants.

Speaking to MPs on the Science, Innovation and Technology Committee, Baroness Jones of Whitchurch, the parliamentary under-secretary for online safety, stated unequivocally that the legislation was ‘not up for negotiation’.

‘There have been clear instructions from the Prime Minister,’ she said. ‘The Online Safety Act is not part of the trade deal discussions. It’s a piece of legislation — it can’t just be negotiated away.’

Reports had suggested that President Donald Trump’s administration might seek to make loosening the UK’s online safety rules a condition of a post-Brexit trade agreement, following lobbying from large US-based technology firms.

However, Baroness Jones said the legislation was well into its implementation phase and that ministers were ‘happy to reassure everybody’ that the government is sticking to it.

The Online Safety Act will require tech platforms that host user-generated content, such as social media firms, to take active steps to protect users — especially children — from harmful and illegal content.

Non-compliant companies may face fines of up to £18 million or 10% of global turnover, whichever is greater. In extreme cases, platforms could be blocked from operating in the UK.

Mark Bunting, a representative of Ofcom, which is overseeing enforcement of the new rules, said the regulator would have taken action had the legislation been in force during last summer’s riots in Southport, which were exacerbated by online misinformation.

His comments contrasted with tech firms including Meta, TikTok and X, which claimed in earlier hearings that little would have changed under the new rules.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI research project aims to improve drug-resistant epilepsy outcomes

A research collaboration between Swansea University and King’s College London has secured a prestigious Medical Research Council project grant to tackle drug-resistant epilepsy.

The project brings together clinicians, data scientists, AI specialists, and individuals with lived experience from the Epilepsy Research Institute’s Shape Network to advance understanding and treatment of the condition.

Drug-resistant epilepsy affects around 30% of the 600,000 people living with epilepsy in the UK, leading to ongoing seizures, memory issues, and mood disorders.

Researchers will use advanced natural language processing, AI, and anonymised healthcare data to better predict who will develop resistance to medications and how treatments can be prioritised.

Project lead Dr Owen Pickrell from Swansea University highlighted the unique opportunity to combine real-world clinical data with cutting-edge AI to benefit people living with the condition.

Annee Amjad from the Epilepsy Research Institute also welcomed the project, noting that it addresses several of the UK’s top research priorities for epilepsy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK introduces landmark online safety rules to protect children

The UK’s regulator, Ofcom, has unveiled new online safety rules to provide stronger protections for children, requiring platforms to adjust algorithms, implement stricter age checks, and swiftly tackle harmful content by 25 July or face hefty fines. These measures target sites hosting pornography or content promoting self-harm, suicide, and eating disorders, demanding more robust efforts to shield young users.

Ofcom chief Dame Melanie Dawes called the regulations a ‘gamechanger,’ emphasising that platforms must adapt if they wish to serve under-18s in the UK. While supporters like former Facebook safety officer Prof Victoria Baines see this as a positive step, critics argue the rules don’t go far enough, with campaigners expressing disappointment over perceived gaps, particularly in addressing encrypted private messaging.

The rules, part of the Online Safety Act pending parliamentary approval, include over 40 obligations such as clearer terms of service for children, annual risk reviews, and dedicated accountability for child safety. The NSPCC welcomed the move but urged Ofcom to tighten oversight, especially where hidden online risks remain unchecked.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake banking apps leave sellers thousands out of pocket

Scammers are using fake mobile banking apps to trick people into handing over valuable items without receiving any payment.

These apps, which convincingly mimic legitimate platforms, display false ‘successful payment’ screens in person, allowing fraudsters to walk away with goods while the money never arrives.

Victims like Anthony Rudd and John Reddock have lost thousands after being targeted while selling items through social media marketplaces. Mr Rudd handed over £1,000 worth of tools from his Salisbury workshop, only to realise the payment notification was fake.

Mr Reddock, from the UK, lost a £2,000 gold bracelet he had hoped to sell to fund a holiday for his children.

BBC West Investigations found that some of these fake apps, previously removed from the Google Play store, are now being downloaded directly from the internet onto Android phones.

The Chartered Trading Standards Institute described this scam as an emerging threat, warning that in-person fraud is growing more complex instead of fading away.

With police often unable to track down suspects, small business owners like Sebastian Liberek have been left feeling helpless after being targeted repeatedly.

He has lost hundreds of pounds to fake transfers and believes scammers will continue striking, while enforcement remains limited and platforms fail to do enough to stop the spread of fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Osney Capital invests in the UK’s cybersecurity innovation

Osney Capital has launched the UK’s first specialist cybersecurity seed fund, focused on investing in promising cybersecurity startups at the Pre-Seed and Seed stages.

The fund, which raised more than its initial £50 million target, will write cheques between £250k and £2.5 million and has the capacity for follow-on investments in Series A rounds.

Led by Adam Cragg, Josh Walter, and Paul Wilkes, the Osney Capital team brings decades of experience in cybersecurity and early-stage investing. Instead of relying on generalist investors, the fund will offer tailored support to early-stage companies, addressing the unique challenges in the cybersecurity sector.

The UK cybersecurity industry has grown to £13.2 billion in 2025, driven by complex cyber threats, regulatory pressures, and the rapid adoption of AI. The fund aims to capitalise on this growth, tapping into the strong talent pipeline boosted by UK universities and specialised cybersecurity programs.

Supported by cornerstone investments from the British Business Bank and accredited by the UK’s National Security Strategic Investment Fund, Osney Capital’s mission is to back the next generation of cybersecurity founders and help them scale globally competitive businesses.

For more information on these topics, visit diplomacy.edu.

National Crime Agency responds to AI crime warning

The National Crime Agency (NCA) has pledged to ‘closely examine’ recommendations from the Alan Turing Institute after a recent report highlighted the UK’s insufficient preparedness for AI-enabled crime.

The report, from the Centre for Emerging Technology and Security (CETaS), urges the NCA to create a task force to address AI crime within the next five years.

Despite AI-enabled crime being in its early stages, the report warns that criminals are rapidly advancing their use of AI, outpacing law enforcement’s ability to respond.

CETaS claims that UK police forces have been slow to adopt AI themselves, which could leave them vulnerable to increasingly sophisticated crimes, such as child sexual abuse, cybercrime, and fraud.

The Alan Turing Institute emphasises that although AI-specific legislation may be needed eventually, the immediate priority is for law enforcement to integrate AI into their crime-fighting efforts.

An initiative like this would involve using AI tools to combat AI-enabled crimes effectively, as fraudsters and criminals exploit AI’s potential to deceive.

While AI crime remains a relatively new phenomenon, recent examples such as the $25 million Deepfake CFO fraud show the growing threat.

The report also highlights the role of AI in phishing scams, romance fraud, and other deceptive practices, warning that future AI-driven crimes may become harder to detect as technology evolves.

For more information on these topics, visit diplomacy.edu.

Authors in London protest Meta’s copyright violations

A wave of protest has hit Meta’s London headquarters today as authors and publishing professionals gather to voice their outrage over the tech giant’s reported use of pirated books to develop AI tools.

Among the protesters are acclaimed novelists Kate Mosse and Tracy Chevalier and poet Daljit Nagra, who assembled in Granary Square near Meta’s King’s Cross office to deliver a complaint letter from the Society of Authors (SoA).

At the heart of the protest is Meta’s alleged reliance on LibGen, a so-called ‘shadow library’ known for hosting over 7.5 million books, many without the consent of their authors.

A recent searchable database published by The Atlantic revealed that thousands of copyrighted works, including those by renowned authors, may have been used to train Meta’s AI models, provoking public outcry and legal action in the US.

Vanessa Fox O’Loughlin, chair of the SoA, condemned Meta’s reported actions as ‘illegal, shocking, and utterly devastating for writers,’ arguing that such practices devalue authors’ time and creativity.

‘A book can take a year or longer to write. Meta has stolen books so that their AI can reproduce creative content, potentially putting these same authors out of business’ she said.

Meta has denied any wrongdoing, with a spokesperson stating that the company respects intellectual property rights and believes its AI training practices comply with existing laws.

Still, the damage to trust within the creative community appears significant. Author AJ West, who discovered his novels were listed on LibGen, described the experience as a personal violation:

‘I was horrified to see that my novels were on the LibGen database, and I’m disgusted by the government’s silence on the matter,’ he said, adding, ‘To have my beautiful books ripped off like this without my permission and without a penny of compensation then fed to the AI monster feels like I’ve been mugged.’

Legal action is already underway in the US, where a group of high-profile writers, including Ta-Nehisi Coates, Junot Díaz, and Sarah Silverman, have filed a lawsuit against Meta for copyright infringement.

The suit alleges that Meta CEO Mark Zuckerberg and other top executives knew that LibGen hosts pirated content when they greenlit its use for AI development.

The protest is also aimed at UK lawmakers. Authors like Richard Osman and Kazuo Ishiguro have joined the call for British officials to summon Meta executives before parliament.

The Society of Authors has launched a petition on Change.org that has already attracted over 7,000 signatures.

Demonstrators were urged to bring placards and spread their message online using hashtags like #MetaBookThieves and #MakeItFair as they rally against alleged copyright violations and for broader protection of creative work in the age of AI.

The case, one of the lots, describes the increasingly tense relationship between the tech industry, content and data policies in training AI systems, which hardly depend on the written word and the most various literature, facts, and info from the written tradition to be trained (and thus able) to respond to most various user requests and alongside be accurate in their responses.

For more information on these topics, visit diplomacy.edu.

UK government announces new cyber bill to strengthen national defences and protect critical infrastructure

The UK government has unveiled plans for a new Cyber Security and Resilience Bill aimed at enhancing the country’s ability to defend against the growing risk of cyber threats. Scheduled to be introduced later this year, the Bill forms a key part of the government’s broader strategy to protect critical national infrastructure (CNI), support economic growth, and ensure the resilience of the UK’s digital landscape.

The forthcoming legislation will focus on bolstering the cyber resilience of essential services—such as healthcare, energy, and IT providers—that underpin the economy and daily life. Around 1,000 vital service providers will be required to meet strengthened cyber security standards under the new rules. These measures are designed to safeguard supply chains and key national functions from increasingly sophisticated cyber attacks affecting both public and private sectors.

In addition, the government is considering extending cyber security regulations to over 200 data centres across the country. These centres are integral to the functioning of modern finance, e-commerce, and digital communication. By improving their security, the government hopes to safeguard services that rely heavily on data, such as online banking, shopping platforms, and social media.

If adopted, the government’s proposals include:

  • Expanding the scope of the NIS Regulations. The scope of the Network and Information Systems (NIS) Regulations would be broadened to include a wider range of organisations and suppliers. This expansion would bring data centres, Managed Service Providers (MSPs), and other critical suppliers under the regulatory framework, ensuring that more entities are held to high standards of cyber security and resilience.
  • Enhanced regulatory powers. Regulators would be equipped with additional tools to strengthen cyber resilience within the sectors they oversee. This includes new obligations for organisations to report a broader range of significant cyber incidents, enabling faster and more informed responses to emerging threats.
  • Greater Flexibility to Adapt. The government would gain increased flexibility to update the framework in line with the evolving threat landscape. This means regulations could be swiftly extended to cover new and emerging sectors, ensuring the UK remains agile in the face of dynamic cyber risks.
  • New Executive Powers for National Security. In circumstances where national security is at stake, the government would be granted new executive powers to act decisively in response to serious cyber threats.

For more information on these topics, visit diplomacy.edu.