Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
Microsoft
Bitlocker BitLocker encryption CPU CPU vulnerabilities Cyber Security Hardware Hardware Encryption Microsoft

Microsoft Introduces Hardware-Accelerated BitLocker to Boost Windows 11 Security and Performance

 

Microsoft is updating Windows 11 with hardware-accelerated BitLocker to improve both data security and system performance. The change enhances full-disk encryption by shifting cryptographic work from the CPU to dedicated hardware components within modern processors, helping systems run more efficiently while keeping data protected. 

BitLocker is Windows’ built-in encryption feature that prevents unauthorized access to stored data. During startup, it uses the Trusted Platform Module to manage encryption keys and unlock drives after verifying system integrity. While this method has been effective, Microsoft says faster storage technologies have made the performance impact of software-based encryption more noticeable, especially during demanding tasks. 

As storage speeds increase, BitLocker’s encryption overhead can slow down activities like gaming and video editing. To address this, Microsoft is offloading encryption tasks to specialized hardware within the processor that is designed for secure and high-speed cryptographic operations. This reduces reliance on the CPU and improves overall system responsiveness. 

With hardware acceleration enabled, large encryption workloads no longer heavily tax the CPU. Microsoft reports that testing showed about 70% fewer CPU cycles per input-output operation compared to software-based BitLocker, although actual gains depend on hardware configurations. 

On supported devices with NVMe drives and compatible processors, BitLocker will default to hardware-accelerated encryption using the XTS-AES-256 algorithm. This applies to automatic device encryption, manual activation, policy-based deployment, and script-driven setups, with some exceptions. 

The update also strengthens security by keeping encryption keys protected within hardware, reducing exposure to memory or CPU-based attacks. Combined with TPM protections, this moves BitLocker closer to eliminating key handling in general system memory.  

Hardware-accelerated BitLocker is available in Windows 11 version 24H2 with September updates installed and will also be included in version 25H2. Initial support is limited to Intel vPro systems with Intel Core Ultra Series 3 (Panther Lake) processors, with broader system-on-a-chip support planned. 

Users can confirm whether hardware acceleration is active by running the “manage-bde -status” command. Microsoft notes BitLocker will revert to software encryption if unsupported algorithms or key sizes are used, certain enterprise policies apply, or FIPS mode is enabled on hardware without certified cryptographic offloading.
Read more »
Threat Intelligence
Class Action Lawsuit Cyber Security Healthcare Data Theft Identity Compromise Insurance Cyberattack Network Outage Scattered Spider SSN Exposure Threat Intelligence

Personal and Health Information of 22.6 Million Aflac Clients Stolen in Cyberattack

 


At the start of 2026, a significant cybersecurity breach that was disclosed heightened awareness of digital vulnerabilities within the American insurance industry, after Aflac, one of the largest supplemental insurance providers in the country, confirmed that a sophisticated cyberattack, which took place in June 2025, compromised approximately 22.65 million individuals' personal and protected health information. 

An intrusion took place during the summer of 2025 and has since been regarded as one of the biggest healthcare-related data breaches of the year. The attack pattern of advanced cybercriminals has shifted significantly from targeted low-value sectors to high-value sectors that handle sensitive consumer data, illustrating a noticeable shift in their attack patterns towards those sectors. 

In an effort to determine who is responsible for the breach, investigators and threat analysts have attributed it to the Scattered Spider cybercriminal collective, also referred to as UNC3944, who are widely known for their evolving campaign strategies and earlier compromises targeting retailers across the United States and United Kingdom.

It has been reported that Aflac contained the incident within hours of its detection and confirmed that no ransomware payload has been deployed. However, the attackers have managed to extract a wide range of sensitive information including Social Security numbers, government-issued identification numbers, medical and insurance records, claims data from policyholders, as well as confidential information about protected health. 

Since the disclosure came to light, it has sparked rare bipartisan concern among lawmakers, triggered multiple class-action lawsuits against insurance companies, and has intensified debate about the resilience of the insurance industry when it comes to cyber security, given the large amount of data it stores and its sensitivity, making it prime targets for highly coordinated cyber attacks. 

Anflac has submitted further details regarding the scope of the information exposed as a result of the incident to the Texas and Iowa attorneys generals' offices, confirming that the compromised data includes both sensitive and non-sensitive personal identifying information of a large range of individuals. 

A company disclosure stated that the stolen records included details such as customer names, dates of birth, home addresses, passports and state identification cards, driver's licenses, Social Security numbers, along with detailed medical information and health insurance information, as well as information about the company's employees. 

According to Aflac's submission to Iowa authorities, the perpetrators may have connections with a known cybercrime organization, according to the company's submission, while noting that the attackers might have been engaged in a broader campaign against multiple insurance firms. Both the government and external cybersecurity experts have suggested that the attackers could have been engaged in this kind of campaign. 

It is important to note that Scattered Spider, an informal collective of mainly young English-speaking threat actors, has not been publicly identified as the group that is responsible for the attacks, but some cybersecurity analysts believe it is an obvious candidate based on the overlapping tactics and timing of their attacks. 

According to news outlets, Aflac did not immediately respond to requests for comment from news outlets despite the fact that it serves approximately 50 million customers. Only now is the company attempting to deal with the fallout from what could be the largest data breach in recent memory. In the midst of an intensifying cyber threat that aimed directly at the insurance sector, the breach unfolded. 

Approximately a year after Aflac disclosed the June 2025 attack, the Threat Intelligence Group of Google released a security advisory suggesting that the group, Scattered Spider, a loosely organized group of mostly young, English-speaking hackers, had switched its targeting strategy from retail companies to insurers, indicating a significant increase in the group's operational focus. 

It is important to note that during the same period, Erie Insurance as well as Philadelphia Insurance both confirmed significant network interruptions, raising concerns about a coordinated probe across the entire industry. As of July 2025, Erie has reported that business operations have been fully restored, emphasizing that internal reviews did not reveal any evidence of data loss. 

Philadelphia has also reported the recovery of their network and confirmed that they have not experienced a ransomware incident. After the Aflac breach was discovered, the company made subsequent statements stating that it had initiated a comprehensive forensic investigation within hours of discovery, engaged external cyber specialists and informed federal law enforcement agencies and relevant authorities about the breach. 

This incident, according to the insurer, affected its entire ecosystem, including its customers, beneficiaries, employees, licensed agents, and other individuals associated with that ecosystem. It was revealed that exposed records included names, contact information, insurance claims, health information, Social Security numbers, and other protected personal identifiers related to insurance claims, health claims, and health information. 

As a symbol of their rapid response, Aflac reiterated that the breach was contained within hours, data remained safe, and no ransomware payload was deployed in the process of containing the breach. It is nonetheless notable that even though these assurances have been given, the scale of the compromise has resulted in legal action. 

An ongoing class action lawsuit has already been filed in Georgia federal court in June 2025, and two similarly filed suits have been filed against Erie Insurance as a result of its own cyber incident, reflecting increasing pressures on insurers to strengthen their defenses in a sector increasingly threatened by agile and persistent cybercriminals. 

With insurers struggling to keep up with the growing threat surface of an increasingly digitalized industry, the Aflac incident provides a vital lesson for both breach response and sectoral risk exposure as insurers deal with a growing threat surface. A swift containment prevented the system from paralyzing, but the breach underscores a larger truth, which is that security is no longer a matter of scale alone. 

According to industry experts, proactive reinforcement is the key to reducing vulnerability rather than reactive repair, and firms need to put a strong emphasis on real-time threat monitoring, identity-based access controls, and multilayered encryption of policyholder information to protect themselves against threats. 

As attackers move towards socially-engineered entry points and credential-based compromises, this is especially pertinent. It is also worth mentioning that this incident has sparked discussions about mandatory breach transparency and faster consumer notification frameworks, as well as tighter regulatory alignment across the US states, which remain fragmented regarding reporting requirements. 

Analysts have noted that incidents of this magnitude, despite the absence of ransomware deployment, can have long-term reputational and financial effects that may last longer than the technical intrusion itself. Cyber resilience must go beyond firewalls because it requires the adoption of an organizational culture, vendor governance, and a proactive approach to early anomaly detection. 

In the public, the need to monitor identities and account activity remains crucial - consumers should remain vigilant over identity monitoring. Although the breach of insurance security seems to have been contained, it still has a lasting impact on the insurance sector, which has become more cautious and prepared in the future.
Read more »
South Korea
Cyber Security Data Breach Shinhan Card South Korea

Shinhan Card Probes Internal Data Leak Affecting About 190,000 Merchants

 

Shinhan Card, South Korea’s largest credit card issuer, said on December 23 that personal data linked to about 190,000 merchant representatives was improperly accessed and shared by employees over a three year period, highlighting ongoing concerns around internal data controls in the country’s financial sector. 

The company said roughly 192,000 records were leaked between March 2022 and May 2025. The exposed information included names, mobile phone numbers, dates of birth and gender details of franchise owners. 

Shinhan Card said no resident registration numbers, card details or bank account information were involved and that the incident did not affect general customers. According to the company, the breach was uncovered after a whistleblower submitted evidence to South Korea’s Personal Information Protection Commission, prompting an investigation. 

Shinhan Card began an internal review after receiving a request for information from the regulator in mid November. Investigators found that 12 employees across regional branches in the Chungcheong and Jeolla areas had taken screenshots or photos of merchant data and shared them via mobile messaging apps with external sales agents. 

The information was allegedly used to solicit new card applications from recently registered merchants, including restaurants and pharmacies. Shinhan Card said verifying the scale of the leak took several weeks because the data was spread across more than 2,200 image files containing about 280,000 merchant entries in varying formats. 

Each file had to be checked against internal systems to confirm what information was exposed. Chief Executive Park Chang hoon issued a public apology, saying the leak was caused by unauthorized employee actions rather than a cyberattack. 

He said the company had blocked further access, completed internal audits and strengthened access controls. Shinhan Card said the employees involved would be held accountable. The company added that affected merchants are being notified individually and can check their status through an online portal. 

It said compensation would be provided if any damage is confirmed. The incident adds to a series of internal data misuse cases in South Korea’s financial industry. Regulators said they are assessing whether the breach violates national data protection laws and what penalties may apply. 

The Financial Supervisory Service said it has so far found no evidence that credit information was leaked but will continue to monitor the case. 

Analysts say the Shinhan Card case underscores the growing risk posed by insider misuse as financial institutions expand digital services and data driven operations, putting renewed focus on employee oversight and internal governance.
Read more »
Red Hat
big data Cyber Security Data Breach Nissan Red Hat

Nissan Says Customer Data Exposed After Breach at Red Hat Systems

 

Nissan Motor Co Ltd said that personal information of thousands of customers was exposed following a cyber breach at Red Hat, the US based software company it had engaged to develop customer management systems. 

The Japanese automaker said it was notified by Red Hat in early October that unauthorized access to a server had resulted in data leakage. The affected system was part of a Red Hat Consulting managed GitLab environment used for development work. 

Nissan said the breach involved customer information linked to Nissan Fukuoka Sales Co Ltd. About 21,000 customers who purchased vehicles or received services in Fukuoka, Japan were affected. 

The exposed data included customer names, physical addresses, phone numbers, email addresses and other information used in sales and service operations. Nissan said no credit card or payment information was compromised. 

“Nissan Motor Co Ltd received a report from Red Hat that unauthorized access to its data servers had resulted in information being leaked,” the company said in a statement.

It added that it has no evidence the data has been misused. Red Hat acknowledged earlier that an attacker had accessed and copied data from a private GitLab instance, affecting multiple organisations. 

The breach was disclosed publicly in early October after threat actors claimed to have stolen hundreds of gigabytes of data from tens of thousands of private repositories. The intrusion was initially claimed by a group calling itself Crimson Collective. 

Samples of the stolen data were later published by another cybercrime group, ShinyHunters, as part of an extortion effort. Neither Nissan nor Red Hat has publicly attributed the breach to a specific actor. 

Nissan said the compromised Red Hat environment did not store any additional Nissan data beyond what has already been confirmed. The company said it has informed affected customers and advised them to remain alert for suspicious emails, calls or messages that could exploit the leaked information. 

Cybersecurity experts say such data can be used for social engineering attacks, including phishing and impersonation scams, even if financial details are not exposed. The incident adds to a series of cybersecurity issues involving Nissan. 

In late August, a Qilin ransomware attack affected its design subsidiary Creative Box Inc in Japan. Last year, Nissan North America disclosed a breach impacting about 53,000 employees, while an Akira ransomware attack exposed data of roughly 100,000 customers at Nissan Oceania. 

The Red Hat breach has renewed concerns about supply chain security, where compromises at technology vendors can have cascading effects on downstream clients. Nissan said it continues to review its security controls and coordination with third party providers following the incident.
Read more »
Cyber Security
AI in robotics AI Techniques Automation Automotive British transport China Cyber Security

Chinese Robotaxis May Launch UK Trials in 2026 as Uber and Lyft Partner With Baidu

 

Chinese autonomous taxis could begin operating on UK roads by 2026 after Uber and Lyft announced plans to partner with Chinese technology company Baidu to trial driverless vehicles in London. Both companies are seeking government approval to test Baidu’s Apollo Go robotaxis, a move that could mark an important step in the UK’s adoption of self-driving transport. 

Baidu’s Apollo Go service already operates in several cities, mainly in China, where it has completed millions of passenger journeys without a human driver. If approved, the UK trials would represent the first large-scale use of Chinese-developed robotaxis in Europe, placing London among key global hubs working toward autonomous mobility. 

The UK government has welcomed the development. Transport secretary Heidi Alexander said the announcement supports Britain’s plans for self-driving vehicles and confirmed that the government is preparing to allow autonomous cars to carry passengers under a pilot scheme starting in spring. The Department for Transport is developing regulations to enable small autonomous taxi- and bus-style services from 2026, with an emphasis on responsible and safe deployment. 

Uber has said it plans to begin UK driverless car trials as regulations evolve, partnering with Baidu to help position Britain as a leader in future transport while offering Londoners another travel option. Lyft has also expressed interest, stating that London could become the first European city to host Baidu’s Apollo Go vehicles as part of a broader agreement covering the UK and Germany.  

Despite enthusiasm from companies and policymakers, regulatory approval remains a major challenge. Lyft chief executive David Risher said that, if approved, testing could begin in London in 2026 with a small fleet of robotaxis, eventually scaling to hundreds. Experts caution, however, that autonomous transport systems cannot expand as quickly as other digital technologies.  

Jack Stilgoe, professor of science and technology policy at University College London, warned that moving from limited trials to a fully operational transport system is complex. He stressed the importance of addressing safety, governance, and public trust before autonomous taxis can become widely used. 

Public scepticism remains strong. A YouGov poll in October found that nearly 60 percent of UK respondents would not ride in a driverless taxi under any circumstances, while 85 percent would prefer a human-driven cab if price and convenience were the same. Ongoing reports of autonomous vehicle errors, traffic disruptions, and service suspensions have added to concerns. Critics also warn that poorly regulated robotaxis could worsen congestion, undermining London’s efforts to reduce city-centre traffic.
Read more »
Urban Infrastructure Risk
Anti-Jamming Tech Cyber Security GPS Resilience Military Encryption Multi-Constellation Navigation NAVIC Satellite Security Signal Interference Urban Infrastructure Risk

Inside China’s Urban Navigation Blackout and the Lessons for India


 

The administrative capital of Jiangsu Province and the eastern Chinese city of Nanjing, home to nearly 10 million people, briefly lost its digital compass on Wednesday when the city experienced an unprecedented six-hour satellite navigation outage that temporarily stalled traffic at the city's airport. 

It is official that local authorities are pointing out that the sudden disruption is a result of a systemic anomaly, and that it has disabled positioning services based on both the US's Global Positioning System and China's domestic BeiDou network, as well as applications that depend on the parallel BeiDou-linked BeiDou Navigation Satellite System. 

During the period of the blackout, essential urban services such as navigation and ride-hailing platforms were seriously disrupted, logistics coordination was compromised, food delivery operations were hampered, commercial drone activity was disrupted, along with many other systems reliant on real-time geospatial accuracy in real-time. 

Almost six hours ago, Nanjing's streets and airspace were without dependable satellite guidance for close to six hours, revealing the deep connection between navigation infrastructure and everyday transportation as well as the commercial ecosystem, as well as the vulnerability of densely networked cities when the core positioning frameworks fail to function properly. 

Several regional tech monitors confirmed later that not only did the outage stall consumer applications, but also the coordinated drone operations came to a halt, affecting the algorithms used to match drivers to passengers, and causing significant delays with last-mile delivery networks. In an era where navigation data has become just as essential to city functionality as electricity and telecommunications, urban resilience is becoming increasingly a concern. 

Interesting Engineering notes that the disruption, which is cited by a technology briefing, impacted civilian navigation services that were operated through the U.S. Global Positioning System, as well as China's BeiDou satellite network. The disruption temporarily shook the city's digital infrastructure to its core. Location-based platforms encountered widespread operational failures as satellite signal reception was compromised. 

A number of ride-hailing networks reported a significant reduction in activity during the outage window, with bookings decreasing by close to 60 percent, whereas food delivery services complained of delays in the range of 40 percent, affecting last-mile logistics to an extremely high degree.

The public mobility systems were similarly destabilised; bike-sharing platforms came out as the most severely affected, with users reporting severe errors in their geolocation, placing bicycles 35 miles away from their actual locations, making fleet tracking and rental unreliable for those bikes. 

A preliminary assessment of mobile network faults was ruled out, but subsequent confirmation from the Nanjing Satellite Application Industry Association indicated that the outage resulted from "temporary interference and signal pressure" on GPS and BeiDou civilian frequencies, resulting in devices being unable to obtain stable satellite-derived positional data as a result. 

The authorities failed to reveal the origin or intent of the interference, which in turn strengthened public speculation that the event might have been linked to the heightened security protocols surrounding a sensitive engagement that was not disclosed. In the aftermath of the interference conditions and stabilization of satellite reception, navigation functionality was incrementally restored to normal after six hours. 

Analysts noted that the incident revealed the structural differences between the two systems' signal designs BeiDou, unlike its counterpart, uses a physical separation of the military and civilian frequency bands, shielding defence-grade signals with layers of encryption and anti-jamming measures. The GPS system, on the other hand, transmits both military and civilian signals over shared carrier frequencies while preserving functional separation through discrete encryption and spectral modulation. 

Strategic technology assessors have interpreted the simultaneous disruption of civilian signals to be a deliberate outcome of overlapped frequency compatibility, noting that interference with one system's civilian band would inherently negatively affect GPS-based services, as well as other systems. 

A number of experts describe this interoperability as a strategic deterrent mechanism that raises the costs associated with targeted jamming, which bolsters the resilience of civilian networks. This also creates the opportunity for a mutual-impact dynamic that complicates malicious interference scenarios. 

Upon the stabilisation of signal reception, navigation services were gradually restored, however, experts were prompted to question the routine-glitch narrative presented in initial statements in light of the dual impact on both GPS and China's BeiDou network. 

There was a strong indication that the outage was orchestrated to occur at the same time, an experience that was difficult to explain by a standard technical problem, highlighting how deeply satellite positioning has become woven into the urban service delivery system, mobility, and commercial operations in recent years. 

There is a growing understanding among strategic analysts that this incident represents an example of cross-system vulnerability in the real world, noting that interference targeting one civilian signal band can cascade across other constellations operating on adjacent frequencies or overlapping among them. 

Throughout the year, the discussion immediately grew beyond China's borders and resonated with countries such as India, where transport networks, supply chains, emergency response frameworks, aerial operations, and app-driven businesses rely on uninterrupted access to geospatial information. 

Indian navigation is a diverse mix of technologies, which include GPS, Russia's GLONASS, the European Union's Galileo network, Chinese BeiDou, and Indian own satellite system, NAVIC. This system provides reliable positioning coverage within a 1,500 kilometre operational radius of the country's borders, providing the country with reliable position monitoring services. 

The majority of technology and defense experts believe that resilience is rooted in redundancy, advocating devices that can draw signals from multiple constellations, the use of offline navigation tools such as maps that are pre-downloaded, and the integration of terrestrial alternative positioning systems in commercial fleets, unmanned systems, and modern vehicles, such as cellular tower triangulations and local or carrier-based positioning modules. 

During prolonged escalations in regional security, NAVIC, in particular, has been cited as a strategic buffer, allowing a fallback layer that can be deployed as a sovereign fallback when external threats arise, thereby reducing the dependence on external systems. Satellite navigation is often treated as an invisible infrastructure, but the Nanjing episode demonstrated that even temporarily, if it fails — even temporarily — a modern city is unmoored. 

As a result, positioning networks play a geopolitical role in a region where navigation resilience is no longer a technical luxury, but rather a strategic necessity, and highlighting the urgency of long-term preparedness has never been more apparent. There are a lot of things that are left behind from the Nanjing navigation blackout, but not because of the length of time it was, but rather because of the fact that satellite positioning is not merely a background utility anymore, but rather a strategic artery that powers commerce, mobility, airspace management, and urban planning. 

As geopolitical tensions are increasingly intersecting with civilian technology, the fragility of location infrastructure has gained global attention. There is no easy answer to this question, but for nations such as India, which already operates its own regional constellation alongside multiple global systems, the incident reinforces the importance of funds continuing to be spent on sovereign signal hardening, receiver diversification, and terrestrial positioning options. 

Rather than relying on a single system choice in the future, experts say that future resilience will be enhanced through system layering in which satellite guidance is augmented by pre-cached intelligence, such as offline routing databases, hybrid receivers with a built-in artificial intelligence that can identify anomalies before they arise, and reroute services as needed before disruptions occur. 

Furthermore, policy advisers recommend that national simulation drills be conducted to stress-test airports, logistic grids, and emergency networks against coordinated signal interference. Even though the outage disrupted a single city, the lessons learned from it apply to the whole region: preparing long before the signal fades can be most effective when the outage occurs. There is an increased need in a world that charts its future based on coordinates. This has made continuity a national asset in itself.
Read more »
Open AI
AI Models AI Systems AI technology AI tools ChatGPT China Cyber Security Open AI

Chinese Open AI Models Rival US Systems and Reshape Global Adoption

 

Chinese artificial intelligence models have rapidly narrowed the gap with leading US systems, reshaping the global AI landscape. Once considered followers, Chinese developers are now producing large language models that rival American counterparts in both performance and adoption. At the same time, China has taken a lead in model openness, a factor that is increasingly shaping how AI spreads worldwide. 

This shift coincides with a change in strategy among major US firms. OpenAI, which initially emphasized transparency, moved toward a more closed and proprietary approach from 2022 onward. As access to US-developed models became more restricted, Chinese companies and research institutions expanded the availability of open-weight alternatives. A recent report from Stanford University’s Human-Centered AI Institute argues that AI leadership today depends not only on proprietary breakthroughs but also on reach, adoption, and the global influence of open models. 

According to the report, Chinese models such as Alibaba’s Qwen family and systems from DeepSeek now perform at near state-of-the-art levels across major benchmarks. Researchers found these models to be statistically comparable to Anthropic’s Claude family and increasingly close to the most advanced offerings from OpenAI and Google. Independent indices, including LMArena and the Epoch Capabilities Index, show steady convergence rather than a clear performance divide between Chinese and US models. 

Adoption trends further highlight this shift. Chinese models now dominate downstream usage on platforms such as Hugging Face, where developers share and adapt AI systems. By September 2025, Chinese fine-tuned or derivative models accounted for more than 60 percent of new releases on the platform. During the same period, Alibaba’s Qwen surpassed Meta’s Llama family to become the most downloaded large language model ecosystem, indicating strong global uptake beyond research settings. 

This momentum is reinforced by a broader diffusion effect. As Meta reduces its role as a primary open-source AI provider and moves closer to a closed model, Chinese firms are filling the gap with freely available, high-performing systems. Stanford researchers note that developers in low- and middle-income countries are particularly likely to adopt Chinese models as an affordable alternative to building AI infrastructure from scratch. However, adoption is not limited to emerging markets, as US companies are also increasingly integrating Chinese open-weight models into products and workflows. 

Paradoxically, US export restrictions limiting China’s access to advanced chips may have accelerated this progress. Constrained hardware access forced Chinese labs to focus on efficiency, resulting in models that deliver competitive performance with fewer resources. Researchers argue that this discipline has translated into meaningful technological gains. 

Openness has played a critical role. While open-weight models do not disclose full training datasets, they offer significantly more flexibility than closed APIs. Chinese firms have begun releasing models under permissive licenses such as Apache 2.0 and MIT, allowing broad use and modification. Even companies that once favored proprietary approaches, including Baidu, have reversed course by releasing model weights. 

Despite these advances, risks remain. Open-weight access does not fully resolve concerns about state influence, and many users rely on hosted services where data may fall under Chinese jurisdiction. Safety is another concern, as some evaluations suggest Chinese models may be more susceptible to jailbreaking than US counterparts. 

Even with these caveats, the broader trend is clear. As performance converges and openness drives adoption, the dominance of US commercial AI providers is no longer assured. The Stanford report suggests China’s role in global AI will continue to expand, potentially reshaping access, governance, and reliance on artificial intelligence worldwide.
Read more »
Internet Shutdowns
AI regulation Cyber Security Digital Privacy Facial Recognition Internet Shutdowns

2026 Digital Frontiers: AI Deregulation to Surveillance Surge

 

Digital technology is rapidly redrawing the boundaries of politics, business and daily life, and 2026 looks set to intensify that disruption—from AI-driven services and hyper-surveillance to new forms of protest organised on social platforms. Experts warn that governments and companies will find it increasingly difficult to balance innovation with safeguards for privacy and vulnerable communities as investment in AI accelerates and its social side-effects become harder to ignore.

One key battleground is regulation. Policymakers are tugged between pressures to “future-proof” oversight and demands from large technology firms to loosen restrictions that could slow development. In Europe, the European Commission is expected to ease parts of its year-old privacy and AI framework, including allowing firms to use personal data to train AI models under “legitimate interest” without seeking consent.

In the United States, President Donald Trump is considering an executive order that could pre-empt state AI laws—an approach aimed at reducing legal friction for Big Tech. The deregulatory push comes alongside rising scrutiny of AI harms, including lawsuits involving OpenAI and claims linked to mental health outcomes.

At the same time, countries are experimenting with tougher rules for children online. Australia has introduced fines of up to A$49.5 million for platforms that fail to take reasonable steps to block under-16 users, a move applied across major social networks and video services, and later extended to AI chatbots. France is also pushing for a European ban on social media for children under 15, while Britain’s Online Safety Act has introduced stringent age requirements for major platforms and pornography sites—though critics argue age checks can expand data collection and may isolate vulnerable young people from support communities.

Another frontier is civic unrest and the digital tools surrounding it. Social media helped catalyse youth-led protests in 2025, including movements that toppled governments in Nepal and Madagascar, and analysts expect Gen Z uprisings to continue in response to corruption, inequality and joblessness. Governments, meanwhile, are increasingly turning to internet shutdowns to suppress mobilisation, with recent examples cited in Tanzania, Afghanistan and Myanmar.

Beyond politics, border control is going digital. Britain plans to use AI to speed asylum decisions and deploy facial age estimation technology, alongside proposals for digital IDs for workers, while Trump has expanded surveillance tools tied to immigration enforcement. Finally, the climate cost of “AI everything” is rising: data centres powering generative AI consume vast energy and water, with Google reporting 6.1 billion gallons of water used by its data centres in 2023 and projections that US data centres could reach up to 9% of national electricity use by 2030.
Read more »
zero Day vulnerability
Cisco Cyber Security Data Theft Pornhub United States zero Day vulnerability

This Week in Cybersecurity: User Data Theft, AI-Driven Fraud, and System Vulnerabilities

 



This week surfaced several developments that accentuate how cyber threats continue to affect individuals, corporations, and governments across the globe.

In the United States, federal records indicate that Customs and Border Protection is expanding its use of small surveillance drones, shifting from limited testing to routine deployment. These unmanned systems are expected to significantly widen the agency’s monitoring capabilities, with some operations extending beyond physical U.S. borders. At the same time, Immigration and Customs Enforcement is preparing to roll out a new cybersecurity contract that would increase digital monitoring of its workforce. This move aligns with broader government efforts to tighten internal controls amid growing concerns about leaks and internal opposition.

On the criminal front, a major data extortion case has emerged involving user records linked to PornHub, one of the world’s most visited adult platforms. A hacking group associated with a broader online collective claims to have obtained hundreds of millions of data entries tied to paid users. The stolen material reportedly includes account-linked browsing activity and email addresses. The company has stated that the data appears to originate from a third-party analytics service it previously relied on, meaning the exposed records may be several years old. While sensitive financial credentials were not reported as part of the breach, the attackers have allegedly attempted to pressure the company through extortion demands, raising concerns about how behavioral data can be weaponized even years after collection.

Geopolitical tensions also spilled into cyberspace this week. Venezuela’s state oil firm reported a cyber incident affecting its administrative systems, occurring shortly after U.S. authorities seized an oil tanker carrying Venezuelan crude. Officials in Caracas accused Washington of being behind the intrusion, framing it as part of a broader campaign targeting the country’s energy sector. Although the company said oil production continued, external reporting suggests that internal systems were temporarily disabled and shipping operations were disrupted. The U.S. government has not publicly accepted responsibility, and no independently verified technical evidence has been released.

In enterprise security, Cisco disclosed an actively exploited zero-day vulnerability affecting certain email security products used by organizations worldwide. Researchers confirmed that attackers had been abusing the flaw for weeks before public disclosure. The weakness exists within a specific email filtering feature and can allow unauthorized access under certain configurations. Cisco has not yet issued a patch but has advised customers to disable affected components as a temporary safeguard while remediation efforts continue.

Separately, two employees from cybersecurity firms admitted guilt in a ransomware operation, highlighting insider risk within the security industry itself. Court records show that the individuals used their professional expertise to carry out extortion attacks, including one case that resulted in a seven-figure ransom payment.

Together, these incidents reflect the expanding scope of cyber risk, spanning personal data privacy, national infrastructure, corporate security, and insider threats. Staying informed, verifying claims, and maintaining updated defenses remain essential in an increasingly complex digital environment.


Read more »
Hacking Group
Amazon Cloud Cloud Defense Cloud Device Cyber Campaigns Cyber Security GRU Hacking Attack Hacking Group

Amazon Links Five-Year Cloud Cyber Campaign to Russia’s Sandworm Group

 

Amazon is talking about a hacking problem that has been going on for a long time. This problem was targeting customers who use cloud services in countries. Amazon says that a group called Sandworm, which is linked to Russias intelligence is behind this hacking. Amazons team that looks at threats found out that this hacking has been happening for five years. The hackers were looking for weaknesses in how customers set up their devices than trying to find problems with the software. They were exploiting these weaknesses to get into customer environments. 

Amazon and the customers were using cloud services. The hackers were targeting these cloud-connected environments. The hacking group Sandworm is the one that Amazon says is responsible, for this activity. The people at Amazon looked at this problem in December. Amazons chief information security officer, CJ Moses said that this is a change in how some groups try to get into important systems. CJ Moses said that these groups are not trying to get in by using software that has not been updated. 

Instead they are looking at devices that are connected to the cloud and are not set up correctly. These devices are how they get into the organizations they are trying to attack. CJ Moses and the people, at Amazon think that this is a way that state-sponsored actors are trying to get into critical infrastructure. The devices that are connected to the cloud are the way that these actors get into the systems they are trying to attack. 

The cyberattacks were different from others. The systems that were compromised were not old or missing security updates. The people who did the attack found problems with the equipment that helps connect things, like gateways and devices that sit at the edge of networks. These devices had been set up incorrectly by the customers who used them. This equipment is usually between the networks of a company and the cloud services they use outside. 

So it gave the attackers a way to get into the rest of the system without needing to find brand weaknesses or use very complicated bad software at the start. The attackers used these edge devices as a kind of bridge to get into the system. They were able to do this because the devices were not set up correctly by the customers. The cyberattacks were able to happen because of this mistake. It made it easier for the attackers to get into the system. The compromised systems, including the routing equipment and gateways were the key, to the attack. 

The bad people got into the system. They were able to get important information like passwords. Then they were able to move to different cloud services and the internal system. Amazon looked at this. They think that the bad people were able to hide what they were doing by making it look like normal activity on the network. This made it harder to catch them. The bad people used passwords and normal paths, on the network so they did not trip any alarms. This meant that the security people did not notice them because they were not doing anything that seemed out of the ordinary. 

The Sandworm activity was seen times over a few years with signs of it going back to at least 2021. The people behind this campaign were going after targets all around the world. They were especially interested in organizations that do important work like those that deal with critical infrastructure. Amazon found out that the people behind the Sandworm activity were really focused on energy companies, in North America and Europe. This shows that the Sandworm activity was a thoughtful and planned operation and that is what makes it so serious the Sandworm activity is a big deal. 

Security specialists looked at the results. They think this is part of a bigger pattern with advanced threat actors. What is happening is that people are taking advantage of mistakes in how thingsre set up rather than looking for things that need to be updated. As organizations start to use hybrid and cloud-based systems this is becoming a bigger problem. Even people who are very good at IT can miss mistakes in how thingsre set up and this can leave them open, to attacks all the time. Security specialists and these advanced threat actors know that they can take advantage of these mistakes without setting off the warnings that something is wrong. 

Advanced threat actors are using these mistakes to get in. Amazons disclosure is a warning that having cloud security is not just about doing the usual updates. Companies that use cloud and hybrid environments for work need to do more. They need to make sure everything is set up correctly always check for problems with devices that are connected to the internet and limit who can get into the system. These things are very important, for security. Amazons cloud security is an example of this. Cloud security requires a lot of work to keep it safe. 

In a separate disclosure, Amazon also acknowledged detecting attempts by North Korean operators to conduct large-scale cyber activity, though this was unrelated to the Sandworm campaign. The company later clarified that the Russian-linked operation targeted customer-managed devices hosted on AWS rather than Amazon’s own infrastructure, and that the activity represented sustained targeting over several years rather than uninterrupted access.
Read more »
Zohran Mamdani
Cyber Security Flipper Zero new York City Raspberry Pi United States Zohran Mamdani

NYC Inauguration Security Policy Draws Attention for Targeting Specific Tech Tools

 



New York City’s official guidelines for the 2026 mayoral inauguration of Zohran Mamdani include an unusual restriction: attendees are not permitted to bring Flipper Zero devices or Raspberry Pi computers to the event. The prohibition appears in the event’s publicly released FAQ, which outlines items considered unsuitable for entry due to safety and security concerns.

The restricted items list largely follows standard event security practices. Objects such as weapons, fireworks, drones, large bags, strollers, bicycles, alcohol, illegal substances, laser pointers, and blunt instruments are all prohibited. However, the explicit naming of two specific technology products has drawn attention, as most other entries are described in broad categories rather than by product name.

The Flipper Zero is a compact electronic device designed for learning and testing wireless communication systems. It can interact with technologies such as RFID cards, NFC tags, infrared signals, Bluetooth, and other radio-based protocols. These capabilities make it popular among cybersecurity researchers, developers, and students who use it to study how digital systems communicate and identify weaknesses in controlled environments.

Raspberry Pi, on the other hand, is a small and affordable single-board computer that runs full operating systems, most commonly Linux. It is widely used for educational purposes, programming practice, home automation, and prototyping technical projects. With additional accessories, a Raspberry Pi can perform many of the same functions as a traditional computer.

What has raised questions among technology professionals is the selective nature of the ban. While these two devices are specifically listed, laptops and smartphones are not mentioned as restricted items. This distinction has caused confusion, as modern phones and computers can run advanced security tools, wireless analysis software, and penetration-testing platforms with significantly greater processing power.

Devices like the Flipper Zero have previously been the subject of public concern and regulatory attention in several regions. Authorities and lawmakers have, at times, expressed fears that such tools could be misused for activities such as unauthorized access to vehicles, payment systems, or wireless networks. In response, some retailers have temporarily removed listings, and certain governments have proposed restrictions. However, many of these measures were later reversed, and the devices remain legal to own and use in most countries, including the United States.

Security experts note that the risk associated with a device often depends more on intent and usage than on the hardware itself. Tools designed for learning and testing can be misused, but the same is true for everyday consumer electronics. As a result, critics argue that banning specific products without addressing broader technical capabilities may reflect a limited understanding of modern technology.

Event organizers have not yet provided a public explanation for why the Flipper Zero and Raspberry Pi were singled out. Until further clarification is issued, the decision continues to prompt discussion about how cybersecurity concerns are interpreted in public safety planning and whether naming individual devices is an effective approach to risk management.



Read more »
Password Security
Account security Account Takeover Compromised Passwords Credential stealing Cyber Security Cyberattacks data security Password Security

Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025

 

As the year 2025 comes to an end people are still talking about a problem with cybersecurity. This problem is really big. It is still causing trouble. A lot of passwords and login credentials were exposed. We are talking about 16 billion of them. People first found out about this problem earlier, in the year.. The problem is not going away. Experts who know about security say that these passwords and credentials are being used again in cyberattacks. So the problem is not something that happened a time ago it is still something that is happening now with the cybersecurity incident and the exposure of these 16 billion passwords and login credentials. 

The big problem is that people who do bad things on the internet use something called credential stuffing attacks. This is when they try to log in to lots of websites using usernames and passwords that they got from somewhere else. They do this because lots of people use the password for lots of different things. So even if the bad people got the passwords a time ago they can still use them to get into accounts. If people did not change their passwords after the bad people got them then their accounts are still not safe today. Credential stuffing attacks are a deal because of this. Credential stuffing attacks can get into accounts if the passwords are not changed. 

Recently people who keep an eye on these things have noticed that there has been a lot credential stuffing going on towards the end of the year. The people who study this stuff saw an increase in automated attempts to log in to virtual private network platforms. Some of these platforms were seeing millions of attempts to authenticate over short periods of time. Credential stuffing attacks, like these use computers to try a lot of things quickly rather than trying to find new ways to exploit software vulnerabilities. This just goes to show that credential stuffing can be very effective because it only needs a list of credentials that have been compromised to get around the security defenses of private network platforms and credential stuffing is a big problem. 

The thing about this threat is that it just will not go away. We know this because the police found hundreds of millions of stolen passwords on devices that belonged to one person. People in charge of security say that this shows how long passwords can be used by people after they have been stolen. When passwords get out they often get passed from one person to another which means they can still be used for a time after they were first stolen. This is the case, with stolen passwords. Password reuse is a problem. People use the password for lots of things like their personal stuff, work and bank accounts. 

This is not an idea because if someone gets into one of your accounts they can get into all of them. That means they can do a lot of damage like steal your money use your identity or get your information. Password reuse is a risk factor and it makes it easy for bad people to take over all of your accounts. Security professionals say that when you take action to defend yourself is very important. If you wait until something bad happens or your account is compromised it can cause a lot of damage. You should take steps before anything bad happens. 

For example you should check the databases that list breached information to see if your credentials are exposed. This is an important thing to do to stay safe. If you can you should stop using passwords and start using stronger ways to authenticate, like passkeys. Security professionals think that passkeys are a safer way to do things and they can really reduce the risk of something bad happening to your Security. Checking for exposed credentials and using passkeys are ways to defend yourself and stay safe from people who might try to hurt you or your Security. When we talk about accounts that still use passwords experts say we should use password managers. 

These managers help us create and store passwords for each service. This way if someone gets one of our passwords they cannot use it to get into our accounts. Password managers make sure we have strong passwords for each service so if one password is leaked it does not affect our other accounts. 

Experts, like password managers because they help keep our accounts safe by making sure each one has a password. The scale of the 16 billion credential leak serves as a reminder that cybersecurity incidents do not end when headlines fade. Compromised passwords retain their threat value for months or even years, and ongoing vigilance remains essential. 

As attackers continue to exploit old data in new ways, timely action by users remains one of the most effective defenses against account takeover and identity-related cybercrime.
Read more »
US Security
ByteDance Sale Cyber Security Data Privacy TikTok Deal TikTok Investors US Security

TikTok US Deal: ByteDance Sells Majority Stake Amid Security Fears

 


TikTok’s Chinese parent company, ByteDance, has finalized a landmark deal with US investors to restructure its operations in America, aiming to address longstanding national security concerns and regulatory pressures. The agreement, signed in late December 2025, will see a consortium of American investors take a controlling stake in TikTok’s US business, effectively separating it from ByteDance’s direct management. This move comes after years of scrutiny by US lawmakers, who have raised alarms about data privacy and potential foreign influence through the popular social media platform.

Under the new arrangement, TikTok US will operate as an independent entity, with its own board and leadership team. The investors involved are said to include major US financial firms and technology executives, signaling strong confidence in the platform’s future growth prospects. The deal is expected to preserve TikTok’s core features and user experience for its more than 170 million American users, while ensuring compliance with US data protection laws and national security standards.

Critics and privacy advocates have welcomed the move as a step toward greater transparency and accountability, but some remain skeptical about whether the separation will be deep enough to truly mitigate risks. National security experts argue that as long as ByteDance retains any indirect influence or access to user data, the underlying concerns may persist. 

US regulators have indicated they will continue to monitor the situation closely, with potential further oversight measures possible in the coming months.The deal is also expected to impact TikTok’s global expansion strategy. With its US operations now under American control, TikTok may find it easier to negotiate partnerships and investments in other Western markets where similar regulatory hurdles exist. However, challenges remain, especially in regions where geopolitical tensions could complicate business operations.

For users, the immediate effect is likely to be minimal. TikTok’s content, features, and community guidelines are expected to remain unchanged in the short term. Over the longer term, the separation could lead to new product innovations and business models tailored specifically to the US market. The deal marks a significant shift in the global tech landscape, reflecting the growing importance of data sovereignty and regulatory compliance in the digital age.
Read more »
data sovereignty
Aerospace Cloud Cloud Security Corporate Security cyber resilience Cyber Security data security data sovereignty

Airbus Signals Shift Toward European Sovereign Cloud to Reduce Reliance on US Tech Giants

 

Airbus, the aerospace manufacturer in Europe is getting ready to depend less on big American technology companies like Google and Microsoft. The company wants to rethink how and where it does its important digital work. 

Airbus is going to put out a request for companies to help it move its most critical systems to a European cloud that is controlled by Europeans. This is a change in how Airbus handles its digital infrastructure. Airbus is doing this to have control over its digital work. The company wants to use a cloud, for its mission-critical systems. Airbus uses a lot of services from Google and Microsoft. The company has a setup that includes big data centers and tools like Google Workspace that help people work together. 

Airbus also uses software from Microsoft to handle money matters.. When it comes to very secret and military documents these are not allowed to be stored in public cloud environments. This is because Airbus wants to be in control of its data and does not want to worry about rules and regulations. Airbus has had these concerns for a time. 

The company wants to make sure it can keep its information safe. Airbus is careful, about where it stores its documents, especially the ones that are related to the military. The company is now looking at moving its applications from its own premises to the cloud. This includes things like systems for planning and managing the business platforms for running the factories tools for managing customer relationships and software for managing the life cycle of products which's where the designs for the aircraft are kept. 

These systems are really important to Airbus because they hold a lot of information and are used to run the business. So it is very important to think about where they are hosted. The people in charge have said that the information, in these systems is a matter of European security, which means the systems need to be kept in Europe. Airbus needs to make sure that the cloud infrastructure it uses is controlled by companies. The company wants to keep its aircraft design data safe and secure which is why it is looking for a solution that meets European security standards. 

European companies are getting really worried about being in control of their digital stuff. This is a deal for them especially now that people are talking about how different the rules are in Europe and the United States. Some big American companies like Microsoft, Google and Amazon Web Services are trying to make European companies feel better by offering services that deal with these worries.. European companies are still not sure if they can really trust these American companies. 

The main reason they are worried is because of a law in the United States called the US CLOUD Act. This law lets American authorities ask companies for access to data even if that data is stored in other countries. European companies do not like this because they think it means American authorities have much power over their digital sovereignty. Digital sovereignty is a concern for European companies and they want to make sure they have control, over their own digital stuff. 

For organizations that deal with sensitive information related to industry, defense or the government this set of laws is a big problem. Digital sovereignty is about a country or region being in charge of its digital systems the way it handles data and who gets to access that data. This means that the laws of that country decide how information is taken care of and protected. The way Airbus is doing things shows that Europe, as a whole is trying to make sure its cloud operations follow the laws and priorities of the region. European organizations and Europe are working on sovereignty and cloud operations to keep their information safe. 

People are worried about the CLOUD Act. This is because of things that happened in court before. Microsoft said in a court in France that it cannot promise to keep people from the United States government getting their data. This is true even if the data is stored in Europe. Microsoft said it has not had to give the United States government any data from customers yet.. The company admitted that it does have to follow the law. 

This shows that companies, like Microsoft that are based in the United States and provide cloud services have to deal with some legal problems. The CLOUD Act is a part of these problems. Airbus’ reported move toward a sovereign European cloud underscores a growing shift among major enterprises that view digital infrastructure not just as a technical choice, but as a matter of strategic autonomy. 

As geopolitical tensions and regulatory scrutiny increase, decisions about where data lives and who ultimately controls access to it are becoming central to corporate risk management and long-term resilience.
Read more »
Unauthorized Surveillance
Airspace Cyber Risk Critical Component Ban Cyber Security Data Exfiltration Threat FCC Covered List Homeland Network Protection Supply Chain Risk UAS Regulation Unauthorized Surveillance

FCC Rules Out Foreign Drone Components to Protect National Networks

 


A decisive step in federal oversight on unmanned aerial technology has been taken by the United States Federal Communications Commission, in a move that is aimed at escalating federal control over unmanned aerial technology. Specifically, the FCC has prohibited the sale of newly manufactured foreign drones and their essential hardware components in the United States, citing the necessity for national security. 

According to the FCC's regulatory action, which was revealed on Monday, drone manufacturers such as DJI and Autel, as well as other overseas drone manufacturers, have been placed on the FCC's "Covered List," which means that they cannot obtain the agency's mandatory authorization to sell, market, or market new drone models and critical parts to consumers.

The decision follows a directive issued by the U.S. Congress in December 2024, which required DJI and Autel to go on the list within a year of being notified if the government did not validate the continued sale of these systems under government monitoring. 

A ban on foreign drone systems and components has been imposed by the Federal Communications Commission without approval as it indicates that there are perceived risks associated with them-especially those originating from Chinese manufacturers-that are incompatible with the security thresholds established to protect U.S. technology infrastructure and communication networks, as well as the security standards in place to obtain such clearances, which are incompatible with the security thresholds. 

The decision adds unmanned aerial technology to the Federal Communications Commission's "Covered List", which is a list of technologies that cannot be imported or sold commercially in the United States for the sake of safety reasons. DJI and other foreign drone manufacturers will not be able to obtain the equipment authorization required for importing and selling drones. 

A statement issued by the agency on Monday emphasized the security rationale for its decision, stating that the ban is meant to mitigate risk associated with potential drone disruption, unauthorized surveillance operations, data extraction, and other airborne threats that could threaten the nation's infrastructure. 

In spite of the fact that the rule does not impact the current drone ecosystem in the country in any significant way, the rule does not seem to have any significant impact on it. During the Commission's meeting, it was clarified that the restrictions were only affecting future product approvals and were not affecting drones or drone components currently being sold in the United States; thus, previously authorized drone models still remain operational and legal in operation. 

Neither the FCC nor the FCC's spokesperson have responded to media inquiries regarding whether such actions are being contemplated, and the agency has not indicated any immediate plans to revoke past approvals or to impose retroactive prohibitions. 

For now, the regulatory scope remains forward-looking, leaving thousands of unmanned aircraft, manufactured by foreign companies, already deployed in the commercial, civilian, and industrial sectors, unaffected by this ruling. Though drones manufactured by foreign companies which were previously authorized to be purchased and sold can still be owned and sold, the FCC has incorporated critical parts into the scope of the ban, causing new uncertainty regarding long-term maintenance, repair, and supply chain security. 

The industry observers warn that replacement batteries, controllers, sensors, and other components that are crucial to the operation of drone fleets will become more difficult to source in the future as well as more expensive, thus potentially threatening operational uptime for these drones. 

A strong opposition has been raised within the U.S. commercial drone industry, which is composed of almost 500,000 FAA-licensed pilots, who are dependent on imported aircraft for a variety of day-to-day business functions including mapping, surveys, inspections of infrastructure, agricultural monitoring, and assistance in emergency situations. 8,000 commercial pilots were surveyed by the Pilot Institute last year, according to the Wall Street Journal, and 43 percent expect the ban to have an “extremely negative” impact on their companies, or even end the businesses altogether. 

This further emphasizes the concerns that this policy could have as disruptive an economic impact as its security motivations are preventative, reinforcing concerns about its economic impacts. In anticipation of the ruling, a number of operators had already begun stockpiling drones and spare parts, which was indicative of the market's expectation that procurement bottlenecks would soon take place. 

It is clear that the level of foreign dependency is profound, as evidenced by DJI, the Shenzhen-based drone manufacturer, which alone accounts for 70 to 90 percent of the commercial, government, and consumer drone market in the United States. 

A common example of this type of reliance is in the geospatial data industry, where firms like Spexi, whose headquarters is based in Vancouver, deploy large freelance pilot networks to scan regions looking for maps and mapping intelligence. 

According to CEO Bill Lakeland of Spexi, their pilots primarily operate DJI aircraft, such as the widely used DJI Mini series, and acknowledge the company's dependence on imported hardware. He stated that the company's operations have been mostly "reliant on the DJI Minis" however he did confirm that the company is in the process of exploring diversification strategies, as well as developing proprietary hardware solutions in the future. 

Although there are significant costs associated with domestically manufactured drones, resulting in firms like Spexi deciding to build their own alternatives despite the engineering and financial overhead entailed by such a move, cost is a significant barrier. This is a factor that is driving firms like Spexi to consider building their own alternatives. 

In Lin's words, “The U.S. should correct its erroneous practices and protect Chinese businesses by providing them an environment that is fair, just, and non-discriminatory,” this is a confirmation of Beijing’s view that exclusion is more appropriate than risk-based regulation. Accordingly, the recent dispute mirrors previous actions taken by the FCC, in which the FCC has previously added several Chinese enterprises to the same Covered List due to similar security concerns, effectively preventing those firms from getting federal equipment authorizations. 

However, there has been an air of unease around Chinese-manufactured drones since long before the current regulatory wave of legislation was instituted. The U.S. Army has banned the use of DJI drones since 2017 because it believes that there are cyber security vulnerabilities posed to operational risks. 

In that same year, the Department of Homeland Security circulated an internal advisory warning that Chinese-built unmanned aerial systems may be transmitting sensitive data such as flight logs and geolocations back to the manufacturers. Before Congress and federal agencies began formalizing import controls, there was a growing concern about cross-border data exposure. 

The FCC explained the rationale behind its sweeping drone restrictions in detail, pointing out that unmanned aerial systems and their associated components manufactured overseas are extremely vulnerable to being exploited by the federal government. This includes data transmission modules, communication systems, flight controllers, ground control stations, navigation units, batteries, and smart power systems. 

Various techniques, including persistent surveillance, unauthorized extraction of sensitive data, and even destructive actions within the U.S., can be manipulated to facilitate such activities. Nevertheless, the agency indicated that specific drones or parts of drones made by foreign nations could be exempted from the ban if the Department of Homeland Security deemed them to not pose such risks, underlining that the restrictions are not blanket exclusions but rather are based on assessed security vulnerabilities. 

A new rule passed by the FCC today also preserves continuity for current owners as well as the retail sector. Consumers can continue to use drones that have already been purchased, and authorized retailers are still eligible to sell, import, and market the models that have been approved by the Government in the current year. 

A regulatory development that follows a larger national security policy development is a result of President Donald Trump signing the National Defense Authorization Act for Fiscal Year 2026 last week, which included enhanced measures intended to protect the nation's airspace from unmanned aircraft that pose a threat to public safety or critical infrastructure. 

There have been prior moves taken by the FCC to tighten technological controls, and this latest move is reminiscent of those prior to it. Earlier this year, the agency announced that it had expanded its "Covered List" to include Russian cybersecurity firm Kaspersky, effectively barring the company from offering its software directly or indirectly to Americans on the basis of the same concerns over data integrity and national security. 

This decision of the FCC is one of the most significant regulatory interventions that have ever been made in the U.S. drone industry, reinforcing a broader federal strategy that continues to connect supply-chain sovereignty, aviation security, and communications infrastructure.

However, while the ban has been limited to future approvals, it has caused a significant shift in the policy environment where market access is now highly dependent on geopolitical risk assessments, hardware traceability, and data governance transparency, among other things. 

A critical point that industry analysts point out is that these rulings may accelerate domestic innovation by incentivizing domestic manufacturers to expand production, increase cost efficiencies, and strengthen standards for cybersecurity at component levels. 

Additionally, commercial operators are advised to prepare for short-term constraints by reevaluating their vendor reliance, maintaining maintenance inventories where technically viable, and optimizing modular platforms to facilitate interoperability between manufacturers should they arise in the near future. 

During the same time, policymakers may have to balance national security and economic continuity, making sure safeguards don't unintentionally obstruct critical services such as disaster response, infrastructure monitoring, and geospatial intelligence in the process. As a result of the ruling, the world's largest commercial UAS market could be transformed into a revolutionary one, defining a new way for drones to be built, approved, deployed, and secured.
Read more »
Government attacks
Cyber Security Cyberattacks cybersecurity risks Data Breaches Data Theft Digital Risk Digital Security Government attacks

A Year of Unprecedented Cybersecurity Incidents Redefined Global Risk in 2025

 

The year 2025 marked a turning point in the global cybersecurity landscape, with the scale, frequency, and impact of attacks surpassing anything seen before. Across governments, enterprises, and critical infrastructure, breaches were no longer isolated technical failures but events with lasting economic, political, and social consequences. The year served as a stark reminder that digital systems underpinning modern life remain deeply vulnerable to both state-backed and financially motivated actors. 

Government systems emerged as some of the most heavily targeted environments. In the United States, multiple federal agencies suffered intrusions throughout the year, including departments responsible for financial oversight and national security. Exploited software vulnerabilities enabled attackers to gain access to sensitive systems, while foreign threat actors were reported to have siphoned sealed judicial records from court filing platforms. The most damaging episode involved widespread unauthorized access to federal databases, resulting in what experts described as the largest exposure of U.S. government data to date. Legal analysts warned that violations of established security protocols could carry long-term legal and national security ramifications. 

The private sector faced equally severe challenges, particularly from organized ransomware and extortion groups. One of the most disruptive campaigns involved attackers exploiting a previously unknown flaw in widely used enterprise business software. By silently accessing systems months before detection, the group extracted vast quantities of sensitive employee and executive data from organizations across education, healthcare, media, and corporate sectors. When victims were finally alerted, many were confronted with ransom demands accompanied by proof of stolen personal information, highlighting the growing sophistication of data-driven extortion tactics. 

Cloud ecosystems also proved to be a major point of exposure. A series of downstream breaches at technology service providers resulted in the theft of approximately one billion records stored within enterprise cloud platforms. By compromising vendors with privileged access, attackers were able to reach data belonging to some of the world’s largest technology companies. The stolen information was later advertised on leak sites, with new victims continuing to surface long after the initial disclosures, underscoring the cascading risks of interconnected software supply chains. 

In the United Kingdom, cyberattacks moved beyond data theft and into large-scale operational disruption. Retailers experienced outages and customer data losses that temporarily crippled supply chains. The most economically damaging incident struck a major automotive manufacturer, halting production for months and triggering financial distress across its supplier network. The economic fallout was so severe that government intervention was required to stabilize the workforce and prevent wider industrial collapse, signaling how cyber incidents can now pose systemic economic threats. 

Asia was not spared from escalating cyber risk. South Korea experienced near-monthly breaches affecting telecom providers, technology firms, and online retail platforms. Tens of millions of citizens had personal data exposed due to prolonged undetected intrusions and inadequate data protection practices. In one of the year’s most consequential incidents, a major retailer suffered months of unauthorized data extraction before discovery, ultimately leading to executive resignations and public scrutiny over corporate accountability. 

Collectively, the events of 2025 demonstrated that cybersecurity failures now carry consequences far beyond IT departments. Disruption, rather than data theft alone, has become a powerful weapon, forcing governments and organizations worldwide to reassess resilience, accountability, and the true cost of digital insecurity.
Read more »
Subscribe to: Comments (Atom)