Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
Malwares
Cyber Security GootLoader Malicious Codes Malicious Files Malware attacks Malwares

GootLoader Malware Uses Malformed ZIP Archives to Evade Detection

 

A fresh tactic has emerged among cybercriminals using GootLoader, a JavaScript-driven malware installer. Instead of standard compression, they now distribute broken ZIP files designed to slip past digital defenses. These flawed archives exploit differences across decompression programs - some fail to process them, others do so partially. This mismatch lets malicious code stay concealed during scans yet run normally when opened by users. Findings detailed by Expel show that inconsistent parsing logic in software plays right into attacker hands. Hidden scripts activate only when handled by specific tools found on typical machines. 

Starting with a strange structure, these harmful ZIP files combine around 500 to 1,000 smaller archives into one large package. Because of this layered setup, standard programs like WinRAR or 7-Zip cannot properly read them - tools often relied on during malware checks. Due to the confusion they create, automatic detection systems frequently skip examining what's inside. Yet, when opened through Windows’ own built-in decompression feature, the file works without issue. 

That smooth operation lets victims unknowingly unpack dangerous content. Since 2020, GootLoader has maintained a presence among cyber threats, primarily spreading via manipulated search results and deceptive online ads. People looking for official forms or corporate paperwork may unknowingly land on hacked WordPress sites offering infected files. These corrupted archives, once opened, trigger the payload delivery mechanism embedded within the software. Acting as a gateway tool, it paves the way for additional harmful programs - ransomware being one frequent outcome. 

The chain of infection begins quietly, escalating quickly under the radar. By late 2025, Expel researchers noticed subtle upgrades, showing how the attack method keeps shifting. Instead of just stacking archives, hackers shorten key metadata inside ZIP structures - especially tampering with the end of central directory entries. That tweak triggers failures in numerous analysis programs, yet files still open in Windows Explorer. 

Inside the package, unimportant sections get scrambled too, throwing off predictable reading patterns and making automated inspection harder. Researchers refer to this method as "hashbusting," delivering a distinct ZIP file to each target. Every time someone downloads it, differences in the archive's layout and data prevent standard hash checks from working. Even the JavaScript inside changes form with each instance. Detection systems relying on repeated patterns struggle as a result. 

 What makes the delivery hard to catch lies in its method. Rather than sending a typical ZIP archive, attackers transmit the malicious code as an XOR-encrypted flow of data, rebuilt only after reaching the target's browser. It grows by adding copies of itself over and over, expanding until it meets a specific volume - this skirts detection meant for compressed files. After launch, the script runs using built-in Windows tools, skipping any need to unpack completely, so the attack unfolds without drawing attention. 

Once active, it stays on the machine by placing shortcuts into the Windows Startup directory - then triggers further scripts through native utilities like cscript or PowerShell. From there, data collection begins: details about the system get pulled and sent back to distant servers that control the attack, setting up what comes next without delay. 

Although often overlooked, limiting access to built-in tools such as wscript.exe helps block common attack paths. Instead of running scripts automatically, setting systems to display code in basic viewers adds another layer of protection. As seen with GootLoader’s shifts over time, attackers now twist everyday OS functions into stealthy weapons, staying active even when defenses improve.
Read more »
URL
Artificial Intelligence Cyber Security Data Exfiltration Microsoft Copilot Reprompt URL

Security Researchers Warn of ‘Reprompt’ Flaw That Turns AI Assistants Into Silent Data Leaks

 



Cybersecurity researchers have revealed a newly identified attack technique that shows how artificial intelligence chatbots can be manipulated to leak sensitive information with minimal user involvement. The method, known as Reprompt, demonstrates how attackers could extract data from AI assistants such as Microsoft Copilot through a single click on a legitimate-looking link, while bypassing standard enterprise security protections.

According to researchers, the attack requires no malicious software, plugins, or continued interaction. Once a user clicks the link, the attacker can retain control of the chatbot session even if the chat window is closed, allowing information to be quietly transmitted without the user’s awareness.

The issue was disclosed responsibly, and Microsoft has since addressed the vulnerability. The company confirmed that enterprise users of Microsoft 365 Copilot are not affected.

At a technical level, Reprompt relies on a chain of design weaknesses. Attackers first embed instructions into a Copilot web link using a standard query parameter. These instructions are crafted to bypass safeguards that are designed to prevent direct data exposure by exploiting the fact that certain protections apply only to the initial request. From there, the attacker can trigger a continuous exchange between Copilot and an external server, enabling hidden and ongoing data extraction.

In a realistic scenario, a target might receive an email containing what appears to be a legitimate Copilot link. Clicking it would cause Copilot to execute instructions embedded in the URL. The attacker could then repeatedly issue follow-up commands remotely, prompting the chatbot to summarize recently accessed files, infer personal details, or reveal contextual information. Because these later instructions are delivered dynamically, it becomes difficult to determine what data is being accessed by examining the original prompt alone.

Researchers note that this effectively turns Copilot into an invisible channel for data exfiltration, without requiring user-entered prompts, extensions, or system connectors. The underlying issue reflects a broader limitation in large language models: their inability to reliably distinguish between trusted user instructions and commands embedded in untrusted data, enabling indirect prompt injection attacks.

The Reprompt disclosure coincides with the identification of multiple other techniques targeting AI-powered tools. Some attacks exploit chatbot connections to third-party applications, enabling zero-interaction data leaks or long-term persistence by injecting instructions into AI memory. Others abuse confirmation prompts, turning human oversight mechanisms into attack vectors, particularly in development environments.

Researchers have also shown how hidden instructions can be planted in shared documents, calendar invites, or emails to extract corporate data, and how AI browsers can be manipulated to bypass built-in prompt injection defenses. Beyond software, hardware-level risks have been identified, where attackers with server access may infer sensitive information by observing timing patterns in machine learning accelerators.

Additional findings include abuses of trusted AI communication protocols to drain computing resources, trigger hidden tool actions, or inject persistent behavior, as well as spreadsheet-based attacks that generate unsafe formulas capable of exporting user data. In some cases, attackers could manipulate AI development platforms to alter spending controls or leak access credentials, enabling stealthy financial abuse.

Taken together, the research underlines that prompt injection remains a persistent and evolving risk. Experts recommend layered security defenses, limiting AI privileges, and restricting access to sensitive systems. Users are also advised to avoid clicking unsolicited AI-related links and to be cautious about sharing personal or confidential information in chatbot conversations.

As AI systems gain broader access to corporate data and greater autonomy, researchers warn that the potential impact of a single vulnerability increases substantially, underscoring the need for careful deployment, continuous monitoring, and ongoing security research.


Read more »
Websites
Credit Card Cyber Security Financial Data Web Skimming Websites

Ongoing Web Skimming Operation Quietly Harvests Payment Data From Online Stores

 



Cybersecurity analysts have identified a sophisticated web skimming operation that has been running continuously since early 2022, silently targeting online checkout systems. The campaign focuses on stealing payment card information and is believed to affect businesses that rely on globally used card networks.

Web skimming is a type of cyberattack where criminals tamper with legitimate shopping websites rather than attacking customers directly. By inserting malicious code into payment pages, attackers are able to intercept sensitive information at the exact moment a customer attempts to complete a purchase. Because the website itself appears normal, victims are usually unaware their data has been compromised.

This technique is commonly associated with Magecart-style attacks. While Magecart initially referred to groups exploiting Magento-based websites, the term now broadly describes any client-side attack that captures payment data through infected checkout pages across multiple platforms.

The operation was uncovered during an investigation into a suspicious domain hosting malicious scripts. This domain was linked to infrastructure previously associated with a bulletproof hosting provider that had faced international sanctions. Researchers found that the attackers were using this domain to distribute heavily concealed JavaScript files that were loaded directly by e-commerce websites.

Once active, the malicious script continuously monitors user activity on the payment page. It is programmed to detect whether a website administrator is currently logged in by checking for specific indicators commonly found on WordPress sites. If such indicators are present, the script automatically deletes itself, reducing the risk of detection during maintenance or inspection.

The attack becomes particularly deceptive when certain payment options are selected. In these cases, the malicious code creates a fake payment form that visually replaces the legitimate one. Customers unknowingly enter their card number, expiration date, and security code into this fraudulent interface. After the information is captured, the website displays a generic payment error, making it appear as though the transaction failed due to a simple mistake.

In addition to financial data, the attackers collect personal details such as names, contact numbers, email addresses, and delivery information. This data is sent to an external server controlled by the attackers using standard web communication methods. Once the transfer is complete, the fake form is removed, the real payment form is restored, and the script marks the victim as already compromised to avoid repeating the attack.

Researchers noted that the operation reflects an advanced understanding of website behavior, especially within WordPress-based environments. By exploiting both technical features and user trust, the attackers have managed to sustain this campaign for years without drawing widespread attention.

This discovery reinforces the importance of continuous website monitoring and script validation for businesses, as well as cautious online shopping practices for consumers.

Read more »
Organization security
Corporate Cyber Security data security EOCC Organization security

EOCC Hit by Security Breach Due to Contractor's Unauthorised Access


The Equal Employment Opportunity Commission (EOCC) was hit by an internal security data breach that happened last year. The incident involved a contractor's employees exploiting sensitive data in an agency's systems. 

About the breach

The breach happened in EEOC's Public Portal system where unauthorized access of agency data may have disclosed personal data in logs given to agency by the public. “Staff employed by the contractor, who had privileged access to EEOC systems, were able to handle data in an unauthorized (UA) and prohibited manner in early 2025,” reads the EEOC email notification sent by data security office. 

The email said that the review suggested personally identifiable information (PII) may have been leaked, depending on the individual. The exposed information may contain names, contact and other data. The review of is still ongoing while EOCC works with the law enforcement. 

EOCC has asked individuals to review their financial accounts for any malicious activity and has also asked portal users to reset their passwords. 

Contracting data indicates that EEOC had a contract with Opexus, a company that provides case management software solutions to the federal government.

 Prevention measures 

Open spokesperson confirmed this and said EEOC and Opex “took immediate action when we learned of this activity, and we continue to support investigative and law enforcement efforts into these individuals’ conduct, which is under active prosecution in the Federal Court of the Eastern District of Virginia.” 

Talking about the role of employees in the breach, the spokesperson added that “While the individuals responsible met applicable seven-year background check requirements consistent with prevailing government and industry standards at the time of hire, this incident made clear that personnel screening alone is not sufficient." 

The second Trump administration's efforts to prevent claimed “illegal discrimination” driven by diversity, equity, and inclusion programs, which over the past year have been examined and demolished at almost every level of the federal government, centre on the EEOC. 

Large private companies all throughout the nation have been affected by the developments. In an X post this month, EEOC chairwoman Andrea Lucas asked white men if they had experienced racial or sexual discrimination at work and urged them to report their experiences to the organization "as soon as possible.”

Read more »
Malware Threat
AsyncRAT AsyncRAT attack Cloudfare Cyber Phishing Cyber Security Cyberattacks cybersecurity risks Malware Threat

AsyncRAT Campaign Abuses Cloudflare Services to Hide Malware Operations

 

Cybercriminals distributing the AsyncRAT remote access trojan are exploiting Cloudflare’s free-tier services and TryCloudflare tunneling domains to conceal malicious infrastructure behind widely trusted platforms. By hosting WebDAV servers through Cloudflare, attackers are able to mask command-and-control activity, making detection significantly more difficult for conventional security tools that often whitelist Cloudflare traffic. 

The campaign typically begins with phishing emails that contain Dropbox links. These links deliver files using double extensions, such as .pdf.url, which are designed to mislead recipients into believing they are opening legitimate documents. When the files are opened, victims unknowingly download multi-stage scripts from TryCloudflare domains. At the same time, a genuine PDF document is displayed to reduce suspicion and delay user awareness of malicious activity. 

A notable aspect of this operation is the attackers’ use of legitimate software sources. The malware chain includes downloading official Python distributions directly from Python.org. Once installed, a full Python environment is set up on the compromised system. This environment is then leveraged to execute advanced code injection techniques, specifically targeting the Windows explorer.exe process, allowing the malware to run stealthily within a trusted system component. 

To maintain long-term access, the attackers rely on multiple persistence mechanisms. These include placing scripts such as ahke.bat and olsm.bat in Windows startup folders so they automatically execute when a user logs in. The campaign also uses WebDAV mounting to sustain communication with command-and-control servers hosted through Cloudflare tunnels. 

The threat actors heavily employ so-called “living-off-the-land” techniques, abusing built-in Windows tools such as PowerShell, Windows Script Host, and other native utilities. By blending malicious behavior with legitimate system operations, the attackers further complicate detection and analysis, as their activity closely resembles normal administrative actions. 

According to research cited by Trend Micro, the use of Cloudflare’s infrastructure creates a significant blind spot for many security solutions. Domains containing “trycloudflare.com” often appear trustworthy, allowing AsyncRAT payloads to be delivered without triggering immediate alerts. This abuse of reputable services highlights how attackers increasingly rely on legitimate platforms to scale operations and evade defenses. 

Security researchers warn that although known malicious repositories and infrastructure may be taken down, similar campaigns are likely to reappear using new domains and delivery methods. Monitoring WebDAV connections, scrutinizing traffic involving TryCloudflare domains, and closely analyzing phishing attachments remain critical steps in identifying and mitigating AsyncRAT infections.
Read more »
Sensitive data
AI Agent ai application Cyber Security LangChain Sensitive data

LangChain Security Issue Puts AI Application Data at Risk

 



A critical security vulnerability has been identified in LangChain’s core library that could allow attackers to extract sensitive system data from artificial intelligence applications. The flaw, tracked as CVE-2025-68664, affects how the framework processes and reconstructs internal data, creating serious risks for organizations relying on AI-driven workflows.

LangChain is a widely adopted framework used to build applications powered by large language models, including chatbots, automation tools, and AI agents. Due to its extensive use across the AI ecosystem, security weaknesses within its core components can have widespread consequences.

The issue stems from how LangChain handles serialization and deserialization. These processes convert data into a transferable format and then rebuild it for use by the application. In this case, two core functions failed to properly safeguard user-controlled data that included a reserved internal marker used by LangChain to identify trusted objects. As a result, untrusted input could be mistakenly treated as legitimate system data.

This weakness becomes particularly dangerous when AI-generated outputs or manipulated prompts influence metadata fields used during logging, event streaming, or caching. When such data passes through repeated serialization and deserialization cycles, the system may unknowingly reconstruct malicious objects. This behavior falls under a known security category involving unsafe deserialization and has been rated critical, with a severity score of 9.3.

In practical terms, attackers could craft inputs that cause AI agents to leak environment variables, which often store highly sensitive information such as access tokens, API keys, and internal configuration secrets. In more advanced scenarios, specific approved components could be abused to transmit this data outward, including through unauthorized network requests. Certain templating features may further increase risk if invoked after unsafe deserialization, potentially opening paths toward code execution.

The vulnerability was discovered during security reviews focused on AI trust boundaries, where the researcher traced how untrusted data moved through internal processing paths. After responsible disclosure in early December 2025, the LangChain team acknowledged the issue and released security updates later that month.

The patched versions introduce stricter handling of internal object markers and disable automatic resolution of environment secrets by default, a feature that was previously enabled and contributed to the exposure risk. Developers are strongly advised to upgrade immediately and review related dependencies that interact with LangChain-core.

Security experts stress that AI outputs should always be treated as untrusted input. Organizations are urged to audit logging, streaming, and caching mechanisms, limit deserialization wherever possible, and avoid exposing secrets unless inputs are fully validated. A similar vulnerability identified in LangChain’s JavaScript ecosystem accentuates broader security challenges as AI frameworks become more interconnected.

As AI adoption accelerates, maintaining strict data boundaries and secure design practices is essential to protecting both systems and users from newly developing threats.

Read more »
malicious PDF files
Anti Malwares Confidential Data Confidential Information Cyber Security data security Malicious PDF Attachment malicious PDF files

Epstein Files Redaction Failure Exposes Risks of Improper PDF Sanitization

 

The United States Department of Justice recently released a new set of documents related to the Jeffrey Epstein investigation, drawing widespread attention after it emerged that some redacted information could be easily uncovered. On December 22, the department published more than 11,000 documents as part of the latest Epstein files release. Although many of the records contained blacked-out sections, some individuals were able to reveal hidden content using a simple, well-known technique. As a result, information intended to remain confidential became publicly accessible. 

Shortly after the release, political commentator and journalist Brian Krassenstein demonstrated on social media how the redactions could be bypassed. By highlighting the obscured areas in certain PDF files and copying the text into another document, the concealed information became visible. This incident highlighted a common issue with PDF redaction, where text is often visually covered rather than permanently removed from the file. In such cases, the underlying data remains embedded in the document despite appearing hidden.  

Security experts explain that PDF files often contain multiple layers of information. When redaction is performed by placing a black box over text instead of deleting it, the original content can still be extracted. Copying and pasting from these files may expose sensitive details. Specialists at Redactable, a company focused on AI-powered redaction tools, have warned that many users underestimate how complex proper PDF sanitization can be. They emphasize the importance of verifying documents before sharing them publicly to ensure sensitive information has been fully removed. 

The situation has raised concerns because U.S. government agencies have long had guidance on secure document redaction. As early as 2005, the National Security Agency published detailed instructions on how to safely sanitize documents before public release. In 2010, the Department of Homeland Security issued reminders stressing the importance of following these procedures. The apparent failure to apply such guidance to the Epstein files has prompted questions about internal review processes and potential security implications. 

This is not the first time redaction failures have exposed sensitive information. Legal experts and journalists have documented multiple high-profile cases involving court filings, media publications, and federal documents where hidden text was revealed using the same copy-and-paste method. The recurrence of these incidents suggests that improper PDF redaction remains a persistent and unresolved problem. 

Beyond the exposure of sensitive content, cybersecurity researchers have also warned about the risks of downloading Epstein-related documents from unofficial sources. Past investigations found that some distributed files were embedded with malware. Threat actors often exploit high-profile events to spread malicious content disguised as legitimate documents, particularly in trusted formats such as PDFs. Researchers at Zimperium’s zLabs team have reported an increase in PDF-based malware and phishing campaigns. Attackers favor PDFs because they appear credible, are widely used in professional settings, and can bypass some security defenses. 

These malicious files are often designed to mimic trusted organizations and target both desktop and mobile users. Experts advise accessing sensitive documents only from official sources and following proper sanitization practices before publication. Software providers such as Adobe recommend using dedicated redaction tools to permanently remove both visible and hidden data. The Epstein files incident underscores that visual redaction alone is insufficient and that improper handling of PDFs can pose serious security and privacy risks.
Read more »
Dark Web
Cloud Defense Cyber Security Cybersecurity CyberThreat Dark Web

NtKiller Tool Boasts AV/EDR Evasion on Dark Web

 

A threat actor dubbed AlphaGhoul has now begun to push NtKiller-a perilous tool-on the dark web forums, claiming it silently kills antivirus software and bypasses endpoint detection and response systems. As a malware loader, this tool targets popular security products such as Microsoft Defender, ESET, Kaspersky, Bitdefender, and Trend Micro. This puts organizations relying on traditional security in great danger. Its announcement consolidates the escalating commercialization of evasion tools in the underground. 

NtKiller has a modular pricing system; the base price is $500, while the inclusion of rootkit capabilities or UAC bypass would be an additional $300 each, demonstrating the refinement of cybercriminal sales. KrakenLabs researchers witnessed early-boot persistence, embedding the tool within a system at an early stage of boot time, which is long before most security monitors have become active. This mechanism complicates the work of security teams for detection and removal. 

Beyond basic process killing, NtKiller boasts HVCI disabling, VBS manipulation, and memory integrity bypasses among other advanced evasion tactics. Anti-debugging and anti-analysis protections thwart forensic examination and create a gap between hype and proven performance. The silent UAC bypass escalates privileges with no user prompts, its menace amplified when combined with rootkits for persistent, surreptitious access. 

While the claims target enterprise EDR in aggressive modes, independent verification is lacking, and caution should be exercised when reviewing true efficacy. Such tools pose a more significant challenge to organizations because they take advantage of timing and stealth over signature-based defenses. That makes behavioral detection necessary in the security stacks to help with mitigating these threats.

Cybersecurity professionals recommend vigilance, layered defense, and active monitoring as a way of mitigating tools such as NtKiller in these increasing dark web threats. As cybercriminals continue to improve evasion techniques, it requires moving the advantage beyond simple reliance on traditional antivirus. This incident has highlighted the need for timely threat intelligence within enterprise security strategies.
Read more »
North Korean Agents
Amazon Security Cyber Security Hiring scams AI Screening North Korean Agents

Amazon Thwarts 1,800+ North Korean Job Scams with AI and Tiny Clues

 

Amazon's chief security officer, Stephen Schmidt, revealed how the company blocked over 1,800 suspected North Korean operatives from securing remote IT jobs since April 2024. These agents aimed to funnel salaries back to Pyongyang's weapons programs, bypassing sanctions through stolen identities and sophisticated tactics. Amazon detected a 27% quarter-over-quarter rise in such applications in 2025, using AI screening combined with human verification to spot subtle red flags.

North Korean operatives have evolved their strategies, targeting high-demand AI and machine-learning roles at U.S. firms. They hijack dormant LinkedIn profiles, pay legitimate engineers for credential access, or impersonate real software developers to build credible online presences. Educational claims often shift—from East Asian universities to no-tax U.S. states, and lately California or New York schools—frequently listing degrees from institutions without the claimed majors or mismatched graduation dates.

Amazon's defense relies on AI models scanning nearly 200 high-risk institutions, résumé anomalies, and geographic mismatches, followed by rigorous background checks and interviews. Human reviewers caught one operative via keystroke delays from a remotely controlled U.S. laptop in a "laptop farm"—facilities where locals receive company hardware but allow overseas access. Phone number formatting stands out too: fraudsters use "+1" prefixes uncommon among actual U.S. residents.

These "laptop farms" maintain a domestic IP footprint while operatives work from abroad, evading location checks. U.S. authorities have cracked down, sentencing an Arizona woman to over eight years in July 2025 for running farms that netted $17 million for North Koreans across 300+ firms. Schmidt warns this threat scales industry-wide, urging multi-stage identity checks and device monitoring.

Schmidt calls on employers to analyze HR data for patterns in emails, IPs, and universities, then report suspicions to the FBI. As remote work persists, these small details—pieced together—form a critical barrier against regimes turning corporate payrolls into sanction-busting revenue streams. Sharing tactics, he says, strengthens collective defenses in cybersecurity.
Read more »
state-backed cyberattacks
AI-Driven Cyber Threats Cyber Defense Investments Cyber Security Japan National Security Public-Private Cyber Cooperation state-backed cyberattacks

Japan Prioritizes Cyber Resilience in Latest National Security Push


During the years 2026, Japan positioned economic strategy and security readiness as deeply intertwined priorities, emphasizing national resilience as a core priority. This package of comprehensive economic measures was approved by the Japanese government in November 2025 for a cost of 21.3 trillion yen, one of the most expansive economic policy responses in recent years. 

Three core pillars of the plan aimed at enhancing long-term national security and everyday stability were outlined as the plan's three key components: strengthening the security of citizens and dealing with rising price pressures; accelerating strategic investments so as to make the country more resilient to future crises and to drive sustainable growth, and increasing the capacity of the country's diplomatic and defense systems. 

Prime Minister Sanae Takaichi has designated cybersecurity as a strategic investment domain within the second pillar of the government, aligned with other national-critical sectors, such as semiconductors, quantum computing technology, shipbuilding, space exploration, critical communications infrastructure, vital minerals, and the development of advanced information and communication technologies. 

Among other things, this declaration marked the beginning of a decisive shift towards treating cyber defense as a fundamental part of Japan's economic and geopolitical resilience, rather than only as a technical safeguard. By doing so, the government underscored their intention to channel their investment into bolstering digital infrastructure to withstand an intensifying threat environment worldwide. 

A new inter-agency cyber response architecture has been introduced by Japan as part of its updated national cybersecurity doctrine in order to improve internal security, defense oversight, and the readiness of the military in times of high severity cyber attacks.

There is a new strategy being developed that aims to establish an operational framework enabling real-time collaboration between national law enforcement authorities, the Ministry of Defense, and the Japan Self-Defence Forces. This will allow for an effective and swift response to cyber intrusions that threaten the security of the nation or disrupt critical infrastructure faster and more effectively. 

In partnership with the Department of Homeland Security, the initiative aims to provide an automated response to cyber threats in the context of a rapidly evolving digital threat landscape, one that has transformed cyber operations from isolated incidents to strategic instruments deployed by actors aligned with state interests. China, Russia, and North Korea are categorically listed as major national threats in the policy document. 

It notes that cyber campaigns attributed to these countries have sexed, become increasingly sophisticated, and targeted with a marked increase in the scale, sophistication, and precision of their attacks on critical infrastructure and public agencies. 

A Japanese government official has also voiced an explicit warning about the possibility of artificial intelligence being misused as an attack enabler for the first time, warning that AI-assisted cyber operations pose a new class of risks that may increase systemic damage and accelerate intrusion timelines. 

According to reports by Japan's security agencies, there has been a consistent increase in ransomware offensives, financial cyber fraud, and large-scale data breaches in recent years, which have aligned with this evolving security outlook. 

Cybercrime has had significant economic consequences — the government estimates indicate that online banking fraud losses exceeded 8.7 billion yen in 2023 alone, highlighting the dual burden of digital attacks that threaten both national stability and economic security at the same time. 

The Japanese government is signaling a strategic recalibration by integrating cybersecurity into the National Defense operations, which will result in cyber resilience becoming a core component of security rather than a parallel support function that can be provided.

There is a clear emphasis placed on technological modernization and workforce readiness, in Japan's latest cybersecurity roadmap. It has been pledged that the government will invest sustained amounts of money into cultivating highly specialized cyber professionals, upgrading technical defense systems, and implementing routine simulation drills and incident response exercises in order to ensure that the country is prepared to deal with potential cyber incidents. 

In spite of the fact that technology alone is not enough to safeguard national networks without an equally advanced talent pool that can interpret, counter, and mitigate threats that evolve every day, policymakers and security officials have repeatedly emphasized that technological capabilities alone cannot safeguard national networks.

As a result, the strategy formalizes broader collaboration channels, recognizing that cyber risks do not have regard for traditional governance structures as they travel across national and sectoral boundaries. 

An essential cornerstone of the policy is the concept of public-private cooperation, which encourages critical infrastructure operators, who want to join a newly formed government-led council that aims to enable bidirectional intelligence exchange, threat reporting, and coordinated risk assessment; this is a cornerstone of the policy. 

There is also a strong recommendation to strengthen international alignment, which reinforces the fact that cyber defense is a collective rather than a unilateral challenge, as is emphasized in the statement of the document which states that no nation can combat digital intrusions alone. 

During a press conference held Tuesday, Hisashi Matsumoto, the country's minister for cyber security, reiterated the government's position and drew inspiration from Prime Minister Sanae Takaichi's directive for a better collaboration between the government, domestic industry, and partners overseas. 

The Japanese government has repositioned their cyber posture in accordance with unified internal action and strategic external partnerships, as stressed by Matsumoto, cross-sectoral and cross-border cooperation is crucial to ensuring national resilience in the digital age. Although these ambitions exist, Japan's legislative agenda for active cyber defense remains mired in political and constitutional debates. 

There has been a stalling of efforts in the government to introduce a comprehensive cybersecurity bill, an effort that has been hindered by shifting political dynamics, particularly due to a change in prime ministerial leadership, as well as a loss of the majority in the parliament by the ruling coalition at the general elections held in mid-October. 

Legal scrutiny has been sparked by the proposed legislation, especially in light of the strict constitutional protections that Japan has in place to protect communication secrecy and privacy. According to several legal experts and government advisers, if network monitoring provisions are not properly structured, they will interfere with these safeguards, if not carefully structured. 

According to officials, despite the fact that political consensus is still uncertain, it may be possible to submit the bill as early as possible during the next regular session of the National Diet, reflecting the broader challenge of aligning national cyber ambitions with constitutional precedents that still faces the country. 

As Japan shifts its strategic priorities toward cybersecurity, it is a manifestation of a more fundamental reckoning with the reality of modern conflict, in which economic stability, defense readiness, and digital infrastructure are becoming increasingly irreconcilable. 

In the proposal for the new strategy, a foundation is laid for improved coordination, the development of talent, and cross-sectoral alliances.  However, for the new strategy to be successful long term, a sustained political consensus is required, as is a careful balance between policy alignment with constitutional safeguards. 

Japan's approach could be enhanced if domestic research and development in encryption were accelerated, cyber threat intelligence-sharing agreements across the Indo-Pacific were expanded, and private firms were encouraged to invest in security modernization through tax incentives and security modernization grants. 

There is also the possibility that national cyber drills, modeled after disaster-response frameworks Japan has historically employed, will strengthen institutional muscle memory for handling crisis situations in a fast-paced manner. Furthermore, experts suggest integrating cybersecurity modules into engineering and policy programs at universities so that future-ready professionals may be available. 

As a result of institutionalizing collaboration between Japan's government, industry, and international partners, not only are they preparing to deal with today's threats, but they are also signaling that they intend to create norms and guidelines that will shape the world's cyber resilience.

It is fair to say that the country is at a crucial crossroads in its development-one that requires decisive action if it wishes to improve its digital defenses into a strategic advantage, thereby enhancing both national security and economic continuity in a world defined by persistent and evolving cyber threats.
Read more »
Microsoft
Bitlocker BitLocker encryption CPU CPU vulnerabilities Cyber Security Hardware Hardware Encryption Microsoft

Microsoft Introduces Hardware-Accelerated BitLocker to Boost Windows 11 Security and Performance

 

Microsoft is updating Windows 11 with hardware-accelerated BitLocker to improve both data security and system performance. The change enhances full-disk encryption by shifting cryptographic work from the CPU to dedicated hardware components within modern processors, helping systems run more efficiently while keeping data protected. 

BitLocker is Windows’ built-in encryption feature that prevents unauthorized access to stored data. During startup, it uses the Trusted Platform Module to manage encryption keys and unlock drives after verifying system integrity. While this method has been effective, Microsoft says faster storage technologies have made the performance impact of software-based encryption more noticeable, especially during demanding tasks. 

As storage speeds increase, BitLocker’s encryption overhead can slow down activities like gaming and video editing. To address this, Microsoft is offloading encryption tasks to specialized hardware within the processor that is designed for secure and high-speed cryptographic operations. This reduces reliance on the CPU and improves overall system responsiveness. 

With hardware acceleration enabled, large encryption workloads no longer heavily tax the CPU. Microsoft reports that testing showed about 70% fewer CPU cycles per input-output operation compared to software-based BitLocker, although actual gains depend on hardware configurations. 

On supported devices with NVMe drives and compatible processors, BitLocker will default to hardware-accelerated encryption using the XTS-AES-256 algorithm. This applies to automatic device encryption, manual activation, policy-based deployment, and script-driven setups, with some exceptions. 

The update also strengthens security by keeping encryption keys protected within hardware, reducing exposure to memory or CPU-based attacks. Combined with TPM protections, this moves BitLocker closer to eliminating key handling in general system memory.  

Hardware-accelerated BitLocker is available in Windows 11 version 24H2 with September updates installed and will also be included in version 25H2. Initial support is limited to Intel vPro systems with Intel Core Ultra Series 3 (Panther Lake) processors, with broader system-on-a-chip support planned. 

Users can confirm whether hardware acceleration is active by running the “manage-bde -status” command. Microsoft notes BitLocker will revert to software encryption if unsupported algorithms or key sizes are used, certain enterprise policies apply, or FIPS mode is enabled on hardware without certified cryptographic offloading.
Read more »
Threat Intelligence
Class Action Lawsuit Cyber Security Healthcare Data Theft Identity Compromise Insurance Cyberattack Network Outage Scattered Spider SSN Exposure Threat Intelligence

Personal and Health Information of 22.6 Million Aflac Clients Stolen in Cyberattack

 


At the start of 2026, a significant cybersecurity breach that was disclosed heightened awareness of digital vulnerabilities within the American insurance industry, after Aflac, one of the largest supplemental insurance providers in the country, confirmed that a sophisticated cyberattack, which took place in June 2025, compromised approximately 22.65 million individuals' personal and protected health information. 

An intrusion took place during the summer of 2025 and has since been regarded as one of the biggest healthcare-related data breaches of the year. The attack pattern of advanced cybercriminals has shifted significantly from targeted low-value sectors to high-value sectors that handle sensitive consumer data, illustrating a noticeable shift in their attack patterns towards those sectors. 

In an effort to determine who is responsible for the breach, investigators and threat analysts have attributed it to the Scattered Spider cybercriminal collective, also referred to as UNC3944, who are widely known for their evolving campaign strategies and earlier compromises targeting retailers across the United States and United Kingdom.

It has been reported that Aflac contained the incident within hours of its detection and confirmed that no ransomware payload has been deployed. However, the attackers have managed to extract a wide range of sensitive information including Social Security numbers, government-issued identification numbers, medical and insurance records, claims data from policyholders, as well as confidential information about protected health. 

Since the disclosure came to light, it has sparked rare bipartisan concern among lawmakers, triggered multiple class-action lawsuits against insurance companies, and has intensified debate about the resilience of the insurance industry when it comes to cyber security, given the large amount of data it stores and its sensitivity, making it prime targets for highly coordinated cyber attacks. 

Anflac has submitted further details regarding the scope of the information exposed as a result of the incident to the Texas and Iowa attorneys generals' offices, confirming that the compromised data includes both sensitive and non-sensitive personal identifying information of a large range of individuals. 

A company disclosure stated that the stolen records included details such as customer names, dates of birth, home addresses, passports and state identification cards, driver's licenses, Social Security numbers, along with detailed medical information and health insurance information, as well as information about the company's employees. 

According to Aflac's submission to Iowa authorities, the perpetrators may have connections with a known cybercrime organization, according to the company's submission, while noting that the attackers might have been engaged in a broader campaign against multiple insurance firms. Both the government and external cybersecurity experts have suggested that the attackers could have been engaged in this kind of campaign. 

It is important to note that Scattered Spider, an informal collective of mainly young English-speaking threat actors, has not been publicly identified as the group that is responsible for the attacks, but some cybersecurity analysts believe it is an obvious candidate based on the overlapping tactics and timing of their attacks. 

According to news outlets, Aflac did not immediately respond to requests for comment from news outlets despite the fact that it serves approximately 50 million customers. Only now is the company attempting to deal with the fallout from what could be the largest data breach in recent memory. In the midst of an intensifying cyber threat that aimed directly at the insurance sector, the breach unfolded. 

Approximately a year after Aflac disclosed the June 2025 attack, the Threat Intelligence Group of Google released a security advisory suggesting that the group, Scattered Spider, a loosely organized group of mostly young, English-speaking hackers, had switched its targeting strategy from retail companies to insurers, indicating a significant increase in the group's operational focus. 

It is important to note that during the same period, Erie Insurance as well as Philadelphia Insurance both confirmed significant network interruptions, raising concerns about a coordinated probe across the entire industry. As of July 2025, Erie has reported that business operations have been fully restored, emphasizing that internal reviews did not reveal any evidence of data loss. 

Philadelphia has also reported the recovery of their network and confirmed that they have not experienced a ransomware incident. After the Aflac breach was discovered, the company made subsequent statements stating that it had initiated a comprehensive forensic investigation within hours of discovery, engaged external cyber specialists and informed federal law enforcement agencies and relevant authorities about the breach. 

This incident, according to the insurer, affected its entire ecosystem, including its customers, beneficiaries, employees, licensed agents, and other individuals associated with that ecosystem. It was revealed that exposed records included names, contact information, insurance claims, health information, Social Security numbers, and other protected personal identifiers related to insurance claims, health claims, and health information. 

As a symbol of their rapid response, Aflac reiterated that the breach was contained within hours, data remained safe, and no ransomware payload was deployed in the process of containing the breach. It is nonetheless notable that even though these assurances have been given, the scale of the compromise has resulted in legal action. 

An ongoing class action lawsuit has already been filed in Georgia federal court in June 2025, and two similarly filed suits have been filed against Erie Insurance as a result of its own cyber incident, reflecting increasing pressures on insurers to strengthen their defenses in a sector increasingly threatened by agile and persistent cybercriminals. 

With insurers struggling to keep up with the growing threat surface of an increasingly digitalized industry, the Aflac incident provides a vital lesson for both breach response and sectoral risk exposure as insurers deal with a growing threat surface. A swift containment prevented the system from paralyzing, but the breach underscores a larger truth, which is that security is no longer a matter of scale alone. 

According to industry experts, proactive reinforcement is the key to reducing vulnerability rather than reactive repair, and firms need to put a strong emphasis on real-time threat monitoring, identity-based access controls, and multilayered encryption of policyholder information to protect themselves against threats. 

As attackers move towards socially-engineered entry points and credential-based compromises, this is especially pertinent. It is also worth mentioning that this incident has sparked discussions about mandatory breach transparency and faster consumer notification frameworks, as well as tighter regulatory alignment across the US states, which remain fragmented regarding reporting requirements. 

Analysts have noted that incidents of this magnitude, despite the absence of ransomware deployment, can have long-term reputational and financial effects that may last longer than the technical intrusion itself. Cyber resilience must go beyond firewalls because it requires the adoption of an organizational culture, vendor governance, and a proactive approach to early anomaly detection. 

In the public, the need to monitor identities and account activity remains crucial - consumers should remain vigilant over identity monitoring. Although the breach of insurance security seems to have been contained, it still has a lasting impact on the insurance sector, which has become more cautious and prepared in the future.
Read more »
South Korea
Cyber Security Data Breach Shinhan Card South Korea

Shinhan Card Probes Internal Data Leak Affecting About 190,000 Merchants

 

Shinhan Card, South Korea’s largest credit card issuer, said on December 23 that personal data linked to about 190,000 merchant representatives was improperly accessed and shared by employees over a three year period, highlighting ongoing concerns around internal data controls in the country’s financial sector. 

The company said roughly 192,000 records were leaked between March 2022 and May 2025. The exposed information included names, mobile phone numbers, dates of birth and gender details of franchise owners. 

Shinhan Card said no resident registration numbers, card details or bank account information were involved and that the incident did not affect general customers. According to the company, the breach was uncovered after a whistleblower submitted evidence to South Korea’s Personal Information Protection Commission, prompting an investigation. 

Shinhan Card began an internal review after receiving a request for information from the regulator in mid November. Investigators found that 12 employees across regional branches in the Chungcheong and Jeolla areas had taken screenshots or photos of merchant data and shared them via mobile messaging apps with external sales agents. 

The information was allegedly used to solicit new card applications from recently registered merchants, including restaurants and pharmacies. Shinhan Card said verifying the scale of the leak took several weeks because the data was spread across more than 2,200 image files containing about 280,000 merchant entries in varying formats. 

Each file had to be checked against internal systems to confirm what information was exposed. Chief Executive Park Chang hoon issued a public apology, saying the leak was caused by unauthorized employee actions rather than a cyberattack. 

He said the company had blocked further access, completed internal audits and strengthened access controls. Shinhan Card said the employees involved would be held accountable. The company added that affected merchants are being notified individually and can check their status through an online portal. 

It said compensation would be provided if any damage is confirmed. The incident adds to a series of internal data misuse cases in South Korea’s financial industry. Regulators said they are assessing whether the breach violates national data protection laws and what penalties may apply. 

The Financial Supervisory Service said it has so far found no evidence that credit information was leaked but will continue to monitor the case. 

Analysts say the Shinhan Card case underscores the growing risk posed by insider misuse as financial institutions expand digital services and data driven operations, putting renewed focus on employee oversight and internal governance.
Read more »
Red Hat
big data Cyber Security Data Breach Nissan Red Hat

Nissan Says Customer Data Exposed After Breach at Red Hat Systems

 

Nissan Motor Co Ltd said that personal information of thousands of customers was exposed following a cyber breach at Red Hat, the US based software company it had engaged to develop customer management systems. 

The Japanese automaker said it was notified by Red Hat in early October that unauthorized access to a server had resulted in data leakage. The affected system was part of a Red Hat Consulting managed GitLab environment used for development work. 

Nissan said the breach involved customer information linked to Nissan Fukuoka Sales Co Ltd. About 21,000 customers who purchased vehicles or received services in Fukuoka, Japan were affected. 

The exposed data included customer names, physical addresses, phone numbers, email addresses and other information used in sales and service operations. Nissan said no credit card or payment information was compromised. 

“Nissan Motor Co Ltd received a report from Red Hat that unauthorized access to its data servers had resulted in information being leaked,” the company said in a statement.

It added that it has no evidence the data has been misused. Red Hat acknowledged earlier that an attacker had accessed and copied data from a private GitLab instance, affecting multiple organisations. 

The breach was disclosed publicly in early October after threat actors claimed to have stolen hundreds of gigabytes of data from tens of thousands of private repositories. The intrusion was initially claimed by a group calling itself Crimson Collective. 

Samples of the stolen data were later published by another cybercrime group, ShinyHunters, as part of an extortion effort. Neither Nissan nor Red Hat has publicly attributed the breach to a specific actor. 

Nissan said the compromised Red Hat environment did not store any additional Nissan data beyond what has already been confirmed. The company said it has informed affected customers and advised them to remain alert for suspicious emails, calls or messages that could exploit the leaked information. 

Cybersecurity experts say such data can be used for social engineering attacks, including phishing and impersonation scams, even if financial details are not exposed. The incident adds to a series of cybersecurity issues involving Nissan. 

In late August, a Qilin ransomware attack affected its design subsidiary Creative Box Inc in Japan. Last year, Nissan North America disclosed a breach impacting about 53,000 employees, while an Akira ransomware attack exposed data of roughly 100,000 customers at Nissan Oceania. 

The Red Hat breach has renewed concerns about supply chain security, where compromises at technology vendors can have cascading effects on downstream clients. Nissan said it continues to review its security controls and coordination with third party providers following the incident.
Read more »
Cyber Security
AI in robotics AI Techniques Automation Automotive British transport China Cyber Security

Chinese Robotaxis May Launch UK Trials in 2026 as Uber and Lyft Partner With Baidu

 

Chinese autonomous taxis could begin operating on UK roads by 2026 after Uber and Lyft announced plans to partner with Chinese technology company Baidu to trial driverless vehicles in London. Both companies are seeking government approval to test Baidu’s Apollo Go robotaxis, a move that could mark an important step in the UK’s adoption of self-driving transport. 

Baidu’s Apollo Go service already operates in several cities, mainly in China, where it has completed millions of passenger journeys without a human driver. If approved, the UK trials would represent the first large-scale use of Chinese-developed robotaxis in Europe, placing London among key global hubs working toward autonomous mobility. 

The UK government has welcomed the development. Transport secretary Heidi Alexander said the announcement supports Britain’s plans for self-driving vehicles and confirmed that the government is preparing to allow autonomous cars to carry passengers under a pilot scheme starting in spring. The Department for Transport is developing regulations to enable small autonomous taxi- and bus-style services from 2026, with an emphasis on responsible and safe deployment. 

Uber has said it plans to begin UK driverless car trials as regulations evolve, partnering with Baidu to help position Britain as a leader in future transport while offering Londoners another travel option. Lyft has also expressed interest, stating that London could become the first European city to host Baidu’s Apollo Go vehicles as part of a broader agreement covering the UK and Germany.  

Despite enthusiasm from companies and policymakers, regulatory approval remains a major challenge. Lyft chief executive David Risher said that, if approved, testing could begin in London in 2026 with a small fleet of robotaxis, eventually scaling to hundreds. Experts caution, however, that autonomous transport systems cannot expand as quickly as other digital technologies.  

Jack Stilgoe, professor of science and technology policy at University College London, warned that moving from limited trials to a fully operational transport system is complex. He stressed the importance of addressing safety, governance, and public trust before autonomous taxis can become widely used. 

Public scepticism remains strong. A YouGov poll in October found that nearly 60 percent of UK respondents would not ride in a driverless taxi under any circumstances, while 85 percent would prefer a human-driven cab if price and convenience were the same. Ongoing reports of autonomous vehicle errors, traffic disruptions, and service suspensions have added to concerns. Critics also warn that poorly regulated robotaxis could worsen congestion, undermining London’s efforts to reduce city-centre traffic.
Read more »
Urban Infrastructure Risk
Anti-Jamming Tech Cyber Security GPS Resilience Military Encryption Multi-Constellation Navigation NAVIC Satellite Security Signal Interference Urban Infrastructure Risk

Inside China’s Urban Navigation Blackout and the Lessons for India


 

The administrative capital of Jiangsu Province and the eastern Chinese city of Nanjing, home to nearly 10 million people, briefly lost its digital compass on Wednesday when the city experienced an unprecedented six-hour satellite navigation outage that temporarily stalled traffic at the city's airport. 

It is official that local authorities are pointing out that the sudden disruption is a result of a systemic anomaly, and that it has disabled positioning services based on both the US's Global Positioning System and China's domestic BeiDou network, as well as applications that depend on the parallel BeiDou-linked BeiDou Navigation Satellite System. 

During the period of the blackout, essential urban services such as navigation and ride-hailing platforms were seriously disrupted, logistics coordination was compromised, food delivery operations were hampered, commercial drone activity was disrupted, along with many other systems reliant on real-time geospatial accuracy in real-time. 

Almost six hours ago, Nanjing's streets and airspace were without dependable satellite guidance for close to six hours, revealing the deep connection between navigation infrastructure and everyday transportation as well as the commercial ecosystem, as well as the vulnerability of densely networked cities when the core positioning frameworks fail to function properly. 

Several regional tech monitors confirmed later that not only did the outage stall consumer applications, but also the coordinated drone operations came to a halt, affecting the algorithms used to match drivers to passengers, and causing significant delays with last-mile delivery networks. In an era where navigation data has become just as essential to city functionality as electricity and telecommunications, urban resilience is becoming increasingly a concern. 

Interesting Engineering notes that the disruption, which is cited by a technology briefing, impacted civilian navigation services that were operated through the U.S. Global Positioning System, as well as China's BeiDou satellite network. The disruption temporarily shook the city's digital infrastructure to its core. Location-based platforms encountered widespread operational failures as satellite signal reception was compromised. 

A number of ride-hailing networks reported a significant reduction in activity during the outage window, with bookings decreasing by close to 60 percent, whereas food delivery services complained of delays in the range of 40 percent, affecting last-mile logistics to an extremely high degree.

The public mobility systems were similarly destabilised; bike-sharing platforms came out as the most severely affected, with users reporting severe errors in their geolocation, placing bicycles 35 miles away from their actual locations, making fleet tracking and rental unreliable for those bikes. 

A preliminary assessment of mobile network faults was ruled out, but subsequent confirmation from the Nanjing Satellite Application Industry Association indicated that the outage resulted from "temporary interference and signal pressure" on GPS and BeiDou civilian frequencies, resulting in devices being unable to obtain stable satellite-derived positional data as a result. 

The authorities failed to reveal the origin or intent of the interference, which in turn strengthened public speculation that the event might have been linked to the heightened security protocols surrounding a sensitive engagement that was not disclosed. In the aftermath of the interference conditions and stabilization of satellite reception, navigation functionality was incrementally restored to normal after six hours. 

Analysts noted that the incident revealed the structural differences between the two systems' signal designs BeiDou, unlike its counterpart, uses a physical separation of the military and civilian frequency bands, shielding defence-grade signals with layers of encryption and anti-jamming measures. The GPS system, on the other hand, transmits both military and civilian signals over shared carrier frequencies while preserving functional separation through discrete encryption and spectral modulation. 

Strategic technology assessors have interpreted the simultaneous disruption of civilian signals to be a deliberate outcome of overlapped frequency compatibility, noting that interference with one system's civilian band would inherently negatively affect GPS-based services, as well as other systems. 

A number of experts describe this interoperability as a strategic deterrent mechanism that raises the costs associated with targeted jamming, which bolsters the resilience of civilian networks. This also creates the opportunity for a mutual-impact dynamic that complicates malicious interference scenarios. 

Upon the stabilisation of signal reception, navigation services were gradually restored, however, experts were prompted to question the routine-glitch narrative presented in initial statements in light of the dual impact on both GPS and China's BeiDou network. 

There was a strong indication that the outage was orchestrated to occur at the same time, an experience that was difficult to explain by a standard technical problem, highlighting how deeply satellite positioning has become woven into the urban service delivery system, mobility, and commercial operations in recent years. 

There is a growing understanding among strategic analysts that this incident represents an example of cross-system vulnerability in the real world, noting that interference targeting one civilian signal band can cascade across other constellations operating on adjacent frequencies or overlapping among them. 

Throughout the year, the discussion immediately grew beyond China's borders and resonated with countries such as India, where transport networks, supply chains, emergency response frameworks, aerial operations, and app-driven businesses rely on uninterrupted access to geospatial information. 

Indian navigation is a diverse mix of technologies, which include GPS, Russia's GLONASS, the European Union's Galileo network, Chinese BeiDou, and Indian own satellite system, NAVIC. This system provides reliable positioning coverage within a 1,500 kilometre operational radius of the country's borders, providing the country with reliable position monitoring services. 

The majority of technology and defense experts believe that resilience is rooted in redundancy, advocating devices that can draw signals from multiple constellations, the use of offline navigation tools such as maps that are pre-downloaded, and the integration of terrestrial alternative positioning systems in commercial fleets, unmanned systems, and modern vehicles, such as cellular tower triangulations and local or carrier-based positioning modules. 

During prolonged escalations in regional security, NAVIC, in particular, has been cited as a strategic buffer, allowing a fallback layer that can be deployed as a sovereign fallback when external threats arise, thereby reducing the dependence on external systems. Satellite navigation is often treated as an invisible infrastructure, but the Nanjing episode demonstrated that even temporarily, if it fails — even temporarily — a modern city is unmoored. 

As a result, positioning networks play a geopolitical role in a region where navigation resilience is no longer a technical luxury, but rather a strategic necessity, and highlighting the urgency of long-term preparedness has never been more apparent. There are a lot of things that are left behind from the Nanjing navigation blackout, but not because of the length of time it was, but rather because of the fact that satellite positioning is not merely a background utility anymore, but rather a strategic artery that powers commerce, mobility, airspace management, and urban planning. 

As geopolitical tensions are increasingly intersecting with civilian technology, the fragility of location infrastructure has gained global attention. There is no easy answer to this question, but for nations such as India, which already operates its own regional constellation alongside multiple global systems, the incident reinforces the importance of funds continuing to be spent on sovereign signal hardening, receiver diversification, and terrestrial positioning options. 

Rather than relying on a single system choice in the future, experts say that future resilience will be enhanced through system layering in which satellite guidance is augmented by pre-cached intelligence, such as offline routing databases, hybrid receivers with a built-in artificial intelligence that can identify anomalies before they arise, and reroute services as needed before disruptions occur. 

Furthermore, policy advisers recommend that national simulation drills be conducted to stress-test airports, logistic grids, and emergency networks against coordinated signal interference. Even though the outage disrupted a single city, the lessons learned from it apply to the whole region: preparing long before the signal fades can be most effective when the outage occurs. There is an increased need in a world that charts its future based on coordinates. This has made continuity a national asset in itself.
Read more »
Open AI
AI Models AI Systems AI technology AI tools ChatGPT China Cyber Security Open AI

Chinese Open AI Models Rival US Systems and Reshape Global Adoption

 

Chinese artificial intelligence models have rapidly narrowed the gap with leading US systems, reshaping the global AI landscape. Once considered followers, Chinese developers are now producing large language models that rival American counterparts in both performance and adoption. At the same time, China has taken a lead in model openness, a factor that is increasingly shaping how AI spreads worldwide. 

This shift coincides with a change in strategy among major US firms. OpenAI, which initially emphasized transparency, moved toward a more closed and proprietary approach from 2022 onward. As access to US-developed models became more restricted, Chinese companies and research institutions expanded the availability of open-weight alternatives. A recent report from Stanford University’s Human-Centered AI Institute argues that AI leadership today depends not only on proprietary breakthroughs but also on reach, adoption, and the global influence of open models. 

According to the report, Chinese models such as Alibaba’s Qwen family and systems from DeepSeek now perform at near state-of-the-art levels across major benchmarks. Researchers found these models to be statistically comparable to Anthropic’s Claude family and increasingly close to the most advanced offerings from OpenAI and Google. Independent indices, including LMArena and the Epoch Capabilities Index, show steady convergence rather than a clear performance divide between Chinese and US models. 

Adoption trends further highlight this shift. Chinese models now dominate downstream usage on platforms such as Hugging Face, where developers share and adapt AI systems. By September 2025, Chinese fine-tuned or derivative models accounted for more than 60 percent of new releases on the platform. During the same period, Alibaba’s Qwen surpassed Meta’s Llama family to become the most downloaded large language model ecosystem, indicating strong global uptake beyond research settings. 

This momentum is reinforced by a broader diffusion effect. As Meta reduces its role as a primary open-source AI provider and moves closer to a closed model, Chinese firms are filling the gap with freely available, high-performing systems. Stanford researchers note that developers in low- and middle-income countries are particularly likely to adopt Chinese models as an affordable alternative to building AI infrastructure from scratch. However, adoption is not limited to emerging markets, as US companies are also increasingly integrating Chinese open-weight models into products and workflows. 

Paradoxically, US export restrictions limiting China’s access to advanced chips may have accelerated this progress. Constrained hardware access forced Chinese labs to focus on efficiency, resulting in models that deliver competitive performance with fewer resources. Researchers argue that this discipline has translated into meaningful technological gains. 

Openness has played a critical role. While open-weight models do not disclose full training datasets, they offer significantly more flexibility than closed APIs. Chinese firms have begun releasing models under permissive licenses such as Apache 2.0 and MIT, allowing broad use and modification. Even companies that once favored proprietary approaches, including Baidu, have reversed course by releasing model weights. 

Despite these advances, risks remain. Open-weight access does not fully resolve concerns about state influence, and many users rely on hosted services where data may fall under Chinese jurisdiction. Safety is another concern, as some evaluations suggest Chinese models may be more susceptible to jailbreaking than US counterparts. 

Even with these caveats, the broader trend is clear. As performance converges and openness drives adoption, the dominance of US commercial AI providers is no longer assured. The Stanford report suggests China’s role in global AI will continue to expand, potentially reshaping access, governance, and reliance on artificial intelligence worldwide.
Read more »
Internet Shutdowns
AI regulation Cyber Security Digital Privacy Facial Recognition Internet Shutdowns

2026 Digital Frontiers: AI Deregulation to Surveillance Surge

 

Digital technology is rapidly redrawing the boundaries of politics, business and daily life, and 2026 looks set to intensify that disruption—from AI-driven services and hyper-surveillance to new forms of protest organised on social platforms. Experts warn that governments and companies will find it increasingly difficult to balance innovation with safeguards for privacy and vulnerable communities as investment in AI accelerates and its social side-effects become harder to ignore.

One key battleground is regulation. Policymakers are tugged between pressures to “future-proof” oversight and demands from large technology firms to loosen restrictions that could slow development. In Europe, the European Commission is expected to ease parts of its year-old privacy and AI framework, including allowing firms to use personal data to train AI models under “legitimate interest” without seeking consent.

In the United States, President Donald Trump is considering an executive order that could pre-empt state AI laws—an approach aimed at reducing legal friction for Big Tech. The deregulatory push comes alongside rising scrutiny of AI harms, including lawsuits involving OpenAI and claims linked to mental health outcomes.

At the same time, countries are experimenting with tougher rules for children online. Australia has introduced fines of up to A$49.5 million for platforms that fail to take reasonable steps to block under-16 users, a move applied across major social networks and video services, and later extended to AI chatbots. France is also pushing for a European ban on social media for children under 15, while Britain’s Online Safety Act has introduced stringent age requirements for major platforms and pornography sites—though critics argue age checks can expand data collection and may isolate vulnerable young people from support communities.

Another frontier is civic unrest and the digital tools surrounding it. Social media helped catalyse youth-led protests in 2025, including movements that toppled governments in Nepal and Madagascar, and analysts expect Gen Z uprisings to continue in response to corruption, inequality and joblessness. Governments, meanwhile, are increasingly turning to internet shutdowns to suppress mobilisation, with recent examples cited in Tanzania, Afghanistan and Myanmar.

Beyond politics, border control is going digital. Britain plans to use AI to speed asylum decisions and deploy facial age estimation technology, alongside proposals for digital IDs for workers, while Trump has expanded surveillance tools tied to immigration enforcement. Finally, the climate cost of “AI everything” is rising: data centres powering generative AI consume vast energy and water, with Google reporting 6.1 billion gallons of water used by its data centres in 2023 and projections that US data centres could reach up to 9% of national electricity use by 2030.
Read more »
Subscribe to: Comments (Atom)