Good morning. It's Friday, 24th of October.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.

European Union leaders are meeting in Brussels to discuss further backing for Ukraine, including the use of Russian frozen assets to provide a 140-billion-euro loan to the war-torn country, drawing fury from Moscow. Al Jazeera

SpaceX says it has disabled more than 2,000 Starlink devices connected to scam compounds in Myanmar after politicians and others called on the company to crack down on scammers using its kits for fast satellite internet. The Record by Recorded Future

Apple abused its dominant position by charging app developers unfair commissions, a London tribunal ruled on Thursday, in a blow which could leave the U.S. tech company on the hook for hundreds of millions of pounds in damages.” Reuters

Australia

US-Australia critical minerals deal unlikely to quickly dent China’s lead

Nikkei Asia

Shaun Turton

Miners have welcomed a multibillion dollar critical minerals pact between Australia and the U.S., but efforts to reduce China’s dominance over the ingredients used in advanced technology and defense hardware face a long road, say experts. The two allies this week committed to spending a combined $8.5 billion, to develop “priority” critical minerals projects. They also unveiled a joint policy framework covering mechanisms for financing such projects, setting potential price floors and coordinating downstream processing and offtake agreements.

Origin warns customers after employee steals credit card details

The Australian Financial Review

Paul Smith

Origin Energy has warned more than 700 customers that their credit and debit card details could have been compromised when a rogue employee stole their records and attempted to email them to themself. The breach was picked up on July 30 when the employee sent the encrypted file that contained customers’ details, including the credit card numbers used to pay their bills. An Origin spokesman said there was no reason to suspect the employee was linked to a ransomware gang like Scattered Lapsus$ Hunters, which recently sought to hold Qantas to ransom with the threat of leaking stolen customer data.

China

Nexperia China objects to Dutch headquarters’ dismissal of VP

Nikkei Asia

Pak Yiu

Nexperia’s Chinese unit said its Dutch headquarters’ decision to remove its vice president of global sales and marketing has no legal effect in China and that contracts signed will be represented and handled domestically. In an internal memo posted publicly Thursday, Nexperia China said it will “bear all legal liabilities” for all business activities, including agreements and contract signings, conducted by John Chang, who is based in Shenzhen and was also the company’s chief commercial officer.

Nexperia seizure: Chinese investors grill companies with European units after Dutch move South China Morning Post

Researchers track surge in high-level Smishing Triad activity

CyberScoop

Matt Kapko

Researchers have uncovered a long-running phishing campaign that uses text messages to trick victims, and it’s both bigger and more complex than previously thought. The operation, dubbed Smishing Triad, is managed in Chinese and involves thousands of malicious actors, including dozens of active, high-level participants, Palo Alto Networks’ research unit told CyberScoop. Unit 42 has traced about 195,000 domains to the highly decentralized phishing operation since January 2024.

The China tech canon

Asterisk Magazine

Afra Wang

In 1987, Lei Jun 雷军 was a 21-year-old student in Wuhan University’s computer science program. The book that had set his imagination alight was Fire in the Valley 硅谷之火, which chronicles the evolution of 1970s homebrew hacker culture into global titans like Apple, Microsoft, and IBM. The heroes of that story, of course, were visionaries like Steve Jobs. Lei Jun’s trajectory — he founded Joyo.com (later acquired by Amazon), built Xiaomi into a smartphone colossus, then wagered billions on electric vehicles — would unfold directly from that initial act of reading.

USA

Kristi Noem pledged to boost the nation’s cybersecurity. She gutted it instead.

POLITICO

Maggie Miller and Eric Bazail-Eimil

Homeland Security Secretary Kristi Noem promised to prioritize a “comprehensive, whole-of-government approach to cybersecurity.” But over the last nine months, a key cybersecurity agency under Noem’s command has had its staffing slashed by more than a third, axed funding for election security programs and scaled back its support to state and local governments to protect against cyber threats. “There’s a real disconnect between the public messaging about cybersecurity and the reality on the ground,” said an employee of the Cybersecurity and Infrastructure Security Agency.

New York updates third-party risk guidance, adds AI provisions

CyberScoop

Colin Wood

The New York Department of Financial Services published updates this week to longstanding industry guidance that urges financial services companies to closely watch their third-party providers. While the guidance’s updates are numerous, they are, according to the state, mostly intended to provide clarity as the technology landscape shifts. A department press release notes that the guidance “does not impose new requirements or obligations,” but Bob Maley, chief information security officer at the cyber risk firm Black Kite, said there some clauses, like those about AI, that are worth noting.

Two federal judges say use of AI led to errors in US court rulings

Reuters

Sara Merken

Two federal judges admitted in response to an inquiry by U.S. Senate Judiciary Committee Chairman Chuck Grassley that members of their staff used artificial intelligence to help prepare recent court orders that Grassley called “error-ridden.” In letters released by Grassley’s office on Thursday, U.S. District Judge Henry Wingate in Mississippi and U.S. District Judge Julien Xavier Neals in New Jersey said the decisions in the unrelated cases did not go through their chambers’ typical review processes before they were issued.

F5 vulnerability highlights weak points in DHS’s CDM program

CyberScoop

Tim Starks

Last week, Cybersecurity and Infrastructure Security Agency officials spoke candidly about the challenges they faced tracking the use of F5 products across the civilian federal government. While CISA knows there are thousands of instances of F5 currently in use, it admitted it wasn’t certain where each instance was deployed. The uncertainty came as the agency issued an emergency directive related to F5, instructing other government agencies to find and patch any F5 instances.

Hacking lab boss charged with seeking to sell secrets

Bloomberg

Patrick Howell O’Neill and Chris Strohm

A director at a company that sells computer vulnerabilities has been charged with stealing secrets to sell to an unspecified buyer in Russia, according to a court document and people familiar with the matter. Peter Williams was accused of stealing seven trade secrets from two unidentified companies with the intention of selling them to the Russian buyer, according to the Justice Department. Williams is a former director of the Trenchant arm of Melbourne, Florida-based L3Harris Technologies Inc., according to a UK government document.

Trump administration in talks to take equity stakes in quantum-computing firms

The Wall Street Journal

Amrith Ramkumar

Several quantum-computing companies are in talks to give the Commerce Department equity stakes in exchange for federal funding, a signal that the Trump administration is expanding its interventions in what it sees as critical segments of the economy. Companies including IonQ, Rigetti Computing and D-Wave Quantum are discussing the government becoming a shareholder as part of agreements to get funding earmarked for promising technology companies, according to people familiar with the matter.

Southeast Asia

SpaceX disables more than 2,000 Starlink devices used in Myanmar scam compounds

The Record by Recorded Future

James Reddick

SpaceX says it has disabled more than 2,000 Starlink devices connected to scam compounds in Myanmar after politicians and others called on the company to crack down on scammers using its kits for fast satellite internet. Lauren Dreyer, the vice-president of Starlink’s business operations, said in a post on X Tuesday night that the company “proactively identified and disabled over 2,500 Starlink Kits in the vicinity of suspected ‘scam centers’” in Myanmar.

South & Central Asia

WazirX to restart trading on Friday after $230M hack caused year-long shutdown

CoinDesk

Shaurya Malwa

WazirX, once India’s largest cryptocurrency exchange by volume, will resume operations on October 24, per an email sent to creditors. That ends more than a year of uncertainty for thousands of creditors left in limbo after one of the most dramatic collapses in the country’s crypto history, which saw over $230 million worth of various tokens getting stolen from the exchange.

AI tools amplify anti-Muslim hate on Indian social media: think tank

Nikkei Asia

Quratulain Rehbar

Artificial intelligence-generated images and videos are fueling a new wave of anti-Muslim hate across India’s social media ecosystem, according to a new report by the Center for the Study of Organized Hate, which warns that AI has become a powerful amplifier of anti-minority narratives. CSOH, a Washington D.C.-based non-profit, non-partisan think-tank that researches organized hate, published “AI-Generated Imagery and the New Frontier of Islamophobia in India” on Sept. 29 on its website.

Europe

EU poised to agree on using frozen Russian assets to help Ukraine in war

Al Jazeera

European Union leaders are meeting in Brussels to discuss further backing for Ukraine, including the use of Russian frozen assets to provide a 140-billion-euro loan to the war-torn country, drawing fury from Moscow. European Council President Antonio Costa welcomed Ukraine’s Volodymyr Zelenskyy to Thursday’s summit as a “future member” of the bloc, announcing that a “political decision” would be made on the plan to use cash balances from frozen Russian central bank securities to cover Kyiv’s funding needs in 2026 and 2027.

UK

Apple loses landmark UK lawsuit over app store commissions

Reuters

Sam Tobin

Apple, abused its dominant position by charging app developers unfair commissions, a London tribunal ruled on Thursday, in a blow which could leave the U.S. tech company on the hook for hundreds of millions of pounds in damages. The Competition Appeal Tribunal ruled against Apple after a trial of the lawsuit, which was brought on behalf of millions of iPhone and iPad users in the United Kingdom.

‘Attacks will get through’: head of GCHQ urges companies to do more to fight cybercrime

The Guardian

Shaun Walker

Companies need to do more to mitigate the potential effects of cyber-attacks, the head of GCHQ has said, including making physical, paper copies of crisis plans to use if an attack brings down entire computer systems. “What are your contingency plans? Because attacks will get through,” said Anne Keast-Butler, who has headed GCHQ, the British government’s cyber and signals intelligence agency, since 2023.

UK police arrest three men on suspicion of spying for Russia

Al Jazeera

Police in the United Kingdom have arrested three men on suspicion of assisting Russia’s foreign intelligence service, as tensions between a key ally of Ukraine in the war and Moscow continue to simmer. British authorities allege that Russia is conducting an increasingly bold campaign of espionage, sabotage and cyber-interference against the United Kingdom.

Africa

China’s DeepSeek is beating out OpenAI and Google in Africa

Bloomberg

Saritha Rai, Loni Prinsloo, and Helen Nyambura

Earlier this year, in a conference room at the Nairobi headquarters of a social impact startup named Qhala, a group of executives from tech firms across the continent gathered to hear a presentation about the promise of AI. The speaker was Harrison Li, chief solutions architect for Huawei Cloud in sub-Saharan Africa, and the subject was DeepSeek, a buzzy new entrant in the global artificial-intelligence race.

Big Tech

OpenAI relaxed ChatGPT guardrails just before teen killed himself, family alleges

The Guardian

Johana Bhuiyan

The family of a teenager who took his own life after months of conversations with ChatGPT now says OpenAI weakened safety guidelines in the months before his death. In July 2022, OpenAI’s guidelines on how ChatGPT should answer inappropriate content, including “content that promotes, encourages, or depicts acts of self-harm, such as suicide, cutting, and eating disorders”, were simple: the AI chatbot should respond, “I can’t answer that”, the guidelines read.

How the AWS outage happened: Amazon blames rare software bug and ‘faulty automation’ for massive glitch

GeekWire

Todd Bishop

A detailed explanation of this week’s Amazon Web Services outage, released Thursday morning, confirms that it wasn’t a hardware glitch or an outside attack but a complex, cascading failure triggered by a rare software bug in one of the company’s most critical systems. The company said a “faulty automation” in its internal systems — two independent programs that began racing each other to update records — erased key network entries for its DynamoDB database service, triggering a domino effect that temporarily broke many other AWS tools.

Meta tells some employees their jobs are being replaced by tech — read the memo

Business Insider

Jyoti Mann

Meta’s chief compliance and privacy officer of product, Michel Protti, informed workers in the risk org on Wednesday that it has been moving away from manual reviews to more automated processes, according to an internal memo viewed by Business Insider. “As a result, we don’t need as many roles in some areas as we once did,” he wrote, without disclosing the number of affected roles. Meta’s latest round of job cuts shows how far Big Tech is willing to lean on automation to boost efficiency and cut costs.

Artificial Intelligence

AI workers are putting in 100-hour workweeks to win the new tech arms race

The Wall Street Journal

Bradley Olson and Meghan Bobrowsky

Josh Batson no longer has time for social media. The AI researcher’s only comparable dopamine hit these days is on Anthropic’s Slack workplace-messaging channels, where he explores chatter about colleagues’ theories and experiments on large language models and architecture. Batson is among a group of core artificial-intelligence researchers and executives who are facing a relentless grind, racing to keep pace with a seemingly endless cycle of disruption in pursuit of systems with superhuman intelligence.

I tried an AI web browser, and now I’m a convert

The Wall Street Journal

Nicole Nguyen

I’ve been using several AI web browsers lately. I’m never going back to the boring old kind. An AI browser has a built-in chatbot that can see what’s open in your tabs. As you surf, you can type requests like: “Explain this.” “Is this the best price?” “Make it vegetarian.” Your artificial-intelligence browsing assistant instantly understands the context.

Meet the people who dare to say no to artificial intelligence

The Washington Post

Lisa Bonos

Some of Ellen Rugaber’s high school teachers allow students to use artificial intelligence for schoolwork, but she prefers not to. “It’s part of growing up to learn how to do your own work,” said the 16-year-old, who attends school in Arlington, Virginia. She doesn’t want to off-load her thinking to a machine and worries about the bias and inaccuracies AI tools can produce, she said. Abstaining from using AI makes Rugaber one of the few students at her school with strong viewpoints on the technology, she said. Beyond campus, she has company.

