Highlights

At UN, nations pledge people-first digital future, tighter AI safeguards

(UN News) UN Member States on Wednesday pledged to narrow widening digital divides and put stronger safeguards around artificial intelligence (AI), as the General Assembly concluded a major review of how the world manages the Internet and fast-evolving digital technologies. The high-level meeting marked the conclusion of the World Summit on the Information Society (WSIS+20), a process launched in the early 2000s to guide global cooperation on digital development, access and inclusion, at a time when the internet was only starting to become an essential part of everyday life. Two decades later, delegates said the challenge is no longer simply getting people online but ensuring that digital technologies – including AI – are governed in ways that protect human rights, build trust and close widening digital gaps. – https://news.un.org/en/story/2025/12/1166623

Can mid-sized economies come together to build frontier AI?

(Charles Martinet, Yohann Ralle – OECD.AI) Conventional wisdom presents mid-sized economies with two options for accessing advanced AI: rely on American or Chinese systems, or fall behind. Neither choice preserves the technological sovereignty that countries increasingly see as essential. But there is a third path we explore in detail in a recent memo. Collectively, nations outside the US-China duopoly possess substantial computing infrastructure, a majority of the world’s top researchers, and the growing political will to create a third path. The question is whether they can come together to make it work. – https://oecd.ai/en/wonk/can-mid-sized-economies-come-together-to-build-frontier-ai

32.7% of EU people used generative AI tools in 2025

(Eurostat) In 2025, 32.7% of people aged 16-74 in the EU used generative artificial intelligence (AI) tools. Most people used them for personal purposes (25.1%), while 15.1% used them for work and 9.4% for formal education. – https://ec.europa.eu/eurostat/web/products-eurostat-news/w/ddn-20251216-3

OKUMU: Africa should stop chasing frontier AI and build technology the world actually needs

(Nicholas Okumu-STAR) Africa will not match the financial or computational scale of frontier labs, and it does not need to. The continent can lead in relevance, efficiency and human impact. Leadership will not come from building the largest model. It will come from building the model that makes the most difference – https://www.the-star.co.ke/opinion/columnists/2025-12-16-okumu-africa-should-build-tech-the-world-really-needs

UK launches taskforce to ‘break down barriers’ for women in technology

(Liv McMahon-BBC) The government has launched a new taskforce it says will help women “enter, stay and lead” in the UK tech sector. Led by technology secretary Liz Kendall, it will see female leaders from tech companies and organisations advise the government on how to boost diversity and economic growth in the industry. – https://www.bbc.com/news/articles/cg7vez25ly5o

Governance

5G now reaches 59% of Vietnam’s population

(Vietnam Net Global) After just over a year of commercialization, 5G networks have now covered approximately 59% of Vietnam’s population. This progress comes as Internet access continues to evolve into what many describe as a “second living space” for Vietnamese citizens. – https://vietnamnet.vn/en/5g-now-reaches-59-of-vietnam-s-population-2473410.html#:~:text=After%20just%20over%20a%20year,living%20space%E2%80%9D%20for%20Vietnamese%20citizens.

Security and Surveillance

FBI takes down alleged money laundering service for ransomware groups

(James Reddick – The Record) The FBI and international partners in Germany and Finland took down the online infrastructure of a cryptocurrency exchange that allegedly laundered funds for transnational cybercriminal groups, the Justice Department said Wednesday. According to a DOJ announcement, the exchange E-Note was used to process funds stolen by criminals in cyberattacks on healthcare entities and critical infrastructure, among other targets. Its payment service and money mule network processed more than $70 million connected to ransomware attacks since 2017, they alleged. – https://therecord.media/fbi-takes-down-alleged-money-laundering-operation

New spyware discovered on Belarusian journalist’s phone after interrogation

(Suzanne Smalley – The Record) Forensic researchers at Reporters Without Borders (RSF) have found a previously unknown spyware tool on a Belarusian journalist’s phone, the nonprofit said Wednesday. The organization said it believes the spyware has been in use since at least 2021 based on its analysis comparing samples on an antivirus platform. Dubbed ResidentBat, the spyware can access call logs, SMS and encrypted app messages, microphone recordings, locally stored files and screen captures. It is used to target Android phones. The journalist and RSF believe the spyware was installed while the journalist was detained by the Belarusian KGB. The phone was seized during questioning and authorities at one point forced the journalist to unlock the phone, RSF said in a press release. – https://therecord.media/spyware-belarus-journalist-rsf

Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users

(Daryna Antoniuk – The Record) Russian state-backed hackers have run a months-long phishing campaign against users of UKR.NET, a popular Ukrainian webmail and news service, in an effort to harvest credentials and gather intelligence, cybersecurity researchers said. The operation — active from June 2024 through April 2025 — was attributed to BlueDelta, also known as APT28, Fancy Bear or Forest Blizzard, according to a report published on Wednesday by Recorded Future’s Insikt Group. The Record is an editorially independent unit of Recorded Future. Researchers said the campaign likely aimed to collect sensitive information from Ukrainian users in support of broader Russian intelligence objectives. – https://therecord.media/russian-bluedelta-hackers-ran-phishing-ukraine-webmail

Russian state hackers targeted Western critical infrastructure for years, Amazon says

(Pierluigi Paganini – Security Affairs) Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the campaign with high confidence to GRU/Sandworm (aka APT44 and Seashell Blizzard) activity, the attacks heavily target the energy sector. The Russian state-backed campaign targeting global critical infrastructure from 2021 to 2025, especially the energy sector. Tactics evolved from exploiting WatchGuard, Confluence, and Veeam vulnerabilities to primarily abusing misconfigured network edge devices, while zero-day and N-day exploitation declined in 2025. – https://securityaffairs.com/185779/cyber-warfare-2/russian-state-hackers-targeted-western-critical-infrastructure-for-years-amazon-says.html

FTC orders crypto platform Nomad to distribute $37.5 million after 2022 theft

(Jonathan Greig – The Record) Blockchain company Illusory Systems will have to distribute to customers about $37.5 million that it recovered following a large hack of its crypto platform Nomad in 2022.  The Utah-based company will also have to make a range of changes to its security program in addition to compensating users impacted by the 2022 theft — which totaled  about $186 million in cryptocurrency. The Federal Trade Commission published a proposed order settling a complaint alleging that Nomad misled customers by advertising itself as a secure crypto platform. – https://therecord.media/ftc-settlement-nomad-platform-return-customers-cryptocurrency

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

(Pierluigi Paganini – Security Affairs) Venezuela’s state oil company PDVSA was hit by a cyberattack over the weekend that disrupted export operations. The company says the incident only affected some administrative systems and did not impact operations. “Thanks to the expertise of Pdvsa’s human talent, operational areas were not affected in any way; the attack was limited to its administrative system,” reads a statement published by the company on Telegram. PDVSA said security protocols prevented supply or export disruptions, framing the cyber incident as an attempted aggression linked to alleged U.S. efforts to seize Venezuelan oil. – https://securityaffairs.com/185755/security/a-cyber-attack-hit-petroleos-de-venezuela-pdvsa-disrupting-export-operations.html

New “Lies-in-the-Loop” Attack Undermines AI Safety Dialogs

(Alessandro Mascellino – Infosecurity Magazine) A novel attack technique that undermines a common safety mechanism in agentic AI systems has been detailed by security researchers, showing how human approval prompts can be manipulated to execute malicious code. The issue, observed by Checkmarx researchers, centers on Human-in-the-Loop (HITL) dialogs, which are designed to ask users for confirmation before an AI agent performs potentially risky actions such as running operating system commands. The research, published on Tuesday, describes how attackers can forge or manipulate these dialogs so they appear harmless, even though approving them triggers arbitrary code execution. The technique, dubbed Lies-in-the-Loop (LITL), exploits the trust users place in confirmation prompts, turning a safeguard into an attack vector. – https://www.infosecurity-magazine.com/news/lies-loop-attack-ai-safety-dialogs/

ISACA Named Global Credentialing Authority for DoD’s CMMC Program

(Beth Maundrill – Infosecurity Magazine) ISACA has been appointed by the US Department of Defense (DoD) as the global credentialing authority for the Cybersecurity Maturity Model Certification (CMMC) program, ensuring defense contractors meet strict cybersecurity standards. The DoD introduced CMMC in 2020 to make sure companies protect sensitive information when working on government contracts. The program requires contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to implement adequate cybersecurity practices to protect the defense industrial base. – https://www.infosecurity-magazine.com/news/isaca-credentialing-authority-dods/

US Autoparts Maker LKQ Confirms Oracle EBS Breach

(Kevin Poireault – Infosecurity Magazine) Autoparts giant LKQ is the latest victim to confirm it has been hit by a cyber-attack targeting Oracle E-Business Suite (EBS). The NASDAQ-listed company filed a notification to the Maine Attorney General’s Office that the personal information of more than 9070 people was compromised in the attack. The compromised data includes the victims’ LKQ Employer Identification Number and Social Security number. LKQ also indicated that the intrusion occurred on August 9 and was discovered on October 3. – https://www.infosecurity-magazine.com/news/lkq-confirms-oracle-ebs-breach/

Fraudulent call centres in Ukraine rolled up

(Eurojust) Authorities from the Czech Republic, Latvia, Lithuania and Ukraine with the support of Eurojust took action against a criminal network operating call centres in Dnipro, Ivano-Frankivsk and Kyiv, Ukraine that scammed victims across Europe. The criminal group established a professional organisation with employees who received a percentage of the proceeds for each completed scam. The estimated damage to more than 400 known victims is over EUR 10 million. – https://www.eurojust.europa.eu/news/fraudulent-call-centres-ukraine-rolled

Chinese Ink Dragon Group Hides in European Government Networks

(Phil Muncaster – Infosecurity Magazine) A prolific China-linked threat group is turning misconfigured servers in European government networks into relay nodes, in order to hide its cyber-espionage activity, according to Check Point. The security vendor claimed Ink Dragon had expanded similar operations in Asia and South America to the Old World, “through a series of quiet but disciplined campaigns.”. The group initially probes public-facing websites for weaknesses, looking for configuration issues in Microsoft’s IIS web server, SharePoint and other servers. – https://www.infosecurity-magazine.com/news/chinese-ink-dragon-hides-european/

Dubai Police explores smart technologies for next-generation VIP protection

(Aghaddir Ali-Gulf News) Dubai Police has hosted a specialised partner dialogue titled “VIP Protection in the Era of Artificial Intelligence”, bringing together security leaders and strategic partners to examine how emerging technologies are reshaping VIP protection operations. – https://gulfnews.com/uae/dubai-police-explores-smart-technologies-for-next-generation-vip-protection-1.500381328

Live cameras are tracking faces in New Orleans. Who should control them?

(Martin Kaste – npr) New Orleans, home of Bourbon Street revelry, has become the first American city known to have a live facial recognition network. How that came to be is a story of private initiative and political inaction, and may point to the future public safety uses of this surveillance technology. Police around the country routinely use facial recognition after a crime, to speed up the identification of suspects caught on camera. But live facial recognition, which can name and track a person moving around a city in real time, has been slower to catch on in the U.S. Aside from isolated experiments, police departments have shied away from the technology, fearing a backlash over privacy. – https://www.npr.org/2025/12/16/nx-s1-5616681/new-orleans-live-facial-recognition-surveillance

Courts and Litigation

TikTok tracked user’s Grindr activity in violation of European law, rights group alleges

(Suzanne Smalley – The Record) TikTok and the gay dating app Grindr are violating European data protection laws by tracking user activities across apps, a digital rights organization alleged Wednesday. One of the complaints from the Vienna-based digital rights organization None of Your Business (noyb) says that TikTok acknowledged under pressure that it tracked a user’s activities on Grindr as well as other apps. Europe’s General Data Protection Regulation (GDPR) gives individuals special protections for data involving sensitive information, including sexual orientation. The complainant also did not give TikTok explicit consent to process data relating to his activities off the app, a complaint says. – https://therecord.media/tiktok-grindr-data-tracking-noyb

Frontiers and Markets

AI uncovers hidden mechanisms of covert attention and emergent neuron types

(News Medical Life Sciences) Shifting focus on a visual scene without moving our eyes – think driving, or reading a room for the reaction to your joke – is a behavior known as covert attention. We do it all the time, but little is known about its neurophysiological foundation. Now, using convolutional neural networks (CNNs), UC Santa Barbara researchers Sudhanshu Srivastava, Miguel Eckstein and William Wang have uncovered the underpinnings of covert attention and, in the process, have found new, emergent neuron types, which they confirmed in real life using data from mouse brain studies. “This is a clear case of AI advancing neuroscience, cognitive sciences and psychology,” said Srivastava, a former graduate student in the lab of Eckstein, now a postdoctoral researcher at UC San Diego. – https://www.news-medical.net/news/20251215/AI-uncovers-hidden-mechanisms-of-covert-attention-and-emergent-neuron-types.aspx

Taichung hospital uses robots to support medical services

(Carol Yang-Taiwan News) Twenty AI-powered Aibo robots have been deployed at Taichung Municipal Hospital for Geriatric Rehabilitation and Comprehensive Care to assist medical staff and help address labor shortages in Taiwan’s healthcare sector. – https://www.taiwannews.com.tw/news/6266021