Governance, Regulation, and Legislation

IWF report reveals a rapid growth of synthetic child abuse material online

(DigWatch) A surge in AI-generated child sexual abuse material has raised urgent concerns across Europe, with the Internet Watch Foundation reporting record levels of harmful content online. Findings of the IWF report indicate that AI is accelerating both the scale and severity of abuse, transforming how offenders create and distribute illicit material. Data from 2025 reveals a sharp increase in AI-generated imagery and video, with over 8,000 cases identified and a dramatic rise in highly severe content. – https://dig.watch/updates/iwf-report-reveals-a-rapid-growth-of-synthetic-child-abuse-material-online

UK regulator proposes updates to Online Safety Act guidance

(DigWatch) Ofcom has launched a consultation on proposed updates to its regulatory framework under the UK’s Online Safety Act, following the introduction of new priority offences targeting serious self-harm and cyberflashing. The changes reflect a shift in how harmful online behaviours are classified and addressed within the UK’s digital safety regime. – https://dig.watch/updates/uk-regulator-proposes-updates-online-safety-act

Geostrategies

EU and Australia deepen strategic partnership through trade and security agreements

(DigWatch) The European Commission and Australia have announced the adoption of a Security and Defence Partnership alongside the conclusion of negotiations for a free trade agreement. They have also agreed to launch formal negotiations for Australia’s association with Horizon Europe, the European Union’s research and innovation funding programme. The Security and Defence Partnership establishes a framework for cooperation on shared strategic priorities. It includes coordination on crisis management, maritime security, cybersecurity, and countering hybrid threats and foreign information manipulation. – https://dig.watch/updates/eu-and-australia-deepen-strategic-partnership-through-trade-and-security-agreements

Security and Surveillance

Cloud Phones Linked to Rising Financial Fraud Threat

(Alessandro Mascellino – Infosecurity Magazine) Cloud phone technology and financial fraud have become a growing concern for banks and cybersecurity teams, according to new research examining how remote mobile devices hosted in data centres are being used in fraud operations. A new Group-IB report, published on March 25, outlined how a tool once associated with social media automation has developed into infrastructure supporting financial crime. Cloud phones are remote-access Android devices that run real mobile operating systems and hardware components but are accessed via the internet. – https://www.infosecurity-magazine.com/news/cloud-phones-financial-fraud/

Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne

(Danny Palmer – Infosecurity Magazine) Cyber attackers have become so prolific at abusing legitimate enterprise accounts and identity systems to compromise networks that it has become a “mass-marketed impersonation crisis,” security analysts at SentinelOne have warned. This creates a problem, because an adversary using valid credentials does not look like an intruder; they look like a regular employee – and because of this, many traditional cybersecurity protections do not identify that something is wrong, leaving organizations vulnerable to cyber threats. In many cases, the malicious threat is only identified after an event has occurred, such as sensitive corporate data being stolen, systems being encrypted with ransomware, or another form of harmful cyber-criminal activity. Published on March 24, the SentinelOne Annual Threat Report for 2026, warned that the last year has seen threat actors execute shift towards these identity-based attacks at “industrial scale”. – https://www.infosecurity-magazine.com/news/hackers-exploit-id-industrial-scale/

Strengthening Supply Chain Cyber Resilience: A Leadership Imperative

(Lorri Janssen-Anessi – Infosecurity Magazine) High-profile supply chain cyber-attacks on renowned retail and automotive brands have contributed significantly to the estimated £15 billion in annual revenue lost to cyber incidents across the UK – not to mention severely impacting the British economy. These attacks cause lasting damage by eroding trust, inflating costs, and harming reputations. Threat actors are aware of this and will exploit it as much as they can. They target the supply chain because they continue to be opportunistic – and it scales. If attackers can compromise one vendor and gain access to hundreds of downstream networks, that’s an easy win that requires far less work, and causes significantly more damage. Furthermore, recent BlueVoyant research has indicated that 98% of UK businesses have been negatively impacted by supply chain breaches. – https://www.infosecurity-magazine.com/opinions/supply-chain-cyber-leadership/

Experts Sound Alarm Over “Prompt Poaching” Browser Extensions

(Phil Muncaster – Infosecurity Magazine) Security experts have warned users to beware of malicious Chrome extensions designed to secretly monitor and exfiltrate users’ AI conversations. Expel explained in a blog post, published on March 24, that it had observed “several dozen” incidents in the past month of so-called “prompt poaching” by legitimate-looking extensions. “The functionality is fairly straightforward – the browser extension monitors open tabs, and upon seeing an AI client loaded, will monitor for and collect questions and answers using API interception or DOM scraping,” it said. “The extension will then package them up and send them to an external server run by the browser extension’s developers.” – https://www.infosecurity-magazine.com/news/experts-prompt-poaching-browser/

Securing The Future: A Modern Blueprint for Higher Education Identity Management

(Robert Kraczek – Infosecurity Magazine) Higher education institutions operate in some of the most complex identity environments in the digital landscape today. To succeed in keeping them safe, IT leadership must balance an “Open Door” approach for learning and research with the “Locked Vault” requirements to protect students, faculty and sensitive data. Achieving true, robust security means moving beyond traditional management toward a strategy tailored to the unique challenges on campus. – https://www.infosecurity-magazine.com/blogs/blueprint-higher-education/

Recent Navia data breach impacts HackerOne employee data

(Pierluigi Paganini – Security Affairs) HackerOne revealed that a data breach at Navia Benefit Solutions exposed the personal information of nearly 300 of its employees. The incident stems from an attack on the third-party benefits provider, highlighting how breaches at external partners can impact even cybersecurity companies and their staff. Last week, Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The company detected suspicious activity on January 23, 2026 and quickly launched an investigation to assess the incident. Navia Benefit Solutions is a U.S.-based company that provides employee benefits administration services to employers and their staff. Founded in 1989 and headquartered in Washington State, Navia serves thousands of employers across the U.S., offering tools and platforms to help employees manage healthcare and financial benefits more easily. – https://securityaffairs.com/189969/data-breach/recent-navia-data-breach-impacts-hackerone-employee-data.html

FCC targets foreign router imports amid rising cybersecurity concerns

(Pierluigi Paganini – Security Affairs) The U.S. FCC announced a ban on importing new foreign-made consumer routers, citing unacceptable cyber and national security risks. The decision, backed by Executive Branch assessments, means such devices can no longer be sold or marketed in the U.S. unless they receive special approval. Routers will be added to the Covered List, with exceptions only for those cleared by the Department of Homeland Security or defense authorities after the Department of Homeland Security or defense authorities verify they pose no threat to communications networks. – https://securityaffairs.com/189959/security/fcc-targets-foreign-router-imports-amid-rising-cybersecurity-concerns.html

Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca

(Pierluigi Paganini – Security Affairs) The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach. Even if stolen data doesn’t include passwords, this information could help attackers map systems, launch phishing attacks, and target internal operations, making the incident potentially serious if confirmed. The group claimed the security breach on a dark web post, if confirmed, it could be one of the most serious healthcare cyber incidents this year. – https://securityaffairs.com/189936/data-breach/cybercrime-group-lapsus-claims-the-hack-of-pharma-giant-astrazeneca.html

Malicious LiteLLM versions linked to TeamPCP supply chain attack

(Pierluigi Paganini – Security Affairs) Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now removed from PyPI, included a multi-stage payload: a credential harvester targeting SSH keys, cloud data, wallets, and .env files; tools for lateral movement in Kubernetes via privileged pods; and a persistent systemd backdoor connecting to a remote server for further payloads. On March 24, 2026, Endor Labs discovered that LiteLLM versions 1.82.7 and 1.82.8 on PyPI were backdoored, despite no malicious code in the GitHub repo. – https://securityaffairs.com/189948/hacking/malicious-litellm-versions-linked-to-teampcp-supply-chain-attack.html

Data breach at Dutch Ministry of Finance impacts staff following cyberattack

(Pierluigi Paganini – Security Affairs) The Dutch Ministry of Finance disclosed a cyberattack detected on March 19 after a third-party alert. Attackers breached some internal systems, the incident impacted a “portion of the employees”. Authorities are still investigating the incident and its full impact. “The Ministry of Finance’s ICT security detected unauthorized access to systems for a number of primary processes within the policy department on Thursday, March 19.” reads the statement issued by Dutch Ministry of Finance. “Following the alert, an immediate investigation was launched, and access to these systems has been blocked as of today. This affects the work of a portion of the employees.” – https://securityaffairs.com/189929/data-breach/data-breach-at-dutch-ministry-of-finance-impacts-staff-following-cyberattack.html

Frontiers

Quantum readiness as a strategic priority for firms

(DigWatch) Businesses are beginning to prepare for the commercial potential of quantum computing, a technology that leverages quantum mechanics to solve problems beyond the capabilities of classical computers. Early engagement focuses on awareness, training, and workshops to explore possible applications across sectors such as pharmaceuticals, energy, finance, and advanced materials. Companies face several barriers to readiness, including limited technological maturity, unclear business implications, high costs for access and staff training, and a shortage of talent with both quantum and industry expertise. – https://dig.watch/updates/quantum-readiness-a-strategic-priority-for-firms

Robots and AI transform end-to-end supply chains

(DigWatch) AI is transforming supply chains and logistics, moving operations from reactive, manual processes to autonomous, agent-driven systems. Enterprises are using AI agents to optimise and manage workflows, boosting efficiency in warehousing, distribution, and transportation. Simulation tools and digital twins allow teams to predict disruptions, optimise performance, and test solutions in virtual environments before implementing changes on the ground. – https://dig.watch/updates/robots-and-ai-transform-end-to-end-supply-chains

Brain inspired chip could cut AI energy use by up to 70%

(DigWatch) Researchers at the University of Cambridge have developed a nanoelectronic device to reduce energy consumption in AI hardware. The team, led by Dr Babak Bakhit, designed the system to mimic how the human brain processes information. The device uses a new form of hafnium oxide to create a stable, low-energy memristor. It processes and stores data in the same location, similar to how neurons function in the brain. – https://dig.watch/updates/brain-inspired-chip-could-cut-ai-energy-use-by-up-to-70

Conversational AI reshapes CNC manufacturing

(DigWatch) Japanese manufacturing firm ARUM Inc. is introducing AI into precision machining, aiming to address a growing shortage of skilled workers. TTMC Origin uses KAYA, a conversational AI that guides operators through machining tasks with natural language instructions. Powered by proprietary software ARUMCODE and built on Microsoft Azure AI tools, the system translates traditional craftsmanship into automated workflows. Tasks once handled by skilled machinists can now be done by junior workers, lowering the barrier to operating advanced CNC machines. – https://dig.watch/updates/conversational-ai-reshapes-cnc-manufacturing