I don’t know why, but it continues to astonish me just how foolish politicians can be – and how easily persuaded they are by really bad advice from smart but tin-eared advisers. In less than a year, Keir Starmer and Rachel Reeves have squandered the gift of the huge majority won at last year’s General Election on one key issue after another: their response to the genocide in Gaza; wantonly cruel cuts in disability benefits; failing to find creative ways of taxing wealth; dealing with the water companies – and, now, on the new Planning and Infrastructure Bill. On 23 May 23, the Wildlife Trusts and the RSPB (with a combined membership of more than 2 million) launched a devastating attack on Labour’s whole approach to streamlining the planning system through the Planning and Infrastructure Bill.Advertisement Part 3 of the bill will make it possible for developers to ignore existing environmental protections by paying money into a so-called ‘Nature Recovery Fund’, which will be used to pay for environmental projects elsewhere. Starmer and Reeves have gone out of their way, time after time, to claim that it’s these environmental safeguards that are responsible for delays and blockages in the planning process, even though they know this is completely untrue. According to the Wildlife Trusts, roughly 3 per cent of proposals for new housing are delayed for environmental reasons. As The Guardian reported: ‘the data from analysis of 17,433 planning appeals in England in 2024 found that newts were relevant in just 140 (0.8%) planning appeals, and bats were relevant in 432 (2.48%).’ ‘They pursue this path even though are no polls to show that this is what matters to Labour voters tempted by Reform’ So what makes Starmer and Reeves both stupid and totally dishonest? By all accounts the rationale of their tin-eared advisers is to demonstrate to ‘Reform-friendly’ Labour voters that the environment is as unsafe in their hands as it would be in Nigel Farage’s. That economic growth is all that matters. That caring for the natural world is a middle-class self-indulgence (‘the well-to-do prioritising the nice-to-have’ over the interests of working people). And that pouring as much concrete as possible is self-evidently the best way of achieving that growth. And they go on pursuing this ideological path even though there are no supporting polls to show that this is what really matters to Labour voters tempted by Reform’s populist bullshit.Advertisement So they lie. They dig in. They break promises left, right and centre, ready to die, apparently, in this self-constructed ditch of developer-led deceit. That’s why every single amendment put forward through the committee examining the bill was summarily dismissed by the loyal but lumpen Labour MPs on the committee. These included an amendment tabled by veteran Labour MP Barry Gardiner requiring all house builders to provide a specially designed brick (costing £35) to help cavity-nesting such as swifts, house martins, sparrows and starlings – a measure that Labour in opposition enthusiastically supported! And there’s huge public support for this one small, cost-effective biodiversity regulation. To get a measure of this government’s subservient obedience to the demands of the volume housebuilders, just listen to the words of housing minister Matthew Pennycook: ‘We are not convinced that legislating to mandate the use of specific wildlife features is the right approach, whether that is done through building regulations or a freestanding legal requirement'. It’s all so demeaning. So unnecessary. And now that the mainstream environment movement, urged on primarily by the Wildlife Trusts, has realised just how high the stakes are with this Planning and Infrastructure Bill, it’s reasonable to assume that there will be a much more serious debate in the House of Lords, bringing down on ministers’ helmeted heads the righteous outrage of the entire movement. As we’ve learnt, in less than one deeply depressing year, this is a government that needs to be kicked harder and harder until they get desperate enough to make the pain go away. P.S. If you want to read a brilliant summary of ‘reasons to be outraged’ (and what to do about it), check out George Monbiot’s take on this. Jonathon Porritt is a campaigner and author and co-founder of Forum for the Future This article first appeared on his blog 2025-06-06 Jonathon Porritt comment and share

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Flyalone - Adobe News Labour puts Humphrey AI to work for council admin A tool built on the government’s Humphrey AI toolset is being piloted by 25 councils to take notes during meetings Published: 23 May 2025 15:45 The UK government has announced that its artificial intelligence (AI) suite, Humphrey, is being trialled by a number of local councils. Its AI tool, Minute, takes notes in meetings, and was recently used in one chaired by prime minister Keir Starmer. Part of Humphrey, the package of AI tools built to help civil servants deliver for ministers and the public more effectively, uses generative AI to turn meetings into notes, and provides tools for correcting summaries. The government found that early tests using Minute showed that officials saved an hour of admin per one-hour meeting. The Department for Science, Innovation and Technology (DSIT) said Minute can help speed up actions after planning meetings, allowing officers to focus on the task at hand, rather than paperwork, and make informed decisions to get homes built. It’s currently being trailed by 25 local councils. Among the ways it’s being used is to help streamline burdensome admin tasks in the planning process as part of the government’s plans to build 1.5 million homes by 2030. Lords minister for housing and local government Sharon Taylor said: “Local councils are on the frontline of housing delivery, and we’re backing them with cutting-edge AI technology like Minute so officers can spend less time buried in admin and more time helping to get Britain building. “This is alongside our landmark reforms to deliver 1.5 million homes, including the Planning and Infrastructure Bill, which will get working people and families into secure homes and boost economic growth right across the country,” she said. Read more stories about public sector AI Humphrey AI tool powers Scottish Parliament consultation: AI-powered Consult tool has helped the Scottish Parliament to organise feedback from a public consultation into themes. Major obstacles facing Labour’s AI opportunity action plan: Skills, data held in legacy tech and a lack of leadership are among the areas discussed during a recent Public Accounts Committee session. Minute can also be used to take notes in meetings between social care workers and their supervisors, allowing workers to focus on offering more support instead of being bogged down by bureaucracy.   The Minute trial ties in with a broader government initiative to help local councils use technology to improve essential services they are responsible for delivering to local residents. To fulfil one of the actions in the 50-point AI Opportunities Plan of Action, which was published in January, the government has also introduced an AI Knowledge Hub for sharing examples of how local councils are using technology so others can learn from them – such as an AI assistant that speeds up the reporting of fly-tipping and graffiti in central London. In 2024, a Local Government Association (LGA) survey found that the majority of councils who took part in the poll (85%) were using or exploring how they would use AI. The areas where most respondents had realised benefits from using AI were staff productivity (35%), service efficiencies (32%) and cost savings (22%). However, the LGA reported that the five biggest barriers to deploying AI identified by respondents were a lack of funding (64%), a lack of staff capabilities (53%), a lack of staff capacity (50%), a lack of sufficient governance and a lack of clear use cases (41% each). The government’s own State of digital government review, published earlier this year, reported that each of the 320 local authorities in England negotiate technology contracts with big tech companies independently – when many are buying exactly the same tools – making this spending much less effective. The trials with AI-based tools built on Humphrey and the AI Knowledge Hub represent an attempt by the government to reduce the barriers to deploying AI across the public sector. AI and digital government minister Feryal Clark said: “From parking permits and planning permission, local councils handle some of the services that impact our daily lives most. For too long, they have been left to fend for themselves when keeping up with rapid innovations in AI and digital technology – when we know it has huge potential to help solve many of the challenges they face. Clark said the government was going to work with local councils to help them buy and build the technology they need to deliver Labour’s Plan for Change and support their local communities more effectively.  In The Current Issue: UK critical systems at risk from ‘digital divide’ created by AI threats UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal Standard Chartered grounds AI ambitions in data governance Download Current Issue SAP Sapphire 2025: Developers take centre stage as AI integration deepens – CW Developer Network Microsoft entices developers to build more Windows AI apps – Cliff Saran's Enterprise blog View All Blogs

Elton John called the UK government 'absolute losers' for failing to safeguard artists from AI. CBS Photo Archive/CBS via Getty Images 2025-05-18T12:50:06Z Save Saved Read in app This story is available exclusively to Business Insider subscribers. Become an Insider and start reading now. Have an account? Elton John attacked UK plans to let Big Tech train AI on creative work without permission or pay. He called ministers "absolute losers" and accused them of "thievery on a high scale." John warned that young artists "haven't got the resources" to take on Big Tech. Elton John has accused the UK government of betraying artists with plans to allow Big Tech to train AI on creative works without permission or payment.The 78-year-old music icon said the plans meant "committing theft, thievery on a high scale," in an interview with the BBC on Sunday.He was commenting on the Data (Use and Access) Bill, which would allow companies to train AI on works such as music and books, unless the copyright holder specifically opts out.John said he was "very angry," calling the government "absolute losers."He told the BBC that young artists "haven't got the resources" to take on Big Tech and that the legislation would "rob young people of their legacy and their income.""It's criminal, in that I feel incredibly betrayed," he said.The bill was passing through the country's parliament until earlier this week, when the House of Lords voted to amend it to require tech companies to disclose and seek consent before scraping copyrighted material.But the lower house, the House of Commons, rejected that change, sending the bill back into parliamentary limbo.In his BBC interview, Sir Elton called on UK Prime Minister Keir Starmer to "wise up," saying he was prepared to take ministers to court and "fight it all the way."The UK Government had not responded to a Business Insider request for comment when this article went live.John was one of over 400 musicians, writers, and artists — including Paul McCartney — who signed an open letter to the Prime Minister earlier this year, warning that AI needed proper copyright safeguards to protect artists.Sir Paul McCartney warned in January that AI could "rip off" artists and result in a "loss of creativity." Recommended video

As part of proposals outlined by Keir Starmer on Monday (12 May), tougher entry requirements for students and workers would be introduced to reduce immigration. The immigration bill would raise entry requirements to degree level for workers entering the UK, introduce tougher English language requirements, and extend the period for claiming settled status from five to ten years. Universities will, meanwhile, have to score five percentage points more (rising from 90 to 95 per cent) on the Basic Compliance Assessment, which the home office uses to assess compliance with the immigration system. This could reduce the number of places on offer to overseas students.Advertisement Responding to the proposals, RIBA president Muyiwa Oki said immigration into the UK was crucial for filling the current skills gap in the housing sector given the government’s target to build 1.5 million homes in this parliament. He said: ‘The government’s decision to reduce the number of international workers and students comes at a time when they have ambitious plans to drive growth, including delivering 1.5 million new homes. ‘Architects are vital to achieving this, but the sector has a significant skills shortage. We need an immigration system that helps plug these gaps.’ The government’s reforms would abolish the immigration salary list, which put the minimum salary for a foreign worker visa at 80 per cent of the going rate for that profession. Architects were, controversially, among the sectors removed from the list designed to combat occupational shortages through worker visas. Until last year, the list had allowed firms to hire foreign workers in particular sectors on salaries 20 per cent less than the going rate. Oki added that, following the government’s drive to reduce immigration, more investment was needed in apprenticeships and non-traditional routes into the profession.Advertisement The RIBA has previously called on the government not to implement changes that could see practices pay more towards training Level 7 apprenticeships – the equivalent to a master’s degree. Oki commented: ‘We welcome the desire to nurture homegrown talent, and we continue to champion new and accessible routes into the profession, such as apprenticeships. But the potential of defunding Level 7 apprenticeships puts this at risk. We continue to work with the government to ensure a pipeline of talent in the architecture sector and drive growth across the country.’ The Chartered Institute of Architectural Technologists (CIAT) echoed the RIBA’s calls for investment in apprenticeships. CIAT president Eddie Weir said: ‘The UK’s built environment sector faces significant pressures at all levels. If we are to deliver the 1.5 million new homes that our communities need and ensure that our existing homes and buildings are healthy, sustainable and fit for the future, these pressures must be relieved.’ Weir warned the government not to limit skilled professionals where there are gaps in the market and added: ‘Government must also move ahead with reforming the apprenticeships system … At the same time, the industry still needs a steady supply of highly skilled professionals, particularly in building design and project management.’ Meanwhile, Building Cost Information Service (BCIS) chief economist David Crosthwaite compared the construction and health industries. He said both needed migrant workers when domestic supply fell short. ‘If the government is serious about delivering 1.5 million homes and boosting national infrastructure delivery, they must seek both short-term and long-term solutions,' he said. ‘In the meantime, it is critical that we can access migrant workers where there’s a clear economic need, or else risk stalling growth and delivery even further.’ The BCIS chief also called for a transitional arrangement before the introduction of the new immigration rules, and warned: ‘Tightening migration rules could increase costs, delay projects, and make it even harder to meet ambitious targets. Workforce decisions need to be grounded in long-term strategy, not short-term political pressure.’ Comment Paul Chappell, director, 9B Careers A government crackdown on immigration could seriously disrupt the architecture profession, affecting talent pipelines, creativity, and salary dynamics. The sector relies heavily on a diverse international workforce that brings essential skills in areas such as sustainable design, digital technologies and cultural placemaking. Tighter immigration controls risk shrinking the talent pool, making it harder for practices to fill key roles, and undermining the UK’s position as a global design hub, just as the industry appears to be recovering from a prolonged downturn. We've just experienced one of our busiest quarters in a decade, and many practices are urgently trying to recruit large teams without the time or capacity to sponsor visas. In this climate, reduced access to international talent is already driving up salaries, particularly for specialist and mid-level roles where skills shortages are acute. The days of receiving 500 applications for a single job are gone. Most of our time is now spent headhunting, which inevitably requires higher salary offers to entice candidates from secure positions. But this wage inflation is not sustainable, especially for smaller firms operating within tight fee constraints. Over time, we may see widening regional disparities, increased outsourcing and fewer opportunities for Part 1 graduates, who are already struggling to find meaningful year-out placements. Studios, sadly, often no longer have the time or money to support the next generation coming through. Restricting international students and early-career professionals also threatens the long-term health of the profession. Architecture thrives on openness, diversity, and the free exchange of ideas. Without that, we risk weakening both the profession and the quality of the built environment it shapes. Charlie Edmonds, Future Architects Front (FAF) Starmer's logic that we can replace international workers with greater investment in training for British nationals is, at best, naive and, at worst, intentionally furthering the managed decline of the social and physical infrastructure of the UK. The decision to massively restrict worker visas undermines Labour's promises to support the NHS and to bolter UK construction. Simultaneously, pay in these roles is notoriously low, public investment into these sectors is insufficient, and Labour seems to have to immediate intention of changing this. So the only result will be the increase of vacancies in vital sectors from care to construction. If Starmer was serious about the wellbeing of people living in the UK, regardless of nationality, the Labour party would be supporting dignified routes for immigration while simultaneously investing in UK skills and sectors — setting these outcomes in opposition to one another is not only a false dichotomy but lays the groundwork for continued destitution in the UK.

The UK government has outlined how it will utilise the new electronic visa (eVisa) system and “modern biometric technology” to support immigration enforcement and “strengthen the border”. Published 12 May 2025, the Home Office’s 82-page immigration whitepaper – titled Restoring control over the immigration system – contains a range of proposals for how the UK government will use data-driven technologies to track migrants and clamp down on “visa abuse” by those staying and working in the country illegally. During a press conference the same day, prime minister Keir Starmer said the whitepaper “is absolutely central to my Plan for Change”, and that it will allow the government to “take back control of our borders” after net migration quadrupled between 2019 and 2023. “Nations depend on rules – fair rules. Sometimes they’re written down, often they’re not, but either way, they give shape to our values,” he said. “Now, in a diverse nation like ours, and I celebrate that, these rules become even more important. Without them, we risk becoming an island of strangers, not a nation that walks forward together.” The whitepaper outlined how a key plank of the government’s overall approach would be using “newly gathered intelligence” from the UK’s new eVisa system – which has so far been plagued by data quality and integrity problems – to keep track of who is allowed to be in the country. “The move to digital evidence of immigration status will enable us to update records in real time when status changes, ensuring those who are no longer entitled to access public services, work or rent will have this reflected on their eVisa, rather than continuing to hold physical evidence of status which is no longer up to date,” it said, adding the intelligence provided by digital visas will allow the state to “maintain and increase contact” with people as they move through the immigration system. “Put together, the comprehensive, intelligence-led and effective roll-out of eVisas to all foreign nationals resident in the UK will have a transformative impact on our immigration controls: telling us when each individual leaves the country and when they have returned; telling us whether they have the right to work, to rent, to claim benefits or use public services, and telling us how long they have the right to stay. “Importantly, eVisas will make it much easier for Immigration Enforcement to identify those who try to stay and work in the UK illegally, to track them down and take action against them.” The government added it will also “continue to harness the latest developments in artificial intelligence [AI], facial recognition and age assessment technologies” to gather “the most accurate information” possible on every individual entering the UK, and that work is ongoing to enhance the accuracy and quality of the data held to ensure people’s status information remains up to date. Enny Choudhury, co-head of legal at the Joint Council for the Welfare of Immigrants (JCWI), said the government’s push to expand eVisa and biometric surveillance “is yet another step towards a dystopian immigration regime where people who’ve made the UK home are tracked, monitored and targeted simply because of their immigration status”. She added that the tools have nothing to do with security and are instead about giving the illusion of control: “Used alongside immigration raids and enforcement crackdowns, they will deepen mistrust, isolate communities, and expose people to errors and abuse in an already chaotic system. The eVisa roll-out has already shown itself to be riven with errors, and has left many unable to prove their status. “If ministers were serious about fairness, they’d invest in clear, compassionate immigration routes – not surveillance infrastructure that treats people as threats, not neighbours.”Computer Weekly contacted the Home Office about the criticisms levied against the whitepaper’s technology proposals, but received no response. While the government claims in the whitepaper that “the transition to eVisa has been successfully providing a significantly better end-to-end experience for individuals throughout their entire journey”, the system ran into problems almost immediately. Within the first few weeks of the eVisa system going live, for example, many reported issues when flying back to the UK, with travellers struggling to prove their immigration status to airport staff. Others have reported issues from within the UK as well, including with GPs not accepting the share codes issued via their UK Visas and Immigration (UKVI) digital account, which people are supposed to be able to use to prove their immigration status when dealing with a range of third parties, including employers and letting agencies. The issues are also affecting refugees, who are reportedly having problems connecting their passports to their online visa, according to digital rights groups supporting them. Other refugees are also unable to set up or log in to their UKVI accounts – which they need to set up a bank account, claim benefits or rent housing – as they have not been forwarded the necessary details by the Home Office. “As a result of the flawed e-visa scheme, people with the legal right to be in the UK have been held at airports, denied jobs and even made homeless. Others are having to rely on [Biometric Resident Permit] documents that expired over five months ago,” said Sara Alsherif, the migrant rights programme manager at Open Rights Group (ORG). “It is outrageous that the government has the audacity to refer to the shambolic eVisa scheme as ‘successful’. But it’s beyond comprehension that they are considering relying on this flawed scheme to carry out raids and deport people.  “With the use of technology, automated decision-making and AI, we can expect to see a Windrush scandal on steroids, and the Labour government really needs to ask whether it wants to be the architect of such human rights abuses.” Digital rights campaigners have long contended that the online-only, real-time nature of the Home Office’s eVisa scheme – which trawls dozens of disparate government databases to generate a new immigration status each time someone logs in – is error-prone and “deeply problematic”. “When users enter their details to log into the Government View and Prove system [in their UKVI account], they are not accessing their status directly, but rather their credentials are being used to search and retrieve dozens of different records held on them across different databases,” said ORG in a September 2024 report. It added that research has identified more than 90 different platforms and casework systems that immigration data may be pulled from within the UKVI ecosystem to determine a person’s status: “View and Prove uses an algorithmic and probabilistic logic to determine which data to extract and which e-records to use when it encounters multiple records, i.e. in instances where people have renewed or changed their immigration status, or appealed an incorrect decision. “It is these real-time and opaque automated checks that generate a person’s immigration status, which they can then share with an employer, landlord or international carrier.”  The ORG said the online-only design choice creates multiple problems for users, including making it “impossible” for an individual to be certain that they will get a correct result on any particular occasion; increased potential for incorrect decisions as a result of people’s records being pulled from “numerous servers”: and the details of two different people being conflated in instances where they, for example, share the same name or date of birth. In its whitepaper, the government also outlined proposals to deploy “modern biometric technology” to frontline immigration enforcement officers, specifically highlighting that they will play a role in facilitating immigration raids. It added that, over the coming months, it would also roll out bodyworn video cameras to frontline teams, “together with an advanced data management system and improved mobile biometric kits, improving identity verification, transparency, accountability and officer safety”. It claimed that, taken together, “these improvements will provide an objective record of interactions, strengthen evidence gathering and increase public confidence in enforcement activity while supporting the professional standards of our staff”. According to a blog post published by home secretary Yvette Cooper – which does not mention the extensive tech-related proposals contained in the whitepaper – the new requirements laid out in the document will “[restore] order to a failed system that saw net migration quadruple between 2019 and 2023.” These measures include raising the skilled worker threshold, ending overseas recruitment for social care visas, reducing the length of time graduates can stay in the UK after studying, new penalties for businesses employing workers illegally, and streamlining the deportation process to further increase “returns of foreign national offenders”. The government has also outlined how it will prevent the “dependents” of immigrants from coming to the country if they are not proficient enough in English. Fizza Qureshi, CEO of the Migrants’ Rights Network told Computer Weekly that “immigration raids are a racist fear mechanism that disproportionately impact migrant and racialised communities”, and that the use of eVisas, Electronic Travel Authorizations (ETAs) and increased biometric data collection has been “an insidious tool” to create a database of migrants. “We were unsure of how it would be used to further surveil migrants and intensify enforcement operations,” she said. “Now, we finally know the measures set out in the new immigration whitepaper will be weaponised to further target and terrorise migrants and racialised people.” Responding to the whitepaper, trade unions and trade associations highlighted how the proposed measures could also undermine the UK’s ambitions to create a thriving, world-leading technology sector by undercutting access to talent and skills. “Continually increasing visa costs and requirements has the potential to undermine efforts to attract critically important collaboration and could undermine success in AI, tech, science, engineering and a host of other areas,” said Sue Ferns, deputy general secretary at the Prospect union. Antony Walker, deputy CEO of TechUK, added that the UK tech sector’s continued success is linked to the diverse talent it attracts from around the world: “As the demand for skilled workers in fields such as AI, cyber security, and quantum continues to grow, it is crucial that the UK grants and maintains immigration pathways that enable tech companies to access the talent they need. “A well-designed and fairly priced visa system is essential to maintaining the UK’s global competitiveness. We have the opportunity to reassess the UK’s immigration system to enhance public confidence and better support businesses. In particular, reviewing costs associated with visas and other related charges such as the Immigration Skills Charge could help ensure the system is not only fair but also effective. “If government wants to reduce reliance on the immigration system, it must urgently invest in skills and training, otherwise businesses will be left without the workforce they need to survive and grow.” Read more about immigration and technology Interview: Petra Molnar, author of ‘The walls have eyes’: Refugee lawyer and author Petra Molnar speaks to Computer Weekly about the extreme violence people on the move face at borders across the world, and how increasingly hostile anti-immigrant politics is being enabled and reinforced by a ‘lucrative panopticon’ of surveillance technologies. Greek authorities subject refugees to invasive surveillance: Greek border authorities are subjecting asylum seekers to invasive phone confiscations and artificial intelligence-powered surveillance, in another potential violation of European data protection laws. English Channel surveillance used ‘to deter and punish migrants’: Instead of opening safe and legal routes to the UK, the country’s border control ecosystem is deploying surveillance technologies in the English Channel to deter migrant crossings, it is claimed.