Huawei’s AI capabilities have made a breakthrough in the form of the company’s Supernode 384 architecture, marking an important moment in the global processor wars amid US-China tech tensions.The Chinese tech giant’s latest innovation emerged from last Friday’s Kunpeng Ascend Developer Conference in Shenzhen, where company executives demonstrated how the computing framework challenges Nvidia’s long-standing market dominance directly, as the company continues to operate under severe US-led trade restrictions.Architectural innovation born from necessityZhang Dixuan, president of Huawei’s Ascend computing business, articulated the fundamental problem driving the innovation during his conference keynote: “As the scale of parallel processing grows, cross-machine bandwidth in traditional server architectures has become a critical bottleneck for training.”The Supernode 384 abandons Von Neumann computing principles in favour of a peer-to-peer architecture engineered specifically for modern AI workloads. The change proves especially powerful for Mixture-of-Experts models (machine-learning systems using multiple specialised sub-networks to solve complex computational challenges.)Huawei’s CloudMatrix 384 implementation showcases impressive technical specifications: 384 Ascend AI processors spanning 12 computing cabinets and four bus cabinets, generating 300 petaflops of raw computational power paired with 48 terabytes of high-bandwidth memory, representing a leap in integrated AI computing infrastructure.Performance metrics challenge industry leadersReal-world benchmark testing reveals the system’s competitive positioning in comparison to established solutions. Dense AI models like Meta’s LLaMA 3 achieved 132 tokens per second per card on the Supernode 384 – delivering 2.5 times superior performance compared to traditional cluster architectures.Communications-intensive applications demonstrate even more dramatic improvements. Models from Alibaba’s Qwen and DeepSeek families reached 600 to 750 tokens per second per card, revealing the architecture’s optimisation for next-generation AI workloads.The performance gains stem from fundamental infrastructure redesigns. Huawei replaced conventional Ethernet interconnects with high-speed bus connections, improving communications bandwidth by 15 times while reducing single-hop latency from 2 microseconds to 200 nanoseconds – a tenfold improvement.Geopolitical strategy drives technical innovationThe Supernode 384’s development cannot be divorced from broader US-China technological competition. American sanctions have systematically restricted Huawei’s access to cutting-edge semiconductor technologies, forcing the company to maximise performance within existing constraints.Industry analysis from SemiAnalysis suggests the CloudMatrix 384 uses Huawei’s latest Ascend 910C AI processor, which acknowledges inherent performance limitations but highlights architectural advantages: “Huawei is a generation behind in chips, but its scale-up solution is arguably a generation ahead of Nvidia and AMD’s current products in the market.”The assessment reveals how Huawei AI computing strategies have evolved beyond traditional hardware specifications toward system-level optimisation and architectural innovation.Market implications and deployment realityBeyond laboratory demonstrations, Huawei has operationalised CloudMatrix 384 systems in multiple Chinese data centres in Anhui Province, Inner Mongolia, and Guizhou Province. Such practical deployments validate the architecture’s viability and establishes an infrastructure framework for broader market adoption.The system’s scalability potential – supporting tens of thousands of linked processors – positions it as a compelling platform for training increasingly sophisticated AI models. The capability addresses growing industry demands for massive-scale AI implementation in diverse sectors.Industry disruption and future considerationsHuawei’s architectural breakthrough introduces both opportunities and complications for the global AI ecosystem. While providing viable alternatives to Nvidia’s market-leading solutions, it simultaneously accelerates the fragmentation of international technology infrastructure along geopolitical lines.The success of Huawei AI computing initiatives will depend on developer ecosystem adoption and sustained performance validation. The company’s aggressive developer conference outreach indicated a recognition that technical innovation alone cannot guarantee market acceptance.For organisations evaluating AI infrastructure investments, the Supernode 384 represents a new option that combines competitive performance with independence from US-controlled supply chains. However, long-term viability remains contingent on continued innovation cycles and improved geopolitical stability.(Image from Pixabay)See also: Oracle plans $40B Nvidia chip deal for AI facility in TexasWant to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Intelligent Automation Conference, BlockX, Digital Transformation Week, and Cyber Security & Cloud Expo.Explore other upcoming enterprise technology events and webinars powered by TechForge here.

May 30, 2025Ravie LakshmananCryptocurrency / Cybercrime The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in virtual currency investment scams that caused Americans to lose billions of dollars annually. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses," the agency said in a press release. The average loss is estimated to be over $150,000 per individual. Funnull, also called Fang Neng CDN (funnull[.]io, funnull[.]com, funnull[.]app, and funnull[.]buzz), was first attracted the attention of the cybersecurity community in June 2024 after it was implicated in the supply chain attack of widely-used Polyfill[.]io JavaScript library. Last year, an analysis by Silent Push revealed that the infrastructure associated with Funnull has been used to promote investment scams, fake trading applications, and suspect gambling networks. The infrastructure has been codenamed Triad Nexus. Then earlier this February, the cybersecurity company attributed Funnull to a practice dubbed infrastructure laundering wherein the company rented IP addresses from mainstream hosting providers such as Amazon Web Services (AWS) and Microsoft Azure to host criminal websites. Highlighting this aspect, the Treasury said Funnull enables virtual currency investment scams by acquiring IP addresses in bulk from major cloud services companies across the world and selling them to cybercriminals to host scam platforms and other malicious web content. "Funnull generates domain names for websites on its purchased IP addresses using domain generation algorithms (DGAs) – programs that generate large numbers of similar but unique names for websites – and provides web design templates to cybercriminals," the agency pointed out. "These services not only make it easier for cybercriminals to impersonate trusted brands when creating scam websites but also allow them to quickly change to different domain names and IP addresses when legitimate providers attempt to take the websites down." The Treasury also accused Funnull of purchasing Polyfill[.]io with the intent to redirect visitors of legitimate websites to scam websites and online gambling sites, some of which it said are linked to Chinese criminal money laundering operations. Furthermore, the department alleged that its administrator Liu, a Chinese national, was in possession of spreadsheets and other documents that contained information about the company's employees, their performance, and their work progress. The tasks assigned to them included assigning domain names to criminal actors for virtual currency investment fraud, phishing scams, and online gambling sites. In a standalone flash alert, the U.S. Federal Bureau of Investigation (FBI) said it identified 548 unique Funnull Canonical Names (CNAME) linked to over 332,000 unique domains since January 2025. "Between October 2023 and April 2025, multiple patterns of IP address activity were observed from several domains using Funnull infrastructure," the FBI said. "During this time frame, hundreds of domains using Funnull infrastructure simultaneously migrated from one IP address to another either on the same exact day or within the same timeframe." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Tryfonov - stock.adobe.com Opinion Microsoft's ICC email block reignites European data sovereignty concerns Why Microsoft's rhetoric on protecting European users from US government actions does not quite ring true By Owen Sayers, Secon Solutions Published: 23 May 2025 During his recent visit to Brussels, Microsoft chief Brad Smith committed his company to defending European interests from ‘geopolitical volatility’, including the impact of potential US administration interventions. Suggesting that Microsoft is ‘critically dependent on sustaining the trust of customers, countries, and government across Europe’, anyone leaving his session with EU leaders should have reasonably felt buoyed up by his words; but might also have sensibly awaited evidence of the commitments being applied in practice before relying upon them. If so, the news that the International Criminal Court (ICC) chief prosecutor and his staff have had their Microsoft email and services cancelled in direct response to US government sanctions might come as an unwelcome reality check. According to media reports, ICC chief prosecutor Karim Khan had his Microsoft email and other services suspended after the US applied sanctions in February to all ICC staff in response to their investigations into key Israeli politicians. The circumstances of the situation that gave rise to those sanctions are outside the scope of this article, and largely irrelevant to the problems these service suspensions indicate, however. Regardless of the ‘why’, what the service suspensions demonstrate is that Microsoft has the means (and when it comes down to it also possess the will) to do the US government’s bidding and disrupt services to any party deemed to be unacceptable. This is almost exactly contrary to the assurances Brad Smith so very recently gave. The disconnection of prosecutor Khan is a mouse-click heard around the world, and will undoubtedly give anyone using or currently considering the adoption of Microsoft cloud technologies pause for thought. By disconnecting the ICC staff in this way, Microsoft has done themselves some serious damage, and how much may take some time yet to become clear. Immediately after the disconnection became public, the Dutch government and public bodies are reported to have accelerated their examination of non-Microsoft and EU-located alternative services. Meanwhile, several suppliers have indicated an uptick in requests for backup of key data to protect against possible Microsoft disconnections. Press coverage in Germany suggests these concerns are rippling out to them also, whilst the Nordics and France have long made clear that they see a future that is distinctly less Azure in colour. The likelihood or otherwise of further disconnections is unclear, and for most users it should be considered very unlikely that Microsoft will start switching off services for no good reason. With 25% of Microsoft’s global revenues coming from European customers, it is unlikely to act rashly to damage that market, and can generally be counted on to be sensible and not commit commercial suicide – so most customers should not be worried. Nonetheless much of the damage to the confidence of public sector bodies might well have already been done. Governments like to be in control of their own destiny and that extends to digital services and data. When a key supplier they have relied upon for many years shows themselves to be subject to the whims and foibles of a foreign government – friendly or otherwise – most public sector buyers intuitively know it’s time to find an alternative provider “just-in-case”. Having a plan B option is just common sense. The big problem for Microsoft is that in the IT sector “just-in-case” or plan B options, often become strategic plan A directions of travel. And a trickle of departures can quite soon become a flood. Governments are herd animals – when one turns they all tend to follow. I’m not by any measure suggesting we are going to see an overnight exodus. Even if that was technically feasible (which it isn’t in most cases), these organisations are a bit concerned, not panicked. However, these previously affirmed Microsoft user groups are now openly talking about the need for alternatives to the Redmond cloud provider, and that should have Microsoft worried. Concerns that US hyperscalers might be subjected to pressure from US authorities to disclose information have existed for some time but have been broadly assuaged by repeated promises and commitments from Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft that they would resist such requests and protect their customers. When it has come to the acid test, however, many clearly feel that Microsoft has failed, and that instead of protecting the ICC as a key pillar of the global legal community, instead acted as an instrument of US policy. To restore his own email access, prosecutor Khan reportedly turned to Proton Mail, the Swiss end-to-end encrypted mail service beloved of whistleblowers and other digital refugees. Proton Mail operate under its own constraints and obligations to disclose information to the Swiss government on demand, but this is limited to IP address info, rather than email payloads, which it is generally accepted they cannot access. In doing so it’s likely that Mr Khan has had to forgo some user functionality and ease of use – but he may feel that’s a small price to pay to protect his office and role from US government influence. That might be a choice others have to make in the months and years to come, since regardless of their choice of cloud provider, the lesson here is that we cannot always trust them to rigorously and strongly protect our data or our services, despite what they may say, or how often they do so. In this case, Microsoft’s actions sadly speak a lot louder than Mr Smith’s words. Read more about Microsoft Microsoft’s hold on government IT is under scrutiny, following a disclosure to a Scottish policing body that saw the software giant advise that it cannot guarantee data sovereignty in its cloud-based Microsoft 365 suite Documents show Microsoft’s lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary In The Current Issue: UK critical systems at risk from ‘digital divide’ created by AI threats UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal Standard Chartered grounds AI ambitions in data governance Download Current Issue SAP Sapphire 2025: Developers take centre stage as AI integration deepens – CW Developer Network Microsoft entices developers to build more Windows AI apps – Cliff Saran's Enterprise blog View All Blogs

Iran and the United States prepared for a fifth round of negotiations over Tehran’s rapidly advancing nuclear program Friday in Rome, with enrichment emerging as the key issue.U.S. officials up to President Donald Trump insist Iran cannot continue to enrich uranium at all in any deal that could see sanctions lifted on Tehran’s struggling economy. Iran’s Foreign Minister Abbas Araghchi early Friday insisted online that no enrichment would mean “we do NOT have a deal.” “Figuring out the path to a deal is not rocket science,” Araghchi wrote on the social platform X. “Time to decide.”The U.S. will be again represented in the talks by Mideast envoy Steve Witkoff and Michael Anton, the State Department’s policy planning director. Oman’s Foreign Minister Badr al-Busaidi is mediating the negotiations as the sultanate on the Arabian Peninsula has been a trusted interlocutor by both Tehran and Washington in the talks.A car carrying Araghchi arrived at the Omani Embassy in Rome’s Camilluccia neighborhood around 12:30 p.m. Witkoff had yet to be seen, but the embassy previously served as the site of another round of talks. Enrichment remains key in negotiations The talks seek to limit Iran’s nuclear program in exchange for the lifting of some of the crushing economic sanctions the U.S. has imposed on the Islamic Republic, closing in on half a century of enmity.Trump has repeatedly threatened to unleash airstrikes targeting Iran’s program if a deal isn’t reached. Iranian officials increasingly warn they could pursue a nuclear weapon with their stockpile of uranium enriched to near weapons-grade levels.“Iran almost certainly is not producing nuclear weapons, but Iran has undertaken activities in recent years that better position it to produce them, if it chooses to do so,” a new report from the U.S. Defense Intelligence Agency said. “These actions reduce the time required to produce sufficient weapons-grade uranium for a first nuclear device to probably less than one week.”However, it likely still would take Iran months to make a working bomb, experts say.Enrichment remains the key point of contention. Witkoff at one point suggested Iran could enrich uranium at 3.67%, then later began saying all Iranian enrichment must stop. That position on the American side has hardened over time.Asked about the negotiations, State Department spokesperson Tammy Bruce said “we believe that we are going to succeed” in the talks and on Washington’s push for no enrichment.“The Iranians are at that table, so they also understand what our position is, and they continue to go,” Bruce said Thursday.One idea floated so far that might allow Iran to stop enrichment in the Islamic Republic but maintain a supply of uranium could be a consortium in the Mideast backed by regional countries and the U.S. There also are multiple countries and the International Atomic Energy Agency offering low-enriched uranium that can be used for peaceful purposes by countries.However, Iran’s Foreign Ministry has maintained enrichment must continue within the country’s borders and a similar fuel-swap proposal failed to gain traction in negotiations in 2010.Meanwhile, Israel has threatened to strike Iran’s nuclear facilities on their own if it feels threatened, further complicating tensions in the Mideast already spiked by the Israel-Hamas war in the Gaza Strip.Araghchi warned Thursday that Iran would take “special measures” to defend its nuclear facilities if Israel continues to threaten them, while also warning the U.S. it would view it as being complicit in any Israeli attack. Authorities allowed a group of Iranian students to form a human chain Thursday at its underground enrichment site at Fordo, an area with incredibly tight security built into a mountain to defend against possible airstrikes. Talks come as U.S. pressure on Iran increases Yet despite the tough talk from Iran, the Islamic Republic needs a deal. Its internal politics are inflamed over the mandatory hijab, or headscarf, with women still ignoring the law on the streets of Tehran. Rumors also persist over the government potentially increasing the cost of subsidized gasoline in the country, which has sparked nationwide protests in the past.Iran’s rial currency plunged to over one million to a U.S. dollar in April. The currency has improved with the talks, however, something Tehran hopes will continue as a further collapse in the rial could spark further economic unrest.Meanwhile, its self-described “Axis of Resistance” sits in tatters after Iran’s regional allies in the region have faced repeated attacks by Israel during its war against Hamas in the Gaza Strip. The collapse of Syrian President Bashar Assad’s government during a rebel advance in December also stripped Iran of a key ally.The Trump administration also has continued to levy new sanctions on Iran, including this week, which saw the U.S. specifically target any sale of sodium perchlorate to the Islamic Republic. Iran reportedly received that chemical in shipments from China at its Shahid Rajaei port near Bandar Abbas. A major, unexplained explosion there killed dozens and wounded over 1,000 others in April during one round of the talks. Gambrell reported from Dubai, United Arab Emirates. Associated Press writer Nasser Karimi in Tehran, Iran, contributed to this report. —Jon Gambrell and Giada Zampano, Associated Press

This story appeared in The Logoff, a daily newsletter that helps you stay informed about the Trump administration without letting political news take over your life. Subscribe here.Welcome to The Logoff: The Trump administration moved to deport eight men to South Sudan in what a federal judge in Boston says was “unquestionably” a violation of a court order.What happened? On Tuesday, the US government put eight men — only one a South Sudanese citizen — on a deportation flight to South Sudan, an unstable country in East Africa that is on the verge of civil war, with minimal notice and no chance to speak with a lawyer. Their exact location is now unclear.What have courts ruled about deportations? A court order from April, issued by the same federal judge, Brian Murphy, blocked the Trump administration from deporting immigrants to countries not their own without due process because of the possibility they could face violence or death there.What will happen to the immigrants who were deported? Murphy has ordered the government to keep the men in US custody while considering how to ensure their due process rights, but they won’t be flown back to the US. Murphy also raised the possibility of criminal contempt sanctions for officials involved in the deportations.What’s the context? This isn’t the first time the Trump administration has attempted deportations to a dangerous third-party country. Not only has the administration sent Venezuelan immigrants to a brutal El Salvadoran megaprison, but Murphy, the federal judge in Boston, also intervened earlier in May to block deportation flights to Libya.What does this mean for Trump’s immigration plans? The Trump administration is almost certain to keep testing the limits of what it can do on immigration. In an interview published today, Vice President JD Vance alleged that “you are seeing an effort by the courts to quite literally overturn the will of the American people” on immigration enforcement, raising the specter of more clashes to come. And with that, it’s time to log off…The promise of this newsletter is to help you get the important news, then log off. So we’d be remiss in not sharing Vox deputy editor Izzie Ramirez’s attempt to do just that: For (almost) a full month, she abandoned her iPhone and switched to a “dumbphone” that could do little more than text and call. She writes that the experience encouraged deeper connections and spontaneous hangs, and helped restore her attention span. Couldn’t we all use that? You’ve read 1 article in the last monthHere at Vox, we're unwavering in our commitment to covering the issues that matter most to you — threats to democracy, immigration, reproductive rights, the environment, and the rising polarization across this country.Our mission is to provide clear, accessible journalism that empowers you to stay informed and engaged in shaping our world. By becoming a Vox Member, you directly strengthen our ability to deliver in-depth, independent reporting that drives meaningful change.We rely on readers like you — join us.Swati SharmaVox Editor-in-ChiefSee More:

As Russia continues its relentless assaults on Ukraine despite in defiance of continuing efforts to work towards a peace deal, multiple western security agencies have issued a new advisory warning of a Moscow-backed  campaign of cyber intrusions targeting logistics and technology organisations in the west. The campaign, run through Unit 26165 of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), better known as Fancy Bear, includes credential guessing, spear-phishing attacks, exploitation Microsoft Exchange and Roundcube vulnerabilities, and flaws in public-facing infrastructure including VPNs. This pattern of activity likely dates back to the early days of the war in February 2022 – at which point Fancy Bear was more heavily involved in cyber operations for purposes of espionage. However, as Russia failed to achieve its military objectives as quickly as it had wanted, the group expanded its targeting to include entities involved in the delivery of support and aid to Ukraine’s defence. Over the past three years its victims have included organisations involved in air traffic control, airports, defence, IT services, maritime and port systems sectors across various Nato countries. The advanced persistent threat (APT) actor is also understood to be targeting internet-connected cameras at Ukraine’s border crossings and around its military bases. These intrusions mostly took place in Ukraine but have also been observed in neighbouring states including Hungary, Poland, Romania and Slovakia. The GCHQ-run National Cyber Security Centre (NCSC) urged UK organisations to familiarise themselves with Unit 26165’s tactics and take action to safeguard themselves. “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine,” said Paul Chichester, NCSC Director of Operations. “The UK and partners are committed to raising awareness of the tactics being deployed. We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks.” The NCSC’s latest warning comes a couple of weeks after the cyber body’s CEO, Richard Horne, talked of a “direct connection” between Russian cyber attacks and physical threats to the UK at its annual conference. Horne told an audience at the CyberUK event that Russia was focusing on acts of sabotage, often involving criminal proxies. He said these threats, which are thought to have included arson attacks, are now manifesting on the streets of the UK, “putting lives, critical services and national security” at risk. Rafe Pilling, director of threat intelligence at the Sophos (formerly Secureworks) Counter Threat Unit (CTU) – which tracks Fancy Bear as Iron Twilight – said that the group's targeting of spear-phishing and vulnerability exploitation to gain access to target mailboxes had been a staple tactic for some time. “The focus of their operations pivots as the intelligence collection of the Russian military change and since 2022 Ukraine has been a significant focus of their attention. The targeting of Nato  and Ukranian defense and logistics companies involved in the support of the Ukrainian war effort makes a lot of sense in that context,” Pilling told Computer Weekly.   “The targeting of IP cameras for intelligence collection purposes is interesting and is a tactic generally associated with state-sponsored adversaries like Iron Twilight where they anticipate a physical effects aspect to their operations. As an intelligence provider to the Russian military this access would assist in the understanding of what goods were being transported, when, in what volumes and support kinetic targeting.   “We've seen other APT actors make use of compromised CCTV feeds to monitor the effects of cyber-physical attacks, for example the 2022 attacks against steel mills in Iran where video from the CCTV feed was used to time the execution of the attack in an attempt to avoid harm to people at the site and confirm the damage being caused,” he added. The NCSC said Britain’s support for Ukraine remained “steadfast”. Having already committed £13bn in military aid, the UK this week announced 100 new sanctions on Russia targeting entities and organisations involved in its energy, financial and military systems. This comes in the wake of the largest drone attack on Ukraine staged so far during the three-year war, which Russian dictator Vladimir Putin launched mere hours before a scheduled call with US president Donald Trump. The full advisory – which can be read here – sets out Fancy Bear’s tactics, techniques and procedures (TTPs) in its latest campaign in accordance with the Mitre ATT&CK framework, and also details a number of the common vulnerabilities and exposures (CVEs) being used to attain initial access. Besides the UK and US, the advisory is cosigned by cyber and national security agencies from Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands and Poland. Read more about Russian state cyber campaigns Russia is using phishing attacks to compromise encrypted Signal Messenger services used by targets in the Ukraine. Experts warn that other encrypted app users are at risk. The Russian cyber spy operation known as Star Blizzard changed tactics after a takedown operation by Microsoft and the US authorities, turning to widely used messaging platform WhatsApp to try to ensnare its targets. Computer Weekly talks to GCHQ’s National Cyber Security Centre operations director Paul Chichester and former NCSC chief executive Ciaran Martin on Russia, China and Salt Typhoon.

There are no heroes in Libby v. Fecteau, a decision about an anti-trans lawmaker that the Supreme Court handed down on Tuesday. With only two justices publicly dissenting, the Court handed down a brief order temporarily lifting sanctions against that lawmaker.The lawmaker at the heart of the case, Maine Republican Rep. Laurel Libby, was sanctioned by her colleagues for posting an unblurred picture of a transgender high school athlete, along with the student’s name and the name of her school, in order to protest against including transgender girls in women’s sports. The sanction those colleagues imposed on her could not possibly be constitutional: They effectively stripped her of her right to vote on legislation as a member of Maine’s House of Representatives, stripping Libby’s constituents of their representation in the state House. And Libby’s fellow lawmakers likely also violated her First Amendment rights in the process. As a legal matter, Libby closely resembles Bond v. Floyd (1966), a case brought by a Georgia state lawmaker who was not allowed to take his seat in the state legislature — ostensibly because his colleagues objected to his opposition to the Vietnam War. Bond held that the First Amendment “requires that legislators be given the widest latitude to express their views on issues of policy.”To be sure, no moral comparisons can be drawn between the plaintiffs in Bond and Libby. Bond involved Rep. Julian Bond, a Black man and a prominent civil rights activist who was elected to the Georgia legislature just as Jim Crow was beginning to lose its grip on the South. Libby, by contrast, arises out of Libby’s decision to bully a high school student.But the First Amendment protects offensive speech just as surely as it protects speech that is now widely viewed as prescient and wise. Indeed, nearly all First Amendment cases arise out of speech that someone in a position of power deemed offensive — why else would they have tried to censure or ban that speech?After Libby posted the picture of the high school student on Facebook, Maine House Speaker Ryan Fecteau asked her to take it down due to concerns “that publicizing the student’s identity would threaten the student’s health and safety.” When Libby refused, the state House passed a resolution formally censuring her — which, under the Maine House’s rules, meant that Libby “may not be allowed to vote or speak” on the House floor until she apologizes for the conduct that resulted in her censure. Libby refuses to apologize, which means that her constituents effectively do not have representation in the state House, at least with respect to bills that receive a vote on the floor.The Supreme Court’s order in the Libby case is very brief and does not explain why the justices decided to reinstate Libby’s floor privileges. Notably, however, none of the justices defended the state legislature’s decision to strip Libby of her voting rights.The Court’s order includes a single line noting that Justice Sonia Sotomayor dissented, but Sotomayor did not explain why. Justice Ketanji Brown Jackson, meanwhile, penned a brief dissenting opinion which largely criticizes her colleagues for overusing the Court’s “shadow docket” — a mix of emergency motions and other matters that the Court decides without full briefing and oral argument. It was on this docket that Libby was heard.As Jackson notes, the Court used to be exceedingly reluctant to rule in favor of parties that seek shadow docket relief — she quotes Justice Potter Stewart’s 1968 warning that such relief “should be used sparingly and only in the most critical and exigent circumstances.” And Jackson, who emerged as the Court’s most outspoken opponent of the shadow docket after she became a justice in 2022, is right that the Court’s practices have changed dramatically in recent years. Prior to the first Trump administration, Supreme Court decisions on the shadow docket were exceedingly rare outside of death penalty cases, where the justices often had to act right away to prevent an execution from moving forward before they could review the case.But, regardless of whether the justices should have acted as quickly as they did — or, as Jackson suggests, waited until the lower courts had fully considered this case before stepping in — there’s little doubt that Libby should have prevailed eventually. Libby’s constituents have a right to representation, regardless what views their representative holds.And, if lawmakers were allowed to strip their colleagues of their voting rights at will, there’s no guarantee that another legislature would not use that power to target elected officials who, like Bond, can more easily claim the moral high ground than Libby.See More:

Microsoft acknowledges it supplied AI technology to Israel's Ministry of Defense, but "no evidence" it's been used to "target or harm people in the conflict in Gaza" Following calls to boycott the company. Image credit: Microsoft News by Ed Nightingale Deputy News Editor Published on May 20, 2025 Microsoft has acknowledged it has supplied AI technology to the Israel Ministry of Defense (IMOD) but has stated it "found no evidence" the technology had been used to "target or harm people in the conflict in Gaza". Microsoft published a statement last week, where it admitted to providing IMOD with "software, professional services, Azure cloud services, and Azure AI services, including language translation". It added: "As with many governments around the world, we also work with the Israeli government to protect its national cyberspace against external threats". The statement follows reports of Israel using AI in its conflict in Gaza, which has resulted in thousands of Palestinian deaths. As reported by The Guardian last year, the Israeli military employed its own AI system, called Lavender, with intelligence sources claiming Israeli military officials permitted large numbers of Palestinian civilians to be killed. As Microsoft has now acknowledged, there were concerns from its employees and the public regarding the use of its Azure and AI technologies by the Israeli military. In response, it has conducted an internal review, alongside an external firm the company has omitted to name. "Based on these reviews, including interviewing dozens of employees and assessing documents, we have found no evidence to date that Microsoft's Azure and AI technologies have been used to target or harm people in the conflict in Gaza," the company said. "Our relationship with the IMOD is structured as a standard commercial relationship," it continued. "Like all our customers, the IMOD's use of our technology is bound by Microsoft's terms of service and conditions of use, including our Acceptable Use Policy and our AI Code of Conduct. These require customers to implement core responsible AI practices - such as human oversight and access controls - and prohibit the use of our cloud and AI services in any manner that inflicts harm on individuals or organisations or affects individuals in any way that is prohibited by law." Microsoft noted it does occasionally provide special access to its technologies beyond the terms of its commercial agreements. It did this in the weeks following 7th October 2023 by providing limited emergency support to the Israeli government to help rescue hostages, but with "significant oversight and on a limited basis". It also noted militaries "typically use their own proprietary software or applications from defense-related providers for the types of surveillance and operations that have been the subject of our employees' questions. Microsoft has not created or provided such software or solutions to the IMOD." The company also acknowledged it does not have visibility into how its customers use its technology on their own servers, typically the case for "on premise software". As such, it does not have visibility to the IMOD's government cloud operations. "In sum, Microsoft has long defended the cybersecurity of the State of Israel and the people who live there," the statement concludes. "We similarly have long been committed to other nations and people across the Middle East. Our commitment to human rights guides how we engage in complex environments and how our technology is used. We share the profound concern over the loss of civilian life in both Israel and Gaza and have supported humanitarian assistance in both places. The work we do everywhere in the world is informed and governed by our Human Rights Commitments. Based on everything we currently know, we believe Microsoft has abided by these Commitments in Israel and Gaza." Last year, a group of current and former Microsoft employees launched the No Azure for Apartheid petition, which currently has 1527 signatures. The group has now called for Microsoft to make this investigation public. "It's very clear that their intention with this statement is not to actually address their worker concerns, but rather to make a PR stunt to whitewash their image that their relationship with the Israeli military has tarnished," said former employee Hossam Nasr to Israeli newspaper Haaretz. Nasr was fired in October for helping to organise an unauthorised vigil for Palestinians killed in Gaza at Microsoft's headquarters. As RockPaperShotgun reported, the international Boycott, Divestment and Sanctions movement called for a boycott of Microsoft products last month in protest against the company's reported connections with the Israeli military. Back in February, the Associated Press published a report into the use of AI technology by the Israeli military, including Microsoft and OpenAI. Similarly, the developer of indie role-player Tenderfoot Tactics removed the game from sale on Xbox in support of the boycott.