Breaking AI & Tech News Analyzed

The Escalation of Cyber-Kinetic Threats in the Middle EastIran’s military has signaled a dangerous escalation in the ongoing regional conflict by explicitly targeting critical AI infrastructure. In a video released late last week, Iranian military spokesperson Ebrahim Zolfaghari warned that if the United States proceeds with threats to strike Iranian civilian assets, Tehran would retaliate against U.S. energy and technology infrastructure across the region. The video, which went viral on Sunday, explicitly zoomed in on the Stargate data center in the United Arab Emirates, stating that "nothing stays hidden to our sight, though hidden by Google." This marks a significant shift from previous threats, which were largely abstract, to specific, high-value targets.Targeting the Stargate InitiativeThe focal point of the threat is the Stargate project, a monumental $500 billion joint venture announced in January 2025 between OpenAI, SoftBank, and Oracle. The initiative, originally hampered by funding troubles and tariff costs, is currently seeking to expand its international footprint. The Iranian warning suggests that the war in the region is no longer limited to traditional military assets but is spilling over into the digital backbone of the global economy. This comes at a precarious time for the project, which is attempting to solidify its status as a global leader in AI compute power.Financial and Strategic Implications for Tech GiantsThe threat carries severe financial and operational risks for major technology entities operating in the region. The conflict has already resulted in physical damage to cloud infrastructure, with Iranian missiles striking Amazon Web Services (AWS) data centers in Bahrain and an Oracle facility in Dubai. Furthermore, the Iranian military has previously named Nvidia and Apple as potential targets, indicating a broad strategy to disrupt the supply chains and data processing capabilities of Western tech giants. For a project like Stargate, which relies on uninterrupted power and secure facilities, these threats pose existential challenges to its operational continuity.Redefining Data Sovereignty in Conflict ZonesThis development fundamentally alters the landscape of data sovereignty and cloud computing. Historically, data centers have been viewed as neutral commercial zones, but the recent attacks demonstrate that they are becoming legitimate targets in geopolitical warfare. The targeting of Stargate, a project backed by some of the world's most powerful AI companies, implies that the global race for AI dominance is now subject to the volatility of military conflict. This creates a new layer of risk for international investors and tech firms, forcing them to reassess the security of their assets in volatile regions.The Future of AI Infrastructure Under Geopolitical DuressLooking ahead, the convergence of AI infrastructure and military conflict suggests a turbulent period for global technology. We can expect a surge in security expenditures as companies attempt to harden their data centers against physical and cyber-attacks. Additionally, there may be a strategic shift away from locating critical AI infrastructure in high-risk zones like the Middle East, potentially leading to a reconfiguration of the global AI supply chain. The standoff over the Strait of Hormuz and the threat to Stargate signal that the next phase of the conflict will likely involve a battle for control over the digital networks that power the modern world.

The former boss of the Co-op collected almost £2m before her sudden departure last month despite a difficult year when the retailer was pushed into the red by a damaging cyber hack.Shirine Khoury-Haq’s total annual pay package amounted to £1.9m in 2025, including a £165,000 “rewarding growth” bonus that was approved by the mutual’s board despite falling sales and the slide to an underlying loss of £125m.Khoury-Haq and other executives did not receive their regular annual bonus as the board said the company had not met an “affordability underpin” to make the payout. However, Khoury-Haq’s total pay did include a long-term performance bonus linked to earlier years.In the Co-op Group’s annual report, the remuneration committee said it had decided to pay out 10% of the three-year potential total for the new “rewarding growth” incentive plan, which goes to all staff. Full-time, frontline workers, such as shop floor staff, who were employed for all of 2025 received £100 each under the scheme.The report did not say if Khoury-Haq would receive any compensation for loss of office on her departure but did make clear she would not receive any more from the “rewarding growth” scheme. Kate Allum, a board member and former boss of the dairy group First Milk, will step in as the interim chief executive while a permanent replacement is sought.Khoury-Haq’s departure after four years heading the company, and almost seven at the business, came a month after reports of concerns about the culture at the top of the group. Last week, Khoury-Haq denied that her resignation was linked to the allegations of a toxic culture. “My decision to leave was very much a personal decision,” she said. “The reason is I want to go and do something else.”

The Accelerator's Withdrawal: A Signal of Loss of ConfidenceDelve's relationship with Y Combinator has officially ended following a series of damaging allegations regarding compliance and data security. This severance marks a significant blow to the startup's credibility, compounded by the distancing actions of other major investors like Insight Partners.The Catalyst: Anonymous Allegations and Data BreachesThe controversy stems from an anonymous Substack campaign by "DeepDelver," which accused the company of misleading clients about regulatory compliance and passing off open-source tools as proprietary technology. These claims were further fueled by a security researcher's ability to access sensitive Delve data and a malware incident involving a customer, LiteLLM.YC's Response: Delve was removed from the accelerator's portfolio directory, with COO Selin Kocalar confirming the split on X.Insight Partners: The firm initially deleted posts about its investment but later restored the primary blog entry.The Defense: A Coordinated Attack or Operational Failure?In a bid to set the record straight, Delve's leadership team, including CEO Karun Kaushik, claims the attacks are a coordinated smear campaign orchestrated by an attacker who exfiltrated internal data. They argue that the "evidence points to a malicious attack rather than a genuine whistleblower."However, the company also acknowledged "growing too fast and falling short of our own standard." To mitigate the damage, Delve has hired a cybersecurity firm, offered complimentary re-audits to customers, and clarified that their open-source usage is compliant with Apache 2.0 licensing.Future Outlook: Rebuilding Trust in a Fragile EcosystemThe departure from Y Combinator suggests that the startup's growth trajectory is now in jeopardy. For a compliance-focused company, trust is the primary currency; the current allegations threaten to devalue this currency permanently. The coming months will determine if Delve can survive this reputational crisis or if it will become a cautionary tale in the compliance tech sector.

Cambodia has taken a significant step in its fight against cybercrime by approving a new law targeting scam centers accused of defrauding foreigners of billions of dollars. The law, which aims to enhance the country's 'cleaning operation' against these illicit operations, imposes punishments of two to five years in prison and fines of up to $125,000 for those convicted of online scams.The legislation, which will now go to Cambodia's king for a final signature, also outlines penalties for money laundering, gathering victims' data, or recruiting scammers. Ringleaders of scam centers that engage in human trafficking, detentions, and torture will face prison sentences of up to 20 years and fines of up to $500,000.The passage of the law comes amid widespread condemnation from rights groups and sanctions by governments around the world, with Cambodia accused of being a hotbed of cyberscams. The US Department of State has previously stated that 'official complicity, including at senior levels, inhibited effective law enforcement action against trafficking crimes' in Cambodia, which has denied these allegations.The new law is seen as a significant effort by Cambodia to combat the rise of online fraud, romance, and cryptocurrency scams. Several countries have enacted anti-cyberscam laws to address this issue, with con artists in Singapore facing 24 strokes of the cane in serious cases.Justice Minister Keut Rith emphasized that the law is 'strict like the fishing net' and aims to ensure that online scams do not return to Cambodia. The law is expected to send a strong message to cyberscammers that Cambodia is not a place to conduct scams, and it will serve the interests of the Cambodian nation and people.

A US court has dismissed a lawsuit from WhatsApp's former security chief, who alleged that parent company Meta ignored internal flaws he flagged about the messaging app's digital defenses.Abdullah Baig, who claims he was fired in retaliation for raising these concerns, had alleged that billions of users had been put at risk because of these vulnerabilities. Thousands of employees could view sensitive user data, including profile photos and location, Baig claimed in the lawsuit filed in September. A judge ruled he had not presented enough evidence to move forward.The US district court in northern California ruled last month to dismiss Baig's claims, with the judge, Laurel Beeler, writing on 19 March that 'the complaint does not contain sufficient facts to show that the plaintiff reported violations of SEC rules or regulations.'Baig was head of WhatsApp's security division from 2021 to 2025. He said he had expressed concerns about cybersecurity issues to his supervisor five times but was ignored; he also said he wrote directly to Meta's CEO, Mark Zuckerberg, about what he saw as a violation of US Securities and Exchange Commission rules and escalating retaliation against him. He also claimed that the company didn't fix the hacking of more than 100,000 accounts daily – and focused instead on user growth. At the time, WhatsApp said in a statement that he was 'a former employee dismissed for poor performance' who had filed a suit based on distorted claims.A WhatsApp spokesperson said: 'This ruling reaffirms what we've said all along: These claims have no merit. We're proud of our strong record of protecting people's privacy and security, and will continue building on it.'Baig's lawyer suggested in a statement emailed to the Guardian that the legal fight was not over. 'Mr Baig is not done fighting for users,' said Wilmer Harris, who represents Baig. 'The judge dismissed on pleading grounds, not merit, and we look forward to addressing those deficiencies and ensuring Meta has to finally engage with the substance of Mr Baig's allegations.'

European carmaker Stellantis has issued a recall for 44,000 vehicles in the UK due to a fault that could result in the cars catching fire. The issue affects certain models across its Peugeot, Citroën, DS Automobiles, Vauxhall, Lancia, Alfa Romeo, Jeep, and Fiat brands, produced between 2023 and 2026.The fault is related to a lack of clearance between the gas filter pipe and a component of the belt starter generator, which could cause water to leak into the engine bay during wet driving conditions. This creates a potential risk of fire in the engine.In response, Stellantis will immediately contact affected car owners to schedule a free appointment with their dealer. This recall comes as the company faces challenges, including a €22bn charge and the sale of a stake in its battery joint venture due to slower-than-expected growth in electric vehicles.The recall is a significant setback for Stellantis, which had previously planned to launch an electric truck, the Ram 1500 BEV. Meanwhile, sales of electric vehicles in Europe have soared, but demand in the US has collapsed following the withdrawal of a consumer tax credit.In contrast, rival Jaguar Land Rover (JLR) reported a recovery in sales over the past quarter, with a 61.1% jump in sales to 95,300 vehicles. However, quarterly sales were still down 14.5% compared to the same period a year earlier, largely due to a cyber-attack that halted production.

The Lead Apple has rolled out critical security updates for older iPhone and iPad models to counter a sophisticated web-based attack known as DarkSword. The release of iOS 18.7.7 and iPadOS 18.7.7 is a direct response to a leaked set of hacking tools that can compromise devices running versions 18.4 through 18.7. Understanding the DarkSword Vulnerability DarkSword is a sophisticated exploit kit that operates through a 'drive-by download' mechanism. Attackers do not need to trick users into clicking suspicious links; instead, simply visiting a legitimate website that has been breached can trigger the malicious code. This allows the toolkit to break into Apple devices and install spyware without the user's immediate knowledge. The Data Impact of the Exploit The capabilities of the DarkSword toolkit pose a significant threat to user privacy. Once a device is compromised, attackers gain access to a wide range of sensitive information, including: Private messages Browser history Location data Cryptocurrency wallet credentials Security researchers have observed these tools being used in targeted attacks across China, Malaysia, Turkey, Saudi Arabia, and Ukraine. User Friction and Update Resistance Despite the severity of the threat, Apple notes that millions of users remain vulnerable because they have chosen not to update their devices. The primary driver for this resistance is the user experience; many users have opted out of the latest software updates to avoid the new 'liquid glass' interface, prioritizing familiarity over security patches. The Role of Lockdown Mode For users who remain at high risk, Apple’s optional Lockdown Mode offers a robust defense. The company has confirmed that this feature effectively blocks attacks that would bypass standard protections, including those from government-sponsored spyware campaigns. Future Outlook on Web-Based Threats The publication of the DarkSword toolkit on the open web signals a worrying trend. As these tools become more accessible, we can expect an increase in low-cost, high-impact cyberattacks targeting older device versions that lack the latest security protocols.

More drilling in the North Sea will not enhance the UK’s energy security, a group of former senior military leaders told The Guardian on Monday, as the Conservative Party’s energy minister Kemi Badenoch launched a campaign to revive offshore oil and gas licences. The veterans, including retired Rear Admiral Neil Morisetti, a climate‑security professor at University College London, warned that extracting the remaining hydrocarbons “is not the answer” to the country’s rising energy costs and geopolitical vulnerability. Morisetti emphasized that global market forces, not domestic production, set fuel prices and that reliance on imports leaves the UK exposed to “structural chokepoints” such as the Strait of Hormuz or insurance withdrawals. He urged the government to focus on a rapid transition to a diversified mix of wind, solar, tidal and nuclear power, alongside a major renewal of the electricity grid and expanded storage capacity. A recent E3G think‑tank report supports this view, stating that “structural chokepoints” in oil and gas supply chains mean that increasing fossil‑fuel output anywhere does not improve national security. The report highlights that reducing reliance on imported hydrocarbons through electrification, efficiency, and domestic clean energy offers the most durable protection against supply shocks. Maria Pastukhova, senior policy adviser at E3G, explained that while clean‑energy systems are not immune to disruptions, they shift control “under domestic ownership,” lowering exposure to geopolitical and market volatility. Data cited by the report show that the North Sea is a “mature basin” whose output has fallen 75 % since its peak. New licences granted between 2010 and 2024 have produced only 36 days of gas, according to research by the Uplift campaign and consultancy Voar, underscoring the limited impact of further drilling. Retired Lt Gen Richard Nugee compared the UK’s situation to recent developments in Spain, where electricity prices are increasingly set by renewables rather than fossil fuels, reducing dependence on vulnerable chokepoints. He argued that “going for renewables gives greater independence, greater sovereignty, less vulnerability to attack and more opportunity,” contrasting it with the finite and externally‑controlled nature of gas supplies. Experts such as Khem Rogaly of the Transition Security Project warn that reliance on “expensive and volatile fossil fuels” makes British households vulnerable to shocks from global conflicts, including US‑led oil wars. James Meadway, director of the Verdant think‑tank, added that the war in Iran has revealed the fragility of large, centralized power systems to both kinetic attacks and cyber‑threats, reinforcing the case for a more distributed energy architecture. In sum, the former military leaders and independent analysts concur that the only credible route to lasting UK energy security lies in **accelerating renewable deployment, improving efficiency, and modernising the grid**, rather than expanding North Sea drilling.

The Erosion of Digital Anonymity Apple's 'Hide My Email' feature, designed to shield user identities from apps and websites, has been exposed as ineffective against federal subpoenas. The company recently revealed it provided real names and email addresses to the FBI and ICE, undermining the feature's promise of anonymity for paying iCloud+ subscribers. This disclosure highlights a critical vulnerability in the privacy architecture of major tech platforms, where 'anonymity' often depends on the willingness of the provider to withhold data. The 'Hide My Email' Loophole The feature allows iCloud+ subscribers to generate anonymous email aliases that forward messages to their private inbox. While Apple claims it does not read the content of these forwarded messages, the legal mechanism allows authorities to bypass the alias entirely. In a recent affidavit, the FBI revealed that Apple provided the real identity behind an anonymized address used in a threat investigation against Kash Patel's girlfriend. Similarly, ICE agents obtained records linking multiple anonymized accounts to a specific individual involved in an alleged identity fraud scheme. Metadata vs. Content The data shared with law enforcement goes beyond simple forwarding logs; Apple provided the account holder's full name, email address, and billing information. In one instance, Apple disclosed records for 134 anonymized email accounts created via the feature. This indicates that while the content of emails remains private, the ownership of the account is easily accessible to authorities with a valid legal request. The distinction between encrypted content and unencrypted metadata is becoming the primary battleground for digital privacy. End-to-End Encryption Limits This incident underscores a critical distinction in modern cybersecurity: the difference between end-to-end encryption (E2EE) and account metadata. Apple touts its services as E2EE, meaning only the user can access their data. However, this protection does not extend to the account registration details, billing history, and unencrypted routing information that Apple stores. As a result, the demand for alternative privacy tools like Signal, which offer stronger protections against metadata collection, is likely to increase among privacy-conscious users. The Future of Privacy vs. Security As law enforcement agencies increasingly rely on metadata to solve crimes, tech companies will face mounting pressure to balance user privacy with national security obligations. We can expect a rise in legal battles regarding the scope of 'anonymized' services and a potential shift in consumer behavior, where users seek out services that offer true anonymity rather than just obfuscation.