Breaking AI & Tech News Analyzed

The National Cyber Security Centre (NCSC) has officially stopped recommending passwords where passkeys are available, urging consumers to adopt the newer, phishing‑resistant technology for all digital services. NCSC Declares Passwords Obsolete in Favor of Passkeys In a statement released this week, the NCSC said passwords can no longer withstand today’s cyber‑threat landscape. Passkeys, described as a “digital stamp” stored on a user’s device, provide a password‑free login that leverages biometrics such as facial recognition or a device PIN. Adoption Rates and Breach Statistics Google reports that just over 50% of its UK users have a passkey registered. Research by Cybernews highlighted the exposure of billions of login credentials in recent data‑leaks, underscoring the fragility of password‑based systems. Common passwords like “123456”, “admin”, and “password” remain among the most used globally, according to Nordpass. Why Passkeys Could Redefine UK Digital Security Passkeys cannot be harvested through phishing attacks because the private component never leaves the user’s device. Even if a service is breached, the stolen data is useless without the corresponding device‑held private key. Experts such as Dave Chismon, senior tech expert at the NCSC, note that passkeys are faster and simpler for users than remembering complex passwords or navigating two‑factor authentication. Future Outlook: Widespread Passkey Adoption and Remaining Challenges Analysts expect rapid growth in passkey usage as more platforms integrate the standard and as public awareness rises. However, challenges remain, including the need for robust biometric safeguards and user education on protecting device PINs. Alan Woodward, professor of cybersecurity at Surrey University, points out that facial‑recognition technology now incorporates “proof of liveness” to thwart spoofing attempts, but the security ecosystem will continue to evolve in a cat‑and‑mouse dynamic. Key recommendations for users: Enable passkeys wherever offered; fall back to strong, unique passwords only when necessary. Activate two‑factor authentication on accounts that still rely on passwords. Keep device software and apps up to date to benefit from the latest security patches. Maintain strict control over device PINs and biometric data.

In Tokyo, a group of elderly Japanese people are determined to master smartphones and stay connected in a 4G and 5G world. The class, led by Yasushi Nishioka, a retired programmer, teaches students the basics of smartphone use, including turning their phones on and off, controlling volume, and using cashless payments and QR codes.The students, most of whom are in their 70s, say they are intimidated by their devices, but are eager to learn and not be left behind in an increasingly digital world. Japan's 3G network has been shut down, and telecom companies are encouraging subscribers to switch to 4G and 5G networks.Nishioka guides his students through the basics, including health trackers and weather forecasts, and promises that future sessions will cover entertainment, social media, and photo and video content. The students also express concerns about security, a growing problem in Japan, and Nishioka shares an app that filters out suspicious contacts.The participants' reasons for taking the plunge aren't wildly different to those that keep younger people umbilically attached to their devices: reserving tickets, joining WhatsApp groups, learning a foreign language, and making travel plans. As Nishioka notes, one of the biggest challenges for users of all ages is managing their passwords.

Four months after Australia introduced its under‑16 social‑media ban, Sydney teenager Noah Jones says his online experience has been largely unchanged – he has not been removed from any platform.Jones recounts a brief hiccup on Instagram that he quickly resolved, and notes a friend who temporarily lost access to Snapchat but managed to circumvent it. "That’s pretty much my whole experience of the ban," he says.Despite his personal continuity, Jones is now a plaintiff in a High Court challenge mounted by the Digital Freedom Project, which argues the ban infringes the implied constitutional right to political communication.The eSafety Commissioner, Julie Inman‑Grant, recently disclosed that more than 5 million accounts have been deactivated since the policy’s rollout, yet over two‑thirds of teenagers remain active on the ten targeted platforms – Facebook, Instagram, Snapchat, TikTok, YouTube, X, Twitch, Kick, Threads and Reddit. Young users are reportedly bypassing facial‑age estimation tools, especially when they are within two years of turning 16.Further eSafety findings reveal that 66 % of parents say platforms did not request age verification, and when ages of 14 or 15 were detected, platforms often prompted users to undergo facial‑recognition checks and simply adjust the displayed age rather than enforce deactivation.Communications Minister Anika Wells has urged the commissioner to "throw the book at" non‑compliant services, noting that fines could reach up to $49.5 million per breach in federal court. However, any penalties are likely to be considered only after the High Court decides the law’s validity.Wells also pledged new legislation imposing a digital duty of care on platforms, obliging them to take reasonable steps to prevent harm. The bill is slated for parliamentary debate later this year.The Digital Freedom Project, led by NSW Libertarian MP John Ruddick, contends that banning under‑16s from holding accounts effectively silences their participation in political discourse, as logged‑out viewing does not permit meaningful engagement.Legal scholars are divided. Prof. Sarah Joseph of Griffith University warns that an ineffective law could breach the implied freedom of political communication, while Monash University’s Prof. Luke Beck argues that the law’s purpose is to compel platforms to enforce age restrictions, not to achieve 100 % compliance.Beck points out that most legislation is not perfectly effective – citing murder laws and age‑restricted media – and that courts typically assess whether a law is a proportionate means to a legitimate aim.The government acknowledges that the age limit imposes a burden on political communication but maintains the measure is justified to mitigate risks from algorithmic recommendation systems, endless feeds, and other features that can amplify harm.Jones will turn 16 in August, at which point the ban would no longer apply to him. His mother, Renee Jones, says she faced online backlash for opposing the ban, with some critics even suggesting her children be taken away."It’s my right to choose how I raise my children in a digital world," she asserts, emphasizing strict household rules: no devices in bedrooms, phones locked at night, and shared passwords for parental oversight.Jones acknowledges the downsides of social media – bullying and explicit content – but stresses that his generation relies on these platforms for news and forming opinions, more so than traditional media.Both Jones and his mother argue the legislation was rushed and is failing to address the core concerns about harmful content, leaving many teens, like Noah, to navigate the digital landscape largely unchanged despite the ban.

Databricks Co‑Founder Secures Prestigious ACM PrizeMatei Zaharia, co‑founder and CTO of Databricks, learned on April 8, 2026 that he had won the ACM Prize in Computing. The surprise announcement highlighted his decades‑long influence on big‑data processing and the emerging AI ecosystem.From Spark to AI Foundations: Zaharia’s Technical JourneyWhile completing his PhD at UC Berkeley under Ion Stoica in 2009, Zaharia released Apache Spark as an open‑source project that dramatically accelerated big‑data workloads. Spark became the engine that powered the early data‑science wave, and its success seeded the creation of Databricks, which has since evolved into a cloud‑native AI and data platform.2009 – Spark open‑source launch2013 – Databricks founded2026 – ACM Prize awardedFinancial Scale of Databricks and the ACM PrizeDatabricks has raised more than $20 billion in venture funding, reaching a valuation of $134 billion and a revenue run‑rate of $5.4 billion. The ACM award includes a cash prize of $250,000, which Zaharia intends to donate to an as‑yet‑undetermined charity.Funding: > $20 BValuation: $134 BRevenue run‑rate: $5.4 BACM cash prize: $250 KImplications for AI Development and Industry Perception of AGIZaharia’s bold statement—“AGI is here already”—challenges the conventional view that artificial general intelligence is a distant goal. He argues that current models already exhibit general‑purpose capabilities, but humans tend to judge them by human standards, which can obscure their true potential.He also warned about the security risks of AI agents that mimic trusted human assistants, citing the example of the “OpenClaw” agent that could inadvertently expose passwords or spend money without user consent.Future Outlook: AI‑Driven Research and Security ChallengesLooking ahead, Zaharia envisions AI becoming a universal research assistant—automating biology experiments, enhancing data compilation, and providing “AI for search” tailored to engineering and scientific inquiry. He stresses the need for robust security frameworks as AI agents become more autonomous.AI‑augmented research across biology, engineering, and data scienceEmphasis on non‑hallucinating, reliable modelsUrgent call for security standards for AI agents

Hong Kong police have been granted the authority to require individuals suspected of violating the city's national security law to provide passwords to their mobile phones or computers. This measure, which took effect on Monday, is part of the national security law imposed by Beijing in 2020. The new provisions empower police to require a person under investigation suspected of endangering national security to provide any password or decryption method for electronic devices and to provide the police “any reasonable and necessary information or assistance”. Refusing to comply could lead to up to one year’s imprisonment and a fine of up to 100,000 Hong Kong dollars ($12,768), while providing false or misleading information could bring up to three years’ imprisonment and a fine of up to 500,000 Hong Kong dollars ($63,840). The imposition of the 2020 national security law, supplemented by a second component in 2024, has led to a marked decline in civil liberties in the former British colony returned to China in 1997, according to human rights advocates. The new amendments have sparked concerns over the erosion of Hong Kong's autonomy and its status as an international financial and business centre. Urania Chiu, a law lecturer in the UK researching Hong Kong, said the new provisions interfered with fundamental liberties, including the privacy of communication and the right to a fair trial. “The sweeping powers given to law enforcement officers without any need for judicial authorisation are grossly disproportionate to any legitimate aim the bylaw purports to achieve,” Chiu told the Reuters news agency. A Hong Kong government spokesperson said the amended rules conform to the city’s mini-constitution, the Basic Law, and its human rights provisions, and “will not affect the lives of the general public or the normal operation of institutions and organisations”. According to the Security Bureau, a total of 386 people have been arrested for national security crimes so far, with 176 people and four companies convicted.

Hong Kong police have been granted new powers to demand that individuals suspected of breaching the city's national security law provide mobile phone or computer passwords. This move is part of a further crackdown on dissent in the city.The amendments to the law, published by the city government, also empower customs officers to seize items deemed to have a 'seditious intention', regardless of whether any person has been arrested for an offence endangering national security.Refusing to comply with the demand for passwords could lead to up to one year's jail and a fine of up to HK$100,000 ($12,773), while providing false or misleading information could bring up to three years' imprisonment and a fine of up to HK$500,000.The sweeping national security law, imposed by Beijing in 2020, punishes acts including subversion and collusion with foreign forces with up to life imprisonment. The law has sparked criticism from western governments and rights groups, but Beijing and Hong Kong officials say it was needed to restore stability after months of pro-democracy protests in 2019.Urania Chiu, a law lecturer in the UK researching Hong Kong, said the new provisions interfere with fundamental liberties, including the privacy of communication and the right to a fair trial. Chiu stated that 'the sweeping powers given to law enforcement officers without any need for judicial authorisation are grossly disproportionate to any legitimate aim the bylaw purports to achieve.'A Hong Kong government spokesperson said the amended rules conform to the city's mini-constitution, the Basic Law, and its human rights provisions, and 'will not affect the lives of the general public or the normal operation of institutions and organisations'. According to the Security Bureau, a total of 386 people have been arrested for national security crimes so far, with 176 people and four companies convicted.

The Anatomy of the DarkSword LeakSecurity researchers have uncovered a significant escalation in iPhone vulnerabilities following the public release of the DarkSword exploit kit on the code-sharing site GitHub. Unlike sophisticated zero-days that require specialized knowledge to deploy, the leaked files are uncomplicated HTML and JavaScript scripts that can be hosted on a server in a matter of minutes. This accessibility has turned a tool previously associated with state-sponsored actors into a potential weapon for any criminal actor.The toolkit specifically targets iPhones and iPads running older versions of Apple’s operating system, such as iOS 18, which have not yet been updated to the latest iOS software. The code is designed to work "out of the box," meaning no iOS expertise is required to execute the attack. Researchers note that the leaked samples share infrastructure with previous campaigns analyzed by iVerify and Google, indicating a continuity in the threat landscape.The Scale of the VulnerabilityThe implications of this leak are vast, given the sheer number of devices potentially affected. According to Apple’s own data, approximately one-quarter of all iPhone and iPad users are still running older operating systems. With over 2.5 billion active devices globally, this suggests that hundreds of millions of users are currently exposed to the capabilities of DarkSword.Targeted Data: The exploit is capable of exfiltrating forensically relevant files, including contacts, messages, call history, and the iOS keychain (which stores Wi-Fi passwords and secrets).Historical Context: DarkSword was previously alleged to be used by Russian government hackers against Ukrainian targets, linking this new leak to geopolitical cyber warfare.From State-Sponsored to Criminal PlaygroundThe ease with which DarkSword can be repurposed has raised alarms within the cybersecurity community. Matthias Frielingsdorf, co-founder of mobile security startup iVerify, described the situation as "bad" and warned that the tool cannot be contained. The transition of such advanced spyware from a restricted government tool to a public commodity lowers the barrier to entry for cybercriminals.Kimberly Samra of Google and security hobbyist matteyeux have independently confirmed that the leaked code is trivial to use. Matteyeux successfully demonstrated the exploit on an iPad mini running iOS 18, proving that the threat is immediate and actionable for malicious actors.The Future of iOS Security and Lockdown ModeApple has responded by issuing an emergency update on March 11 for devices unable to run recent versions of iOS. The company emphasizes that keeping software up to date is the "single most important thing" for security and notes that devices with updated software are not at risk.Furthermore, Apple highlighted that Lockdown Mode would block these specific attacks. As the industry moves forward, the reliance on software updates and hardening features like Lockdown Mode will become increasingly critical in defending against the commoditization of exploit kits like DarkSword.

Rapid‑Action Spyware: The Darksword Campaign UnveiledResearchers at Google, iVerify and Lookout traced a fresh wave of iPhone attacks against Ukrainian users to a toolkit they named Darksword. The tool, linked to the threat actor UNC6353, infiltrates devices via compromised Ukrainian websites, siphons passwords, photos, messaging app data and wallet credentials, then vanishes within minutes.Technical Footprint and Quick‑Turnover MetricsInfection vector: malicious scripts on Ukrainian‑hosted sites, active only for visitors inside Ukraine.Data exfiltration window: minutes of dwell time, depending on volume of harvested information.Capabilities: extraction of WhatsApp, Telegram, SMS, browser history, and cryptocurrency wallet keys.Design: modular architecture allowing rapid addition of new functions, mirroring the earlier Coruna toolkit.Geopolitical and Security ImplicationsThe Darksword operation underscores a growing trend of state‑aligned actors deploying highly specialized mobile spyware for short‑term, high‑value “smash‑and‑grab” missions. While the campaign was geographically limited to Ukraine, its sophistication suggests that similar tools could be repurposed for broader espionage or financial theft, raising concerns for iPhone users worldwide and prompting a reassessment of mobile threat models.Future Outlook: Modular Spyware on the RiseAnalysts predict that the success of Darksword will encourage further development of modular iPhone exploits that prioritize rapid data theft over persistent surveillance. Defensive measures will likely focus on hardening web‑delivery chains, improving app‑store vetting, and enhancing on‑device anomaly detection to counter fleeting, high‑impact attacks.