UK Intelligence Warns 100 Countries Now Possess Spyware Capable of Hacking Phones

British intelligence has issued a stark warning: more than half of the world’s governments now have access to commercial spyware to hack phones and computers, marking a dramatic escalation in global surveillance capabilities. The UK National Cyber Security Centre (NCSC) is set to reveal that the number of countries wielding these invasive tools has jumped from 80 in 2023 to 100 today, according to a report by Politico.

This means that governments across every continent can now deploy sophisticated hacking software to break into devices, steal sensitive data, and monitor individuals without their knowledge. The barrier to entry for such technology has fallen significantly, making it easier for foreign adversaries and cybercriminals to target UK citizens, companies, and critical infrastructure.

The Expanding Threat of Commercial Spyware

Commercial spyware, developed by private firms like NSO Group (maker of Pegasus) and Paragon Solutions (creator of Graphite), typically exploits security vulnerabilities in phone and computer operating systems. Once installed, these tools can extract messages, contacts, passwords, and even record calls or activate microphones remotely.

While governments have historically claimed they only use such spyware against serious criminals or terrorist suspects, security researchers and human rights advocates have repeatedly documented misuse. Journalists, political dissidents, and human rights defenders have been targeted by authoritarian regimes using these very tools. Now, UK intelligence warns that the victim pool has “expanded” to include bankers, wealthy businesspeople, and other high-net-worth individuals.

UK Businesses Underprepared for State-Backed Cyber Attacks

Richard Horne, the head of the NCSC, delivered a sobering speech at the CYBERUK conference in Glasgow. He stated that British companies are “failing to grasp the reality of today’s world,” as the majority of nationally significant cyberattacks against the UK now originate from foreign adversarial governments—not criminal gangs. This shift underscores the need for businesses to bolster their defenses against state-sponsored hacking operations.

Horne’s remarks come amid ongoing intrusions linked to China, aimed at stealing sensitive data, spying on prominent individuals, and laying the groundwork for disruptive hacks that could hinder a Western military response in the event of a conflict over Taiwan. The UK is not alone in facing these threats; allied nations are also grappling with similar espionage campaigns.

The Leak of Powerful Hacking Tools

The danger isn’t limited to government use. Earlier this year, a hacking toolkit called DarkSword leaked online. This toolkit contained multiple exploits capable of breaking into modern iPhones and iPads. It allowed anyone—not just governments—to set up malicious websites that could hack Apple users who hadn’t installed the latest software updates.

This leak demonstrates a troubling reality: even tightly controlled hacking tools developed by or for governments can escape into the wild. Once leaked, they can proliferate uncontrollably, putting millions of people at risk from opportunistic cybercriminals. The DarkSword incident is just the latest example of how phone hacking tools can fall into the wrong hands.

What This Means for National Security

The expansion of commercial spyware access represents a significant shift in the global threat landscape. With 100 countries now possessing the capability to deploy spyware to hack phones, the potential for abuse is enormous. Governments can monitor not only criminals but also political opponents, activists, journalists, and business rivals. For the UK, this means that both state actors and non-state actors pose a credible threat to national security and economic stability.

Building on this, the NCSC is urging organizations to adopt stronger cybersecurity practices, including regular software updates, multi-factor authentication, and employee training on phishing risks. For more insights on protecting your organization, check out our guide on cybersecurity best practices for businesses. Additionally, learn how to identify potential spyware infections by reading our article on common signs your phone may be hacked.

As the line between government surveillance and criminal exploitation blurs, the need for robust digital defenses has never been more urgent. The UK government must also consider stricter regulations on the sale and export of commercial spyware to prevent further proliferation.

In conclusion, the revelation that 100 countries now possess spyware capable of hacking phones should serve as a wake-up call. Whether you’re a corporate executive, a journalist, or an ordinary citizen, the threat is real and growing. Stay informed, stay updated, and stay vigilant.

OpenAI Launches GPT-5.4-Cyber: A New AI Model Tailored for Cyber Defense

OpenAI has officially introduced GPT-5.4-Cyber, a specialized version of its GPT-5.4 model designed specifically for cybersecurity applications. This move, coupled with an expansion of the company’s Trusted Access for Cyber (TAC) program, signals a significant push to integrate artificial intelligence into defensive security operations. The announcement, made on April 14 via a blog post, positions this new model as a tool to empower security professionals while carefully managing potential risks.

What Makes GPT-5.4-Cyber Different for Cyber Defense?

Unlike standard large language models, GPT-5.4-Cyber is described as “cyber-permissive.” This means it has been fine-tuned to lower its refusal boundaries for legitimate cybersecurity tasks. For defenders, this translates into a model that can handle sensitive queries about vulnerabilities, threat analysis, and incident response without unnecessary restrictions. OpenAI states that this variant enables advanced defensive workflows, allowing researchers and organizations to explore complex security scenarios.

Building on this, the model is a direct response to what OpenAI calls “steady improvements in agentic coding.” As AI-driven coding becomes more powerful, the potential for both defensive and offensive applications grows. Therefore, GPT-5.4-Cyber aims to give defenders a comparable edge, helping them identify and fix flaws faster than attackers can exploit them.

Expanding the Trusted Access for Cyber Program

The expansion of the Trusted Access for Cyber (TAC) program is a key part of this release. Initially launched in February, TAC was designed to automate identity verification and reduce friction for cybersecurity tasks. Now, OpenAI has introduced additional tiers, with the highest levels reserved exclusively for users who authenticate themselves as cybersecurity defenders. This staggered release strategy allows OpenAI to monitor usage carefully and learn from real-world deployment.

As a result, only vetted security vendors, organizations, and researchers currently have access to the full capabilities of GPT-5.4-Cyber. However, the company has expressed a desire to make these tools widely available while preventing misuse. Stronger verification processes are now in place to ensure that the model’s cyber defense capabilities are not abused.

Addressing Dual-Use Risks

OpenAI acknowledges a fundamental challenge: “Cyber capabilities are inherently dual use.” This means that the same technology which helps defenders can also aid attackers. Therefore, the company is proceeding with caution. By limiting access to verified professionals, OpenAI aims to mitigate the risk of malicious actors leveraging GPT-5.4-Cyber for offensive purposes. This approach mirrors broader industry trends, including Anthropic’s launch of Claude Mythos Preview and Project Glasswing, which focus on discovering and fixing vulnerabilities.

Implications for Software Security and Development

Beyond immediate defense, GPT-5.4-Cyber and the TAC program are positioned to improve software development practices. OpenAI argues that the strongest ecosystem is one that continuously identifies, validates, and fixes security issues as code is written. By integrating advanced coding models into developer workflows, the company hopes to shift security from periodic audits to ongoing, tangible risk reduction.

For example, developers could use GPT-5.4-Cyber to receive immediate, actionable feedback on vulnerabilities while building applications. This proactive approach could reduce the number of exploitable flaws in production software. However, the effectiveness of this strategy will depend on how well the model integrates with existing development tools and workflows.

What This Means for the Future of AI in Cybersecurity

This launch represents a growing trend: AI companies are increasingly tailoring their models for specific high-stakes domains. For cybersecurity professionals, GPT-5.4-Cyber offers a glimpse into a future where AI assistants can handle complex threat analysis, automate routine defenses, and even suggest code patches. Nevertheless, the dual-use nature of such capabilities ensures that access will remain tightly controlled for the foreseeable future.

To learn more about how AI is reshaping security operations, check out our guide on AI cybersecurity tools and best practices. Additionally, explore how vulnerability management strategies are evolving with machine learning.

In conclusion, OpenAI’s GPT-5.4-Cyber marks a deliberate step toward harnessing AI for cyber defense. While the model is not yet widely available, its development underscores the importance of building secure, verifiable AI systems. For defenders, the message is clear: AI is becoming an indispensable ally, but only if wielded with care and accountability.

Rituals confirms data breach: Customer membership records compromised

Dutch cosmetics giant Rituals has confirmed a Rituals data breach that exposed personal details of its loyalty program members. The company revealed the incident in an email sent to affected customers, which TechCrunch reviewed and verified. Hackers managed to steal a large volume of data from the company’s membership database, raising concerns about privacy and security for millions of users.

What data was stolen in the Rituals data breach?

The stolen records include a range of personal identifiers: full name, date of birth, gender, postal address, email address, phone number, preferred store, and account type. Rituals spokesperson Eline van Malssen confirmed that the breach affected customers across Europe and the United Kingdom. However, TechCrunch learned that some U.S. customers also received notifications, indicating a broader impact than initially stated.

This incident is part of a worrying trend. Over the past year, several major retailers have suffered similar intrusions. For example, UK grocery chain Co-op and clothing retailer Marks & Spencer both reported customer data theft. Cybercriminals often target membership databases because they contain valuable personal information that can be used for identity theft, phishing, or extortion.

How did the Rituals cyberattack happen?

Rituals stated that it identified an “unauthorized download” of member data in April. The company did not disclose the exact method used by the attackers, nor did it provide a precise timeline. When asked about ransom demands or communication from the hackers, the spokesperson declined to comment, citing “security reasons.” This lack of transparency has frustrated some customers, who are demanding more details about the breach and how the company plans to prevent future incidents.

Building on this, cybersecurity experts emphasize that prompt disclosure is critical. Companies that delay or withhold information risk losing customer trust. For instance, a ransomware attack on a retail chain can lead to reputational damage and regulatory fines. Rituals has not yet confirmed whether it received a ransom note or if the stolen data has been published online.

Who is affected by the Rituals data leak?

According to Rituals’ website, its membership program boasts over 41 million customers. The company generated €2.4 billion ($2.8 billion) in revenue in 2025, making it a significant player in the global cosmetics market. The breach affects members in Europe, the UK, and the US, though the exact number of impacted individuals remains unclear.

As a result, affected customers should be vigilant. Personal data like birth dates and addresses can be used to create convincing phishing emails or social engineering attacks. Rituals has advised members to monitor their accounts for suspicious activity and to reset their passwords. For more guidance, check out our tips on protecting personal data after a breach.

Steps Rituals is taking

The company says its investigation is ongoing. It has not shared details about enhanced security measures, but typical responses include implementing multi-factor authentication, conducting penetration testing, and hiring external cybersecurity firms. Customers expect a clear action plan, including credit monitoring services or identity theft protection.

What this means for the cosmetics industry

This Rituals data breach underscores the vulnerability of loyalty programs across the beauty sector. Many companies collect vast amounts of personal data to personalize marketing and improve customer experience. However, this data becomes a lucrative target for cybercriminals. Retailers must balance personalization with robust security protocols.

Furthermore, regulators are paying attention. Under GDPR, companies face fines of up to 4% of annual global turnover for failing to protect customer data. For Rituals, that could amount to nearly €96 million. The breach may also trigger class-action lawsuits, as seen in other high-profile cases. Learn more about GDPR compliance for retailers to understand the legal landscape.

In conclusion, the Rituals data breach serves as a stark reminder that no company is immune to cyber threats. Customers should take proactive steps to safeguard their information, while businesses must invest in stronger defenses. As the investigation unfolds, more details may emerge about the attackers’ motives and methods.