Washington swung the other way on frontier AI: barely a day after moving to ration access, the Trump administration lifted its export restrictions on Anthropic's most powerful models — even as OpenAI kept its new cybersecurity model on a tight, government-approved leash, a sign of how unsettled the line between openness and control has become. Beijing pressed its own advantage: Chinese models are closing the gap with US labs at a fraction of the cost and drawing a planned $295bn in domestic data-centre spending that pointedly excludes foreign firms. Europe watched the two collide and turned the sovereignty debate on the United States rather than China — its tech leaders more worried about Washington, its officials under pressure to walk away from the US data-transfer deal, and its lawmakers reaching for a Chips Act 2.0. Beneath the geopolitics the quieter damage was criminal and state-run: a breach at Aflac's Japan arm exposed 4.38 million policyholders and the Silent Ransom crew leaked a top US law firm, while state operators kept probing soft targets — China-linked intruders inside Southeast Asian critical systems and Japanese military networks, and Iranian, Russian and Chinese crews prodding exposed water utilities.
Top Stories
- U.S. Lifts Restrictions on Anthropic’s Most Powerful A.I. Models — NYT > Technology · AI & Power
- Chinese A.I. Models Gain Ground on Anthropic and OpenAI — NYT > Technology · AI & Power
- European tech leaders more worried about US than China — Semafor · EU & Technology
- EU under pressure to withdraw from US data transfer deal — EUobserver · EU & Technology
- How an AI Bust Could Ripple Through The Global Economy — Technology - WSJ.com · AI & Power
AI & Power
U.S. Lifts Restrictions on Anthropic’s Most Powerful A.I. Models — NYT > Technology
Why it matters: The Trump administration reversing federal export/access restrictions on Anthropic's most powerful models (Mythos, Fable) is a landmark AI-power and sovereignty move.
Anthropic’s Code With Claude event in San Francisco last month. Federal restrictions were lifted on Tuesday from the company’s Claude Mythos and Claude Fable A.I. models.
Chinese A.I. Models Gain Ground on Anthropic and OpenAI — NYT > Technology
Why it matters: Chinese frontier models (Z.ai) closing the gap with US labs at far lower cost reshapes the AI competitive balance.
Silicon Valley engineers recently flocked to new technology from a Chinese company, Z.ai, that is almost as good as its American competitors but much cheaper.
How an AI Bust Could Ripple Through The Global Economy — Technology - WSJ.com
Why it matters: A serious analysis of how an AI-investment bust could transmit through the global economy frames the boom as systemic macro risk.
Plus, South Korea plots new chip plants, and AI brings bumper profits for memory producers
OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access — Infosecurity Magazine
Why it matters: OpenAI gating its GPT-5.6 'Sol' cybersecurity model to a vetted few at US government request is a notable fusion of frontier AI and state control.
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's request
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price — BleepingComputer
Why it matters: Anthropic's Sonnet 5 delivering near-flagship performance at lower cost accelerates the price/capability curve of frontier models.
Anthropic is now rolling out Sonnet 5, and it's almost as good as the Opus range, but it is designed to be cheaper than the company's flagship model. [...]
Meta Contractors Posed as Teens to Prompt Rival Chatbots About Suicide, Sex, and Drugs — WIRED
Why it matters: Meta contractors posing as teens to probe rival chatbots on self-harm and drugs is a significant AI-safety and governance story.
Hundreds of contractors working on a project for Meta pretended to be kids in order to see how other chatbots like Gemini and ChatGPT would respond to high-risk subjects, WIRED found.
Claude Science is Anthropic’s newest flagship product — MIT Technology Review
Why it matters: Anthropic positioning 'Claude Science' as a flagship research-automation product signals the next front in the frontier-model contest.
At an event for pharmaceutical executives, biotech founders, and researchers on Tuesday, Anthropic announced Claude Science, a major new product intended to support scientific research in the same way that Claude Code supports software engineering. Like Claude Code, Claude Science can autonomously carry out meaningful work when given concise, high-level instructions, and it has access to tools that make it particularly useful for research in computational biology and drug development. Along with launching and previewing Claude Science, which is now available to all paid Claude subscribers, Anthropic also announced that it will be using the product to pursue some of its own research into drugs for rare, neglected diseases. This is not Anthropic’s first foray into AI for science. In October, the company released plug-ins that help Claude make use of scientific software and databases under the heading “Claude for Life Sciences.” But unlike this earlier release, Claude Science is a full-featured, standalone product. Anthropic’s decision to elevate Claude Science to the same rank as Claude Code and Claude Cowork indicates that the company is taking AI’s scientific applications very seri
Anti-Immigrant Marches Held Across South Africa — Foreign Policy
Why it matters: The Gulf's 'new non-alignment' — hedging between US and Chinese AI stacks — is a sharp read on the geopolitics of AI.
Demonstrators had given undocumented migrants until Tuesday to self-deport or face consequences.
EU & Technology
European tech leaders more worried about US than China — Semafor
Why it matters: European tech leaders naming the US, not China, as the sharp edge of the sovereignty debate captures the shift in EU digital politics.
The quest to build “sovereign” technology systems is increasingly animating European politics — not because of China, but the US. “The sharp edge of the tech discussion here is actually aimed at the US,” Jacob Kirkegaard, at the Brussels think tank Bruegel, said, remarks echoed by several executives and analysts interviewed by Semafor’s J.D. Capelouto during two weeks in Europe. The overarching fear dominating a Paris tech conference, WIRED noted, was “the prospect of ending up stuck using American AI, trained on American values”; European countries are seen as unlikely to embrace Chinese AI models and robots . But Europe’s experience with EVs , where Chinese firms are dominant, serves as a warning against complacency. — J.D. Capelouto
EU under pressure to withdraw from US data transfer deal — EUobserver
Why it matters: Pressure on the EU to withdraw from the US data-transfer deal after a US court weakened FTC independence goes to the heart of transatlantic data sovereignty.
Donald Trump has been granted even more powers after a Supreme Court ruling that undermines the independence of the Federal Trade Commission, which enforces privacy safeguards of a EU-US data transfer deal.
EU trade chief sets October deadline to resolve China deficit row — EUobserver
Why it matters: An October deadline set by EU and Chinese trade chiefs to resolve the deficit row is a concrete marker in EU-China economic relations.
After months of rhetorical disputes and the threat of new trade defence measures, top EU and Chinese trade officials have set themselves an October deadline to resolve their disputes.
Proposed Chips Act 2.0 fortifies Europe’s electronics ecosystem — EUobserver
Why it matters: A proposed Chips Act 2.0 to reverse component offshoring is central to Europe's bid to reclaim critical-hardware sovereignty.
In taking steps to reverse the offshoring trend of critical electronic parts and components, the Chips Act 2.0 could move Europe closer to reclaiming a measure of ownership of its most critical systems.
Max Schrems preps new privacy challenge to EU-US data deal — Tech Archives | Euractiv
Why it matters: Max Schrems preparing a fresh challenge to the EU-US data deal could again upend the legal basis for transatlantic data flows.
Commission should exit the Data Privacy Framework after US Supreme Court ruling, says Noyb
Virkkunen announces space consortium to compete with US — Tech Archives | Euractiv
Why it matters: The EU's new space consortium to build direct-to-device capability is explicitly framed as technological sovereignty versus the US.
Developing European direct-to-devices capabilities "is about Europe's technological sovereignty", she said
Top Google Security Staff Warn Search Data Could Be Hacked if EU Rules Change — WIRED
Why it matters: Google security staff warning that EU pro-competition rules could expose Search data injects a security argument into the DMA debate.
Europe’s pro-competition proposals could see Google Search and Android systems opened up. The company claims there are serious privacy flaws.
Europe Will Never Be an AI Superpower — Foreign Policy
Why it matters: A hard-edged argument that Europe will never be an AI superpower — and what limited independence it can still claim — fits the sovereignty lens.
But it’s not too late for the continent to claim some technological independence for itself.
JD.com’s bid for Europe’s Ceconomy clears German hurdle but EU subsidy probe looms — Tech - South China Morning Post
Why it matters: JD.com's bid for Ceconomy clearing a German hurdle while facing an EU subsidy probe tests Europe's inbound-investment screening.
Chinese e-commerce giant JD.com’s €2.2 billion (US$2.5 billion) bid to acquire Europe’s largest electronics retailer Ceconomy has received the green light from German authorities as China and the European Union engage in high-stakes trade talks. Germany’s Federal Ministry for Economic Affairs and Energy approved the deal after a review of its potential impact on the country’s public order and security, subject to conditions that the Chinese tech giant would ensure the personal data of Ceconomy’s…
US & Technology
Trump budget boss Russell Vought open to re-staffing CISA — CyberScoop
Why it matters: The US budget chief signalling willingness to re-staff a gutted CISA is a meaningful reversal in federal cyber-defence posture.
Trump administration budget chief Russell Vought told lawmakers Tuesday that he’s willing to work with Department of Homeland Security Secretary Markwayne Mullin on re-staffing up the Cybersecurity and Infrastructure Security Agency, following deep personnel cuts and further proposed reductions in the fiscal 2027 budget blueprint. Mullin said last week at a House Appropriations Subcommittee on Homeland Security hearing that he would like to hire 600 more people at CISA, similar to remarks he made earlier this month at another House hearing . President Donald Trump has cut or lost more than 1,000 from an agency that stood around 3,400-strong at the end of the Biden administration — cuts criticized by lawmakers in both parties . At a House Appropriations Subcommittee on Financial Services and General Government hearing Tuesday, Rep. Mark Amodei, R-Nev., asked Vought about Mullin’s CISA remarks. “You don’t just flip a light switch on, and you got 600 folks over in CISA now. What’s the plan for getting CISA fully operational?” Amodei, who chairs the panel’s Subcommittee on Homeland Security, asked. “How do we make sure we have a robust, effective, cost-effective CISA force? Because I d
DHS to unveil replacement council for critical infrastructure cybersecurity — CyberScoop
Why it matters: DHS reviving a critical-infrastructure information-sharing nerve centre restores a key public-private cyber-defence channel.
The Department of Homeland Security is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector. The Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program, first reported by CyberScoop in January , is meant to replace the function of the Critical Infrastructure Partnership Advisory Council. CIPAC was a federal advisory body that allowed agencies like the FBI, the Cybersecurity and Infrastructure Security Agency and the intelligence community to interact with key owners and operators of water, power, internet and telecommunications to coordinate on cyberattacks and digital vulnerabilities. ANCHOR will fulfill a similar role. “ANCHOR-CI will provide forums through which cybersecurity, law enforcement, intelligence, national security, and other government representatives at the federal, state, local, tribal, and territorial levels may engage representatives of private sector entities and critical infrastructure owners and operators in reviewing the current threat environment, discussing
House passes kids’ online safety bill, but Senate approval unlikely — The Record from Recorded Future News
Why it matters: The House passing the KIDS Act sets up a consequential Senate fight over federal online child-safety and platform pre-emption.
The Kids Internet and Digital Safety (KIDS) Act passed with bipartisan support by a 267-117 margin, winning the two-thirds majority needed to greenlight the legislation under a process that speeds up a bill’s path to a vote but requires more than a simple majority.
China & Technology
The great AI reckoning: how China is flipping the script on US’ new industrial revolution — Tech - South China Morning Post
Why it matters: A wide-ranging read on how China is 'flipping the script' on the US industrial revolution captures the core US-China tech contest.
As the United States marks the 250th anniversary of its founding, it confronts a new world order dominated by its relationship with China. In this wide-ranging series, we examine the pressure points and possibilities in those ties, from hard tech to soft power. Here, Vincent Chow looks at how China challenges core American assumptions about innovation and technology, and the historical stakes of their competition in artificial intelligence. In 1969, the renowned British sinologist Joseph Needham…
China’s $295 Billion Ambitions for AI Will Drive up Domestic High-Tech Stocks — The Diplomat
Why it matters: Beijing's $295bn AI data-centre push that deliberately excludes foreign firms is a major industrial-policy and decoupling signal.
Beijing’s AI data center strategy will purposefully exclude foreign firms – providing a shot in the arm for domestic companies.
Apple reportedly lobbies US for approval to source DRAM from China’s CXMT — TechNode
Why it matters: Apple lobbying Washington to source DRAM from China's CXMT shows how export controls collide with supply-chain reality.
According to sources, Apple is reportedly lobbying the US government for approval to purchase DRAM chips from Chinese memory manufacturer ChangXin Memory Technologies (CXMT). Apple has been in discussions with the White House in an effort to secure permission to source DRAM from CXMT, aiming to ease financial pressure caused by continuously rising memory procurement costs. Sources say Apple first approached the US Department of Commerce over a month ago and has also contacted other officials and stakeholders in Washington to seek regulatory approval. CXMT is one of China’s largest DRAM manufacturers. The company was previously added to the US Department of Commerce’s Entity List last year. [ IThome , in Chinese]
ByteDance targets early next year for new CPU to power own AI infrastructure: sources — Tech - South China Morning Post
Why it matters: ByteDance designing its own CPU to power AI infrastructure is a further step in China's drive for compute self-sufficiency.
TikTok owner ByteDance aims to finalise the design of its next-generation in-house central processing unit (CPU) by early next year at the latest, targeting mass production and wider deployment in the second half of 2027 to fuel its expanding AI ambitions, according to three people familiar with the matter. An early version of the proprietary CPU had been used in-house since late last year, one of the people said. However, given the urgent demand, tape-out of the new CPU could be brought…
Chinese AI model’s bug-hunting prowess narrows gap to US — Tech - South China Morning Post
Why it matters: A Chinese AI model narrowing the bug-hunting gap with US tools has direct offensive/defensive-security implications.
A Chinese artificial-intelligence (AI) model whose launch has been hailed as another “DeepSeek moment” can go toe-to-toe with US rival Anthropic’s powerful Mythos model on cybersecurity tasks, researchers have said. Beijing-based start-up Zhipu AI’s GLM-5.2, released on June 13, beat Anthropic’s Claude Opus 4.8 model in benchmarking tests by cybersecurity company Semgrep, The Wall Street Journal reported. When Semgrep researchers gave it further instructions, GLM-5.2 matched that model and…
CXMT and Tencent reportedly reach $2.94 billion DRAM supply agreement — TechNode
Why it matters: A $2.94bn CXMT-Tencent DRAM supply pact deepens China's domestic memory ecosystem amid US curbs.
According to a Reuters report, Chinese DRAM maker CXMT (ChangXin Memory Technologies) has signed a long-term supply agreement worth more than RMB 20 billion ($2.94 billion) with Chinese internet giant Tencent Holdings, ahead of CXMT’s planned listing on Shanghai’s STAR Market. Citing three people familiar with the matter, the multi-year agreement will secure the supply of DRAM chips for Tencent’s server business, making it one of the largest procurement commitments in recent years between a domestic Chinese chipmaker and a major internet company. Two of the sources said the agreement could run for up to three years, while a third source said it could last as long as five years. As the detailed terms of the deal have not been publicly disclosed, the exact product specifications and supply duration remain unclear. Neither CXMT nor Tencent has commented on the report. [ Icsmart , in Chinese]
Threat Intelligence (CTI)
[P2] China-Linked Group Targets Southeast Asia Critical Systems — darkreading
Why it matters: A China-linked group breached 10+ Southeast Asian organisations, including state-owned entities, with a new backdoor.
At least 10 regional organisations (incl. two state-owned) compromised and a new backdoor deployed across Southeast Asian critical systems.
severity high · exploited in the wild · actor China-nexus (unattributed) (50%)
[P2] Iran, Russia, China Target Water Systems for Sabotage — darkreading
Why it matters: Iran, Russia and China are breaching water systems via weak passwords and exposed PLCs, not sophisticated malware.
Nation-state actors breaching water utilities through weak passwords, internet-exposed PLCs and poor network segmentation.
severity high · exploited in the wild · EU: NIS2, CER Directive · actor Multiple state actors (Iran/Russia/China) (40%)
[P2] USB drives carrying China-linked malware infected Japanese military networks for nearly a year — GRAHAM CLULEY
Why it matters: USB-borne, China-linked malware sat undetected on Japanese military networks for nearly a year.
China-linked malware spread via USB drives persisted on Japanese military networks for close to a year, reaching otherwise air-gapped systems.
severity high · exploited in the wild · actor China-linked (unattributed) (50%)
[P2] ToddyCat: your hidden email assistant. Part 2 — Securelist
Why it matters: Kaspersky details ToddyCat's evolving toolset for stealing browser, email and cloud data.
Second-part analysis of ToddyCat's tooling (incl. OAuth abuse) used to harvest data from browsers, local stores and cloud email.
severity high · exploited in the wild · actor ToddyCat (70%), escalation
[P2] Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer — The Hacker News
Why it matters: Hijacked npm and Go packages abuse VS Code tasks to drop a Python infostealer.
Compromised npm and Go packages use VS Code task definitions to execute and deploy a Python infostealer on developer machines.
severity high · exploited in the wild
[P3] Fake Bug Report Hijacks AI Coding Agents at Scale — darkreading
Why it matters: 'Agentjacking': crafted bug reports hijack AI coding agents by blurring content and instructions.
Demonstrated technique where malicious bug reports steer AI coding agents into attacker-chosen actions, exploiting their inability to separate data from instructions.
severity medium
Defence & National Security
Trump administration announces ‘War Force’ effort — DefenseScoop
Why it matters: The Pentagon's 'War Force' drive to embed AI engineers down to unit level is a notable defence-tech talent play.
The Pentagon and Office of Personnel Management announced a recruiting effort Tuesday that officials are calling “War Force.” The initiative doesn’t seek to hire trigger-pullers but rather AI experts and other software engineers that could “embed down to the unit level across the department” to support operational needs and “ensure a more lethal United States military,” according to an OPM press release. Per a job posting on the government-run USAJOBS website, personnel hired for the “forward deployed engineer” roles could make up to nearly $200,000 in annual salary if they come to work for the Pentagon for a two-year stint. The department seeks experts in designing, building, integrating and maintaining capabilities like frontier AI, machine learning, automation and data systems. (Image from social media post by the Pentagon’s Chief Digital and AI Office) “Through War Force, OPM will recruit top engineering talent from across the country and connect qualified candidates with high-impact technical roles at the Department of War,” officials wrote in the press release, using the Trump administration’s preferred name for the Department of Defense. The new hiring effort is in line with
European armies already filling holes made by US withdrawals, says Rutte — myFT following
Why it matters: NATO's chief saying European armies are already backfilling US withdrawals underscores Europe's defence-autonomy pressure.
Also in this newsletter: Ireland sets out its priorities as it assumes the EU presidency World , EU defence
UK prime minister pledges near $105B defense budget by 2029 — Breaking Defense
Why it matters: The UK pledging a ~$105bn defence budget by 2029, funding GCAP and drones, is a major European rearmament marker.
Courtesy of a £8.6 billion investment in the forthcoming Defence Investment Plan, the UK is also “renewing” a commitment to build sixth generation fighter jets, under the Global Combat Air Programme (GCAP), in collaboration with Italy and Japan.
Lawmaker warns of administration’s ‘fetishization’ of Silicon Valley startups — Defense One - All Content
Why it matters: A lawmaker warning against the 'fetishization' of Silicon Valley startups signals coming scrutiny of defence-tech contracting.
Rep. James Walkinshaw, D-Va., discussed his plans to scrutinize Trump-era contracting practices, revive federal IT oversight, and push for AI policy.
CIA Aims to Speed Up Tech Adoption as AI Is ‘Rewriting’ Conflict — Bloomberg Politics
Why it matters: The CIA director framing AI and quantum as 'rewriting' conflict signals a deeper intelligence-community tech pivot.
CIA Director John Ratcliffe vowed to step up the agency’s efforts to deploy artificial intelligence and quantum computing, stressing that rapid developments in emerging technologies are changing the nature of geopolitics.
Anduril and Amazon’s mobile data center venture aims to bring edge computing to the frontlines — Defense One - All Content
Why it matters: Anduril and AWS building mobile data centres for frontline edge computing shows commercial cloud pushing to the tactical edge.
Amazon Web Services named the defense firm as the preferred national security provider.
Digital Sovereignty & Identity
Romania to Build Its EU Digital Identity Wallet on Germany’s Open-Source Model — ID Tech
Why it matters: Romania building its EUDI Wallet on Germany's open-source stack shows the EU digital-identity wallet consolidating around shared code.
Romania plans to build its national version of the EU Digital Identity Wallet on the open-source software developed by Germany, a move the government says will cut costs and avoid […] The post Romania to Build Its EU Digital Identity Wallet on Germany’s Open-Source Model appeared first on ID Tech .
UK pubs to accept digital ID for age assurance by Christmas 2026 — Biometric Update
Why it matters: The UK legislating digital ID for age assurance in pubs by Christmas marks a concrete rollout of state-backed digital identity.
The UK government has finally put its policy where its promises are on allowing digital ID for proof of age at pubs and licensed establishments. A statement from Minister of State for Policing and Crime Sarah Jones says she is “laying a statutory instrument to deliver on our commitment to update the Licensing Act 2003 (Mandatory Licensing Conditions) Order 2010 (“the Order”) made under the Licensing Act 2003 (LA03).” “This change will permit the use of certified and registered Digital Verification Services (DVS) for the sale and supply of alcohol in England and Wales, where certain conditions are met.” Subject to Parliamentary procedure, the Government intends the Statutory Instrument to come into effect in Autumn 2026. The change is scheduled to come roughly two years after former Technology Secretary Peter Kyle pledged that drinkers would be able to prove their age in a pub using digital ID by Christmas 2025 . Should it come to pass across the retail sector, it will be a major relief for Ewen McGregor, a licensing lawyer at TLT LLP who has hosted a panel two years running at the Global Age Assurance Standards Summit, exploring the question of when, exactly, the UK government woul
ICE biometrics underpin broader surveillance network, report argues — Biometric Update
Why it matters: A report arguing ICE/CBP biometrics have grown into a broad surveillance network speaks to identity-infrastructure creep.
A coalition of privacy and civil liberties organizations says that biometric systems deployed by ICE and CBP have evolved from identity verification tools into part of a broader surveillance infrastructure. The report , The Tech Behind ICE: Oligarchs, Immigration Enforcement and the Threat to Democracy , by Mijente, Just Futures Law, and Surveillance Resistance Lab, argues that the Department of Homeland Security (DHS) is moving biometric and AI-driven enforcement beyond airports, ports of entry, and detention facilities into neighborhoods and immigration operations, putting privacy and civil rights at risk. Its central argument is not about a single biometric system, but the linking of face images, fingerprints, iris scans, and DNA with wider government and commercial data networks used to identify, profile, and target people. The report’s larger argument is that biometrics have become a gateway to a broader surveillance architecture. It says Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) can connect biometric identifiers with immigration records, social media activity, location data, vehicle records, and commercial datasets. A system built osten
India’s central bank mandated use of .bank domains to enhance trust – but its registry leaked sensitive info — www.theregister.com - Articles
Why it matters: India's central-bank .bank registry leaking sensitive data undercuts a trust-anchoring identity initiative.
In 2025, the Reserve Bank of India created the .bank.in subdomain and required all local banks to start using it for their online presences. Indian is home to thousands of banks and the new rule meant all needed to register for and use a bankname.bank.in domain, a move designed to make life harder for phishers and fraudsters. Now a security researcher has alleged that the entity chosen as the sole registrar of the subdomains – the Institute for Development and Research in Banking Technology (IDRBT) – botched the job and leaked sensitive data. The allegation came in a report [PDF] and post published yesterday by CashlessConsumer, a group that advocates for India to become a cashless society and which aims to represent citizens to digital payments players. “The IDRBT Domain Registration Portal (registrar.idrbt.ac.in) – the exclusive registrar for India’s .bank.in namespace – exposed its entire REST API via 33+ unauthenticated endpoints,” the post alleges. “Anyone with curl could retrieve the bcrypt password hashes, mobile numbers, email addresses, login IPs, and device fingerprints of all 5,576 bank employees trusted with managing India’s banking domains.” The researcher behind the e
Quantum, Cryptography & CBDC
Accelerating the quantum-safe timeline — Microsoft Security Blog
Why it matters: Microsoft arguing the quantum-safe timeline has shortened, with concrete PQC migration guidance, is a substantive post-quantum signal.
The quantum-safe timeline has changed For years, planning for post-quantum cryptography (PQC) was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At Microsoft, we are acting on this shift by bringing our quantum-safe timeline forward so organizations can begin the transition earlier and with greater confidence. Advances in quantum research and development have shifted the risk horizon. We believe cryptographically relevant quantum computers could arrive sooner than previously expected —and the work required to prepare is significant so organizations need to start now. Recent government actions, including United States 1 and French 2 guidance to adopt quantum-safe cryptography as early as 2030 in certain high-risk systems, reflect the same conclusion: preparing for this transition is already underway. This is a recognition that the transition to quantum-safe cryptography is a multi-year engineering effort that benefits from early planning and action, and delaying that work increases both cost and risk. This reinforces our decision to bri
Why Post-Quantum Cryptography Starts With Credentials — The Hacker News
Why it matters: Framing post-quantum migration as starting with credentials gives CISOs a practical on-ramp to PQC.
Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured by
Shipping post-quantum cryptography to Python — The Trail of Bits Blog
Why it matters: Shipping NIST-standard ML-KEM/ML-DSA into the Python ecosystem via pyca meaningfully lowers the barrier to real-world PQC adoption.
Post-quantum cryptography is now one pip-install away for the entire Python ecosystem. With funding from the Sovereign Tech Agency , we implemented support for ML-KEM, the NIST-standard key-establishment primitive, and ML-DSA, the NIST-standard digital-signature primitive, in pyca/cryptography . On June 22, 2026, the White House ordered the U.S. government to accelerate its transition to post-quantum cryptography. The order says large-scale quantum computers, especially in adversarial hands, will threaten widely used cryptographic systems, and that attackers may already be collecting encrypted data now so they can decrypt it later. It also sets concrete migration deadlines: high-value and high-impact federal systems must use post-quantum key establishment by December 31, 2030 , and post-quantum digital signatures by December 31, 2031 . And even if you don’t care about quantum resistance, that’s not a problem because quantum resistance isn’t the main benefit of post-quantum crypto. That transition cannot happen only at the policy layer. Every application that signs packages, validates certificates, establishes secure channels, or protects long-lived secrets depends on cryptographic
Bargeld-Verordnung: Wie die EU die Rolle des Bargelds stärken will — netzpolitik.org
Why it matters: The EU's cash regulation, tied to the digital euro rollout, is a core digital-money and monetary-sovereignty story.
Mit der Einführung des Digitalen Euro versprechen die EU-Institutionen, auch das Bargeld zu stärken. Parlament und Mitgliedstaaten wollen etwa „No Cash“-Schilder wirkungslos machen. Damit reagieren sie auch auf Kritik von Bargeld-Befürworter:innen. Parlament und Mitgliedstaaten wollen solche Schilder wirkungslos machen. – Alle Rechte vorbehalten: IMAGO / Sven Simon Vergangene Woche einigte sich das Europaparlament als letzte der drei großen EU-Institutionen auf ein Gesetzespaket zum Digitalen Euro. Zusätzlich zur digitalen Zentralbankwährung sollen die geplanten Verordnungen aber auch das Bargeld stärken. Doch wie sieht diese Stärkung genau aus? Und worin unterscheiden sich die Pläne von EU-Kommission, Mitgliedstaaten und Europaparlament? Konkret geht es um das „Single-Currency-Package“: Dieses enthält neben den Vorschlägen zum Digitalen Euro auch ein EU-Gesetz, das Bargeld als gesetzliches Zahlungsmittel („Legal Tender“) definiert. Was bedeutet „gesetzliches Zahlungsmittel“? Fragt man den Juristen Sebastian Omlor , ist das bitter nötig: „Die rechtliche Situation des Bargelds im Euroraum ist aktuell einigermaßen defizitär.“ Die Euro-Einführungsverordnung von 1998 stelle lediglich i
Cybersecurity & Threats
[P1] Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints — The Hacker News
Why it matters: An unauthenticated, KEV-listed RCE (CVSS 9.3) in Langflow under active mass-exploitation to hit exposed AI app endpoints.
Unauthenticated RCE on internet-exposed Langflow AI endpoints; used to deploy a Monero miner and steal cloud (AWS) keys, with exploits built ~20h after disclosure.
severity critical (CVSS 9.3) · exploited in the wild · EPSS 0.94 · EU: NIS2
[P1] BlueHammer Vulnerability Exploited in Ransomware Attacks — SecurityWeek
Why it matters: A Microsoft Defender privilege-escalation flaw (BlueHammer, CVE-2026-33825) on CISA's KEV list, now abused in ransomware.
Access-control flaw in Microsoft Defender lets a local attacker reach the SAM database and elevate to SYSTEM; exploited as a zero-day, now used in ransomware campaigns.
severity high (CVSS 7.8) · exploited in the wild · EPSS 0.6 · EU: NIS2
[P2] Citrix patches a new NetScaler flaw with echoes of CitrixBleed — CyberScoop
Why it matters: A pre-auth NetScaler memory-overread (CVE-2026-8451, CVSS 8.8) of the CitrixBleed class, with a CERT-EU advisory.
Pre-authentication memory overread on NetScaler configured as a SAML IdP; malformed XML at /saml/login can leak process memory into auth cookies (CitrixBleed-class).
severity high (CVSS 8.8) · EPSS 0.2 · EU: NIS2
[P2] Amazon Q VS Extension Flaw Leads to Cloud Credential Theft — darkreading
Why it matters: A flaw in the Amazon Q VS Code extension lets a malicious repo run code and steal cloud credentials — a growing MCP risk.
A crafted repository can execute arbitrary code and exfiltrate cloud credentials via the Amazon Q VS Code extension, illustrating expanding AI-agent/MCP attack surface.
severity high
[P2] Aflac Japan Data Breach Impacts 4.38 Million — SecurityWeek
Why it matters: A breach at Aflac's Japan unit exposed data on 4.38 million policyholders via its portal.
Attackers accessed Aflac Japan's policyholder portal repeatedly between 15-25 June, exposing data on ~4.38 million policyholders.
severity high
[P2] EXCLUSIVE: Top-100 Law Firm Fox Rothschild Suffers Data Breach and Leak by Silent Ransom Group — DataBreaches.Net
Why it matters: A top-100 US law firm, Fox Rothschild, was breached and leaked by the Silent Ransom Group (Luna Moth).
Silent Ransom Group (aka Luna Moth) breached and leaked data from top-100 US law firm Fox Rothschild as part of its data-theft extortion.
severity high · actor Silent Ransom Group (Luna Moth) (60%)