The evidence that artificial intelligence has become an everyday tool of attackers kept mounting: security researchers caught a live network intrusion in which a run-of-the-mill criminal used AI "vibe-coding" to spin up bespoke malware and map a victim's Windows network, while a new AI-driven phishing service, Forg365, began mass-producing lures to hijack corporate Microsoft 365 accounts. Against that backdrop Iran's wartime hackers pushed well beyond power grids — the Tehran-linked group Handala wiped more than 200,000 machines at medical-device maker Stryker — even as two of the year's largest data spills surfaced, exposing tens of millions of customers at Japan's KDDI and nearly seven million American drivers at insurer AssuranceAmerica, and Interpol swept up 5,811 fraud suspects in a 97-country crackdown. Europe's own fights sharpened, as Parliament let a contested "chat control" message-scanning regime survive through a procedural back-door, Greek surveillance victims sued spyware maker Intellexa for millions, and Brussels pressed both an EU-wide social-media age limit and its case against Apple. And the geopolitics of AI power grew starker still, with reports that OpenAI and Google have sold models to blacklisted Chinese groups, Beijing weighing limits on the American AI its own developers rely on, and the UN secretary-general calling for an outright ban on AI weapons.
Top Stories
- EU 'Chat Control' snoopfest returns after vote to kill it falls short — www.theregister.com - Articles · EU & Technology
- OpenAI and Google sell AI models to blacklisted China groups — myFT following · AI & Power
- New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware — The Hacker News · Cybersecurity & Threats
- China Weighs Limits on the AI Models American Companies Love — Technology - WSJ.com · China & Technology
- Greek victims file lawsuit against Intellexa over Predator spyware — The Record from Recorded Future News · EU & Technology
AI & Power
OpenAI and Google sell AI models to blacklisted China groups — myFT following
Why it matters: US-China AI export politics: American labs reportedly arming blacklisted Chinese entities.
Reporting says OpenAI and Google have sold access to their AI models to Chinese groups on US blacklists, exposing gaps in export enforcement.
UN Secretary-General seeks ban on AI weapons — Semafor
Why it matters: A head-of-state-level push to constrain autonomous weapons squarely in the AI-governance debate.
The UN secretary-general called for an outright ban on AI-controlled weapons as militaries race to field autonomous systems.
Former Fed Chairman Bernanke Joins Anthropic Oversight Trust — Bloomberg Technology
Why it matters: Governance signal: a former Fed chair joins the body meant to check Anthropic's mission drift.
Ben Bernanke was appointed to Anthropic's Long-Term Benefit Trust, the oversight vehicle intended to keep the lab to its safety mandate.
The mistrust of AI labs bubbles over — Semafor
Why it matters: Public trust in frontier labs is fraying as capability and commercial pressure outrun accountability.
Distrust of AI labs is spilling into the open, with critics questioning whether safety promises survive competitive and financial pressure.
Anthropic found a hidden space where Claude puzzles over concepts — MIT Technology Review
Why it matters: Interpretability research bearing on how much we can actually understand frontier models.
Anthropic researchers described a hidden internal space where Claude appears to 'puzzle over' abstract concepts, a window into model cognition.
Meta Patents AI Device That Tracks Your Emotions, Watches You Take Your Meds — 404 Media
Why it matters: AI-surveillance creep into intimate life, with wearables that read emotion and monitor behaviour.
A Meta patent describes an AI device that tracks users' emotions and watches whether they take their medication, sharpening AI-surveillance worries.
New York Times and Other Publishers Ask Court to Penalize OpenAI — NYT > Technology
Why it matters: The media-vs-AI copyright fight escalates toward court sanctions over training data.
The New York Times and other publishers asked a court to penalise OpenAI, escalating the copyright battle over how AI models are trained.
Microsoft's AI boom collides with its climate goals — Axios
Why it matters: The material cost of the AI build-out is colliding with corporate climate pledges.
Microsoft's AI expansion is driving emissions up sharply, colliding with its climate goals as data-centre demand surges.
Microsoft deepens AI ties with UAE to automate government work — Semafor
Why it matters: AI-power geopolitics in the Gulf: a US hyperscaler embedding AI in a foreign government.
Microsoft deepened its AI partnership with the UAE to automate government work, extending American AI into Gulf statecraft.
EU & Technology
EU 'Chat Control' snoopfest returns after vote to kill it falls short — www.theregister.com - Articles
Why it matters: The continent's defining encryption-vs-scanning fight, revived through a procedural back-door.
After a vote to kill it fell short, the EU's contested 'chat control' message-scanning regime survives, extending voluntary CSAM scanning while exempting end-to-end-encrypted services.
Greek victims file lawsuit against Intellexa over Predator spyware — The Record from Recorded Future News
Why it matters: Accountability for Europe's spyware scandal moves from criminal court to civil damages.
Eight Greek victims of the Predator spyware sued maker Intellexa and 13 associates for roughly EUR 7.6 million, seeking damages over the Predatorgate wiretapping affair.
EU takes member states to court over unimplemented cybersecurity law — The Record from Recorded Future News
Why it matters: The Commission enforcing its own cyber rulebook against foot-dragging member states.
The European Commission is taking member states to court over their failure to transpose the bloc's cybersecurity law into national legislation.
Inside von der Leyen’s push for an EU social media ban — Technology – POLITICO
Why it matters: A sweeping platform-regulation move: an EU-wide minimum age for social media.
Ursula von der Leyen is pushing for an EU-wide social-media ban for minors, a major escalation in the bloc's platform-governance agenda.
Drop Palantir from NHS, MPs tell minister — Policy – POLITICO
Why it matters: Digital sovereignty over sensitive health data: the Palantir-NHS backlash hardens.
MPs told the UK government to drop Palantir from the NHS as scrutiny grows over the data underpinning the contract ahead of a 2027 break clause.
European Commission Chooses to Keep EU Users Locked Up Behind Big Tech’s Gates — Deeplinks
Why it matters: A gatekeeper-enforcement setback: Brussels accused of keeping users penned inside Big Tech.
Digital-rights advocates say the European Commission's choices leave EU users locked behind Big Tech's gates rather than freeing them under the DMA.
Britain's cloud habit has become a billion-pound risk — www.theregister.com - Articles
Why it matters: Cloud-sovereignty risk quantified: Britain's dependence on US hyperscalers as a strategic liability.
Analysts warn Britain's reliance on foreign cloud providers has become a multi-billion-pound systemic risk to public services and sovereignty.
Brussels let one small country police Europe’s fintech – and now that guard is backing away — EUobserver
Why it matters: A single-supervisor gap in EU fintech oversight is opening as one small state steps back.
Brussels let one small country police much of Europe's fintech, and that guard is now backing away, exposing supervisory gaps in payments.
New EU ‘scale-up’ fund expects to burst past its €5bn target size — myFT following
Why it matters: Europe's sovereign-capital answer to the scale-up gap gathers real money.
A new EU 'scale-up' fund expects to burst past its EUR 5 billion target, part of the bloc's drive to keep home-grown tech champions from leaving.
US & Technology
CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code — Security Affairs
Why it matters: The US government adopting frontier AI to secure its own code at scale.
CISA is deploying Anthropic's Mythos AI to hunt vulnerabilities across US government code, a notable federal bet on AI for defensive security.
OpenAI’s No. 2 Executive to Step Down in Latest Leadership Shake-up — Technology - WSJ.com
Why it matters: A leadership shake-up at the top of the most-watched AI company.
OpenAI's number-two executive, Fidji Simo, is stepping down from leading its AGI-deployment work owing to illness, amid a broader reshuffle.
OpenAI rolls out GPT-5.6 after government greenlight — and announces ‘ChatGPT Work’ — The Verge
Why it matters: A flagship model release freed by Washington, paired with an enterprise 'work' agent.
OpenAI rolled out its GPT-5.6 model family after a government greenlight and unveiled 'ChatGPT Work' aimed at doing enterprise tasks.
Meta Launches New A.I. Model as Global Technology Race Heats Up — NYT > Technology
Why it matters: The frontier-model race intensifies as Meta ships a new system.
Meta launched a new AI model as the global technology race heats up, keeping pace with OpenAI's and Google's latest releases.
Federal Investigators Say Certain DOGE Records Were Deleted — WIRED
Why it matters: Government-records integrity questions around the DOGE cost-cutting drive.
Federal investigators say certain DOGE records were deleted, raising transparency and records-preservation concerns.
China & Technology
China Weighs Limits on the AI Models American Companies Love — Technology - WSJ.com
Why it matters: Beijing weighing leverage over the very AI models its own developers depend on.
China is weighing limits on the American AI models its companies rely on, a potential lever in the escalating US-China technology contest.
Why China is finally letting AI firms buy the Nvidia H200 — Tech - South China Morning Post
Why it matters: A pivotal loosening of chip access as Beijing lets firms buy Nvidia's H200.
China is finally allowing its AI firms to buy Nvidia's H200 accelerators, easing a key hardware bottleneck for the domestic AI industry.
Humanoid Robot Performs First Live Surgery: Unitree G1 Completes Gallbladder Removal on Living Subject — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: A striking milestone in embodied AI: a humanoid robot performing live surgery.
A Unitree G1 humanoid robot completed a gallbladder removal on a living subject, a first-of-its-kind demonstration of embodied AI in medicine.
China pitches the world on open-source AI — Semafor
Why it matters: China's open-source AI diplomacy as a bid to shape the global model ecosystem.
China is pitching the world on open-source AI, positioning its freely released models as an alternative to closed American systems.
Chinese AI labs pursue custom chips to lower costs but heavy upfront investment a risk — Tech - South China Morning Post
Why it matters: Chinese labs betting on custom silicon to escape cost and export constraints.
Chinese AI labs are pursuing custom chips to cut inference costs, accepting heavy upfront investment risk to reduce reliance on foreign hardware.
Threat Intelligence (CTI)
[P3] INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million — Security Affairs
Why it matters: A very large multinational fraud takedown, Europol-backed, disrupting scams that hit EU citizens.
INTERPOL's Operation First Light (January to April 2026) drove 5,811 arrests and intercepted USD 293 million across 97 countries, freezing 31,014 accounts and identifying more than 142,000 social-engineering-fraud victims.
severity low · EU: Europol
[P1] Iran's Cyber Crosshairs Focus Beyond Critical Infrastructure — darkreading
Why it matters: Iran's wartime hackers expanding beyond critical infrastructure to any exposed target.
Iran-linked groups (Handala, tied to the intelligence ministry, and Ababil of Minab) are hitting non-critical-infrastructure firms, wiping more than 200,000 hosts at medical-device maker Stryker and downing a GPS-tracking platform, often via years-old vulnerabilities.
severity high · exploited in the wild · EU: NIS2 · actor Iran-nexus (Handala/MOIS, Ababil of Minab) (55%), escalation
[P2] New Forg365 phishing platform uses AI to target Microsoft 365 accounts — BleepingComputer
Why it matters: An AI-native phishing service industrialising Microsoft 365 account takeover.
The new Forg365 phishing-as-a-service kit blends adversary-in-the-middle and OAuth device-code phishing with AI-generated lures and a 'ForgCookie' browser extension for persistent, re-authentication-free access to compromised Microsoft 365 accounts.
severity high · exploited in the wild · EU: GDPR, NIS2
[P3] NSA revives 'Tailored Access Operations' name for elite hacking unit — The Record from Recorded Future News
Why it matters: A signalling shift in US offensive-cyber posture that shapes allied norms.
The NSA has revived the 'Tailored Access Operations' brand for its elite offensive-hacking unit, signalling a more overt posture on cyber operations.
severity low · actor NSA (US) (90%)
[P3] One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement — SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
Why it matters: Two rival state services caught burrowing into the same victim, a notable tradecraft convergence.
SentinelLabs found two rival state actors, assessed as China- and India-nexus, separately compromising the same Pakistani law-enforcement body, each pursuing different internal-security intelligence.
severity medium · actor China-nexus and India-nexus APTs (per SentinelLabs) (50%)
[P3] Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes — The Hacker News
Why it matters: Trojanised installers conscripting victims into a residential-proxy botnet.
Fake 7-Zip and VPN installers covertly enrol victim machines into a residential-proxy botnet, monetising their bandwidth and IP reputation for other actors.
severity medium · exploited in the wild
Digital Sovereignty & Identity
Dock Labs maps where the EUDI Wallet market begins — Biometric Update
Why it matters: The EU digital-identity wallet market taking concrete shape, central to Europe's sovereignty push.
Dock Labs mapped where the EU Digital Identity (EUDI) Wallet market begins, charting the providers and rails forming around Europe's eID rollout.
Enterprises Must Treat AI Agents as New Class of Digital Identity: Entrust CEO — ID Tech
Why it matters: Agentic AI forcing a rethink of identity: autonomous agents as a new class of credential-holder.
Identity leaders argue enterprises must treat AI agents as a distinct new class of digital identity, with their own credentials and governance.
Bulgaria’s GERB Proposes Under-16 Social Media Limits With a Digital Age-Check Wallet — ID Tech
Why it matters: Age-verification-by-wallet as the emerging European template for protecting minors online.
Bulgaria's GERB proposed under-16 social-media limits enforced by a digital age-check wallet, an early model for EU age assurance.
Another German state heads down the open source sovereignty road — www.theregister.com - Articles
Why it matters: Public-sector digital sovereignty via open source gains another German adopter.
Another German state is moving to open-source software for sovereignty reasons, part of a wider European push to cut dependence on US vendors.
Google's New Remote Attestation Scheme is As Bad As Its Old One — Deeplinks
Why it matters: Remote attestation as a fresh threat to user autonomy and the open web.
Digital-rights advocates warn Google's new remote-attestation scheme is as bad as its predecessor for user control and device freedom.
UK Report Counts 275 Digital Identity Providers and £2 Billion in Sector Revenue — ID Tech
Why it matters: The scale of the UK identity economy quantified as the sector professionalises.
A UK report counted 275 digital-identity providers and GBP 2 billion in sector revenue, underscoring how large the identity market has grown.
Defence & National Security
Russia-China effort targets Starlink — Semafor
Why it matters: A Russia-China cyber convergence against the satellite backbone of modern conflict.
A joint Russia-China effort is targeting Starlink, aiming at the satellite-internet backbone that has proven decisive in recent conflicts.
UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge — SecurityWeek
Why it matters: A national-scale bet on agentic AI for cyber defence, with industry backing.
The UK government rolled out an agentic-AI defence plan alongside an industry pledge, wagering on autonomous agents to bolster national cyber defence.
The AI disinformation gap the Pentagon may be missing — Breaking Defense
Why it matters: A capability gap: the Pentagon may be underestimating AI-driven disinformation.
Analysts warn of an AI-disinformation gap the Pentagon may be missing as adversaries scale synthetic influence operations.
Germany to buy US Tomahawks in shift toward own long-range capability — Defense News
Why it matters: European strategic-strike autonomy advances as Germany buys US long-range missiles.
Germany will buy US Tomahawk missiles in a shift toward its own long-range strike capability, part of Europe's post-Ukraine rearmament.
UK eyes $50 billion in pooled NATO funds for new long-range strike initiative — Defense News
Why it matters: NATO pooling serious money for deep-strike, signalling a European capability leap.
The UK is eyeing USD 50 billion in pooled NATO funds for a new long-range strike initiative, mirroring a wider European deep-precision push.
Quantum & Cryptography
Why we cannot wait for better post-quantum signature algorithms — The Cloudflare Blog
Why it matters: The unfinished business of post-quantum migration: signatures still lack good options.
Cloudflare argued the industry cannot keep waiting for better post-quantum signature algorithms, spotlighting a gap in the migration to quantum-safe cryptography.
Over $500m in fresh funding, risks of “French state influence” and a 100x valuation: What Pasqal’s SPAC filings reveal — Sifted
Why it matters: European quantum sovereignty and state influence collide in a marquee listing.
Pasqal's SPAC filings reveal over USD 500 million in fresh funding and risks of 'French state influence', a test case for European quantum champions.
QIZ Security Raises $17 Million for Cryptographic Governance Platform — SecurityWeek
Why it matters: Investment flowing into cryptographic governance as crypto-agility becomes a board issue.
QIZ Security raised USD 17 million for a cryptographic-governance platform, reflecting demand to manage keys and crypto-agility ahead of the quantum transition.
Cybersecurity & Threats
[P1] New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware — The Hacker News
Why it matters: A destructive Golang wiper with code overlap to an Iran IRGC-linked actor, amid the Iran war.
Golang backdoor bundling a raw-disk wiper, a Windows-drive wiper (a FlockWiper rewrite) and fake 'Crucio' ransomware that encrypts with no recoverable key, plus screenshot and hidden-VNC espionage.
severity high · EU: NIS2 · actor CyberAv3ngers (suspected, Iran IRGC-nexus) (35%), escalation
[P2] 12 Million Impacted by Data Breach at Japanese Telco KDDI — SecurityWeek
Why it matters: A very large telco breach via an exploited zero-day, seeding credential-stuffing risk.
A zero-day in shared email infrastructure, exploited since May, exposed 12.2 million email addresses and 7.6 million passwords across five Japanese ISPs.
severity high · exploited in the wild · EU: GDPR, NIS2
[P2] AssuranceAmerica data breach exposes records of 6.9 million drivers — BleepingComputer
Why it matters: The largest US driver's-license spill of the year, from a single compromised employee.
Compromise of one employee's credentials exposed names, contact details, driver's-license numbers and Social Security numbers of about 7 million US auto-insurance customers.
severity high · exploited in the wild
[P2] GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses — The Hacker News
Why it matters: Beast-lineage ransomware weaponising a Microsoft-signed driver to blind EDR.
Beast-lineage ransomware using a Microsoft-signed malicious driver (PoisonX/g11.sys) to kill endpoint defences before encryption; spreads via AnyDesk, a NirSoft credential toolkit and PsExec.
severity high · exploited in the wild · EU: NIS2 · actor Hyadina (Beast/Monster operator) (60%)
[P1] Vibe-Coded Malware Caught in Active Directory Attack — Infosecurity Magazine
Why it matters: First-hand proof of AI 'vibe-coding' weaponised in a live network intrusion.
In a real intrusion, an attacker used AI 'vibe-coding' to generate a bespoke PowerShell script that enumerated Active Directory (users, computers, groups) after RDP access with stolen credentials, then exfiltrated data via s5cmd and SharpShares.
severity medium · exploited in the wild
[P3] AI Gateway Connected to Amazon Bedrock Hijacked for Cryptomining — Hackread – Cybersecurity News, Data Breaches, AI and More
Why it matters: An AI gateway hijack that exposes a fast-growing cloud attack surface.
An internet-exposed LiteLLM AI gateway wired to Amazon Bedrock was hijacked for Monero mining after SSH was left open to the world; the real exposure is the gateway's Bedrock credentials, model permissions, prompts and logs.
severity medium · exploited in the wild