Apple's feud with OpenAI turned scorched-earth: a week after suing the company for stealing trade secrets, Apple escalated into what one account called a "thermonuclear" response, recasting the fight as a battle over poached AI talent — the clearest sign yet that the alliances of the AI boom are curdling into open rivalry. The backlash against the technology broadened elsewhere, as hard-line activists organised for a "war with AI", communities dug in against the data centres that power it, and clinicians warned that chatbot advice is quietly undermining care for eating disorders. China, meanwhile, notched a genuine milestone, becoming the first to recover a rocket booster with a net — one of several launch breakthroughs in a single week. And the softer underbelly of all this stayed exposed: attackers hijacked the npm account of a security vendor to slip an information-stealer onto developers' machines, Australia warned that a global campaign is mass-exploiting vulnerable website systems to plant hidden backdoors, and a class action accused TikTok of a breach touching a claimed 2.4 billion users.
Top Stories
- Apple’s ‘Thermonuclear’ Response to the OpenAI Threat — Technology - WSJ.com · US & Technology
- Global First Rocket Net Recovery: China Achieves Multiple Major Breakthroughs in One Week — Pandaily - China Tech News, AI & Electric Vehicle Insights · China & Technology
- Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install — The Hacker News · Cybersecurity & Threats
- France’s edge in the AI race is cheap energy — if American big tech doesn’t plug in first — Technology – POLITICO · EU & Technology
- 'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets — BleepingComputer · Cybersecurity & Threats
AI & Power
Zhipu’s Chinese Founder Says Frontier AI Should Stay Open to All — Bloomberg Technology
Why it matters: A leading Chinese AI founder stakes out an open-model position in the governance debate.
Zhipu's founder argued frontier AI should stay open to all, a pointed intervention in the global fight over open versus closed models.
The Hard-Line Activists Ramping Up for the War With AI — Technology - WSJ.com
Why it matters: Organised opposition to AI is hardening into a movement.
Hard-line activists are ramping up for a 'war with AI', signalling that public backlash against the technology is becoming organised and confrontational.
The fight against AI data centers is just beginning — The Verge
Why it matters: Community resistance to the physical footprint of AI is escalating.
The fight against AI data centres is just beginning, as communities mobilise against the power and land demands of the AI build-out.
How AI Advice Is Undermining Eating-Disorder Therapy — Technology - WSJ.com
Why it matters: A concrete AI harm: chatbot advice is disrupting clinical care.
AI advice is undermining eating-disorder therapy, clinicians warn, a stark example of consumer AI causing real-world harm.
OpenAI, Meta, SpaceXAI Compete for More Cost-Efficient AI Models — Bloomberg Technology
Why it matters: The frontier race pivots from raw capability toward cost-efficiency.
OpenAI, Meta and SpaceXAI are competing to build more cost-efficient models, a shift that reshapes the economics of frontier AI.
Alex Karp Is Saying What Every Angry CEO Is Thinking About AI — Technology - WSJ.com
Why it matters: Palantir's Karp voices the corporate anxiety and ambition around AI out loud.
Alex Karp is saying what every angry CEO is thinking about AI, crystallising the boardroom tension between disruption and dependence.
Can AI Make Better Drugs? Not on Wall Street’s Timeline — Technology - WSJ.com
Why it matters: The gap between AI drug-discovery promise and market patience.
AI may make better drugs, but not on Wall Street's timeline, exposing the mismatch between AI hype and pharmaceutical reality.
‘Not where they hoped it'd be’: Launch of Trump AI promotion program underwhelms — Technology
Why it matters: Washington's flagship AI-promotion effort lands with a thud.
The launch of the Trump administration's AI promotion program underwhelmed, a setback for the US push to project AI leadership.
6 months to live for open models — Interconnects AI
Why it matters: A provocative case that the open-model window is closing fast.
An analysis argues open models have '6 months to live', sharpening the stakes in the open-versus-closed AI contest.
EU & Technology
France’s edge in the AI race is cheap energy — if American big tech doesn’t plug in first — Technology – POLITICO
Why it matters: Europe's AI edge is cheap power — unless US hyperscalers absorb it first.
France's edge in the AI race is cheap energy, but that advantage erodes if American big tech plugs into it first, a sovereignty dilemma for Europe.
Mastercard examines sale of UK payments subsidiary Vocalink — myFT following
Why it matters: A UK payments-rail asset up for sale raises financial-infrastructure sovereignty questions.
Mastercard is examining a sale of Vocalink, the UK payments subsidiary that runs core national payment rails, with implications for financial sovereignty.
Speeding up digital finance shift ‘could deliver £33bn boost’ to UK economy — myFT following
Why it matters: The UK weighs a faster digital-finance shift for a sizeable economic dividend.
Speeding up the shift to digital finance could deliver a GBP 33 billion boost to the UK economy, per new analysis.
Why Europe is Facing Up to the China Shock Now — The Wire China
Why it matters: Europe reckons with a second 'China shock' across strategic industries.
Europe is finally facing up to the China shock, reassessing its exposure across manufacturing, tech and green industries.
Europe’s entrepreneurs are pushing. When will the capital markets pull? — Sifted
Why it matters: Europe's builders are ready; its capital markets remain the bottleneck.
Europe's entrepreneurs are pushing hard, but the question is when the continent's capital markets will pull their weight to fund them.
UK’s Reeves to Focus on AI Opportunities in Speech to City — Bloomberg Politics
Why it matters: The UK pins growth hopes on AI in a keynote to the City.
UK chancellor Reeves will focus on AI opportunities in a speech to the City, tying national economic strategy to the technology.
The people set to influence tech policy in Burnham’s Britain — Sifted
Why it matters: A map of who will shape UK tech policy under a Burnham government.
A rundown of the people set to influence tech policy in Burnham's Britain, signalling the direction of UK digital regulation.
US & Technology
Apple’s ‘Thermonuclear’ Response to the OpenAI Threat — Technology - WSJ.com
Why it matters: The Apple-OpenAI clash escalates from lawsuit to all-out war over AI talent.
A week after suing OpenAI for trade-secret theft, Apple escalated into a 'thermonuclear' response, recasting the fight as a battle over poached AI talent.
Apple’s M6, M7 and M8 Chips Show How AI Is Reshaping the Company — Bloomberg Technology
Why it matters: Apple's silicon roadmap is being reshaped by the AI compute race.
Apple's M6, M7 and M8 chips show how AI is reshaping the company's hardware strategy, with roots in its abandoned self-driving effort.
Uber’s Autonomous Vehicle Strategy: Slow Their Adoption — WIRED
Why it matters: A contrarian AV play: compete by slowing rivals' rollout rather than racing.
Uber's autonomous-vehicle strategy leans on slowing competitors' adoption, a notable posture as robotaxis scale in US cities.
Here’s How Apple Is Updating Its Child Safety Features in iOS 27 — WIRED
Why it matters: On-device child-safety scanning returns to the fore in iOS 27.
Apple is updating its child-safety features in iOS 27, reviving the fraught debate over on-device scanning and privacy.
Paramount weighs leaving California over Warner Bros. rift — Semafor
Why it matters: A major studio reconsiders its home state amid the Warner Bros. rift.
Paramount is weighing leaving California over its Warner Bros. dispute, a sign of turmoil reshaping the streaming-era media majors.
China & Technology
Global First Rocket Net Recovery: China Achieves Multiple Major Breakthroughs in One Week — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: A genuine spaceflight first narrows the gap with US reusable-launch leaders.
China achieved a global-first net recovery of a rocket booster, one of several launch breakthroughs notched in a single week.
Beyond Claude Code: the Chinese AI tools poised to benefit after back-door alert — Tech - South China Morning Post
Why it matters: The Claude Code 'backdoor' scare becomes a tailwind for domestic Chinese AI tools.
Chinese AI coding tools are poised to benefit after the state 'back-door' alert over Anthropic's Claude Code pushed developers to local alternatives.
Companies turn to Chinese AI models to cut costs — myFT following
Why it matters: Cost pressure is driving global firms toward cheaper Chinese models.
Companies are turning to Chinese AI models to cut costs, extending Beijing's open-model strategy into Western enterprise stacks.
Meet CXMT’s Zhu Yiming: the engineer building China’s answer to global memory-chip giants — Tech - South China Morning Post
Why it matters: China's memory-chip self-sufficiency drive gets a public face at CXMT.
CXMT's Zhu Yiming is building China's answer to the global memory-chip giants, central to Beijing's semiconductor self-sufficiency push.
Cutting China reliance would cost the west $23tn, research suggests — myFT following
Why it matters: Quantifying decoupling: severing China dependence carries a staggering price tag.
Cutting Western reliance on China would cost some USD 23 trillion, research suggests, underscoring how deep the technological entanglement runs.
Threat Intelligence (CTI)
[P3] Ghost Accounts Abuse GitHub API in Mass Recon Campaign — SecurityWeek
Why it matters: Dormant accounts quietly map corporate code estates ahead of intrusions.
Since at least October 2025, 50-plus dormant 'ghost' GitHub accounts (plus some stolen tokens) have abused GitHub's public GraphQL/REST APIs to enumerate organisations' repositories and members, occasionally escalating to cloning or exfiltrating private repos.
severity medium · exploited in the wild · EU: NIS2
[P2] Speed as a Weapon: Inside Storm-1175’s 24-Hour Ransomware Playbook — Threat Intelligence on Medium
Why it matters: Ransomware that goes from access to encryption inside a single day.
A profile of Storm-1175 details a 24-hour ransomware playbook — from initial access to encryption within one day — compressing defenders' response window.
severity high · exploited in the wild · EU: NIS2 · actor Storm-1175 (50%)
[P3] AI Is Making Up Websites. Hackers Are Already Taking Advantage. — Threat Intelligence on Medium
Why it matters: Attackers monetise AI hallucinations by squatting the names it invents.
Attackers are pre-registering the non-existent domains and packages that AI assistants hallucinate ('slopsquatting'), so users and agents that follow AI-invented links or install commands land on attacker-controlled resources.
severity medium · exploited in the wild
[P3] TikTok class action alleges data breach affected 2.4B users — DataBreaches.Net
Why it matters: A mega-breach claim of disputed provenance still warrants credential hygiene.
A US class action alleges a June 2026 breach exposed data on a claimed 2.4 billion TikTok users; researchers caution the trove may be repackaged infostealer logs rather than a fresh database compromise.
severity medium · exploited in the wild · EU: GDPR
[P3] RedHook Android malware now uses Wireless ADB for shell access — BleepingComputer
Why it matters: An Android banking trojan deepens device control via Wireless ADB.
The RedHook Android banking trojan now abuses Wireless ADB to gain shell access on infected phones, expanding its control and persistence.
severity medium · exploited in the wild · EU: GDPR
[P3] KR: Military targeted in nearly 19,000 cyberattack attempts in 2025: lawmaker — DataBreaches.Net
Why it matters: A snapshot of the sheer volume of state-directed cyber pressure on defence networks.
A South Korean lawmaker disclosed the military faced nearly 19,000 cyberattack attempts in 2025, underscoring sustained nation-state pressure on defence networks.
severity medium · exploited in the wild · actor North Korea-nexus (suspected) (40%)
Digital Sovereignty & Identity
Goede geluiden over digitale autonomie — Bert Hubert's writings
Why it matters: A rare optimistic read on Europe's push for genuine digital autonomy.
Bert Hubert finds encouraging signs in Europe's drive for digital autonomy, a bellwether commentary on the continent's sovereignty efforts.
AI glasses reveal widening gap between Meta’s privacy safeguards and AI ambitions — Biometric Update
Why it matters: Meta's AI ambitions are outrunning its privacy safeguards on face-worn cameras.
AI glasses reveal a widening gap between Meta's privacy safeguards and its AI ambitions, raising surveillance concerns about always-on wearables.
US, CARICOM establish regional biometric data-sharing partnership — Biometric Update
Why it matters: A new cross-border biometric data-sharing bloc raises governance stakes.
The US and CARICOM established a regional biometric data-sharing partnership, expanding cross-border identity data flows and their governance questions.
The Identity Problem Hiding in AI Agent Deployments — Blog
Why it matters: Agentic AI keeps colliding with identity systems built only for humans.
Security analysts flag the identity problem hiding in AI-agent deployments, as autonomous agents demand credentials and governance of their own.
Biometrics handling new frontiers and changed expectations, from agents to gait — Biometric Update
Why it matters: Biometrics stretch to new modalities and to machine agents alike.
Biometrics are handling new frontiers and changed expectations, from AI agents to gait recognition, widening what counts as identity.
Defence & National Security
Russian spies use Japan as base, report says — Semafor
Why it matters: A report exposes Russian intelligence using Japan as an operating base.
Russian spies are using Japan as a base for operations, a report says, highlighting the reach of Moscow's intelligence networks in the Indo-Pacific.
Zelenskyy sets up new unit to strike deep inside Russia — Policy – POLITICO
Why it matters: Ukraine institutionalises deep strikes against Russian territory.
Zelenskyy set up a new unit to strike deep inside Russia, formalising Kyiv's long-range campaign against Russian infrastructure.
The ACSC should become Australia’s cybersecurity regulator — The Strategist
Why it matters: A push to give Australia's cyber agency real regulatory teeth.
Analysts argue the ACSC should become Australia's cybersecurity regulator, a debate over how far state cyber agencies should be empowered.
Modi’s visit: Australia, India seek to gain strength from each other — The Strategist
Why it matters: Modi's visit deepens an Indo-Pacific partnership aimed at balancing China.
Modi's visit saw Australia and India seek to gain strength from each other, tightening an Indo-Pacific alignment with strategic-tech dimensions.
Ukraine hits Russian tankers in Sea of Azov — Policy – POLITICO
Why it matters: Ukraine presses its campaign against Russia's shadow-fleet logistics.
Ukraine hit Russian tankers in the Sea of Azov, extending its strikes on the fuel and shipping that sustain Russia's war economy.
Quantum & Cryptography
Scientists’ Side Hustle? Using AI and Quantum Computing to Generate New Peptides — WIRED
Why it matters: AI and quantum computing combine at the frontier of molecular design.
Scientists are using AI and quantum computing to generate new peptides, an early sign of quantum's practical reach into drug and materials discovery.
CVE-2024-37305 | open-quantum-safe oqs-provider up to 0.6.0 length buffer overflow (GHSA-pqvr-5cr8-v6fx / Nessus ID 326389) — VulDB Updates
Why it matters: A flaw in a core post-quantum crypto library underscores PQC supply-chain risk.
A buffer-overflow flaw in the Open Quantum Safe oqs-provider highlights that the post-quantum cryptography toolchain itself needs hardening.
CVE-2024-37305
Cybersecurity & Threats
[P2] Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install — The Hacker News
Why it matters: A security vendor's own npm package hijacked to seed a developer infostealer.
Attackers used a stolen npm publishing credential to push five malicious jscrambler releases (from 8.14.0) whose preinstall hook drops a cross-platform Rust infostealer that sweeps developer machines for cloud credentials, wallets, password-manager data and tokens.
severity high · exploited in the wild · EU: NIS2
[P2] 'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets — BleepingComputer
Why it matters: Prompt injection smuggled inside images makes AI coding agents leak secrets.
Researchers showed malicious instructions hidden inside PNG images (pointed to from an AGENTS.md file) make AI coding agents such as Cursor read a repo's .env and exfiltrate secrets into a pull request, slipping past reviewers and tools that skip image files.
severity high
[P2] Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices — Security Affairs
Why it matters: Six firmware flaws break the chain of trust on huge swaths of embedded gear.
Binarly disclosed six U-Boot flaws — two allowing code execution during boot-image verification — that break the verified-boot chain of trust across 50-plus releases dating to 2013, affecting routers, IoT devices and data-centre BMCs.
severity high · EU: NIS2, Cyber Resilience Act
[P2] Australia warns of global campaign targeting vulnerable CMS platforms — BleepingComputer
Why it matters: A national advisory corroborates a mass web-compromise campaign hitting SMBs.
Australia's ACSC warns of a large-scale global campaign mass-exploiting known CMS and plugin flaws (WordPress plugins including Breeze Cache, plus Craft CMS, Joomla JCE and others) to plant webshells, hitting many small and medium businesses.
severity high · exploited in the wild · EU: NIS2
[P3] Someone Is Scanning for Your MCP Servers and AI Assistant Credentials, (Mon, Jul 13th) — SANS Internet Storm Center, InfoCON: green
Why it matters: Attackers are already mapping the AI-agent tooling layer for credentials.
Honeypots show attackers actively scanning the internet for exposed Model Context Protocol (MCP) servers and AI-assistant credential files, probing the fast-growing AI-agent tooling layer for footholds.
severity medium · exploited in the wild
[P2] U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog — Security Affairs
Why it matters: Two actively-exploited web add-on flaws join CISA's must-patch list.
CISA added actively-exploited flaws in the Joomla iCagenda extension and the Balbooa Forms plugin to its Known Exploited Vulnerabilities catalogue.
severity high · exploited in the wild · EU: NIS2