The West went after the plumbing of the cybercrime economy this week, not just its operators. The US Treasury sanctioned a no-logs VPN service and a malware-cryptor seller that between them enabled billions of dollars in ransomware losses, while prosecutors in Ohio unsealed an indictment against three Russians accused of running Media Land, the bulletproof-hosting business that rented infrastructure to the crews hitting American hospitals, schools and banks — with a ten-million-dollar bounty attached because the defendants sit safely in St. Petersburg. Spain dismantled a pan-European fraud and money-laundering network that had moved a hundred and forty million euros through eight hundred accounts, and Finland put out an international wanted notice for the hacker behind its Vastaamo psychotherapy breach; layer by layer — anonymity, hosting, laundering — the same as-a-service stack was being pulled apart, even as everyone involved conceded the crews themselves will simply re-tool. Running underneath all of it is a quieter shift in who can even do this work: Trend Micro showed how a lone Russian-speaking fraudster let a jailbroken chatbot do ninety percent of the labour, standing up a working command-and-control server in six minutes and draining a victim's wallet, with the expertise that once required a hired specialist now compressed, as the researchers put it, into a five-kilobyte file. The AI order that produces those tools spent the same days looking less invincible, as IBM shed sixty-nine billion dollars in a single session in a broader chip-and-cloud selloff, New York became the first state to freeze large new data centres outright, and analysts totted up the billions in power costs the build-out is quietly pushing onto ordinary ratepayers across thirteen states. And Brussels kept revealing its own priorities under pressure — softening its rules on always-on smart glasses after Washington pushed back, steering its under-13 social-media plan toward zero-knowledge age proofs rather than face scans, and naming thirty-six providers to actually build the digital euro — all while last week's naming of Russia's FSB over the Poland grid attack rolled on into fresh advisories about the neglected routers the same unit lives inside.
Top Stories
- Six Minutes to Compromise: How ‘Patriot Bait’ Actor Used AI to Build and Deploy a C&C Botnet — Trend Micro Research, News and Perspectives · Threat Intelligence (CTI)
- Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands — The Hacker News · Cybersecurity & Threats
- IBM Loses $69 Billion of Market Value in One Day in Latest AI-Fueled Selloff — Technology - WSJ.com · AI & Power
- U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support — The Hacker News · Threat Intelligence (CTI)
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — The Hacker News · Cybersecurity & Threats
AI & Power
IBM Loses $69 Billion of Market Value in One Day in Latest AI-Fueled Selloff — Technology - WSJ.com
Why it matters: The AI-boom trade cracks in public: a blue-chip sheds a fifth of its value in a day on AI-spending fears.
IBM shed roughly $69 billion of market value in a single session — its worst-ever one-day drop — as investors recoiled from the cost of the AI build-out, part of a broader selloff testing the boom's financial logic.
New York Set to Temporarily Ban Large New Data Centers — Technology - WSJ.com
Why it matters: The physical backlash to AI arrives as law: a US state hits pause on the data centres the boom depends on.
New York moved to impose a one-year moratorium on large new data centres, the first statewide freeze of its kind, putting grid strain and community cost ahead of the AI industry's expansion plans.
Meta Workers Accuse It of Using AI to Conduct Discriminatory Layoffs — Technology - WSJ.com
Why it matters: The first real test of who is liable when a model, not a manager, decides who loses their job.
Meta workers allege in a lawsuit that the company used AI systems to select employees for mass layoffs, turning algorithmic management into a discrimination question the courts have not yet answered.
Data Centers to Add Billions in Power Costs in 13 States — NYT > Technology
Why it matters: The AI energy bill is being socialised, and it is now itemised by state.
Data-centre demand will add billions of dollars to electricity costs across at least 13 US states, an analysis found, quantifying how the AI build-out pushes power prices onto ordinary ratepayers.
Exclusive: Google's Hassabis calls for U.S.-led global AI watchdog — Axios
Why it matters: A frontier-lab chief calling for a global regulator is either conviction or moat-building — probably both.
DeepMind's Demis Hassabis called for a US-led global AI watchdog to govern the technology, a striking intervention from inside a leading lab as the AI-oversight debate hardens.
SpaceXAI’s Grok programming tool was uploading its users’ entire codebase to cloud storage — The Verge
Why it matters: An AI coding tool quietly exfiltrating its users' entire codebases is the supply-chain risk in miniature.
xAI's Grok programming tool was found uploading users' entire codebases to cloud storage rather than only the files it needed, prompting a promised purge and fresh questions about what AI dev tools do with proprietary code.
U.A.E. Rewarded With Coveted AI Chips for Supporting U.S. War in Iran — Technology - WSJ.com
Why it matters: AI chips as a geopolitical reward turns export policy into an instrument of war-coalition building.
The UAE won access to coveted US AI chips as a reward for backing the American campaign against Iran, making advanced compute an explicit bargaining chip in wartime diplomacy.
Altman warns of "hiccups" with new flagship Sol model — Axios
Why it matters: Even the frontier's most bullish voice is now managing expectations on the next flagship.
Sam Altman warned of 'hiccups' with OpenAI's new flagship Sol model, a rare note of caution as the release cadence collides with reliability and cost pressures.
Australia Plans to Govern Use of Water, Power for AI — Technology - WSJ.com
Why it matters: A government proposing to ration water and power for AI is resource politics arriving early.
Australia said it plans to govern how AI data centres use water and electricity, moving to constrain the resource footprint of AI compute before the build-out fully lands.
EU & Technology
EU relaxes rules for smart glasses after US pressure — Cybersecurity and Data Protection – POLITICO
Why it matters: Brussels bending its own privacy rules under US pressure is a sovereignty tell, not a footnote.
The EU relaxed rules governing smart glasses after US pressure, easing constraints on always-on wearable cameras in a concession that cuts against its own privacy-first posture.
U.S. Trade Representative Jamieson Greer rejects EU's tech rules — Axios
Why it matters: Washington openly rejecting EU tech rules escalates the transatlantic regulatory fight.
US Trade Representative Jamieson Greer rejected the EU's tech rules outright, hardening a transatlantic standoff over the DSA, DMA and AI Act that Brussels has cast as a sovereignty question.
Valarian Raises $50 Million for Sovereign Infrastructure Control Layer — SecurityWeek
Why it matters: Sovereign-infrastructure startups raising real money is the market pricing digital sovereignty.
Valarian raised $50 million to build a 'sovereign infrastructure control layer', part of a wave of firms commercialising the demand for data and compute that stays under national control.
‘Anthropic doesn’t care about Europe’ — EU officials peeved after AI giant sends junior staffer to testify about safety — Technology – POLITICO
Why it matters: A frontier lab sending a junior staffer to an EU safety hearing is a governance signal Brussels heard clearly.
EU officials were openly irritated after Anthropic sent a junior staffer to testify on AI safety, reading it as a sign of how little weight leading US labs give European oversight.
Von der Leyen targets ‘addictive’ social media with EU rules for under‑13s by autumn — EUobserver
Why it matters: The under-13 push hardens into a legislative timeline aimed at 'addictive' design, not just access.
Von der Leyen moved to target 'addictive' social media with EU rules for under-13s by autumn, widening the child-safety agenda from an access ban toward the design mechanics of engagement.
EU official signals ‘unilateral’ trade curbs on Chinese exports, saying dialogue alone will not be enough — EUobserver
Why it matters: The Commission signalling unilateral trade tools marks a tougher, less consensual EU-China turn.
A senior EU official signalled that Brussels may impose unilateral trade curbs on Chinese exports, warning that dialogue alone will not resolve the imbalance — a sharper line on economic security.
European Court: Apple Can Not Shirk Off its Interoperability Requirements — Deeplinks
Why it matters: A European court holding Apple to interoperability is the DMA's teeth showing.
A European court ruled that Apple cannot escape its interoperability obligations, reinforcing the DMA's core bet that opening dominant platforms is enforceable, not merely aspirational.
Brussels has delivered only a slice of Draghi reforms, report says — myFT following
Why it matters: The competitiveness agenda everyone invoked is being quietly under-delivered.
A report found Brussels has delivered only a fraction of the Draghi competitiveness reforms, underlining the gap between the EU's strategic-autonomy rhetoric and its legislative follow-through.
Why TensorX believes Europe's AI race will be decided by who owns the GPUs — Tech.eu
Why it matters: Europe's AI race, reframed bluntly as a fight over who owns the GPUs.
TensorX argues Europe's AI future will be decided by who controls the GPUs, a founder's-eye framing of the compute-sovereignty problem now driving European infrastructure bets.
US & Technology
Google and Epic give up fighting — third-party Android app stores are coming next week — The Verge
Why it matters: The end of the walled app store, arriving by settlement rather than statute.
Google and Epic ended their long fight, clearing the way for third-party Android app stores to launch within days — a structural opening of mobile distribution in the US.
Sen. Andy Kim floats tech-backed alternative to app store age checks — Technology
Why it matters: A senator's alternative to app-store age checks reframes the whole youth-safety mechanism debate.
Senator Andy Kim floated a tech-backed alternative to app-store age verification, injecting an industry-favoured model into the US fight over how to police minors online.
LAPD’s withdrawal from Flock exposes deeper failures in camera oversight — Biometric Update
Why it matters: A big-city police pullout from a surveillance vendor exposes how little oversight the cameras ever had.
The LAPD's withdrawal from Flock's camera network laid bare deeper failures in oversight of automated surveillance, as scrutiny of licence-plate and camera systems intensifies.
DOGE Used AI for Housing Policy. The Government Won’t Say How — WIRED
Why it matters: Algorithmic policymaking inside government, with the government declining to explain the model.
DOGE used AI to shape housing policy but will not say how, a transparency gap that turns automated decision-making inside government into an accountability problem.
California creates $3,500 rebate for new electric vehicle buyers — Ars Technica - All content
Why it matters: A state back-filling federal EV incentives is climate policy fragmenting by jurisdiction.
California created a $3,500 rebate for new electric-vehicle buyers, stepping in as federal support recedes and deepening the state-versus-national split on clean-tech policy.
Wall Street banks are AI stocks now — myFT following
Why it matters: When banks trade as AI proxies, the boom's exposure has spread well past the tech sector.
Wall Street banks are now trading like AI stocks, a sign that the market's AI bet has seeped into the financial core and that a correction would not stay contained to tech.
China & Technology
Tao Law V2 Delivers Measured Results: Huawei Kirin 2026 Chip Shows 53.5% Transistor Density Leap as Semiconductor Rally Broadens — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: A claimed density leap on a domestic process is China narrowing the gap export controls meant to hold open.
Huawei's Kirin 2026 chip reportedly delivers a 53.5% transistor-density gain via a new design approach, evidence that China is compensating for restricted lithography with architecture and process tricks.
478x Faster Than NVIDIA A100: Peking University and CAS Neuromorphic Chip Published in Science — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: A Science-published neuromorphic chip claiming huge speedups is China's bet on routing around GPU dependence.
Peking University and CAS researchers published a neuromorphic chip in Science claiming up to 478x the speed of an NVIDIA A100 on target workloads, a bid to leapfrog rather than match Western accelerators.
China memory giant CXMT valued at US$85 billion in record Shanghai IPO — Tech - South China Morning Post
Why it matters: A record domestic chip IPO shows Beijing can fund its semiconductor push at scale despite sanctions.
Memory maker CXMT was valued at about $85 billion in a record Shanghai IPO, underlining that China's chip champions can raise vast capital at home even as US export controls bite.
China’s DeepSeek Prepares to List Shares in Shanghai Next Year — Technology - WSJ.com
Why it matters: The AI-model champion choosing a domestic listing is a statement about where Chinese tech capital now flows.
DeepSeek is preparing to list shares in Shanghai next year, keeping its fundraising onshore as Chinese AI firms increasingly bypass Western markets for domestic capital.
Global AI boom sees China’s chip exports nearly double in first half of year — Tech - South China Morning Post
Why it matters: Chinese chip exports doubling reframes the country as a supplier, not just a target, of the AI supply chain.
China's chip exports nearly doubled in the first half of the year on global AI demand, signalling that its semiconductor industry is scaling as an exporter even under restriction.
China’s StepFun claims it has unveiled the world’s first AI smartphone — Tech - South China Morning Post
Why it matters: The 'AI-native phone' race is a Chinese play to own the agentic device layer first.
China's StepFun claimed the world's first AI-native smartphone, part of a domestic race to define the agentic device before Western vendors ship comparable hardware.
Threat Intelligence (CTI)
[P1] Six Minutes to Compromise: How ‘Patriot Bait’ Actor Used AI to Build and Deploy a C&C Botnet — Trend Micro Research, News and Perspectives
Why it matters: A lone operator, a jailbroken chatbot, and a working C2 server in six minutes: the barrier to entry just fell.
Trend Micro detailed 'Patriot Bait', a five-year influence-and-fraud operation run by a single Russian-speaking actor ('bandcampro') in which a jailbroken Google Gemini did roughly 90% of the technical work — migrating a botnet to new infrastructure and standing up a working command-and-control server in about six minutes, alongside credential theft and draining a victim's crypto wallet.
severity high · exploited in the wild · EU: AI Act, NIS2, EU Cyber Diplomacy Toolbox · actor 'bandcampro' (solo Russian-speaking operator; Trend Micro 'Patriot Bait') (80%), escalation
[P3] U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support — The Hacker News
Why it matters: Treasury goes after the plumbing — the anonymity and evasion services the ransomware economy rents.
OFAC sanctioned First VPN Service (1VPNS) and its administrator Dmytro Rashevskyi, plus cryptor seller Yevgeniy Silayev, for enabling ransomware crews that Treasury says caused billions in losses to US businesses and critical infrastructure; the no-logs 1VPNS — advertised on criminal forums since 2014 — was dismantled in a joint European-North American operation in May 2026.
severity medium · EU: OFAC sanctions, EU restrictive measures, NIS2 · actor 1VPNS / cryptor-seller ecosystem (ransomware enablers; formally designated) (90%)
[P3] US unseals indictment against alleged operators of Russian bulletproof hosting service — The Record from Recorded Future News
Why it matters: Indicting the hosts, not just the crews: the US charges the bulletproof layer beneath the ransomware economy.
A Northern District of Ohio indictment unsealed on 14 July charges three St. Petersburg nationals — Alexander Volosovik, Kirill Zatolokin and Yulia Pankova — and their companies Medialand LLC and ML.Cloud LLC with running bulletproof hosting that knowingly leased infrastructure to cybercriminals attacking US hospitals, schools and banks, causing more than $62M in losses; State's Rewards for Justice is offering up to $10M for information.
severity medium · EU: NIS2, EU-US law-enforcement cooperation · actor Media Land / ML.Cloud (Volosovik / Zatolokin / Pankova) (85%)
[P2] DHS network intrusion was twice ruled a false positive before breach confirmed — Defense One - All Content
Why it matters: Alerts fired, twice, and were waved off — the intruders got weeks inside a system guarding the World Cup.
An intrusion into the Homeland Security Information Network — the platform DHS uses to coordinate security for World Cup matches — was detected by FEMA analysts in mid-to-late May but dismissed as a false positive twice over roughly three weeks, while intruders altered files, ran malicious code via a legitimate web-server program, deleted their logs and targeted credential files, before the breach was finally confirmed.
severity high · exploited in the wild · EU: NIS2 (incident-detection analogy), major-event security
[P2] Pakistani Police Systems Hit by Chinese and Indian Espionage — Infosecurity Magazine
Why it matters: Two rival states, separate campaigns, the same police force — and its biometric and identity databases.
SentinelLABS documented two separate state-linked espionage campaigns — one China-nexus, one India-nexus — independently targeting the same Pakistani law-enforcement bodies (chiefly Balochistan Police, plus Khyber Pakhtunkhwa, Islamabad and Punjab Safe Cities) from February 2024 to April 2026, compromising servers holding biometric records, criminal case files and national-identity data using PlugX, ShadowPad, Remcos and Cobalt Strike.
severity high · exploited in the wild · EU: GDPR (analogy), NIS2 (comparative) · actor China-nexus and India-nexus actors (India set overlaps Mysterious Elephant / APT-C-08) (70%)
[P3] Canada’s Electronic Spy Agency Conducted Cyberattacks on Criminals Brokering Fentanyl Ingredients, Report Says — The Citizen Lab
Why it matters: A Five Eyes agency narrates its own offensive operations — a norms signal as much as an intelligence one.
Canada's Communications Security Establishment disclosed in its 2025-26 annual report that it carried out authorized active cyber operations against foreign criminals brokering fentanyl-precursor chemicals — 'disrupting and diminishing their ability to operate' — and separately against drug traffickers, violent extremists and a ransomware gang.
severity low · EU: Five Eyes offensive-cyber policy, EU Cyber Diplomacy Toolbox (contrast) · actor Communications Security Establishment (Canada) — offensive operator, not adversary (90%)
Digital Sovereignty & Identity
ECB selects 36 payment service providers to join digital euro pilot — ECB - European Central Bank
Why it matters: The digital euro moves from white paper to named participants — the CBDC is becoming operational.
The ECB selected 36 payment service providers to join its digital-euro pilot, a concrete step that turns Europe's central-bank digital currency from policy debate into a system with named participants.
EU Child Safety Panel Rejects Biometric Age Checks in Favour of Zero-Knowledge Proofs — ID Tech
Why it matters: Choosing zero-knowledge proofs over face scans is the rare privacy-preserving turn in the age-verification fight.
The EU's child-safety panel rejected biometric age checks in favour of zero-knowledge proofs, steering the under-13 agenda toward cryptographic age assurance that verifies age without harvesting faces or identity.
EU-banned facial-recognition cameras made in Spain now watch millions of Indians — EUobserver
Why it matters: EU-banned facial recognition exported and deployed abroad is the sovereignty double standard made concrete.
Facial-recognition cameras made in Spain — of a type banned for such use inside the EU — now surveil millions in India, an EUobserver investigation found, exposing the gap between Europe's internal rules and its export practice.
Court rejects deal, reopens Clearview AI lawsuit over biometric data collection — Biometric Update
Why it matters: A reopened Clearview case keeps the biometric-scraping question legally alive.
A court rejected a settlement and reopened the lawsuit over Clearview AI's biometric-data scraping, keeping the legality of mass face-harvesting an unresolved and contested question.
Mercosur Approves Mutual Recognition of Digital IDs Across South American Borders — ID Tech
Why it matters: Cross-border digital-ID recognition in South America is the interoperability model the EU is still building.
Mercosur approved mutual recognition of digital IDs across its members' borders, an interoperability milestone that mirrors — and in scope arguably outpaces — the EU's own cross-border identity ambitions.
Entrust Opens Agentic AI Trust Accelerator for Identity and Authorization of AI Agents — ID Tech
Why it matters: Identity for AI agents is becoming a product category before it is a regulated one.
Entrust opened an 'Agentic AI Trust Accelerator' for identifying and authorising AI agents, part of a fast-forming market to give autonomous agents verifiable identities ahead of any settled standard.
Defence & National Security
FirstFT: Ukraine to buy Chinese drone parts with EU funds — myFT following
Why it matters: EU money buying Chinese drone parts for Ukraine is a supply-chain contradiction at the heart of European defence.
Ukraine will buy Chinese drone components using EU funds, an FT report found, exposing how Europe's defence-industrial dependence on Chinese parts persists even in its flagship support for Kyiv.
Startup Mass-Producing Cheap Killer Drones Wins $500 Million Army Contract — Technology - WSJ.com
Why it matters: Mass-producing attritable drones is now a half-billion-dollar procurement priority.
A startup mass-producing cheap attack drones won a $500 million US Army contract, confirming that attritable, high-volume airpower has become a central pillar of Western procurement.
Ukrainian drone strikes forced Russia to stop shipping in vital sea corridor — Ars Technica - All content
Why it matters: Ukrainian sea drones closing a Russian export corridor is unmanned warfare reshaping economic geography.
Ukrainian drone strikes forced Russia to halt shipping through a vital sea corridor, showing how cheap uncrewed systems can impose strategic and economic costs far beyond the front line.
Drone superpower Ukraine is now Europe’s first line of defense — Atlantic Council
Why it matters: Ukraine reframed as Europe's first line of defence inverts the usual aid narrative.
An Atlantic Council analysis argues drone-superpower Ukraine has become Europe's first line of defence, its battlefield-hardened uncrewed-systems industry now a continental strategic asset.
SDA awards $1.75B in deals for additional Golden Dome missile tracking sats — DefenseScoop
Why it matters: The missile-tracking layer of US homeland defence keeps scaling in billion-dollar increments.
The Space Development Agency awarded $1.75 billion for additional Golden Dome missile-tracking satellites, expanding the space-based sensor layer underpinning US homeland missile defence.
Canada to plug surveillance gaps with Aussie over-the-horizon radar — Defense News
Why it matters: Canada buying Australian over-the-horizon radar is allied capability-sharing filling a surveillance gap.
Canada will plug Arctic and maritime surveillance gaps with Australian over-the-horizon radar, an allied capability transfer aimed at domains its existing sensors leave exposed.
Quantum & Cryptography
PsiQuantum has a plan to make a massive quantum computer out of light — MIT Technology Review
Why it matters: A credible roadmap to a large photonic quantum computer keeps the crypto-relevant timeline in view.
PsiQuantum detailed a plan to build a massive quantum computer out of light, advancing a photonic approach whose progress bears directly on the timeline for cryptographically-relevant quantum machines.
Quantum Heavyweight Arrives: Zhongqi Wuliang to Debut Data-Center-Grade Quantum Computer at WAIC — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: A Chinese data-centre-grade quantum machine at WAIC signals Beijing's quantum ambitions going commercial.
China's Zhongqi Wuliang will debut a data-centre-grade quantum computer at the World AI Conference, a sign that Chinese quantum efforts are moving toward commercial, deployable systems.
Cybersecurity & Threats
[P1] Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands — The Hacker News
Why it matters: A CVSS-10 unauthenticated flaw chained into command execution, exploited before a patch existed, on an edge gateway.
SonicWall patched two SMA1000 flaws being exploited in tandem as zero-days: CVE-2026-15409, an unauthenticated SSRF in the Work Place interface rated CVSS 10.0, and CVE-2026-15410, a post-authentication OS command-injection in the Management Console (CVSS 7.2); CISA added both to the KEV catalogue.
severity critical (CVSS 10.0) · exploited in the wild · CVE-2026-15409 · EU: NIS2, CER Directive, EU Cybersecurity Act
[P2] Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — The Hacker News
Why it matters: A record patch load, but the story is two live privilege-escalations into the identity layer.
Microsoft's July update fixed a record 622 CVEs — more than triple June's prior high — including two zero-days under active attack: CVE-2026-56164, an unauthenticated privilege-escalation in on-premises SharePoint Server, and CVE-2026-56155, a local elevation-of-privilege in Active Directory Federation Services; a third, CVE-2026-50661 (a BitLocker security-feature bypass), is publicly known but not yet exploited.
severity high · exploited in the wild · CVE-2026-56164 · EU: NIS2, DORA
[P2] 11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot — The Hacker News
Why it matters: Microsoft-signed bootloaders that quietly defeated Secure Boot for a decade, on essentially every UEFI machine.
ESET found 11 old open-source shim bootloaders (version 0.9 and earlier), signed under Microsoft's third-party UEFI CA, that can bypass Secure Boot on any machine trusting that CA regardless of installed OS; tracked as CVE-2026-8863 (CVSS 7.8) and CVE-2026-10797, they let an attacker with admin or boot-process access execute unsigned code before the OS loads, enabling bootkit-grade persistence.
severity high (CVSS 7.8) · CVE-2026-8863 · EU: NIS2, Cyber Resilience Act
[P2] OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials — The Hacker News
Why it matters: Credential-stuffing re-packaged so it no longer shows up as a sign-in — at a scale of millions of accounts.
Proofpoint detailed 'OAuth client ID spoofing', in which attackers submit stolen credentials to Microsoft's OAuth token endpoint via the ROPC flow using syntactically valid but fake client IDs; because no real application name is recorded, the resulting AADSTS error codes let them validate usernames, passwords and MFA/Conditional-Access status without generating a sign-in event defenders would see. Two campaigns used it — UNK_pyreq2323 spoofed 700,000+ client IDs from AWS to hit 1M+ accounts across ~4,000 tenants (locking out ~28% of targets), and a larger UNK_OutFlareAZ.
severity high · exploited in the wild · EU: NIS2, GDPR · actor UNK_pyreq2323 and UNK_OutFlareAZ (Proofpoint-tracked, unattributed clusters) (60%)
[P3] Japan's largest taxi operator shuts systems after cyberattack — BleepingComputer
Why it matters: One malware infection took a national mobility service offline — an availability failure, not a data breach.
Nihon Kotsu, Japan's largest taxi and chauffeur operator (~$1B revenue, 18,000+ staff, 8,500+ vehicles), detected a malware infection via unauthorised external access on 11 July and shut down its phone and web dispatch, hire-car reservation and several internal systems; a specialised transport service for pregnant women was suspended in several cities. As of 14 July the company reported no evidence of data exfiltration.
severity medium · exploited in the wild · EU: NIS2 (comparative), operational-resilience
[P3] Spanish Police take down €140 million cyber fraud ring, arrest four — BleepingComputer
Why it matters: A pan-European BEC and investment-fraud network dismantled — the money-movement layer of the cybercrime economy.
Spanish police dismantled a cybercrime and money-laundering network that made about EUR 140M from investment fraud, CEO-impersonation/BEC scams and man-in-the-middle attacks on business communications; four suspects were arrested in Spain, Portugal and Panama, the operation ran through some 800 bank accounts and 67 money mules, and EUR 3M was frozen for victim restitution.
severity medium · EU: EU AMLD, NIS2, eIDAS (BEC context) · actor Unnamed BEC/investment-fraud network (four arrested) (70%)