The White House has quietly rewritten the rules of frontier AI: at Washington's request OpenAI shipped its new GPT-5.6 "Sol" models only to a vetted set of US partners — the same ad-hoc gatekeeping that had briefly benched Anthropic's top models — a concentration of control that now has Europe openly arguing it must build its own AI. Brussels is asserting itself in parallel, as MiCA forces Binance to stop serving EU users (with Coinbase and OKX pouncing) and Italy opens an antitrust probe into Microsoft's AI upsell inside Microsoft 365. On the threat side defenders face a punishing week: CISA set 28 June deadlines for two actively-exploited flaws — an unauthenticated root-level SSRF in Cisco Unified Communications Manager (CVE-2026-20230) and a critical PTC Windchill RCE already dropping web shells (CVE-2026-12569) — while a self-propagating "Miasma" npm worm and a second AI-coding-agent flaw (Amazon Q, CVE-2026-12957, echoing the Claude Code repo trick) keep the software supply chain under live attack. Russia's intelligence services, tracked as UNC5792 and UNC4221, have meanwhile escalated their phishing of Signal backup recovery keys against officials across Europe, even as China reclaimed the world's top supercomputer ranking and moved first to issue "digital IDs" for autonomous AI agents.
Top Stories
- Previewing GPT-5.6 Sol: a next-generation model — OpenAI News · AI & Power
- Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials — The Hacker News · Threat Intelligence (CTI)
- New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages — Security Affairs · Threat Intelligence (CTI)
- China's 'Lingsheng' Supercomputer Returns to World No. 1 After Nine-Year Gap — Pandaily - China Tech News, AI & Electric Vehicle Insights · China & Technology
- CISA sets urgent deadline to fix Cisco flaw exploited in attacks — BleepingComputer · Cybersecurity & Threats
AI & Power
Previewing GPT-5.6 Sol: a next-generation model — OpenAI News
Why it matters: The White House now gatekeeps frontier-model releases — OpenAI's flagship ships only to vetted US partners.
OpenAI previewed GPT-5.6 (Sol, Terra, Luna) — stronger at coding, science and cybersecurity with its most advanced safety stack — but, under a White House request, limited the rollout to a small set of US partners.
Tech industry grapples with Trump’s AI about-faces — Cybersecurity and Data Protection – POLITICO
Why it matters: Washington's swing toward an unpredictable AI-oversight regime resets the politics of AI for the whole industry.
Trump's abrupt shift toward aggressive, unpredictable AI oversight — now restricting new model releases — has left tech lobbyists searching for answers.
Google caps Meta’s Gemini use as AI demand strains capacity — myFT following
Why it matters: Compute becoming the industry's scarcest commodity reshapes the balance of power among AI's biggest players.
Surging demand for advanced models pushed Google to cap Meta's access to Gemini, underscoring how raw computing capacity is now the AI industry's binding constraint.
AI Is Already Reshaping US Politics at Every Level — Bloomberg Technology
Why it matters: From data-centre backlash to deepfaked ads and billionaire cash, AI is now woven through the 2026 US elections.
AI is everywhere in the 2026 US midterms — tech-billionaire money, data-center backlash and deepfaked campaign ads are reshaping politics at every level.
Europe Is Fed Up and Wants Its Own AI — WIRED
Why it matters: US gatekeeping of frontier models is the strongest argument yet for European AI sovereignty.
Frustrated by dependence on US models and Washington's new export controls, Europe is pushing to build its own AI capacity — with Trump's unpredictability as its unlikely catalyst.
Google wants AI regulation, but on its own terms — www.theregister.com - Articles
Why it matters: The familiar pattern returns: AI firms welcome regulation only until it might bite.
Google joins OpenAI and Anthropic in calling for AI rules — but on terms that conveniently spare their own businesses.
EU & Technology
Italy probes AI-fueled price hikes in Microsoft 365 — www.theregister.com - Articles
Why it matters: Brussels' antitrust reflex meets AI upselling — Italy's probe tests how Big Tech bundles AI into must-have software.
Italy's competition watchdog opened an investigation into Microsoft for adding AI features to Microsoft 365 and automatically moving subscribers to pricier plans.
Taiwan to Build Chip and EV Factories in Poland Replacing China and the US — The Diplomat
Why it matters: Taiwanese chip and EV investment landing in Poland is a concrete brick in European tech sovereignty.
Taiwan is set to build chip and EV factories in Poland, stepping into a role once envisioned for Chinese and US partners in Warsaw's tech strategy.
US & Technology
How a Niche Technology Became a Choke Point for A.I. — NYT > Technology
Why it matters: Advanced packaging is the niche technology that now decides who can build cutting-edge AI chips.
Advanced chip packaging — dominated by TSMC — has quietly become a chokepoint for AI hardware, a strategic dependency for the US and its rivals alike.
Intel’s Chip Business Shows Signs of Life After Years of Struggle — NYT > Technology
Why it matters: The centrepiece of Trump's make-chips-in-America drive shows life — but the turnaround is far from won.
Intel's chip business is showing early signs of recovery, central to Trump's push to reshore US semiconductor manufacturing, though a full turnaround remains distant.
China & Technology
China's 'Lingsheng' Supercomputer Returns to World No. 1 After Nine-Year Gap — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: A domestically built machine retaking the TOP500 crown after nine years is a marquee signal of China's compute sovereignty.
China's home-grown Lingsheng system debuted at No. 1 on the 67th TOP500 list, the country's first global supercomputing top spot in nine years.
‘Digital ID cards’: China moves to regulate AI agents with unified identity system — Tech - South China Morning Post
Why it matters: Beijing moves first to license and identify autonomous AI agents — governance as strategic infrastructure.
China's market regulator (SAMR) released national standards establishing a unified identity system — 'digital ID cards' — for AI agents, an early move to govern autonomous AI.
DeepSeek Transforms From Idealism to Aggressive Expansion with $7B Funding and Massive Hiring — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: A $7B war chest and aggressive hiring turn China's most-watched AI lab into a strategic competitor, not a curiosity.
DeepSeek closed its first external funding round (over $7B) and shifted from techno-idealism to aggressive commercial expansion and hiring.
China's AI Giants Shift From Traffic Bubbles to Real Capabilities as Subsidy Era Ends — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: As the subsidy war ends, China's AI majors pivot from buying users to proving real capability.
After spending billions on user-acquisition subsidies, China's AI giants are shifting from 'traffic bubbles' to real product capability as the subsidy era ends.
In AI race vs. U.S., China eyes a come-from-behind victory — Technology
Why it matters: Cheaper, commercially shrewd Chinese models could erode an American lead that looks solid today.
US AI firms lead for now, but China aims for a come-from-behind win with cheaper, more commercially appealing products sold worldwide.
As AI pushes data centres to breaking point, some Chinese chipmakers bet on SiC — Tech - South China Morning Post
Why it matters: China's bet on silicon-carbide power chips targets the AI era's real bottleneck — data-centre energy.
Facing AI-driven grid strain, some Chinese chipmakers are betting on highly efficient silicon-carbide semiconductors to ease data-centre power demands.
Threat Intelligence (CTI)
[P1] Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials — The Hacker News
Why it matters: A sustained Russian intelligence operation against officials' messaging accounts is exactly the cross-border threat EU coordination exists for.
Long-running Russian intelligence (RIS) operation using fake 'support' messages to phish messaging-app credentials of government and military targets, uncovered jointly by Ukraine's SSU and the FBI.
severity high · exploited in the wild · EU: NIS2, Cyber Solidarity Act · actor Russian intelligence services (FSB-linked UNC5792 / UNC4221) (70%), escalation
[P1] New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages — Security Affairs
Why it matters: Phishing Signal recovery keys to seize entire message archives marks a sharp escalation in Russian intelligence tradecraft against European targets.
FSB-linked actors phish Signal Backup Recovery Keys (an escalation from SMS codes/PINs) to seize full message archives and persistent account access — social engineering, not a cryptographic break.
severity high · exploited in the wild · EU: NIS2, Cyber Solidarity Act · actor Russian intelligence services (UNC5792, UNC4221 / FSB) (75%), escalation
[P2] New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks — The Hacker News
Why it matters: A fresh loader pushing Cobalt Strike shows commodity intrusion tooling refreshing faster than defenders can fingerprint it.
Newly documented SharkLoader malware acts as a loader to deploy Cobalt Strike Beacon on compromised hosts, in a campaign Kaspersky tracks as 'StrikeShark'.
severity high · exploited in the wild · EU: NIS2
[P2] Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails — Security Affairs
Why it matters: A live phishing campaign delivering a stealthy RAT to hospitality staff across Europe shows financially-motivated actors industrialising evasion.
Phishing via fake guest-complaint emails using Calendly/Google 'authentication laundering' to deliver the Node.js TonRAT implant (via .lnk + PowerShell) to hospitality front-desk staff, with dual HKCU Run/RunOnce persistence.
severity high · exploited in the wild · EU: NIS2
[P2] Chinese Framework Powers 200,000 Scam Sites — SecurityWeek
Why it matters: A 236,000-domain scam ecosystem built on a legitimate Chinese toolkit is fraud at industrial scale.
Over 236,000 investment-scam domains built from sold DCloud Uni-App templates (~15,000 new sites/month at peak); many independent operators with some shared infrastructure, tracked by Infoblox.
severity high · exploited in the wild
[P2] Woodgnat Hackers Use Mistic RAT to Broker Access for Ransomware Gangs — Hackread – Cybersecurity News, Data Breaches, AI and More
Why it matters: Access brokers wielding stealthy RATs are the wholesale supply chain that keeps ransomware crews in fresh victims.
The Woodgnat group uses a stealthy RAT (Backdoor.Mistic) to compromise networks and broker the access to ransomware affiliates.
severity high · exploited in the wild · EU: NIS2 · actor Woodgnat (40%)
Digital Money & Crypto
Binance tells EU users it will no longer provide services after failing to secure MiCA license — CoinDesk: Bitcoin, Ethereum, Crypto News and Price Data
Why it matters: Europe's MiCA regime just forced the world's biggest exchange to retreat from the bloc — a watershed for crypto sovereignty.
Binance told EU users it will stop providing services after failing to secure a MiCA license, ceding the bloc's market under Europe's new crypto rulebook.
Coinbase and OKX try to lure in Binance’s EU users after it failed to secure a MiCA license — CoinDesk: Bitcoin, Ethereum, Crypto News and Price Data
Why it matters: MiCA is redrawing the EU crypto market — rivals are circling the users Binance can no longer serve.
With Binance exiting under MiCA, Coinbase and OKX are moving to capture its EU customers.
Spain says ‘no exceptions or extensions’ for Binance, other crypto firms ahead of MiCA deadline — The Block
Why it matters: Madrid's hard line shows MiCA enforcement will have teeth, not grace periods.
Spain said there will be 'no exceptions or extensions' for Binance and other crypto firms ahead of the MiCA deadline.
Tether putting $23 billion gold stockpile to work with bullion-backed loans — CoinDesk: Bitcoin, Ethereum, Crypto News and Price Data
Why it matters: The largest stablecoin issuer turning a $23B gold hoard into loans blurs the line between crypto and shadow banking.
Tether plans to deploy its roughly $23B gold stockpile into bullion-backed lending.
Polymarket hack updated to $3.1 million days after the platform promised users full refunds — CoinDesk: Bitcoin, Ethereum, Crypto News and Price Data
Why it matters: A frontend supply-chain breach draining a marquee prediction market blurs 'crypto hack' into classic supply-chain compromise.
Polymarket says ~$3M was stolen after attackers injected a malicious script into its frontend via a compromised third-party vendor; it has promised full refunds.
SecondFi maps recovery path after $2.4 million Cardano wallet exploit, aims to return funds within two weeks — The Block
Why it matters: Another wallet-software flaw draining user funds underscores DeFi's persistent supply-chain fragility.
A flaw in SecondFi's wallet-generation software drained ~$2.4M in ADA from 374 addresses; the team aims to refund within two weeks.
Defence & National Security
South Korea plans to train entire military as "drone warriors" — Ars Technica - All content
Why it matters: Training an entire half-million-strong military on drones signals how central uncrewed systems are to modern force design.
South Korea plans to train every member of its ~500,000-strong military to operate drones as routinely as firearms.
German Counter-drone startup Tytan eyes 3,000 interceptors per month in new factory — Defense News
Why it matters: A European startup scaling to thousands of interceptors a month shows the drone-defence arms race industrialising on EU soil.
Munich-based Tytan Technologies is opening a German factory to build up to 3,000 counter-drone interceptor drones a month amid surging demand.
It’s Official: F-35s Are Now Being Delivered Without Radars — TWZ
Why it matters: Accepting fighters without working radars lays bare the strain in a flagship Western weapons programme.
The US has accepted at least six F-35s for the Marine Corps without radars, due to delays developing the new AN/APG-85 radar.
UK Prioritizes High-Speed Boats, Drones in Defense Funding Shift — Bloomberg Politics
Why it matters: A pivot toward cheap drones and fast boats signals how European defence spending is reorienting around attritable systems.
The UK is shifting defence funding toward high-speed boats and drones, reflecting a broader European turn to cheaper, attritable military technology.
America seeks its McDonald’s model for missile making — myFT following
Why it matters: Modular 'fast-food' missile factories are a bid to fix the West's wartime production bottleneck.
US defence groups are developing modular workshops designed to mass-produce cheap missiles at speed during wartime.
India’s Drone Production Ecosystem Is Evolving — The Diplomat
Why it matters: India's accelerating drone build-out risks fuelling a regional arms race even as it closes capability gaps.
India's drone-manufacturing ecosystem is maturing rapidly, raising the prospect of a regional drone arms race.
Digital Sovereignty & Identity
Irish regulators clash over legal terms in bill on police use of biometric recognition — Biometric Update
Why it matters: A clash over Irish police facial recognition exposes the friction between national security laws and the EU AI Act.
Irish regulators warn a bill permitting police retrospective facial recognition 'lacks legal clarity' and could collide with the EU AI Act.
Major UK banks back reusable digital ID network for financial services — Biometric Update
Why it matters: Barclays, HSBC and Lloyds backing a shared digital-ID network is a private-sector bid to define identity infrastructure.
Major UK banks (Barclays, HSBC, Lloyds) and UK Finance are launching a reusable digital verification service for financial services.
One Million Passports Leaked Online — Schneier on Security
Why it matters: A million passports exposed through a low-value age-check system shows how identity credentials leak through the back door.
A database of nearly a million passports was leaked online after being used in an ancillary ID-verification system for cannabis dispensaries.
Gefilmt, bestraft, zum Schweigen gebracht: Wie russische Überwachungssoftware die georgische Zivilgesellschaft unterdrückt — netzpolitik.org
Why it matters: Russian-made facial-recognition surveillance crushing protest abroad is a stark case of exported digital authoritarianism.
In Tbilisi, authorities have used Russian surveillance software and facial recognition to identify, fine and silence demonstrators.
ATF cancels controversial commercial geolocation contract — CyberScoop
Why it matters: A US agency dropping ad-data location tracking is a rare rollback in the surveillance-by-data-broker economy.
The ATF cancelled a contract with Penlink that used ad-surveillance data to track Americans' locations.
Kenya considers linking national ID database to CCTV facial recognition network — Biometric Update
Why it matters: Wiring a national ID database to city-wide facial recognition is the surveillance-state blueprint going mainstream.
Kenya plans to link its civil-registry ID database to a CCTV facial-recognition network across six cities for law enforcement.
Cybersecurity & Threats
[P2] CISA sets urgent deadline to fix Cisco flaw exploited in attacks — BleepingComputer
Why it matters: An unauthenticated path to root on a widely deployed VoIP platform, exploited in the wild with a 3-day federal deadline, demands immediate action.
CVE-2026-20230: unauthenticated SSRF in Cisco Unified Communications Manager's WebDialer service allows arbitrary file write and root-level RCE; exploited in the wild since ~21 June where WebDialer is enabled.
severity high (CVSS 8.6) · exploited in the wild · CVE-2026-20230 · EU: NIS2
[P2] Clean GitHub repo tricks AI coding agents into running malware — BleepingComputer
Why it matters: Tricking AI coding agents into running hidden malware opens a new front in the software supply chain.
Mozilla 0DIN proof-of-concept: a benign-looking GitHub repo plus a Python package instruct an AI coding agent to run 'axiom init', which fetches and executes a reverse shell from an attacker-controlled DNS TXT record — invisible to scanners and reviewers; demonstrated against Claude Code.
severity high · EU: NIS2, AI Act
[P1] CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue — The Hacker News
Why it matters: A critical, unauthenticated RCE in PLM software — already dropping web shells in the wild — strikes at the manufacturing backbone.
CVE-2026-12569: unauthenticated RCE via insecure deserialization in PTC Windchill PDMLink and FlexPLM, exploited in the wild to plant persistent JSP web shells; no credentials or internal access required.
severity critical (CVSS 9.3) · exploited in the wild · EPSS 0.005 · CVE-2026-12569 · EU: NIS2
[P2] Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs — The Hacker News
Why it matters: A second AI coding assistant felled by malicious project config confirms MCP auto-execution as a systemic developer-supply-chain risk.
CVE-2026-12957: a malicious .amazonq/mcp.json in a repository makes Amazon Q's VS Code extension auto-launch MCP servers with the developer's full environment, enabling code execution and AWS credential theft (Wiz PoC). Patched in AWS Language Servers 1.65.0 (advised 1.69.0).
severity high (CVSS 8.5) · CVE-2026-12957 · EU: NIS2, AI Act
[P1] Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack — The Hacker News
Why it matters: A self-propagating npm worm now jumping ecosystems keeps the open-source supply chain under live, spreading attack.
Miasma (Mini Shai-Hulud / Hades family) self-propagating supply-chain worm has compromised 20+ versions of legitimate npm packages (Leo Platform, RStreams) and propagated into the Go ecosystem, hunting developer secrets.
severity high · exploited in the wild · EU: NIS2
[P2] DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root — Security Affairs
Why it matters: A working root exploit for an unpatched Linux kernel race threatens cloud, container and CI estates across essential sectors.
DirtyClone (CVE-2026-43503): local privilege escalation to root via a race in cloned socket-buffer (skb) handling, exploitable from an unprivileged namespace/container; patched mainline 21 May, but many distributions remain unpatched, leaving cloud, Kubernetes and CI hosts exposed. JFrog published a working exploit on 25 June.
severity high (CVSS 8.8) · CVE-2026-43503 · EU: NIS2