The day's hard centre is Oracle: a critical, actively exploited E-Business Suite flaw (CVE-2026-46817, CVSS 9.8) and the ShinyHunters PeopleSoft zero-day (CVE-2026-35273) that has already spilled Nissan staff and NAIC regulatory data, while a KEV-listed SimpleHelp RMM authentication bypass is being used to seed a new infostealer across some 14,000 exposed servers — three unauthenticated paths straight into the enterprise and the managed-service supply chain. The geopolitics of AI sharpened in parallel: Washington pressed OpenAI and Anthropic to ration their newest models to approved customers during a security review, even as Beijing claimed its largest model yet trained wholly on domestic chips and stood up the world's fastest supercomputer in defiance of US export controls. Europe, caught between the two, openly debated its dependence on American AI and set an October deadline to defuse trade tensions with China, while the US Supreme Court handed privacy advocates a landmark win by requiring warrants for geofence location data. In the shadows the state crews stayed busy — Gamaredon and Mustang Panda pressing espionage campaigns, and a fresh $10 million US bounty landing on the UNC5792 and UNC4221 actors phishing officials' Signal and WhatsApp accounts.
Top Stories
- Critical SimpleHelp flaw exploited to deploy new stealer malware — BleepingComputer · Cybersecurity & Threats
- Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild — The Hacker News · Cybersecurity & Threats
- Nissan discloses employee data breach linked to Oracle zero-day attacks — BleepingComputer · Cybersecurity & Threats
- OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review — SecurityWeek · AI & Power
- US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp — The Record from Recorded Future News · Threat Intelligence (CTI)
AI & Power
OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review — SecurityWeek
Why it matters: The US government leaning on OpenAI and Anthropic to gate frontier models to approved customers is a landmark fusion of AI capability and state control.
ChatGPT maker OpenAI said Friday it is restricting the release of its new artificial intelligence model at the request of President Donald Trump’s administration. The post OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review appeared first on SecurityWeek .
How the AI bubble could pop and take down the global economy, according to the BIS — www.theregister.com - Articles
Why it matters: The BIS warning that an AI-investment bust could threaten the global economy reframes the AI boom as a systemic macro risk.
The central bank for central banks is concerned about the eye-watering sums being invested into AI, and it's raising the specter of a global recession should the bubble burst. In its annual report for 2026, the Bank for International Settlements compared the current craze to historical events, including canal and British railway mania in the 1800s, electrification exuberance of the 1920s, and the dotcom boom of the 1990s. The report states: “all shared one common trait: a genuine technological…
What would multilateral ‘AI arms control’ look like? — myFT following
Why it matters: Debate over multilateral 'AI arms control' goes to the heart of how frontier AI will be governed between powers.
Given the competition, it’s debatable whether a US-China safety deal is even possible World , Opinion , Technology sector , Artificial intelligence , Technology
The pro-AI movement is splintering — Axios
Why it matters: The fracturing of the pro-AI coalition signals shifting US politics around AI regulation and acceleration.
The pro-AI movement is splintering over a defining question: whether national security concerns outweigh the need to keep America's AI companies ahead of Chinese rivals. Why it matters: The fight is happening in public, in real time, and it could reshape the way the administration regulates the world's most powerful technology. Catch up quick: David Sacks — Trump's former AI and crypto czar — warned that restricting access to America's most advanced AI models risks undercutting the strategy…
Newsom, Anthropic ink deal to expand government use — Technology
Why it matters: California's deal with Anthropic to expand government AI use marks deepening public-sector adoption of frontier models.
Gov. Gavin Newsom’s new deal with Anthropic would make Claude the first AI tool available to all California agencies and local governments.
EU & Technology
Europe stares down barrel of a gun on accessing American AI — Tech Archives | Euractiv
Why it matters: Europe's dependence on American AI is becoming an acute strategic-sovereignty problem for the bloc.
White House is taking steps to limit who can access cutting-edge AI from US giants OpenAI and Anthropic
Microsoft to assist European Commission in defense of EU-US data-sharing agreement — www.theregister.com - Articles
Why it matters: Microsoft helping the Commission defend the EU-US data-sharing pact underlines how transatlantic data flows hinge on US vendors.
Microsoft says it is trying to help the European Commission see off a legal threat to the EU-US Data Privacy Framework agreement - relied on by organizations to legally move data between the bloc and the US. In a weekend blog post, the software biz confirmed the Court of Justice of the European Union had granted its application to formally intervene in a case challenging the framework, which has supported data between the two economic super-powers since 2023. Microsoft thinks the case before…
Google warns EU's plans to weaken its monopoly could expose user data — Ars Technica - All content
Why it matters: Google's claim that weakening its position under EU rules could expose user data frames the DMA fight as a security argument.
Europe's push to rein in Big Tech is ramping up, with the European Commission planning to announce new regulations for Google next month. The rules could see Google forced to play nicer with its EU competitors, but the company has some concerns. Google is framing this not as a manifestation of its anticompetitive bent, but as genuine concern for user privacy. Heather Adkins, Google’s VP of security engineering, told Wired that the EU's proposals could lead to serious security and privacy…
EU and China Agree on October Deadline to Reset Trade Ties — Bloomberg Politics
Why it matters: The EU and China setting an October deadline to defuse trade tensions is a pivotal moment in the bloc's economic-security balancing.
The European Union and China set an October deadline to make progress on trade disagreements, as tensions rise between the two economic powers.
Brussels claps back at Trump’s tech threats — Cybersecurity and Data Protection – POLITICO
Why it matters: Brussels pushing back on Trump's tech threats marks escalating transatlantic friction over digital rules.
BRUSSELS — The European Commission fired back Monday at Donald Trump’s fresh tariff threats against Europe’s tech rules, just as EU and U.S. officials opened talks in Washington meant to repair their increasingly strained digital relationship. A delegation led by the EU’s top tech official, Roberto Viola, is in Washington until Wednesday for what the Commission is calling a “dialogue on a future potential dialogue” with its U.S. counterparts. The visit comes after the U.S. president threatened…
For Europe to lead in AI, sovereignty must mean choice — Technology – POLITICO
Why it matters: The argument that European AI sovereignty must mean genuine choice cuts to the core of the bloc's tech strategy.
US & Technology
Supreme Court ruling guts government’s use of geofence warrants — Ars Technica - All content
Why it matters: The Supreme Court requiring warrants for geofence/phone-location data is a landmark US digital-privacy ruling.
The Fourth Amendment protects a user’s “location history,” the Supreme Court ruled Monday. The same logic already applied to a cellphone’s tracking, and the high court found “no good reason exists to reach a different result for Location History” collected by third parties like Google. Split 6-3, the majority agreed that the government needs a warrant and must show reasonable cause to turn a phone's location-tracking services into a government surveillance tool. Read full article Comments
Warner bill would create federally vetted list for secure, trustworthy AI agents — CyberScoop
Why it matters: A Senate bill to create a federally vetted registry of trustworthy AI agents is an early attempt to govern agentic software.
A new Senate draft bill would establish a list of AI agent software providers that people can use to establish human ownership and securely run agents on social media and other online platforms. The Artificial Intelligence Access, Gatekeeper Exchange, and Nondiscriminatory Transfer (AI AGENT) Act, led by Sen. Mark Warner, D-Va., would allow end users of large online platforms with more than 50 million customers or subscribers per month the right to choose at least one AI agent provider who…
AI Data Centers Have Been Great for the Steel Industry. Now, a Power Crisis Looms. — Technology - WSJ.com
Why it matters: The power crunch around AI data centers is becoming a defining US infrastructure and energy-policy fault line.
Steelmakers have warned of competition for electricity from their newest big customer.
Kids’ safety package wins House approval — Technology
Why it matters: House passage of a kids' online-safety package sets up a Senate fight over platform regulation.
The legislation cleared the House despite opposition from some kids’ safety advocates and resistance from senators backing a competing proposal.
Lawmakers want to ban AI companies from selling your health data — The Verge
Why it matters: A push to bar AI firms from selling health data tests US data-privacy law in the AI era.
A new proposal would ban the sale of Americans' health and location information to data brokers - including information people reveal to an AI chatbot like ChatGPT or Claude. In the coming weeks, Senator Elizabeth Warren (D-MA) and Representative Mary Gay Scanlon (D-PA) are planning to debut a new version of the Health and Location Data Protection Act that's better suited to the AI era. The former version of the bill, first introduced in June 2022 , prohibited data brokers from collecting and…
Democrats’ ‘Project 2029’ goes after tech companies with online safety plan — Semafor
Why it matters: Democrats' 'Project 2029' targeting tech companies opens a new partisan front in US platform regulation.
The Scoop Democrats trying to lay policy groundwork for the 2028 presidential race are rolling out their first major policy proposal: a framework for online child safety. Known as “Project 2029,” the liberal group was formed as a counterweight to the conservative Project 2025 to write a policy agenda for the next Democratic presidential nominee. The group reckons starting with online internet safety — which has widespread Democratic support — will help galvanize the party to address what it…
China & Technology
China claims biggest AI model trained on local chips, as Meituan releases LongCat-2.0 — Tech - South China Morning Post
Why it matters: China claiming its largest AI model yet trained on domestic chips is a milestone in its drive for AI-stack self-sufficiency.
As China attempts to move beyond using domestic chips solely for model inference, food delivery giant Meituan released what it claims is the country’s largest artificial intelligence model trained entirely on home-grown hardware. The Beijing-based on-demand service giant on Tuesday open-sourced LongCat-2.0, a new large language model (LLM) boasting 1.6 trillion parameters and a context window of 1 million tokens. The scale puts it on par with DeepSeek’s latest flagship model, V4-pro, which…
Top China chip toolmakers consolidate to build national champions, defy US curbs — Tech - South China Morning Post
Why it matters: Consolidation of China's chip-tool makers into national champions is a direct response to US export controls.
China’s campaign for semiconductor self-sufficiency has entered a consolidation phase, with state-backed toolmakers swallowing smaller rivals in a bid to forge national champions aimed at defying US export curbs. In the latest move, Shanghai-listed chip equipment maker Piotech said in a filing to the stock exchange on Saturday that it planned to acquire a controlling stake in Wuxi Shangji Semiconductor. Piotech’s largest shareholder was China’s state-backed National Integrated Circuit Industry…
China Defies US Restrictions and Builds the World’s Fastest Supercomputer — WIRED
Why it matters: China defying US restrictions to build the world's fastest supercomputer is a marker in the compute race.
The Chinese supercomputer LineShine was ranked as the fastest in the world, despite not using any GPUs.
China Resets the AI Race — Technology - WSJ.com
Why it matters: The read that China is resetting the AI race captures Beijing's accelerating model and chip momentum.
Plus, another primary win for Trump-backed candidates, and the World Cup reignites a long-running debate: Who lives better, Americans or Europeans?
China's AI Large Model API Calls Lead Globally for Nine Consecutive Weeks as US Share Plunges from 72% to 33% — Pandaily - China Tech News, AI & Electric Vehicle Insights
Why it matters: China's AI-model API usage leading globally as the US share collapses signals a shift in the model-adoption landscape.
Chinese AI large models have maintained the global lead in API call volume for nine consecutive weeks, according to the latest OpenRouter data tracked by National Business Daily. During the week of June 22-28, total global AI model calls reached 46.7 trillion tokens, with Chinese models accounting for 20.39 trillion tokens—an 8.4% increase week-over-week—while US models fell to just 4.25 trillion tokens, a 26.22% decline. The trend reflects a profound shift in the global AI landscape. A report…
US FCC expands import ban to older Huawei, ZTE gear in continued crackdown on Chinese tech — Tech - South China Morning Post
Why it matters: The FCC widening its import ban on Huawei and ZTE gear deepens US-China tech decoupling.
New restrictions on Chinese technology will come into effect in the US next month following a Federal Communications Commission (FCC) decision on legacy equipment used in the country’s public safety and telecommunications infrastructure. The upcoming rules, finalised late last week, will expand the current import ban to include older equipment models from major Chinese manufacturers, including Huawei Technologies, ZTE, Hytera, Hikvision and Dahua. While a ban in 2022 blocked new…
Threat Intelligence (CTI)
[P1] US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp — The Record from Recorded Future News
Why it matters: State-linked Russian targeting of officials' secure-messaging accounts, now carrying a $10M US bounty.
Russia-linked UNC5792 and UNC4221 socially engineer Signal/WhatsApp device-linking to compromise officials' messaging accounts.
severity high · exploited in the wild · EU: Cyber Solidarity Act, NIS2 · actor UNC5792 / UNC4221 (Russia-linked) (60%), escalation
[P2] Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse — The Hacker News
Why it matters: Sustained Russian APT activity against Ukraine with a fresh malware and cloud-C2 expansion.
Russian APT Gamaredon expands its Ukraine-focused malware arsenal and abuses cloud services for command-and-control.
severity high · exploited in the wild · EU: Cyber Solidarity Act, NIS2 · actor Gamaredon (Russia, FSB-linked) (70%)
[P2] Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks — The Hacker News
Why it matters: Chinese espionage abusing a legitimate SaaS as a covert C2 against government and critical-infrastructure targets.
China-aligned Mustang Panda runs two campaigns against Indian government and hydropower targets, using Zoho WorkDrive as a C2 channel plus new malware.
severity high · exploited in the wild · EU: NIS2 · actor Mustang Panda (China) (70%)
[P2] Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover — Infosecurity Magazine
Why it matters: An alleged state-linked destructive attack on a major European automaker.
Russian hackers are accused of a destructive cyber-attack on Jaguar Land Rover.
severity high · exploited in the wild · EU: NIS2 · actor Russia-linked (alleged) (40%)
[P2] From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira — The DFIR Report
Why it matters: A documented intrusion chain from search-engine malvertising to Akira ransomware.
Bing-search malvertising leads to the Bumblebee loader and AdaptixC2, ending in Akira ransomware deployment (DFIR Report).
severity high · exploited in the wild · EU: NIS2 · actor Akira (RaaS) (60%)
[P2] The Gentlemen are knocking: сustom backdoors and evolving tactics — Securelist
Why it matters: A maturing ransomware-as-a-service operation already touching EU defence-industrial targets.
The Gentlemen RaaS deploys custom backdoors and evolving tactics; its leak site lists Thyssenkrupp Marine Systems (TKMS).
severity high · exploited in the wild · EU: NIS2 · actor The Gentlemen (RaaS) (60%)
Digital Sovereignty & Identity
Romania chooses German EUDI Wallet for national customization — Biometric Update
Why it matters: Romania adopting the German EUDI Wallet codebase shows the EU digital-identity wallet moving into national deployment.
Romania will adopt and use the German model for the European Digital Identity Wallet (EUDI Wallet). A release from the government says the decision comes “following a rigorous assessment of EUDI Wallet solutions at various stages of implementation in other Member States, as well as the long-term development strategies of the ecosystem.” The government holds up Germany’s wallet system as a reflection of “the European values of privacy, security and data sovereignty, which Romania deeply…
UK Watchdog Warns Police Are Buying Biometric Tech ‘Without Understanding It’ — ID Tech
Why it matters: A UK watchdog's warning that police buy biometric tech 'without understanding it' spotlights governance gaps in state surveillance.
Police forces in England and Wales are acquiring powerful biometric and AI-assisted technologies without fully understanding what they are buying or its implications, the country’s biometrics watchdog has warned. Professor […] The post UK Watchdog Warns Police Are Buying Biometric Tech ‘Without Understanding It’ appeared first on ID Tech .
AlgorithmWatch Ties Georgia’s Protest Surveillance to Russian Facial Recognition — ID Tech
Why it matters: Linking Georgia's protest surveillance to Russian facial-recognition tech shows how identity tech enables repression.
The country of Georgia has built much of its protest-policing surveillance on a Russian-made facial recognition system, according to an investigation by the watchdog group AlgorithmWatch, which says the technology […] The post AlgorithmWatch Ties Georgia’s Protest Surveillance to Russian Facial Recognition appeared first on ID Tech .
Quantum, Cryptography & CBDC
What the post-quantum executive order really demands of CISOs — CyberScoop
Why it matters: Unpacking what the post-quantum executive order demands of CISOs makes the PQC migration concrete for defenders.
Post-quantum cryptography didn’t sneak up on the industry. For years, security teams, standards bodies, hyperscalers, and governments have been pointing at the same horizon: a cryptographically relevant quantum computer will, eventually, dismantle the public-key algorithms underpinning today’s enterprise security. The latest executive order doesn’t introduce a new threat. It codifies what the field has long understood, and attaches deadlines to it. For CISOs, the framing shift matters. PQC is…
NIST Launches Center to Drive the Manufacture of Quantum Technologies — NIST News
Why it matters: NIST's new quantum-manufacturing center signals US industrial strategy for the quantum-tech supply chain.
NIST has announced an agreement with SRI International to establish the Quantum Manufacturing Engineering Center (QMEC).
Factoring RSA Keys with Many Zeros — Schneier on Security
Why it matters: New research factoring RSA keys with many zeros is a reminder of classical cryptographic fragility ahead of the PQC shift.
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of real-world keys from public sources, including Certificate Transparency logs, internet-wide TLS and SSH scans, PGP keys, and many others. By searching this dataset for unexpectedly sparse RSA moduli, we…
Defence & National Security
In Defence Investment Plan preview, Britain bets big on drones, ‘hybrid’ navy — Breaking Defense
Why it matters: Britain's defence-investment bet on drones and a 'hybrid' navy reshapes European deterrence posture.
The Ministry of Defence has said the plan will pursue at least six “hybrid” warships designed to work with unmanned systems in the air and at sea.
How the Defense Intelligence Agency is fast-tracking data and AI modernization — DefenseScoop
Why it matters: The Defense Intelligence Agency fast-tracking data and AI modernization shows spy agencies racing to operationalise AI.
Defense and intelligence agencies play a crucial role in supporting the military by detecting threats before they cause real harm. The approach isn’t confined just to the military. National security, cybersecurity, and law enforcement organizations similarly focus resources “to the left of boom” — leveraging intelligence gathering, surveillance, and analysis of adversaries’ behavior to plan for potential disruptions or catastrophic events. For agencies like the Defense Intelligence Agency…
Poland awards $4.8 billion A26 submarine deal to Saab — Defense News
Why it matters: Poland's $4.8B Saab A26 submarine deal underscores the scale of NATO's eastern-flank rearmament.
WARSAW, Poland — The Polish Ministry of National Defence has signed a contract with Sweden’s Saab to purchase three A26-type submarines for the country’s Navy. In a statement, Saab said that the contract’s value corresponds to around SEK 47 billion ($4.8 billion), and deliveries are scheduled to be completed during 2038. Saab has also committed to developing maintenance, repair, and overhaul (MRO) capabilities in Poland in close partnership with the country’s industry. The deal was signed on…
Cybersecurity & Threats
[P1] Critical SimpleHelp flaw exploited to deploy new stealer malware — BleepingComputer
Why it matters: A KEV-listed, unauthenticated auth-bypass in widely deployed SimpleHelp RMM, already weaponised to drop a new infostealer.
Unauthenticated OIDC token-signature bypass grants full technician/admin sessions on ~14,000 internet-exposed SimpleHelp RMM servers; used to deploy Djinn Stealer.
severity critical · exploited in the wild · EU: NIS2
[P1] Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild — The Hacker News
Why it matters: A CVSS 9.8 unauthenticated Oracle EBS flaw under active in-the-wild exploitation with private tooling.
Unauthenticated HTTP flaw in Oracle EBS Payments/File Transmission (12.2.3–12.2.15) enabling full compromise; exploited in the wild since 27–28 Jun 2026.
severity critical (CVSS 9.8) · exploited in the wild · CVE-2026-46817 · EU: NIS2
[P1] Nissan discloses employee data breach linked to Oracle zero-day attacks — BleepingComputer
Why it matters: A concrete EU-relevant breach from the Oracle PeopleSoft zero-day campaign — Nissan employee data stolen.
Unauthenticated RCE in Oracle PeopleSoft PeopleTools (CVE-2026-35273) exploited as a zero-day 27 May–9 Jun 2026; Nissan employee data stolen, 100+ orgs notified.
severity critical (CVSS 9.8) · exploited in the wild · CVE-2026-35273 · EU: NIS2, GDPR · actor ShinyHunters (60%), escalation
[P2] Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines — SecurityWeek
Why it matters: A practical attack turning coding agents into an initial-access vector via poisoned repositories.
Indirect prompt injection hidden in repositories can make Claude Code spawn a reverse shell on a developer's machine — an AI-agent/developer supply-chain risk.
severity high · EU: AI Act
[P2] Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer — The Hacker News
Why it matters: Open-source package hijacking weaponising VS Code tasks to deploy an infostealer — a live software supply-chain threat.
Hijacked npm and Go packages use VS Code tasks to deploy a Python infostealer.
severity high · exploited in the wild · EU: NIS2