Partners or Provocateurs? Private-Sector Involvement in Offensive Cyber Operations

(Sezaneh Seymour, Brandon Wales – Lawfare – 16 July 2025) As the scale and sophistication of cyber threats from state and criminal actors grow, U.S. officials are reevaluating the long-standing policy that reserves offensive cyber operations as an exclusively governmental function. In this new Lawfare research report, we examine the risks and benefits of expanding private-sector participation in such operations. Rather than endorsing a specific policy change, we present a structured framework to guide a focused discussion among policymakers. The framework is built on three interdependent factors. First, it requires defining clear policy objectives, such as augmenting government capacity or disrupting adversary infrastructure. Second, it addresses the scope of authorized activities, clarifying what actions are permissible, who may be targeted, and where they may be attacked. Finally, it tackles the complex legal and liability considerations, including the potential legal authorities for such actions and the unresolved question of who bears responsibility when operations harm innocent third parties. By systematically addressing these questions, we aim to help policymakers clarify goals and mitigate the significant risks of escalation and diplomatic fallout before altering the rules of cyber offense. – https://www.lawfaremedia.org/article/partners-or-provocateurs–private-sector-involvement-in-offensive-cyber-operations

The Cybersecurity Patchwork Quilt Remains Incomplete

(Jim Dempsey – Lawfare – 16 July 2025) Earlier this year, the chief information security officer for JPMorgan Chase, Patrick Opet, published an open letter on software security. Three points stood out. The first was not news to anyone following cybersecurity and its policy debates: Software providers have prioritized rapid feature development over robust security. This is exactly the point, in almost the same words, that President Biden made in March 2023 when calling for legal reform to shift liability onto those developers that fail to take reasonable precautions to secure their software. Second, Opet focused on a problem that has not received much policy attention: The rapid shift to the software-as-a-service (SaaS) delivery model is creating a major, new form of vulnerability. The SaaS model, Opet warned, is “fundamentally reshaping how companies integrate services and data,” breaking down barriers between internal and external resources and rendering some traditional approaches to cybersecurity ineffective. Third, Opet called for collective action, asking other businesses to join with him in demanding better software security, implicitly admitting that even a large and security-savvy software customer such as JPMorgan Chase could not solve the problem alone. Opet did not mention legal or regulatory responses, but his letter screams “market failure.” Moreover, as a customer, the federal government is in exactly the same position as JPMorgan Chase and other large businesses. It is eager to take advantage of the efficiency and rapid innovation that SaaS and other cloud-based services offer, but it has not yet been successful in leveraging its procurement power to insist on better security. On June 6, President Trump issued an executive order that began to chart the outlines of a cybersecurity policy. Much of the initial news coverage focused on Trump’s repeal of measures ordered by President Biden in the closing days of his administration. In fact, the Biden initiatives repealed by Trump on government software procurement and digital identity were modest. While pushing even incremental actions though the Biden administration took huge effort, and while the drafters of the Biden order could take pride in their work, the provisions on procurement and identity would have done little to advance the cause of software security or cybersecurity in general. What received less attention was President Trump’s preservation and adoption of a majority of the elements in the Biden order as his own. And what received almost no attention at all was what both the Trump and Biden orders left unresolved: the glaring deficiencies that remain in critical infrastructure cybersecurity (most notably in the drinking water, health care, emergency services, and telecommunications sectors) and the costs that software developers impose on American industry and American taxpayers by continuing to produce insecure software. – https://www.lawfaremedia.org/article/the-cybersecurity-patchwork-quilt-remains-incomplete

San Francisco deploys AI assistant to 30,000 staff

(DigWatch – 16 July 2025) San Francisco has equipped almost 30,000 city employees, from social workers and healthcare staff to administrators, with Microsoft 365 Copilot Chat. The large-scale rollout followed a six-month pilot where workers gained up to five extra hours a week handling routine tasks, particularly in 311 service lines. Copilot Chat helps streamline bureaucratic functions, such as drafting documents, translating over 40 languages, summarising lengthy reports, and analysing data. The goal is to free staff to focus more on serving residents directly. – https://dig.watch/updates/san-francisco-deploys-ai-assistant-to-30000-staff

Trump launches $70 billion AI and energy investment plan

(DigWatch – 16 July 2025) President Donald Trump has announced a $70 billion initiative to strengthen America’s energy and data infrastructure to meet growing AI-driven demand. The plan was revealed at Pittsburgh’s Pennsylvania Energy & Innovation Summit, with over 60 primary energy and tech CEOs in attendance. The investment will prioritise US states such as Pennsylvania, Texas, and Georgia, where energy grids are increasingly under pressure due to rising data centre usage. Part of the funding will come from federal-private partnerships, alongside potential reforms led by the Department of Energy. – https://dig.watch/updates/trump-launches-70-billion-ai-and-energy-investment-plan

Tech & Democracy

To Make Sure AI Advances Democracy, First Ask, ‘Who Does It Serve?’

(Tech Policy Press – 16 July 2025) “When looms weave by themselves, man’s slavery will end.“ I happened upon that ancient line from Aristotle in 1964, in a New York Times article on automation and employment. It has shaped my imagination and career ever since. I learned to program during a summer job at Bell Labs, and was thrilled at how computers could end certain forms of drudgery. Then, around 1970, three experiences brought the future into focus. At a conference, I saw Doug Engelbart reprise his famous 1968 “Mother of All Demos” on augmenting human intelligence as contrasted to early notions of artificial intelligence, and also, I clicked on an implementation of Ted Nelson’s seemingly magical hyperlinks. Third, I delved into early concepts for augmenting human collaboration, as enabled by Murray Turoff’s computerized Delphi conferencing. In those early days of the digital technology revolution, I saw glimpses of the future of computing and networking that Steve Jobs later described as “bicycles for our minds.” My interests in epistemology, psychology, history, media, and economics added sociotechnical dimensions to that vision. Around 1990, working on financial market data news feeds, I saw how individual traders could select analytics filters. Then, around 2003, I proposed designs for an ecosystem of tools for collaborating on open innovation. – https://www.techpolicy.press/to-make-sure-ai-advances-democracy-first-ask-who-does-it-serve/

Geostrategies

India’s Digital Infrastructure Is Going Global. What Kind of Power Is It Building?

(Anuradha Sajjanhar – Tech Policy Press – 16 July 2025) During June’s high-stakes meetings in London around the India–UK Free Trade Agreement, India’s Commerce Minister, Piyush Goyal, made a striking declaration for a bold blueprint of UK-India collaboration: beyond tariff lines and visas, the deal aims to show how “the world can benefit from [India’s] skilled talent, cost-effective solutions, and growing capabilities in AI and emerging technologies.” By pitching Aadhaar-based systems, UPI-style payments (United Payments Interface) and CoWIN-style (Covid Vaccine Intelligence Network) certification as part of the partnership, Goyal signaled that India sees its digital governance model not only as domestic policy, but as exportable infrastructure and diplomatic leverage on the world stage. The question is whether this infrastructure is a universal engine for development, or a new template of technocratic statecraft. Since 2014, Prime Minister Narendra Modi’s government has dramatically expanded its digital governance infrastructure. Platforms like Aadhaar (a biometric ID system), UPI (a payments interface), and the India Stack (a set of public APIs) now form the backbone of how services are delivered, populations are tracked, and the state is imagined. These systems are increasingly promoted as models for other countries, especially in the Global Majority. With support from global development institutions and philanthropies, India’s approach is being exported as Digital Public Infrastructure (DPI): low-cost, open-source, and scalable. Yet beyond the language of inclusion and innovation, this technology demands a deeper set of questions. What kind of state is being built through digital systems? What histories of power do these infrastructures carry? And as other countries adopt India’s model, what kinds of politics are they also inheriting? – https://www.techpolicy.press/indias-digital-infrastructure-is-going-global-what-kind-of-power-is-it-building/

Johnson Electric Partners with Shanghai Mechanical & Electric for Humanoid Robotics Business

(AI Insider – 16 July 2025) Johnson Electric and Shanghai Mechanical & Electrical Industry Co. (SMEIC) have announced two joint ventures in China focused on humanoid robotics, backed by a combined investment of approximately $21 million (150 million yuan). The Shanghai-based venture will handle sales, customer support, business development, research support, and after-sales service for humanoid robotics solutions across China, while the Shenzhen-based venture will specialize in engineering, design, and manufacturing of robotic hardware modules and integrated systems. SMEIC contributes its industrial manufacturing expertise, while Johnson Electric provides robotics technologies, aiming to create scalable production capabilities and customized engineering support to meet evolving customer demands in China’s growing robotics sector. – https://theaiinsider.tech/2025/07/16/johnson-electric-partners-with-shanghai-mechanical-electric-for-humanoid-robotics-business/

Oracle commits billions to expand AI infrastructure in Europe

(DigWatch – 16 July 2025) Oracle has confirmed a $3 billion investment in its AI and cloud infrastructure across Germany and the Netherlands over the next five years. The move aims to boost its capacity in Europe as demand for advanced computing services continues to rise. The company plans to invest $2 billion in Germany and $1 billion in the Netherlands, joining other major tech firms ramping up data centre infrastructure. Oracle’s strategy reflects broader market trends, with companies like Meta and Amazon committing large sums to meet AI-driven cloud needs. – https://dig.watch/updates/oracle-commits-billions-to-expand-ai-infrastructure-in-europe

Europe to launch Eurosky to regain digital control

(DigWatch – 16 July 2025) Europe is taking steps to assert its digital independence by launching the Eurosky initiative, a government-backed project to reduce reliance on US tech giants. Eurosky seeks to build European infrastructure for social media platforms and promote digital sovereignty. The goal is to ensure that the continent’s digital space is governed by European laws, values, and rules, rather than being subject to the influence of foreign companies or governments. To support this goal, Eurosky plans to implement a decentralised content moderation system, modelled after the approach used by the Bluesky network. – https://dig.watch/updates/europe-to-launch-eurosky-to-regain-digital-control

EXA to boost European connectivity with new fibre route and subsea cable

(DigWatch – 16 July 2025) EXA Infrastructure has launched a strategic 1,200 km high-capacity fibre route connecting London, Frankfurt, Amsterdam, and Brussels (FLAP cities), featuring the first new subsea cable in the North Sea corridor in 25 years. The new deployment includes 1,085 km of low-loss terrestrial fibre and a 115 km subsea segment using ultra-low-loss G.654C cable, running between Margate (UK) and Ostend (Belgium). The project also introduces two new landing stations, EXA’s 21st and 22nd globally, enhancing its infrastructure across the UK, Belgium, and the Netherlands. These efforts complement EXA’s prior investments in the Channel Tunnel route, including upgrades to in-line amplifier (ILA) facilities and modern, high-fibre-count cables. The new route is part of EXA’s broader push to improve Europe’s digital infrastructure with ultra-low latency, high-bandwidth, and scalable fibre paths between key hubs. – https://dig.watch/updates/exa-to-boost-european-connectivity-with-new-fibre-route-and-subsea-cable

Defense, Intelligence, and Warfare

Defence AI Centre at heart of Korean strategy

(DigWatch – 16 July 2025) South Korea has unveiled a strategy to share extensive military data with defence firms to accelerate AI-powered weapon systems, inspired by US military cloud initiatives. Plans include a national public–private fund to finance innovation and bolster the country’s defence tech prowess. A specialised working group of around 30 experts, including participants from the Defence Acquisition Program Administration, is drafting standards for safety and reliability in AI weapon systems. Their work aims to lay the foundations for the responsible integration of AI into defence hardware. – https://dig.watch/updates/defence-ai-centre-at-heart-of-korean-strategy

Australia’s Navy tests gravity-based navigation tech to counter GPS signal spoofing

(Interesting Engineering – 16 July 2025) Q-CTRL, a leading company in quantum technology, has announced a breakthrough in using quantum sensors for navigation. Their technology showed strong performance in a recent field trial with the Australian Defence Force on the Navy ship MV Sycamore. This success highlights Q-CTRL’s growing role in creating advanced navigation tools for use at sea. “Quantum sensors provide a near-term opportunity to achieve transformational defense capabilities, but previous deployments in the field have struggled to deliver defense-relevant performance,” said Q-CTRL CEO and Founder, Michael J. Biercuk. – https://interestingengineering.com/military/australias-navy-tests-gravity-based-navigation

Security

Global operation targets NoName057(16) pro-Russian cybercrime network

(Europol – 16 July 2025) Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging to the pro-Russian cybercrime network. The investigation was also supported by ENISA, as well as Belgium, Canada, Estonia, Denmark, Latvia, Romania and Ukraine. The private parties ShadowServer and abuse.ch also assisted in the technical part of the operation. – https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network

Retailer Co-op: Attackers snatched all 6.5M member records

(The Register – 16 July 2025) Co-op Group’s chief executive officer has confirmed that all 6.5 million of the organization’s members had their data stolen during its April cyberattack – Scattered Spider is believed to be behind the digital heist. Shirine Khoury-Haq confirmed the scale of the attack to the BBC Breakfast show on Wednesday, adding that the member file is what the attackers copied, but were thwarted before they could deploy ransomware. “The good thing was because we did block them, they could not erase what they did,” she said. “So we could monitor every mouse click, we saw every piece of code that they had written, we knew everywhere they went in our systems, and we were able to relay that back to the authorities.” – https://www.theregister.com/2025/07/16/coop_data_stolen/

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

(The Hacker News – 16 July 2025) Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. “Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed,” Omer Yoachimik and Jorge Pacheco said. “Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71 per day.”. In Q1 2025, the company said an 18-day sustained campaign against its own and other critical infrastructure protected by Cloudflare was responsible for 13.5 million of the attacks observed during the time period. Cumulatively, Cloudflare has blocked nearly 28 million DDoS attacks, surpassing the number of attacks it mitigated in all of 2024. – https://thehackernews.com/2025/07/hyper-volumetric-ddos-attacks-reach.html

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

(The Hacker News – 16 July 2025) A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a hacking crew it tracks as UNC6148. The number of known victims is “limited” at this stage. The tech giant assessed with high confidence that the threat actor is “leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates.”. “Analysis of network traffic metadata records suggests that UNC6148 may have initially exfiltrated these credentials from the SMA appliance as early as January 2025.” – https://thehackernews.com/2025/07/unc6148-backdoors-fully-patched.html

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

(The Hacker News – 15 July 2025) Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was “promoted on the Ramp4u forum by the threat actor known as ‘$$$,'” EclecticIQ researcher Arda Büyükkaya said. “The same actor controls the BlackLock RaaS and previously managed Mamona ransomware operations.”. It’s believed that GLOBAL GROUP is a rebranding of BlackLock after the latter’s data leak site was defaced by the DragonForce ransomware cartel back in March. It’s worth mentioning that BlackLock in itself is a rebrand of another RaaS scheme known as Eldorado. The financially motivated group has been found to lean heavily on initial access brokers (IABs) to deploy the ransomware by weaponizing access to vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks. Also put to use are brute-force utilities for Microsoft Outlook and RDWeb portals. – https://thehackernews.com/2025/07/newly-emerged-global-group-raas-expands.html

Belk hit by May cyberattack: DragonForce stole 150GB of data

(Security Affairs – 15 July 2025) The infamous Ransomware group DragonForce claimed responsibility for the May disruptive attack on US department store chain Belk. The ransomware gang claimed it had stolen 156 gigabytes of data from Belk. Belk, Inc. is a major American department store chain, founded in 1888 in Monroe, North Carolina, and currently headquartered in Charlotte. Operating around 300 locations across 16 states, Belk offers apparel, footwear, home furnishings, jewelry, beauty products, and more. Belk suffered a cyberattack between May 7 and 11, 2025, where an unauthorized party accessed corporate systems and stole some internal documents. – https://securityaffairs.com/179958/data-breach/belk-hit-by-may-cyberattack-dragonforce-stole-150gb-of-data.html

NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure

(Jonathan Greig – The Record – 15 July 2025) Senior cybersecurity officials at the National Security Agency and FBI said the agencies have been successful in addressing some of the Chinese cyber campaigns targeting critical infrastructure in the U.S. During the International Conference on Cyber Security at Fordham University in New York City on Tuesday, experts spoke at length about Beijing’s so-called Typhoon campaigns — which have involved Chinese government and private sector groups launching attacks on U.S. government agencies and companies. Kristina Walter, director of the NSA’s Cybersecurity Collaboration Center, focused on Volt Typhoon, an effort by Chinese actors to preposition themselves on U.S. critical infrastructure for disruptive or destructive cyberattacks in the event of a kinetic conflict centered around Taiwan. – https://therecord.media/china-typhoon-hackers-nsa-fbi-response

Google says ‘Big Sleep’ AI tool found bug hackers planned to use

(Jonathan Greig – The Record – 15 July 2025) Google said a large language model it developed to find vulnerabilities recently discovered a bug that hackers were preparing to use. Late last year, Google announced an AI agent called Big Sleep — a project that evolved out of work on vulnerability research assisted by large language models done by  Google Project Zero and Google DeepMind. The tool actively searches and finds unknown security vulnerabilities in software. On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.” – https://therecord.media/google-big-sleep-ai-tool-found-bug

Abacus dark web drug market goes offline in suspected exit scam

(Bleeping Computer – 15 July 2025) Abacus Market, the largest Western darknet marketplace supporting Bitcoin payments, has shut down its public infrastructure in a move suspected to be an exit scam. Exit scams occur when the operator of a marketplace decides to vanish with the money they hold in escrow for various transactions between platform users. Blockchain intelligence firm TRM Labs reports that Abacus shutting down so abruptly has all the indications of either an exit scam or a covert law enforcement operation dismantling the activity. – https://www.bleepingcomputer.com/news/security/abacus-dark-web-drug-market-goes-offline-in-suspected-exit-scam/

North Korean XORIndex malware hidden in 67 malicious npm packages

(Bleeping Computer – 15 July 2025) North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation. Socket researchers say that the campaign follows threat activity detected since April. Last month, the same actor infiltrated npm with 35 packages that dropped information stealers and backdoors onto developers’ devices. – https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/

Frontiers

Starlink says SpaceX targeting 2026 for launch of Starship-ready terabit satellites

(The Register – 16 July 2025) Elon Musk’s space broadband service Starlink has hinted that Elon Musk’s Starship will be ready for commercial flights in 2026. Starlink on Tuesday posted a network update in which it discussed its third-generation satellites, each of which can provide “over a terabit per second of downlink capacity and over 200 Gbps of uplink capacity to customers on the ground.”. The spec of the third-gen sats has been public knowledge for months. The network update adds a useful nugget of info by stating “SpaceX is targeting to begin launching its third-generation satellites in the first half of 2026.” – https://www.theregister.com/2025/07/16/starlink_network_update/