Governance/Regulation/Legislation

The evolving road from dial ups to qubits

(UNIDIR) From dial-up modems and binary code to artificial intelligence (AI) and the emerging quantum computing leap, the information and communication technology (ICT) environment is evolving at a pace few could have imagined. With every new capability that unlocks opportunity also comes new avenues for potential misuse. Alongside these technological advancements, States have spent more than two decades discussing how to govern responsible State behaviour in the ICT environment, culminating in the establishment of a new permanent mechanism – the Global Mechanism on ICTs in the context of international security. As governance frameworks struggle to keep pace with the rapidly shifting digital landscape, the need for sustained, coordinated multilateral action has never been more evident. – https://unidir.org/the-evolving-road-from-dial-ups-to-qubits/

AI for Peace Summit highlights push for African-led innovation

(DigWatch) A growing push for African-led AI development is shaping discussions on peace, governance, and security across the continent. At the AI for Peace Summit hosted at the Humanitarian Peace Support School in Nairobi, stakeholders called for AI systems better tailored to African governance, security, and resilience challenges. – https://dig.watch/updates/ai-for-peace-summit-push-african-led-innovation

Azerbaijani MP highlights AI’s legal status at Intellectual Property Forum

(Farida Mammadova – Trend News Agency) One of the key topics of discussion is the legal status of artificial intelligence systems, MP Hijran Huseynova said at the roundtable “Innovation Potential: Intellectual Property + Artificial Intelligence” on the occasion of World Intellectual Property Day, Trend reports. MP stressed that some experts believe that artificial intelligence should not be regarded as a separate legal entity, but merely as a tool or a commodity. According to another approach, the ability of artificial intelligence to make decisions independently calls for a more in-depth examination of its legal status. – https://www.trend.az/azerbaijan/society/4178488.html

Geostrategies

Malaysia deepens national AI partnership with Microsoft, expanding whole-of-nation skilling across educators, enterprises, and communities

(Microsoft) Malaysia’s Ministry of Digital and Microsoft announced the launch of Microsoft Elevate, an expanded national AI capacity building initiative to strengthen Malaysia’s AI readiness, aligned with the country’s AI Nation 2030 ambitions. Officiated by YB Gobind Singh Deo, the partnership broadens the scope of Malaysia’s AI skilling agenda to include educators, micro, small and medium enterprises (MSMEs), retired servicemen and women, learning institutions, and members of the civil service. Delivered in partnership with the National AI Office (NAIO), Sekretariat Majlis TVET Negara alongside Biji-biji Initiative & Mereka, this initiative reflects a whole-of-nation commitment to ensuring every segment of Malaysian society is prepared for the AI era. – https://news.microsoft.com/source/asia/features/malaysia-deepens-national-ai-partnership-with-microsoft-expanding-whole-of-nation-skilling-across-educators-enterprises-and-communities/

Beijing bets on embodied intelligence to secure structural power

(Leci Zhang, Yiran Xing – East Asia Forum) China is broadening its AI strategy from a focus on artificial general intelligence to an ‘AI+’ model centred on industrial deployment, with embodied intelligence positioned as a driver of economic restructuring, labour substitution and influence over global supply chains and international standards. Rapid investment and policy support signal strong momentum, but technological fragmentation, uncertain commercial returns and unresolved challenges around scalability and reliability mean China’s ability to convert early gains into lasting industrial leadership remains uncertain. – https://eastasiaforum.org/2026/04/23/beijing-bets-on-embodied-intelligence-to-secure-structural-power/

Security and Surveillance

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

(Pierluigi Paganini – Security Affairs) A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal partners discovered the scheme that also targeted government agencies, universities, and private firms. U.S. export controls limit sharing sensitive technology, and NASA’s OIG enforces them to protect critical data and defense-related assets. Investigators uncovered a long-running phishing scheme in which Chinese national Song Wu impersonated a trusted aerospace professor to trick targets into sharing export-controlled software and source code. Between 2017 and 2021, he targeted dozens of victims across NASA, the U.S. military, government agencies, universities, and private firms. “According to U.S. Attorney Buchanan, the indictment, and other information presented in court: Song allegedly engaged in a multi-year “spear phishing” email campaign in which he created email accounts to impersonate U.S.-based researchers and engineers and then used those imposter accounts to obtain specialized restricted or proprietary software used for aerospace engineering and computational fluid dynamics.” reads the press release published by DoJ in 2024. “This specialized software could be used for industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons.” – https://securityaffairs.com/191347/intelligence/chinese-spy-posed-as-researcher-in-spear-phishing-campaign-targeting-nasa-to-steal-defense-software.html

Linkedin Browsergate

(Pierluigi Paganini – Security Affairs) BrowserGate is an investigation conducted by Fairlinked (https://browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis: every time one of the billions of users visits linkedin.com, hidden code scans the computer for installed software, collects the results, and transmits them to LinkedIn servers and third-party companies, including a US-Israeli cybersecurity firm. The user is never informed nor asked for consent. LinkedIn’s privacy policy makes no mention of it. – https://securityaffairs.com/191383/security/linkedin-browsergate.html

Fast16: Pre-Stuxnet malware that targeted precision engineering software

(Pierluigi Paganini – Security Affairs) SentinelOne uncovered Fast16, a sabotage malware used in 2005, years before Stuxnet. The malicious code is written in Lua and targeted high-precision calculation software, altering results and spreading across systems. The malware appeared in the ShadowBrokers leak of NSA tools, and evidence suggests it may have been developed by the United States, highlighting early cyber operations linked to tensions with Iran. Researchers traced early advanced malware design by searching for the first use of embedded Lua engines, a feature later seen in tools like Flame and Project Sauron. Lua enables modular, flexible malware without recompilation. The analysis led to a 2005 sample, svcmgmt.exe, which contained an embedded Lua VM and encrypted bytecode. Though it looked like a simple service binary, deeper analysis revealed a sophisticated implant with encryption, Windows API access, and modular design. A debug path linked it to the fast16.sys driver, tying it to the early Fast16 framework. The carrier svcmgmt.exe acts as a modular loader, using encrypted Lua payloads and “wormlets” to spread across Windows systems via network shares, while avoiding detection by checking for security tools. It can also deploy the kernel driver for deeper control. – https://securityaffairs.com/191325/malware/fast16-pre-stuxnet-malware-that-targeted-precision-engineering-software.html

U.S. utility giant Itron discloses a security breach

(Pierluigi Paganini – Security Affairs) Itron disclosed a cyber incident involving unauthorized access to part of its internal IT systems, detected on April 13, 2026. The company activated its incident response plan, engaged external cybersecurity experts, and notified law enforcement to investigate and contain the intrusion. The company reported that no unauthorized activity was seen in the customer-hosted portion of its systems, which is an important detail because Itron works with utility infrastructure and critical operational environments. “On April 13, 2026, Itron, Inc. (the “Company” or “Itron”) was notified that an unauthorized third party had gained access to certain of its systems. The Company activated its cybersecurity response plan and launched an investigation with the support of external advisors to assess, mitigate, remediate, and contain the unauthorized activity. The Company’s response efforts included proactively notifying law enforcement.” reads the FORM 8-K report filed with SEC. – https://securityaffairs.com/191360/data-breach/u-s-utility-giant-itron-discloses-a-security-breach.html

European Cybersecurity Certification Week 2026: Advancing EU Cybersecurity in Cyprus

(European Commission) The European Cybersecurity Certification Week, hosted by the Cyprus Presidency of the Council of the EU, took place from 14 to 17 April in Ayia Napa. This conference brought together policymakers, industry experts, conformity assessment bodies, and national authorities to shape the future of EU cybersecurity certification. Organised by the European Union Agency for Cybersecurity (ENISA) in close collaboration with the European Commission, the events during the week fostered critical discussions on strengthening Europe’s cyber resilience through harmonised certification frameworks. – https://digital-strategy.ec.europa.eu/en/news/european-cybersecurity-certification-week-2026-advancing-eu-cybersecurity-cyprus

US Sanctions Target Cambodian Scam Network Leaders

(Alessandro Mascellino – Infosecurity Magazine) A Cambodian network accused of orchestrating large-scale cryptocurrency fraud has been hit with US sanctions targeting senior figures and associated entities. The Office of Foreign Assets Control (OFAC)  last week named Senator Kok An among 29 individuals and organizations allegedly involved in schemes that defrauded American victims of millions of dollars. The operation centers on scam compounds across Cambodia, many of which are embedded within casinos and commercial buildings. Victims are reportedly approached through social engineering tactics, including romance-based outreach and fraudulent investment offers, before being persuaded to transfer digital assets to platforms controlled by attackers. – https://www.infosecurity-magazine.com/news/us-sanctions-cambodian-scam-network/

Widely Used Browser Extensions Selling User Data

(Alessandro Mascellino – Infosecurity Magazine) Dozens of widely used browser extensions have been collecting and selling user data with explicit disclosure in their privacy policies, a LayerX Security study has found. The browser security firm has identified more than 80 extensions that reserve the right to sell user data. These include tools across categories such as streaming, ad blocking and productivity, with millions of combined installations. “Unlike malicious extensions that disguise themselves as legitimate extensions and do their bidding in the dark, these extensions explicitly tell users that they’re going to collect and sell their data. It’s right there in the Privacy Policy; except that nobody reads it,” LayerX Security said. The report also claimed that 71% of Chrome Web Store extensions do not publish a privacy policy. This would leave over 73% of users with at least one installed extension that offers no visibility into how their data is handled. – https://www.infosecurity-magazine.com/news/browser-extensions-sell-user-data/

BlackFile Group Targets Retail and Hospitality with Vishing Attacks

(Phil Muncaster – Infosecurity Magazine) Security researchers have revealed details of a new extortion group that has been actively targeting retail and hospitality businesses since February 2026. Palo Alto Networks’ Unit 42 teamed up with the Retail and Hospitality Information Security and Analysis Center (RH-ISAC) to publish a new report on April 23, Extortion in the Enterprise: Defending Against BlackFile Attacks. It detailed financially-motivated activity linked to the activity cluster CL-CRI-1116, which the authors said overlaps with public reporting on BlackFile, UNC6671 and Cordial Spider, and is likely to be associated with notorious collective “The Com.” – https://www.infosecurity-magazine.com/news/blackfile-group-targets-retail/

Defense/Intelligence/Warfare

Ukraine, Norway to jointly produce mid-strike drones

(Polina Moroziuk – The Kyiv Independent) Ukraine and Norway will launch joint production of Ukrainian-designed mid-strike drones, with several thousand units planned for the Armed Forces of Ukraine, Ukraine’s Defense Ministry said on April 27. The project follows a defense declaration signed by Ukraine and Norway on April 14 in Oslo, where President Volodymyr Zelensky and Prime Minister Jonas Gahr Stoere agreed to deepen military cooperation, including joint drone production, as part of a broader strategic partnership. “Projects like joint production and guaranteed supply of drones directly strengthen our forces on the battlefield,” Defense Minister Mykhailo Fedorov said. – https://kyivindependent.com/ukraine-norway-to-launch-joint-production-of-mid-strike-drones/

Ukraine to help Poland build ‘modern drone armada,’ Polish PM Tusk says

(Martin Fornusek – The Kyiv Independent) Poland is launching a new project to build a modern drone fleet with the help of Ukrainian technical expertise and European funding, Polish Prime Minister Donald Tusk announced on April 27. “Ukraine has proven itself a partner for countries that want to defend themselves against aerial attacks,” Tusk said at an event in the southeastern Polish city of Rzeszow, where he met Ukrainian Prime Minister Yuliia Svyrydenko. – https://kyivindependent.com/ukraine-to-help-build-polands-drone-fleet-tusk-says/

Frontiers

Quantum computing gains stability boost from NVIDIA error correction model

(DigWatch) NVIDIA has strengthened its position in the emerging quantum computing sector through a new family of AI models designed to improve calibration and error correction in quantum systems. Rather than building its own quantum processing hardware, the company continues to focus on hybrid computing architectures that combine classical GPUs with quantum processors. The new system reportedly improves quantum error correction decoding by up to 2.5 times in speed and three times in accuracy, addressing one of the most persistent barriers to scalable quantum computing. High error rates have long limited the practical deployment of quantum systems, making stability and fast correction central challenges for the industry. – https://dig.watch/updates/quantum-computing-gains-stability-boost-from-nvidia-error-correction-model

TETFund Set to establish Six AI, Robotics Centres in Nigerian Universities

(Nigeria’s TETFund) The Tertiary Education Trust Fund (TETFund) has concluded plans to establish six new Centres of Excellence with specialization in Robotics, Coding, Artificial Intelligence, Machine Learning and Cybersecurity in six universities across the geopolitical zones, thus raising the total number of TETFund-supported Centres of Excellence from 30 to 36. – https://tetfund.gov.ng/news/details/75