Governance/Regulation/Legislation

Google and UNICEF launch AI-focused education partnership

(DigWatch) Google and UNICEF have launched a global partnership focused on AI-supported education initiatives and digital learning infrastructure. The initiative, funded through Google.org, will initially focus on Brazil, India, Pakistan, and Kenya. According to the organisations, the programme will address areas including literacy, numeracy, teacher support, and digital access. – https://blog.google/products-and-platforms/products/education/partnering-with-unicef-to-support-innovation-in-education-across-the-globe/

DIGITALEUROPE urges stronger EU-US digital cooperation

(DigWatch) DIGITALEUROPE has called for the rapid implementation of the EU-US trade deal and the launch of a broader transatlantic digital dialogue. The organisation said commitments under the Turnberry Agreement should be implemented to provide greater predictability for businesses. DIGITALEUROPE said progress on implementing legislation is important for timely adoption of the agreement. The organisation also highlighted the importance of cooperation on digital resilience and competitiveness between the EU and the United States. – https://www.digitaleurope.org/news/digitaleurope-calls-for-swift-adoption-of-eu-us-trade-deal-and-launch-of-eu-us-digital-dialogue-2

World Economic Forum highlights growing role of AI in public administration

(DigWatch) The World Economic Forum (WEF) has highlighted the growing role of AI in public administration and digital government systems. According to Ahmed Tamim Hisham Al Kuttab of the Abu Dhabi Department of Government Enablement, future public services may become more automated and integrated across agencies – https://dig.watch/updates/world-economic-forum-highlights-growing-role-of-ai-in-public-administration

New Zealand outlines public service reforms focused on digital systems and AI

(DigWatch) New Zealand has announced public service reforms aimed at improving efficiency, reducing duplication and expanding digital systems across government operations. Public Service Minister Paul Goldsmith outlined plans to streamline departments and expand the use of digital systems and AI in public administration. The government said the reforms respond to public sector growth that has increased in recent years. – https://dig.watch/updates/ai-digitisation-new-zealand-reform-strategy

UN experts raise concerns over online pornography platforms and digital intermediaries

(DigWatch) UN human rights experts have raised concerns about the role of online pornography platforms, payment providers, and internet companies in enabling and monetising sexual exploitation and non-consensual content involving women and girls. In a statement released in Geneva, the experts focused on Pornhub and its parent company Aylo Holdings, while also referencing broader concerns involving user-generated pornography platforms, payment networks, and search and technology companies linked to online distribution systems. – https://www.ohchr.org/en/press-releases/2026/05/un-experts-alarmed-complicity-online-pornographic-platforms-and-other

Hong Kong checks AI privacy compliance across sectors

(DigWatch) Hong Kong’s Office of the Privacy Commissioner for Personal Data has completed compliance checks on 60 organisations to assess how AI use affects personal data privacy. The checks, launched in January 2026, covered sectors including banking and finance, education, government departments, insurance, medical services, telecommunications, transport, accounting, food and beverage, logistics, property management, and innovation and technology. The PCPD found no contravention of the Personal Data (Privacy) Ordinance during the exercise. – https://www.pcpd.org.hk/english/news_events/media_statements/press_20260519.html

Geostrategies

Singapore expands implementation of National AI Strategy 2.0

(DigWatch) Singapore has outlined the continued implementation of its National AI Strategy 2.0, focusing on expanding AI adoption and innovation across sectors. According to officials, the strategy is intended to strengthen Singapore’s AI capabilities and international cooperation. – https://www.smartnation.gov.sg/initiatives/national-ai-strategy/

Defense/Intelligence/Warfare

Ukraine says Russia is deploying AI-powered malware on the battlefield

(Daryna Antoniuk – The Record) Russia’s use of artificial intelligence in its cyberwar against Ukraine has expanded beyond fake news and propaganda campaigns, according to Ukrainian government officials. Moscow is now embedding AI directly into malware to generate malicious commands “on the fly.”. A new report from Ukraine’s National Security and Defense Council says Russia’s use of AI across cyber operations expanded dramatically over the past year, reshaping everything from social engineering campaigns to malware development and creating what Ukrainian officials describe as a growing imbalance between attackers and defenders. For years, researchers tracked Russia’s use of artificial intelligence primarily in influence operations — generating fake content for disinformation campaigns and online manipulation efforts. But Ukraine says the technology is increasingly being embedded in cyber operations themselves. – https://therecord.media/ukraine-says-russia-using-ai-malware-on-battlefield

Security and Surveillance

Hackers using AI just found a ‘zero-day.’ The spyware industry is watching

(Jen Roberts – Atlantic Council) For the first time, hackers have used AI to discover and exploit a cybersecurity flaw with no known fix, known as a “zero-day.”. Spyware companies that hack into devices for the purpose of surveillance and data extraction are primed to exploit this new opportunity. In response, policymakers should invest in defensive AI and crack down harder on spyware. – https://www.atlanticcouncil.org/dispatches/hackers-using-ai-just-found-a-zero-day-the-spyware-industry-is-watching/#bluf3

AI Agents Are Here. Security Must Be an Accelerator for AI Transformation

(Herain Oberoi – Infosecurity Magazine) AI agents are no longer experimental. They now plan, decide, and act across enterprise systems, reading files, invoking tools, executing workflows, and communicating with other agents, at times with minimal human intervention. Adoption is accelerating rapidly: most enterprise leaders expect to deploy agents within the next 12 to 18 months, and large organizations will likely manage tens of thousands of them operating concurrently. As agent capabilities have been advancing, security controls need to adapt. Most organizations are still relying on security controls designed for human users and static applications. That mismatch is surfacing concrete risks: uncontrolled agent sprawl, excessive access privileges, data oversharing, AI‑native attacks like prompt injection and memory poisoning, and regulatory blind spots caused by limited visibility into agent behavior. As agents are being deployed, security and risk leaders need to identify and resolve blind spots before they outpace controls.https://www.infosecurity-magazine.com/opinions/agents-are-here-security-must-be/

Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

(Phil Muncaster – Infosecurity Magazine) Vulnerability exploitation has overtaken compromised credentials for the first time in nearly two decades as the most common initial access vector for data breaches, according to Verizon. The tech giant’s Data Breach investigations Report (DBIR) has been providing threat landscape insight to industry professionals for 19 years, based as it is on a variety of Verizon, incident response, law enforcement and industry data on real breaches and incidents. The latest edition revealed that nearly a third (31%) of data breaches over the past year started with vulnerability exploitation. This is up from 20% in last year’s report. That made it the top initial access vector, with credential abuse down from 22% to 13%. – https://www.infosecurity-magazine.com/news/verizon-dbir-exploits-top-access/

CNIL reports record complaints and data breaches

(DigWatch) The French data protection authority CNIL reported a record year in 2025 for complaints, fines and data breach notifications, while preparing for new responsibilities under the EU AI Act. CNIL received 20,150 complaints in 2025, up 10% from 2024. The complaints covered issues linked to work, commerce, real estate, social networks and data breaches, with around 1,900 complaints directly concerning breaches. – https://www.cnil.fr/en/annual-report-2025

Financial institutions increase cyber defences following AI security findings

(DigWatch) Banking institutions across the United States, Europe, and Japan are strengthening cybersecurity measures following the identification of new vulnerabilities through AI-assisted security analysis tools. The findings have increased discussion around how AI may affect cyber risks across financial infrastructure. Security teams are reviewing legacy system vulnerabilities and accelerating remediation efforts, according to sector reports. Smaller institutions are relying on intelligence shared by larger banks, while regulators warn that inaction increases exposure to coordinated cyberattacks. – https://www.weforum.org/stories/2026/05/banks-race-to-patch-cyber-vulnerabilities-and-other-cybersecurity-news/

Interpol warns AI is increasing scale and accessibility of cybercrime

(DigWatch) Interpol said AI tools are changing cybercrime operations by lowering technical barriers and enabling broader use of online fraud techniques. Interpol Cybercrime Director Neal Jetton said AI tools, including chatbots and automated phishing services, can enable individuals with limited technical expertise to conduct online scams. According to Interpol, phishing-as-a-service models and AI-generated content are contributing to more scalable fraud campaigns. –  https://dig.watch/updates/ai-driving-a-surge-in-cybercrime-warns-interpol

China-Linked Webworm APT Evolves Tactics, Expands to European Targets

(Beth Maundrill – Infosecurity Magazine) The China-aligned advanced persistent threat (APT) group Webworm has expanded its victim list beyond Asia, shifting focus to European governmental organizations as it evolves its tactics. Analysis of Webworm activity in 2025 by ESET researchers found it targeting government organizations in Belgium, Italy, Poland, Serbia and Spain. The group is known for its cyber espionage campaigns. Speaking during ESET World in Berlin on 19 May, Robert Lipovsky, principal threat researcher at ESET, said that there was not necessarily a correlation among the victim organizations and the operation seemed to be “semi-opportunistic”. – https://www.infosecurity-magazine.com/news/webworm-apt-evolves-tactics/

Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

(Phil Muncaster – Infosecurity Magazine) Security researchers have sounded the alarm over new scareware designed to lock users’ browsers and drive them to fraudulent tech support teams. Since the start of 2026, Barracuda researchers said they have observed around 2.8 million attacks which used the scareware dubbed CypherLoc. According to the cybersecurity firm, the CypherLoc campaign usually begins with a phishing email that directs the victim to a malicious web page through a link embedded in the email or in an attachment. – https://www.infosecurity-magazine.com/news/researchers-cypherloc-scareware/

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

(Kevin Poireault – Infosecurity Magazine) The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 internal repositories. The breach was detected on May 19 and likely comes from a “poisoned” Visual Studio Code (VS Code) extension found by the GitHub security team on an employee device, GitHub confirmed on social media.VS Code is a free, open-source code editor developed by Microsoft. It is often used with GitHub Copilot, an AI coding assistant. – https://www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

(Alessandro Mascellino – Infosecurity Magazine) The Mini Shai-Hulud worm has resurfaced in one of its largest single-registry waves to date, hitting hundreds of npm packages tied to the AntV data visualization ecosystem in a coordinated burst lasting around an hour. According to new analysis by Socket’s Threat Research Team, the attack began around 01:56 UTC on May 19 and pushed 639 malicious versions across 323 unique packages before stopping roughly an hour later. Microsoft, which has previously published Defender protection guidance for the broader Mini Shai-Hulud campaign, has also provided updates from its own investigation into the new supply chain attack via X on Tuesday, May 19. Several affected packages are high-download npm dependencies, including echarts-for-react, size-sensor, @antv/scale, and timeago.js, among others. The compromised npm maintainer account, “atool,” held publish rights to more than 500 packages. – https://www.infosecurity-magazine.com/news/antv-npm-mini-shai-hulud-largest/