Governance/Regulation/Legislation

OECD warns on cybersecurity regulation fragmentation

(DigWatch) The Organisation for Economic Co-operation and Development (OECD) has published a policy paper warning that growing fragmentation in cybersecurity regulation is increasing compliance burdens, weakening international cooperation, and potentially diverting resources away from core security work. The paper, ‘Towards international coherence of cybersecurity regulations’, examines how diverging rules across jurisdictions and sectors are creating a complex regulatory landscape for governments and businesses. It says fragmentation can stem from differing national security priorities, sector-specific frameworks, legacy rules, protectionist measures, crisis-driven policymaking, overlapping mandates, and the absence of shared definitions. – https://www.oecd.org/en/publications/towards-international-coherence-of-cybersecurity-regulations_bd1f199a-en.html

Study says AI is rewiring global trade and reshaping economic power

(DigWatch) A new Allianz Research report argues that AI is transforming global trade, supply chains, digital infrastructure, and geopolitical influence. The report says AI growth increasingly depends on global semiconductor production, cloud infrastructure, hyperscale data centres, and cross-border digital services. It also argues that trade is increasingly shaped by who controls AI infrastructure, data flows, and cloud capacity. – https://acredia.at/wp-content/uploads/2026/05/2026-05-21-ai-trade-AZT.pdf

Netherlands leads Europe’s accelerating AI race

(DigWatch) The Netherlands continues to lead Europe in AI adoption, with 61% of Dutch companies using AI compared with a European average of 54%, according to the ‘Unlocking the Netherlands’ AI Potential’ report by Strand Partners, commissioned by Amazon Web Services. Adoption has risen from 49% a year earlier, reflecting the growing use of AI tools across Dutch businesses. Companies already using AI report measurable benefits, with 80% saying innovation has accelerated over the past two years and 76% reporting productivity improvements. Another 81% expect AI to contribute to business growth over the next year. – https://www.techzine.eu/news/analytics/141608/the-netherlands-is-europes-ai-leader-but-a-gap-is-looming/

Europe strengthens quantum ambitions with top scientists and researchers

(DigWatch) Leading quantum scientists and Nobel Prize laureates met in Brussels as the European Commission advanced discussions on the future of Europe’s quantum ecosystem, industrial strategy, and technological competitiveness. The Top-level Advisory Board on Quantum Technologies meeting focused on the EU’s next steps in quantum policy, funding, and commercial uptake. Participants discussed progress on the Quantum Europe Strategy, the forthcoming Quantum Act, and quantum priorities under the next Multiannual Financial Framework. – https://digital-strategy.ec.europa.eu/en/news/executive-vice-president-virkkunen-meets-europes-top-quantum-scientists

European Commission marks .eu anniversary with internet governance focus

(DigWatch) The European Commission has marked the 20th anniversary of the .eu top-level domain, presenting it as a symbol of European identity online and an element of Europe’s technological sovereignty agenda. The milestone was celebrated during the 2026 European Internet Governance Dialogue in Brussels, where policymakers, technical experts, businesses, civil society representatives, and other stakeholders discussed the future of global internet governance. – https://dig.watch/updates/european-commission-marks-eu-anniversary-with-internet-governance-focus

Geostrategies

Kenya, Morocco and Nigeria lead AfCFTA digital infrastructure rollout

(DigfWatch) The African Continental Free Trade Area (AfCFTA) Secretariat has selected Kenya, Morocco, and Nigeria as the first countries to implement a digital public infrastructure initiative designed to support cross-border trade. The initiative, known as Africa Digital Access and Public Infrastructure for Trade (ADAPT), aims to connect digital identity, trusted data exchange, and interoperable payment systems to reduce friction in intra-African commerce. – https://dig.watch/updates/kenya-morocco-nigeria-digital-infrastructure

Dutch Government just said no to an American firm buying the keys to their digital State

(Pierluigi Paganini – Security Affairs) Dutch Government told Kyndryl it can’t buy Solvinity. That sentence doesn’t sound dramatic, but what it means is this: a European government just blocked an American IT company from acquiring the firm that runs DigiD, the platform Dutch residents use to book a doctor’s appointment, buy a house, file their taxes, and interact with virtually every public service in the country. The deal was worth roughly €100 million. The Dutch government said no anyway. “The Dutch government is blocking a United States-based company’s attempts to acquire a key online identification IT supplier.” reads the post published by Politico. – https://securityaffairs.com/192719/security/dutch-government-just-said-no-to-an-american-firm-buying-the-keys-to-their-digital-state.html

Security and Surveillance

Iranian intelligence service behind hack of LA transit system, researchers say

(Suzanne Smalley – The Record) Iranian hackers working for the country’s intelligence service were behind the March breach of the Los Angeles County Metropolitan Transportation Authority (LACMTA), according to new research from an Israeli security firm. The hacking group claimed to be a standalone hacktivist crew but actually has ties to the Ministry of Intelligence of the Islamic Republic of Iran (MOIS), researchers at Gambit Security said in a report published Tuesday. The hacking group called itself Ababil of Minab, after the city where more than 175 teachers and children were killed in an Iranian school. The group took credit for the LACMTA breach early on, saying it exfiltrated the transit system’s data and destroyed its infrastructure. – https://therecord.media/iranian-intelligence-behind-hack-of-la-transit-system

EU adopts unified cyber incident reporting templates under NIS2

(DigWatch) The NIS Cooperation Group has adopted common templates for cybersecurity incident reporting across the EU, marking a step towards more harmonised compliance requirements for companies subject to the NIS2 Directive. The templates were adopted during the group’s 39th plenary meeting in Cyprus and are intended to provide a uniform format for reporting cyber incidents across member states. The NIS Cooperation Group brings together the EU member states, the European Commission, and the EU Agency for Cybersecurity (ENISA) as part of wider EU cybersecurity coordination efforts. – https://digital-strategy.ec.europa.eu/en/news/nis2-cooperation-group-adopts-common-templates-incident-reporting

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

(Kevin Poireault – Infosecurity Magazine) The Chinese phishing-as-a-service (PhaaS) landscape has been rapidly growing in size and sophistication over the past few month, Google researchers have warned. Cyber threat actors operating mature phishing services, many of whom are likely tied to the broader Asian criminal ecosystem, have largely shifted from static password harvesting to real-time interception and tokenization. One group, operating the ‘Lighthouse’ SMS phishing (smishing) kit, was subject to a lawsuit filed by Google in November 2025. However, it was just the tip of the iceberg. In a new report published on May 25, Google Threat Intelligence Group (GTIG) said it observed at least a dozen other active PhaaS offerings in the Chinese underground. – https://www.infosecurity-magazine.com/news/chinese-phishing-live-credential/

BTMOB Android RAT Spreads Through No-Code Builder Tooling

(Alessandro Mascellino – Infosecurity Magazine) An Android remote access trojan (RAT) that lets buyers build their own custom payloads without writing a line of code has been observed spreading through phishing campaigns across Brazil and beyond. According to new analysis from ESET, the malware, known as BTMOB, pairs phishing-based delivery with a packaged app-building tool and full device takeover. First documented in February 2025, BTMOB evolved from the earlier SpySolr family and extends beyond a typical banking trojan. Rather than only chasing financial credentials, it can exfiltrate data, capture screenshots, record on-device activity and hand operators remote control of the phone. – https://www.infosecurity-magazine.com/news/btmob-android-rat-maas-builder/

India’s CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws

(Alessandro Mascellino – Infosecurity Magazine) Organizations in India have been urged to patch actively exploited internet-facing vulnerabilities within 12 hours under new guidance that responds to the speed AI now brings to cyber-attacks. According to new guidance from the Indian Computer Emergency Response Team (CERT-In), attackers are using AI to compress the time between finding and exploiting a weakness, shrinking the window defenders have to respond. The document, published on May 25, maps how generative AI, large language models (LLMs) and autonomous agents are accelerating reconnaissance, vulnerability discovery, phishing and malware development. –  https://www.infosecurity-magazine.com/news/cert-in-12-hour-patch-deadline-ai/