Governance, Regulation, Legislation, Geostrategies

UN Cybercrime Convention Protocol talks reveal competing visions

(DigWatch) The process of developing a supplementary protocol to the UN Convention against Cybercrime has begun, with early state submissions already showing competing views over its scope and timing. The Ad Hoc Committee Secretariat invited preliminary written inputs on the possible scope, objectives and structure of a draft protocol supplementary to the Convention, also known as the ‘Hanoi Convention’. The mandate follows UN General Assembly resolution 79/243, which asked the Committee to negotiate a draft protocol addressing, among other issues, additional criminal offences. – https://dig.watch/updates/un-cybercrime-convention-protocol-talks-reveal-competing-visions

AI ‘Regulation’ in the Chokepoint State

(J. Benton Heath – Just Security) President Donald Trump’s recent executive order on artificial intelligence is being treated as a “shift” in the administration’s approach to tech regulation. It is welcomed as a cautious step toward responsible risk regulation, hailed as a qualified victory for tech critics, and framed as the outcome of “months of debate” within the administration over important matters of principle. But this story misses the important ways that the executive order marks a continuation of the Trump administration’s preferred mode of governing. Trumpian regulation is premised on broad executive discretion, bypassing ordinary rulemaking procedures and, as far as possible, judicial accountability. Where the coercive power of the federal government is insufficient, Trumpian regulation works by building strategic alliances with self-interested private sector elites. And it is premised on control over the circulation of goods, funds, and information. These all-too-common regulatory techniques have roots far deeper than the current presidency, but they are particular hallmarks of the second Trump administration’s approach to executive power. And they are all on display in the new AI order. Viewed in this way, the order is not a “pivot” for the Trump administration, but just the latest page in the same playbook. – https://www.justsecurity.org/141306/ai-eo-regulation-chokepoint-state/

What Trump’s National Security AI Memo Gets Right—and Leaves Unresolved

(Council on Foreign Relations) President Donald Trump signed National Security Presidential Memorandum 11 (NSPM-11) on June 5, directing U.S. national security agencies to accelerate artificial intelligence (AI) adoption and revoking certain restrictions imposed by President Joe Biden’s administration. The memo is the national security complement to Trump’s broader AI agenda, which has sought to accelerate U.S. AI development, roll back Biden-era oversight requirements, and maintain U.S. technological dominance over China. Notably, the memorandum requires agencies to terminate contracts with AI companies that repeatedly limit government use of their technology (largely considered a response to the Pentagon’s legal battle with AI firm Anthropic), orders the Defense Department to update its policy on autonomous weapons, and vests accountability for AI use within the military chain of command rather than external regulators. –  https://www.cfr.org/articles/what-trumps-national-security-ai-memo-gets-right-and-leaves-unresolved

Beyond Tech-Facilitated Gender-Based Violence: The Committee on the Elimination of Discrimination against Women, Gender, and the Governance of Digital Economies in ASEAN

(Vashti Ortego – Just Security) The Committee on the Elimination of Discrimination against Women (CEDAW Committee) is not typically associated with AI, sovereign wealth funds, or digital infrastructure investment. Yet across Southeast Asia, the CEDAW framework, particularly through the CEDAW Committee’s recent concluding observations, is quietly becoming a normative force in the governance of digital economies. The Convention on the Elimination of All Forms of Discrimination against Women (CEDAW), ratified by 189 States Parties, is often described as the international bill of rights for women. Its implementation is monitored by the CEDAW Committee, a body of 23 elected independent experts mandated under Article 17 of the Convention. Pursuant to Article 18, States Parties periodically report to the Committee on measures adopted to give effect to the Convention, generating a constructive dialogue process through which the Committee assesses compliance, elaborates the normative content of treaty obligations, and issues concluding observations interpreting State obligations under the Convention. Although concluding observations are not formally binding in the same manner as treaty text, they nonetheless carry significant interpretive and normative authority within the international human rights system. As outputs of the treaty monitoring process established under the Convention, they shape understandings of State compliance, influence domestic and regional policymaking, guide civil society advocacy, and contribute to the evolving interpretation of treaty obligations. While much attention has focused on technology-facilitated gender-based violence, including in an initial position paper by the CEDAW Working Group on Gender-Based Violence, this framing captures only part of the story. In its periodic review of Singapore, for example, the Committee calls for gender-responsive budgeting across all sectors of government, an intervention that directly shapes how digital infrastructure and innovation are financed. Comparable dynamics emerge across multiple ASEAN country reviews. Although similar patterns are visible in the Committee’s engagement with states beyond the region, this article focuses on how the shift is unfolding across Association of Southeast Asian Nations (ASEAN) member states, including Thailand, Singapore, Malaysia, Vietnam, and the Philippines. In these reviews, the Committee is doing something more ambitious: embedding gender equality norms into the governance of digital economies, innovation systems, and platform infrastructures. CEDAW’s constructive dialogue process functions as a site of authoritative norm elaboration for the governance of digital economies, articulating what gender equality requires of AI systems, digital supply chains, and platform governance, and introducing a rights-based logic that regional frameworks have so far failed to supply. The Committee operates not only by addressing online harms such as technology-facilitated sex trafficking, cybergrooming, online hate speech, the non-consensual dissemination of intimate images, but also by shaping the political economy of digital development in ASEAN member states through investment and market regulation, the architecture of AI and innovation systems, and the operational practices of platform governance. This evolution raises important questions about how far this role can and should be developed, and what a more deliberate version of it would look like. – https://www.justsecurity.org/138217/gendered-governance-digital-economies-asean/

UK to test AI legal assistants to help reduce court delays

(DigWatch) The UK government will develop and test AI legal assistants as part of a broader set of technology initiatives aimed at reducing court delays and improving the efficiency of the justice system. The Ministry of Justice said the tools will support routine casework, including research and case analysis, before any possible use in the Crown Court. The AI legal assistants will be developed in collaboration with legal professionals and AI developers, with initial testing taking place in controlled environments. The government said the trials will help establish standards for the safe and ethical use of AI in legal settings and ensure any future systems meet the expectations of judges and legal practitioners before wider deployment. – https://www.gov.uk/government/news/ai-tech-ambition-to-deliver-smarter-justice-for-victims

Security & Surveillance

France’s Government Messaging App Tchap Got Breached

(Pierluigi Paganini – Security Affairs) Tchap, the encrypted messaging platform developed by the French government for its civil servants and made mandatory last year, was breached on June 7. ANSSI, France’s cybersecurity agency, detected the intrusion. The vector was straightforward: someone compromised a user account and used it to access the platform. No sophisticated technical exploit, just a stolen account. The attacker claimed responsibility over the weekend before the French Digital Affairs Directorate (DINUM) made any official announcement. They said they got in through a social engineering attack targeting the education shard, specifically matrix.agent.education.tchap.gouv.fr. Their own description of what they found is the more alarming part: they claim to have scraped nearly 650,000 messages, information on over 73,000 accounts, including email addresses and device metadata, and over 13.5GB of documents and media files. – https://securityaffairs.com/193393/security/frances-government-messaging-app-tchap-got-breached.html

Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088

(Pierluigi Paganini – Security Affairs) CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attacker write files outside the extraction directory using NTFS Alternate Data Streams. WinRAR fixed it in version 7.13 in July 2025. Nearly a year later, Trend Micro researchers published an analysis showing two separate Russia-linked APT groups, Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (UAC-0226), are still actively building new exploit samples and delivering fresh lure documents through it. The patch exists. The installations don’t have it. The mechanics of the flaw are worth understanding precisely. Victims receive a RAR archive, typically via spear-phishing email. They open it and see a decoy PDF, something that looks like a Ukrainian court summons, a Ministry of Defense registry, or a military equipment manifest designed to create urgency. In the background, with no warning and no additional user interaction, WinRAR silently writes hidden files to locations outside the extraction directory, including the Windows Startup folder. On the next login, those files execute automatically. – https://securityaffairs.com/193476/apt/russian-apts-still-exploiting-patched-winrar-flaw-cve-2025-8088.html

Study warns of self-replicating AI malware using real-time reasoning

(DigWatch) Cybersecurity researchers have demonstrated an AI-powered computer worm capable of identifying vulnerabilities, generating attack strategies and spreading autonomously across networks. The study suggests that advances in AI agents could enable a new class of adaptive cyber threats capable of operating with minimal or no direct human intervention. The research, conducted by teams from the University of Toronto, Vector Institute, University of Cambridge, and ServiceNow, describes malware that uses large language models to tailor its behaviour to each target. Unlike traditional worms, the system can adapt its attack methods in real time instead of relying solely on pre-programmed exploits. – https://arxiv.org/pdf/2606.03811

Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows

(Pierluigi Paganini – Security Affairs) Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day. The flaw relies on a race condition that can provide attackers with SYSTEM-level privileges, allowing them to execute code with the highest permissions. The exploit was successfully tested on fully updated Windows 10 and Windows 11 systems running the June 2026 Patch Tuesday updates, showing that patched systems may still be vulnerable. – https://securityaffairs.com/193436/security/chaotic-eclipse-unveils-rogueplanet-exploit-targeting-fully-patched-windows.html

Defense, Intelligence, Warfare

Ukrainian Mid-Range Drones Target Russian Logistics

(Yuri Lapaiev – The Jamestown Foundation) On May 27, Ukrainian Defense Minister Mykhailo Fedorov announced the start of a “logistical lockdown” for the Russian army characterized by an increase in Ukrainian “middle strike” drone attacks on the Russian rear to disrupt logistics connecting the occupied territories of Ukraine to Russia. The deterioration of the Russian army’s logistics on the front lines could open a window of opportunity for Ukraine to conduct limited offensive operations until the enemy finds effective ways to counter them. Ukrainian drone strikes are causing problems for the Russian economy, which could have negative political consequences for the Kremlin. While the middle-strike campaign is causing significant military and economic pressure on Russia, it is not by itself a decisive war-winning strategy. – https://jamestown.org/ukrainian-mid-range-drones-target-russian-logistics/

Kenya Defence Forces expands AI capacity-building efforts through new training course

(DigWatch) The Kenya Defence Forces (KDF) has completed the Service Members Basic Artificial Intelligence Course 01/26, a training programme aimed at strengthening AI capabilities among military personnel. The course concluded with a graduation ceremony at the National Military Command Centre in Nairobi. Delivered by the Defence Intelligence Academy in partnership with the Moran AI and Cyber Centre of Excellence and other technology partners, the programme provided participants with foundational knowledge of AI and emerging technologies. The course aimed to equip participants with practical skills relevant to increasingly data-driven security and defence environments. – https://www.mod.go.ke/news/capacity-development-in-artificial-intelligence/

Frontiers

Apple unveils next-generation Siri AI and expanded child safety features

(DigWatch) Apple has unveiled the next generation of Apple Intelligence at WWDC26, introducing a significantly upgraded Siri designed to provide deeper personal context awareness, broader app integration and more advanced conversational capabilities. The new assistant can search across messages, emails and photos, answer questions about on-screen content and access web information to provide more up-to-date responses while maintaining Apple’s privacy-focused approach. – https://www.apple.com/newsroom/2026/06/apple-unveils-next-generation-of-apple-intelligence-siri-ai-and-more/

Stanford Medicine pilot finds safe use of AI in clinical summaries

(DigWatch) A Stanford Medicine pilot study has found that an AI-powered tool can help doctors prepare hospital discharge summaries while easing cognitive burden and reducing reported burnout. The in-house system, known as MedAgentBrief, was designed to condense complex patient histories into draft discharge summaries for physician review. Discharge summaries are essential for continuity of care, but can be time-consuming because doctors must summarise days or weeks of clinical information for outpatient providers. – https://med.stanford.edu/news/all-news/2026/06/ai-discharge-summary.html