Governance, Regulation, Legislation, Geostrategies

Europe Means Business on Cloud and AI Sovereignty

(Joseph Jarnecki – RUSI) On 3 June, the European Commission presented its European Technological Sovereignty Package, a highly anticipated set of measures billed as a generational effort to address Europe’s reliance on foreign technology. The package answers the 2024 Draghi Report which called for a reduction in foreign dependence and increased competitiveness to achieve European prosperity and security in a digital age. The Commission’s tech sovereignty package consists of four instruments: two pieces of legislation – the Cloud and AI Development Act (CADA) and the Chips Act 2.0 – and two strategic documents, the Open Source Strategy and Strategic Roadmap for Digitalisation and AI in Energy. Altogether, an ambitious set of proposals. If enacted, the package will reshape how Europe builds, buys and trusts its digital infrastructure. How far it goes will be decided in the negotiations ahead, at the European Parliament and among member states. – https://www.rusi.org/explore-our-research/publications/commentary/europe-means-business-cloud-and-ai-sovereignty

ENISA finds Cyber Resilience Act driving SBOM adoption across industries

(DigWatch) The European Union Agency for Cybersecurity (ENISA) has published a report on Software Bill of Materials (SBOM) adoption, finding that the Cyber Resilience Act (CRA) is accelerating investment in software supply chain transparency across organisations. The report, titled ‘SBOM Adoption State of Play – 2026‘, analyses survey results gathered at the end of 2025. The survey examined how organisations of different sizes and across multiple sectors are approaching SBOM adoption in response to the Cyber Resilience Act. ENISA said the regulation is transforming SBOMs from a voluntary software supply chain security practice into a mandatory requirement for products with digital elements placed on the EU market. – https://www.enisa.europa.eu/publications/sbom-adoption-state-of-play-2026

Poland signals progress on AI gigafactories and digital services tax

(DigWatch) According to the Polish Press Agency, negotiations between the European Commission and EU member states on the development of AI gigafactories could conclude in June. The planned facilities are expected to be financed through the EU’s €20 billion InvestAI fund. – https://www.polskieradio.pl/395/7786/Artykul/3696312,eu-ai-gigafactory-negotiations-may-conclude-in-june-polish-official-says

UK launches AI sandbox to improve medicine safety and drug development

(DigWatch) The UK will launch an AI sandbox to test how AI can improve medicine safety and support drug development. The Medicines and Healthcare products Regulatory Agency will establish the AI sandbox with support from the government’s Regulatory Innovation Office. The programme will examine how AI tools could help assess medicine safety, predict potential risks and identify effects that existing approaches may overlook. According to the government, adverse drug reactions result in around 250,000 hospital admissions each year in the UK and cost the NHS more than £2 billion annually. – https://www.gov.uk/government/news/mhra-launches-ai-sandbox-to-accelerate-medicines-development-and-improve-safety

New York moves to curb undisclosed news scraping by AI bots

(DigWatch) New York lawmakers have passed legislation aimed at restricting ‘stealth crawlers’, automated bots that access and scrape content from news websites without identifying themselves. If signed by Governor Kathy Hochul, New York would become the first US state to impose such transparency requirements. The bill would require companies operating such bots to identify themselves when accessing the websites of news organisations. It would also prohibit activity that damages, impairs or places undue burdens on news websites, or otherwise causes economic harm to publishers. – https://dig.watch/updates/new-york-moves-to-curb-undisclosed-news-scraping-by-ai-bots

Security and surveillance

Interpol Dismantles SniperDz Phishing-as-a-Service Platform

(Kevin Poireault – Infosecurity Magazine) Cybersecurity firm Group-IB has revealed that a recent Interpol-led cybercrime law enforcement operation has led to the takedown of an established phishing-as-a-service (PhaaS) platform and the arrest of its main operator developer. The crackdown, dubbed Operation Ramz, ran from October 2025 to February 2026 across 13 countries in the Middle East and North Africa (MENA) region. The results, announced by Interpol at the end of May, included 201 arrests, 53 servers seized and 382 suspects and 3867 victims identified. A further set of almost 8000 pieces of data and intelligence was also disseminated among participating countries to initiate and support future investigations. On June 11, Group-IB, one Interpol’s main partners for this effort, revealed that the operation led to the takedown of SniperDz and the arrest of its primary developer in Algeria. – https://www.infosecurity-magazine.com/news/interpol-dismantles-sniperdz/

Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware

(Alessandro Mascellino – Infosecurity Magazine) Threat actors have been disguising malware as AI study guides and developer resources to trick professionals into running a multi-stage attack that ends in the AsyncRAT trojan. New analysis from Fortinet’s FortiGuard Labs described booby-trapped files with names like “AI-Ready PostgreSQL 18” and a fake guide to agentic coding with Claude Code, all aimed at people hunting for AI learning material. The campaign hits Windows users at any organization, the researchers said, and runs entirely through trusted system tools to stay hidden. – https://www.infosecurity-magazine.com/news/fake-ai-guides-dev-tools-spread/

Most Cybersecurity Teams Struggle to Find Time for Training on New Cyber Threats

(Danny Palmer – Infosecurity Magazine) Many cybersecurity teams are struggling to keep up with emerging technologies and the challenges around securing their organizations against them because they don’t have the time to undertake the necessary training, a new study has warned. The research, published by ISC2, asked nearly 1000 cybersecurity leaders from large enterprises around the world how their organization approach cybersecurity team training. Nearly three-quarters of respondents (73%) said their organization’s security training budget has increased over the past year, as businesses react to the emergence of new technologies and cybersecurity challenges that accompany them. One of the most encountered new challenges is the rise of AI: almost half of respondents (47%) said that AI is the most pressing skill their organization is addressing or planning to address through training. – https://www.infosecurity-magazine.com/news/cybersecurity-training-time/

Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims

(Phil Muncaster – Infosecurity Magazine) Insurance experts have urged organizations to reduce their exposure to extortion-only attacks and better manage the consequences when they occur, after revealing a surge in this category of threats. Insurer Resilience said in a new report that 65% of extortion-related claims it handled in the second half of 2025 did not involve data encryption. That’s up from 49% in the first half of the year. By the end of 2025, only 13% of attacks relied on encryption alone, while data theft – on its own or combined with encryption – accounted for 87% of ransomware claims, it noted. The report also revealed that 30-40% of policyholders that paid to suppress data being leaked, sold or shared failed in that goal. – https://www.infosecurity-magazine.com/news/extortion-only-attacks-surge/

New “Agentjacking” Attacks Could Hijack AI Coding Agents

(Phil Muncaster – Infosecurity Magazine) Researchers have revealed what they claim to be a “new class of attack” which tricks AI coding agents into executing arbitrary code on developer machines. Tenet Security, which specializes in the security of autonomous AI agent, said that “agentjacking” attacks exploit an architectural flaw in the Sentry app performance monitoring and error tracking tool, which is popular with developers. By using the techniques described in the Tenet report, an attacker would inject malicious commands into Sentry error events which are impossible to distinguish from the tool’s own remediation guidance. AI coding agents would then read and execute these instructions, in a way similar to an indirect prompt injection attack. – https://www.infosecurity-magazine.com/news/agentjacking-attacks-hijack-ai/

JDY Botnet Evolves After KV Takedown, Targets Military Networks

(Pierluigi Paganini – Security Affairs) Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The network was first spotted in late 2023 as a cluster inside KV-botnet. The U.S. government took down the KV cluster in early 2024. JDY kept running. “The JDY botnet comprises over 1,500 small office and home office (SOHO) and Internet of Things (IoT) devices. It operates as a centrally controlled, high-performance scanner used to discover, fingerprint and continuously map exposed services at scale.” reads the report published by Lumen. “The IoT-based malware affects a wider array of devices and feeds structured reconnaissance data into a larger scanning ecosystem for subsequent triage, target identification and exploitation.”. That’s more than double the roughly 650 bots recorded at JDY’s lowest point in January 2024. The device list has diversified too: where the old botnet ran almost exclusively on Cisco RV320 and RV325 routers, today’s JDY pulls in hardware from Araknis, Mimosa Networks, Ubiquiti, Draytek, Hikvision, and Linksys. More manufacturers, more architectures, more coverage. – https://securityaffairs.com/193490/malware/jdy-botnet-evolves-after-kv-takedown-targets-military-networks.html

New NIST study reveals inherent weaknesses in AI defences

(DigWatch) A new study by a researcher at the US National Institute of Standards and Technology suggests that fixed AI guardrails cannot provide complete protection against adaptive adversarial prompts. The paper, published in IEEE Security & Privacy by NIST senior scientist Apostol Vassilev, uses logic linked to Kurt Gödel’s incompleteness theorems to argue that a finite set of AI safety rules cannot be universally robust against every possible prompt-based attack. – https://www.nist.gov/news-events/news/2026/06/nist-mathematical-proof-supports-transition-continuous-monitor-and-update

MIT study warns of AI reliance in news verification

(DigWatch) A new MIT Media Lab study suggests that using AI to verify news can improve short-term accuracy but may not help users build lasting skills to detect misinformation. The month-long study followed 67 participants as they assessed news headlines and image pairs. Participants were 21% more accurate at detecting false information when assisted by an AI chatbot during a session. However, their unassisted performance on new news items declined by 15 percentage points by the fourth week compared with before the study began. – https://news.mit.edu/2026/consequences-of-relying-on-ai-for-accurate-news-0609

Cyberattack shuts down major Australian sugar mills, disrupting harvest

(Daryna Antoniuk – The Record) A cyberattack has disrupted sugar production in one of Australia’s largest cane-growing regions, forcing two major sugar mills to shut down and bringing harvesting operations to a halt. Mackay Sugar, Australia’s second-largest sugar producer, said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate the attack and restore its systems safely. The incident forced the shutdown of the company’s Farleigh and Racecourse mills in Queensland’s Mackay region, prompting growers to immediately stop harvesting sugarcane until further notice, according to local media reports. – https://therecord.media/cyberattack-shuts-down-major-australian-sugar-producer

Fake Software Tutorials on TikTok Spread Vidar Stealer

(Alessandro Mascellino – Infosecurity Magazine) Threat actors have been using short-form videos on TikTok and Instagram Reels to push the Vidar infostealer, disguising the attacks as tutorials for unlocking premium software for free. New analysis from ReversingLabs describes two campaigns that game the platforms’ recommendation algorithms to reach large audiences, both funneling viewers to sites peddling fake free software such as Spotify Premium. Vidar is a long-running infostealer sold as a service for a $300 lifetime license, harvesting credentials, financial data and authentication tokens. A refresh last October made it stealthier. The clips racked up real traction, with one tutorial drawing more than 100,000 views. – https://www.infosecurity-magazine.com/news/fake-software-videos-tiktok-vidar/

New SilabRAT Trojan Hijacks Sessions to Steal Crypto

(Alessandro Mascellino – Infosecurity Magazine) A new remote access trojan sold on dark web forums has been built to drain cryptocurrency, hijacking victims’ logged-in sessions to slip past passwords and multi-factor checks. Dubbed SilabRAT, the malware has been detailed in new analysis from Group-IB, which found it advertised since late 2025 as a malware-as-a-service (MaaS) offering at $5000 a month. Its developer, a Russian-speaking actor known as o1oo1, also sells a code-obfuscation tool called AsmCrypt and discounts buyers who take both. Buyers run their own campaigns, often spreading SilabRAT through email spam and ClickFix lures, and antivirus tools frequently log it as the HijackLoader packer rather than the payload. One operator claimed more than 90% of infected machines stayed online across a month-long campaign. – https://www.infosecurity-magazine.com/news/silabrat-trojan-session-hijacking/

Cybersecurity Software Fails to Detect Fifth of Brower-Based Phishing Attacks

(Danny Palmer – Infosecurity Magazine) Cybersecurity software regularly fails to detect and prevent the cyber-attacks they are designed to protect organizations from, especially within the bowser layer, research by Menlo Security has warned. Published on June 9, Menlo Security’s 2026 Browser Threat Report found that one in five phishing attacks which target the enterprise browser users go completely undetected by the tools which are supposed to protect the network and its users from attacks. Based on platform telemetry across millions of active browser sessions in enterprise customer environments between January 1 and March 31 2026, the research warned that threat actors are gaining entry to enterprise environments through the browser session layer. – https://www.infosecurity-magazine.com/news/cybersecurity-fails-to-detect/

Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data Shows

(Phil Muncaster – Infosecurity Magazine) Identity crime experts have warned of “multi-layered crises” after revealing that many victims dealt with two or more incidents over the past year. The findings come from US non-profit the Identity Theft Resource Center (ITRC), which analyzed data from over 6000 reports submitted to it between April 1 2025 and March 31 2026. Its 2026 Trends in Identity Report revealed that nearly 26% of victims managed two or more concurrent identity crime incidents, up from 24% the previous year. – https://www.infosecurity-magazine.com/news/quarter-identity-crime-victims/

Shadow AI is Exposing the Same Governance Failures Cybersecurity Teams Have Ignored For Years

(Valerie Arko-Adjei – Infosecurity Magazine) AI adoption is accelerating in the workplace, and organizations are rushing to implement AI governance policies. ChatGPT, Microsoft Copilot, and Claude are among the common tools employees use to summarize meetings, draft reports and emails, and speed up decision-making. The point of concern is whether employees are using these tools faster than security teams can establish oversight controls. The cybersecurity concern is valid. Proprietary and sensitive data is being uploaded to external, unauthorized AI tools, which can have detrimental effects, including financial and reputational damage. – https://www.infosecurity-magazine.com/opinions/shadow-ai-is-exposing-governance/

Frontiers

Anthropic launches Claude Fable 5 with advanced safety safeguards

(DigWatch) Anthropic has launched Claude Fable 5, a new general-purpose AI model, alongside Claude Mythos 5, a more capable version reserved for selected cyber defence and infrastructure partners.The company described Fable 5 as its most capable generally available model to date, with strong performance across software engineering, knowledge work, vision and scientific research. Anthropic said the model’s advanced capabilities pose misuse risks, particularly in cybersecurity and research biology. – https://www.anthropic.com/news/claude-fable-5-mythos-5