Governance, Regulation, and Legislation
Community Notes Alone Won’t Beat Disinformation: Why Fact-Checkers Are Essential
(Stephan Mündges – Tech Policy Press) When Meta founder and CEO Mark Zuckerberg infamously announced that his company would be ditching professional fact-checking in favor of X-style community notes in the US, many were wondering: Is this a good idea? The data (as so far it is available) paints a clear picture: it is not. In a post on Threads, Meta’s chief information security officer said that 900 Community Notes became visible in the first six months of its rollout in the US, a figure that looks even less impressive when you realize that, over a similar period, Meta put fact-checking labels on around 35 million Facebook posts in the European Union alone. Meta’s announcement is part of a broader shift in corporate priorities following the 2024 US election: Several influential platforms have unsubscribed from key fact-checking commitments under the EU Code of Conduct on Disinformation; Google has divested significantly from the information integrity ecosystem in Europe; the prevalence of misinformation is high on most platforms. The backtracking of Big Tech coincides with unfounded attacks from the US against the information integrity community in Europe. While the US government cracks down on free speech at home, they are using freedom of speech as a pretext to try to dismantle European legislation and to delegitimize the work of fact-checkers and watchdog groups. – https://www.techpolicy.press/community-notes-alone-wont-beat-disinformation-why-factcheckers-are-essential/
Wyoming’s GRANITE Act Hints at Global Speech Battle to Come
(Matthew Allaire – Tech Policy Press) For over two decades, American platforms effectively wrote and enforced the rules of the global internet. Companies such as Meta and Google built content moderation systems that became de facto global standards, and the rest of the world adapted. Now that dynamic is coming to an end. The European Union’s Digital Services Act and the United Kingdom’s Online Safety Act are now asserting regulatory authority over American platforms and their European users. The European Commission has opened proceedings against TikTok and Meta and issued a €120 million fine against X. Ofcom has launched investigations into dozens of platforms. This time, Washington has responded with force. United States Secretary of State Marco Rubio imposed visa bans on former EU Commissioner Thierry Breton and four other Europeans he accused of participating in a “global censorship-industrial complex.” The State Department has stood up freedom.gov to route Europeans around content their own governments have blocked. In Congress, the Republican-led House Judiciary Committee released a report arguing that European digital regulations are tantamount to censorship laws. Sen. Eric Schmitt (R-Mo.) has announced he is drafting federal legislation to “to protect American speech from foreign subversion.”. State legislators in Wyoming soon hope to add a legal instrument of their own. A bill recently passed by the Wyoming House of Representatives seeks to deter foreign regulators from targeting US platforms through the courts. The idea for the Guaranteeing Rights Against Novel International Tyranny and Extortion, or GRANITE, Act emerged from litigation between the UK’s Ofcom and 4chan, when the plaintiffs identified what they believe is a gap in American law: that foreign regulators could levy massive fines against US websites while remaining legally untouchable in American courts. – https://www.techpolicy.press/wyomings-granite-act-hints-at-global-speech-battle-to-come/
The Governance Gap That Moltbook Reveals and OpenAI Just Made Urgent
(Michelle De Mooy – Tech Policy Press) When Matt Schlicht instructed his AI agent to create a social network for other AI agents, the result, Moltbook, was initially treated as a novelty. But by late February, more than 2.8 million AI agents had signed up and begun posting about Star Trek, debating morality and developing a religion called “Crustafarianism.”. Amid media coverage that has largely framed Moltbook as either a curiosity or as a human-driven puppet show, Jing Wang’s recent analysis of the platform cut through the noise. TLDR: Moltbook is largely humans operating at a massive scale through AI proxies. Agents exhibit what Wang calls “profound individual inertia,” meaning their behavior is driven by initial prompts and underlying models, not by genuine adaptation to social interaction and feedback. As she notes, ninety-three percent of posts receive no response, there’s no shared social memory, and the 88:1 ratio of agents to human owners tells a different story than the “AI-only society” narrative. This analysis is correct, but it misses a more important issue. Even without genuine emergent coordination, Moltbook is already producing measurable harms. It exposes a governance blind spot that extends far beyond a single platform. – https://www.techpolicy.press/the-governance-gap-that-moltbook-reveals-and-openai-just-made-urgent/
How Collaboration Can Enable Action on AI and Mental Health
(Claire Leibowicz, Emily Saltz – Tech Policy Pressw) On any given day, millions of people are having intimate conversations with AI chatbots. Some are asking for recipes or travel itineraries. But others are sharing something more vulnerable: struggles with loneliness, thoughts of suicide, fears they may not have voiced to anybody else. For some people, a chatbot may be their main, or only, source of mental health support. This is largely happening without the transparent safety frameworks or clinical validation that are central to person-to-person therapeutic interactions, or even a full understanding of how these systems work in the first place. The global mental health crisis is acute. Amidst this distinctly human crisis, it’s ironic, but not surprising, that many are turning to AI for support. In the US alone, the National Institute of Mental Health estimates that more than one in five adults live with a mental illness. Yet the care they need is often inaccessible — whether due to cost, stigma, inconsistent quality or provider shortages. – https://www.techpolicy.press/how-collaboration-can-enable-action-on-ai-and-mental-health/
Geostrategies
Western allies form 6G security coalition amid tech rivalry with China
(Alexander Martin – The Record) A group of Western and Indo-Pacific nations launched a coalition on Tuesday aimed at shaping the security foundations of next-generation 6G mobile networks, as China accelerates its own research and investment in the technology. ùThe Global Coalition on Telecoms (GCOT) — comprising the United Kingdom, United States, Canada, Japan and Australia, with Sweden and Finland joining at the launch — unveiled voluntary security and resilience principles for the technology at the Mobile World Congress trade show in Barcelona. Drawing on lessons from the global rollout of 5G, the non-binding principles aim to ensure that future 6G networks are “secure by design” and resilient from the outset rather than retrofitted with protections later. – https://therecord.media/western-allies-form-6g-security-coalition
Security and Surveillance
Iranian drone strikes hit Amazon data centers in Gulf, disrupting cloud services
(Daryna Antoniuk – The Record) Iranian drone strikes hit three Amazon data centre facilities in the UAE and Bahrain this week, disrupting cloud services across parts of the Middle East as regional tensions escalate. Amazon said two data centers in the UAE were “directly struck” by drones, while a facility in Bahrain sustained damage from what it described as “a drone strike in close proximity.” The company confirmed roughly 60 Amazon Web Services (AWS) services in the region were disrupted, affecting web traffic and cloud-dependent businesses. The attacks came as Iran launched strikes against the UAE and other neighboring countries following a major assault by U.S. and Israeli forces that killed Iranian Supreme Leader Ayatollah Ali Khamenei and several senior Iranian officials over the weekend. According to the reports, Iran’s response extended beyond U.S. military bases to airports, hotels, and key oil and gas infrastructure – https://therecord.media/google-urges-supreme-court-strike-down-geolocation-warrants
Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App
(Alessandro Mascellino – Infosecurity Magazine) A new mobile espionage campaign exploiting civilian fears during the ongoing Israel-Iran conflict has been identified, with attackers distributing a trojanized version of Israel’s official Red Alert rocket warning app through SMS phishing. The malicious operation, discovered by CloudSEK and dubbed RedAlert, bypasses the Google Play Store and instead lures victims into sideloading a fake update that closely imitates the legitimate application from the Israel Defense Forces Home Front Command. The fraudulent app mimics the authentic interface and continues to deliver real rocket alerts, while a surveillance payload runs in the background. – https://www.infosecurity-magazine.com/news/redalert-israel-spyware-campaign/
AI and Deepfakes Supercharge Sophisticated Cyber-Attacks, Says Cloudflare
(Danny Palmer – Infosecurity Magazine) Easy access to large language models (LLMs) and other AI tools has significantly lowered the barrier to entry for cybercriminals to conduct effective cyber-attacks rapidly and at scale, a new threat intelligence report by Cloudflare has warned. The 2026 Cloudflare Threat Report draws on research and analysis by the company’s Cloudforce One threat research team and details how AI has become a “force multiplier” for cybercriminals, lowering the effort required to carry out campaigns, while also making those campaigns more impactful. “An actor who previously lacked the skills to craft a convincing phishing email or write custom malware can now leverage an LLM to generate them rapidly and at scale, significantly lowering the barrier to entry for highly effective operations,” said Cloudflare. – https://www.infosecurity-magazine.com/news/ai-deepfakes-supercharge/
Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion
(Alessandro Mascellino – Infosecurity Magazine) A newly obtained database from Iranian cryptocurrency exchange Ariomex suggests the platform may have played a role in sanctions evasion and large-scale capital transfers linked to actors inside the country. The findings, published by Resecurity on Monday, are based on an analysis of internal records covering 2022 to 2025. The data leak comes amid increased scrutiny of Iran’s financial system and its growing reliance on digital assets. In January 2026, the Central Bank of Iran reportedly acquired about $507m worth of Tether’s USDT, a move analysts believe was aimed at stabilising the national currency. Earlier measures by the US Treasury Department targeted two crypto exchanges accused of facilitating transactions for the Islamic Revolutionary Guard Corps (IRGC). – https://www.infosecurity-magazine.com/news/iranian-crypto-leaked-database/
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks
(Phil Muncaster – Infosecurity Magazine) Security experts have claimed that the blast radius of third-party data breach incidents is far larger than at first thought, with more than 433 million individuals impacted by 136 events last year. Black Kite compiled its seventh annual Third-Party Breach Report from analysis of verified public breach disclosures in 2025, external cyber risk telemetry and supply chain intelligence. It said 136 verified breaches had 5.28 publicly named downstream victims per vendor, amounting to 719 companies and 433 million individual end customers. – https://www.infosecurity-magazine.com/news/shadow-layer-organizations-supply/
Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign
(Kevin Poireault – Infosecurity Magazine) An Iran-nexus cyber threat actor has been targeting government officials in Iraq by impersonating Iraq’s Ministry of Foreign Affairs, with the use of AI tools. Government–related infrastructure in Iraq was compromised and used to host malicious payloads distributed as part of this campaign. The campaign was detected in January 2026 by Zscaler ThreatLabz, which track the threat actor as Dust Specter and have attributed it to Iran “with medium to high confidence.”. ThreatLabz discovered the use of previously undocumented malware in this campaign, including Split Drop, TwinTask, TwinTalk and GhostForm. The researchers also observed several fingerprints in the codebase indicating that Dust Specter leveraged generative AI for malware development. – https://www.infosecurity-magazine.com/news/iran-cyber-threat-actor-iraq/
Oracle EBS 2025 campaign impacts Madison Square Garden, sensitive data leaked
(Pierluigi Paganini – Security Affairs) Madison Square Garden (MSG) has confirmed it was affected by a data breach linked to the 2025 cybercrime campaign targeting Oracle’s E-Business Suite (EBS) customers. Madison Square Garden (MSG) is a world-famous multi-purpose indoor arena located in New York City, USA. It hosts sports events, concerts, and entertainment shows. MSG is home to the New York Knicks (NBA) and New York Rangers (NHL) and is renowned for its history, iconic location, and large-scale live events. The incident, disclosed months after the initial attacks, places the company among numerous organizations compromised in the large-scale hacking operation exploiting Oracle EBS environments. – https://securityaffairs.com/188814/cyber-crime/oracle-ebs-2025-campaign-impacts-madison-square-garden-sensitive-data-leaked.html
Phishing campaign exploits OAuth redirection to bypass defenses
(Pierluigi Paganini – Security Affairs) Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects victims to attacker-controlled infrastructure, making it an identity-based threat rather than a traditional exploit. “Microsoft Defender researchers uncovered phishing campaigns that exploit legitimate OAuth protocol functionality to manipulate URL redirection and bypass conventional phishing defenses across email and browsers.” reads the advisory. “During the investigation, several malicious OAuth applications were identified and removed to mitigate the threat.”. OAuth lets identity providers redirect users to specific pages in defined flows, such as error handling. Attackers abuse this feature by crafting URLs with trusted services like Entra ID or Google Workspace, manipulating parameters or rogue apps to send users to attacker-controlled pages. The links look legitimate but lead to malicious sites. – https://securityaffairs.com/188829/hacking/phishing-campaign-exploits-oauth-redirection-to-bypass-defenses.html
Non-human identities gain importance in cloud and AI security
(DigWatch) As organisations expand across cloud environments, non-human identities are becoming a critical component of modern cybersecurity strategies. Managing machine identities and their associated secrets is increasingly central to reducing risk and improving AI-driven threat detection. As digital infrastructure grows, machine identities function as secure access credentials for applications, services, and automated processes. Effective governance can reduce vulnerabilities, improve compliance, and streamline operations across sectors such as finance and healthcare. – https://dig.watch/updates/non-human-identities-cloud-security
Frontiers and Markets
Deutsche Telekom and Nokia advance open and AI-native RAN
(DigWatch) Nokia and Deutsche Telekom have expanded their collaboration to advance cloud-based, disaggregated, and AI-native RAN technologies. The strengthened Innovation Cooperation Program deepens joint work in Cloud RAN, open interfaces, and next-generation solutions. The partnership builds on years of cooperation focused on open and flexible architectures. Both companies said the expanded effort aims to improve network efficiency, programmability, and long-term operational value for service providers. – https://dig.watch/updates/nokia-deutsche-telekom-ai-native-ran