Governance/Regulation/Legislation
IAPP Global Summit session examines AI, privacy, and the courts with US federal judges
(DigWatch) US District Court for the District of Columbia Chief Judge James Boasberg and US District Court for the District of Massachusetts Judge Allison Burroughs discussed AI, privacy, and the courts during the IAPP Global Summit 2026 in Washington, D.C. The IAPP report said Burroughs pointed to the gap between older legal protections and newer technologies, including debates over how surveillance rules apply to cell-tower data. Burroughs said existing laws and constitutional protections are ‘not keeping up, never have kept up and never will keep up’ with the speed of innovation. Burroughs commented: ‘The gap is getting bigger for two reasons. One is that there’s so much more data stored electronically that if you even search for someone’s laptop, you’re going to get more data now than you used to get, and the other one is that there is so much more technology, there are just so many ways of gaining access to data.’ – https://dig.watch/updates/iapp-global-summit-ai-privacy-courts
OpenAI presents policy proposals addressing AI’s economic and labour impacts
(DigWatch) Policy proposals advanced by OpenAI outline a vision of economic restructuring in response to the growing influence of AI. Framed within an emerging ‘intelligence age‘, the approach reflects concerns that AI-driven productivity gains may concentrate wealth while undermining traditional labour-based economic models. The proposals, therefore, attempt to reconcile market-led innovation with mechanisms aimed at broader distribution of economic benefits. – https://dig.watch/updates/openai-proposals-highlight-ai-impact-on-jobs-wealth-and-taxation
Geostrategies
South Korea-France partnership reshapes AI and technology cooperation strategy
(DigWatch) The recent state visit between South Korea and France signals a deepening of bilateral cooperation that extends beyond diplomacy into long-term technological and cultural alignment. Agreements endorsed by President Lee Jae-myung and President Emmanuel Macron reflect a coordinated effort to strengthen shared capabilities in emerging sectors, while reinforcing institutional ties across research, education, and industry. – https://dig.watch/updates/south-korea-france-partnership-reshapes-ai-and-technology-cooperation-strategy
Security and Surveillance
Major outage cripples Russian banking apps and metro payments nationwide
(Pierluigi Paganini – Security Affairs) A widespread outage disrupted banking apps and payment systems across Russia, leaving customers unable to pay by card, withdraw cash, or access mobile banking for hours. According to The Record Media, the incident affected major banks, including Sberbank, VTB, Alfa-Bank, T-Bank, and Gazprombank, and impacted multiple regions, including Moscow. “The combined client base of VTB , Sberbank, T-Bank , and Alfa-Bank amounts to tens of millions of people across the country. Apparently, the scale of the outage is colossal and affects most regions of Russia. Complaints number in the thousands.” reported the Russian website CNews. “For example, in just one hour, more than 3,300 complaints were filed about a Sberbank outage. Over the past 12 hours, 35% of complaints came from Moscow, 8% each from St. Petersburg and the Sverdlovsk region , and 7% and 5% from the Novosibirsk and Chelyabinsk regions .” – https://securityaffairs.com/190464/security/major-outage-cripples-russian-banking-apps-and-metro-payments-nationwide.html
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa
(Pierluigi Paganini – Security Affairs) China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment, sometimes within 24 hours. The financially motivated group mainly targets sectors such as healthcare, education, finance, and services across the US, UK, and Australia. The attackers often chain exploits, create new accounts for persistence, move laterally using remote tools, steal credentials, and weaken security defenses. Their speed and focus on unpatched systems make them highly effective. Microsoft researchers report that Storm-1175 quickly exploits newly disclosed flaws in web-facing systems to gain access. Since 2023, the group has targeted many platforms, including Microsoft Exchange, Ivanti, ConnectWise, JetBrains, and others. It often weaponizes vulnerabilities within days, or even one day, before organizations apply patches. – https://securityaffairs.com/190440/cyber-crime/fast-moving-storm-1175-uses-new-exploits-to-breach-networks-and-drop-medusa.html
GPUBreach exploit uses GPU memory bit-flips to achieve full system takeover
(Pierluigi Paganini – Security Affairs) New research shows that attacks like GPUBreach exploit RowHammer bit-flips in GPU memory (GDDR6) to go beyond data corruption. Attackers can use this technique to escalate privileges and, in some cases, gain full control of the system. Unlike earlier GPUHammer methods, this approach proves that GPU memory faults can directly impact CPU-level security, making the threat more serious. “GPUBreach shows that GPU Rowhammer attacks can move beyond data corruption to real privilege escalation. By corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary GPU memory read/write, and then chain that capability into CPU-side escalation by exploiting newly discovered memory-safety bugs in the NVIDIA driver.” reads the post published by the experts. “The result is system-wide compromise up to a root shell, without disabling IOMMU, unlike contemporary works, making GPUBreach a more potent threat.” – https://securityaffairs.com/190455/security/gpubreach-exploit-uses-gpu-memory-bit-flips-to-achieve-full-system-takeover.html
U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog
(Pierluigi Paganini – Security Affairs) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Fortinet FortiClient EMS, tracked as CVE-2026-35616 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet released out-of-band patches for a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS 9.1), which is already being exploited in attacks in the wild. The flaw is an improper access control issue that allows attackers to bypass authentication through an API and escalate privileges, posing a serious risk to affected systems. “An Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.” reads the advisory published by Fortinet. “Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6” – https://securityaffairs.com/190425/security/u-s-cisa-adds-a-flaw-in-fortinet-forticlient-ems-to-its-known-exploited-vulnerabilities-catalog.html
Experts published unpatched Windows zero-day BlueHammer
(Pierluigi Paganini – Security Affairs) A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer reports. The researcher privately reported the vulnerability to Microsoft but criticized the way the Microsoft’s Security Response Center (MSRC) managed the disclosure process. On April 3rd, the expert published the BlueHammer exploit on GitHub under the alias Nightmare-Eclipse. Microsoft hasn’t released a patch, so the flaw qualifies as a zero-day and leaves Windows systems open to potential attacks. “I’m just really wondering what was the math behind their decision, like you knew this was going to happen and you still did whatever you did ? Are they serious ?” reads the description published in the Github repository hosting the BlueHammer vulnerability. – https://securityaffairs.com/190400/breaking-news/experts-published-unpatched-windows-zero-day-bluehammer.html
ENISA conference in Cyprus to focus on EU cybersecurity certification
(DigWatch) The European Union Agency for Cybersecurity (ENISA) is holding the 2026 European Cybersecurity Certification Conference in Ayia Napa, Cyprus, with support from the Cyprus Presidency of the Council of the EU and the European Commission. The agency says the conference will address the evolution of the EU cybersecurity certification, updates on certification schemes for the European Digital Identity Wallet and managed security services, exchange across the European cybersecurity ecosystem, and interplays with the Cyber Resilience Act, the Cyber Solidarity Act, and NIS 2. – https://dig.watch/updates/enisa-cyprus-eu-cybersecurity-conference
Frontiers
CNN develops agent infrastructure for AI media trading
(DigWatch) CNN is developing an internal agent infrastructure as part of a plan to begin AI-driven media trading by early 2027. The company aims to complete protocol scoping by the end of the second quarter before moving into testing phases later in the year. Testing will focus on how properties are interpreted by large language models and how buyers allocate budgets to agent-based systems. Executives say the timeline may change as the technology and market conditions continue to evolve. The initiative combines in-house development with external technology partners, while aligning with industry frameworks to ensure compatibility. CNN is also working with standards bodies to ensure agent communication produces accurate outcomes for buyers. – https://dig.watch/updates/cnn-develops-agent-infrastructure-for-ai-media-trading
MIT study finds steady AI growth reshapes work
(DigWatch) A new study from the Massachusetts Institute of Technology (MIT) Computer Science and Artificial Intelligence Laboratory finds that AI is reshaping work through steady, broad-based improvements rather than sudden technological jumps. Researchers describe this pattern as a ‘rising tide,’ in which capability gains emerge across many tasks simultaneously. The analysis draws on more than 17,000 worker evaluations covering over 3,000 text-based tasks from US labour classifications. Findings show limited evidence of abrupt ‘crashing wave’ breakthroughs in which AI suddenly masters specific job areas – https://dig.watch/updates/mit-study-finds-steady-ai-growth-reshapes-work
Anthropic scales AI compute to meet rising global demand
(DigWatch) AI company Anthropic has announced a major expansion of its compute infrastructure through a new partnership with Google and Broadcom, securing multiple gigawatts of next-generation TPU capacity expected to come online from 2027. The increased compute supply is intended to support its frontier Claude models and meet rapidly growing global demand. – https://dig.watch/updates/anthropic-ai-compute-to-meet-rising-global-demand