Canadian Cyber News Rewire - 04/07/26
Wiring you into the cyber news relevant to Canada the week ending July 4
Feature your business in Canadian Cyber in Context through sponsorship or advertising.
Canadian Cyber in Context Updates
The Canadian Cyber News Rewire is a survey of Canadian cyber and adjacent news stories from this past week (or recently). Questions or business inquiries: info@cyberincontext.ca
Canada has a new Defence Digital Strategy. Read about it here.
In case you missed it last week, Canada quietly released a Defence Digital Strategy.
In May, I was part of a panel on the role of digital sovereignty and securing critical infrastructure in NATO. You can watch the full panel here.
I have two new articles out with the Canadian Global Affairs Institute:
Canadian News
CSE Releases its Annual Report 2025-2026
CSE is increasingly being allowed to target criminal groups and be public about it, but continues to be quiet about cyberattacks against adversary states because the cabinet is highly ignorant and refuses to disclose what the government is facing and how it is responding.
This isn’t anything new, but provides additional details on previous US leaks about Russian groups attacking critical infrastructure in Canada.
More from Bill: CSE is looking to expand its headquarters
Canadian Armed Forces conduct Operation NANOOK-TAKUNIQ to strengthen Arctic awareness
Operation NANOOK-TAKUNIQ focuses on land-based awareness and surveillance in remote and austere environments. Much of this focuses on traditional awareness and surveillance activities; the CAF are increasingly integrating and testing more advanced technologies during these operations, which are not usually widely discussed.
Opinion | Google search has become terrible. Luckily, that presents an opportunity
Op-ed by Vass Bednar, the executive director of the Canadian Shield Institute.
Interview: Shopify CISO Andrew Dunbar on Securing an E-Commerce Giant Against Cyber Threats
Interview with CISO of Shopify, which is one of Canada’s large tech companies.
A lot of big moves of late in quantum. Canada is a leader in quantum technology, and there is currently a boom, with strong government support and a healthy innovation ecosystem.
Op-ed: Canada is building sovereign AI—now it needs to secure it
Similar article that I wrote previously, essentially saying that we need to contend with AI as a new attack vector that needs to be defended and to be developed with secure coding practices.
Chair of Toronto Police Service Board falls for one of the most common, well known online scams.
Canadians can once again access Anthropic’s Fable after US lifts ban
Export controls have been lifted, but the warning has been sent and all countries are making adjustments.
Minister Evan Solomon on Canada’s AI strategy, sovereignty, and social media
An article covering Betakit’s Podcast interview with Minister Evan Solomon, Canada’s Minister of AI and Digital Innovation.
Nearly half of Canadian businesses stuck in AI pilots without meaningful ROI
This should not be a surprise to anyone. Especially in light of rising costs, AI for the sake of AI does not produce any benefits.
Cybercheck was hyped as a revolution in criminal detection. Many don’t buy it
An investigation into a company that’s selling allged snake oil under the guise of open source intelligence. Widely being used by law enforcement, but with dubious methodology that some worry is not true.
MDA receives big contract to continue RADARSAT, which is Canada’s third generation Earth observation satellite.
Alberta Major investment in new electricity generation: Joint statement
Alberta announces a $4.6 billion natural gas facility specifically to support Alberta’s “Bring Your Own Power” AI Data centre project.
British Columbia planning to modernize its Digital Services
BC announces efforts to reduce red tape and improve services, including a commitment to expand digital services as part of a digital modernization push.
Government of Canada launches Consultations for Privacy Act Modernization
The Privacy Act, which came into force in 1983, focuses on the protection of personal information held by federal institutions. It has never been substantially updated. Consultations are open until July 10. You can submit for consultations here.
The digital world is evolving rapidly. Can the Carney government’s safety plan keep up?
A brief overview of the government’s digital safety efforts. A little shallow as an article, but provides an overview.
Federal Government release Federal Science and Technology Expenditures and Personnel
New data is available from Statistics Canada about Federal Science and Technology Expenditures and Personnel.
OPINION: National defence and cybersecurity
An interview/conversation between Francois Guay of the Canadian Cybersecurity Network and Daniel Blanc of InCyber and Former CAFCYBERCOM Chief of Staff.
Parliamentary News & Upcoming Meetings
This section includes any House of Commons and Senate meetings that are relevant to Canadian cyber.
Parliament has begun its Summer break and will resume sitting on September 21.
Canada-Relevant News
As many issues don’t respect borders, this section is for stories that impact Canada, but may not be Canadian-sourced or focused, to differentiate from the previous section, which is 100% focused on Canada.
OpenAI voluntarily limits new AI models at government’s request
AI companies are increasingly allowing the US government to dictate its business model.
Class Action Lawsuit Accuses The Three Largest RAM Manufacturers Of Colluding To Drive Up Prices
Lawsuit claims that Samsung, SK Hynix, and Micron Technology (who own approximately 90% of the DRAM market) are collaborating as a cartel to inflate DRAM and chip prices.
This has been developing since 2020, but the massive boom of AI has made it so much worse and is intensifying. Even with current plans I would be hesitant to say there will be relief by 2028.
Microsoft is Accelerating its quantum-safe timeline
Microsoft announces it is accelerating its plans to become quantum-safe by 2029, in line with Five Eyes recommendations.
Huntress Responds to Insider Threat Accusations: These Recent Insider Threat Allegations
CEO states an investigation found a Huntress employee told a ransomware group that Huntress was contacted by law enforcement about said ransomware group, which is why there were allegations of insider threats. Unethical maybe, but not illegal and not an insider threat.
Companies Are Throttling Employees’ AI Use Because It’s Too Expensive
This has been a long time coming and is finally reaching its fever pitch.
The simple statement that they cannot trust heavy AI users to understand their code well enough to fix it is a good summary of why heavy AI use is dangerous.
Instagram running ads promoting child sexual abuse material in India, BBC finds
Meta regularly runs ads for drug dealers and now apparently for CSAM as well. Meta takes money from criminals often. It’s part of their business model.
Canadian Cyber Threat Intelligence
Any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.
Alert - AL26-015 - Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-45659
Alert - AL26-016 - Vulnerability impacting Citrix NetScaler CVE-2026-8451
FortiBleed: SOCRadar’s Investigation into 86,644 Compromised Fortinet Firewalls
RustDuck: An In-Depth Analysis of a Two-Stage Botnet (H/t Catalin Cimpanu)
Protecting customers faster: How Adobe is responding to AI-accelerated vulnerability discovery
Adobe is following suit with others and accelerating the pace at which it deploys updates.
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
Here’s how Opera’s Paste Protect guards you natively against clipboard attacks
Opera adds protections against copy-pasting Clickfix attacks.
Private keys cause 40% of Crypto Losses
Interesting research on private key vulnerabilities that lead to most crypto hacks.
Feature your business in Canadian Cyber in Context through sponsorship or advertising.
United States News
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
Big bounties for hackers targeting the unofficial communication channels that the US administration relies on, which is illegal for the US administration to use and not preserve.
Think tank games out how to respond to disaster scenarios in space warfare
Any space-based conflict would heavily involve cyber operations, and its impact on the Internet and global communications would be devastating.
Hackers breached DHS information-sharing network, people familiar say
Hackers targeted servers and SharePoint, specifically the information-sharing database with sensitive unclassified information.
This is not punitive. $2.25 million is the cost of doing business for a company as massive as Amazon.
DHS to unveil replacement council for critical infrastructure cybersecurity
Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program will replace the Critical Infrastructure Partnership Advisory Council.
CIA chief highlights major shifts in agency’s tech approach
The CIA has historically had some cyber capabilities, but it has largely been operational-support as opposed to engagement in long term campaigning as the NSA or USFCYBERCOM may conduct. This appears to be about to change as the CIA will begin investing more in high tech, including cyber.
Supreme Court restricts use of geofence warrants
Big win for privacy against intrusive police tactics.
OpenAI proposed donating 5% of its equity to a US sovereign wealth fund
With the current US administration it is impossible for this to be anything other than a corrupt enterprise for the president and his family.
Report criticizes South Korea for holding Coupang accountable for a significant data breach. This significantly degrades confidence and trust with the United States concerning cybersecurity.
United Kingdom and European Union News
Russia views cyber operations as subordinate to information operations and information security, so it is important to understand how it views and conducts influence operations.
Ukraine to use seized crypto from cybercrime group to buy war bonds
Absolutely brilliant move by Ukraine. Ukraine says this will be the first time confiscated cryptocurrency has been converted to support a wartime economy.
Europe Evolves Into Ransomware’s Favorite Region
Ransomware attacks in Europe are increasing, but I'm not sure I would say this makes Europe the “favourite” region. Nevertheless, this highlights the growing amount of ransomware attacks on Europe.
Espionage Against the European Parliament
New CitizenLab report about Pegasus spyware used against European Parliament member who was investigating Pegasus and other spyware use in Europe.
Launch of UK’s National Cyber Action Plan delayed amid Labour leadership crisis
Not a big surprise, but a disappointment nonetheless as the UK has been changing its posture quite a bit.
Google loses fight against record €4.1 billion EU antitrust fine
The EU is basically the only place that has actual punitive fines. Most fines elsewhere are so low they’re considered the cost of doing business.
Unlikely to happen in Canada, but EU tends to be more understanding and sensitive to protecting their digital sovereignty.
Ukraine has stopped 16,000 cyberattacks from Russia since the start of the invasion. 16,000 is likely a low estimate too.
Other International News
South Korea to spend $1T on more memory chip production and humanoid robots
Memory chip production is the main thing to keep an eye on.
EY sacks graduate employee after he allegedly accessed Australian PM’s bank account
EY is a major cyber contractor globally, so I am sure they’re very eager to make an example of the two being charged in this case.
India tells WhatsApp to halt usernames rollout, justify feature or face action
India is the biggest market for WhatsApp, so there are justifiable concerns about the risk of fraud from the ability to use usernames as opposed to phone numbers. There are some easy ways around this to still protect privacy and security, but more details are needed from WhatsApp to confirm they’re doing this.
Chinese LLMs Broaden the Gap Between Attackers & Defenders
As the big AI firms become much more expensive, cheaper Chinese models are becoming very popular.
Data breach exposes up to 14.2 million email logins at six ISPs
Breach at Japanese telecom KDDI leads to breach of six other ISPs.
Japanese insurer, brewer, manufacturer and telecom disclose cyber breaches
The future has arrived, it is just not evenly distributed yet.
Anthropic says Alibaba illicitly extracted Claude AI model capabilities
There are growing concerns about attacks, predominantly by Chinese AI companies, aimed at extracting information about other models.



