The Canadian Cyber News Rewire is a survey of Canadian cyber and adjacent news stories from this past week (or recently).

Questions or Business inquiries: info@cyberincontext.ca

Editor Notes:

• I have two new articles out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

  • Everything You Should Know About CAF Cyber Command

• I have received a hefty round of feedback on my PhD thesis, so I may be a tad quiet outside the weekly Rewires.

Feature your business in Canadian Cyber in Context through sponsorship or advertising.

Share

Canadian News

• Facebook is paying people overseas promoting Alberta separatism

  • Facebook is a net negative on society and Meta knows this (they’ve done the research) and they don’t care.

• Your AI Shopping Assistant Is Selling You Out

  • Despite what industry tries to paint, companies are already tracking and selling your data on your shopping habits.

• Carney government testing use of AI in prisons to create profile reports of offenders

  • The most vulnerable are always amongst the first for new technology to be tested. This is not an endorsement of the practice.

• Medical transcription tool approved by Ontario linked to AI-generated news website

• Why are security experts worried about Canada’s secret Palantir contracts?

  • Ongoing coverage of Palantir use by DND, with some quotes from me.

• Cohere signs exploratory AI agreement with Québec government

  • Canadian AI favourite Cohere continues to make partnerships. I am starting to worry about an overreliance on Cohere. I have only hear positive things about Cohere, so this is not about their quality, but about the ability for other Canadian companies to be able to compete.

• Why cybersecurity teams are struggling to keep up with AI adoption

  • This article does a good job of explaining why I have an issue with Canada’s AI Strategy. Many AI systems are not cybersecurity vulnerabilities by accident; they are vulnerabilities by their nature.

• AI-generated ‘fake cases’ a concern for courts, Canada’s top judge says

  • A lot of headlines are being made in the US about fake citations and AI documents in court cases, but this is also going on in Canada. “Wagner said it is a bigger problem for lower courts where there is a higher number of self-represented litigants than the Supreme Court of Canada.”

• The Liberals think small on AI

  • I normally keep op-eds for the section below, but this is from the Globe and Mail Editorial Board.

• How police tracked down suspects in AI deepfake investigation involving dozens of women

  • The difficulty that police had in tracking down the criminals in this should give pause to the government’s rush to commercialize AI. AI is not inherently a positive force. It can only be made one with concerted action and expertise, otherwise it is an unproductive and nefarious force.

• The Department of National Defence opens world-class defence research complex in Valcartier

  • A lot of cyber-related research occurs at Valcartier, so this should hopefully have a positive impact on Canadian cyber defence research and innovation.

• Foundations of Digital Sovereignty Chapter 6: Procuring Sovereignty in the Cloud

  • Latest chapter by the Canadian Shield Institute in their great series on digital sovereignty.

• Innovative Solutions Canada: Cybersecurity in satellite systems

  • New Innovation Solutions Canada call for proposals: “The Department of National Defence (DND) and the Canadian Armed Forces (CAF) are seeking innovative research and development (R&D) solutions to provide a flat satellite (flatsat) platform for cybersecurity experimentations.”

• GC Digital Talent: AI Cyber Security: Attack and Defend

  • The Government of Canada is running an AI and Cybersecurity course for IT-classified employees through the GC Digital Talent platform.

  • Deadline to apply for the course has passed, but I wouldn’t be surprised if they run this again.

• Privacy Commissioner of Canada investigation into the Grok chatbot and sexualized deepfakes finds companies violated privacy law

  • Elon Musk’s X violated Canadian privacy law with Grok deepfakes, watchdog finds

    • “The privacy commissioner found the company had not received consent and that its response to the widespread deepfakes was “insufficient.”” This is an understatement, but I doubt the government will care or do much. Evan Solomon was one of the first to come out and proclaim that X was still good in the eyes of the Government while X continued to profit from child sexual abuse material.

    • Grok Is Still Hosting Sexualized Deepfakes of Famous Women

• Prime Minister Carney deepens partnership with France across trade, defence, and advanced technologies

  • A few cyber-related announcements here. Canada and France sign a General Security of Information Agreement treaty to strengthen defence and industrial cooperation to enable the sharing of classified information, specifically citing cybersecurity and AI. Overall, this is meant to enable more economic activity, especially defence, between Canada and France.

  • Also signed a joint statement on quantum science and technology cooperation

• Canada advances sovereign Earth observation capabilities with $2.4M investment in next-generation satellite technology

  • “Three contracts, valued at $2.4 million in total, awarded to Calian, Kepler and MDA Space.” Many Canadians aren’t aware that Canada is a global leader in space technology, with capabilities in many areas that others of similar or greater size do not have.

• Federation of Canadian Municipalities launches Defence Task Force to strengthen Canada’s readiness through local infrastructure

  • Oddly excludes digital infrastructure, which likely indicates that the Federation of Canadian Municipalities is relying too much on “dual-use” infrastructure as a catch-all term and may indicate they do not quite understand the infrastructure needs.

• Government of Canada partners prepare for FIFA World Cup 2026™ with Shared Services Canada

  • Interesting page by Shared Services Canada basically advertising they’re supporting government departments to manage FIFA World Cup 2026 in Canada.

• Vertical Data and Quantum eMotion Partner to Bring Quantum Cybersecurity to AI Infrastructure Deployments

  • Canadian quantum firm Quantum eMotion and US firm Vertical Data sign a memorandum of understanding to collaborate on quantum cybersecurity.

• Confidential reporting, stricter phone rules in schools among proposals in cyberviolence prevention strategy

  • PEI has a strategy to combat cyberviolence.

• Ballooning AI costs have Canadian startups weighing alternatives

  • This is why we should all be suspect of claims regarding the economic benefits of AI right now. Even if you can afford it, does it outweight how much it costs currently? AI compute is currently heavily subsidized by AI firms.

• Canada and the Philippines strengthen defence partnership with new arrangement

  • This does not explicitedly refer to anything cyber, but cyber has been central to the growing defence relationship between Canada and Philippines.

Bill C-34 - An Act to enact the Digital Safety Act and the Digital Safety Commission

• Government of Canada introduces legislation to make social media services and AI chatbots safer for children

  • Backgrounder: Government of Canada introduces legislation to combat online harms, particularly those impacting children

  • The government introduces legislation to ban social media for children under the age of 16 and require certain safeguards for AI chatbots. Would create an independent Digital Safety Commission to enroce regulations and ensure compliance.

• Ottawa moves to restrict social media for kids under 16

• Canada may get the strongest digital online safety framework in the world

  • “Of course it shouldn’t have come to this. The fact we are even talking about a restriction is a sign that self-regulation has failed.”

• Many of the excuses in some consultation has been about parents unable to trust others. This is a very convienent thinking as this goes for nearly all issues which relate to banning problems. Individuals rarely view themselves as the problem, but there is always an “other” to blame to support measures that do not neccesarily work in the first place.

• We can only have a rational assumption about a policy measure on grounds that it works. Evidence shows that such bans do not work all while reducing everyone’s privacy.

Bill C-22 - An Act respecting lawful access

• Signal, DuckDuckGo, NordVPN threaten to pull services if Canada passes “surveillance” bill

  • Some international coverage of the pushback against Bill C-22

• Liberals open to shorter metadata rules but splitting bill ‘not an option’

• Minister now open to trimming 1-year data retention period in lawful access bill

  • Remains to be seen what amendments will actually be introduced, but the pressure on the government for change in the bill is working.

Leave a comment

Parliamentary News & Upcoming Meetings

This section includes any House of Commons and Senate meetings that are relevant to Canadian cyber.

• House of Commons Committee on National Defence

  • June 15: 11:00 AM to 1:00 PM - Nexus Between National Defence, National Security and Canada’s Critical Minerals Sector

    • Draft Consideration of Draft Report

• House of Commons Committee on Industry and Technology

  • June 15: 4:30 PM to 5:30 PM - Opportunities, Risks, and Regulation of AI in Canada’s Strategic Industries

    • Appearing: Hon. Evan Solomon, P.C., M.P., Minister of Artificial Intelligence and Digital Innovation

    • Witnesses: Mark Schaan, Associate Deputy Minister

• House Standing Committee on Public Safety and National Security

  • June 16: 3:30 PM to 11:59 PM - Bill C-22, An Act respecting lawful access

    • Clause-by-Clause Consideration of Bill C-22

    • Witnesses are appearing from the Canadian Security Intelligence Service, the Department of Justice, the Department of Public Safety and Emergency Preparedness, and the Royal Canadian Mounted Police.

Canada-Relevant News

As many issues don’t respect borders, this section is for stories that impact Canada, but may not be Canadian-sourced or focused, to differentiate from the previous section, which is 100% focused on Canada.

• Fighting Spyware: An Update From WhatsApp

  • WhatsApp announces it has filed for an injunction against NSO Group, alleging it has continued to target its platform despite a court order to stop. Also includes an announcement of donating to the Spyware Accountability Initiative. While WhatsApp may be owned by Meta, they’re doing good stuff.

• Microsoft Hacked to Deliver Malware to Claude and Gemini Users

  • There is growing discourse in cyber and information security about whether LLMs and generative AI are inherently undefendable and therefore inherently unsafe.

• Microsoft’s open source tools were hacked to steal passwords of AI developers

  • Microsoft responds to ongoing attacks targeting Github.

• Claude Fable 5 and Claude Mythos 5

  • Anthropic releases Fable 5, which is Mythos, but with guardrails to prevent abuse.

  • Cybersecurity researchers aren’t happy about the guardrails on Anthropic’s Fable

• Statement on the US government directive to suspend access to Fable 5 and Mythos 5

  • Anthropic flew too close to the sun by proclaiming that Mythos is too dangerous to release, so it shouldn’t be too surprised this happened. Nevertheless, this is the primary concern regarding digital sovereignty. We focus a lot on our data being accessed without our consent, but the bigger problem is if the United States unilaterally decides it does not want anyone else to have access to certain technologies.

  • The serious risk now is if the United States will take a similar approach and put export controls on compute power that runs AI models. Current computing costs of AI are heavily subsidized by AI companies, so the United States could attempt to put some form of controls in place to prioritize United States use. Canada currently lacks AI data centres for compute power.

• ChatGPT Caught Recommending “Products” That Are Just Scams That Steal Your Credit Card Info

  • This will continue to happen with LLMs and generative AI.

• Data Center Operators Are Trying to Fix Their Water Use Problems

  • For a couple decades, the trend has been towards achieving as great of power efficiency as they can. Over the last couple of years, with the AI boom, the focus has shifted to deploying as quickly as possible and outputting as much power as possible, with efficiency to be addressed later. This is not sustainable.

• Meta Changed Its Speech Rules. Then Threats Against Politicians Skyrocketed

  • Facebook is a bottomless pit of theft, fraud, and toxicity that provides no benefit to society.

• Pokémon Go Scans Quietly Trained the Navigation Tech Now Headed Into Military Drones

  • Niantic have been quietly announcing partnerships and a shift towards security and defence for some time, so this was going to happen eventually.

• KPMG’s AI report becomes an accidental demo of AI hallucinations

  • This is after EY Canada made a lot of headlines when its own report had AI hallucinations and will not be the last.

Canadian Cyber Threat Intelligence

Any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Mandatory Training Voluntarily Watched

  • Conan O’Brien partners with Adaptive Security to produce 15 security-awareness training videos. Yes, that Conan O’Brien.

• Attacks on Critical Communications Infrastructure Hit Record Highs in 2025

  • “18,000 incidents struck communications networks in 2025, disrupting service for nearly 12 million customers across the country.” Focused on the US, but Canadian trends tend to be similar to the US.

• Qilin Ransomware targets Trican Well Service

  • Trican Well Service is an oilfield services company.

• ServiceNow tells customers a bug left some of their data exposed to the internet

Feature your business in Canadian Cyber in Context through sponsorship or advertising.

Share

Research, Op-Eds, and Events

This section is being phased out. Future research, op-eds, and events will be included in the section for the relevant region.

United States News

• In first, California city overwhelmingly votes to permanently ban datacenters

  • This will become increasingly common.

• Supreme Court rules FCC fines punishing telecom giants for sharing location data were legal

• Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US

  • All facial recognition systems still have major flaws and shouldn’t be regarded as definitive identification.

• The FBI Told Apple To Keep Quiet About Spying On A Republican Staffer. Apple Bit Back.

• Cops Keep Getting Arrested for Using Flock to Stalk People

  • Those with unchecked authority will take advantage of what is unchecked.

• US charges suspected Russian hacker with facilitating cyber campaign

  • Individual was originally arrested in Thailand on request by the US. Allegedly has helped/worked with Russian group Void Blizzard.

• Warner proposes overhaul of critical infrastructure cyber plans as AI threats rise

  • New measures would require CISA to “work with federal sector risk management agencies to update sector-specific plans within one year of enactment. It would also require CISA to reassess those plans every two years, issue revised versions and send copies to Congress after completion.”

• Inside the FBI’s 22,000 square-foot indoor technical training environment in Huntsville

  • Article about the FBI’s Kinetic Cyber Range, which is more than just a virtual environment, which I think is a great way to train.

• Ransomware sends Illinois high school on an early summer vacation

  • Schools are increasingly a favorite for ransomware groups, who often do not have sufficient IT protections and in many cases do not have dedicated IT departments.

• Google and Meta denied new trial in youth social media addiction case

  • I wish I were more optimistic that this would produce any real change or action. Flat social media bans will not do anything but shift the blame.

• Justice Department, FBI Disable 13 Websites Backed by Suspected Chinese Agents That Sought Sensitive U.S. Information from Security Clearance Holders

• Cyber Force not included in Senate defense policy roadmap

  • The strict direction on how to setup the Cyber Force by the Senate was never going to fly with the military, partly because it would have upended a lot of existing force structure and planning. Despite this, Cyber Force has been a bit too stagnant with lack of innovation or direction apart from maintaining a status quo. Change is needed, but many of the problems the United States’ strategic approach to cyber conflict won’t be solved with the rushed creation of an US Cyber Force branch.

• China Didn’t Make Americans Hate Data Centers

  • While it is not farfetched to believe that China might be supportive of this, it is foolish to believe that there are no legitimate concerns regarding data centres. There are major economic, social, and environmental concerns regarding AI and Cloud data centres.

• CISA Issues Binding Operational Directive on Prioritizing Security Updates Based on Risk

  • New deadlines to fix patches down to three days for some vulnerabilities. In large response to the growth of AI-assisted attacks.

    

• FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs

  • There have been efforts for some time to try to ban burner phones. There are some laws in Canada to prevent this, but it does not always require an actual ID.

• NATIONAL SECURITY PRESIDENTIAL MEMORANDUM/NSPM-12

  • Executive order concerning National Policy for the Cybersecurity of National Security Systems

  • Fact Sheet: President Donald J. Trump Defends America’s Warfighters and Intelligence Officers Against Cyber Threats

United Kingdom and European Union News

• ‘Killer of trust’: social media groups fuel misinformation in UK, report finds

  • “Investigation reveals more than 4.4 million people live in ‘news deserts’ that lack dedicated local reporting”

• Landmark German ruling declares Google’s AI Overviews are Google’s own words and makes it liable for false answers

  • We’re seeing similar cases like this pop up in Canada and elsewhere and will set major precedence.

• Europe Means Business on Cloud and AI Sovereignty

  • Big things can happen when you have leadership that is actually dedicated to increasing sovereignty. Instead, we have a bunch of marketers in Cabinet that just want to make money and don’t care about the harms or risks.

• French govt messaging service breached in account hijacking attack

  • It sounds worse than it likely was. A user account was hijacked, but their malicious requests were identified and they were stopped. This sounds to me exactly what you would want to occur, but the hijacked user/account still led to a major breach: “They claim to have stolen hardcoded LDAP credentials allegedly leaked via a PowerShell script shared by a French tax authority regional director and over 13.5GB of documents and media files shared by public servants using the Tchap service.”

• British high school sends students home following cyberattack

  • Schools are a favourite target for criminals. Schools need to seriously engage with how to improve their cybersecurity and to include students in this process to provide them direct training and inclusion to help protect schools.

• All the Ways Europe Is Ditching American Technology

  • Canada should be watching what Europe is doing, but the government is too busy saying sovereignty is important rather than taking action to make it a priority.

• Nottingham University data breach affects over 450,000 students

Other International News

• I got inside a North Korean hiring scam. What I found reveals a troubling shift in tactics

  • Fantastic reporting here. “DPRK hackers hired unwitting freelancers in the Philippines, Nigeria, and Colombia to put a human face on a malware operation — and make fake companies feel real.”

• South Korea Fines Coupang $400M Over Data Breach Affecting Millions

• Chinese cybercrime operation that used AI to scam ‘hundreds of thousands of victims’ sued by Google

• Thailand’s House panel to probe health data breach

  • Data of 67.1 million people were leaked

Canada Buys & Innovation Watch

I am still building out my monitoring, but I plan to post more Canadian cyber-related procurements here in the future. The focus will initially be DND/CAF, but will expand once I am happy my monitoring workflow is sufficient for DND/CAF.

Canada Buys

• Security Control Centre IT Modernization Project

  • Royal Military College is looking for a replacement OT software-as-a-service solution.

  • Closes June 19

• 1x Network Support Specialist Level 2 For Canadian joint Warfare Centre (CJWC) - JCIS CFXNET

  • Closes June 10

• RFP - Repair and Overhaul for Strategic Deployable Terminals

  • Satellite Communications (SATCOM) SDT terminals

  • Closes June 30

• RFI-WORLDWIDE SATELLITE COMMUNICATIONS – PROTECTED MILSATCOM TACTICAL (WSC-PMT) PROJECT

  • Defence Investment Agency (DIA) is requesting Industry information and feedback regarding the Worldwide Satellite Communications Protected Military Satellite Communications (MILSATCOM) Tactical (WSC-PMT) Project.

  • Last updated May 19. Closes July 29

Innovation

• Innovation Solutions Canada

  • Cybersecurity in satellite systems

    • The Department of National Defence (DND) and the Canadian Armed Forces (CAF) are seeking innovative research and development (R&D) solutions to provide a flat satellite (flatsat) platform for cybersecurity experimentations.

    • Close Date: July 2

• Innovation for Defence Excellence and Security (IDEaS)

  • Reliable AI sensor fusion for real world missions

    • The Department of National Defence and the Canadian Armed Forces (DND/CAF) are seeking innovative Artificial Intelligence (AI) solutions that embed compliance-by-design into multi-sensor, multi-domain fusion workflows. The goal is to develop a modular Fusion Compliance Engine (FCE) that automatically enforces classification rules, legal constraints, and policy adherence in real time during data aggregation and analysis.

    • Close Date: July 14

  • Turning urban data into real-time insight through AI

    • The Department of National Defence and Canadian Armed Forces (DND/CAF) are seeking innovative Artificial Intelligence (AI) driven solutions that repurpose existing urban infrastructure as a distributed, passive sensing network capable of delivering scalable, real-time situational awareness and anomaly detection.

    • Close Date: July 14

  • Cognition and trust: Real-time dynamic calibration for human-autonomy teams

    • In response to the revolutionary potential promised by the integration of autonomous systems into defence and security operations, the Department of National Defence and the Canadian Armed Forces (DND/CAF) are seeking to advance methods to assess, calibrate, and maintain trust in real-time when humans work with autonomous systems.

    • Close Date: June 17

Feature your business in Canadian Cyber in Context through sponsorship or advertising.

Share

Media of the Week

The Beaverton: Carney bans social media for kids too dumb to figure out VPNs