The Weekly New Rewire is a survey of cyber or adjacent news stories that I read this week (or recently). Please leave a comment if you think I missed anything.

Editor Notes:

• Rewire is out on Tuesday due to the holiday, regular will be released on Monday next week.

• I have begun receiving large batches of completed ATIPS that I requested, which are available to subscribers here.

Leave a comment

Share

Canadian News

• U.S. seeks to extradite Saskatoon man accused of hacking educational systems to mine crypto

  • Hacking a supercomputer just to mine crypto. That’s just sad.

• Regulator plans two-part inquiry into last year’s cyberattack at N.S. utility

  • I think that Nova Scotia has handled this incident tremendously by studying it in depth and being quite open about the process.

• Architect of Canada’s Early Military Cyber Capability

  • A great article from my friend Pete Hillier, who is a pillar of Canada’s cyber defence community. Pete goes into some of the beginning of the Canadian Armed Forces’ cyber capabilities, particularly focusing on the important work of Lieutenant-Commander (Ret’d) Robert Garigue.

• Volvo Group North America customer data exposed in Conduent hack

  • Supply chain attack: The compromise of Conduent led to the data breach of Volvo Group North America, which includes Canadian operations.

• Canada’s new AI strategy is off to a bad start

  • The AI Minister wants to build trust in AI, but keeps using AI terribly. This is why you need more social scientists in government to develop better methodology for you.

• Mapping the data that quietly threatens Canada’s national security

  • An article on the partnership between Calian and Dalhousie University. A bit of a puff piece and not too much details, but an interesting look into the partnership nonetheless.

  • Write up from Calian about the partnership from 2022

• Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns

  • While already a common target, the major boom in the defence industry means that defense companies are increasingly a prime target. With how much everyone is focused on profits, actual security often gets overlooked.

• GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

  • Google Threat Intelligence Group is basically saying that many APTs are making heavy use of AI in some capacity.

• Vimy Forge announces its first cohort

  • Vimy Forge is a national defence accelerator based in Fredericton, NB that aims to support Canadian innovation in defence. The first cohort includes a few cyber-related firms including 123 Cyber (our sponsor, woohoo!), Prodigy Intelligence, SeafarerAI, and Tehama.

  • Atlantic Canada invested almost $1million in Vimy Forge

• Ottawa-Gatineau launch task force to create defence innovation hub, bid for proposed bank

  • What is often lost in the discussion of defence is that cyber security is always part of the discussion. Cyber security is one of the most universal dual-use technologies that we can talk about. This is why I am glad that Invest Ottawa specifically mentions cyber security as one of the key areas for investment and and growth.

• Fiscal Implications of Meeting NATO’s 5% Commitment

  • NATO’s 5% defence commitments break down to 3.5% on core defence spending and 1.5% on “ancillary defence and security-related spending.” The Office of the Parliamentary Budget Officer released a report on the fiscal implications of these defence commitments, but I’m most interested in that 1.5% because it specifically impacts networks and information infrastructure. Approximately $60 billion must be spent to reach the 1.5% commitments. A great way to spend this money would be on secret cloud and actually developing a sovereign cloud beyond the control of US corporations.

• Canada and Germany sign AI joint declaration and launch Sovereign Technology Alliance

  • Maybe under the previous Trudeau government, Canada could say it was focused on “secure," but current AI Minister Evan Solomon and the government have made it clear they don’t care about security in digital issues. I would not be surprised if they simply do not understand it and accuse those wanting security as holding back economic investments. Evan Solomon is neither a serious person nor a serious minister. This government only cares about security as long as you can invest in it.

• Hack linked to gun licensing program was biggest federal data breach in last 5 years: documents

  • Great piece from Matt Malone. The federal government has has multiple breaches the past few years, but they have provided very little information about any of them.

• Canada’s Sovereign AI Compute Gap: Why We’re Still Treating a Strategic Assets as a Service

  • Despite many claims by the Government of Canada, nothing has changed about current policies and approaches, and Canada is just as exposed to United States infringement on Canadian digital sovereignty.

• Ottawa-Gatineau to host international cybersecurity summit in December

  • INCYBER Forum was a pretty big deal last year, so I am sure having the event in the capital will continue this.

• Alberta Begins Personal Information Protection Act engagement

  • I don’t normally cover provincial-level activities, but this crossed my feed. Canada still does not have modern privacy legislation, which puts additional onus on provinces to try to fill in the gaps that the federal government is failing to address.

• Canada’s NORAD commander outlines defense upgrades

  • We always think about radars and F-35s as NORAD modernization upgrades, but the core to NORAD modernization are digital upgrades. Radars also happen to be one of the most targeted military assets for cyber attacks, so cybersecurity is imperative for them and NORAD modernization.

• Discord faces backlash over age checks after data breach exposed 70,000 IDs

  • Everyone is turning to ID and facial checks for age verification, but everyone is ignoring the calls from security researchers and advocates about how dangerous this is without instituting sufficient levels of controls to protect users privacy.

• 0APT ransomware group rises swiftly with bluster, along with genuine threat of attack

  • A new ransomware group called oAPT has popped up claiming approximately 200 victims, including Canadian victims like Global News. However, majority of these claims appear to be hoaxes with only a few genuine attacks.

  • This is why you should always be suspicious of ransomware groups. They will always claim something is worse than it actually is, even outright lying that they have access or locked down anything. This is why in any circumstance where you are attacked or a ransomware actor reaches out to you, lock down your network and contact a professional.

• C4ISR and Beyond is a one-day conference in Ottawa focused on the defence ecosystem around C4ISR (including cyber!). Canadian Cyber in Context subscribers don’t have to worry about missing the event:

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Cybercriminals Exploit Fake Traffic Ticket Portals To Harvest Sensitive Information

• AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials

  • Be careful about the in-office tools you use; they could be malware.

• Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

  • I’m not usually one to cover patch Tuesday, but the fact that 6 zero-days were addressed I think it indicative of just how active the cyber threat environment is right now. (For those unfamiliar, Tuesday tends to be the day Microsoft and others release a lot of patches, hence Patch Tuesday)

• Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

  • Another step in Apple’s long battle against commercial spyware.

• Substack breach affected approximately 663K accounts.

• Stairwell detects widespread exposure to critical WinRAR vulnerability across customer environments

  • Et tu, Winrar?

• Social media and other platforms are increasingly require age verification. Unfortunately it seems easy to bypass.

• Crazy ransomware gang abuses employee monitoring tool in attacks

  • Alternative headline: Ransomware gang uses abusive employee monitoring tools in attack

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research and Op-Eds

• Recorded Future’s 2026 State of Security: How Global Fragmentation is Redfining Conflict Across Cyber, crime and Influence

  • Recorded Future is a favourite cybersecurity firm of mine, so their 2026 state of security report is a must-read in my opinion.

• FIRST Forecast: CVEs Expected to Surpass 50,000 in 2026 for First Time

  • CVE stands for Common Vulnerabilities and Exposures, which is a type of classification for a known vulnerability in software, which are verified and catalogued to inform defenders about them and to take appropriate action. CVEs are what is exploited by threat actors, so the active CVE expecting to pass 50,000 in 2026 is very noteworthy about the cyber threat environment.

• AI will disrupt millions of jobs, so what is Ottawa’s plan?

  • There is such an overwhelming focus on securing Canada’s role in AI as an economic force, but little attention is being paid to how AI will seriously impact society.

• Filière défense: sans trajectoire, pas de souveraineté( Defense sector: without a trajectory, there is no sovereignty)

  • We talk a big game on sovereignty, but we continue to let doors open which only provide a performative show of sovereignty and digital sovereignty issues are a top one.

NetAskari

Critical strike: China's hacking training grounds (PART 1)

China’s state-backed hackers have intensified their attacks on the critical infrastructure of other nations in recent years—often with notable success. Their techniques are highly sophisticated, but just as significant is the support ecosystem that enables them to develop and refine those attacks. Hidden “digital shooting ranges” allow operatives to pra…

Read more

3 months ago · 21 likes · 5 comments · NetAskari

Natto Thoughts

The Tianfu Cup Returns Under MPS Leadership as AI Takes Center Stage

The Tianfu Cup (天府杯), China’s premier exploit hacking competition, has returned to Chengdu, Sichuan Province, for its sixth edition, held from January 29 to 30, 2026. This time, under the organizational lead of China’s Ministry of Public Security (MPS), China’s domestic law-enforcement authority. Launched in 2018 after Chinese authorities…

Read more

6 days ago · 4 likes · Eugenio Benincasa

United States News

• Exclusive: Trump pauses China tech bans ahead of Xi summit

  • Everyone is claiming this is a negotiating tactic, but the United States’ lack of consistency and bold facing lying about everything means that we can only assume the most selfish and short sighted ambitions and purposes for any action that the United States undertakes. We especially cannot assume any action taken is the result of intelligent action, but is just as likely to be an emotional, shallow action with no strategy behind them.

• DOJ says Trenchant boss sold exploits to Russian broker capable of accessing ‘millions of computers and devices’

  • The market for zero-days and hacking exploits is still very unregulated and there are private actors that make a killing in this space, but usually they aren’t the ones leaving companies and selling their data. Usually it’s neutral, third parties that do the best on the open market, although if you’re in a Western country, Russia, or China usually you only have one option on who to sell your wares.

• US needs to impose ‘real costs’ on bad actors, State Department cyber official says

  • If cyber threat actors operate without concern for consequences, then they will continue to act as if there are no consequences.

• FTC Issues Second Report to Congress on its Work to Fight Ransomware and other Cyberattacks

• Attor­ney Gen­er­al Ken Pax­ton Demands Infor­ma­tion from Blue Cross Blue Shield of Texas and Con­duent as Part of Inves­ti­ga­tion into Largest Data Breach in U.S. History

• CIA, SOCOM gearing up for rapid capability assessment with an eye toward ‘field-forward’ ops

  • The future of warfare and conflict lies in leveraging data. Access to greater amounts of accurate data with quick and intricate data analysis will give actors a major decision-making advantage.

    • This is at the foundation of CJADC2 and the Canadian version of Pan-Domain Command and Control (PDC2). I have written an introduction to Canada’s approach to multi-domain operations and pan-domain for CGAI here. The core capabilities to this are cloud networking, big data analytics and processing, and AI.

European Union & United Kingdom News

• EU, Dutch government announce hacks following Ivanti zero-days

  • Ivanti is having major success in targeting European countries and organizations.

• Russian military scrambles to find Starlink alternative after access blocked

  • I gave big props to SpaceX for moving quickly on this, and this highlights just how important infrastructure is for modern capabilities. Secure and reliable data connectivity is paramount to modern military operations that Canada and other militaries are increasingly reliant upon. This is why fiber optic drones are increasingly common as the lack of infrastructure and secure data connectivity amid degraded electro-magnetic environment makes this very difficult to achieve.

• Russia’s sabotage campaign is becoming bolder

  • Russia is increasingly using cyber operations to continue its sabotage campaign targeting Europe and Ukraine-allied countries.

• Parliament again tells Dutch gov’t to prevent DigiD from ending up in American hands

  • Canada, unfortunately, is not in a position to do the same unless the government take a dramatically more risk-prone approach than they have been.

• WhatsApp domain disappeared from Roskomnadzor’s DNS server.

  • Russia blocks Whatsapp, YouTube, and many other services.

• The grid is the battlefield: what the Munich Security Report reveals about cyber warfare and the fight for Europe’s energy infrastructure

  • Cyber attacks are a top discussion at the Munich Security Conference this year and for good reason. Europe has been getting hit particularly

• Exclusive: Binance fires top investigators who claim to have uncovered evidence of Iranian sanctions violations

  • You remember Binance. The ones who were convicted of violating sanctions and anti-money laundering laws in 2023, but were able to avoid a lot of the punishments after providing bribes to the Trump administration.

Other International News

• Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure

  • First reported by NetAskari (linked above), this news article is based on that report. This shouldn’t be a surprise to anyone. This technology is readily available given how common large cloud infrastructures are, so it makes sense that China would be looking for gaps and practicing penetration testing against them daily. We should expect our cyber forces to do the same.

• X Tried to Sidestep Brazil’s Inquiry on AI Deepfakes. The Government Just Pushed Back.

• Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector

  • Chinese APTs have penetrated all of Singapore’s major telecoms. This is not a surprise. Most telecoms have been penetrated by Chinese APTs at this point due to salt/volt typhoon.

  • News article about this.

• South Korea blames Coupang data breach on management failure, not sophisticated attack

  • Sometimes it isn’t external threat actors, but your own management that cause incidents. This is why CPCSC and CMMC are quite important for the defence industry, because they are meant to ensure internal compliance is sound so that we can focus on external threats.

• Security bodies say they foiled hundreds of Iranian cyberattacks against senior Israelis in past months

  • Iran has a comparatively large and prolific cyber operations capabilities. Two of the countries targeted the earliest with cyber operations also happen to be the ones that now have major cyber forces: Iran and North Korea.

• Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say

  • This is the type of stuff that should absolutely kill a cyber threat intelligence business. If you’re not here to be truthful about threats, then you’re actively helping the state. Congrats, Palo Alto Networks, you now support the Chinese Communist Party.

• His Excellency General Sar Thet is highly determined and orders the National Police Force to eradicate online scams from Cambodia

  • Cambodia is doing a big crackdown on scam compounds.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Share