The Weekly New Rewire is a survey of Canadian cyber or adjacent news stories from this past week (or recently). Please leave a comment if you think I missed anything.

Leave a comment

Editor Notes:

• I have two new papers out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

  • Everything You Should Know About CAF Cyber Command

• I have received a hefty round of feedback on my PhD thesis, so I may be a tad quiet outside the weekly Rewires. If you wish to contact me, feel free to email info@cyberincontext.ca.

Feature your business in Canadian Cyber in Context through sponsorship.

Share

Canadian News

• Government of Canada and TELUS advance work to build sovereign AI infrastructure

• Telus plans AI data centre expansion in B.C., including two new centres in Vancouver

  • Telus is building two data centres in Vancouver and expanding an existing facility in Kamloops, which together will require 150 megawatts of electricity by 2032.

• Deal reached with hackers after Canadian universities hit by security breach

  • I’m not a fan of calling the payment of ransoms under duress a “deal.” Makes it sound amicable.

• Accelerating commercialization and adoption of AI and quantum technologies in British Columbia

  • $17.3 million investment in eight businesses in BC.

• Global Affairs Canada Transformation Implementation Plan (2023 to 2026)

  • GAC is underway with plans to strengthen cybersecurity by enhancing its security operations centre to include cloud threat detection and response.

• A lot of coverage of Bill C-22 this week, compiled below:

  • U.S. Congress warns Ottawa’s lawful-access bill could weaken defences against hackers

    • The letter from US Congressional Leaders states that Bill C-22 would “Canada’s surveillance and data access powers in ways that create significant cross-border risks to the security and data privacy of Americans.”

      • Ironic that Americans sure love to create these risks for everyone else, but suddenly have a problem when another country ignorantly tries the same.

    • Signal warns it would pull out of Canada if made to comply with lawful access bill

    • Major Canadian online privacy company Windscribe plans to leave country if lawful access bill passes

    • Spy watchdog asks for greater oversight of proposed lawful access regime, including to boost public trust

      • This could maybe quell concerns, but not sure if it would fully make up for a lot of the problems in Bill C-22.

    • Major VPN provider says it could leave Canada over lawful access bill

      • NordVPN joining others to say C-22 sucks and they would leave Canada.

• PwC Canada launches CPCSC Readiness Service to help defence suppliers with new mandatory cyber certification

  • All the big consulting firms will be getting in on the CPCSC action.

• 3rd investigation launched into Alberta voter database accessed by nearly 600 people

  • The RCMP, Elections Alberta, and now Alberta’s Information and Privacy Commissioner have all begun investigations into the leak of Alberta’s electoral roll.

• B.C. gov’t ‘embracing the opportunity of AI,’ premier tells Web Summit

• Canada Declares Digital Independence, But ‘Sovereignty Is Not Solitude’

  • Coverage of Minister Solomon and many of the platitudes he brings to the situation.

• Canada Stands Shoulder to Shoulder with the Philippines at Exercise BALIKATAN 41-26

  • CAFCYBERCOM participated in this exercise.

• Canada second globally for ransomware, Fortinet says

  • Additional coverage of Canada as a top target for ransomware operators

• Government welcomes Canada Growth Fund investment to support the expansion of Canada’s largest operating lithium mine

  • Lithium is in almost everything electronic, so this is big news that’ll be welcomed by critical minerals folk.

• Canada’s cybersecurity agency to get access to OpenAI’s latest model, sources say

  • Only OpenAI’s so far, haven’t heard anything about Claude Mythos yet.

• Ontario Auditor General Report: Use of Artificial Intelligence in the Ontario Government

  • Interesting information in this report, particularly related to use in healthcare…

• Medical AI transcriber for Ontario doctors ‘hallucinated,’ generated errors: auditor general

  • Hallucinations remain very common with AI, especially LLMs. This is why the rush to adopt them is dangerous.

• PowerSchool hack was a ‘significant breach,’ says N.L. privacy commissioner

  • Unrelated to the recent Canvas incident, but is from January 2025.

• Photo of 6-fingered woman shows N.L. government needs to ‘tighten up’ AI policy, Wakeham says

  • Official Newfoundland and Labrador government pictures are popping up with AI mistakes that could have been easily fixed.

• Canadian Digital Regulators Forum hosting interactive workshop

  • Very interesting workshop taking place May 21.

Canada-Relevant News

As many issues don’t respect borders, this section is for stories that impact Canada, but may not be Canadian-sourced or focused, to differentiate from the previous section, which is 100% focused on Canada.

• Google says hackers used AI to create zero day security flaw for the first time

• OpenAI Launches ‘Daybreak’ to Help Build Secure By Design Software

• Signal adds security warnings for social engineering, phishing attacks

  • This is after a prominent European politician fell victim to phishing attack.

• Revealed: Israeli Tech Exposes Users of Musk’s Starlink Satellite-based Internet

• OpenAI says hackers stole some data after latest code security issue

• A hotel check-in system left a million passports and driver’s licenses open for anyone to see

• Research repository ArXiv will ban authors for a year if they let AI do all the work

Canadian Cyber Threat Intelligence

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Alert - AL26-012 - Critical vulnerability affecting Cisco Catalyst SD-WAN - CVE-2026-20182

• Alert - AL25-012 - Vulnerabilities impacting Cisco ASA and FTD devices – CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363 – Update 2

• 84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials

• SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA

• Oracle Announces Move from Quarterly to Monthly Critical Security Patches

  • A sign of the times as Oracle moves to release updates on a more frequent basis.

• GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

  • Google Threat Intelligence Group report on the increasing role of AI in cyber threat activity.

• Linux Could Soon Disable Vulnerabilities Without a Reboot: Kernel Killswitch

  • In response to recent vulnerabilities, a runtime “killswitch” has been proposed.

• Behind the Scenes Hardening Firefox with Claude Mythos Preview

  • Article from Mozilla on the use of Claude Mythos for Firefox.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Share

Research, Op-Eds, and Events

• Q&A: Vass Bednar on why Canada is at risk of remaining a digital 51st state

  • Vass Bednar is the Director of the Canadian Shield Institute.

• The Canadian Shield Institute release Chapter 2 on Weaponization of Governance for their Foundations of Digital Sovereignty series.

  • The Canadian Shield Institute continues to do tremendous work.

• Software was never designed for perfect security – and now we’re paying the price.

  • A good article by the great security researcher Halvar Flake

• Timeline of Iran’s Nuclear Program and the Stuxnet and Fast16 Attacks

  • Kim Zetter puts together a new timeline that includes the Fast16 attacks.

United States News

• Foxconn confirms cyberattack impacting North American factories

  • An update on last week’s story, which turns out to be ransomware.

• Congressman launches inquiry into how food retailers use surveillance pricing

  • This one will be watched by Canadians. There’s currently an active debate at the federal and many provincial levels regarding how to address surveillance pricing.

• Texas Attony General Sues Net­flix for Spy­ing on Texas Kids and Con­sumers by Ille­gal­ly Col­lect­ing Users’ Data With­out Their Knowl­edge or Consent

• Pentagon deploys Anthropic’s Mythos to patch cyber gaps while planning to ditch firm

  • This is probably not going to look good for the US Government in court.

• Cisco cuts nearly 4,000 jobs to spend more on AI, reports ‘record quarterly revenue’

  • Cisco has always been scummy, so this is not a big surprise.

• Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible

  • This is concerning, but it is unclear the degree to which this could impact things. Could theoretically cause a major economic disruption by automatically affecting the readers all at once. Iran is suspected, but I can’t help but recall many of Israel’s attacks on Iranian gas infrastructure over the last few years.

• Trump says he and Xi discussed cyberattacks and spying between US, China

  • “They’re talking about the spying. Well, we do it too,” the president said. “We spy like hell on them too.” - Trump

United Kingdom and European Union News

• Kaspersky Lab co-founder says FSB unit overseeing internet blocking has ‘no idea’ how networks work

• UK water company allowed hackers to lurk undetected for nearly two years, regulator finds

• UK moves to shield security researchers in cybercrime law overhaul

  • A great move by the UK. Security researchers are integral to how NATO and allies maintain cybersecurity.

• German political parties leave X: should other European politicians follow?

  • Good on German political parties. Canada must do the same. The Government of Canada remains on X. There is no longer a large Canadian audience on X, so maintaining a presence there simply shows the government’s lack of concern for digital policy and that it does not actually care about reaching Canadians through social media.

• UK fines water supplier $1.3M for exposing data of 664k customers

  • It’d be so cool if we actually had fines and penalties in Canada that were more than the cost of doing business.

• European Commission head pushes creation of new law delaying teens’ social media access

  • Laws seeking to universally destroy privacy for people in order to do the job of parents and prevent children from accessing social media are very in vogue right now.

• Council Implementing Regulation (EU) 2026/1078 of 11 May 2026 implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States

  • EU applies sanctions against Chinese and Russian cyber threat actors.

Other International News

• Microsoft’s massive Kenya AI data center would require switching off ‘half the country’ to meet power requirements, government says — $1 billion project stalls over capacity disagreements and lack of infrastructure (h/t Catalin Cimpanu)

• 201 arrests in first-of-its-kind cybercrime operation in MENA region

Canada Buys Watch

I am still building. I plan to soon post more Canada Buysonce I have the time to build out the monitoring system.

• Canada Buys: Security Control Centre IT Modernization Project

  • Royal Military College is looking for a replacement OT software-as-a-service solution.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Share