The Weekly New Rewire is a survey of cyber or adjacent news stories that I read this past week (or recently). Please leave a comment if you think I missed anything.

Editor Notes:

• I have two new papers out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

  • Everything You Should Know About CAF Cyber Command

• Go sign Tanya Janca’s Secure-Coding Petition!

  • The article is finally out and can be read here.

Leave a comment

Share

Canadian News

• Edmonton police emails, documents provide new information on Canada-first AI facial recognition bodycam pilot

  • AI Facial recognition has been shown to produce false positives often, so this should be a major concern.

  • “The facial recognition model was supplied by Corsight AI, an Israeli company whose technology has reportedly been used for mass surveillance in Gaza.”

• AI firm Cohere in merger talks with Germany’s Aleph Alpha, sources say

  • This is pretty big news because Cohere is a Canadian AI darling that the Government of Canada has championed as a Canadian AI leader. Cohere has also loved to play up its Canadianness, so a merger with German company would upend a lot of the dynamics.

  • Cohere exec pledges AI firm will stay Canadian-headquartered amid merger reports

• Government of Canada introduces Level 1 of Canadian Program for Cyber Security Certification

  • For those unfamiliar, CPCSC is Canada’s answer to the Cybersecurity Maturity Model Certification. Originally, Canada wanted reciprocity, but it didn’t get it. Nevertheless, the program is still important. This is a big milestone as we steadily get closer to a defence industry-wide implementation.

    • Canadian Program for Cyber Security Certification Level 1 Self-Assesment

    • How to meet Level 1 Cyber Security Certification Requirements

    • Level 1 CPCSC Certification Scoping Guide

• Kepler to lead testing of European Space Agency’s high-speed data network

  • Toronto-based Kepler Communications will be the prime contractor for the ESA’s HydRON ELement 3. There’s been a lot of Canada-European engagement on space, particularly space communications. I wouldn’t be surprised if this is the start of wider industry moves.

• From last week, but activities continued to this week: CAFCYBERCOM participates in Latvia-led Threat Hunt Workshop in Riga

• QNX and TKMS Collaborate to Bring Canadian Software Innovation to Global Naval Defence Programs

  • TKMS has partnered with QNX, a division of Blackberry, fo collaboration in support of Canada’s submarine program

• MDA Space Unveils Space Control Platform MDA Midnight, Designed to Defend and protect the Space Domain

  • MDA has a VERY interesting new platform that raises questions:

    • On-orbit inspection and reporting of satellite status

    • Electronic counter measures detection, attribution and mitigation

    • Rendezvous and proximity operations, cooperative satellite capture and release

    • De-orbiting of a customer’s non-operational asset

• Canada launches national initiative to build large-scale AI supercomputing capacity

• Wealthsimple bets on X and Canadian users aren’t happy

  • I honestly cannot imagine this was done with any understanding of the limited number of Canadians who still use Twitter.

• Canada and European Space Agency sign General Security of Information Agreement

  • These agreements usually precede greater levels of cooperation between organizations/countries.

• Canadian Centre for Cyber Security launches Critical infrastructure resilience and escalated threat navigation initiative

  • “The Critical Infrastructure Resilience and Escalated Threat Navigation (CIREN) initiative to drive immediate preparedness across organizations to reinforce and protect Canada’s sovereignty and essential services.”

• Canada-Finland Joint Statement on Sovereign Technology and AI Cooperation

  • I’d argue that a quantum-focused agreement would be even better for Canada and Finland. Quantum is included in this, but is just one part of a large whole.

• Government of Canada invests in Francophone and bilingual digital health innovation

• Alberta creates Cyber Crime Task Force: Protecting Albertans from cybercriminals

  • Cyber crime is one of the most pervasive crimes that affect all Canadians, so establishing it as a central priority is good for protecting Canadians and is good politics.

• British Columbia Launching AI Pilot Project: Disrupting the illicit drug trade with first-in-Canada technology

  • BC is launching a pilot project to use AI for “enhance police intelligence and understanding of toxic-drug supply patterns to help inform enforcement efforts and issue earlier warnings for bad batches of toxic drugs .”

• Privacy Commissioner of Canada appears before Parliamentary Committee to discuss potential privacy implications of the Canada-China Preliminary Joint Arrangement on the Electric Vehicle Sector

  • Privacy Commissioner says new privacy laws are needed. The context was about the incoming electric vehicles from China, but really, the concerns about privacy and cybersecurity with Chinese electric vehicles are just as much of an issue with North American-built electric vehicles.

• Canada must move quickly to address AI-related cybersecurity risks, Macklem warns

  • Bank of Canada Governor warns about looming risks to cybersecurity due to AI like Claude’s Mythos.

• Canadian banks, regulators discussed Mythos AI, minister to meet with Anthropic

  • Solomon says Canada can withstand such risks, but I trust anything Solomon says as much as I trust any snake oil salesman.

Canada-Relevant News

As many issues don’t respect borders, this section is for stories that impact Canada, but may not be Canadian-sourced or focused, to differentiate from the previous section, which is 100% focused on Canada

• Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators

• Rockstar Games Hacked, ShinyHunters Threaten A Massive Data Leak If Not Paid Ransom

  • Unclear if this will affect the release date of GTA 6.

• Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit

• The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought

  • “Nearly 90 schools and 600 students around the world impacted by AI-generated deepfake nude images” - Keep in mind this is only verified and reported, the problem is significantly much worse than this.

• We’re only seeing the tip of the chip-smuggling iceberg

• Booking.com Confirms Data Breach as Hackers Access Customer Details

  • No payment data accessed, but customer information was exposed.

  • Booking.com breach gives scammers what they need to target guests

    • Good article from MalwareBytes on potential impact.

• Ransomware reaches elevated ‘new normal’ as attack volumes hold steady into 2026, reshape baseline risk expectations

• Understanding security warnings when opening Remote Desktop (RDP) files

  • Windows will begin to show warnings when remote desktop connection files are opened. This is great news, but also what took them so long?

• The RAM shortage could last years (h/t Catalin Cimpanu)

  • Although many organizations have already adjusted, I feel like we’re only seeing the tip of the iceberg when it comes to RAM shortages. Massive demand for AI is putting pressure on RAM producers, who cannot keep up. Additional fabrication capacity will not be online until 2027, and I don’t think it will be sufficient to meet current demand, which is likely to continue increasing.

• Internet Protocol Version 8 (IPv8)

  • IPv6 traffic has crossed 50%, so it is time to think about the future.

Canadian Cyber Threat Intelligence

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Google Search to classify ‘back button hijacking’ as spam

• How often do threat actors default on promises to delete data?

  • This is a few weeks old, but a great article that I want to highlight.

• ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

• Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

  • Easier to do this than to take over open-source projects.

• Vercel April 2026 security incident

  • Cloud provider hit by ShinyHunters

• Ransomware Group shinyhunters Hits: The Canada Life Assurance Company (canadalife.com)

  • Major Canadian life assurance company hit by Shinyhunters.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research, Op-Eds, and Events

• More than 60% of Australian children still using social media despite ban for under-16s, research shows

  • The Liberal Party is interested in a ban and should pay attention to how it doesn’t work.

• To build a modern Canadian defence sector, make SMEs cybersecure

  • Op-ed by Charles Finlay of Rogers Cybersecure Catalyst and Daniel Blanc, former Chief of Staff of CAFCYBERCOM

• EVENT: 23rd Annual International Conference on Privacy, Security & Trust (PST) to be held in Ottawa, Canada

  • To be held August 26 - 28. Submission deadline is passed, but should be an interesting conference.

• The Risk of Making Offensive Cyber the New Shiny Silver Bullet

  • The direction many NATO countries are considering does not have modern precedence and has a lot of preconceived notions.

• Parliamentary Meetings of Note:

  • April 21: Senate Transport and Communications Committee - Examine and report on the opportunities and challenges of artificial intelligence (AI) in the information and communication technology sector

  • April 22: Senate Transport and Communications Committee - Examine and report on the opportunities and challenges of artificial intelligence (AI) in the information and communication technology sector

United States News

• FCC Selects New Lead Administrator for U.S. Cyber Trust Mark Program (h/t Eric Geller)

  • The FCC selected ioXt Alliance to oversee its Internet of Things labeling program

• The White House is expanding the market for offensive cyber capabilities — and drawing more of the private sector into that ecosystem — even as policy boundaries around their use remain unclear

  • The White House has had they aren’t interested in cyber letters of marquee, but there are still major changes underway in how the US uses and cooperates with the private sector to counter cyber threat actors.

• Missouri town fires half its city council over data center deal

  • Yes we need data centres, but governments at all levels must recognize the harm that they can do to local ecosystems and communities and do consultation.

• The FCC just saved Netgear from its router ban for no obvious reason

  • There were already some concerns that this would lead to corruption and this is not quelling those concerns.

• Drivers sue San Jose over nearly 500 police cameras used to track drivers across the state

  • This has the potential to establish a lot of precedence regarding private surveillance.

• Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme

  • I have yet to see any specific reports about Canadian firms hiring North Korean fake IT workers nor anyone assisting them apart from general warnings about North Korea, although this just means it has yet to be reported.

• Maine passes first-in-nation freeze on big data centers

  • Although temporary, this is pretty big and likely to lead to similar legislation.

• White House Works to Give US Agencies Anthropic Mythos AI

  • Remember, just a few weeks ago, Anthropic was being labelled a supply chain risk?

• Cargo thieving hackers running sophisticated remote access campaigns, researchers find

  • Criminal hackers helping organized crime with cargo thefts.

• Scoop: NSA using Anthropic’s Mythos despite blacklist

  • Almost like the current US administration’s words are hollow and they can’t be trusted.

• Cyberattack targets city of Tallahassee; official says no data compromised

• Justice Department refuses to assist French probe into Musk’s X, WSJ reports

  • US Justice Department claims child sexual abuse material constitutes free speech.

• Parents Decide Act: Mandatory Age Verification for Operating Systems

  • This would require operating system providers to verify the age of all users.

United Kingdom and European Union News

• 500 million euro warship found with 5 euro gadget

  • Dutch ship tracked via cheap bluetooth tracker.

• European civil servants are being forced off WhatsApp

• How Big Tech Lobbied the EU to Hide Data Centers’ Environmental Toll

• Brussels launched an age checking app. Hackers say it takes 2 minutes to break it.

  • Governments increasingly want to strip the average person of privacy to avoid responsibility for regulating social media, but they are putting so little effort into implementing these bans that it’s making everything worse.

• Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies

Other International News

• Hospitals face cyberattacks as Korea underfunds medical data security

  • Republic of Korea is very much like Canada and other Western countries in underfunding cybersecurity in healthcare.

• New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments

• Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant

  • Russia has been stepping up cyber attacks on critical infrastructure over the past few years.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.