The Weekly New Rewire is a survey of cyber or adjacent news stories that I read this past week (or recently). Please leave a comment if you think I missed anything.

Editor Notes:

• I have a new paper out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

• Go sign Tanya Janca’s Secure-Coding Petition!

  • The article is finally out and can be read here.

Leave a comment

Share

Canadian News

• Spark Microsystems secures additional $17 million in Series B funding

  • Spark specializes in next-gen short-range wireless communications.

• Online Privacy at Stake in Cambridge Analytica Supreme Court of Canada Case

• Cohere teams up with Swedish defence firm Saab on AI for surveillance jets

  • Canadian AI darling Cohere is starting to make increasingly big moves into defence.

• Canadians Split on AI Data Centres as Cost Concerns and Local Opposition Emerge

  • New data from Abacus Data concerning Canadian attitudes towards AI data centres, which can likely be applied to data centres broadly despite there unique differences as the public is unlikely to care about the distinction when they both have massive impacts.

    

• Federal government worried extremists recruiting through video games

  • They are, but it’s a multi-prong issue. Toxic gaming culture is super prevalent that encourages extremist views and takes, which makes individuals predisposed to be influenced.

• PC MLA says hackers accessed and shared intimate images on his devices

  • I am honestly surprised this does not occur more often, but I'm glad the MLA didn’t pay and is working with police and the RCMP.

• Canada rejected her permanent residence application. Her job duties were made up — by Immigration’s AI reviewer

  • This is just the start. More is to come as the CRA is experiencing MASSIVE cuts and will be investing significantly into AI.

• Updated statement on proposed changes to Ontario’s Freedom of Information and Protection of Privacy Act

  • Ontario’s Privacy Commissioner updates their statement on the Ontario government’s attempts to exempt the premier and high levels of provincial government from freedom of information requests.

  • This is a great statement and really goes to the heart that Doug Ford is trying to hide what he is doing and prevent accountability. Doug Ford hates transparency and doesn’t want to be held accountable for his activities.

• CoolIT sold to Ecolab for $4.75-billion in one of biggest-ever Canadian tech takeovers

  • Oh look, another Canadian company sold to American company. Bought by private equity, no less. Guess that means we should start counting until another private equity firm destroys a company.

• Joint guidance on securing space and cyber security for low earth orbit satellite communications

  • Canada’s CCCS joins Australia, New Zealand, and the United States.

• Cohere launches an open-source voice model specifically for transcription

  • A nice move by Cohere. I’ll hold off until third-party verification of how good their model is, but with so many transcription models out there for voice-to-text, many are bad. Cohere is releasing an open source model based on Cohere’s tech and work, this could be great for those with disabilities, like myself, who use transcriptions of other people’s speech to help them.

• OpenText lays off four percent of its global workforce

• Denvr signs two defence deals to deepen sovereign AI push in Canada

  • Deals signed with Dominion Dynamics and Sapper Labs. Sapper Labs is pretty well known in Canada's cyber defence scene, so this automatically catches my eye.

• Can­ada’s banking regulator gives itself substandard score on cybersecurity

  • I provided some comments for this story.

• CAF and Five Eyes partners advance Cyber Mission Assurance in pre-RIMPAC 26 tabletop exercise

  • CAFCYBERCOM is doing a lot in the Indo-Pacific.

• Government of Canada invests $3.6M in defence sector with support for Université du Québec en Outaouais

  • A big part of this will be going towards cybersecurity range. I should likely map out how many cyber ranges there are in Canada. Just a few years ago, I would likely count on one hand, but now I feel like there’s been a major boom in just the last couple years.

• Nova Scotia Power agrees to beef up security after customer data breached

  • They are responding to a compliance letter from Canada’s privacy commissioner.

• Prime minister commits more than $3B for defence projects in the Maritimes

  • A significant part of this will be cyber, information, and communications technology related.

• Bill C-25: Government of Canada introduces measures to further protect Canada’s electoral processes and strengthen democracy

  • A few cyber-related aspects of this new bill. Includes privacy policy requirements and requirement to disclose data breaches, and bans deepfakes.

  • Read the full Bill C-25 here

• Final report from the second Financial Industry Forum on Artificial Intelligence (FIFAI 2) now available

  • Final report for the forum held last year.

• Competition Bureau’s experts available to discuss AI-generated government impersonation scams with media

  • Appears competition bureau is increasingly concerned about AI-generated government scams.

• Canada and India Advance Dialogue on Digital Trade and Bilateral Economic Agreement

  • Includes digital trade.

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• NIST updates Secure Domain Name System (DNS) Deployment Guide

  • First update in a decade! As they say, it’s always DNS.

• If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident (H/t Catalin Cimpanu)

  • Very interesting case of a cyber threat actor targeting a health care provider and taking considerable effort to redact patient data. Even offering Woundtech to redact the data themselves.

• Ransomware gang exploits Cisco flaw in zero-day attacks since January

• ‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

  • More technical reporting on the Coruna exploit/toolkit

• GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

  • Github/open source attacks. So hot right now.

• GitHub adds AI-powered bug detection to expand security coverage

  • And in response Github is trying to beef up their security

• The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

• CISA orders feds to patch max-severity Cisco flaw by March 22

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research, Op-Eds, and Events

Compliance is Cash - Where to Begin with CPCSC

Alexander Rudolph

·

Mar 10

Read full story

• Canada needs a secure-coding policy — and AI is making that more urgent

  • My new op-ed about the need for a secure-coding policy.

• M-Trends 2026: Data, Insights, and Strategies From the Frontlines

  • Dwell time increases as hand-off window “collapses” to 22 seconds. A lot of concerning trends, however, one positive trend is detections are up.

• Can Canada ever have true digital sovereignty?

  • Good op-ed, which really gets to the heart of current debates: “When in doubt, remember that sovereignty is determined by which court can compel the access of data, not where that data is ultimately stored.”
    

• The Defence Industrial Strategy’s initial spending is not as Canadian as hoped

  • Some good research by ana anlyst from the Canadian Shield Institute.

• Sycophantic AI decreases prosocial intentions and promotes dependence

  • Some great research on impacts of the use of certain types of AI models

• International Defence Industry Exhibition (MSPO 2026)

  • Apply to join Canadian delegation to Europe’s third largest defence and security trade show.

• Rogers Cybersecure Catalyst held a Defence Sector 101 catered for cyber and dual-use technology sectors.

United States News

• FCC Updates Covered List to Include Foreign-Made Consumer Routers

  • The FCC basically just banned all consumer routers not made in the United States. This will be a major disruption.

• State Department launches effort to counter cyberattacks, AI risks from Iran, others

  • Just in case you forgot that the United States is run by the biggest of idiots: In July 2025, the State Department began to dismantle their Bureau of Cyberspace and Digital Policy.

• Google launches threat disruption unit, stops short of calling it ‘offensive’

  • Although we’re not likely to see cyber letters of marquee, we’re going to see private actors getting into “disruption.”

  • An explanation from one of the heads of Google Threat Intelligence”

    

• Stryker says malware was involved in recent cyberattack as production lines reopen

  • Stryker originally said malware was not used, so it is now unclear to what degree Stryker is releasing information for PR reasons versus what information is about the attack.

• Crunchyroll confirms data breach after hacker claims unauthorized access

  • The attack stole customer service ticket information via a third-party vendor, which makes me suspect they may use this data to target customers.

• When Satellite Data Becomes a Weapon

  • Focused on the US, but this is universal and impacts Canada a lot.

• Using a VPN May Subject You to NSA Spying

  • The logic here is sound whereby the US is actively encouraging its citizens to use foreign VPNs to enable greater surveillance of their citizens.

• Iran-linked group claims hack of FBI Director Kash Patel

  • Handala has claimed responsibility, who are also the ones behind the Stryker attack.

  • FBI confirms theft of director’s personal emails by Iran-linked hacking group

• The “Internet YIFF Machine” leaks millions of “anonymous” tips to DDoSecrets

  • Anonymous tip line for police leaked.

• America goes on cyber-offence

  • Economist article about the US’ new cyber strategy and Iran.

• A School District Tried to Help Train Waymos to Stop for School Buses. It Didn’t Work

  • Businesses argue that their technology should be exempt from laws while humans continue to suffer.

United Kingdom and European Union News

• Russia-linked malware operation collapses after security failures, developer’s arrest

• Vulnerability in German CampusNet:Addresses of over one million students exposed online

• Russia arrests alleged owner of cybercrime forum LeakBase, report says

  • Russia arresting cyber criminals is still relatively rare as many will cooperate with Russian intelligence services and police, but this uneasy alliance has been strained in recent years.

• ‘Dangerous’ AI child sexual abuse reaches record high as public backs clampdown on ‘uncensored’ tools

  • Internet Watch Foundation identified over 8,000 AI-generated videos and images of child sexual abuse in 2025. How much of this was Grok?

• Chinese Partnerships With European Universities Stir Security Concerns

  • Funny how China is okay with Europeans sharing/bringing research to China, but doesn’t want Chinese researchers sharing research or threat information with anyone outside of China.

• Ukrainian drones hit all three Baltic States − did Russia redirect them?

  • Cyber Electro Magnetic Activities (CEMA) is the name of the game now for militaries. It is why CAFCYBERCOM commands electronic warfare in addition to cyber.

• Elon Musk loses big in court; X boycott perfectly legal

  • Musk’s efforts to stiffle free speech and association fails and said to be a “fishing expedition.” Just a reminder that Musk profited off of CSAM. Yet, MInister of AI Solomon still believes X is a reputable platform.

• Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware

• The Not so Great Firewall of Russia to increase capacity by 2.5 times by 2030

  • Russia is slowly moving towards a similar domestically controlled information space and internet as China.

• Poland faced a surge in cyberattacks in 2025, including a major assault on the energy sector

  • Led by Russia and increasingly includes destrutive attacks.

Other International News

• Hackers breach South Korea’s top lender subsidiary, leak customer data

• WTF: Police responded on Saturday night due to a zero-day

• Self-propagating malware poisons open source software and wipes Iran-based machines

  • A self-propagating backdoor in open source software that likes to deploy a data wiper on Iranian computers. Sounds like Israel to me.

• ‘GEO’ Services Are Flooding the Chinese Internet With Misinformation (h/t Catalin Cimpanu)

  • “Generative engine optimization, or GEO, to manipulate AI models, distort search result rankings, and spread misinformation to achieve commercial goals such as product promotion.”

• National Cyber Authority: 50 Israeli companies ‘digitally erased’

  • The scope of cyber attacks related to conflict is never fully captured by mainstream media and you generally have to go to cybersecurity firms to understand the state of things. This can actually make things difficult because not all cybersecurity firms publish reputable information.

• Wikipedia Bans AI-Generated Content

  • Good.

• Statement from the Cybersecurity Tech Accord: Advancing International Alignment in Cybersecurity Regulation to Strengthen Collective Resilience

  • The Accord is calling on G7 and OECD to work together to better align regulations.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.