Tech world
(Pierluigi Paganini – Security Affairs/Security & Surveillance) Tchap, the encrypted messaging platform developed by the French government for its civil servants and made mandatory last year, was breached on June 7. ANSSI, France’s cybersecurity agency, detected the intrusion. The vector was straightforward: someone compromised a user account and used it to access the platform. No sophisticated technical exploit, just a stolen account. The attacker claimed responsibility over the weekend before the French Digital Affairs Directorate (DINUM) made any official announcement. They said they got in through a social engineering attack targeting the education shard, specifically matrix.agent.education.tchap.gouv.fr. Their own description of what they found is the more alarming part: they claim to have scraped nearly 650,000 messages, information on over 73,000 accounts, including email addresses and device metadata, and over 13.5GB of documents and media files. – France’s Government Messaging App Tchap Got Breached
(Pierluigi Paganini – Security Affairs/Security & Surveillance) CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attacker write files outside the extraction directory using NTFS Alternate Data Streams. WinRAR fixed it in version 7.13 in July 2025. Nearly a year later, Trend Micro researchers published an analysis showing two separate Russia-linked APT groups, Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (UAC-0226), are still actively building new exploit samples and delivering fresh lure documents through it. The patch exists. The installations don’t have it. The mechanics of the flaw are worth understanding precisely. Victims receive a RAR archive, typically via spear-phishing email. They open it and see a decoy PDF, something that looks like a Ukrainian court summons, a Ministry of Defense registry, or a military equipment manifest designed to create urgency. In the background, with no warning and no additional user interaction, WinRAR silently writes hidden files to locations outside the extraction directory, including the Windows Startup folder. On the next login, those files execute automatically. – Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088
(Pierluigi Paganini – Security Affairs/Security & Surveillance) Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day. The flaw relies on a race condition that can provide attackers with SYSTEM-level privileges, allowing them to execute code with the highest permissions. The exploit was successfully tested on fully updated Windows 10 and Windows 11 systems running the June 2026 Patch Tuesday updates, showing that patched systems may still be vulnerable. – Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows
(DigWatch/Cybercrime, Governance) The process of developing a supplementary protocol to the UN Convention against Cybercrime has begun, with early state submissions already showing competing views over its scope and timing. The Ad Hoc Committee Secretariat invited preliminary written inputs on the possible scope, objectives and structure of a draft protocol supplementary to the Convention, also known as the ‘Hanoi Convention’. The mandate follows UN General Assembly resolution 79/243, which asked the Committee to negotiate a draft protocol addressing, among other issues, additional criminal offences. – UN Cybercrime Convention Protocol talks reveal competing visions | Digital Watch Observatory
(DigWatch/AI, Governance) The UK government will develop and test AI legal assistants as part of a broader set of technology initiatives aimed at reducing court delays and improving the efficiency of the justice system. The Ministry of Justice said the tools will support routine casework, including research and case analysis, before any possible use in the Crown Court. The AI legal assistants will be developed in collaboration with legal professionals and AI developers, with initial testing taking place in controlled environments. The government said the trials will help establish standards for the safe and ethical use of AI in legal settings and ensure any future systems meet the expectations of judges and legal practitioners before wider deployment. – AI tech ambition to deliver smarter justice for victims – GOV.UK
(DigWatch/AI, Security & Surveillance) Cybersecurity researchers have demonstrated an AI-powered computer worm capable of identifying vulnerabilities, generating attack strategies and spreading autonomously across networks. The study suggests that advances in AI agents could enable a new class of adaptive cyber threats capable of operating with minimal or no direct human intervention. The research, conducted by teams from the University of Toronto, Vector Institute, University of Cambridge, and ServiceNow, describes malware that uses large language models to tailor its behaviour to each target. Unlike traditional worms, the system can adapt its attack methods in real time instead of relying solely on pre-programmed exploits. – AI Agents Enable Adaptive Computer Worms
(DigWatch/AI, Frontiers) Apple has unveiled the next generation of Apple Intelligence at WWDC26, introducing a significantly upgraded Siri designed to provide deeper personal context awareness, broader app integration and more advanced conversational capabilities. The new assistant can search across messages, emails and photos, answer questions about on-screen content and access web information to provide more up-to-date responses while maintaining Apple’s privacy-focused approach. – Apple unveils next generation of Apple Intelligence, Siri AI, and more – Apple
(DigWatch/AI, Frontiers) A Stanford Medicine pilot study has found that an AI-powered tool can help doctors prepare hospital discharge summaries while easing cognitive burden and reducing reported burnout. The in-house system, known as MedAgentBrief, was designed to condense complex patient histories into draft discharge summaries for physician review. Discharge summaries are essential for continuity of care, but can be time-consuming because doctors must summarise days or weeks of clinical information for outpatient providers. – AI could ease the burden of hospital discharge summaries
(DigWatch/AI, Defense) The Kenya Defence Forces (KDF) has completed the Service Members Basic Artificial Intelligence Course 01/26, a training programme aimed at strengthening AI capabilities among military personnel. The course concluded with a graduation ceremony at the National Military Command Centre in Nairobi. Delivered by the Defence Intelligence Academy in partnership with the Moran AI and Cyber Centre of Excellence and other technology partners, the programme provided participants with foundational knowledge of AI and emerging technologies. The course aimed to equip participants with practical skills relevant to increasingly data-driven security and defence environments. – CAPACITY DEVELOPMENT IN ARTIFICIAL INTELLIGENCE – Ministry of Defence – Kenya
