Global Eye On …
AI: ONU lancia allarme su impatto ambientale e disuguaglianze | The Global Eye (Maria Eva Pedrerol)
Tech World
(Pierluigi Paganini – Security Affairs) This week, the Financial Times reported that Anthropic has placed approximately six “forward-deployed” engineers inside the National Security Agency to help the intelligence agency use Mythos, its most capable cyber model, for offensive operations. Two people familiar with the arrangement told the FT it would be useful for infiltrating networks in countries like China or Iran. Whether those engineers are involved in live operations, or only in customization and setup, remains unclear. The reported collaboration comes amid tensions between Anthropic and the U.S. government. The company is challenging Pentagon policies over military use of AI, and was labeled a “supply-chain risk” after refusing to allow its models to be used for mass surveillance or autonomous weapons programs. – Report: Anthropic Deploys Engineers to Support NSA Use of Mythos
(Pierluigi Paganini – Security Affairs) On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enough to be embarrassing. The Orchard pool is the newest and most advanced shielded transaction system in the cryptocurrency Zcash. Introduced in 2022, it allows users to send and receive ZEC while keeping transaction details private. It uses zero-knowledge proofs to validate transactions without revealing amounts or participants. The bug: a specific check that was supposed to validate transaction inputs wasn’t actually enforcing the rules it appeared to enforce. An attacker could have exploited the flaw to feed false inputs into that check and generate ZEC from nothing, with the zero-knowledge proof system blessing the fraudulent transaction as valid. “The vulnerability was present from Orchard’s activation in May 2022 until the emergency fix was deployed on June 1, 2026,” wrote Shielded Labs, the independent research and development organization behind Zcash. “Due to the privacy properties of Orchard and the nature of the bug, there is no definitive way to determine, using only cryptography, whether such exploitation occurred.” – Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
(Pierluigi Paganini – Security Affairs) Resecurity uncovered the Silent Ransom Group (SRG)’s Fast Flux network infrastructure and shares available intelligence with the cybersecurity community to disrupt their malicious activities and enable ISP/DNS providers to counter this threat. “Resecurity is the first to uncover the SRG’s Fast Flux network infrastructure and is sharing this intelligence with the cybersecurity community to disrupt their malicious activities and enable ISP/DNS providers to counter this threat.” reads the report published by Resecurity. – Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure – Security Affairs
(Pierluigi Paganini – Security Affairs) A threat actor tracked as PCPJack compromised 230 cloud servers across Amazon Web Services, Google Cloud, and Microsoft Azure and turned them into a covert email relay network. Hunt.io researchers discovered the operation because PCPJack accidentally left two directories on an internet-facing command-and-control server accessible without any password or authentication. “A complete 12-file toolkit, source code, compiled binaries, and deployment state, was sitting on an open HTTP directory with no authentication required.” reads the report published by Hunt.io. “The version 3 state file confirms 230 successful uploads and executions in a single deployment run in March 2026.”. The exposed folders contained source code, malware binaries, deployment logs, scanning tools, exploitation utilities, and a live Sliver command-and-control configuration. In short, the attackers left behind a detailed view of how the entire operation worked. – PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network
(Pierluigi Paganini – Security Affairs) SafeBreach Labs researcher Or Yair spent months trying to break Google’s Gemini voice assistant after Google patched the vulnerabilities he found in his previous research. The new attack class he developed, named Fake Context Alignment, exploits the trust users place in their own notification stream from WhatsApp, Slack, SMS, Signal, Instagram, and every other app that can drop a message on an Android device. The attack relies on an indirect prompt injection. When a user asks Gemini to read notifications, the assistant processes the content of incoming messages, including hidden instructions planted by an attacker. Google had already added protections against direct attempts to manipulate Gemini’s tools, but notifications created a new attack path. Because virtually any app can send a notification, the number of potential attack sources is enormous. The most concerning aspect is the social engineering potential. An attacker can trick Gemini into reading out a fake message that appears to come from a real person in the victim’s notifications. The attacker doesn’t even need to know the contact’s name beforehand. The malicious instruction simply tells Gemini to use the first real sender name it finds. This makes large-scale phishing attacks possible without any prior research on the target. – Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications – Security Affairs
(DigWatch) Ofcom has outlined its approach to enabling safe and secure AI adoption across the UK communications sectors it regulates and within its own work. The regulator said its approach is technology-neutral and outcomes-based, aligning AI oversight with its wider mission of making communications work for everyone while supporting innovation and growth. – Ofcom’s strategic approach to AI
(DigWatch) The European Union and India have concluded the first EU-India Tech Business Forum in New Delhi, advancing digital and trade cooperation under the framework of the EU-India Trade and Technology Council (TTC). The forum brought together businesses, policymakers, researchers, think tanks, and civil society to strengthen private-sector collaboration and identify opportunities for joint innovation. The forum was organised by the EU Delegation to India and Bhutan and India’s Ministry of Electronics and Information Technology, with support from industry organisations including the Federation of European Business in India and the National Association of Software and Service Companies (NASSCOM). – EU and India Host First Tech Business Forum in New Delhi to Strengthen Digital and Trade Cooperation | EEAS
(DigWatch) Mayo Clinic and Microsoft have announced a strategic collaboration to develop and deploy a frontier AI model designed specifically for healthcare. The initiative combines Mayo Clinic’s clinical expertise, de-identified health data, and longitudinal medical insights with Microsoft’s AI, cloud, engineering, and superintelligence capabilities. The model is intended to support a broad range of clinical reasoning and healthcare use cases by synthesising diverse clinical information. Mayo Clinic said it could support earlier diagnoses, more personalised treatment decisions, and improved patient outcomes. – Mayo Clinic and Microsoft collaborate to develop a frontier AI model for healthcare – Mayo Clinic News Network
(DigWatch) The European Commission has published a Strategic Roadmap for Digitalisation and AI in the Energy Sector, outlining how digital technologies could support a more resilient, competitive and secure European energy system. The roadmap outlines how digital tools and AI could help consumers and businesses reduce energy costs through greater efficiency, smarter energy consumption and improved management of electricity demand. It also highlights the role of digital technologies in supporting the integration of renewable energy into electricity grids. – Commission presents measures to digitalise Europe’s energy system while ensuring sustainable digitalisation – Energy
(DigWatch) The International Labour Organization has called for occupational disease prevention, mental health risks, AI, and climate change to become central elements of the European Union’s future workplace health and safety agenda. The intervention was delivered during a European Parliament hearing on the EU strategic framework on occupational safety and health after 2027. – Occupational disease prevention, mental health, AI, and climate change should shape future EU agenda on safety and health at work | International Labour Organization
(DigWatch) The UN Development Programme has launched a Blockchain Advisory Group to examine how blockchain technologies can support public systems, digital public infrastructure, and development outcomes. The group was launched in Paris on 3 June during Proof of Talk 2026, bringing together senior leaders from across the blockchain ecosystem. UNDP Associate Administrator Haoliang Xu chairs it. – UNDP launches Blockchain Advisory Group to explore blockchain for public good | United Nations Development Programme
(DigWatch) Europe’s banking sector must strengthen its operational resilience as AI transforms the cyber threat landscape and increases systemic risks, according to the European Central Bank (ECB). Speaking at a financial conference, Executive Board member Frank Elderson warned that technological disruption and geopolitical fragmentation are increasing pressure on financial infrastructure. The ECB said Europe’s reliance on external providers for technology, energy and financial services creates vulnerabilities that could expose critical functions to operational disruptions. While banks remain financially stable, their ability to maintain critical services during cyberattacks or system failures has become key to long-term competitiveness and stability. – Strengthening operational resilience for the age of AI
(DigWatch) A major international operation involving Meta, Microsoft, Coinbase, Starlink, and law enforcement agencies from several countries has disrupted large-scale criminal scam networks operating across Southeast Asia. The coordinated effort combined digital intelligence, financial investigations, platform enforcement, and real-world law enforcement action to target organised groups responsible for online fraud, investment scams, and other cyber-enabled crimes. – Leading Tech Companies and Law Enforcement Join Forces to Disrupt Criminal Scam Networks in Southeast Asia
(DigWatch) The US Securities and Exchange Commission (SEC) has released a draft strategic plan outlining its priorities for the coming years, with a focus on investor protection, market efficiency and capital formation. The agency is seeking public feedback on the proposal, which also highlights the growing importance of digital assets and emerging technologies within the financial system. – SEC.gov | SEC Publishes Draft Strategic Plan for Public Comment
(DigWatch) A new policy coalition has been launched in Washington to develop frameworks governing collaboration between government agencies and private companies on cyber operations, amid growing concerns that unresolved legal questions are limiting deeper cooperation. Venable’s Center for Cybersecurity Policy and Law established the Cyber Operations Policy Coalition this week. The coalition aims to bring together industry representatives, government officials, legal experts, academics and civil society organisations to develop policy frameworks for collective cyber defence. – New Washington initiative targets legal frameworks for collective cyber defence | Digital Watch Observatory
