Australia’s DeWave is redefining brain-computer interfaces with an AI-powered EEG cap that decodes thoughts without surgery. While Neuralink drills into skulls, DeWave shows non-invasive tech can deliver real impact—raising big questions about access and the future of thought control.
AI-driven humanoids have turned factory floors into geopolitical battlegrounds. China is turbo-charging automation and redrawing alliances, while the U.S. scrambles to close the gap—placing the next era of diplomacy, defense, and economic power squarely in the decisive hands of intelligent machines.
Apple’s new research paper dismantles the myth of AI reasoning, revealing that models from OpenAI, Anthropic, and Google collapse under complex tasks. Released ahead of WWDC 2025, the findings challenge billion-dollar AGI claims and expose the industry’s most persuasive illusion.
A prominent feature includes the exposure of China's privatised cyber operations, where recent leaks from iS00N revealed extensive surveillance activities across Europe, Asia, and North America.
CyberScan Week kicks off in July with a robust lineup of headlines, highlighting significant advancements and challenges in cybersecurity. A prominent feature includes the exposure of China's privatised cyber operations, where recent leaks from iS00N revealed extensive surveillance activities across Europe, Asia, and North America.
This move marks a shift in Beijing's intelligence tactics, leveraging private firms to bypass traditional security protocols and rapidly meet emerging intelligence needs. Meanwhile, discussions on expanding the AUKUS defence pact to include Japan underscore both potential benefits and challenges, with Japan's advanced technology being a valuable asset yet raising concerns about cybersecurity vulnerabilities.
The week also sheds light on alarming cybersecurity alerts, with Rapid7 discovering that popular Windows productivity tools like Notezilla and RecentX have been compromised to deliver malware, posing significant threats to users. The Cybersecurity and Infrastructure Security Agency (CISA) has initiated the Secure by Design pledge, which over 150 software manufacturers have committed to, aiming to enhance cybersecurity from the initial design phase.
Additionally, government agencies from the US, Australia, and Canada are urging the transition of open-source software projects to memory-safe languages like Rust to mitigate vulnerabilities. These updates reflect the ongoing efforts and strategic concerns of political leaders to bolster cyber defence and resilience amidst rising cyber threats.
Recent leaks have unveiled China's increasing reliance on private hacking firms for offensive cyber operations, marking a significant shift in the country's intelligence tactics. The leaked documents from the Chinese firm iS00N revealed extensive activities, including surveillance of email accounts and monitoring of various targets across Europe, Asia, and North America.
This move towards privatisation is part of a broader expansion of espionage efforts targeting not only foreign governments and militaries but also dissidents, journalists, and businesses in critical sectors like defence and technology.
The privatisation trend, which gained momentum in the 2010s amid rising U.S.-China tensions and Xi Jinping’s aggressive policies, allows Beijing to rapidly expand its intelligence capabilities. The iS00N leaks highlight how private companies are being used to bypass traditional security clearances and quickly meet emerging intelligence needs.
Despite operational security lapses, these firms continue to play a crucial role in China's cyber strategy, reflecting the deep integration of private entities in national intelligence operations.
Expanding the AUKUS defence pact to include Japan could bring both big benefits and significant challenges. Formed in 2021 to counter China's influence, AUKUS focuses on defence projects like nuclear submarines and high-tech weaponry. Japan's advanced technology and strategic position would be valuable, but integrating them is complex.
Paul Myler, a senior Australian diplomat, mentioned that while AUKUS is open to collaboration with Japan, formal inclusion is not favoured by the U.S. Congress at this time.
Japan's early warning systems and nuclear expertise could enhance AUKUS's defence strategy, but there are concerns about Japan's cyber security vulnerabilities. Adding new members might also complicate the strict U.S. technology sharing rules. With possible political changes in the U.S., the future of Japan's involvement remains uncertain.
The U.S. State Department's efforts to ease technology transfer restrictions within AUKUS show progress, but many diplomatic, security, and political hurdles remain.
Cybersecurity firm Rapid7 has uncovered that widely-used productivity tools Notezilla, RecentX, and Copywhiz, developed by Conceptworld, have been weaponized to deliver malware. These tools, which are integral to many users for productivity enhancements, have been found to execute malicious software alongside legitimate programs when downloaded from the official Conceptworld website.
Rapid7’s investigation highlighted that the compromised installation packages for these tools were unsigned and had file sizes significantly larger than the legitimate versions, due to the inclusion of malware. The infected installers can steal browser credentials, cryptocurrency wallet information, log clipboard contents and keystrokes, and download additional malicious payloads.
The malware persists on infected systems through a scheduled task, re-executing the primary payload every three hours, posing a serious threat to users.
The Cybersecurity and Infrastructure Security Agency (CISA) has initiated the Secure by Design pledge, aimed at enhancing cybersecurity practices among software manufacturers. This pledge involves integrating security measures from the initial design phase rather than as an afterthought.
It focuses on enterprise software products and services, including on-premises software, cloud services, and software as a service (SaaS). As of June 2024, more than 150 software manufacturers, including major tech companies, have committed to this pledge, significantly improving product security across critical infrastructure sectors .
Lauren Zabierek, senior advisor for CISA's cybersecurity division, emphasised the importance of this initiative in fostering good security practices and trust among end-users. The pledge's scope extends to both IT and operational technology (OT), aiming to reduce vulnerabilities, enhance network observability, and encourage secure practices such as multi-factor authentication.
Zabierek highlighted ongoing efforts to develop an OT-specific pledge and the critical role of transparency and customer demand in driving security improvements. By promoting these practices, CISA aims to create a more resilient digital landscape, enhancing the security of critical infrastructure sectors reliant on software products and services .
Government agencies from the US, Australia, and Canada are raising concerns about memory safety issues in open source software (OSS). Many OSS projects rely heavily on code written in memory-unsafe languages, creating vulnerabilities that could be exploited by attackers. The joint guidance from CISA, the FBI, Australia’s Cyber Security Center (ACSC), and the Canadian Centre for Cybersecurity (CCCS) highlights the importance of addressing these memory safety concerns to protect both organisations and users.
An analysis of 172 projects from the Open Source Security Foundation (OpenSSF) found that over half contain code written in memory-unsafe languages, comprising 55% of their total lines of code. Notably, the largest projects, such as the Linux kernel and Chromium, are predominantly written in these languages.
The guidance also points out that even projects entirely written in memory-safe languages often depend on components that are not. "Mistakes, which inevitably occur, can result in memory-safety vulnerabilities such as buffer overflows and use-after-free," the guidance states. To mitigate these risks, the agencies recommend transitioning critical projects to memory-safe languages like Rust, which can offer performance comparable to traditional memory-unsafe languages.
Apple’s new research paper dismantles the myth of AI reasoning, revealing that models from OpenAI, Anthropic, and Google collapse under complex tasks. Released ahead of WWDC 2025, the findings challenge billion-dollar AGI claims and expose the industry’s most persuasive illusion.
Asia-Pacific faced over one-third of all cyberattacks in 2024, making it the world’s top target. From manufacturing breaches to talent shortages and rising ransomware, CNC investigates how a region of digital ambition became cybercrime’s global epicentre.
On May 30, 2025, Australia became the first nation to criminalize secret ransomware payments. Under the new Cyber Security Act, large organizations must report such incidents within 72 hours—marking a major step in the country’s quest to become a global cybersecurity leader by 2030.
Jensen Huang spearheaded Trump’s assertive AI strategy, driving Nvidia’s profits up 69% despite intense US-China tensions. Together with Elon Musk, Huang orchestrated landmark Gulf deals, embedding American tech globally, boosting Silicon Valley dominance, and sidelining China's AI ambitions.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
