Daily Digest

AI, ISO & Cyber News — 7 July 2026

·12 stories

Today's digest spans a leadership change at NIST, fresh ISO certifications on both the AI and information-security fronts, France's decisive move on post-quantum encryption, and a cluster of serious vulnerabilities — including a guest-to-host escape in the Linux KVM hypervisor and critical authentication bypasses in privileged-access tooling. Each story below is summarized in our own words, with a link to the original reporting.

AI

Microsoft begins its financial year with about 4,800 layoffs

Microsoft is cutting around 4,800 jobs — roughly 2.1 percent of its workforce — as it begins its new financial year, The Verge reports. The move comes about a year after a larger round in which the company cut around 9,100 employees.

Source: The Verge

Solos drops the cameras from its new AI smart glasses

Solos announced the AirGo A6, a lighter version of its smart glasses that forgoes cameras in favor of a sleeker design and a voice-driven AI assistant, The Verge reports. Last year's AirGo A5 weighed 36 to 40 grams depending on frame style, and the new model is available in multiple designs including several transparent color options.

Source: The Verge

ISO Standards

HCLTech certifies its AI management system against ISO/IEC 42001

HCLTech has achieved ISO/IEC 42001:2023 certification, which the company frames as demonstrating leadership in responsible AI, according to reporting. ISO 42001 is the certifiable management-system standard for artificial intelligence, and certification signals a documented, independently audited approach to AI governance.

Source: TheWire.in

Wi-SUN utility mesh networking spec ratified as an ISO/IEC/IEEE standard

The Wi-SUN Alliance's field area network specification for utilities mesh networking has been ratified as ISO/IEC/IEEE 32857:2026, according to industry reporting. The endorsement gives the smart-utility networking specification formal standing as an international standard.

Source: Bisinfotech

GMV extends its ISO 27001:2022 ISMS scope to UK operations

Technology group GMV has extended the scope of its ISO/IEC 27001:2022-certified information security management system to cover its UK operations, per a company announcement. Scope extensions bring additional business units under the same independently audited ISMS.

Source: WebWire

IT Governance

Arvind Raman confirmed as the 18th director of NIST

Arvind Raman has been confirmed as the 18th director of the U.S. National Institute of Standards and Technology, NIST announced. Raman joins the agency from Purdue University, where he served as dean of engineering.

Source: NIST News

Cybersecurity

BeyondTrust patches critical auth bypasses in privileged-access products

BeyondTrust has released updates for two critical vulnerabilities in its Remote Support and Privileged Remote Access products that could allow unauthenticated attackers to take control of susceptible devices, The Hacker News reports. One of the flaws, CVE-2026-40138, is a pre-authentication issue carrying a CVSS score of 9.2.

Source: The Hacker News

'Januscape' KVM flaw lets guest VMs corrupt the host on Intel and AMD

A use-after-free vulnerability in Linux's KVM hypervisor — dubbed Januscape and tracked as CVE-2026-53359 — can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel, The Hacker News reports. Described as sixteen years old, the flaw sits in shadow MMU code shared across Intel and AMD x86 systems, and a public proof-of-concept panics the host.

Source: The Hacker News

When AI writes your code, the supply-chain question changes

The Hacker News examines how software supply-chain security shifts when AI joins the build pipeline, arguing that the field's defining question — what is in your code? — no longer captures the full risk. The piece revisits the lessons of SolarWinds, Log4Shell, and XZ Utils as it frames the threat model for AI-generated code.

Source: The Hacker News

Privacy

France will stop certifying encryption that isn't quantum-safe

France's cybersecurity agency ANSSI said it will stop certifying security products that lack quantum-resistant encryption, a move that will push government bodies and critical operators to shift away from older systems, as covered by Schneier on Security. The agency's chief of staff, Samih Souissi, discussed the accelerated post-quantum transition.

Source: Schneier on Security

Google sues a phishing-as-a-service operation that abuses Gemini

Google has filed a lawsuit against a group it calls Outsider Enterprise, which according to the company's legal filing operates through Telegram and sells phishing-as-a-service to customers who lack the skills to build fraudulent websites and text campaigns themselves, as covered by Schneier on Security.

Source: Schneier on Security

Quality

Korean health-screening group KMI earns quality control certification

KMI has earned a quality control certification covering its health screening services, The Korea Herald reports. Certifications of this kind provide external assurance that documented quality controls are in place across an organization's operations.

Source: The Korea Herald

Frequently Asked Questions

What is ISO/IEC 42001 and why are companies getting certified?

ISO/IEC 42001:2023 is the first certifiable management-system standard for artificial intelligence. Certification signals that an organization runs a documented, independently audited AI management system covering governance, risk, and impact assessment — increasingly a differentiator as AI regulation tightens.

What does France's post-quantum encryption move mean for organizations?

France's cybersecurity agency ANSSI says it will stop certifying security products that lack quantum-resistant encryption. For government bodies and critical operators that depend on certified products, this effectively starts the clock on migrating away from classical-only cryptography.

How serious is a guest-to-host escape in a hypervisor?

It is one of the most severe classes of virtualization flaws: code running inside a guest virtual machine can affect the host that runs it, potentially impacting every other workload on that machine. Cloud providers and anyone running multi-tenant virtualization typically treat such flaws as patch-immediately events.

Explore Courses on Udemy

Intermediate

Human-Centered AI (HCAI)

Intermediate

Risks and Cybersecurity in Generative AI

Intermediate

Securing GenAI Systems

Intermediate

Social Engineering with Generative AI (GenAI)

Intermediate

ISO/IEC 42001: Artificial Intelligence Management System

Intermediate

Implement ISO 42001 Step by Step With Templates

Intermediate

Implement Vulnerability Management Step by Step

Intermediate

NIST Cybersecurity Framework (CSF) 2.0 Core

Beginner

ISO 9001:2015 Foundation by Example

Intermediate

ISO 27001 Certification Process — A Step-by-Step Guide

Intermediate

ISO 27001:2022 Implementation Step by Step with Templates

Summaries are written by Standarity from publicly reported news; each item links to its original source. Facts belong to the linked publishers. Something off? Let us know.