Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – April 27, 2026


Cyber Briefing

TODAY’S TOP 5

WHAT’S STALLING DATA CENTER PROJECTS?: For months, data centers have been a sole bright spot in a weak construction market. Now, developers chasing gigawatt data centers have found many projects are stalling before construction crews ever break ground. The reasons span from a lack of sufficient power for the electric-hungry behemoths to public opposition and, in an increasing number of regions, legislation aimed at slowing the roll of the data center boom, Utility Dive reports. Access to power is one key hurdle. The size and scale of these facilities has grown rapidly. A few years ago, a 100-megawatt lease would have been considered a massive build. Today, projects over 1,000 megawatts are setting the benchmark, said David Guarino, head of global data center and tower research at Green Street, a Newport Beach, Calif.-based commercial real estate data provider.

  • Maine Gov. Janet Mills on Friday vetoed a hallmark bill that would have halted the construction of large data centers in the New England state for 18 months, NBC News reports. The governor was debating whether to sign the bill, let the bill become law without her signature or veto the legislation after the state Legislature passed the law last Tuesday. The bill was the first data center moratorium in the nation to successfully make its way through both chambers of a state legislature.
  • House Energy and Commerce Democrats are offering cautious backing to legislation up for a hearing this week that would tackle surging data center power demand — but warn the GOP can’t address the problem without bipartisan buy-in, E&E News reports. The Energy Subcommittee hearing will consider bills aimed at shifting the costs of booming data center demand onto developers rather than consumers, while also strengthening the grid to handle rising electricity needs. The push marks a notable shift for Hill Republicans, who have previously questioned whether federal legislation on data centers is necessary given the issue often falls to state and local governments.
  • The race to secure electricity for AI models has reached new heights: Meta has signed an agreement with the startup Overview Energy that could see a thousand satellites beam infrared light to solar farms that power data centers at night, TechCrunch reports.

25,000 GROUND ROBOTS TO THE FRONT LINES: Ukraine will contract 25,000 unmanned ground vehicles in the first half of 2026, more than double the 2025 total, as the Defense Ministry moves to shift all frontline logistics off soldiers and onto robots, Defense News reports. Defense Minister Mykhailo Fedorov shared the target after meeting with domestic UGV manufacturers last week, where he also announced that the ministry had already begun signing contracts for 2027 to stabilize long-term manufacturer pipelines. “UGVs perform important logistics and evacuation tasks on the front line,” Fedorov wrote in a Facebook post on April 18. “In March alone, the military carried out more than 9,000 missions using them.” 

  • Ukraine’s increasing use of drones in its defense has received a great deal of attention as Russia’s invasion has dragged on. While most of this has focused on aerial and maritime drones, the army’s use of ground robotics has been a quieter story — but one with growing significance. Military ground robotics are rapidly transforming battlefield tasks. However, for the foreseeable future, their greatest impact will be in supporting roles rather than directly replacing infantry soldiers. So, while this capture of the enemy position by robots is a milestone moment, it shouldn’t be over-interpreted, Jacob Parakilas writes at RAND.

IRAN’S ‘LOW AND SLOW’ CYBER OPS: After the Cybersecurity and Infrastructure Security Agency issued an advisory that said Iranian-linked cyber actors were looking to “cause disruptive effects within the United States,” the U.S. has been bracing for a major cyberattack against its critical infrastructure. But officials and cybersecurity experts told reporters on Friday that the more likely threat is not a digital shock-and-awe campaign, but something quieter: opportunistic intrusions, dressed up to look bigger than they are, The Record reports. Speaking at the Asness Summit on Modern Conflict and Emerging Threats in Nashville, former NSA director Tim Haugh and Kevin Mandia, a longtime cyber first responder and founder of a new AI cybersecurity venture, said Iran’s cyber operations have tended to rely less on novel capabilities than on exploiting basic security gaps — and then amplifying the results. “I’d probably draw an analogy right now, that Iran and Iran’s cyber capability is closer to a criminal actor,” Haugh said. “They’re going to do targeted opportunity [attacks] and then try to tie that to an information operation to make it big.”

CHINA’S PLAN TO WIN THE AI RACE IN SOUTHEAST ASIA: While the United States aims to become the global technological leader in artificial intelligence (AI), China has an industrial and commercial strategy to offer immediate benefits to Southeast Asian partners, John Lee writes at the Hudson Institute. For developing Southeast Asian countries desperate to secure immediate benefits from the AI revolution, Chinese offerings can be difficult to resist, even if American technology is more advanced. Merely pointing out to them that they risk becoming entrapped in a Chinese AI ecosystem will not be enough. This is part of a series of briefs on the United States-China technology competition in Southeast Asia and the implications for countries in the region. 

  • The military modernization and technological ambitions of the People’s Republic of China dominate headlines in Washington. Hypersonic missiles, AI breakthroughs, and an expanding navy are the visible symbols of competition with the Chinese Communist Party. But if the United States is serious about long-term competition, it should prioritize — or at least pay equal attention to — the Chinese Communist Party’s other weapon: united front, Cheryl Yu writes at War on the Rocks.
  • The New York Times reported in August 2025 that internal documents of GoLaxy (Zhongke Tianji), a Beijing-based technology company affiliated with the Chinese Academy of Sciences (CAS), revealed extensive artificial intelligence (AI)-enabled information operations targeting Western social media, Mareike Ohlberg writes at The German Marshall Fund. The documents, discovered and archived by Vanderbilt University’s Institute of National Security, provide an unusually detailed view into a Chinese company focused on social media monitoring and manipulation. This is not the only time that China’s bot networks have drawn public attention. 
  • For years, NASA employees and research collaborators thought they were simply sharing software with colleagues. Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers. Thanks to the NASA Office of Inspector General and federal partners, this long-running ruse was revealed — halting further spread of protected information to foreign adversaries.

GAO FLAGS DoD INDUSTRIAL SECURITY GAPS: In fiscal year 2025, the Defense Counterintelligence and Security Agency (DCSA) conducted over 4,600 security reviews. The agency also documented over 800 security violations (see figure) and over 1,000 open security vulnerabilities associated with cleared contractor facilities. To conduct its industrial security mission, DCSA relied on over 470 industrial security mission personnel and spent over $160 million in fiscal year 2025. DCSA has taken steps to manage risk with the industrial security mission. These include efforts to identify, assess, and respond to risk. However, DCSA has not addressed gaps to fully assess and respond to risks to its operational activities in line with DOD guidance on risk management, the Government Accountability Office reports. For example, DCSA has not identified and developed analytic capabilities to better support field operators’ assessments of risk at the regional level. With such capabilities, the agency could identify the most significant regional trends affecting its overall performance objectives. Further, DCSA began an initiative in 2019 — the National Access Elsewhere Security Oversight Center (NAESOC) — aimed at mitigating risk partly through the reduction of workload on regional officials. However, participants in all 12 of the focus groups GAO conducted reported on the center’s insufficient staffing, limited risk mitigation and industry dissatisfaction.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

A cyber incident can damage far more than systems and networks. It can also become a reputational crisis, especially when false or misleading narratives move faster than facts. In this episode of Cyber Focus, Frank Cilluffo speaks with Preston Golson of Brunswick Group about why organizations need to treat reputation as a vulnerability that can be tested, stress-tested and defended much like any other part of their cyber posture. Drawing on his work in cyber incident response and his earlier career at the CIA, Golson explains how misinformation and disinformation take hold, why many damaging narratives are foreseeable, and how companies can prepare before a crisis hits. The conversation explores red teaming, “prebunking,” unified crisis response and the growing importance of trust, credibility and AI-generated search results in shaping public perception. For leaders trying to manage cyber risk in a more volatile information environment, this episode offers a practical framework for thinking about reputation, crisis communications and resilience.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Artificial intelligence

OpenAI CEO Sam Altman ‘deeply sorry’ for failing to alert law enforcement to Canada school shooter’s ChatGPT account

OpenAI CEO Sam Altman has apologized to members of a Canadian community where a mass shooting took place earlier this year for not flagging the ChatGPT account of the shooter to law enforcement. “The pain your community has endured is unimaginable,” Altman wrote in a letter shared Friday on social media by the British Columbia Premier David Eby. “I have been thinking of you often over the past few months.” Eight people were killed in the Feb. 10 massacre in the small community of Tumbler Ridge in northeast British Columbia. (CBSNEWS.COM)

Breaches

ADT confirms data breach after ShinyHunters leak threat

Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. In a statement shared Friday, the company said it detected unauthorized access to customer and prospective customer data on April 20, after which it terminated the intrusion and launched an investigation. This investigation determined that personal information was stolen during the breach. (BLEEPINGCOMPUTER.COM)

Communications

Toronto police arrest three in Canada’s first mobile SMS blaster case

Canadian police have arrested three men in what authorities describe as the country’s first known criminal case involving the use of a mobile “SMS blaster,” a device capable of impersonating a cellular tower to send mass phishing messages and disrupt mobile networks. The Toronto Police Service said Thursday the investigation began last November after authorities were alerted to a suspicious device operating in downtown Toronto. Over the following months, police tracked the device moving through several locations across the Greater Toronto Area. Two suspects were arrested in March and authorities seized a large amount of electronic equipment, including several mobile SMS blasters. A third man turned himself in to police. (THERECORD.MEDIA)

Education

Why are top university websites serving porn? It comes down to shoddy housekeeping

Websites for some of the world’s most prestigious universities are serving explicit porn and malicious content after scammers exploited the shoddy record-keeping of the site administrators, a researcher found recently. The sites included berkeley.edu, columbia.edu, and washu.edu, the official domains for the University of California, Berkeley, Columbia University, and Washington University in St. Louis. (ARSTECHNICA.COM)

Energy

American utility firm Itron discloses breach of internal IT network

Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law enforcement authorities, and engaged external advisors to support the investigation and incident containment. “On April 13, 2026, Itron, Inc. was notified that an unauthorized third party had gained access to certain of its systems,” the company says says in an 8-K filing with the U.S. Securities and Exchange Commission (SEC). (BLEEPINGCOMPUTER.COM)

Tactics

Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitation

Cyber criminals are shifting away from high-volume “spray and pray” threat campaigns toward more targeted attacks to “maximize impact against fewer victims.” That’s according to new research from SonicWall, which recorded a 20% increase in the number of compromised organizations across the UK last year, even as broader ransomware volumes fell by 87%. SonicWall noted that smaller businesses are among those most likely to be targeted in “big game hunting” ransomware campaigns. Figures published by the firm show ransomware was used in 88% of SMB breaches, for example. (ITPRO.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Commercial

BlackFile group targets retail and hospitality with vishing attacks

Security researchers have revealed details of a new extortion group that has been actively targeting retail and hospitality businesses since February 2026. Palo Alto Networks’ Unit 42 teamed up with the Retail and Hospitality Information Security and Analysis Center (RH-ISAC) to publish a new report on April 23, Extortion in the Enterprise: Defending Against BlackFile Attacks. It detailed financially-motivated activity linked to the activity cluster CL-CRI-1116, which the authors said overlaps with public reporting on BlackFile, UNC6671 and Cordial Spider, and is likely to be associated with notorious collective “The Com.” (INFOSECURITY-MAGAZINE.COM)

Communications

Fake CAPTCHA IRSF scam and 120 Keitaro campaigns drive global SMS, crypto fraud

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is believed to have been active since at least June 2020, using methods like social engineering and back button hijacking in web browsers. As many as 35 phone numbers spanning 17 countries have been observed as part of the international revenue share fraud (IRSF) campaign. (THEHACKERNEWS.COM)

Malware

Researchers uncover pre-Stuxnet ‘fast16’ malware targeting engineering software

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper with results. It has been codenamed fast16. “By combining this payload with self-propagation mechanisms, the attackers aim to produce equivalent inaccurate calculations across an entire facility,” researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade said. (THEHACKERNEWS.COM)

Vidar malware conceals payloads in JPEG, TXT files to evade detection

Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses. First observed in 2018, Vidar now operates as a mature Malware‑as‑a‑Service (MaaS) with flexible delivery, multi‑stage execution, and strong data‑theft capabilities. Attackers weaponize trending topics and trusted ecosystems, including fake “Claude Code” repositories on GitHub and other developer platforms, to distribute Vidar under the guise of leaked tools or utilities. (GBHACKERS.COM)

Scams

Fake CAPTCHA scam abuses verification clicks to send costly international texts

Network security firm Infoblox has disclosed details on a long-running fraud operation that has been quietly draining bank accounts since at least June 2020. This scam uses fake CAPTCHA pages to carry out a specific type of cybercrime known as International Revenue Share Fraud, or IRSF. While most people see CAPTCHA as a boring but necessary way to prove they are human, the scammers behind this campaign have converted this process into a profit-making tool by tricking users into sending high-cost international text messages. (HACKREAD.COM)

Vulnerabilities

Firefox vulnerability allows Tor user fingerprinting

Researchers have discovered a vulnerability that could allow threat actors to fingerprint Firefox users, even in Private Browsing mode. The issue also affects the Tor anonymity browser, which is based on Firefox. The vulnerability, tracked as CVE-2026-6770, is related to the IndexedDB browser API, which is used for storing structured data on the client side. Firefox stores IndexedDB database names using internal UUID mappings, and when a website lists those databases, the order they come back in remains the same across different sites while the same browser process is running. (SECURITYWEEK.COM)

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. The flaw is identified as CVE-2026-41651 and received a high-severity rating of 8.8 out of 10. It has persisted for almost 12 years in the PackageKit daemon, a background service that manages software installation, updates, and removal across Linux systems. (BLEEPINGCOMPUTER.COM)

OpenClaw flaws expose systems to policy bypass attacks

OpenClaw, a rapidly adopted open-source autonomous AI agent framework, has released critical security updates to address three moderate-severity vulnerabilities. Found in npm package versions before 2026.4.20, these complex flaws expose systems to severe policy bypasses, unauthorized local configuration modifications, and critical API credential leaks. IT administrators and cybersecurity professionals are strongly advised to upgrade their agent deployments to the newly patched version 2026.4.20 immediately to secure their environments against these attack vectors. (GBHACKERS.COM)

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver. Zimbra is a popular email and collaboration software suite used by hundreds of millions of people worldwide, including hundreds of government agencies and thousands of businesses. The vulnerability (tracked as CVE-2025-48700) affects ZCS 8.8.15, 9.0, 10.0, and 10.1 and can allow unauthenticated attackers to access sensitive information after executing arbitrary JavaScript within the user’s session. (BLEEPINGCOMPUTER.COM)

Critical Gemini CLI flaw raises supply chain security concerns

Google has rolled out urgent security updates for its Gemini CLI and the accompanying GitHub Action to address a critical vulnerability. Tracked as GHSA-wpqr-6v78-jr5g, this flaw exposes continuous integration and continuous deployment (CI/CD) pipelines to Remote Code Execution (RCE) attacks. Improper handling of workspace trust and tool allowlisting allows malicious actors to compromise automated workflows, raising significant supply chain security concerns. (GBHACKERS.COM)

ADVERSARIES

China

China bans Meta’s acquisition of Manus on national security grounds

China has ordered that Meta Platforms’ $2.5 billion acquisition of artificial-intelligence startup Manus be unwound. China’s National Development and Reform Commission, which has the authority to review foreign investments, said today that it has banned the acquisition and ordered it to be rescinded on national security grounds. “The transaction complied fully with applicable law,” a Meta representative said in an email statement. “We anticipate an appropriate resolution to the inquiry.” (WSJ.COM)

DeepSeek slashes fees for new AI model in Chinese price war

DeepSeek is aggressively pitching low-priced-plans for its just-released flagship model, intensifying competition across a Chinese artificial intelligence industry trying to take on Silicon Valley’s best. The Hangzhou-headquartered AI lab is offering a 75% discount to developers using the DeepSeek-V4-Pro, released last week after months of anticipation. It’s also reducing fees for input cache hits across its family of AI platforms to a 10th of their original pricing, dramatically lowering costs for frequent users sending similar or repeated requests. (BLOOMBERG.COM)

The other China flash point

OPINION: If conflict does break out in the Western Pacific, it is more likely to erupt southwest of Taiwan, in the South China Sea, where numerous countries jostle over competing maritime claims and divergent visions of sovereignty, regional order, and international law. Beijing claims about 90 percent of the South China Sea, including waters off the coasts of Brunei, Indonesia, Malaysia, the Philippines, and Vietnam. Those five countries’ maritime claims—and Taiwan’s—also conflict with one another, but China’s claims and actions have been far more aggressive, including deployments of hundreds of ships, advanced missile systems, and combat aircraft to the coral reefs, rocks, and cays it occupies. (FOREIGNAFFAIRS.COM)

North Korea

North Korean hackers target pharma firms with malware-laced Excel attacks

North Korean state-backed hackers are using weaponized Excel-themed files to infect pharmaceutical and life science companies with malware, abusing Windows shortcut files, PowerShell, and cloud storage for stealthy data theft. The campaign begins with highly tailored spear‑phishing emails sent to drug manufacturers and related life science organizations. Messages typically reference legitimate‑sounding topics such as ERP specifications, production plans, or research documentation to appear relevant to corporate recipients. (GBHACKERS.COM)

Russia

Germany suspects Russia behind cyberattack on top officials

German officials suspect Russia is behind a cyberattack that targeted top German decision makers via the Signal messaging app, according to a government official in Berlin. Those affected by the so-called phishing campaign have been notified and the data leak from the attacks has been stopped, though authorities can’t rule out that others may have been affected, according to the official, who spoke on condition of anonymity in line with government protocol. Berlin’s assessment that the attack was orchestrated by the Kremlin was reported over the weekend by Der Spiegel. Two cabinet members, Building Minister Verena Hubertz and Family Minister Karin Prien, were affected, the magazine reported. Their spokespeople declined to comment. (BLOOMBERG.COM)

Russia is building tomorrow’s war machine

OPINION: For decades, Americans scoffed at Russia’s rigid, centralized military and its inability to adapt. That picture is dangerously out of date. After four years of war in Ukraine, Moscow has developed an impressive, pragmatic approach to military innovation that prioritizes what works over what is elegant, what scales over what is ambitious, and what delivers battlefield results over what impresses on paper. Russia is reshaping the future of warfare in real time, building artificial intelligence-enabled command and control and, it appears, deploying fully autonomous weapons without the ethical constraints that govern Western militaries. (NYTIMES.COM)

Russian Shahed drone maker recruiting for new unmanned systems brigade

An organization affiliated with Russia’s main producer of Shahed-type drones has launched a recruitment drive for a new unmanned systems brigade, promising young men the chance to earn risk-free cash while avoiding mandatory conscription. This campaign is part of Moscow’s larger effort to expand its drone forces, a top priority for the Russian military. Alabuga Polytech is a vocational training center that supplies workers — including teenagers and young foreign women — for a drone factory in Russia’s Alabuga Special Economic Zone, located in the Tatarstan region. (LONGWARJOURNAL.ORG)

GOVERNMENT AND INDUSTRY

Artificial intelligence

AI rush is reviving old cybersecurity mistakes, Mandiant VP warns

The rush to adopt AI in enterprise environments is not only creating new security vulnerabilities, but is also reviving old security failures, a top Mandiant executive has warned. Speaking to Infosecurity during Google Cloud Next 26, Jurgen Kutscher, VP of Mandiant Consulting, part of Google Cloud, said that AI deployment in enterprises is often accompanied by a neglect of basic security controls. “A lot of the old problems are new again,” Kutscher said. “We’ve seen enterprises really worried about new AI threats like large language model poisoning while forgetting the most basic security controls.” (INFOSECURITY-MAGAZINE.COM)


A formal model of how artificial intelligence erodes human agency

As artificial intelligence (AI) systems assume more decisionmaking roles in government, the economy, and society, a question emerges: Will humans retain the capacity to shape collective outcomes? Several theories suggest that, once human decisionmaking erodes past a certain threshold, the skills, institutions, and political standing needed to reclaim that decisionmaking capacity may no longer exist. However, no widely accepted metrics exist for tracking this erosion. In this report, the authors draw on social choice theory to develop a formal model of how AI erodes collective human agency; they also model decisionmaking in terms of coalitions and propose quantitative metrics for tracking shifts in the distribution of decisionmaking power to identify the point beyond which those shifts could become irreversible. (RAND.ORG)

Cloud

Commerce goes direct to hyperscalers with $4.1B cloud pact

The Commerce Department is planning a 10-year, $4.1 billion blanket purchase agreement for cloud computing capabilities and only the big hyperscalers need apply. In a Sam.gov notice posted Thurday, the department said the BPA will only be open to native hyperscale cloud services providers. The department said it is going with a direct to CSP strategy because of the “highly specialized technical requirements, including massive compute elasticity (25,000+ concurrent vCPUs), proprietary 100+ tbps (terabits per second) global backbones, and specific hardware density for AI/ML, and weather modeling.” (NEXTGOV.COM)

Drones

DARPA shares ‘Deep Thoughts’ solicitation for autonomous underwater drones

Officials from the Defense Advanced Research Projects Agency (DARPA) are interested in novel materials, alloys and structural geometries; advanced manufacturing methods and techniques; and non-traditional approaches to subsystem and component architecture that enable free-form design, structural consolidation and multi-functionality, per the solicitation. They’re also keen on having a “multi-level secure digital engineering ecosystem” to facilitate collaborative design, continuous integration, development and prototyping. (DEFENSESCOOP.COM)

Energy

Cost of building U.S. gas plants spikes 66%, report says

The cost of building new U.S. gas-fired power plants increased 66 percent from 2023 to 2025, underscoring the pressure on the power sector as data centers increase electricity demand. The time required to bring natural gas power online also increased 23 percent during the two-year span, according to utility filings analyzed by research firm BloombergNEF, suggesting that supply chain bottlenecks are hindering the industry. “Over the same period, planned gas capacity grew almost six fold,” the firm said in a research note Thursday. (EENEWS.NET)

Exercises

Cyber defenders put to the test during exercise Locked Shields 2026

The world’s largest and most complex international live-fire cyber defence exercise, LOCKED SHIELDS 2026, with over 4,000 cyber defenders from 41 NATO Allies and partner nations wrapped up on Thursday, Apr. 23. 2026, in Tallinn, Estonia. For three days participants trained against real-time cyberattacks on critical infrastructure and national information technology (IT) systems and included a wide range of specialised systems requiring protection, such as 5G infrastructure, satellite management systems, power grids, and electronic voting systems. LOCKED SHIELDS aimed to strengthen cyber defence capabilities across Allied and Partner Nations, promoting multinational cooperation and accelerating innovation. (NATO.INT)

Leadership

White House nominates Roger Mason to head NRO

President Donald Trump has nominated Roger Mason to become director of the National Reconnaissance Office (NRO), an intelligence community (IC) component that operates satellites and ground systems to secure against worldwide threats. The nomination is subject to Senate approval. NRO is an element of the Pentagon whose services “can warn of potential trouble spots around the world, help plan military operations, and monitor the environment,” according to the Office of the Director of National Intelligence (ODNI). (MERITALK.COM)

Nuclear

NRC proposed rule aims for speedier microreactor licensing

The Nuclear Regulatory Commission rolled out a proposed rule Friday that aims to streamline licensing for microreactors, advanced technology that the NRC, White House and developers of artificial intelligence say could help meet surging power demand. In its proposal, the agency said the rulemaking would “establish a risk-informed and performance-based regulatory framework” for licensing small advanced reactors, as directed by Congress. The proposed rule could allow the agency to issue an operator license within six months to a year after accepting an application. (EENEWS.NET)

President Trump should secure America’s nuclear future by taking weapons out of DoE

OPINION: President Donald Trump loves to make big, consequential decisions. And while the two of us don’t agree with many of his decisions, there is no doubt he has made some that benefit US national security. He established the US Space Force to respond the growing threats to our space systems, and has increased defense spending, advanced acquisition reform to deliver military capabilities quicker to our warfighters, and pressed allies to take defense seriously. Now Trump has a chance to take action to improve the security of the United States over the long-term, and fix America’s broken nuclear weapons establishment. (BREAKINGDEFENSE.COM)

Social media

Norway’s prime minister proposes ban on social media access for young teens

Norway’s prime minister said Friday that his office plans to release a bill that would ban children under 16 from using social media by the end of the year. The bill will include language that holds big tech accountable for using age verification tools to block young users, according to a statement from Prime Minister Jonas Gahr Støre. European countries have recently embraced social media restrictions with several government officials across the continent pledging to implement bans. (THERECORD.MEDIA)

Space

Space Force names 12 companies to develop Golden Dome’s space-based interceptors

The Space Force’s acquisition arm announced on Friday the 12 companies who have received contracts to develop space-based interceptor (SBI) prototypes for President Donald Trump’s Golden Dome. The service awarded other transaction authority (OTA) agreements — worth up to a combined $3.2 billion — to the vendors in late 2025 and early 2026, according to a Space Systems Command press release. Under the contracts, the companies will develop prototypes of a space-based architecture that can shoot down enemy missiles after they’re launched. (DEFENSESCOOP.COM)

Space Force moves Air Force reservists into part-time Guardian roles

The Space Force has selected nearly 250 Air Force reservists in space-related career fields to transfer into part-time roles, marking a major step in the service’s effort to build a new personnel model that blends full- and part-time service instead of maintaining separate active-duty and reserve components. The move is part of the service’s broader effort to strengthen recruiting, attract top talent and provide more flexibility to retain service members longer. (FEDERALNEWSNETWORK.COM)

Workforce

Nearly half of cybersecurity pros want to quit – here’s why

Almost 20% of organizations have reported a major security attack in the past two years, and the threat environment, whether due to criminal activity or the rise of new AI-enabled models, such as Anthropic’s Mythos, continues to evolve at breakneck speed. However, the cybersecurity professionals who help their enterprises manage these challenges don’t feel adequately rewarded — and most are fed up with the situation. That’s the conclusion from the newly released Harvey Nash Global Tech Talent & Salary Report, which surveyed over 3,646 technology professionals globally. While 19% of respondents reported a major attack at their firm in the past 24 months, those working in the security specialism were the least likely to report a pay increase over the last year. (ZDNET.COM)

LEGISLATIVE UPDATES

Latest spy power reauthorization bill leaves critics unimpressed

The latest attempt to re-up a controversial expiring surveillance law has failed to placate vocal critics on both the left and right of the political spectrum. Two House votes recently failed to extend the spying powers under Section 702 of the Foreign Intelligence Surveillance Act (FISA) for 18 months without changes, leading to Congress instead passing a 10-day reauthorization. GOP leaders have been scrambling to find a bill they can pass since with the April 30 deadline approaching. (CYBERSCOOP.COM)

House lawmakers introduce quantum initiative reauthorization

House lawmakers introduced their version of the National Quantum Initiative Reauthorization Act on Thursday, which focuses on developing and advancing quantum information sciences and technology applications. Led by Rep. Randy Weber (R-Texas) and cosponsored by Reps. Brian Babin (R-Texas) and Jay Obernolte (R-Calif.), the bill’s agenda is coordinated through the National Science and Technology Council’s Subcommittee on Quantum Information Science, which steers federal agencies to identify use cases for quantum information technologies as well as hurdles to development and scaling. (NEXTGOV.COM)

Moreno introduces resolution banning senators from prediction markets

Sen. Bernie Moreno (R-Ohio) introduced a resolution on Friday that would ban senators from participating in prediction markets amid concerns about potential insider trading on the platforms. The resolution would amend the Senate rules to include a provision stating that members may not enter into “an agreement, contract, or transaction that provides for any purchase, sale, payment or delivery” dependent on the outcome of a specific event. (THEHILL.COM)

COMMITTEE ACTIVITY

CYBER COMMAND: The Senate Armed Services Committee will hold an April 28 closed hearing to examine the posture of United States Special Operations Command and United States Cyber Command in review of the Defense Authorization Request for Fiscal Year 2027 and the Future Years Defense Program, followed by an open session.

SPACE: The House Foreign Affairs Europe Subcommittee will hold an April 29 hearing on emerging threats to U.S. space security and foreign policy implications.

NUCLEAR: The Senate Appropriations Subcommittee on Energy and Water Development will hold an April 29 hearing on the president’s Fiscal Year 2027 budget request for the National Nuclear Security Administration.

CRITICAL INFRASTRUCTURE: The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold the hearing “Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS’s SRMA Role for the Communications and IT Sectors” on April 29.

AI ENERGY: The House Energy and Commerce Subcommittee on Energy will hold an April 29 hearing on meeting growing power demand fueled by AI.

SPACE BUDGET: The House Appropriations Defense Subcommittee will hold an April 30 budget hearing on the U.S. Air Force and Space Force.

ALERTS AND ADVISORIES

CISA adds four known exploited vulnerabilities to catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability, CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability, CVE-2024-57728 SimpleHelp Path Traversal Vulnerability, CVE-2025-29635 D-Link DIR-823X Command Injection Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

NORTH KOREA: On April 27, the Center for Asia Policy Studies at Brookings will host a public event to examine the Kim dynasty’s evolving ideology and worldview across three generations of leadership. Drawing on deep expertise in North Korea’s history, leadership, and politics, the panelists will explore the implications for domestic and foreign policy and what they may mean for regional and international order.

AI FOOD SECURITY: Join the CSIS Global Food and Water Security Program on April 30 for the Artificial Intelligence (AI) for Food Security Forum, bringing together U.S. and global policymakers, technology developers, financers, researchers and implementing partners working at the forefront of AI for food security.

SEMICONDUCTORS: The CSIS Renewing American Innovation program and the Texas Institute for Electronics (TIE) at The University of Texas at Austin are hosting a half-day symposium April 30 of expert panels highlighting the region’s dynamism and how the private sector, public sector, and academia in Austin and the state of Texas more generally have made the state a world-renowned semiconductor advanced packaging hub. 

TRANSPORTATION: With new technology comes questions about data privacy, security and accountability with high stakes for businesses and consumers. On May 5, as part of the seventeenth annual A. Alfred Taubman Forum on Public Policy, Governance Studies at Brookings will host a webinar to discuss the benefits and implications of connected cars.

AI AND IRAN: The conflict in Iran reveals urgent lessons about AI as a weapon of war and statecraft. Led by one of Washington’s top experts on Iranian strategy, military doctrine, and the IRGC, this May 6 FDD panel provides an assessment of how the Iranian regime has used autonomous systems and machine learning to expand its reach; how AI tools have supercharged propaganda campaigns and cyber-enabled information warfare; and in the financial realm, how emerging technologies have enabled large-scale fraud and illicit funding of Tehran’s proxies. 

EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!