Cyber Briefing – April 29, 2026
TODAY’S TOP 5
WHITE HOUSE, TECH FIRMS HUDDLE ON MYTHOS: A range of tech and cyber companies are quietly meeting with the White House to discuss cybersecurity and artificial intelligence, including Anthropic’s newly unveiled and highly advanced AI model, Claude Mythos. Two people familiar with the meeting told POLITICO that representatives from OpenAI and Anthropic are likely to attend. One of those people added that officials from several other companies will also be present. These people, like others in this report, were granted anonymity to share details of the closed-door talks. According to one of those people and a third person familiar, the meeting is intended to broadly cover cybersecurity and AI issues, in addition to concerns about Mythos’ advanced hacking capabilities.
- OpenAI and Anthropic briefed House Homeland Security Committee staff on their new cyber-capable AI models and their implications for cybersecurity, Axios has learned. This is one of the first briefings that lawmakers have had with the AI giants about the cyber threats posed by their new models, including to under-resourced critical infrastructure sectors. An aide described the briefings as “proactive engagement with these companies on recent frontier model developments,” including their implications for critical infrastructure cybersecurity.
- • Federal Chief Information Officer Greg Barbaccia said Tuesday the government is approaching Anthropic’s Mythos model with measured expectations, acknowledging both its potential to strengthen federal cyber defenses and the significant uncertainties that remain about how it would perform in real-world conditions, CyberScoop reports. Barbaccia said his direct exposure to Mythos has been limited to evaluations and benchmarking tests, and that no federal agencies have deployed it yet. While he says the Office of the National Cyber Director is coordinating the government’s approach, his broader assessment of where AI-assisted cybersecurity is heading was direct.
PENTAGON AND GOOGLE INK AI DEAL: Google said on Tuesday that it had signed a deal to provide the Pentagon with its artificial intelligence models for classified work, amid a dispute between the Department of Defense and the AI startup Anthropic over how to responsibly use the technology during war, The New York Times reports. The agreement is part of a $200 million contract that the search giant signed last year with the Pentagon to provide it with AI tools. Now the Pentagon can use Google’s AI on classified systems for “any lawful governmental purpose,” people with knowledge of the deal said. The language mirrored that of deals the Department of Defense struck last month with OpenAI and Elon Musk’s xAI to use their AI models on classified networks, people who had reviewed the contracts said.
- • Pentagon AI chief Cameron Stanley confirmed to CNBC that the Department of Defense is expanding its use of Google’s Gemini artificial intelligence model, about two months after the DoD dropped Anthropic, designating it as a supply chain risk. The DoD is using Google’s latest model for classified projects, according to a person with knowledge of the matter who asked not to be named because the specifics of the arrangement aren’t public.
- • Pockets of resistance to data centers are opening up across rural America, where a backlash against the explosive growth of the infrastructure for AI and cloud computing is at its sharpest, the Financial Times reports. Data centers, once clustered around cities and towns, are moving into farm country in search of cheap land and tax incentives. According to Pew Research Center, 67 percent of planned data centers are in rural areas, while 87 percent of existing data centers are in urban ones. “Rural communities have become a target,” says Miquel Vila, lead analyst at Data Center Watch, a research project run by AI security company 10a Labs. More than 160 new AI-focused data centers have been built across the US in the past three years, a roughly 70 percent increase on the total, according to Bloomberg data.
AI INTEGRATION, ELECTION SECURITY AT ARMED SERVICES HEARING: AI and autonomy are being integrated into special operations “at every level,” the leader of U.S. Special Operations Command told lawmakers on Tuesday — an indication that SOCOM, like smaller organizations everywhere, is well-poised to take advantage of disruptive technologies, Defense One reports. They are “critical” to sensing the battlefield, continuously surveilling adversary forces and targets, and “the ability to project violence, should that be required,” Adm. Frank “Mitch” Bradley said at a Senate Armed Services Committee hearing. He added that they are also key to improving international partners, underscoring their particular value to special operations. Bradley’s testimony underscored a larger phenomenon playing out in boardrooms as well as on battlefields: small and nimble groups — whether non-state actors, software startups, or militaries like Ukraine’s — derive greater return on their AI investments than do more established or incumbent players.
- • The head of U.S. Cyber Command and the National Security Agency on Tuesday predicted that foreign adversaries would attempt to interfere in the upcoming midterm elections. “It’s reasonable to expect based on what we’ve seen in the past,” Army Gen. Joshua Rudd testified before the Senate Armed Services Committee, The Record reports. “We certainly share your concern, and we’re always looking, as you would expect us to, for any type of foreign activity that would undermine our democratic process,” he said in response to questions from Sen. Mazie Hirono (D-Hawaii). “We are postured and ready to support as required or tasked, making sure that we safeguard our elections.”
HOW ENCRYPTION, PROXIES AND AI ARE EXPANDING CYBERCRIME: Europol’s new Internet Organised Crime Threat Assessment (IOCTA) 2026 underscores the dynamic and interconnected nature of cybercrime, highlighting how criminals continue to exploit technological advancements to perpetrate a wide range of illicit activities. The report reveals that the dark web remains a critical enabler for cybercriminals, with marketplaces and forums demonstrating remarkable resilience despite ongoing law enforcement efforts. The fragmentation and specialization of these platforms pose significant challenges for investigators, as criminals rapidly adapt and migrate to new, often more secure, environments. End-to-end encrypted (E2EE) platforms and anonymized services now connect the realms of surface and dark web communication channels, increasingly blurring their distinction.
- • The report explores the advanced strategies used by cybercriminals to defraud citizens throughout the EU, notably the integration of automation and artificial intelligence to boost the efficiency and scope of their activities, Europol said. Generative AI tools are increasingly employed to tailor social engineering tactics, accelerating and concealing online fraud schemes. Additionally, caller ID spoofing, a method that masks the caller’s identity, and so-called SIM farms, which can distribute thousands of SMS messages, calls and social media posts, are significant facilitators of large-scale fraud.
IRAN HACKERS TARGET U.S. TROOPS: U.S. service members assigned to units in the Middle East received threatening messages on Monday from what appeared to be an Iranian-linked cyberattack group known as Handala Hack. The messages, seen by Stars and Stripes, warned service members that they were under surveillance and threatened to target them with drones and missiles. Stripes reviewed identical WhatsApp messages sent to two service members stationed in Bahrain, which hosts U.S. Naval Forces Central Command. “Your identities are fully known to our missile units, and every move you make is under our surveillance,” read the text. “Very soon, you will be targeted by our Shahed drones and Kheibar and Ghadeer missiles. We will deal with you, the terrorists whose hands are stained with the blood of the Minab schoolchildren. We suggest you call your families now and say your final goodbyes.”
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
America is asking more from its critical infrastructure just as adversaries are finding more ways to target it. AI, data centers, electrification and next-generation energy systems all depend on operational technology — the control systems that keep power, water, transportation and industry moving. As that backbone grows more connected, the stakes of securing it grow even higher. In this episode of Cyber Focus, Frank Cilluffo speaks with Zach Tudor, Associate Laboratory Director at Idaho National Laboratory, about how INL tests and secures critical infrastructure at scale. Tudor explains why resilience must guide infrastructure defense, what Ukraine and China reveal about the risks facing critical infrastructure, and why cyber-informed engineering is essential as new technologies move into energy, nuclear, wireless and industrial systems. The conversation also covers AI’s role in control environments, the workforce needed to secure future infrastructure and the challenge of moving faster before a major event forces action.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
Video platform Vimeo hacked by ‘ShinyHunters’ gang
Video platform Vimeo has suffered a breach involving hacking gang ShinyHunters, which stole a trove of data containing at least some user email addresses. Vimeo disclosed the breach on Monday. ShinyHunters is trying to extort the platform by threatening to publish the stolen information unless a ransom is paid. “Pay or Leak,” ShinyHunters wrote on the group’s dark web site. Vimeo has traced the breach to a ShinyHunters attack on Anodot, a business monitoring tool. It stole authentication tokens, creating a pathway to hit other brands, including Rockstar Games, since Anodot can be integrated with Snowflake, a major cloud storage provider. (PCMAG.COM)
Pitney Bowes confirms Salesforce breach after hacker leaks 25 million records
Pitney Bowes has confirmed to CyberInsider that it suffered a cybersecurity incident involving unauthorized access to customer data stored in its Salesforce environment. This admission follows claims by the ShinyHunters extortion group that it has stolen over 25 million records. While the company acknowledges the breach, it disputes that sensitive personal data was exposed. Pitney Bowes is a long-established US-based technology company specializing in shipping, mailing, and financial services solutions, serving enterprise clients globally, and processes significant volumes of customer and logistics data. (CYBERINSIDERS.COM)
NZ council cyberattack leads to ID and financial data being exposed
The Hutt City Council, located in the north island of New Zealand, reportedly suffered a phishing incident in March, leading to the identity data of 5 people and the financial information of as many as 732 people being exposed. “We are sorry we did not handle this data with sufficient care, and we acknowledge the concern this has caused. We unreservedly apologise to anyone affected by this attack. Any exposure of personal information is not acceptable,” the council wrote in a statement. (CYBERDAILY.AU)
Communications
Two men charged over series of arson attacks on 5G masts
Two men face charges over a series of arson attacks on 5G masts spanning two years following a Police Service of Northern Ireland (PSNI) investigation. Detectives arrested the men and secured charges on Monday. They are accused of being involved in the attacks which took place between 2023 and 2025, primarily in the west Belfast area. Neither of the accused was named. One of the men, 45, was charged with eight counts of arson and conspiracy to commit arson, while the other, 46, faces one charge of the same crime. (THEREGISTER.COM)
Cybercrime
Teen hacker infiltrated corporations, collecting millions in ransom: Report
A 19-year-old faces federal charges filed in Chicago alleging that he helped infiltrate corporations’ computer systems and collect millions in ransom, and that he is a member of the international hacker group Scattered Spider, the Chicago Tribune reported. The teen, whose name is Peter Stokes but who is known online as “Bouquet,” was charged with wire fraud, computer intrusion and conspiracy in a complaint filed under seal late last year, according to the newspaper, which reported Stokes participated in one Scattered Spider hack at age 16. He was arrested this month in Finland, the Tribune reported, noting he is a citizen of both the U.S. and Estonia, and adding that authorities are working to have him extradited to Chicago. (PATCH.COM)
Ukrainian police detain hackers suspected of stealing thousands of Roblox accounts for resale
Ukrainian law enforcement has detained a group of local hackers suspected of stealing more than 610,000 user accounts from the gaming platform Roblox and reselling them for cryptocurrency on Russian websites, authorities said. Police said on Monday the victims included both Ukrainian and foreign players whose accounts contained valuable digital items, rare equipment and in-game currency purchased with real money. Some accounts also held remaining balances of Roblox’s virtual currency, making them particularly attractive to cybercriminals. (THERECORD.MEDIA)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Researchers from threat hunting firm Novee have found a security flaw in a popular AI-powered Integrated Development Environment (IDE) called Cursor. This high-severity arbitrary code execution vulnerability, tracked as CVE-2026-26268 (CVSS 8.1), allows hackers to take control of a programmer’s computer just by having them clone a project repository (downloading a copy of a project’s files and its entire history on your computer from a website like GitHub). This issue isn’t caused by some bug in the Cursor code (core product logic) itself. It actually is caused by the way the AI tool interacts with Git, a popular and widely used software to track code changes. (HACKREAD.COM)
Energy
Extended heat wave could cripple New York’s grid this summer: NYISO
Electric reliability margins this summer in New York will be “the lowest … in recent history,” with extreme weather and an aging generation mix contributing to a risk of blackouts, the New York Independent System Operator said Friday. “Coordination with generation owners, utility companies, neighboring grid operators, and government officials will be essential as we work to maintain grid reliability this summer,” Aaron Markham, ISO vice president of operations, said in a statement. The ISO’s annual summer reliability assessment estimates 34,615 MW of power resources will be available this year to meet forecasted peak demand of 31,578 MW. (UTILITYDIVE.COM)
Malware
SLOTAGENT malware hides API calls and strings to thwart analysis
A previously unknown remote access trojan (RAT), dubbed SLOTAGENT, after analyzing a suspicious ZIP archive uploaded from Japan to a public malware repository in early 2026. The malware demonstrates advanced evasion techniques and flexible post-exploitation capabilities, making it a notable addition to the evolving threat landscape. The ZIP file contains a malicious executable, WindowsOobeAppHost.AOT.exe, which triggers the execution chain by loading a DLL file, WindowsOobeAppHost.AOT.dll. The DLL exports a function named __managed__Main, which initiates the malware’s core logic. (GBHACKERS.COM)
Brazilian LofyGang resurfaces after three years with Minecraft LofyStealer campaign
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). “The malware disguises itself as a Minecraft hack called ‘Slinky,'” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to induce voluntary execution, exploiting the trust of young users in the gaming scene.” The activity has been attributed with high confidence to a threat actor known as LofyGang, which was observed leveraging typosquatted packages on the npm registry to push stealer malware in 2022. (THEHACKERNEWS.COM)
Manufacturing
‘Fundamental tension’ undermines manufacturers’ cybersecurity
The manufacturing sector is woefully unprepared to defend against cyberattacks, even as it was the most targeted community in 2025, accounting for one in four attacks, cybersecurity insurance firm Resilience said in a report published on Tuesday. Several factors make it difficult for manufacturers to upgrade their cybersecurity defenses, including the cost of downtime, according to the report. Even so, the threat picture is dire: Ransomware attacks on manufacturers increased significantly more in 2025 than the average growth rate across all sectors. (CYBERSECURITYDIVE.COM)
Phishing
New DHL phishing scam uses 11-step attack chain to steal passwords
Researchers from Forcepoint’s X-Labs team recently found a phishing campaign designed to steal login credentials from users. In this campaign, what grabbed researchers’ attention was that the threat actors used the DHL brand name to trick users into revealing their passwords through an 11-step attack chain. The campaign begins with a spoofed email that appears to be from DHL Express with this subject line: “DHL EXPRESS WAYBILL CONFIRMATION REQUIRED,” asking the victim to confirm a waybill or shipment. (HACKREAD.COM)
Ransomware
VECT 2.0 ransomware irreversibly destroys files over 131KB on Windows, Linux, ESXi
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT’s locker permanently destroys large files rather than encrypting them means even victims who opt to pay the ransom cannot get their data back, as the decryption keys are discarded by the malware during the time encryption occurs. (THEHACKERNEWS.COM)
Transportation
Electric motorcycles and scooters face hacking risks to security and rider safety
Researchers at Bureau Veritas Cybersecurity discovered that electric motorcycles from US-based Zero Motorcycles are affected by a vulnerability that could allow an attacker to connect to a vehicle over Bluetooth. The security hole, tracked as CVE-2026-1354, affects firmware version 44 and earlier. According to CISA, which classified the vulnerability as ‘medium severity’ due to the attack’s high complexity, an attacker could gain unauthorized access to all Bluetooth functions and even upload malicious firmware to the bike. (SECURITYWEEK.COM)
Vulnerabilities
Critical unpatched flaw leaves Hugging Face LeRobot open to unauthenticated RCE
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the unsafe pickle format. “LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline, where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components,” according to a GitHub advisory for the flaw. (THEHACKERNEWS.COM)
cPanel releases emergency patch for critical authentication flaw
Web hosting administrators must take immediate action, as cPanel has rolled out an emergency security update to address a critical vulnerability. Disclosed on April 28, 2026, this flaw impacts various authentication paths within the cPanel and WebHost Manager (WHM) ecosystem. Control panels like cPanel act as the central nervous system for web servers, handling everything from email routing to database management. Threat actors highly prize authentication vulnerabilities in such platforms. (GBHACKERS.COM)

ADVERSARIES
China
The U.S. wants to ban China’s high-tech cars, but they’re already here in El Paso
Just 5 miles from the U.S. border, a bustling commercial strip here offers the buzzy Chinese car brands currently blocked from the American market. A Geely dealership features the all-electric EX2, a sleek compact that starts at only around $20,000. A bulky hybrid pickup truck sits next to a charger outside a BYD dealership. Great Wall Motors boasts some beefy gas-powered sport-utility vehicles, one advertised with the slogan “Be More Tank.” Luis Hernandez, a Geely salesman, said he has poached many longtime Ford and Chevrolet owners attracted to the affordable sticker prices and whiz-bang Chinese technology. (WSJ.COM)
China’s cyberspace regulator warns ByteDance apps, website over AI-content labeling
China’s cyberspace administrator has ordered ByteDance’s video editing apps Jianying and Maoxiang, and website Jimeng AI, to comply with rules on labelling AI-generated content, the Cyberspace Administration of China said in a statement on Tuesday. The three platforms did not effectively implement required AI content identification measures and have violated the country’s cybersecurity law and relevant rules, the regulator said. Authorities summoned, ordered rectification, warned, and penalised those responsible, the statement said, without giving details. (ASIAONE.COM)
Treasury warns of sanctions risks linked to China-based independent ‘teapot’ oil refineries
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is alerting financial institutions to the sanctions risks associated with independent “teapot” oil refineries in China, primarily in Shandong Province, given their continued role in importing and refining Iranian crude oil. China purchases approximately 90 percent of Iran’s oil exports, with teapot refineries accounting for the majority of these imports. This revenue ultimately benefits the Iranian regime, its weapons programs, and its military. Some Chinese teapot refineries have used the U.S. financial system to conduct dollar-denominated transactions and procure U.S. goods. (TREASURY.GOV)
North Korea
BlueNoroff uses fake Zoom calls to turn victims into attack lures
North Korea’s BlueNoroff state-sponsored hacking group is targeting cryptocurrency executives in an audacious, financially motivated campaign that uses fake Zoom meetings populated with AI-generated avatars and stolen video footage of real people to trick victims into installing malware on their systems. What makes the campaign particularly insidious, according to a new report from Arctic Wolf, is how the threat actor steals webcam footage from each victim and then uses those videos to populate even more convincing fake Zoom meetings to target new victims. (DARKREADING.COM)
Ransomware
Ransomware turf war as 0APT and KryBit groups trade blows
Two ransomware groups are licking their wounds and rebuilding their infrastructure after leaking each other’s operational data online, according to Halcyon. The set-to began when 0APT claimed the scalps of three ransomware groups on its leak site: newcomer KryBit and established players RansomHouse and Everest Group. The leak exposed KryBit infrastructure and personnel and the group will likely need to “rotate leaked operational components to ensure impact on their activities is limited,” Halcyon explained. (INFOSECURITY-MAGAZINE.COM)
Russia
I played Putin in a war game. The most dangerous period may be coming
OPINION: It was a bitter victory. After occupying a chunk of NATO territory in the Baltics, my team successfully converted the land grab into a diplomatic coup, winning major concessions from the United States that would refashion Europe’s security architecture in Russia’s favor. I was President Vladimir Putin, and I had just secured a big win for my project of Russian aggrandizement. Thankfully, this was not reality. It was a war game organized by the German newspaper Die Welt and the German armed forces, designed to test Berlin’s readiness for a security crisis brought about by Russian aggression and American indifference. (NYTIMES.COM)
Putin’s censors lashed by popular rage
OPINION: Russians are angry. Very angry. That’s because the regime has imposed sweeping internet blocks that are now disrupting everyday services from payments in grocery shops to mobile connections to taxi apps. And that’s caused something unexpected. Earlier in April, the FSB claimed it had disrupted an assassination plot against high-ranking employees of Roskomnadzor, the Kremlin’s internet censorship agency. According to the secret police report, which was hazy and had few details, a group of eight young Russians in four cities was planning to blow up the car of a Roskomnadzor official. (CEPA.ORG)

GOVERNMENT AND INDUSTRY
Artificial intelligence
Energy Department eyes AI-enabled self-service features for workforce
The Department of Energy is working to bring more AI into its talent management strategy, per two officials with leadership positions in the agency. DOE has set its sights on AI-enabled self-service features, helping employees find what they are looking for faster. Using AI to align learning opportunities with the workers that need them is another priority. The agency plans to explore these use cases over the next three to six months. The interest in artificial intelligence additions follows what the agency is characterizing as a successful HR modernization project that consolidated talent management platforms and access to related data. (FEDSCOOP.COM)
ALSO: Labor Department nears launch of AI workforce hub (FEDSCOOP.COM)
Data
Treasury needs to fully implement data protection controls, GAO says
The preliminary results of GAO’s ongoing work show that one Treasury Department of Government Efficiency (DOGE) team employee had access to three BFS payment systems between January 2025 and February 2025. The employee had access to view, copy, and print data for the three payment systems. In addition, the employee was inadvertently granted temporary access to create, modify, and delete data for one of the three systems, but GAO found no evidence of any changes to system data. The bureau did not fully address three of four selected control areas for ensuring that DOGE team employees with access to BFS systems follow its IT security rules. (GAO.GOV)
MORE: DOGE access to IT systems at the National Labor Relations Board reviewed (GAO.GOV)
Defense
Pentagon launches cyber apprenticeship program
The Department of Defense is launching a Cyber Registered Apprenticeship Program to accelerate its onboarding of skilled cybersecurity professionals, the agency said, part of a Trump administration push to bring non-traditional talent into the federal workforce. The initiative is being led through DOD’s Office of the Chief Information Officer and was first announced during a Labor Department signing ceremony on Monday for National Apprenticeship Week. The 12-month program is slated to launch as a pilot this summer, with the Pentagon calling it “a significant first step in energizing the Department’s commitment to workforce innovation and rapidly delivering leading-edge expertise to the warfighter.” (NEXTGOV.COM)
Army releases commercial solutions opening for rapid EW and signals intelligence capabilities
The Army is on the prowl for industry solutions related to electronic warfare and signals intelligence to become part of a new “library” of commercial tech from which commanders can draw as needed. The Rapid Electromagnetic Warfare & Signals Intelligence Commercial Solutions Offering (REWSI), unveiled by Capability Program Executive Intelligence and Spectrum Warfare (CPE ISW) on Thursday, is part of the service’s effort to reinvigorate its electromagnetic spectrum capabilities and embrace more commercial, rather than bespoke, solutions. “The Call for Solutions is a key step in building a rigorously vetted library of commercial technologies, allowing Commanders to quickly select the best tools for their specific mission,” Danielle Moyer, executive director of Army Contracting Command – Aberdeen Proving Ground, said in a release. (BREAKINGDEFENSE.COM)
Aligning the U.S. and Canadian defense industrial bases
OPINION: The United States and Canada are both racing to rebuild their defense industrial bases, recognizing that future conflicts will be determined not only by military capability, but by the ability to produce at scale. But they cannot succeed alone — and importantly, they do not need to start from scratch. After decades of reliance on globalized supply chains for everything from consumer products to critical defense technologies, the United States is reasserting a more active industrial policy, using tools ranging from the Defense Production Act to incentivizing private capital investments and even selective government equity stakes. Canada is undergoing a parallel shift, with increased defense spending commitments, the recent release of its first Defence Industrial Strategy, and the newly launched Defence Investment Agency. (WARONTHEROCKS.COM)
Drones
UAS is ‘the new’ IED: Hung Cao urges industry to innovate faster against modern drone threats
The Navy’s new acting secretary, Hung Cao, urged industry officials to speed up the delivery of high-quality counter-drone systems and other AI-enabled military assets to protect and better equip sailors and Marines who are deployed overseas. “What you’re producing right now is going to save the lives of America’s sons and daughters. My son, who’s going to be commissioned as a second lieutenant in about 24 days. So, that’s why I do what I’m doing, because I’m not going to have my son go to war the way I did when we were invading Iraq. We didn’t have the right equipment,” Cao said Tuesday at the Modern Day Marine conference. “That’s why I’m here today — to tell industry we need to move forward. The time is now. This is the time for us to do generational changes for our military.” (DEFENSESCOOP.COM)
Marine division to get first-of-its-kind counter-drone training as officials signal ‘significant concern’ over defeating UAS
Over the summer, troops with 2nd Marine Division will head to Twentynine Palms, California, to experience something entirely new to them: drone-defeat training from the service’s primary readiness unit. Between mid-July to late August, Marine Air-Ground Task Force Training Command will host the division for an integrated training exercise where it will run troops through counter-UAS “lanes” and possibly incorporate the capability into live-fire scenarios, Maj. Gen. Farrell Sullivan told DefenseScoop on the sidelines of the Modern Day Marine conference. While details about what the lanes will look like and which counter-UAS systems Marines will employ are scant, the announcement of upcoming training comes as the service continues to build its drone repertoire, including counter-systems, and officials signal concern about how to defeat them on the battlefield. (DEFENSESCOOP.COM)
Drone pilot makes U.S. rescind no-fly zones around unmarked, moving ICE vehicles
In January 2026, during the height of protests against immigration raids in Minneapolis, federal agents shot and killed 37-year-old Renee Good. Before even gathering all the facts, the Department of Homeland Security labeled the mother of three an “anti-ICE rioter” who “weaponized her vehicle against law enforcement” in an “act of domestic terrorism.” Days later, the feds announced a major expansion of “no-fly zones” in the name of national security. While such no-fly zones used to be about controlling aircraft, they now often focus on small drones. The expanded no-fly zones announced on January 16 prohibited such drones from flying within 3,000 lateral feet and 1,000 vertical feet of federal facilities. (ARSTECHNICA.COM)
Elections
Federal drawdown of election support ‘destroyed’ ongoing relationships, experts say
Efforts under President Donald Trump to scale back the Cybersecurity and Infrastructure Security Agency and its election security resources have strained relationships with state and local officials, raising concerns that jurisdictions may be far less prepared to counter threats to the November midterms, officials in Michigan and Georgia said Tuesday. The warnings, delivered by state officials and other experts at a hearing hosted by Democrats on the House Homeland Security Committee, come as the Trump administration has sought to expand the federal role in election administration through executive orders and the growing involvement of Director of National Intelligence Tulsi Gabbard in election-related matters, including an FBI raid on a Fulton County, Georgia elections office. (NEXTGOV.COM)
Health care
Cybersecurity risk analysis for medical devices in the era of evolving technologies
As Medical Device Manufacturers (MDMs) continue to innovate, the technologies used to provide new capabilities and to protect devices against existing and emerging threats evolve. MDMs may start to adopt relatively established technologies or to incorporate emerging technologies, which present new cybersecurity risks that may impact device functionality and lead to patient harm if not addressed. This discussion paper addresses some general cybersecurity considerations when designing medical devices to incorporate emerging and evolving technologies. (MITRE.ORG)
Intelligence
Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul
Like many organizations, the National Geospatial Intelligence Agency is moving to integrate AI tools into their business operations. Jay Harless, director of human development at NGA, said the agency is trying to strike a balance: move fast enough to keep pace in what U.S. national security officials increasingly view as an AI arms race with adversarial countries like Russia, China, but not so fast that it disrupts proven intelligence-gathering methods. “One of our primary drivers is that our adversaries were investing heavily, and so there is the pressure to keep ahead of and do that safely,” Harless said Tuesday at the Workday Federal Forum, presented by Scoop News Group. (CYBERSCOOP.COM)
Leadership
Trump administration taps Chris Fall to lead CAISI
Chris Fall, who served as an Energy Department official in the first Trump administration, has been tapped to lead the Center for Artificial Intelligence (AI) Standards and Innovation (CAISI). A National Institute of Standards and Technology (NIST) spokesperson confirmed Fall’s role to MeriTalk in an email. In his role, Fall will helm the federal entity responsible for evaluating frontier AI models. (MERITALK.COM)
Regulations
New law expands West Virginia cybersecurity oversight
West Virginia has expanded the authority of its cybersecurity office with a new law that strengthens oversight and requires agencies to undergo annual security reviews. House Bill 5638, recently signed by Gov. Patrick Morrisey, gives additional authority to the state’s chief information security officer. It also establishes more formal oversight of state agency cybersecurity practices, including required participation in annual reviews assessing readiness, data protection and risk management. The state cybersecurity office, which is within the West Virginia Office of Technology (WVOT), is tasked with setting standards for cybersecurity and with managing the state cybersecurity framework. (GOVTECH.COM)
Space
Space Force proposes canceling polar missile warning program
The Space Force is proposing to cancel a $3.4 billion program intended to provide missile warning and tracking coverage of the northern polar region as part of its 2027 budget request. Northrop Grumman is under contract to build two satellites for the Next-Generation Overhead Persistent Infrared Polar program. According to new budget documents released April 27, the service wants to cancel NGP and instead rely on new proliferated constellations it is building in other orbits, which it says will provide needed coverage of northern hemisphere missile threats. (AIRANDSPACEFORCES.COM)
Science and tech spotlight: Data centers in space
Data centers house computer servers, data storage systems, and network equipment that provide digital applications and services—such as artificial intelligence (AI) and cloud computing. Space-based data centers would house similar equipment in satellites to process data in space instead of on Earth. Most proposals for space-based data centers use satellites deployed to low Earth orbits. These orbits allow faster communication with Earth and cost less to reach than higher ones. Some low Earth orbits (e.g., sun-synchronous) could also provide satellites with near-continuous solar energy. Some proposals envision constellations of thousands of new satellites working together to process data. (GAO.GOV)
CSO Saltzman: Focus space acquisition on ‘minimum viable capabilities
Chief of Space Operations Gen. Chance Saltzman has taken to his bully pulpit to urge incremental development of new Space Force kit, calling on acquisition program offices to focus first on speedy delivery of “minimum viable capabilities.” While technically he hasn’t the power of the purse ― acquisition authority flows through the civilian side of the Department of the Air Force ― as service chief, Saltzman does have the ability to set priorities and direction for Guardians to follow. Indeed, he has taken some flack from Capitol Hill in the past over a perceived lack of focus on acquisition issues and personnel. (BREAKINGDEFENSE.COM)
Spyware
Paragon is not collaborating with Italian authorities probing spyware attacks, report says
Last year, WhatsApp and Apple notified several people in Italy, including journalists and activists, that they had been targeted with government spyware. In particular, WhatsApp pointed the finger at the Israeli American surveillance tech maker Paragon Solutions as the company that provided the technology for a hacking campaign that targeted around 90 people around the world with its “Graphite” spyware. The notifications prompted a scandal in Italy that is still unfolding. After being notified of the attacks, a number of victims filed criminal complaints with Italian authorities, and prosecutors then opened an investigation. (TECHCRUNCH.COM)
LEGISLATIVE UPDATES
Rep. Delia Ramirez takes over as top House cybersecurity Dem
Illinois Rep. Delia Ramirez is taking over as the top Democrat on the House Homeland Security panel’s cybersecurity subcommittee, replacing former Rep. Eric Swalwell after his resignation. Committee Democrats approved the change Tuesday at a meeting prior to a “shadow hearing” without the GOP majority, focused on protecting elections from Trump administration interference. Ramirez first won election to Congress in 2022 and was reelected in 2024. She has served as the vice ranking member of the committee since 2023. She is now the ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection. (CYBERSCOOP.COM)
Pentagon formally requests name change to War Department, setting up fight with Dems
The Pentagon has requested that Congress formally change the name of the Defense Department to the Department of War in a new legislative proposal, a move that is likely to rile Democrats as lawmakers begin hashing out the fiscal 2027 defense policy bill. The Pentagon stated in the proposal that the change would have “no significant impact” on the FY27 budget. However, it later added that the department estimates it will spend about $51.5 million across its entire organization during FY26 to implement the name swap, with the majority of that sum — $44.6 million — used to make changes within defense agencies and DoD field activities. (BREAKINGDEFENSE.COM)
COMMITTEE ACTIVITY
SPACE: The House Foreign Affairs Europe Subcommittee will hold an April 29 hearing on emerging threats to U.S. space security and foreign policy implications.
NUCLEAR: The Senate Appropriations Subcommittee on Energy and Water Development will hold an April 29 hearing on the president’s Fiscal Year 2027 budget request for the National Nuclear Security Administration.
CRITICAL INFRASTRUCTURE: The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold the hearing “Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS’s SRMA Role for the Communications and IT Sectors” on April 29.
AI ENERGY: The House Energy and Commerce Subcommittee on Energy will hold an April 29 hearing on meeting growing power demand fueled by AI.
SPACE BUDGET: The House Appropriations Defense Subcommittee will hold an April 30 budget hearing on the U.S. Air Force and Space Force.
ALERTS AND ADVISORIES
CISA adds two known exploited vulnerabilities to catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability, CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
AI FOOD SECURITY: Join the CSIS Global Food and Water Security Program on April 30 for the Artificial Intelligence (AI) for Food Security Forum, bringing together U.S. and global policymakers, technology developers, financers, researchers and implementing partners working at the forefront of AI for food security.
SEMICONDUCTORS: The CSIS Renewing American Innovation program and the Texas Institute for Electronics (TIE) at The University of Texas at Austin are hosting a half-day symposium April 30 of expert panels highlighting the region’s dynamism and how the private sector, public sector, and academia in Austin and the state of Texas more generally have made the state a world-renowned semiconductor advanced packaging hub.
TRANSPORTATION: With new technology comes questions about data privacy, security and accountability with high stakes for businesses and consumers. On May 5, as part of the seventeenth annual A. Alfred Taubman Forum on Public Policy, Governance Studies at Brookings will host a webinar to discuss the benefits and implications of connected cars.
AI AND IRAN: The conflict in Iran reveals urgent lessons about AI as a weapon of war and statecraft. Led by one of Washington’s top experts on Iranian strategy, military doctrine, and the IRGC, this May 6 FDD panel provides an assessment of how the Iranian regime has used autonomous systems and machine learning to expand its reach; how AI tools have supercharged propaganda campaigns and cyber-enabled information warfare; and in the financial realm, how emerging technologies have enabled large-scale fraud and illicit funding of Tehran’s proxies.
EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS