Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – July 1, 2026


Cyber Briefing

TODAY’S TOP 5

CAN THE GRID TAKE THE HEAT?: The Trump administration has declared a power emergency for the nation’s largest energy grid in advance of a dangerous heat wave that threatens to strain electricity infrastructure, Bloomberg reports. The emergency order issued by the Energy Department Tuesday authorizes power plants in the PJM Interconnection LLC region, which serves 67 million people across 13 states, to operate at maximum levels and exceed some environmental requirements. A second Energy Department order authorizes the use of backup generators in the PJM region “as a last resort,” PJM said. Both orders run until 11:59 p.m. New York time July 3.

  • Data Center Alley is facing a climate test, E&E News reports. Searing temperatures this week could push energy demand to record levels on the mid-Atlantic’s electric grid, which fuels the country’s data center boom in Virginia. The Department of Energy’s order could potentially force data centers to use backup diesel generators. The move highlights the growing challenge of meeting rising electricity demand from data centers as the grid strains to keep the region cool during a period of extreme heat.
  • The significant heat wave that has broiled much of the Midwest this week is spreading farther east today, bringing the potential for record-breaking high temperatures to millions more people. Little relief is expected for much of the country until the weekend, The New York Times reports. More than 160 million people are under extreme heat warnings or heat advisories, and for many it was the second or third straight day of severe warnings to avoid being outside in the warmest parts of the day. Triple-digit temperatures are being made worse by high levels of humidity, leading to oppressive heat index readings. Many emergency officials and meteorologists say the heat index is a more accurate measure of what if feels like outside than temperature alone.

ANTHROPIC BLOCK LIFTED: The Trump administration removed export restrictions on Anthropic’s Fable 5 and Mythos 5 artificial intelligence models Tuesday evening, a move aimed at defusing weeks of drama surrounding controls on cutting-edge AI. The change — whose imminent announcement was first reported by POLITICO — includes enabling Anthropic to make Fable 5 available again to all general users in the U.S. and abroad while addressing worries that the powerful software might enable cyberattacks. In a letter to the company, Commerce Secretary Howard Lutnick said Anthropic no longer required an export license for its products after agreeing to “proactively detect and address security risks associated with the models,” to work with the government on protocols for future releases and to report any “malicious activity” it finds in among its models.

  • A new UN-backed commission will bring top tech executives and heads of state to the same table to forge global rules for AI, per an announcement shared exclusively with Axios. As global AI regulation grows more splintered, this initiative is an attempt to connect the executives building advanced AI with a group of global politicians.
  • Two knowledge communities write the rules for AI, but they operate at substantial distance from each other, Ignacio Cofone writes at Just Security. The AI safety community, whose members are trained in computer science and engineering, thinks in terms of how systems fail under different conditions, what counts as effective testing, and how to measure risk before deployment. The AI regulation community, whose members are trained in law and rights-based governance, thinks in terms of who is responsible when something goes wrong, what process people are owed before a decision affects them, and what rights they have to challenge it after the fact. Standards bodies, sectoral regulators, and domain experts need to be familiar with both disciplinary poles. But people who operate natively at both poles are rare, and the questions that fall between the two overlap with those that AI regulations have struggled most to specify.
  • Cyberattacks aimed at stealing American artificial intelligence technology are increasingly expanding from tech-based attacks to the exploitation of human-level vulnerabilities, with China-based actors playing a growing role, CNBC reports. “As the AI race has heated up, the [People’s Republic of China] has targeted the tech sector increasingly,” said Matt Pearl, director of the strategic technologies program at the U.S.-based think tank Center for Strategic and International Studies. Rather than focusing on a specific trade secret, such as hardware designs, the hackers have broadened their interest to anything that could narrow the three- to four-month AI gap with the U.S., Pearl said. That, he said, ranges from understanding a company’s product roadmap, particularly in highly competitive sectors, to identifying weaknesses in supply chains. The alleged cases are already piling up.

HACKERS REPORTEDLY BREACHED DHS INFORMATION-SHARING NETWORK: A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter, Nextgov/FCW reports. DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on the condition of anonymity because the incident is sensitive. The hackers’ affiliation and whether any documentation was pilfered from the system are both unclear. The department’s Office of Intelligence and Analysis has conducted a damage assessment of the intrusion, which is believed to have occurred sometime between late May and early June, said one of the people. The hackers targeted HSIN servers and a SharePoint system used for collaboration efforts, the person added.

  • DHS is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector, CyberScoop reports. The Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program, first reported by CyberScoop in January, is meant to replace the function of the Critical Infrastructure Partnership Advisory Council. CIPAC was a federal advisory body that allowed agencies like the FBI, the Cybersecurity and Infrastructure Security Agency and the intelligence community to interact with key owners and operators of water, power, internet and telecommunications to coordinate on cyberattacks and digital vulnerabilities. ANCHOR will fulfill a similar role, as detailed in a federal register notice set to publish today.
  • Trump administration budget chief Russell Vought told lawmakers Tuesday that he’s willing to work with Homeland Security Secretary Markwayne Mullin on re-staffing up the Cybersecurity and Infrastructure Security Agency, following deep personnel cuts and further proposed reductions in the fiscal 2027 budget blueprint, CyberScoop reports. Mullin said last week at a House Appropriations Subcommittee on Homeland Security hearing that he would like to hire 600 more people at CISA, similar to remarks he made earlier this month at another House hearing. President Donald Trump has cut or lost more than 1,000 from an agency that stood around 3,400-strong at the end of the Biden administration — cuts criticized by lawmakers in both parties.

‘WAR FORCE’ TECH TALENT DRIVE: The Trump administration has launched a federal recruitment program designed to connect experienced software engineers with open technical positions across the Defense Department, Federal News Network reports. The Pentagon’s new federal hiring program, called “War Force,” aims to attract hundreds of candidates for temporary, two-year DoD positions, including those with experience in engineering and advanced technologies like artificial intelligence, machine learning, automation and data systems. Applications for the program are open until July 17, according to the USAJobs announcement. The new hiring effort falls under the Office of Personnel Management’s larger Tech Force program, which first launched in December. War Force recruitment will be tailored to “the department’s unique operational and mission requirements,” OPM and DoD said in a joint press release.

  • U.S. troops could receive new weapons and tech with “undocumented shortfalls” after Defense Secretary Pete Hegseth reshaped a key Pentagon testing office last year by cutting nearly 100 civilian posts and leaving more work those who remain, according to a new government watchdog report. “The staff reductions since May 2025 constrain the depth and breadth of oversight that DOT&E [Director, Operational Test and Evaluation] can provide for DOD’s weapon systems,” said a Government Accountability Office (GAO) report released Tuesday, Breaking Defense reports. “This includes oversight of major defense acquisition programs and others, such as middle tier of acquisition programs—a growing area within DOD,” the GAO said, referencing the Pentagon’s streamlined framework to rapidly develop and field new capabilities by bypassing traditional acquisition processes.

CIA RESTRUCTURES FOR AGE OF AI: The CIA has reorganized several of its key acquisition and tech directorates to better embrace emerging technologies like artificial intelligence and quantum computing as they reshape “the reality of conflict and asymmetric warfare,” Director John Ratcliffe said Tuesday. During rare public remarks at the AWS DC Summit, Ratcliffe pointed to recent CIA-supported operations in Venezuela and the Middle East, including the rescue of a downed F-15E Strike Eagle pilot in Iran, as examples of the outsized impact of technology on the agency’s intelligence operations, FedScoop reports. “It was a search that rested on our innovation, creativity, and our technological know-how, and ultimately it was a technology-enabled search that only the CIA could successfully and did successfully pull off,” the director said of the rescue effort, which he described as “the equivalent of trying to find a needle in a haystack.”

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

Army Principal Cyber Advisor Brandon Pugh joins Frank Cilluffo on this replay episode of Cyber Focus to address a stark reality: if critical infrastructure fails, the Army cannot mobilize. To meet this “no fail” mission, Pugh explains how the service is aggressively merging cyber with electronic warfare and cutting red tape to field new technology in days rather than years. They also discuss the Army’s unique edge in this digital fight — reservists who bring high-level private-sector expertise directly to the battlefield. The conversation also explores how AI and operational technology are reshaping the Army’s cyber battlefield and threat landscape.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Artificial intelligence

AI, deepfakes used in 12 percent of successful scams: Survey

A new report released on Tuesday found that 12 percent of successful scams last year involved artificial intelligence or deepfakes. Theanalysis, which was conducted jointly by Gallup and the Stop Scams Alliance, acknowledged that this reported number could be lower than the reality, as the use of AI or deepfakes can be difficult to detect. Older adults are historically more likely to fall victim to scams and may be at an even greater risk for failing to detect AI or deepfake fraud schemes. (THEHILL.COM)

Breaches

Aflac Japan reports data breach affecting over 4 million customers

Aflac Life Insurance Japan said Tuesday that its customer portal site and other systems had been hacked, exposing the data of about 4.38 million customers, including their names, addresses, and phone numbers. For about 230,000 of these customers, information about premium payment accounts was also compromised. At this point, however, no misuse of such information has been confirmed. Aflac Life Insurance Japan detected an abnormality last Thursday as the system load increased following a surge in access traffic, company officials said. An investigation found multiple unauthorized access attempts were made between June 15 and June 25. (JAPANTIMES.COM)

Health care

Medtronic notifying patients affected by data theft hack

Medical device maker Medtronic has begun notifying a yet undisclosed number of patients that their personal information – including health records and Social Security numbers – was compromised in an April cyber incident. Ransomware gang ShinyHunters had earlier claimed that it stole more than 9 million records from the company. So far, public records show that Minnesota-based Medtronic notified Massachusetts regulators on Monday that the incident affected nearly 64,000 patients in the Bay State alone. (HEALTHCAREINFOSECURITY.COM)

Passwords

Azure CLI password spray hits at least 78 Microsoft accounts in 81M-plus attempts

Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider LSHIY LLC (AS32167). “Between June 12 and June 26, the threat actor behind it made more than 81 million login attempts and successfully compromised at least 78 Microsoft accounts across 64 organizations,” the company said in a statement. (THEHACKERNEWS.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

Fake bug report hijacks AI coding agents at scale

Researchers are offering fresh proof that AI coding agents have become a viable attack surface for threat actors seeking to steal credentials, manipulate data, and compromise development environments. The research by Tenet Security demonstrated how an attacker could hijack AI coding agents into running arbitrary code on a developer’s machine by planting a single fake-error report in a public bug tracking service. In controlled testing of its “agentjacking” technique, the company found widely used AI coding assistants such as Claude Code, Cursor, and Codex retrieved the poisoned error data and, in many cases, executed attacker-controlled code on the developer’s machine. (DARKREADING.COM)

Malware

ClickFix now cybercriminals’ favorite malware delivery technique

The ClickFix social engineering technique has become the leading means of cybercriminals delivering malware to victims. According to analysis by researchers at ReliaQuest, which examined cyber-attacks taking place between March 1 and May 31, 2026, ClickFix dominated malware delivery. ClickFix is a potent attack vector, because it socially engineers the victim into pasting attacker-supplied commands into trusted system dialogs. In ClickFix-style attacks, the user enters the command, which bypasses many anti-virus and cyber defense tools that categorize the action as legitimate. (INFOSECURITY-MAGAZINE.COM)

Hackers use fake FIFA World Cup 2026 T-shirt offers to spread Voidrift malware

Scammers are using excitement around the FIFA World Cup 2026 to target employees with a new email scam, reveals Cofense Intelligence. According to their investigation, scammers send emails offering free, exclusive World Cup T-shirts, pretending that FIFA has partnered with the victim’s employer to give away these gifts. These emails are sent to trick workers into downloading a malicious program onto their work computers. Right when an employee clicks the link, hackers can gain initial access inside the business network. This can allow them to spy on corporate activities, steal business data, or compromise sensitive company accounts. (HACKREAD.COM)

Malicious PyPI packages give hackers control of Telegram bot servers

A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. At least eight packages have been published on the Python Package Index (PyPI) with a hidden backdoor that is activated by helper modules when importing Pyrogram or when the bot starts. Although the Pyrogram project is no longer maintained, it remains popular, with nearly 350,000 monthly downloads on PyPI (last updated in April 2023) and more than 1,400 forks on GitHub (last updated in December 2024). (BLEEPINGCOMPUTER.COM)

Maritime

RedLine infostealer thread reveals hidden maritime phishing and BEC infrastructure

A routine threat-feed alert for a RedLine Stealer command-and-control (C2) IP morphed into a full-scale pivot investigation that exposed a tailored maritime spear‑phishing and business email compromise (BEC) ecosystem. The starting signal a UniqueSignal entry from VMRay identified 194[.]156.79.122:55615 as a RedLine-associated host. That solitary indicator, combined with targeted forensic pivots across VirusTotal, FOFA, Censys and sandbox telemetry, produced a durable cluster of attacker-owned domains, mail infrastructure and delivery servers that underpin a narrow, high-impact campaign against South Korean maritime supply-chain targets. (GBHACKERS.COM)

Supply chain

Phantom squatting: AI-hallucinated domains as a software supply chain vector

Unit 42 researchers found that large language models (LLMs) consistently hallucinate web domains for legitimate brands. Adversaries are actively weaponizing this vector by registering these nonexistent domains to intercept traffic generated by AI systems. This phenomenon is called phantom squatting, and it poses a significant risk to the software supply chain. Monitoring of registration for high-priority hallucinated domains yielded real-world detections across multiple sectors. Unit 42 was able to predict use of these domains from 18-51 days ahead of adversary registration. A standout case reveals an attacker who leveraged an AI coding assistant to build a full phishing kit named Montana Empire. (UNIT42.PALOALTONETWORKS.COM)

Decades-old Bash tricks expose AI coding agents to supply chain attacks

Bash (Bourne Again SHell), the 1989 GNU rewrite of the original Linux Bourne Shell, can still cause problems more than three decades later through its Bash Tricks. Adversa AI has discovered a structural security flaw in multiple open source AI agents. It’s not a specific bug but a process that can get malicious Bash instructions ingested into the agent, and from there into whatever the agent does – typically with the operator’s approval. Adversa calls this structural issue GuardFall. “We tested eleven popular open source agents, including Hermes, OpenCode, Roo-code, and others,” explains Omer Ben Simon, lead researcher at Adversa AI. “Ten leave the gap open in one of four ways; and only one closes it.” (SECURITYWEEK.COM)

Vulnerabilities

Apple patches dozens of vulnerabilities across iOS, macOS, and Safari

Apple announced security updates this week for iOS, iPadOS, macOS Tahoe, and Safari that resolve dozens of vulnerabilities, including 26 security defects in WebKit. iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 were rolled out with 37 security fixes across IOGPUFamily, kernel, libxslt, Web Extensions, WebKit, and WebRTC. The 26 WebKit bugs (including two in WebKit Canvas and WebKit Storage) could be exploited via malicious websites to exfiltrate data, leak sensitive information, crash Safari, corrupt memory, disclose process memory, hijack clipboard data, and process restricted web content outside the sandbox. (SECURITYWEEK.COM)

Chrome 150 patches 382 security fixes, 15 critical

Google’s Chrome team announced the rollout of Chrome 150 to the stable channel in a stable channel update post, noting the update “will roll out over the coming days/weeks.” The desktop build lands as 150.0.7871.46/.47 for Windows and Mac and 150.0.7871.46 for Linux. Chrome’s position in Web Browser Usage helps explain why a Critical bug in the world’s most-used browser carries outsized reach across Windows, Mac, and Linux desktops alike. (SQMAGAZINE.CO.UK)

BlueHammer vulnerability exploited in ransomware attacks

BlueHammer is one of the several exploits disclosed in recent months by a disgruntled researcher known as Chaotic Eclipse and Nightmare Eclipse. The researcher is unhappy with Microsoft’s handling of vulnerability reports, which is why several exploits were made public before the tech giant had a chance to release fixes. CVE-2026-33825 was publicly disclosed on April 2 and Microsoft released patches on April 14, when it informed customers that an authenticated attacker can exploit the security hole for privilege escalation. (SECURITYWEEK.COM)

Adobe patches seven max severity ColdFusion, Campaign flaws

Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. All these vulnerabilities can be exploited in low-complexity attacks that don’t require user interaction and were tagged with priority 1, indicating a high risk of being targeted. “This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours),” Adobe says. (BLEEPINGCOMPUTER.COM)

Fluentd security flaws enable remote code execution, SSRF, DoS and credential exposure

Fluentd, a widely used open-source data collector for unified logging, has reported several high-impact vulnerabilities that could enable attackers to achieve remote code execution (RCE), server-side request forgery (SSRF), denial-of-service (DoS), and the exposure of sensitive credentials. These issues, documented in multiple GitHub Security Advisories, affect Fluentd versions up to 1.19.2 and have been resolved in version 1.19.3. Given Fluentd’s extensive deployment in cloud-native environments, logging pipelines, and Kubernetes ecosystems, these vulnerabilities pose a significant risk, especially when instances are exposed to untrusted networks. (GBHACKERS.COM)

Multiple Apache Tomcat vulnerabilities allow attackers to bypass authentication

The Apache Software Foundation has disclosed two vulnerabilities affecting Apache Tomcat that could allow attackers to bypass authentication and security constraints protecting web applications. The flaws, tracked as CVE-2026-55957 and CVE-2026-55956, impact multiple major versions of the widely deployed servlet container, prompting urgent upgrade recommendations across enterprise environments. Rated as Important severity, this vulnerability affects Tomcat’s JNDIRealm component when configured with GSSAPI authenticated bind. (CYBERSECURITYNEWS.COM)

ADVERSARIES

China

China’s truck-mounted electromagnetic aircraft catapult seen in action for the first time

We now have our first look at a Chinese modular, road-mobile, electromagnetic aircraft launch system (EMALS) catapult actually launching a drone. The system, which consists of multiple specially-designed trucks linked together, first emerged right at the end of last year and was soon loaded onto the deck of a cargo ship. The same vessel, named Zhong Da 79, was used to showcase a new family of containerized weapons, sensors, and other systems, images of which went viral in a big way online. It has now also been confirmed that the truck-mounted EMALS catapult is part of that family. Video of the truck-mounted EMALS catapult in use first began circulating widely on social media earlier today, but exactly where or when it was shot is unclear. (TWZ.COM)

The three nevers: To invade Taiwan, China would have to make military history thrice

OPINION: The amphibious invasion of Normandy on June 6, 1944, remains the largest and most complex amphibious operation in history. On the first day alone, Allied forces landed eight divisions, including five amphibious assault and three airborne, totaling roughly 160,000 personnel. That force more than doubled within days. Normandy was unprecedented in scale but not in kind. A Taiwan invasion would present the reverse problem: Taiwan’s size is not the unprecedented part — the operational challenges are. Analysis of a potential Chinese invasion of Taiwan typically emphasizes the People’s Liberation Army’s rapid modernization and the possibility of strategic surprise. Far less attention is paid to operational precedent. (WARONTHEROCKS.COM)

Russia

Latvia and Ukraine to open drone factory right on Baltic nation’s border with Russia

Latvia and Ukraine plan to build a joint drone manufacturing facility in the Latgale region of eastern Latvia, near the country’s borders with both Russia and Belarus, Latvian Prime Minister Andris Kulbergs said June 29 during a visit to a military base in the region. The announcement gives operational shape to the so-called “Drone Deal” signed on June 9 between Kulbergs and Ukrainian President Volodymyr Zelenskyy on the sidelines of the Nordic-Baltic Eight summit in Tallinn, the first meeting between the two leaders. Latvia is the sixth country to join Ukraine’s bilateral drone cooperation framework. (DEFENSENEWS.COM)

GOVERNMENT AND INDUSTRY

Defense

Defense manufacturing emerges as Pentagon bottleneck

After years of concerted effort by the Pentagon and Congress to cut through federal red tape and foster closer ties with the commercial sector to speed up military procurement, the defense industry is turning to another problem: how to deliver those orders fast. Manufacturing is the next bottleneck ahead for defense acquisition amid Defense Secretary Pete Hegseth’s push to slash the time it takes to get cutting-edge equipment to the field, panelists from across government and industry said at a think tank event in Washington Tuesday. Though money to design and build new systems is flowing from the Defense Department and private investors alike, companies still need the right combination of facility space, qualified workers and robust suppliers to deliver hardware and software in months rather than years. Failure to do so risks leaving troops ill-equipped and vulnerable to attack. (FEDERALNEWSNETWORK.COM)

Army using AI, robot boats for Pacific logistics

The Army’s 8th Theater Sustainment Command is using artificial intelligence “to help us make better-informed decisions” for supply chain management in the Pacific, the unit’s commander said Friday. “For logistics, a lot of what we do is very similar to what the commercial world does, and so I have leveraged, and we are leveraging commercial partners with, you know, how do they do warehouse management regionally, and then how do they look at, how do you time delivery of supplies to the location it’s needed, and kind of, what are those time-distance factors,” Maj. Gen. Gavin Gardner told reporters. “ I’m looking at partners, and I’m talking to partners that do that on a global scale, because the distances between the continental United States to the forward positions that we train or live at, like the Republic of Korea or Japan, we’re constantly looking for smarter ways to do that.” (DEFENSEONE.COM)

Trojan Spirit, the Army’s intelligence backbone, needs a successor

OPINION: In 1990, the idea that deployed commanders could access the latest intelligence from three-letter agencies in the middle of nowhere was radical. But the Army was starting to make this idea real through a program called Trojan Spirit, so they could address a major strategic barrier: There were too many systems and databases for intelligence collection and analysis, some centralized and some forward deployed, and little access to practical insights. During Operation Desert Storm, the early Trojan system transitioned out of development and into operational deployment. Trojan Spirit’s first introduction to warfighters during the Gulf War fundamentally changed the battlefield. For the first time, commanders at the edge could access highly sensitive intelligence in near real time to create decision advantage. (WARONTHEROCKS.COM)

Drones

SOCOM interested in developing long-range kamikaze drones

U.S. Special Operations Command is conducting market research on industry’s ability to develop a long-range, air-launched loitering munition. According to a request for information posted Friday, SOCOM is eyeing an Air Loitering Munition (ALM) that has an extended range and additional capabilities beyond its current stand-off precision guided munitions (SOPGM). The weapons would be launched from the command’s fixed-wing aircraft, such as the AC-130J Ghostrider, according to the RFI. SOCOM is specifically interested in one-way attack drones that have a range of at least 75 nautical miles, allowing the command to observe and strike targets located deep within enemy territory without putting operators at risk. (DEFENSESCOOP.COM)

Energy

Energy expects Genesis Mission will double R&D productivity in coming decade

The Department of Energy’s Genesis Mission aims to double the productivity and impact of the U.S. research and development engine within the next 10 years, the agency’s undersecretary for science, Darío Gil, said at a Monday evening AWS event. It’s part of a larger focus on recharacterizing the purpose of artificial intelligence adoption. Genesis represents a sweeping national initiative with a goal of advancing the U.S.’s scientific research enterprise with advanced technologies. Launched in November 2025 via executive order, it aims to leverage Energy’s national laboratory system, the best AI, high-performance computing and quantum information systems across different scientific domains. (NEXTGOV.COM)

Leadership

The ‘Father of the Internet’ is finally retiring

Vinton Cerf will step down from his role as Google’s chief internet evangelist next week, marking the conclusion of one of the most influential careers in technology history. While speaking via video feed at the Open Frontier conference hosted by the Laude Institute, Cerf was recognized by Dave Patterson, the UC Berkeley professor best known for co-developing RISC processor architecture. “Vint … has been at Google more than 20 years, and he is retiring a week from today, and so I think we ought to give him a round of applause for a relatively good career,” Patterson said, to cheers from the room. (TECHCRUNCH.COM)

Maritime

Capability is not enough: Why authority decides whether SOF protect critical maritime infrastructure

OPINION: On June 19, 2008, Niger Delta militants in open-hulled boats stormed Shell’s Bonga floating production, storage and offloading vessel (FPSO), 120 kilometers off the Nigerian coast. They shut down 200,000 barrels of daily production. The Movement for the Emancipation of the Niger Delta (MEND) announced afterward that the target had been “deliberately chosen to remove any notion that offshore oil exploration is far from our reach.” Nigeria already had a maritime special operations force. The Special Boat Service (SBS) had been established specifically to protect offshore infrastructure. It made no difference. Bonga was not a capability problem. It was an alignment problem. A generation of maritime protection planning has rested on an implicit assumption: that the presence of special operations forces (SOF) translates into protection. It does not. Capability, authority, and integration do not compensate for one another. Below the threshold at which all three align, SOF presence is theater. (SMALLWARSJOURNAL.COM)

Nuclear

NNSA launches first enterprise cloud authorized for secret/restricted data

The National Nuclear Security Administration (NNSA) launched what it says is the first enterprise-authorized cloud environment capable of processing Secret/Restricted Data (S/RD), marking a significant step in the agency’s effort to modernize the nation’s nuclear security infrastructure. Developed in collaboration with Amazon Web Services (AWS), the S/RD Enterprise Cloud environment is designed to connect NNSA’s geographically dispersed laboratories, plants, and production sites in a unified secure environment while supporting mission areas including product development, digital engineering, advanced computing and simulation, and secure data analytics. (MERITALK.COM)

Supply chain

Hiding in plain sight: The geopolitics of software supply chains

OPINION: When Anthropic announced in April 2026 a limited preview of its Claude Mythos model capable of finding and exploiting vulnerabilities at scale, government and industry immediately focused on what it could mean for cybersecurity. Mythos Preview can reportedly find and author vulnerability exploits in hours that would have previously taken weeks. The White House even viewed the capability as significant enough to re-examine aspects of its current approach to artificial intelligence oversight. But the growing focus on AI-driven vulnerability detection risks obscuring another category of threat hidden deeper within modern software ecosystems and their supply chains. (JUSTSECURITY.ORG)

LEGISLATIVE UPDATES

House GOP defectors tank procedural vote to bring NDAA to floor

A gambit by House GOP leaders to tie the annual National Defense Authorization Act to a controversial voter restriction bill turned into a political quagmire this afternoon when 14 Republicans voted with Democrats to block the measure from being brought to the floor. Lawmakers voted 198-224 against a procedural measure — known as a “rule”— that would have allowed debate to begin on the fiscal 2027 NDAA, but which would have combined the defense bill with the SAVE America Act after passage and before being sent to the Senate. (BREAKINGDEFENSE.COM)

Billions in rural broadband funds still on hold

Funds totaling about $20 billion delayed under the federal rural broadband internet program will be subject to new guidance “this summer,” the agency head overseeing the project said Tuesday. National Telecommunications and Information Administration leader Arielle Roth gave lawmakers that timeline at a House Energy and Commerce subcommittee hearing, where she was pressed about the agency’s commitment to make the funds available to states. Roth also deferred specifics on the question of whether those funds will be held back from states that enact regulations on artificial intelligence, as directed by a presidential executive order. (ROLLCALL.COM)

Senate bill seeks cybersecurity review, potential recall of Chinese-made medical devices used in U.S. healthcare systems

A U.S. Senator introduced new legislation aimed at protecting Americans from potential security risks posed by Chinese-made medical devices, arguing that foreign-manufactured technologies used in healthcare settings could expose sensitive patient data and critical medical infrastructure to espionage or disruption. Introduced by Tom Cotton, a Republican from Arkansas, the proposed bill seeks to restrict the procurement and use of medical devices produced by companies linked to the Chinese government, reflecting growing bipartisan concern in Washington over supply chain security and national security implications of connected healthcare technologies. (INDUSTRIALCYBER.CO)

Lawmaker warns of administration’s ‘fetishization’ of Silicon Valley startups

Rep. James Walkinshaw has big plans for the federal government’s sprawling tech stack, including scrutinizing the contracting practices of the current administration. In an extensive sit-down interview with Nextgov/FCW and other GovExec reporters, the Democratic congressman from Virginia said that he wants to help rebuild the federal government’s capacity after sweeping disruption carried out by the Department of Government Efficiency — from strengthening civil service protections and tech talent pipelines to tightening cybersecurity guardrails on AI and reviving oversight tools like the FITARA scorecard and FedRAMP. “I’m starting to talk to my colleagues about a comprehensive and robust agenda to rebuild the capacity of the federal government, an American capacity agenda, for lack of a better term,” he said in the Monday interview. (NEXTGOV.COM)

ALERTS AND ADVISORIES

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

DATA SECURITY: From surveillance-capable applications to data-harvesting platforms, foreign adversaries — particularly the Chinese Communist Party — are exploiting technology to access American data at an unprecedented scale. Join Rep. Nathaniel Moran (R-Texas) for a July 2 fireside discussion with Senior Fellow Jason Hsu to discuss the congressman’s bill, H.R. 7509, the Deterring Adversarial Access to Americans’ Data Act, and Congress’s role in facilitating public-private understanding in an era of great power competition.  

SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders. 

COMMUNICATIONS: Join the American Enterprise Institute on July 8 for an exclusive look into the questions defining the Federal Communications Commission (FCC). This public event will begin with a fireside chat, featuring the FCC’s Arpan Sura and AEI’s Shane Tews, to examine the most pressing issues before the commission.

CHINA: Join Hudson Institute’s China Center on July 10 as Miles Yu hosts a panel examining Taiwan’s experience in handling national security cases, foreign interference, technology theft, election influence, proxy networks, and gray-zone legal warfare. The discussion will explore how authoritarian influence exploits democratic openness, social trust, local networks, and legal ambiguity.

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!