Cyber Briefing – July 10, 2026
TODAY’S TOP 5
DATA CENTERS IN INFORMATION WARFARE: China, Russia and, to a lesser extent, Iran have sought to use state media outlets to turn the controversy over data centers in the United States into “a domestic fracture point,” according to a new analysis by Alethea, a threat intelligence company, which identified scores of articles and posts on social media this year. These campaigns, whose impact on public opinion remains to be seen, have raised alarms in Washington, where AI is seen as a top issue heading into this year’s midterm elections, The New York Times reports. The foreign efforts appear intended to stoke the debate over data centers that has united political figures across the political spectrum — from Senator Bernie Sanders of Vermont, a progressive, to Stephen K. Bannon, the erstwhile adviser to President Trump.
- Texas regulators approved a new set of requirements Thursday to keep data centers and crypto-mining facilities operating, a move tech companies say could cost them billions of dollars, E&E News reports. The state Public Utility Commission voted 5-0 to require data centers and other “large computational loads” overseen by the Electric Reliability Council of Texas to stay online during temporary disturbances on the grid. Under the new rules, data centers could be ordered to disconnect from ERCOT — which handles about 90 percent of the state’s power demand — if they trip offline during power disruptions. Grid experts and ERCOT officials say data centers and crypto miners that can’t “ride through” temporary power blips could lead to a cascade of facilities and generators going offline.
- The data center boom has roiled communities across the country, but on Native land, a Big Tech push for quick approvals has pitted the need for development against a history of exploitation, The New York Times reports.
BIOTECH SECURITY AIMS TO CURB CHINA COPYCATS: Steve Potts is developing medicines for hard-to-treat cancers. Just don’t ask what, exactly, he is working on. If word gets out, he fears a Chinese company could beat him to market. Potts’s company, whose team has shepherded a combined 13 drugs through Food and Drug Administration approval, is one of a growing number of biotechs going to extreme lengths to stay secret, The Wall Street Journal reports. He won’t pitch venture-capital firms. He hasn’t presented at academic conferences. The company, Breakthru Medicine, is taking money only from a handful of trusted, high-net-worth individuals and universities. For decades, young biotechs broadcast their science publicly to attract investment. Today, more are going dark to keep rivals, many of which are based in China, from replicating their research and doing studies in humans even faster than they can.
- Until this year, few people outside China had heard of ChangXin Memory Technologies Inc. Now, the company is emerging as one of the world’s most important semiconductor makers — poised to shake up the $1 trillion memory-chip market and accelerate Beijing’s ambitions in artificial intelligence, Bloomberg reports. CXMT has become China’s best option to end a reliance on foreign memory chips at a time of severe shortages. It’s launching the country’s biggest initial public offering of 2026 next week as CXMT Corp., seeking upwards of $4.3 billion after revenue grew by an industry-leading seven-fold in the first half. Those proceeds will help CXMT fund a bold expansion plan. It aims to double output this year and build a top-to-bottom supply chain, from chip design to final assembly, people familiar with the matter said, asking not to be identified discussing previously unreported targets.
- Export controls on semiconductor manufacturing equipment, the machinery needed to fabricate, test and package semiconductors, are the most decisive instruments for constraining China’s ability to produce advanced and foundational chips. Yet, policy blind spots and the inconsistent implementation of export controls in the United States have left loopholes that China has exploited to accelerate its drive to undermine American compute advantage and dominate key industries, including the foundational chip market, which produces the “workhorses” of modern life, such as the chips found in cars and refrigerators, Sylvia Chen and Peter Tozzi write at Just Security. China is now poised to surpass Taiwan as the world’s leading foundational chip producer by 2027.
UN INITIATIVE WANTS TO INCREASE TRUST IN AI AGENTS: The United Nation’s agency for digital technologies on Thursday announced a new initiative to improve the trust of artificial intelligence agents, as increasingly autonomous AI systems raise concerns about accountability and human oversight, Reuters reports. AI agents are a new generation of artificial intelligence systems designed to act independently on behalf of users, carrying out tasks ranging from scheduling and purchasing to complex business processes. While they can improve productivity, they also run the risk of AI agents impersonating people and taking unauthorized decisions, according to the International Telecommunication Union (ITU).
- Washington can’t promise allies it will never cut off their access to American AI or reach their data — but it can set, and eventually codify, clear rules for both, Pablo Chavez writes at Lawfare.
RUSSIA’S SHADOW FLEET CONTINUES TO SAIL: The French navy seized the sanctioned crude oil tanker Deliver in the Mediterranean on June 23. This marks the latest in an increasingly frequent series of enforcement measures by European countries against Russia’s shadow fleet, the Jamestown Foundation reports. Boardings have a legitimate legal basis, but Russian officials characterize them as piracy and dispute the existence of a “shadow fleet.” At the same time, Russia is accepting more of these ships onto its registry. As sanctions put pressure on traditional “flag of convenience” countries to expel these ships from their registries, more shadow fleet vessels are registering under the Russian flag. This lets these ships avoid interdiction, but exposes Russia to more direct responsibility for the fleet and takes away deniability.
- Russia told one of its spies in Europe to find out more about air defense capabilities western nations are sending to Ukraine, Italian investigators reported after breaking up an alleged espionage ring in Rome, Defense News reports. Police who filmed and wiretapped an alleged Russian military intelligence officer quizzing an accused informant in Italy heard him demanding information on systems like Europe’s Samp-T, which has been given to Kyiv, and the Michelangelo Dome, an air defense system developed by Italy’s Leonardo due to be tested in Ukraine in November. The Russian accused of being an officer with Russia’s military intelligence agency GRU was followed as he met with Gavino Piras, 59, a former member of Italy’s secret service, who was arrested this week along with a second former Italian intelligence official.
BETTING ON SOLAR-POWER-BEAMING SATELLITES: In 1941, science fiction writer Isaac Asimov published “Reason,” a short story featuring the idea of harvesting the Sun’s rays to create electricity for use on Earth. It’s an idea that has obvious draw ― and was obviously never going to really happen. Except, over the years, scientists have continued to poke at the concept. After all, if the technology was possible, it could in theory fuel far-flung military bases without the need for expensive, complicated and vulnerable fuel-supply convoys, while making possible “gas stations” for spacecraft voyaging to the Moon and beyond. And now, 85 years after Asimov’s publication, the Pentagon, as well as a variety of Silicon Valley funders, are taking a much more serious look at the capability, Breaking Defense reports.ity demands.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
AI is changing the speed and scale of cyber conflict, but the burden on defenders remains the same: they have to protect complex systems all the time, while attackers only need one opening. That imbalance is especially urgent as critical infrastructure, intelligence missions and space systems become more connected, more contested and harder to secure. Chris Jones, chief technology officer at Nightwing and a former senior CIA technology leader, joins Frank Cilluffo on the latest episode of Cyber Focus to discuss what that means for national security. He explains why AI may give attackers a short-term advantage, why many breaches still come down to basic defensive discipline and why even the most advanced tools depend on skilled people, sound judgment and mission-focused teams.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Agriculture
Latvian forestry company still restoring systems weeks after ransomware attack
Latvia’s state-owned forestry company, LVM, said on Thursday it is still working to restore its IT systems weeks after a ransomware attack disrupted several internal and customer services. The attack, first disclosed in late June, knocked the company’s mapping platform and hunting application, as well as systems used to exchange information with contractors and customers offline. Latvian authorities said the attackers had likely been inside the company’s network for more than a week before they were detected. LVM’s chief technology officer, Maris Kuzmins, told local media earlier this week that the situation has stabilized, but returning operations to normal remains “quite challenging.” (THERECORD.MEDIA)
Cryptocurrency
Attackers exploit ‘Ill Bloom’ vulnerability to drain $3.1 million from cryptocurrency wallets
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out and take everything it controls. Coinspect has confirmed one coordinated sweep on May 27 that drained about $3.1 million from 431 wallets. It says roughly $2 million more has moved from exposed wallets since then. How much of that was theft, and how much was owners moving their own funds to safety, is not yet clear. (THEHACKERNEWS.COM)
Cybercrime
Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail
A former ransomware negotiator for DigitalMint was sentenced to 70 months in jail for deceiving his employer’s clients and conspiring with ransomware affiliates to extort a combined $75.3 million from five U.S. companies he was entrusted to aid during their moments of extreme crisis, the Justice Department said Thursday. Angelo John Martino III shared confidential information he gained from his work as a ransomware negotiator, including victim organizations’ negotiating positions and insurance policy limits, to extract the maximum payment for himself and other BlackCat affiliates he colluded with in backchannels. (CYBERSCOOP.COM)
Armenian citizen pleads guilty to ransomware attacks in Oregon and elsewhere
A 34-year-old man from Armenia has pleaded guilty to targeting five U.S. companies and one private school with Ryuk ransomware attacks, including a business in Oregon that had its data and credentials stolen in 2019, according to court records. Karen Serobovich Vardanyan on Wednesday pleaded guilty to conspiracy and computer fraud in federal court in Portland. Ryuk ransomware is a type of malicious software designed to encrypt data on a computer or network and prevent access to encrypted files until the victim pays a ransom. (OREGONLIVE.COM)
Russian man pleads not guilty in U.S. cyber espionage case
A Russian man whom U.S. prosecutors say previously worked for Russia’s FSB intelligence agency pleaded not guilty on Thursday to a charge that he participated in a cyber espionage campaign that a technology company conducted against Western organizations. Denis Obrezko, who was extradited last month from Thailand following his arrest there in November, pleaded not guilty during a brief virtual hearing before a federal magistrate judge in Boston after being indicted earlier this week for conspiring to commit computer fraud and abuse. (REUTERS VIA CA.NEWS.YAHOO.COM)
Government
8 men indicted in planned drone and sniper attack on White House UFC cage-fighting show
Eight men were indicted on murder and terrorism conspiracy charges Thursday for their alleged roles in a thwarted drone and sniper attack on the UFC cage-fighting show staged at the White House in June. The indictment, returned in Ohio, charges all eight in two separate conspiracies, one to provide material support to terrorists and a second to commit murder on federal government territory and to murder a federal government official. It remains unclear from the court records how close the would-be attackers could have come to being able to carry out the plan had it not been thwarted. (APNEWS.COM)
CT DCF falls victim to cyber attack that potentially leaked confidential information
The Connecticut Department of Children and Families has fallen victim to a phishing scam that may have led to confidential records being leaked. The attacker is believed to have downloaded emails from two accounts belonging to DCF workers through the cyber attack, Peter Yazbak, a spokesperson for the department, said in a news release on Thursday The cyberattack was launched through an “external sophisticated phishing email” that was sent to DCF employees on May 20, Yazbak said. (COURANT.COM)
Manitoba city of Winkler hit by cyberattack
Winkler has become the latest Manitoba municipality to grapple with cybersecurity incidents. On Tuesday morning, the city’s cybersecurity protection systems detected an incident, prompting officials to isolate affected systems and take certain municipal systems and services offline as a precaution while the situation is assessed. Phone and payment systems are unavailable as the city, about 115 kilometres southwest of Winnipeg, works to resolve the issue. (WINNIPEGFREEPRESS.COM)
Insider threats
OpenMandriva Linux says contributor tried to sabotage the project
The OpenMandriva Linux project announced that it was the target of an attempted act of internal sabotage after a dispute among contributors. The attempted destructive action extended from wiping GitHub repositories to pushing an empty package that could have damaged users’ systems. OpenMandriva is an independent, community-run Linux distribution, forked from Mandriva Linux in 2012 and maintained by the OpenMandriva Association. (BLEEPINGCOMPUTER.COM)
Leaks
A Puerto Rico government agency exposed 1 million Social Security numbers
The government agency that collects property taxes in Puerto Rico inadvertently exposed the Social Security numbers of approximately 1 million people, Centro de Periodismo Investigativo and ProPublica learned. It was the latest cybersecurity lapse for the Puerto Rico government, which in the past three years has seen technology breaches interrupt government services, take websites offline and lead to citizens’ personal information being published on the dark web. CPI and ProPublica became aware of the vulnerability related to the Municipal Revenue Collection Center’s interactive property map, known as the Catastro Digital, and notified the agency in mid-June. (PROPUBLICA.COM)
Data leak reveals identities of workers at Russia’s expanding Shahed factory
Researchers have published a massive database containing profiles of about 20,000 employees of Russia’s Alabuga facility, where Shahed attack drones are manufactured, according to a serviceman Viktor Andrusiv on his Telegram channel. OSINT researchers created a dedicated webpage for each employee of the Alabuga facility and published the dossiers online. The database reportedly includes personal information on workers involved in drone production. (NEWSUKRAINE.RBC.UA)
Ransomware
Ransomware ecosystem grows, but ‘four-headed monster’ dominates
Ransomware activity grew slightly between the first and second quarters of 2026 but significantly year over year, and there were more hacker groups active during April, May and June than in any previous quarter, researchers said on Thursday. Cybercrime actors claimed breaches of 2,279 victims in Q2 2026, a 7% increase over Q1 2026 but a 43% year-over-year increase compared with Q2 2025, GuidePoint Security said in a quarterly report. The Qilin ransomware gang led the quarter, accounting for 13% of attacks, but the relatively new group The Gentlemen has grown quickly and now accounts for almost as much activity, GuidePoint said. (CYBERSECURITYDIVE.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
AI gateways offer attackers the keys to the kingdom
As a growing number of organizations deploy AI gateways to manage access to foundation models, all signs point to them becoming yet another surface for security defenders to protect. Researchers at Darktrace recently investigated an incident where a threat actor gained access to an EC2 server hosting an AI gateway connected to Amazon Bedrock services. The attacker used the access for cryptomining but could just as easily have abused the AI gateway to access connected models and data, manipulate AI workflows, or pivot deeper into the unnamed organization’s cloud environment to make it a much more serious compromise. (DARKREADING.COM)
Malware
GigaWiper combines multiple malware for system-level sabotage
For over eight months, a threat actor has been using a destructive backdoor and wiper that has multiple system-level sabotage capabilities, Microsoft reports. Dubbed GigaWiper, the malware is a sophisticated Go-based backdoor that consists of multiple malware families and robust command-and-control (C&C) capabilities. According to Microsoft, the malware in GigaWiper was folded in the form of on-demand backdoor commands, allowing the attacker to execute a standalone wiper, a ransomware-like encryption command, and a wiping command that performs multiple erase passes. (SECURITYWEEK.COM)
Phishing
New Helix vishing group emerges in SharePoint data theft attacks
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. Initial contact is made through vishing. In some cases, the threat actor called employees while impersonating their manager, using either the manager’s name or caller ID spoofing to appear legitimate. The purpose is to trick the target into device-code phishing schemes to gain access to their accounts. (BLEEPINGCOMPUTER.COM)
Ransomware
When cyberattacks turn physical: Threats of violence in digital extortion
Cyberattacks are increasingly paired with threats of physical harm, targeting employees, executives and sometimes their families. Ransomware groups are escalating pressure tactics as payment rates decline, pushing them toward more aggressive extortion methods. Attackers are expanding their focus beyond organizations to individuals and communities, including students, parents and healthcare workers. Critical sectors like healthcare and education are targeted because disruption can create immediate real-world risk and urgency. (BLOG.BARRACUDA.COM)
Supply chain
Dormant GitHub accounts help attackers blend in while mapping corporate orgs
Datadog Security Labs is warning of “several overlapping campaigns” that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. “Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub ‘ghost’ accounts that are often years old, or compromised OAuth tokens and personal access tokens (PATs) from legitimate users,” Julie Agnes Sparks, senior security engineer at Datadog, said. While the activity in most cases involves targeting public data, select instances have gone beyond public information enumeration to successfully clone private repositories. (THEHACKERNEWS.COM)
Vulnerabilities
Palo Alto Networks patches 13 vulnerabilities
Palo Alto Networks on Wednesday published advisories describing more than a dozen vulnerabilities affecting its products. The new advisories cover 13 vulnerabilities specific to Palo Alto Networks products, as well as more than 500 flaws patched recently by Google in Chromium, which the cybersecurity giant uses for its Prisma browser. The most severe of the newly patched vulnerabilities is CVE-2026-0288. Assigned high severity and highest urgency ratings, the CVE covers multiple buffer overflows in the PAN-OS software, which powers Palo Alto’s firewalls. (SECURITYWEEK.COM)

ADVERSARIES
China
The digital scramble for Africa: Understanding Chinese smart cities in Africa
OPINION: The United States must compete with China’s growing influence in Africa. China invests in information technology architecture to increase its influence in Africa. This deepening presence challenges the United States’ influence in Africa. African states can grant the People’s Liberation Army (PLA) access, basing, and overflight opportunities. China also leverages its influence to access African states’ data pools and refine its military intelligence apparatus. The United States can still strengthen its role as the region’s partner of choice through a cohesive strategy. (SMALLWARSJOURNAL.COM)
Iran
Iran hatched fresh plot to kill Trump, Israel told U.S.
Israel shared new intelligence with the U.S. that it said indicated a fresh Iranian plan to kill President Trump, people familiar with the matter said, a finding that would mark an escalation in the war between Washington and Iran. Iran for years has vowed openly to retaliate against Trump for the assassination of Qassem Soleimani, who was a top general in the Islamic Revolutionary Guard Corps, in the president’s first term. The Israeli embassy in Washington declined to comment. Iran’s Mission to the United Nations didn’t immediately respond to a request for comment. The White House referred The Wall Street Journal to comments the president made on Wednesday. (WSJ.COM)
North Korea
N. Korea to expand intelligence agency’s role against ‘potential enemies’
North Korea has called for expanding the functions and missions of its intelligence agency against “potential enemies,” state media said Friday, in a move seen as aimed at strengthening its intelligence gathering against South Korea. The discussion took place at the first enlarged meeting of the ninth Central Military Commission, presided over by leader Kim Jong-un, the previous day, the Korean Central News Agency (KCNA) reported. The meeting addressed ways to enhance the Korean People’s Army’s combat readiness and modernization. (EN.YNA.CO.KR)
Russia
Ukraine’s drones are now reaching Siberia and imperiling Russian energy assets
Several Ukrainian drones circled over Russia’s largest refinery on Monday and then, one after another, slammed into its crude distillation unit, engulfing the facility in fireballs and clouds of smoke. There was no air defense to speak of because Russian authorities had assumed that the refinery, in the Siberian city of Omsk, was too far from Ukraine to be imperiled. The hit, which triggered Wednesday’s ban on diesel exports and intensified Russia’s monthlong fuel crisis, marked a major expansion in the range of Ukraine’s deep strikes. Until now, they have been confined to European Russia, within some 1,000 miles of Kyiv-controlled territory. But Omsk lies nearly 1,500 miles away in a straight line, and the drones flying there had to take a longer, more circuitous route to avoid air defenses. (WSJ.COM)
Moldova intelligence chief warns of Russian cyberattacks
Russian security services are transferring stolen personal data to organized crime syndicates to launch widespread phone fraud campaigns in Moldova, according to Alexandru Musteața, head of the Information and Security Service (SIS). Speaking to Ziarul de Gardă, Musteața stated that recent cyberattacks and dark web leaks are part of a coordinated Kremlin strategy designed to drain citizens’ finances and erode public trust in state institutions ahead of upcoming elections. (RADIOMOLDOVA.MD)
UK, partners commit to ‘persistent maritime presence’ to counter Russia in high north
The U.K.-led Joint Expeditionary Force will advance its integrated maritime enterprise and commit to a persistent maritime presence in the High North, North Atlantic and Baltic to counter Russia’s increasing activities in the region, the Royal Navy announced Thursday. The 10 countries in the JEF recently agreed to implement the Royal Navy’s Maritime Proposition – Joint Expeditionary Force, which outlines how the JEF nations can align doctrine, training, planning, sustainment and capability development to be better integrated. JEF is described by the U.K. as a shared maritime enterprise, with the Hybrid Navy concept as the organizing spine and progressed through targeted lines of effort – standardized doctrine and operating concepts; aligned training and assurance; enhanced operational planning and force employment; integrated sustainment and interchangeability; and coherent capability development. JEF, which is meant to compliment NATO, is made up of Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Netherlands, Norway, Sweden and the U.K. (NEWS.USNI.ORG)

GOVERNMENT AND INDUSTRY
Artificial intelligence
Humanoid robots controlled by surgeons did world-first operation on live pigs
Humanoid robots have surgically removed the gallbladders from living animals in an unprecedented medical experiment—but not as autonomous machines capable of replacing human doctors. Instead, skilled human surgeons remotely controlled the robots’ movements in a new example of human-robot teamups. The teleoperated humanoid robots completed two minimally invasive surgeries by removing gallbladders from live pigs during a preclinical trial that was published in the journal Nature. If this approach eventually proves clinically ready for human patients, surgeons could use such humanoid robots to remotely perform robotic-assisted surgical care in smaller hospitals and clinics that lack the resources to install specialized but expensive surgical robots. (ARSTECHNICA.COM)
Dark web
Google to kill popular dark web report tool
Google’s Dark Web Report tool will soon go dark. The tool is getting the axe next month, leaving countless users scrambling for alternatives after the tech giant announced that the feature failed to deliver meaningful protection. The monitoring tool, which scanned the dark web for stolen personal information, will cease new breach detection on Jan. 15, 2026, before shutting down completely on Feb. 16, 2026. (TECHREPUBLIC.COM)
Defense
Army orders mass shutdown of official social media accounts
The U.S. Army is consolidating its official social media presence, drastically slashing the number of allowable accounts and ordering commanders to remove newly unauthorized accounts within 30 days, the service announced in a late-June memorandum. The directive, signed by Secretary of the Army Dan Driscoll, limits official social media accounts to a set list of higher-level organizations, effectively ending the digital footprints of many subordinate units. In a Wednesday statement, the Army said the move was intended to “ensure a clear, unified voice, reduce operational risk, and improve information access for Soldiers, Families and the public.” (ARMYTIMES.COM)
Drones
Pentagon awards deals for laser weapons that could shoot down drone swarms
The Defense Department has awarded other transaction agreements to nLIGHT Defense and Lockheed Martin Aculight for directed energy weapons as the military seeks new tools for zapping adversary drone swarms and cruise missiles, the Pentagon announced Thursday. The deals, valued at $86 million, will support the Joint Laser Weapon System program, spearheaded by the Pentagon’s Research and Engineering directorate. Defense officials have long-touted the benefits of DE systems such as their high-speed engagement, low cost-per-shot and deep magazines. However, despite their promise, the Pentagon has historically struggled to transition such platforms from research and development to larger-scale production and fielding. (DEFENSESCOOP.COM)
Emergency services
San Andreas Fault: Hidden movements revealed by artificial intelligence
A research team led by Dr Zahra Zali (GFZ Helmholtz Centre for Geosciences), together with Prof. Patricia Martínez-Garzón (GFZ), Dr David Mencin (EarthScope), and Prof. Gregory C. Beroza (Stanford University), has uncovered a previously hidden population of so-called slow slip events beneath the Parkfield section of California’s San Andreas Fault. Using artificial intelligence and highly sensitive strainmeter observations, the researchers identified dozens of short-duration slow slip events and showed that these silent fault movements are systematically followed by increased low-frequency earthquake activity. The study has been published in Nature Communications. (EUREKALERT.ORG)
IT modernization
TMF wants to fund AI, faster permitting tech projects before money runs out
The Technology Modernization Fund is open for proposals and prioritizing faster permitting technology and artificial intelligence adoption projects, its acting director said Thursday. Jessie Posilkin said that as of this week, the TMF is “being explicit” about its desire for Council on Environmental Quality-supported projects to speed and scale permitting, and to advance USAi adoption in agencies facing capability and infrastructure gaps preventing responsible use. “TMF was made for moments like this, where agencies can’t afford to wait on budget and procurement cycles,” Posilkin said in a LinkedIn post. “I’m excited we’re still poised to help agencies meet a critical moment of opportunity – and a bipartisan one, at that!” (FEDSCOOP.COM)
Leadership
DoT CIO Pidugu leaving
Pavan Pidugu, the Transportation Department chief digital and information officer, is leaving his role. Pidugu, who told his staff this morning, confirmed his last day is Sept. 4. He offered no further details on where he was heading or who would be acting CIO in his place. Jack Albright is the DoT deputy CIO and Charles Taumoepeau is the acting senior strategy and government advisor in the office, both of which are possible candidates to be acting CIOs. (FEDERALNEWSNETWORK.COM)
HUD CIO tapped to lead Interior tech shop, people familiar say
Department of Housing and Urban Development Chief Information Officer and Chief Artificial Intelligence Officer Eric Sidle is expected to soon take up the Department of Interior’s top tech post after the latter agency’s CIO departed, according to two people familiar with the matter. He is finalizing the paperwork process and could be onboarded in the next one to two weeks, said both people, who spoke on the condition of anonymity because the selection has not been made public. Sidle joined HUD in May 2025 after serving in the private sector for a number of years in a variety of tech-specific roles. (NEXTGOV.COM)
Offense
NSA revives ‘Tailored Access Operations’ name for elite hacking unit
The National Security Agency has rebranded its elite hacking division, though the new name will be familiar to anyone who has followed the spy agency’s history of offensive cyber operations. NSA last week changed the moniker of its Office of Computer Network Operations (CNO) back to Tailored Access Operations (TAO), a name that is sure to elicit nostalgia among the broader digital community for a group with roots in the early 1990s. The switch is part of a reorganization by NSA’s new leadership to make the largest electronic spy agency in the world more adept at facing evolving digital threats from China, Russia and others. (THERECORD.MEDIA)
Regulations
EU takes member states to court over unimplemented cybersecurity law
The European Commission on Wednesday filed legal referrals at the EU’s top court against four member states for failing to implement the bloc’s flagship cybersecurity law covering critical infrastructure. Ireland, Spain, France and the Netherlands are more than 20 months late in transposing the NIS2 Directive, which sets minimum security standards for hospitals, energy networks, transport operators and public administrations. The Commission has asked the Court of Justice of the European Union to impose a lump sum and ongoing daily financial penalties on all four countries until each formally notifies full transposition. (THERECORD.MEDIA)
Workforce
75% of CISOs fear executives don’t understand cybersecurity risks employees face
Over three quarters of cybersecurity leaders believe that the board level decision makers above them do not understand the cybersecurity risks associated with how their employees act in the workplace. That is according to a report by MetaCompliance, published on July 9 and based on responses from over 200 CISOs across Europe. Of those surveyed, 78% said that C-level executives do not fully understand cybersecurity risks, at a time when employees are bombarded with phishing attacks and are forced to contend with security challenges around the rise of AI. This lack of understanding, and sometimes interest, from the board has created headaches for cybersecurity leaders, who are faced with bolstering resilience against cyber threats despite a lack of consistent senior-level backing. (INFOSECURITY-MAGAZINE.COM)
LEGISLATIVE UPDATES
Bipartisan lawmakers press agencies on AI election threats
A bipartisan pair of House lawmakers are pressing multiple federal agencies over the risks artificial intelligence could pose to the upcoming election, specifically over chatbots’ responses to voters. Reps. Josh Gottheimer (D-N.J.) and Mike Lawler (R-N.Y.), in a letter sent Tuesday, urged the heads of the departments of Homeland Security and Justice, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Election Commission (FEC) to “work together” to ensure AI models are not inconsistent when answering voters’ questions. (THEHILL.COM)
Bipartisan bill would expand financial support for U.S. quantum industry
Reps. Mike Lawler (R-N.Y.) and Josh Gottheimer (D-N.J.) introduced bipartisan legislation on July 6 that would expand the Export-Import Bank of the United States’ (EXIM) authority to support a broader range of quantum technologies. In a press release, the lawmakers said the Advancing American Quantum Leadership Act of 2026 would help strengthen U.S. competitiveness with China in a critical emerging technology sector. Specifically, the bill broadens the current definition of “quantum computing” under EXIM’s China and Transformational Exports Program (CTEP) to “quantum information science and technology.” (MERITALK.COM)
CBO: House highway bill would widen trust fund deficit
The House version of this year’s mega surface transportation reauthorization bill could increase the deficit anticipated in the Highway Trust Fund over the next five years despite the inclusion of new fees on electric vehicles and hybrids, according to the Congressional Budget Office. The CBO analysis, released Thursday, found that cumulative shortfalls expected by the end of 2031 under the bill would be $99.5 billion for the highway account and $48.2 billion for the transit account, based on historical spending rates and higher authorized amounts in the legislation. Those metrics would be an increase from the CBO’s baseline projections for the HTF accounts published last month, which estimated $86 billion and $45.2 billion shortfalls for the highway and transit accounts, respectively. (ROLLCALL.COM)
ALERTS AND ADVISORIES
Active exploitation of critical vulnerabilities in Joomla extensions
Joomla is a content management system for websites. Security updates were released in June 2026 to address two critical vulnerabilities (CVE-2026-48908 and CVE-2026-56290) affecting Joomla extensions: SP Page Builder and Page Builder CK. These vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to upload arbitrary files, potentially resulting in remote code execution and complete takeover of the affected website. (CSA.GOV.SG)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
CONNECTED CARS: Join Chris Miller, the author of Chip War and a nonresident senior fellow at AEI, alongside Senator Bernie Moreno and Chairman John Moolenaar of the Select Committee on China for a July 13 discussion on how Congress is addressing the threat posed by Chinese data collection through connected vehicles.
RESEARCH SECURITY: Congress, federal agencies, and some university leaders have taken important steps in recent years to strengthen research security and improve transparency surrounding foreign funding, talent recruitment programs, and research partnerships. However, significant vulnerabilities remain. To discuss the evolving research security landscape, please join FDD for a July 14 conversation featuring House Select Committee on China Chairman John Moolenaar (R-Mich.) and Senator Jim Banks (R-Ind.). Moderated by FDD Senior Fellow Craig Singleton, the conversation will examine the challenges posed by the Chinese Communist Party’s efforts to leverage American universities for strategic gain and potential safeguards in this year’s National Defense Authorization Act.
AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.
AI AND EDUCATION: On July 16, the Center for Universal Education at Brookings will host a conversation to examine the effects of AI slop on young children’s learning, development, and well-being, as well as the incentives driving its production. As the third event in the Generation AI Starts Early webinar series, the discussion will bring together perspectives from health, media, and policy to explore what AI-generated content means for young children, caregivers, policymakers, and the broader media ecosystem.
AI HEALTH CARE: The AI in Health Conference from Sept. 15 to Sept. 17 bridges the gap between artificial intelligence and real-world health outcomes — focusing not just on what AI can do, but on what it should do to improve patient care. Hosted by the Ken Kennedy Institute at Rice University, the fifth annual AI in Health Conference will explore the current landscape of artificial intelligence in health and present a research-driven outlook for the future of computational health innovation. The program is designed to connect researchers and innovators with engineers, clinicians, and entrepreneurs at the forefront of AI in healthcare and public health.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS