Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – July 14, 2026


Cyber Briefing

TODAY’S TOP 5

FIRST-IN-NATION STATEWIDE DATA CENTER MORATORIUM: Gov. Kathy Hochul of New York is set to sign an executive order today placing a one-year pause on the construction of the largest data centers, putting the state at the forefront of the national debate over artificial intelligence companies’ impact on American landscapes and energy grids, The New York Times reports. The order, the first of its kind to be enacted in the United States, will temporarily bar the state from approving permits for so-called hyperscale data centers, which use 50 or more megawatts of power to operate. During the pause, New York will develop a regulatory framework for assessing how these behemoth projects affect the environment. A farther-reaching moratorium passed the State Legislature last month, prompting questions about whether Hochul, who has championed artificial intelligence as a tool for research and good governance, would be supportive. Hochul has not yet signed the bill, but said she will continue to consider it.

  • Meta said on Monday its data center in Richland Parish, Louisiana, will expand to 5 gigawatts of compute capacity, with investment in the project increasing ‌to more than $50 billion, Reuters reports. The planned data center, known as Hyperion, was earlier projected to deliver more than 2 gigawatts of compute capacity to support training of large language models, the technology behind tools such as ChatGPT.
  • Microsoft reported a 25 percent jump in carbon emissions in 2025 as it sets out to grow its use of artificial intelligence (AI) data centers, The Hill reports. The emissions increase was “driven primarily by the expansion of our datacenter infrastructure and pausing our use of non-additional, unbundled renewable energy certificates as we prioritize investments that bring net new power to grids,” Microsoft Vice Chair and President Brad Smith and Chief Sustainability Officer Melanie Nakagawa said in the new sustainability report.

CMMC SUSPENDED AS PENTAGON LAUNCHES CYBER REQS REVIEW: The Pentagon is suspending the ramp up of new Cybersecurity Maturity Model Certification third-party assessment requirements, while also launching a sweeping review of the CMMC program that once again calls into question the future of the contractor cyber compliance regime, Federal News Network reports. In a Monday announcement, the Defense Department said it is suspending plans to introduce phase two of the CMMC requirements. That would have involved DoD requiring third-party cybersecurity assessments across all contracts involving sensitive but unclassified information starting Nov. 10, 2026. DoD says the phase one requirements for applicable contracts to require a CMMC self-assessment, which went into effect last November, remain in force.

  • The move follows months of complaints from small and mid-sized aerospace and defense suppliers, some of whom told Reuters earlier this year that compliance costs were running into the hundreds of thousands of dollars. ‌They said this, combined with long waits for third-party audits, was prompting them to reconsider defense work altogether. Industry lawyers had also warned the rules risked squeezing out lower-tier suppliers and complicating business for international companies juggling competing data-privacy standards. Pentagon Chief Information Officer Kirsten Davies said the suspension responds to those pressures.

GRID ATTACK OFFICIALLY PINNED ON RUSSIA: The UK and EU are demanding urgent action from critical infrastructure organizations after formally attributing the December 2025 cyberattack on Poland’s power grid to Russia’s Federal Security Service, The Register reports. The Foreign, Commonwealth & Development Office (FCDO) described the attack, carried out by the FSB’s Centre 16 division, as “another example of the Russian state’s irresponsible attempts to sow chaos across Europe.” Milosz Motyka, Poland’s energy minister, confirmed the attack on the country’s power grid in January. He said experts suspected that whoever was behind it attempted to disrupt communication between renewable hardware and power distribution operators. The attack was ultimately unsuccessful, but suspicion quickly fell on Russia.

  • The European Union and Britain on Monday imposed sanctions on Russian military intelligence officers, hackers and private companies, denouncing what they described as a yearslong cyberespionage campaign to undermine governments in Europe, The Associated Press reports. The EU decision affects nine people and four entities accused of links to an online spying network that the bloc said has targeted governments and carried out sabotage operations against critical infrastructure like heating and power plants since 2010. Britain slapped sanctions on 24 people and entities. EU foreign policy chief Kaja Kallas said those hit by the sanctions “contribute to Russia’s efforts to destabilize the EU, its member states and international partners.”
  • China’s military-civil fusion (MCF) doctrine has systematically converted global telecommunications networks into a forward-operating base for the People’s Liberation Army and Ministry of State Security. By legally and technically embedding intelligence requirements into civilian carriers, edge devices, and supply chains, Beijing has achieved durable, low-and-slow access, exemplified by campaigns such as Salt Typhoon, that survives patching cycles and provides both peacetime intelligence and wartime disruption options, Gerald Mako writes at Small Wars Journal. Western governments and operators now face a structural asymmetry: Episodic technical fixes are insufficient against a doctrine that treats commercial infrastructure as routine intelligence preparation of the battlefield. Sustained resilience requires zero-trust segmentation, behavioral analytics, MCF-aware procurement and multilateral cooperation before 6G deployments risk cementing the imbalance for decades.

DHS BREACH TWICE RULED A FALSE POSITIVE: Department of Homeland Security personnel twice dismissed signs of cyber intruders inside the agency’s Homeland Security Information Network as harmless activity, allowing hackers to remain undetected inside for weeks and eventually steal credential files, according to an internal incident readout viewed by Nextgov/FCW. HSIN was breached about two months ago, Nextgov/FCW first reported in late June. The network houses sensitive, unclassified data that’s shared between federal, state, local, industry and overseas partner organizations. Department investigators have still not determined the affiliation of the hackers, according to two people with knowledge of an ongoing probe into the incident. DHS may send staff to brief Congress on the hack in a classified setting in the coming weeks, added the people, who spoke on the condition of anonymity to communicate the department’s thinking.

  • When IndyCar takes over the National Mall in August – in the heart of America’s most restricted no-fly zone – the FAA will allow drone flights to capture the scene. Homeland security experts aren’t confident the agency can make that happen safely, Small Wars Journal reports. The 1.7-mile course for the Freedom 250 Grand Prix on Aug. 22 and 23 will bring speeding cars within 1,400 feet of the Capitol, with a tight turn at FBI headquarters on Pennsylvania Avenue and a long stretch alongside the Department of Justice. “Drones in the wrong hands with the wrong intent can provide a major threat to critical infrastructure, to people, purely because of the capability that they provide from the air if not regulated, if not tracked,” said retired Coast Guard Vice Adm. Peter Gautier, a senior fellow at the Atlantic Council who led disaster preparedness at the National Security Council earlier in his career.

WHAT CONGRESS IS REVEALING ABOUT CIVILIAN SAFEGUARDS FROM MILITARY AI: As military use of AI fills headlines, members of the Senate are taking steps to regulate and restrict how the Department of Defense develops and uses AI in its operations. In May and June 2026, five senators with significant national security credentials introduced military AI bills ahead of the Senate’s mark-up of the National Defense Authorization Act (NDAA), the foremost defense policy bill passed every year. While differing substantially in scope and approach, the bills collectively represent one of the first serious congressional efforts to establish safeguards around military AI. As the NDAA moves forward, it appears increasingly likely that it will include substantive measures regarding the military use of AI. Examining the proposed legislation together reveals an emerging framework for civilian protection in the age of AI, and also exposes remaining gaps, Sarah Wilbanks and John Ramming Chappell write at Just Security.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

AI is changing the speed and scale of cyber conflict, but the burden on defenders remains the same: they have to protect complex systems all the time, while attackers only need one opening. That imbalance is especially urgent as critical infrastructure, intelligence missions and space systems become more connected, more contested and harder to secure. Chris Jones, chief technology officer at Nightwing and a former senior CIA technology leader, joins Frank Cilluffo on the latest episode of Cyber Focus to discuss what that means for national security. He explains why AI may give attackers a short-term advantage, why many breaches still come down to basic defensive discipline and why even the most advanced tools depend on skilled people, sound judgment and mission-focused teams.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Biothreats

Michigan cyclospora outbreak investigation zeroes in on lettuce, salad greens

Michigan public health investigators say they are zeroing in on lettuce and other salad greens as potential sources of a massive outbreak of cyclosporiasis that has infected at least 2,640 people in the state since June 22. “Although we do not have a definite product identified as the source of the outbreak, we want to let Michiganders know what we have learned so far so they can take steps to protect their families,” said Dr. Natasha Bagdasarian, the state’s chief medical executive, in a statement issued Monday. “Early information has shown lettuce as a common product that regularly comes up during the investigation. We will continue to provide updates as we learn more.” (FREEP.COM)

MORE: What to know about the cyclosporiasis outbreak hitting more than half of U.S. states (NPR.ORG)

Breaches

Mystery deepens over data breach of Oklahoma inmate info

Ten days ago this network reported about claims that a hacker group called Breach Boyz had gained information about inmates at the Rogers County jail, sending an email with a list of nearly 30 inmates along with their private information like driver’s license numbers, home address and social security numbers. Since then, Rogers County authorities have taken several steps to investigate the matter, stating that the hackers do have info and it’s accurate, “… but as best as OSBI and a network security company can determine, there’s no vulnerability on our end.” And that they’re still trying to determine the viability of where they got their data. (KTUL.COM)

Cybercrime

VPN service favored by ransomware groups is sanctioned by U.S.

The U.S. government on Monday sanctioned a VPN provider and its Ukrainian administrator for abetting ransomware gangs behind attacks on American municipalities, hospitals, schools and businesses. First VPN Service (1VPNS) provided ransomware groups with tools to “hide their identities, disguise malicious software, and evade detection — enabling attacks that have caused billions of dollars in losses to U.S. critical infrastructure providers,” according to a Treasury Department press release. The administrator, Dmytro Rashevskyi, used fake identities “to buy infrastructure from companies that might otherwise refuse to do business with him because of complaints of abuse from internet service providers about illegal activity originating from 1VPNS servers,” the Treasury said. (THERECORD.MEDIA)

Five charged in ‘Russian Coms’ fraud platform case

Five people from London have been charged as part of a multi-year investigation into a notorious fraud platform thought to be responsible for millions of scam calls. The charge list includes conspiracy to supply articles for use in connection with fraud, acquiring, transferring and converting criminal property, and “failure to comply with a notice relating to not providing phone passcodes.” The arrests relate to Russian Coms, which the National Crime Agency (NCA) described as a “group” but is also the name of a vishing platform used extensively by fraudsters until it was shut down in 2024. (INFOSECURITY-MAGAZINE.COM)

Emergency services

Brutal June heat wave killed as many as 14,000 Europeans

Last month’s record-breaking heat wave killed thousands across Western Europe, making it one of the continent’s deadliest climate disasters. Preliminary official mortality data and researchers’ estimates from the six hardest-hit countries point to at least 14,000 excess deaths during the period of extreme heat, according to POLITICO’s analysis. The heat wave, which began around June 18 and lasted until July 1, shattered records in several countries. Scientists found that the extraordinary temperatures would have been virtually impossible without human-caused climate change driven by the burning of fossil fuels. (POLITICO.EU)

Energy

PG&E faces $22M penalty for Mosquito Fire under proposed agreement

The California Public Utilities Commission is receiving public comments on a proposed settlement agreement with Pacific Gas and Electric Co. that would penalize the utility $22 million for the 2022 Mosquito Fire in Placer County. The Mosquito Fire burned more than 75,000 acres and dozens of structures. A subsequent CPUC investigation of PG&E’s infrastructure found violations of state rules for the design, construction and maintenance of overhead electrical lines. “The proposed settlement penalizes PG&E and requires them to conduct a detailed review of its Centralized Inspection Review Team’s program at shareholder expense,” the CPUC said in a statement Friday announcing the proposed settlement. (UTILITYDIVE.COM)

Health care

Nearly 12,000 military Tricare beneficiaries warned of data breach

TriWest Healthcare Alliance officials notified 11,844 beneficiaries of a data breach that may have affected their protected health information. In a letter to one beneficiary dated July 2 and provided to Military Times, TriWest officials said they had discovered a security incident April 16, in which an unauthorized person gained limited, unauthorized access to TriWest information and downloaded it. “We are unaware of any misuse of your information,” officials stated in the letter, but they went on to say TriWest is offering a free credit-monitoring service for those who feel it’s needed. (MILITARYTIMES.COM)

Insider threats

Apple says former employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

On Friday, Apple dropped the bombshell news it was suing OpenAI over the alleged theft of trade secrets, claiming that OpenAI stole Apple’s confidential data and engaged in efforts to learn proprietary information while recruiting former Apple employees. In accusing OpenAI of stealing secrets about Apple’s unreleased products, Apple revealed that a former employee allegedly siphoned reams of sensitive files from the company’s shared network folders, weeks after leaving Apple for a job at OpenAI. In its complaint, Apple says the former employee, a system electrical engineer named Chang Liu, allegedly “exploited a rare, previously unknown authentication bug” that allowed access to the company’s network. (TECHCRUNCH.COM)

Transportation

Japan’s largest taxi operator shuts systems after cyberattack

Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company’s taxi dispatch system, which remains offline as of today. Nihon Kotsu is Japan’s largest taxi and chauffeur (hire) operator by group revenue, with annual revenue of roughly $1 billion (¥155 billion). (BLEEPINGCOMPUTER.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

AI, once relegated to helping hackers with certain tasks, can now power every stage of a cyberattack

Just two years ago, hackers were tapping into generative artificial intelligence to probe targets, translate technical material and troubleshoot malicious code. The technology sped up some key parts of a cyber operation, but other stages remained solely in human hands. That line is now beginning to blur. In a range of cyberattacks observed over the past year, AI systems generated commands, tested vulnerabilities and helped hackers move through victim networks, sometimes carrying out thousands of commands with less human direction than researchers had previously seen, according to research released Monday night by cybersecurity firm Check Point. It means AI has now been used in some form at every stage of a cyberattack, from identifying targets to exploiting vulnerabilities to stealing data, to help hackers achieve their goals. (NEXTGOV.COM)

Grok build uploaded entire Git repositories to xAI storage, not just files it read

xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not to open. The upload rode a separate channel from the model itself, and the byte split is hard to argue with. On a 12 GB repo of files the model never read, model-turn traffic to /v1/responses came to about 192 KB while the storage channel to /v1/storage moved 5.10 GiB, a roughly 27,800x gap between what the model needed and what left the machine. (THEHACKERNEWS.COM)

New MemGhost attack plants persistent false memories in AI agents through one email

Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false “fact” about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an ordinary-looking reply and never learns their assistant was tampered with. The researchers named the attack stealth memory injection and built a tool that writes the emails automatically. The paper, “When Claws Remember but Do Not Tell,” landed on arXiv on 6 July 2026. (THEHACKERNEWS.COM)

Malware

CrashStealer: New macOS infostealer uses signed apps to evade gatekeeper

Jamf Threat Labs first spotted CrashStealer in early May 2026 as a suspicious macOS sample uploaded to VirusTotal. By early July, in-the-wild detections confirmed the malware had moved from development into active deployment. The malware is written in native C++, impersonates Apple’s built-in crash-reporting framework, and encrypts everything it collects before sending it out. Most commodity macOS stealers are thin AppleScript wrappers or lightweight Objective-C tools. This one isn’t. (SECURITYAFFAIRS.COM

Siggen backdoor hits Windows developers via infected Visual Studio projects

A newly analyzed Windows backdoor, called the Siggen backdoor “BackDoor.Siggen2.5906”, targets software developers by modifying C++ and C# projects, allowing malicious code to spread through source files, compiled applications, and development environments. Doctor Web researchers said the malware can steal passwords, browser cookies, Discord tokens, Telegram data, and cryptocurrency wallet information. It also monitors clipboard activity, provides remote access to infected computers, installs cryptocurrency miners, and inserts malicious code into developer files. (HACKREAD.COM)

Phishing

Phishing for dummies: Forg365 lowers barrier to M365 account takeovers

A newly documented phishing-as-a-service platform distributed through Telegram is lowering the technical barrier to Microsoft 365 account takeovers by giving less-skilled attackers automated tools to evade some authentication controls and retain access after compromise. The platform, called Forg365, uses AI-assisted lure creation alongside device-code abuse and adversary-in-the-middle techniques, according to research published by security company ZeroBEC. Forg365 was offered with a five-day free trial, followed by subscriptions priced at $400 per month or $3,800 per year, the researchers said. (CSOONLINE.COM)

Tactics

Defending SaaS-based applications against ShinyHunters OAuth abuse

In a series of campaigns observed between mid-2025 and mid-2026, Microsoft identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing), supply chain compromise, and misconfigured guest access to target customer SaaS-based applications such as Salesforce instances. The threat actors abused trusted OAuth relationships for unauthorized access, data exfiltration, and persistence. Three primary intrusion paths were observed including vishing techniques targeting OAuth consent, supply chain compromise through trusted workflows and integrations such as Salesloft and Gainsight, and exploitation of misconfigured guest access. (MICROSOFT.COM)


Hackers find a new trick to collect Microsoft Entra user data without raising red flags

Businesses should be on guard for a hacking campaign in which attackers spoof OAuth client IDs to collect information about targets’ user directories, the security firm Proofpoint said on Monday. The security firm said it had observed “multiple campaigns at scale abusing spoofed OAuth application identifiers, with distinct tooling, infrastructure, and execution patterns indicating independent adoption by multiple threat actors.” The report explains how organizations should monitor their networks for this reconnaissance technique. (CYBERSECURITYDIVE.COM)

Turla hackers exploit SharePoint flaw to access thousands of French user accounts

Turla, a long-running cyber espionage operation linked by French authorities to Russia’s Federal Security Service, has again drawn attention after investigators detailed compromises affecting French organizations. The group has been active for more than two decades and is known for quietly stealing sensitive information from government, diplomatic, defense, justice, and technology targets. Rather than relying on one method, Turla operators have used phishing emails, infected websites, vulnerable internet-facing systems, and compromised network equipment to gain a foothold. (CYBERSECURITYNEWS.COM)

Terrorism

Europol: Terrorism today is more fragmented, more adaptive and less predictable

Europol’s 2026 EU Terrorism Situation and Trend Report (EU TE-SAT), released Monday, reveals that violence has become a means of gaining identity, recognition and belonging, and that online ecosystems are reshaping the way terrorist threats emerge, evolve online and materialize offline. “As violence, identity and ideology become increasingly intertwined, the traditional indicators that once served for the identification of terrorist threats are now becoming more complex and less predictable,” Europol said when releasing the report. (THREATBEAT.COM)

Vulnerabilities

RabbitMQ vulnerability threatens enterprise systems

A vulnerability in RabbitMQ could allow attackers to obtain the broker’s confidential OAuth secret, potentially posing a serious threat to enterprises, according to cybersecurity firm Miggo. RabbitMQ is a popular open source message broker that routes, buffers, and distributes messages, enabling asynchronous communication between applications. Tracked as CVE-2026-57219 (CVSS score of 8.7), the security defect impacts an open management endpoint that returns the OAuth secret to anyone, without authentication. (SECURITYWEEK.COM

Critical ServiceNow vulnerability allows remote attackers to execute malicious code

ServiceNow has disclosed and fixed a critical security vulnerability in its AI Platform that could allow unauthenticated attackers to execute code within affected ServiceNow environments. The flaw, tracked as CVE-2026-6875, is described as a sandbox escape vulnerability and affects both hosted and self-hosted ServiceNow deployments. ServiceNow said the vulnerability could allow an attacker to circumvent intended platform restrictions and execute code in certain circumstances. (CYBERSECURITYNEWS.COM)

WinFsp race condition flaw allows attackers to gain SYSTEM-level access on Windows

A newly disclosed vulnerability in the Windows File System Proxy (WinFsp) could allow a local attacker to gain SYSTEM-level privileges by exploiting a race condition that triggers a kernel heap overflow. Tracked as CVE-2026-3006, this vulnerability affects WinFsp versions 2.1.25156 and earlier, according to an advisory published by the Cyber Security Agency of Singapore (CSA) on April 27, 2026. The maintainers of WinFsp have released a security update to address the issue, and administrators are urged to upgrade immediately. (GBHACKERS.COM)

ADVERSARIES

Iran

U.S. to restart blockade of Strait of Hormuz, may charge major toll

The U.S. military will reimpose a blockade on the Strait of Hormuz Tuesday following a week of renewed fighting with Iran, U.S. Central Command announced Monday afternoon. CENTCOM officials confirmed the blockade hours after President Donald Trump announced the measure, along with a note that the U.S. would charge all cargo traffic passing through the waterway a toll for providing what the president termed “the job of providing safety and security” in the waterway. The blockade of traffic “entering and exiting Iranian ports” will restart at 4 p.m. Eastern Time on Tuesday, July 14, CENTCOM officials said. (TASKANDPURPOSE.COM)

Outgunned, but not outplayed: Iran’s theory of victory

OPINION: Nineteen weeks ago, Iran faced the combined might of the most powerful country in the world and the most advanced military in the Middle East. Today, it is dictating the terms of the peace. When the memorandum of understanding was signed last month, President Donald Trump declared, “The Deal with the Islamic Republic of Iran is now complete. Congratulations to all!” and told the ships of the world to start their engines. Iran’s response was to keep striking and impose toll collection on the world’s most critical shipping lane while expanding its influence in Iraq, where it is increasingly seen as the champion of Muslim resistance against American aggression. Saudi Arabia and the United Arab Emirates — which between them absorbed thousands of Iranian missiles and drones during the war — have since sent condolence delegations to Tehran for Supreme Leader Ali Khamenei’s funeral. The Gulf states have drawn their own conclusions about who won. (WARONTHEROCKS.COM)

North Korea

South Korean military targeted in nearly 19,000 cyberattack attempts in 2025

Cyberattack attempts against the South Korean military reached nearly 19,000 last year, marking the highest figure in five years, a lawmaker said Sunday. Among last year’s cases, 18,792 were classified as attempts to compromise websites by trying to take over administrator privileges. In its report to the lawmaker, the Cyber Operations Command said there were limitations in identifying the source of the attempts as malicious actors hide their tracks but noted North Korea appears to have recently advanced its hacking capabilities. (EN.YNA.CO.KR)

Threat actors

This one cyber crime group accounted for nearly a fifth of all ransomware attacks in June

Check Point’s analysis highlighted increased activity by The Gentlemen, a new ransomware operator on the scene. The group overtook Qilin as the most active ransomware group globally, accounting for 17% of published attacks. LockBit activity also increased, rising from 1% of published attacks in May to 7% in June, making it the third most prevalent group. “The rise of The Gentlemen to the top of the ransomware leaderboard is a clear reminder that new operators can rapidly become major global threats,” said Mark Mitchell, security engineer at Check Point Software. (ITPRO.COM)

Hacker conversations: Jesse McGraw (GhostExodus), from blackhat hacker to redemption

Jesse McGraw isn’t a hacker; at least, not by his own definition. He accepts he was a hacker, and a blackhat hacker, and that he still retains the mindset of a hacker. But he is no longer a hacker, he says. He realized he was a hacker while in high school. “My one and only friend was a hacker, and I had never seen anything like what he did.” Before then, McGraw had thought computers were just something used for word processing; a tool that could be used for its intended purpose. Then he saw this person programming in math class. (SECURITYWEEK.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

‘Yellow teams’ are defining the future of AI security

A small number of engineering teams are developing the defenses that organizations will need against future advanced AI attacks. They’re also building the frameworks attackers will utilize to carry out those attacks. In April, Anthropic invited more than 50 organizations to participate in its Project Glasswing initiative to preview Claude Mythos, which the company claimed at the time was the most advanced cybersecurity AI. OpenAI followed suit shortly after, inviting organizations to play with its own GPT 5.5 under the Daybreak program. Since then, red teams — penetration testers — have been using the AI models to exploit their own companies’ systems, and rival blue teams tried to detect and defend against those exploits. In the middle of it all are engineers, building both mitigations against the models’ greatest threats and frameworks for mobilizing their greatest powers. (DARKREADING.COM)

Data centers

Data-center builders are racing to offload stakes worth billions

America’s data-center developers are ready to cash in on the AI boom. Data-center builders and operators across the U.S. are working with bankers to sell majority equity stakes worth tens of billions of dollars in their companies this summer, according to people familiar with the efforts. Bankers are working to sell stakes in firms including Netrality Data Centers, DataBank, Edged, EdgeCore Digital Infrastructure and others with properties located from Phoenix to Atlanta. They are pitching private-equity firms on a hot asset class benefiting from unrelenting demand for computing power. (WSJ.COM)

Lawsuit: $15B Wisconsin data center lacks required environmental review

The Sierra Club is suing in Wisconsin court to overturn the approval of a massive new hyperscale data center near Lake Michigan. The new lawsuit announced Friday challenges the decision by state regulators to issue a construction permit for the $15 billion Lighthouse project in Port Washington, Wisconsin — without conducting the most rigorous type of analysis of its potential risks. The lawsuit is part of growing public backlash nationwide to the resource demands from rapidly proliferating data centers, including water use, power and planet-warming emissions. (EENEWS.NET)

Defense

Pentagon disburses Havana Syndrome compensation, rebrands team focused on ‘Directed Energy Bio-Effects’

The Defense Department has paid out millions of dollars to personnel affected by so-called Havana Syndrome and renamed a key cross-functional team as the Directed Energy Bio-Effects CFT to investigate associated issues, the Pentagon announced Friday. According to a press release, the disbursements were the first payments associated with the 2021 HAVANA Act made under any presidential administration. The release did not say how many individuals have received compensation thus far. The term “Havana Syndrome” emerged after U.S. government personnel and their family members began reporting mysterious, often debilitating symptoms including intense ear pain, vertigo, headaches, dizziness, hearing and memory loss, visual disturbances and more in 2016. The first incidents were reported by officials who were stationed at the U.S. Embassy in Havana, Cuba, hence the origin of the name. (DEFENSESCOOP.COM)

New jets, drones will transform Fort Hood into Army’s aerial intel hub

The U.S. Army has announced that its future fleet of ME-11B High Accuracy Detection and Exploitation System (HADES) aircraft will be based at Fort Hood in Texas. The service says it will also establish a first-of-its-kind operational drone battalion at this base as part of a larger consolidation of aerial intelligence, surveillance, and reconnaissance (ISR) assets. This all follows the Army’s retirement of the last of its turboprop ISR planes last year. The Army shared the ME-11B basing plans in the context of the relocation of the 116th Military Intelligence Brigade, headquartered at Fort Gordon in Georgia, to Fort Hood. That process is now underway. The most recent iteration of the 116th has been serving as the Army’s main aerial ISR formation since 2014. Over the past 12 years, the brigade has also overseen units at several other bases across the country, including ones already at Fort Hood. (TWZ.COM)

Drones

America’s latest weapon against Iran: Sea drones

When three American drone boats sneaked into an Iranian port and blew up a submarine and ship maintenance facility on Sunday, it marked a significant public milestone for the U.S.’s growing fleet of unmanned surface vessels. The drone boat attacks, which were part of a broader wave of strikes, hit the port at Bandar Abbas Naval Base in a kamikaze mission, according to a statement and videos released by U.S. Central Command. It was the first time American forces have employed sea drones in combat operations, the command said. (WSJ.COM)

The Pentagon says drones are not a ‘silver bullet’ in its new handbook on fighting them

Unmanned aerial systems or drones have become the driving force behind military strategy. They’ve offered cheap alternatives to costly weapons systems, drained interceptor stockpiles and proven to be a powerful force multiplier on the battlefield. But the Department of Defense’s lead task force on drones says they aren’t a “silver bullet” when it comes to war. And now it put out what it called a “practical handbook” on how drones are used in warfare and how they can be deterred. Last week, Joint Interagency Task Force 401, the Department of Defense’s lead body for the drone threat, released “Small Drones, Big Problems: A First Principles Approach to Countering-UAS,” its largest publication since it was set up last summer. The guide draws from both major operations used by other countries such as Ukraine and the experiences of American troops who are fielding counter-drone systems. (TASKANDPURPOSE.COM

Elections

States are building their own election defense networks as federal support evaporates

The Trump administration’s abrupt firing of Election Assistance Commission commissioners last week and a Department of Justice warning threatening states with criminal prosecution have created new legal peril for officials who run, administer and secure elections. The EAC is an obscure but important agency that oversees testing and standards for voting machines, including around security. While federal certification is voluntary, states have until now relied upon their stamp of approval when purchasing voting machines. On July 10, Democratic Commissioners Ben Hovland and Thomas Hicks were fired by the White House, while reports indicate that a third Commissioner, Republican Christy McCormick, resigned. While Congress mandated the commission be bipartisan, the Supreme Court has recently given the President broad authority to fire executive branch officials at will. (CYBERSCOOP.COM)

Social media

EU leaders eye social media ban for children under age 13

The European Commission should impose a social media “start date” of age 13 for children, President Ursula von der Leyen says. Von der Leyen told the Financial Times on Monday that she is considering a “harmonised EU-wide delay to social media” for kids under age 13 who are not under the supervision of a caregiver. “While ultimately it is up to parents to decide when children get their first smartphones, what we already have is a consensus that there needs to be a start date for the age children can join social media,” von der Leyen said separately in a statement issued Sunday. (THERECORD.MEDIA)

Space

SDA awards contracts for 36 Golden Dome missile tracking satellites

The Space Development Agency announced contracts worth $1.75 billion to build 36 satellites in support of the Pentagon’s Golden Dome missile defense shield. The satellites will be part of Tranche 3 of SDA’s missile defense, warning, and tracking layer, a constellation of satellites in low-Earth orbit. L3Harris and Sierra Space both received contracts to build 18 satellites each and deliver them in time for a potential launch in late 2028. “With these awards, SDA is accelerating the deployment of the Tracking Layer to provide the homeland, our deployed forces, and allies with global, persistent indications, detection, identification warning, tracking, and defense against advanced and evolving missile threats,” SDA Director GP Sandhoo, who is also the Space Force’s Portfolio Acquisition Executive for Missile Warning and Tracking, said in a July 13 statement. (AIRANDSPACEFORCES.COM)

LEGISLATIVE UPDATES

Trump urges Senate to pass crypto bill in honor of Graham

The 71-year-old senator did not serve on the two committees involved in drafting the crypto legislation and was primarily focused on foreign policy issues, such as a new Russian sanctions package and the war in Iran, before his passing. The Clarity Act, however, is a top legislative priority for Trump and the GOP ahead of the midterm elections. It appears poised to come up for a vote on the Senate floor in the coming weeks, before Congress departs for its August recess. (THEHILL.COM)

House Republicans tee up vote on nuclear bills

A House Energy and Commerce subcommittee will vote this week on a package of bills aimed at further streamlining regulations for nuclear reactor development. The Energy Subcommittee is scheduled to consider several measures — many with bipartisan support — that lawmakers say build on the ADVANCE Act, the 2024 law intended to accelerate deployment of advanced reactors by overhauling what industry advocates viewed as an overly cumbersome Nuclear Regulatory Commission licensing process. (EENEWS.NET)

COMMITTEE ACTIVITY:

NSS: The Senate Foreign Relations Subcommittee on Western Hemisphere, Transnational Crime, Civilian Security, Democracy, Human Rights, and Global Women’s Issues will hold a July 14 hearing on the National Security Strategy and the western hemisphere.

AI AND SMALL BUSINESS: The House Small Business Committee will hold a July 14 hearing on how AI is shaping the future of small business.

AI COMPETITION: The House Foreign Affairs Committee will hold a BIS budget hearing on July 14 focusing on the AI arms race and the ICTS office.

SUPPLY CHAIN: The House Foreign Affairs Committee will hold a July 15 hearing on ending supply chain dependency.

RESEARCH: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party will hold a July 15 hearing on protecting American innovation in the federal research security enterprise.

ELECTIONS: The House Administration Subcommittee on Elections will hold a July 15 hearing on election observation.

FRAUD: The House Oversight and Government Reform Subcommittee on Government Operations will hold a July 15 hearing on emerging fraud threats and the evolving fraud landscape.

ALERTS AND ADVISORIES

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2008-4128 Cisco IOS Cross-Site Request Forgery Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

Improve router hygiene to protect against Russian state-sponsored targeting

Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks. This joint Cybersecurity Advisory (CSA) builds on FBI’s Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure Public Service Announcement of the decadeplus FSB Center 16 cyber activity by providing additional tactics, techniques, and procedures (TTPs) to enable defenders to more fully understand and counter the threat. (IC3.GOV)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

RESEARCH SECURITY: Congress, federal agencies, and some university leaders have taken important steps in recent years to strengthen research security and improve transparency surrounding foreign funding, talent recruitment programs, and research partnerships. However, significant vulnerabilities remain. To discuss the evolving research security landscape, please join FDD for a July 14 conversation featuring House Select Committee on China Chairman John Moolenaar (R-Mich.) and Senator Jim Banks (R-Ind.). Moderated by FDD Senior Fellow Craig Singleton, the conversation will examine the challenges posed by the Chinese Communist Party’s efforts to leverage American universities for strategic gain and potential safeguards in this year’s National Defense Authorization Act.

AXIS OF UPHEAVAL: Join CNAS on July 14 for a virtual panel discussion on this topic to mark the release of a new report, Forecasting the Future of the Axis of Upheaval: The View from Moscow, by Andrea Kendall-Taylor. This report assesses the future of the “axis of upheaval” — the deepening relationships among Russia, China, Iran, and North Korea — from Moscow’s perspective. Kendall-Taylor argues that Russia’s support is likely to remain pragmatic and calibrated. In crises, Moscow is likely to provide its partners with political backing, economic support, intelligence sharing, technology transfers, and limited military assistance—particularly in areas such as drone warfare and regime security — while avoiding direct conflict with the United States. 

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.

AI WIRELESS: Join the American Enterprise Institute July 15 to look at how AI and telecommunications infrastructure are converging in 6G — the first AI-native generation. We will bring together leaders from the public and private sectors to share perspectives on global competition in 6G and America’s opportunity to regain its leadership in the telecommunications industry. This event will offer timely insight at the frontier of a field still taking shape.

AI AND EDUCATION: On July 16, the Center for Universal Education at Brookings will host a conversation to examine the effects of AI slop on young children’s learning, development, and well-being, as well as the incentives driving its production. As the third event in the Generation AI Starts Early webinar series, the discussion will bring together perspectives from health, media, and policy to explore what AI-generated content means for young children, caregivers, policymakers, and the broader media ecosystem.

6G: Join CSIS, senior U.S. government officials and leading global partners for a July 29 public forum examining the geopolitical and security landscape of next-generation wireless infrastructure. This event will feature the launch of the “Call to Action for 6G Leadership and Security,” a joint initiative between the United States (coordinated by the National Telecommunications and Information Administration) and partner nations designed to strengthen digital supply chains, accelerate innovation, and expand multilateral cooperation on wireless technology. 

AI HEALTH CARE: The AI in Health Conference from Sept. 15 to Sept. 17 bridges the gap between artificial intelligence and real-world health outcomes — focusing not just on what AI can do, but on what it should do to improve patient care. Hosted by the Ken Kennedy Institute at Rice University, the fifth annual AI in Health Conference will explore the current landscape of artificial intelligence in health and present a research-driven outlook for the future of computational health innovation. The program is designed to connect researchers and innovators with engineers, clinicians, and entrepreneurs at the forefront of AI in healthcare and public health.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!