Cyber Briefing – July 15, 2026
TODAY’S TOP 5
‘GOLD EAGLE’ AI CYBER CLEARINGHOUSE TAKES FLIGHT: The Trump administration has launched a new artificial intelligence cybersecurity clearinghouse that officials say will help federal agencies, critical infrastructure owners and operators, and AI companies identify and patch software vulnerabilities discovered by advanced AI models, POLITICO reports. The initiative, dubbed “Gold Eagle,” was unveiled Tuesday on a call with reporters, and fulfills a key requirement of President Donald Trump’s June 2 executive order on AI security. The launch comes more than a week after the original July 2 deadline set by last month’s directive. “This is a large-scale effort that involves industry, all sectors of industry,” a senior administration official, granted anonymity to discuss the details of Golden Eagle, said during the call.
- Artificial intelligence giant Anthropic is pursuing a strategy of one-upmanship that encourages states to impose increasingly tougher AI guardrails, rather than align around a single set of regulations, POLITICO reports. The approach stands in stark contrast to the one favored by the company’s archrival, OpenAI, which has pushed state lawmakers toward common ground on regulating the breakthrough technology. “While there are some in the industry that think of state policy as a way to create a ceiling for federal legislation, Anthropic is not just looking to support the same bill across the country in every single state,” Cesar Fernandez, the company’s head of U.S. state and local government relations, said in an interview with POLITICO on Tuesday. “We’re looking for legislation that meaningfully raises the bar on safety for the most capable AI systems.”
- The Trump administration is leaving the door open to future executive action that would address China-related concerns over open-source AI models, an unnamed senior White House official signaled Tuesday, referencing “plenty of ongoing work” beyond an executive order signed by Donald Trump last month, Semafor reports. That order, which established a voluntary review process for AI models, “also includes open-source scanning and deconfliction,” National Cyber Director Sean Cairncross told reporters during a briefing on the process’ July 2 launch. “We cannot achieve the president’s vision without securing and bolstering our open-source ecosystem.”
- Mythos’ cyber capabilities have galvanized the national security community around the growing potential for high-consequence AI misuse, including by well-resourced state actors, prompting new directives, structures, and tasking for addressing cyber threats. But Mythos is the latest challenge, not the last. With other high-risk threshold-busters on the way, cyber threats won’t take center stage for long, and cyber-tailored solutions will not address the highly sensitive AI-misuse threats on the horizon. Frontier models will continue to surpass capability thresholds, creating opportunities for misuse and increasing pressure to keep these capabilities out of the wrong hands while defenders play catch-up. Moreover, a threat-informed understanding of how malign actors seek to acquire and use AI-enabled high-risk capabilities will remain locked behind highly classified walls. Building much-needed public-private sector trust will be difficult, but without it, the structures, relationships, and protocols for sharing essential information to face the next challenge will not exist, Rebecca Hersman writes at War on the Rocks in arguing the case for an AI threat fusion center.
DIPLOMATIC CHIPS: The United Arab Emirates has gained expanded access from the U.S. to coveted artificial-intelligence chips after aiding America in recent months by carrying out dozens of airstrikes against Iran, intercepting hundreds of missiles and keeping oil moving through the Strait of Hormuz, The Wall Street Journal reports. The move by the U.S. to give greater AI capabilities to the U.A.E. caps a yearslong push by the Gulf state to obtain American technology to diversify its economy. The decision also highlights the central role chips have come to play during diplomatic discussions. Under a Trump administration rule change announced Friday, the U.A.E. will be treated like European countries, South Korea and India when buying technology, military items or energy infrastructure that could have military applications, the Commerce Department said. The U.A.E. previously was in a group that included China and Yemen.
- China’s largest maker of memory chips is raising billions of dollars in a blockbuster public offering to pursue the nation’s agenda of technological self-sufficiency and leadership in the global race to develop artificial intelligence, The New York Times reports. ChangXin Memory Technologies, known as CXMT, said in a filing today that it had roughly doubled the price of its offering on the Shanghai exchange from earlier guidance, based on strong investor demand. It is seeking to raise the equivalent of up to $9.8 billion. That would be the largest initial public offering in Asia this year, and one of the biggest ever on an exchange in mainland China.
NUCLEAR PLANT BREACH HITS DARK WEB: Ransomware group World Leaks has posted on the dark web a huge cache of files related to India’s largest nuclear plant, including purported blueprints of parts of its facilities and supplier details — information it labelled as coming from Reliance Group, Reuters reports. The Kudankulam Nuclear Power Plant, located in the southern state of Tamil Nadu, is the largest of India’s seven nuclear plants and central to Prime Minister Narendra Modi’s ambitious plans to expand the country’s atomic energy capacity. The data breach could pose a “serious” risk to the safety of the plant, says Nickolas Roth, a senior director at the Nuclear Threat Initiative, which advises governments and benchmarks countries’ preparedness on nuclear security. The breach also underscores how hacks have become more common in India, where many companies are ill-equipped to deal with such threats.
- Despite their decentralization, water utilities are quite similar to one another on a technical level. Much of the sector relies on a recurring set of manufacturers and product families to source their operating technology — the computers and software that runs the physical plant equipment. As operators have wired the aging controllers that run their pumps, valves and chemical feeds into ordinary IT networks, some of those systems have become reachable through the internet or through connected municipal networks. This, when coupled with the system’s technical redundancy, has made water facilities a new, appealing attack surface which adversaries have increasingly exploited, drawing water utilities into the plane of modern warfare, Soham Mehta writes at the Foundation for American Innovation. These features make our water facilities close to an ideal target for AI-enabled cyberattacks. Agents are perfect for tasks where the work is repetitive, the targets are many, and each one covers too small of a population to be worth a human’s time. That is what makes the sector’s near-absence from the debate over AI and critical infrastructure so striking.
SPACE FORCE WORKFORCE CHALLENGES FLAGGED: The Space Force is the smallest military service, with about 15,400 total personnel in fiscal year 2025. The Space Force largely inherited its workforce from other services and has completed some assessments as it seeks to right-size its force to meet growing missions. However, it determines personnel requirements based on a mix of analyses that are not consistent across Space Force units, according to a new Government Accountability Office report. Further, some units operate under personnel requirements that are outdated and do not reflect mission growth. The Space Force has not established a process or guidance to consistently and accurately determine its personnel needs to accomplish its missions.
- The Space Force has partnered with the the National Reconnaissance Office to get started on key intelligence, surveillance, and reconnaissance programs but is starting to take more ownership of those efforts, an arrangement the nominee to serve as the next NRO director said is a “lesson in good government,” Air and Space Forces Magazine reports. L. Roger Mason Jr., testifying before the Senate Armed Services Committee on July 14, made the case that the relationship between the the two organizations is strong — but was not asked and offered no indication that he supported merging them as another top Trump administration official previously suggested.
- While new accessions are a major part of necessary growth, the service cannot simply open the recruitment spigot and count on thousands of new second lieutenants and new specialists to enter the field. The Space Force must grow across all ranks simultaneously to preserve a structured career path for its officer and enlisted members, preventing the creation of a force structure with too flat a base that will have promotion and assignment implications for decades. Thankfully, there are additional options that, collectively, could increase the Space Force without creating a massive influx of the most junior members, Charles Galbreath writes at Breaking Defense.
‘VISIBILITY OUTPACING CAPACITY’ IN HEALTH CARE SECTOR: Health care organizations face one of the largest volumes of cyberattacks of any critical infrastructure sector, and those intrusions can also be some of the costliest, Cybersecurity Dive reports. The new data from Fortified paints a picture of a healthcare industry struggling to combat ransomware attacks and other security compromises. In the first half of 2026, according to the report, the average health care organization encountered 60% more vulnerabilities rated critical or high on the severity scale than in the first half of 2025. Organizations are discovering more problems than they can fix. “This isn’t the story of a single catastrophic breach,” researchers wrote. “It’s the story of visibility outpacing capacity.” Two areas of cybersecurity continue to bedevil health care providers the most: supply-chain risk management, and identity management and access control.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
NEW: National security challenges increasingly cut across technology, economic competitiveness, critical infrastructure, manufacturing and workforce development. Universities have a growing role to play not only in conducting research, but also in translating ideas into practical solutions and preparing students to confront real-world problems. Auburn University President Dr. Chris Roberts, McCrary Institute Chairman Lt. Gen. (Ret) Ron Burgess, Senior Vice President for Research Dr. Steve Taylor and Samuel Ginn College of Engineering Dean Dr. Mario Eden join Frank Cilluffo on the latest episode of Cyber Focus to discuss Auburn’s commitment to national security. The conversation explores the changing threat environment, the university’s expanding research presence in Huntsville, partnerships among academia, government and industry, and how experiential education can prepare students for jobs and technologies that do not yet exist.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Biothreats
Ebola deaths double in two weeks as WHO warns virus is outrunning response
Deaths from Ebola doubled in just over two weeks in the Democratic Republic of Congo, where many infected people aren’t reaching care, allowing the virus to spread through communities in what the World Health Organization describes as the fastest-growing outbreak it has managed. Congo has reported 754 confirmed deaths and 2,011 cases, the National Institute of Public Health said Tuesday. The death toll has climbed from 377 on June 28, while the outbreak has spread into two new provinces beyond its original epicenter in Ituri. (BLOOMBERG.COM)
Nearly 7,000 cases of cyclosporiasis confirmed or under investigation nationwide, CDC says
Nearly 7,000 people nationwide may have cyclosporiasis, a foodborne illness that can cause weeks of severe diarrhea, the Centers for Disease Control and Prevention said Tuesday. The bulk of the cases are in Michigan, which has confirmed 3,309 cases. In a health alert, the CDC reported that 1,645 people have been sickened by cyclosporiasis across the country, making it one of the largest outbreaks of foodborne illness in the U.S. in years. The CDC urged doctors to be alert for patients with common symptoms of the infection, including watery diarrhea, bloating and nausea. An additional 5,100 cases are under investigation. (NBCNEWS.COM)
Cybercrime
Three Russian nationals and two companies indicted for international cybercrimes resulting in more than $62M in victim losses
An indictment was unsealed today in the Northern District of Ohio charging three Russian nationals and two related “bulletproof hosting” companies for their roles in cybercrimes against U.S. victims, causing tens of millions of dollars in losses. According to allegations in court documents, Medialand LLC and ML.Cloud were both based in St. Petersburg, Russia, and provided infrastructure including computer servers and related internet services. Medialand’s infrastructure also operated out of multiple countries including China, Finland, the Netherlands, and the United States. (JUSTICE.GOV)
Nigeria deepens cybersecurity efforts as cybercriminals see more profits
In the past four years, the number of fraud incidents reported in Nigeria fell nearly 46% from 124,000 in 2021 to just 68,000 in 2025. Yet at the same time, losses from that fraud have risen as cybercriminals have created more lucrative schemes. The country’s rapid digital transformation of its economy has attracted cybercriminals and financial fraudsters. In June 2026, for example, the average Nigerian organization saw 4,361 attempted attacks per week, placing it behind just Angola as the most attacked country in Africa, according to cybersecurity vendor Check Point Software, which tracks at least 50 threat actors as currently active in the country. (DARKREADING.COM)
Finland issues wanted notice for hacker behind massive psychotherapy data breach
Finnish police have reportedly issued a wanted notice for convicted hacker Aleksanteri Kivimäki after the country’s Supreme Court refused to hear his appeal, paving the way for authorities to return him to prison in one of Finland’s most high-profile cybercrime cases. The Supreme Court’s decision leaves in place a February Court of Appeal ruling that sentenced Kivimäki to nearly seven years in prison for hacking psychotherapy provider Vastaamo and later extorting both the company and its patients, according to Finnish media. (THERECORD.MEDIA)
Health care
Patient records stolen in cyberattack on Australian healthcare provider
Thousands of medical records and patient information stored with one of Australia’s biggest healthcare providers have been breached in a cyberattack. Partnered Health, owned by private equity firm Quadrant, said 21 clinics across several cities including Sydney, Melbourne and Canberra have been affected by the breach which occurred on June 23. “Our investigations to date have confirmed that personal information (including health information) was taken from some of the clinics in our network,” the healthcare provider said today. (THEGUARDIAN.COM)
Ransomware
Synopsys finds no evidence of data breach amid Bosch hack claims
Silicon-to-systems design firm Synopsys says it has found no evidence of a data breach after a cybercrime group claimed to have hacked its systems and gained access to valuable data belonging to one of its major customers, Bosch. A new ransomware group named D1R in recent days listed Synopsys and Bosch on its Tor-based leak website. The cybercriminals claimed to have exploited a vulnerability in Synopsys’ website to access a corporate client database containing 40,000 entries, and they are threatening to leak the stolen data unless a ransom is paid. (SECURITYWEEK.COM)
Zero-days
Two SonicWall SMA 1000 zero-days exploited; one could enable admin commands
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. SonicWall said it has “investigated multiple cases indicating the active exploitation of the vulnerabilities,” urging customers to apply the fixes as soon as possible. Users are also urged to perform a thorough forensic analysis of the system to determine the presence of any indicators of compromise (IoCs) associated with exploitation. (THEHACKERNEWS.COM)
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw. Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a “credible external security threat.” At the time, the company temporarily disabled access to all ShareFile accounts using Storage Zone Controllers while it investigated the incident with cybersecurity experts. (BLEEPINGCOMPUTER.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Unpatched Claude for Chrome flaw lets extensions read Gmail, calendar
AI security firm Manifold says two vulnerabilities it reported to Anthropic in May remain exploitable in the latest version of Claude for Chrome, the company’s agentic browser extension. According to Manifold, the flaws let a malicious browser extension trigger Claude into taking actions on a user’s behalf without any genuine click or approval from the victim. An attacker could exploit them to read Gmail messages, Google Docs documents, and calendar entries. The core issue is related to a fix Anthropic shipped earlier this year in response to a similar vulnerability dubbed ClaudeBleed. That update restricted which prompts an outside webpage could feed into Claude, narrowing the extension’s exposure to a fixed set of pre-approved tasks. (SECURITYWEEK.COM)
Communications
6 GHz Wi-Fi flaws could disrupt critical systems
The technology keeping 6 GHz Wi-Fi from interfering with critical infrastructure has a number of security issues — and researchers are starting to sound the alarm. Researchers from Pennsylvania State University and Idaho National Laboratory will discuss their findings in a session called “Blind Trust in the 6 GHz Band: Weaponizing Wi-Fi Automated Frequency Coordination (AFC)” at Black Hat USA 2026. Two pieces of technology are at the center of this research: the cutting edge 6 GHz Wi-Fi spectrum and AFC, which regulates the 6 GHz band and keeps its powerful signal from interfering with radio towers, cellular backhaul, and spectrum-adjacent public safety networks. (DARKREADING.COM)
ICS/OT
ICS patch Tuesday: Vulnerabilities fixed by Siemens, Schneider, Rockwell
Siemens published nine new advisories, including six that cover critical vulnerabilities (based on CVSS score). A CVSS score of 10 has been assigned to a token invalidation vulnerability in Opencenter X that allows an attacker to bypass authentication and gain full access to the application. Critical vulnerabilities have also been patched or mitigated by Siemens in Mendix, Sidis Secured SmartPlug, Simatic S7-1500, Cadra, and Desigo CC. The security holes, many of which affect third-party components, can be exploited to launch DoS attacks, execute code, obtain sensitive data, and escalate privileges. (SECURITYWEEK.COM)
Malware
LabubaRAT masquerades as NVIDIA software to control Windows hosts
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for hands-on activity,” Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis. “Once deployed, it can profile the host, identify security tools, receive operator commands, move files, capture screenshots, and proxy traffic through the affected system.” The implant also supports multiple communication methods, including HTTPS, WebView2, and DNS tunneling, allowing attackers to maintain access to compromised hosts even if one pathway is detected and closed off. (THEHACKERNEWS.COM)
11 malicious NuGet game cheat packages deploy Pepesoft Windows surveillance malware
11 malicious NuGet packages masquerading as game cheats, automation bots, and management “panels” deploy a Windows payload called pepesoft.exe. The packages were published as .NET command-line tools, enabling users to install them through the dotnet tool install workflow and execute bundled commands such as throne-run. The affected packages target communities around Albion Online, GTA5RP, GrandRP, Majestic RP, Lineage 2, Russian Fishing 4, Throne and Liberty, and generic trigger-bot tools. (GBHACKERS.COM)
SheetAgent RAT runs 14 virtual machine checks and self-deletes when analysis is detected
A threat campaign targeting Indian government job seekers is using a recruitment notice for Senior Field Officer positions in the Cabinet Secretariat as a lure to deploy a custom remote access Trojan, SheetAgent RAT. The campaign begins with a ZIP archive named Approved Documents 2026.pdf.zip, which masquerades as a document-verification package. Its contents include a malicious LNK shortcut, Document-24062026-Y6352634.lnk; a hidden PowerShell script, JT-agenda.ps1; and a hidden .NET executable, Document.exe. (GBHACKERS.COM)
ClickFix’s mushrooming ecosystem demands new defense tactics
ClickFix is a social engineering technique that tricks users into manually executing malicious code on their own computers. Targets will receive pop-up windows detailing purported errors, software updates, or verifications. Typical attacks require them to copy and paste a command, often PowerShell, into their system, where the malicious activity really begins. If they do so, the action executes harmful code. ClickFix first surfaced in 2024 and has gained enormous traction with attackers since then for its sheer efficacy; and a thriving cybercriminal business model has now developed around the style of attacks, according to researchers from Reversing Labs. (DARKREADING.COM)
Phishing
LastPass, Bitwarden users targeted with fake security alerts
LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review. LastPass emphasizes that its systems have not been compromised and that the phishing emails did not originate from its infrastructure, despite the attackers using domains designed to appear as legitimate company services. (BLEEPINGCOMPUTER.COM)
Supply chain
Compromised AsyncAPI npm packages deliver multi-stage botnet malware
The poisoned packages ship a hidden JavaScript implant, with each of them containing an injected source file that decodes to the same second-stage downloader. Unlike previous iterations that leveraged install hooks to trigger the execution of a JavaScript payload, the malicious code in this case is run when the infected module is loaded by Node.js, after which it launches a detached background node that downloads and executes the malware from IPFS. (THEHACKERNEWS.COM)
Vulnerabilities
Microsoft patches a record 570 security flaws
Microsoft Corp. released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July’s Patch Tuesday earned a “critical” severity rating, meaning miscreants or malware could use them to seize remote control over a Windows device with little or no help from the user. Microsoft also addressed three zero-day flaws, including two that are already being exploited in the wild. (KREBSONSECURITY.COM)
Dell warns of critical PowerProtect data domain flaws allowing remote attackers to take complete control
Dell has recently disclosed two critical vulnerabilities in PowerProtect Data Domain appliances that could allow unauthenticated remote attackers to gain complete control of affected systems. These vulnerabilities are tracked as CVE-2026-53483 and CVE-2026-53481, both of which received a critical CVSS v3.1 score of 9.8. They affect multiple supported Data Domain software versions, including those from 7.7.1.0 to 8.7.8.7. The significance of these vulnerabilities lies in the fact that they require no authentication, user interaction, or complex attack conditions. (GBHACKERS.COM)
Adobe patches critical ColdFusion vulnerabilities
Out of 13 security defects resolved in ColdFusion, eight – CVE-2026-48318, CVE-2026-48322, CVE-2026-48284, CVE-2026-48321, CVE-2026-48325, CVE-2026-48319, CVE-2026-48324, and CVE-2026-48327 – are critical issues that could lead to arbitrary code execution and privilege escalation. The critical vulnerabilities include path traversal, code injection, improper input validation, missing authentication, SQL injection, and incorrect authorization. (SECURITYWEEK.COM)
SAP July 2026 patch day fixes critical NetWeaver and AppRouter flaws
SAP’s July 2026 Security Patch Day, released on 14th July 2026, addressed 16 new security issues, alongside three updates to previously issued notes, with two critical flaws in NetWeaver and AppRouter topping the list. The most severe issue, tracked as CVE-2026-44747 and carrying a maximum CVSS score of 9.9, is a memory corruption vulnerability in SAP NetWeaver Application Server ABAP. According to SAP’s advisory, the flaw allows an attacker to exploit logical errors in memory management, triggering memory corruption on affected kernel versions. (CYBERPRESS.ORG)

ADVERSARIES
China
China aggressively patrols disputed waters. Now the U.S. Coast Guard is moving in
U.S. Coast Guard ships previously deployed in the Middle East are now operating out of Singapore and the Philippines to help challenge China’s assertion of power in the Pacific. The six 154-foot fast-response cutters are part of the Coast Guard’s reimagined “expeditionary cutter squadron,” which can be sent anywhere in the world. Their first deployment is the western Pacific, where tensions have run high for years as China escalated a so-called gray-zone campaign to project control around Taiwan and the disputed waters of the South China Sea. The cutters — the Coast Guard’s name for ships 65 feet in length or greater with onboard living accommodations — are approved to operate from Singapore and Subic Bay on the Philippine island of Luzon at least through September, a Coast Guard spokesperson said. (WSJ.COM)
Russia
Putin’s next move will be Baltic incursion, warns top Russian dissident
Vladimir Putin has no intention of striking a peace deal with Ukraine and is more likely to instead escalate his war after Moscow’s parliamentary election in September, according to Russian opposition activist Garry Kasparov. The dissident’s warning comes as Ukraine has stepped up attacks on Russian military logistics and energy infrastructure, a push that Estonian Foreign Minister Margus Tsahkna said has made Russia “weaker” — and Kyiv hopes could give it the upper hand at the negotiating table. Yet Kasparov argues that mounting pressure makes Putin more likely to escalate than compromise, and that any settlement short of a Russian defeat would merely give Moscow time to regroup. (POLITICO.EU)
Ukraine downs 5 Russian ballistic missiles as Kyiv looks to boost its air defenses
Ukraine’s air force said Tuesday it intercepted five ballistic missiles launched by Russia in a raft of overnight attacks, although other missiles and drones got through and hit warehouses and a school in the capital of Kyiv. It was the first time in almost two weeks that Ukraine said it had downed Russian ballistic missiles, which are harder to stop than drones or cruise missiles and have pummeled the country in Moscow’s 4-year-old full-scale invasion. Ukrainian air defenses likely used the U.S.-made Patriot surface-to-air guided missile system that is the most effective way of countering ballistic missiles, but ammunition for it has been in short supply amid the Iran war despite European efforts to make up for the shortfall. (APNEWS.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
Google DeepMind’s Demis Hassabis calls for U.S.-led global AI watchdog
Demis Hassabis, Google DeepMind co-founder and CEO, is calling on the U.S. to establish a new AI watchdog with the power to screen the world’s most advanced models — and coordinate an industry-wide slowdown if dangers mount. Hassabis, the Nobel laureate behind Gemini, lays out the plan in a personal manifesto published Tuesday morning, “A Framework for Frontier AI and the Dawning of a New Age.” In an exclusive interview with Axios, Hassabis said the time has come for a more “systematic” approach to AI regulation — funded by the industry, staffed by world-class technical experts, and answerable to the U.S. government. (AXIOS.COM)
Fed chair says AI ‘hasn’t displaced workers’ so far, has boosted productivity
Federal Reserve Chairman Kevin Warsh told House lawmakers Tuesday that artificial intelligence represents “a huge opportunity” for the U.S. economy, though the “risks and challenges” it presents bear monitoring. Appearing before the House Financial Services Committee, Warsh said the Fed is watching “the implications” AI could have on employment and inflation. He said the central bank doesn’t yet know the extent to which the economy will benefit from the technology, but the labor force “appears stable” and job creation has “kept pace” with the workforce. “Over the long term, I think there is a material improvement in productivity, which should have a material improvement ultimately in wages and the strength of the economy,” said Warsh, who was sworn into office May 22. “But the long term can be quite far out, and we’ve got to monitor things month by month, quarter by quarter, as we get there.” (FEDSCOOP.COM)
‘Anthropic doesn’t care about Europe’ — EU officials peeved after AI giant sends junior staffer to testify about safety
European policymakers criticized AI company Anthropic on Tuesday for failing to send a senior company official to address Brussels’ concerns about risks posed by advanced AI capabilities. Anthropic appointed Donny Greenberg, a technical employee who joined the company in April, to address the European Parliament via video from New York, rather than its head of public policy, Sarah Heck, as lawmakers had requested. “I’m a technical person, not a policy person,” Greenberg stressed in his opening remarks. (POLITICO.EU)
Lawsuit claims Meta’s layoff decisions were made by AI, not humans
Meta’s AI-fueled layoffs of 8,000 employees targeted workers with disabilities and those who took protected medical or family leaves, alleged a lawsuit filed by 26 employees who were selected for termination. Meta used internal AI tools to select employees for layoffs, according to the complaint filed yesterday by 26 “Doe” plaintiffs in US District Court for the Northern District of California. “Meta did not assemble the termination list through the considered judgment of managers who knew the work. Instead, Meta used a constellation of internal artificial-intelligence systems — including a system referred to internally as ‘Metamate,’ employee-trained ‘second-brain’ agents, keystroke- and activity-monitoring data, AI-token-usage dashboards, and algorithmically assisted performance ranking and calibration — to score, rank, and select employees for inclusion on the list,” the lawsuit said. (ARSTECHNICA.COM)
Sharp rise in AI adoption for cyber defense exposes major governance gap
Enterprise security teams are incorporating AI into their programs at a faster rate than ever before, but a significant gap exists in the governance policies that are designed to support that expansion, according to a report released Monday by the SANS Institute. Four out of 10 security practitioners said there is no formal policy in their organization for AI adoption, according to the report. More than six of 10 practitioners said they have no visibility into where AI models are being used or what kind of information is being exposed. About 75% of security practitioners have a governance role related to enterprise AI, yet more than half of respondents said there are no established frameworks for AI audits, the report showed. (CYBERSECURITYDIVE.COM)
Data centers
GOP governors, utilities join Trump data center pledge
President Donald Trump is expanding his data center pledge to include some Republican governors and several large utilities, according to state officials and industry executives. Montana Gov. Greg Gianforte, Wyoming Gov. Mark Gordon and Missouri Gov. Mike Kehoe have all signed the White House’s so-called Ratepayer Protection Pledge, a set of principles committing data center developers to pay for their fair share of energy and water use, along with electric grid improvements and maintenance, according to officials in each state. Electric utilities are also expected to sign the pledge, according to seven people familiar with the plans. (POLITICO.COM)
‘I wouldn’t call it panic’: Industry quails at Hochul’s data center pause
New York’s moratorium on data centers could serve as an opening salvo for leaders in other states looking to rein in tech infrastructure — as well as congressional Democrats hoping to seize on the issue in the November midterms. The executive order that Democratic Gov. Kathy Hochul signed Tuesday marks the first state-level pause on data center construction, following dozens of municipalities in red and blue states that have passed similar moratoriums. But industry supporters and detractors alike say it’s unlikely to be the last, amid poll numbers showing growing public skepticism toward AI. The moratorium also serves as a bridge of sorts between moderate Democrats such as Hochul and progressives like Sen. Bernie Sanders (I-Vt.) who have clamored for more restrictions on data centers and artificial intelligence. (POLITICO.COM)
Pennsylvania data centers face increased oversight under new law
Pennsylvania Gov. Josh Shapiro (D) signed a budget Sunday that will require data centers to report their exact water and power usage annually to the state. It also requires the PJM Interconnection to give Pennsylvania state regulators additional insight into its demand forecasting. “The current process by which utilities submit information to PJM lacks transparency for policymakers, regulators and stakeholders,” states House Bill 1924, which was folded into Pennsylvania’s 2026-2027 budget. “There is a need for oversight by the Pennsylvania Public Utility Commission to ensure accuracy and transparency of load-forecast inputs.” Data centers in the state will now be required to compile an annual report containing information such as their “estimated average amount of energy usage per hour during the data center’s peak load,” the provision states. (UTILITYDIVE.COM)
Defense
Air Force network lockouts hit troops and civilians
The Air Force is scrambling to get employees across the service back online after weeks of rolling cybersecurity quarantines locked numerous troops and civilians out of their computers, sometimes for days. A quarantine kicks in to protect military networks from cyberattacks if a computer isn’t routinely updated with new software patches. But as the Air Force pushes out patches more often to stay ahead of digital threats, employees must make sure those updates are in place — or find their device rendered unusable. The lockouts have created headaches at multiple bases and the Pentagon as the service continues rolling out forcewide software updates. (FEDERALNEWSNETWORK.COM)
Pentagon announces more than $500M in new procurements for APFIT program, including software
The latest round of awards for the U.S. military’s Accelerate the Procurement and Fielding of Innovative Technologies program has a total value exceeding half a billion dollars, including more than $70 million for software capabilities, according to a list of deals announced Tuesday. Those totals do not include classified procurements, a Defense Department press release noted. The APFIT initiative, which was created a few years ago and falls under the Pentagon’s Research and Engineering directorate, aims to speed the delivery of new tech to the services and combatant commands, and boost the defense industrial base by partnering with small and non-traditional vendors and venture-backed companies. (DEFENSESCOOP.COM)
How a former Marine is rewriting the future of battlefield AI
One stubborn former Marine is changing how the Pentagon moves data to farflung troops—a change intended to enable them to use advanced AI tools, and one that just might reshape how lightweight models are developed. Some of these new workflows have already been used during the U.S. war on Iran. “If you look at what’s happened with Operation Epic Fury, in particular, we were able to incorporate dozens of new feeds in real time that allow us to not only serve up that data in the right format, right structure, and everything else for those, for those applications to leverage, but also get data at the speed of conflict,” Cameron Stanley, the Pentagon’s Chief Digital and Artificial Intelligence Officer, said at the AWS Summit in Washington, D.C., last week. (DEFENSEONE.COM)
Drones
U.S. plans to create ‘drone academy’ in Morocco amid strategy shift
The U.S. military command that oversees forces across Africa will establish a “drone academy” and training center in Morocco to begin getting African partners up to date with their use in counterterrorism, officials announced. U.S. Africa Command officials signed a memorandum of understanding on Monday with the leaders from the Royal Moroccan Armed Forces to establish the Africa Multidomain Training and Experimentation Center in Tan-Tan, Morocco, by 2030, officials said in a release. An AFRICOM official told Task & Purpose that the purpose of the drone academy is to train African forces so they can conduct these operations on their own and reflect recent shifts in American military strategy in Africa that has included significant withdrawals of U.S. forces. (TASKANDPURPOSE.COM)
The U.S. Navy is eyeing next-gen carrier-based drones. Here’s what they might do
The U.S. Navy is looking for a family of carrier-based drones that can fulfill a variety of missions, according to a July 14 Request for Information. The sea service “is exploring the industrial base’s capacity to deliver highly capable, autonomous platforms optimized for operations from Ford-class and Nimitz-class Nuclear Aircraft Carriers,” according to the RFI. The response deadline has been set for Aug. 13. The drones the service is targeting, part of the Air Wing of the Future Family of Systems, can be designed as “a single-role platform, a multi-role platform, or a modular FoS [family of systems],” according to the service. (DEFENSENEWS.COM)
Emergency services
As wildfire satellites enter orbit, early adopter states prepare for new data
As much of the western United States enters peak wildfire season, the nonprofit Earth Fire Alliance is providing more space-based technology to emergency managers with the launch this month of its first three operational FireSat satellites. The satellites, which launched July 7 from Vandenberg Space Force Base in Southern California, aboard SpaceX’s Transporter-17 ride-share mission, marks a milestone in a global effort to detect wildfires within minutes of ignition and give first responders earlier warning before small fires become major disasters. According to the alliance, the three satellites will spend roughly three months undergoing testing before entering service. Once operational, they will provide at least twice-daily observations across fire-prone regions worldwide. The nonprofit plans to continue expanding the constellation of satellites, with a long-term goal of achieving hourly global wildfire coverage by 2029. (STATESCOOP.COM)
Government
Supreme Court justices emphasize need for security funding
Justices Elena Kagan and Amy Coney Barrett pitched increased security funding for the Supreme Court next year at a pair of rare congressional hearings for sitting justices Tuesday that covered issues ranging from emergency cases to judicial ethics. Kagan and Barrett focused most of their testimony on increased security concerns at the court amid rising threats in recent years. The pair’s testimony to House and Senate Appropriations subcommittees marked the first time that justices have appeared before Congress since 2019. Barrett told the House panel that increased threats have had a personal impact on her family. When she first started receiving intense personal threats, she was sent home with a bulletproof vest, which her 12-year-old son saw. (ROLLCALL.COM)
Risk management
Government updates UK’s National Risk Register with cyber warnings
The UK government has added several new cyber-related scenarios to its National Risk Register; some of which could theoretically result in mass casualties. The register is based on the government’s internal, classified National Security Risk Assessment, and considers malicious risks like terrorism and cyber-attacks alongside non-malicious risks such as severe weather incidents. In the latest edition, published on July 14, the government added new scenarios anticipating what might happen in the event of cyber-attacks on digital infrastructure, water infrastructure, and police systems, as well as a mass CrowdStrike-style outage impacting IT systems. (INFOSECURITY-MAGAZINE.COM)
Water
A major Colorado River decision looms. Here’s how it will affect millions
The federal government is poised to announce a major decision about the fate of the shrinking Colorado River — a crucial water supply for 40 million people across two countries, seven states and 30 tribes. Over the past few decades, the worst drought in at least a millennium has parched the Western landscape and caused reservoirs to dwindle. A historically warm and snowless winter reduced this year’s flow to a trickle. Water levels behind two of the nation’s largest dams are in danger of dropping so low that the dams stop functioning. At the same time, 19-year-old regulations for managing shortages in the basin are due to expire at the end of this year — and the river’s disparate users have been unable to agree on a rescue plan. (WASHINGTONPOST.COM)
LEGISLATIVE UPDATES
Senate Democrats block $1 trillion defense bill in protest over Iran war
Senate Democrats blocked a $1 trillion annual defense bill Tuesday, refusing to advance the bipartisan package that would substantially increase Pentagon spending, including a pay raise for the troops, in protest of President Donald Trump’s war against Iran. Senate Democratic Leader Chuck Schumer announced his opposition and other key Democrats said they could not support the annual bill, known as the National Defense Authorization Act, as the war drags into a fifth month with no clear endgame in sight. The tally was 50-46, failing largely along party lines to reach the threshold needed. “The NDAA cannot become a permission slip for that recklessness that we see occurring in Iran,” Schumer, of New York, said ahead of voting. (APNEWS.COM)
House lawmakers grill top Trump official over AI chip exports
House lawmakers on Tuesday grilled the Trump administration official tasked with overseeing the country’s export controls, pressing him on the White House’s track record on advanced AI chip sales. Jeffrey Kessler, who serves as head of the Bureau of Industry and Security (BIS), appeared before the House Foreign Affairs Committee to discuss the bureau’s budget request for fiscal year 2027. The Trump administration is asking for an additional $215 million in funding for BIS to hire new law enforcement officers. Kessler argued Tuesday that his enforcement unit is “overburdened,” saying he could hire more than 300 new officers with the boost. (THEHILL.COM)
Senate releases bipartisan water projects bill
The Senate Environment and Public Works Committee released bipartisan legislation Monday that seeks to address major water infrastructure priorities and bar the Trump administration from canceling congressionally authorized projects. The Water Resources Development Act of 2026 would authorize eight new Army Corps of Engineers projects to reduce flood risk, restore ecosystems, and improve ports and navigation. The new Senate bill addresses a broader suite of issues when compared to companion legislation released in the House last month and up for markup in the Transportation and Infrastructure Committee on Tuesday. (EENEWS.NET)
COMMITTEE ACTIVITY:
SUPPLY CHAIN: The House Foreign Affairs Committee will hold a July 15 hearing on ending supply chain dependency.
RESEARCH: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party will hold a July 15 hearing on protecting American innovation in the federal research security enterprise.
ELECTIONS: The House Administration Subcommittee on Elections will hold a July 15 hearing on election observation.
FRAUD: The House Oversight and Government Reform Subcommittee on Government Operations will hold a July 15 hearing on emerging fraud threats and the evolving fraud landscape.
ALERTS AND ADVISORIES
CISA urges SharePoint hardening after new exploitations
CISA is aware of active exploitation of vulnerabilities CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, enabling cyber threat actors to gain unauthorized access to on-premises SharePoint Server instances. These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware. Organizations should monitor affected SharePoint Servers closely for any signs of exploitation or unusual activity. (CISA.GOV)
CISA adds four known exploited vulnerabilities to catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability, CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability, CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability, CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.
AI WIRELESS: Join the American Enterprise Institute July 15 to look at how AI and telecommunications infrastructure are converging in 6G — the first AI-native generation. We will bring together leaders from the public and private sectors to share perspectives on global competition in 6G and America’s opportunity to regain its leadership in the telecommunications industry. This event will offer timely insight at the frontier of a field still taking shape.
AI AND EDUCATION: On July 16, the Center for Universal Education at Brookings will host a conversation to examine the effects of AI slop on young children’s learning, development, and well-being, as well as the incentives driving its production. As the third event in the Generation AI Starts Early webinar series, the discussion will bring together perspectives from health, media, and policy to explore what AI-generated content means for young children, caregivers, policymakers, and the broader media ecosystem.
6G: Join CSIS, senior U.S. government officials and leading global partners for a July 29 public forum examining the geopolitical and security landscape of next-generation wireless infrastructure. This event will feature the launch of the “Call to Action for 6G Leadership and Security,” a joint initiative between the United States (coordinated by the National Telecommunications and Information Administration) and partner nations designed to strengthen digital supply chains, accelerate innovation, and expand multilateral cooperation on wireless technology.
AI HEALTH CARE: The AI in Health Conference from Sept. 15 to Sept. 17 bridges the gap between artificial intelligence and real-world health outcomes — focusing not just on what AI can do, but on what it should do to improve patient care. Hosted by the Ken Kennedy Institute at Rice University, the fifth annual AI in Health Conference will explore the current landscape of artificial intelligence in health and present a research-driven outlook for the future of computational health innovation. The program is designed to connect researchers and innovators with engineers, clinicians, and entrepreneurs at the forefront of AI in healthcare and public health.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS