Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – July 17, 2026


Cyber Briefing

DIRECTOR’S NOTE: Read here

TODAY’S TOP 5

CHINA’S NEW MOONSHOT AI MODEL DEBUTS: Chinese startup Moonshot AI has unveiled a new model it says closes the gap with leading U.S. offerings and surpasses OpenAI and Anthropic’s most capable systems on some benchmarks, CNBC reports. Kimi K3 still trails Anthropic’s Claude Fable 5 and OpenAI’s GPT 5.6 Sol on overall performance, the company said today, but consistently outperformed other tested models. The model beat Claude Opus 4.8 and GPT 5.5 — models that sit just behind Anthropic and OpenAI’s leading-edge systems — on benchmarks including coding and general agents, according to Moonshot. It’s China’s largest AI model so far, with 2.8 trillion parameters, referring to the size of its neural network.

  • President Xi Jinping hailed China’s progress in developing low-cost artificial intelligence, pressing his personal imprint on the country’s rapidly expanding global influence to call for a more open technological order, Bloomberg reports. Xi used his first appearance at the World AI Conference in Shanghai today to urge the world to adopt an inclusive approach, encouraging collaboration without rivalries. “AI development should not be a solo performance by a single country, but a symphony of international cooperation,” he said, adding that safety risks must be contained. His presence at the gathering, attended by scores of tech and government leaders, conveys a potent signal of China’s ambitions to dominate a technological sphere with the potential to revolutionize industry and economies — an effort that’s shot to the top of the nation’s agenda.
  • While the West struggles to even define the concept of irregular warfare, China has simply practiced it successfully for millennia, Russell D. Howard writes at Small Wars Journal. Modern Beijing has simply scaled Mao’s physical guerrilla swarms into the digital, economic, and political domains. While the United States debates definitions, Beijing executes an orchestrated, multi-domain gray-zone campaign against the American homeland and its partners every single day.
  • Discussions of distillation often take for granted that it is a form of theft. But there are key differences between “stealing an AI model” and distillation that policymakers should recognize. To properly address distillation, policy should focus on illegitimate model access—and avoid imposing poorly targeted rules that could harm Americans and distort the open and competitive U.S. AI ecosystem, Bahrad A. Sokhansanj writes at Lawfare.

CHINA’S ‘BREATHTAKINGLY FAST’ SPACE CAPABILITIES AND THE SPACE FORCE BUDGET: China’s military advancements justify the Space Force’s $71 billion budget request, the White House nominee to lead the service said during a short and uncontentious Senate confirmation hearing on Thursday, Defense One reports. “I would say that the $71.1 billion that the president has asked for is exactly what we need,” said Lt. Gen. Douglas Schiess, who currently serves as the deputy chief of space operations for operations at the Pentagon. He told the Senate Armed Services Committee that it was “needed because of the threat from China and Russia, and the capabilities that the joint forces needs.” The Space Force’s budget request was thrown into uncertainty earlier this week when House leaders said they would not fully comply with the Trump administration’s proposal to provide much of the money through reconciliation—a partisan-controlled budget maneuver rarely used for defense spending before last year. Under the proposal, reconciliation would have funded some of the service’s most ambitious programs, including the Space Data Network and Golden Dome.

  • “What they are doing with what I’ll call counter-space and space superiority capabilities is breathtakingly fast,” Schiess said of China, Air and Space Forces Magazine reports. When Schiess was asked by Sen. Roger Wicker (R-Miss.) specifically what space threats China poses to the United States, especially in the Pacific region, he rattled off a list of developments: anti-satellite tests from the ground, space capabilities that hold U.S. satellites at risk, and electromagnetic jamming capabilities under development that are “very worrisome.” And it’s not all threats to U.S. satellites. The Chinese military is also using intelligence, surveillance and reconnaissance satellites to target “our forces much farther than they ever have,” Schiess added.

AI HAS ENHANCED IRAN’S ASYMMETRIC PLAYBOOK: Between January and June 2026, Tehran survived unprecedented military, economic, and political pressure by relying on its longstanding hybrid warfare model: blending asymmetric military operations, cyber operations, information warfare, proxy attacks and coercive state control. Artificial intelligence enhanced these capabilities, acting as a force multiplier and almost certainly increasing the speed, scale, and effectiveness of Iranian operations. Ultimately, Iran demonstrated that its strategic resilience does not depend on possessing the most advanced AI capabilities; rather, the source of Iranian power remains the asymmetric playbook itself, says a new Recorded Future report. During these crises, Iran compensated for conventional military and economic disadvantages through scalable, low-cost, and deniable asymmetric capabilities. Iran’s use of AI almost certainly improved its cyber capabilities, accelerated the production of propaganda and influence narratives and expanded the reach of information campaigns. AI’s impact on Iranian military operations is less clear, as Iran’s battlefield use of AI has not been independently confirmed. 

  • Iran has asked Yemen’s Houthi movement to stand ready to close the Red Sea oil route if the United States strikes Iranian power infrastructure, three sources told Reuters on Thursday, posing a potent new threat to global energy supplies. The idea has been discussed ‌within the Islamic Republic’s leadership, and the message has been conveyed to Iran’s Houthi allies, two senior Iranian sources and a regional source familiar with the matter said, ‌speaking on condition of anonymity. The sources said the Houthis had been informed recently of Tehran’s request, which has not been previously reported. 

GAO FLAGS TRANSPORTATION CYBER SHORTCOMINGS: The Federal Aviation Administration (FAA) and Transportation Security Administration (TSA) work together to ensure the cybersecurity of the interconnected systems operating in the National Airspace System (NAS). FAA defined the roles and responsibilities of the entities responsible for carrying out the agency’s related goals and objectives. In contrast, TSA did not, the Government Accountability Office reported. TSA defined its goals and objectives for prioritizing cybersecurity within the agency and in the transportation systems sector in its 2018 Cybersecurity Roadmap. However, the roadmap is outdated and no longer aligned with the latest Department of Homeland Security Cybersecurity Strategy. The roadmap also does not identify the offices responsible for implementing it or define the agency’s cybersecurity-related roles and responsibilities in overseeing airport and aircraft operator security programs. Until TSA updates its Cybersecurity Roadmap to clearly identify its aviation cybersecurity roles and responsibilities, the agency cannot fully hold relevant entities accountable or enable continuous improvements to its related efforts. Moreover, clarity in TSA’s cybersecurity roles, and in turn those of stakeholders, could help minimize the risk of covered systems being exploited.

  • A total of eight cyber personnel have served in a program that began in 2022 to rotate workers between federal agencies to bolster the workforce, a watchdog report said Thursday, CyberScoop reports. Over the life of the Federal Rotational Cyber Workforce program that effectively went away last year, 13 agencies offered 106 positions and received 634 applications, according to the Government Accountability Office. Eight workers won approval to participate. The goal of the Office of Personnel Management-led program, established by bipartisan legislation, was that “participating employees develop knowledge and skills that they can bring back to their home agencies,” as the GAO noted.

MAKING AI WORK FOR CYBER DEFENDERS: The clock is ticking. Frontier artificial intelligence (AI) models with remarkable cyber capabilities have emerged, leaving little time to address weaknesses in U.S. cyber defenses. It is difficult to estimate how quickly strategic competitors — particularly China — will develop similar models, but most assessments suggest that China either already has these capabilities or will develop them in slightly less than a year. A new CSIS report from Carol Kuntz and Lauryn Williams examines the implications of new frontier models for cybersecurity and outlines two key areas where critical defensive measures must be swiftly undertaken. The central thesis is that, with sufficient coordination and action, AI can transform U.S. cyber defenses by giving defenders a variety of new tools, including the ability to move at machine speed to detect and evaluate vulnerabilities and attacks, remediate and recover in response and harden system security. Like other technological advances with the potential to strengthen cybersecurity, AI will not automatically bolster defenders. This progress will occur only if the United States — including the U.S. government at all levels, the private sector and important nonprofit actors — rapidly and deliberately take steps to enable the widespread, safe deployment of these tools..

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

National security challenges increasingly cut across technology, economic competitiveness, critical infrastructure, manufacturing and workforce development. Universities have a growing role to play not only in conducting research, but also in translating ideas into practical solutions and preparing students to confront real-world problems. Auburn University President Dr. Chris Roberts, McCrary Institute Chairman Lt. Gen. (Ret) Ron Burgess, Senior Vice President for Research Dr. Steve Taylor and Samuel Ginn College of Engineering Dean Dr. Mario Eden join Frank Cilluffo on the latest episode of Cyber Focus to discuss Auburn’s commitment to national security. The conversation explores the changing threat environment, the university’s expanding research presence in Huntsville, partnerships among academia, government and industry, and how experiential education can prepare students for jobs and technologies that do not yet exist.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Agriculture

CDC, FDA link Taco Bell lettuce supplier to multistate cyclosporiasis outbreak

Federal health officials said Thursday that a multistate outbreak of cyclosporiasis that has sickened thousands of people has been linked to shredded iceberg lettuce served at Taco Bell restaurants in five states, confirming key findings first reported by The Washington Post. The Centers for Disease Control and Prevention and the Food and Drug Administration said traceback investigators identified a single supplier of iceberg lettuce from Mexico used at Taco Bell restaurants in Indiana, Kentucky, Michigan, Ohio and West Virginia. In updates posted to the CDC webpage and FDA webpage late Thursday, officials urged consumers not to eat shredded iceberg lettuce from Taco Bell restaurants in those states while the investigation continues. The agencies did not name a supplier. But two individuals familiar with the inquiry said investigators have identified Taylor Farms as the supplier of the shredded iceberg lettuce. (WASHINGTONPOST.COM)

Ransomware curdles production at Coca-Cola’s Fairlife dairy biz

Ransomware has soured production at Coca-Cola-owned Fairlife, forcing the dairy business to temporarily halt production at its U.S. plants. In an SEC filing on Thursday, Coca-Cola said Fairlife detected “unauthorized access by a third party to a portion of its systems, including its production-related systems,” in what it described as a ransomware event. The company said it immediately activated its incident response and business continuity plans, brought in outside cybersecurity experts, and notified law enforcement. Fairlife has halted production at its U.S. plants while Coca-Cola investigates the ransomware attack, but its Canadian facilities are still running. (THEREGISTER.COM)

Artificial intelligence

The fight over humanoid robots has shut down a car factory for the first time

When Hyundai Motor Co. unveiled its new humanoid robot worker named “Atlas” in January, tens of thousands of Korean auto employees gaped at the 6-foot-2 robot strutting across a trade-show stage, its joints swiveling a full 360 degrees. The union’s response was blunt: Atlas would never step onto a production line without workers agreeing first. This week, Hyundai’s auto workers in South Korea have gone on a partial strike. It is the car industry’s first factory stoppage addressing humanoid robots. The streets of Hyundai’s main auto-production hub in the city of Ulsan are lined with banners demanding “pre-emptive action” in response to the threat. (WSJ.COM)

Communications

NTP server that traveled back in time caused massive Aussie mobile outage

Australian telco Telstra has revealed the cause of the recent incident that caused widespread connectivity problems across its mobile networks, inculding outages to Australia’s 000 emergency services line, plus outages to electronic payments services and transport networks. The carrier explained itself in a submission [PDF] to a Senate inquiry into outages affecting Australia’s emergency services which initially investigated an outage at Telstra’s main rival, Optus. The Optus incident is linked to multiple deaths after people could not reach emergency services. Telstra’s submission reveals that the carrier’s attempt to address a known resilience problem was the instigating incident. (THEREGISTER.COM)

Cybercrime

Spanish National Police dismantle €140 Million BEC and investment fraud cybercrime ring targeting financial institutions and businesses

Spanish National Police, in collaboration with Interpol and Europol, have dismantled a sophisticated cybercrime and money-laundering organization responsible for defrauding victims of approximately €140 million ($160 million) through investment fraud, business email compromise (BEC), CEO fraud, and man-in-the-middle attacks. The operation resulted in the arrest of four individuals across Spain, Portugal, and Panama, the seizure of 15 computers and over 170 smartphones, and the freezing of €3 million in criminal proceeds for victim restitution. The group operated on an industrial scale, leveraging over 800 bank accounts, 120 business accounts, and 67 money mules to launder stolen funds. The investigation began in early 2026 after suspicious financial activity was detected in 19 companies, with law enforcement confirming that €94 million was laundered through the network and an additional €61 million was linked to BEC operations in 2024. The operation targeted both individuals and businesses, with a particular focus on financial institutions, corporate payment systems, and investment platforms. No specific malware or technical infrastructure indicators have been reported. (RESCANA.COM)

Health care

All About Women’s Care data breach affects up to 12,000 patients

All About Women’s Care in Colorado has notified 12,000 patients that their data has been compromised in a data breach, and Mid-South Pulmonary Sleep Specialists in Tennessee is assessing the impact of a November 2025 ransomware attack. All About Women’s Care, an Englewood, Colo.-based obstetrics and gynecology practice, has identified unauthorized access to its IT environment. Suspicious activity was identified involving an employee VPN account. Third-party cybersecurity experts were engaged to investigate the activity and confirmed that an unauthorized actor obtained the credentials for the VPN account and used them to access its network environment. Files were copied in the attack, the review of which was completed on June 5, 2026. (HIPAAJOURNAL.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Government

GoSerpent silently steals government files for weeks before sending them to hackers

A sophisticated cyber espionage campaign targeting government and diplomatic organizations across Southeast Asia has used a Go-based remote access Trojan, dubbed GoSerpent, to collect sensitive documents for weeks before exfiltrating them via network shares. Researchers first identified the activity in February 2026, although evidence indicates the operation began in late 2025. The attackers deployed GoSerpent as the primary foothold, then used it to install file-collection and credential-dumping utilities. (GBHACKERS.COM)

Malware

ACR Stealer uses ClickFix lures to steal browser tokens and Microsoft 365 files

ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft laid out two of the delivery chains on Thursday. Its Defender Experts team, the company’s managed detection arm, had watched ACR Stealer activity climb across customer environments from late April to mid-June, and says the campaigns are “successfully using ClickFix lures to steal browser credentials, authentication tokens, and sensitive documents.” (THEHACKERNEWS.COM)

New ClickLock macOS malware traps users into revealing login password

A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. The malware is designed to steal cryptocurrency assets, login credentials, password-manager data, browser information, and macOS authentication data, and it can also install a persistent backdoor for ongoing remote access to infected systems. Researchers at Group-IB analyzed the ClickLock shell script after discovering the malware on VirusTotal, where it was first submitted on June 9. At the time of the report, it remained undetected by all security vendors available on the platform. (BLEEPINGCOMPUTER.COM)

New TELEPUZ malware spreads via ClickFix to steal data and run commands

Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report. “While the number of C2 [command-and-control] domains is currently small, the daily volume of builds uploaded to VirusTotal and the rapid pace of updates indicate active development and likely further growth.” (THEHACKERNEWS.COM)

Phishing

Phishing campaign hides Lua Loader as TrueType font file

A large-scale phishing operation has been observed disguising a malicious script as a TrueType font file (.tff). Using the fake .ttf extension, a Lua-based loader is slipped onto Windows systems and a rotating cast of remote access trojans and infostealers is deployed. According to research published on July 16 by Fortinet’s FortiGuard Labs, the campaign has been running since late March 2026 and combines fileless techniques with a low-detection loader to deliver Agent Tesla, Remcos, XWorm and a keylogger called Best Private LOGGER. The operators impersonated well-known companies and used business-cooperation lures to push malicious archives, often attached to phishing emails carrying payment-themed prompts. (INFOSECURITY-MAGAZINE.COM)

1M-plus emails use hidden text to dupe AI security filters

Hackers are using simple text salting to evade both static and artificial intelligence-powered email security checks. Since April, researchers at Barracuda Networks observed more than 1 million retail-themed phishing emails that used hidden text to make malicious social engineering look legit to automated security filters. It’s a simple age-old trick that’s working better today than ever, thanks to an asymmetric advantage afforded by large language models (LLMs). LLMs are helping attackers salt their phishing emails faster and more effectively than ever, whereas the AI-based content analysis engines they’re up against don’t seem to be putting up much of a defense. (DARKREADING.COM)

Vulnerabilities

CISA urges immediate action on actively exploited Fortinet flaws

The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. These two critical-severity security flaws (tracked as CVE-2026-39808 and CVE-2026-25089) were addressed by Fortinet on April 14 and June 9, respectively. As the company detailed in security advisories issued at the time, successful exploitation allows unauthenticated threat actors to execute unauthorized code remotely through low-complexity command injection attacks that require no user interaction. (BLEEPINGCOMPUTER.COM)

Fresh SharePoint vulnerability exploited soon after disclosure

Threat actors have begun exploiting a fresh critical-severity remote code execution (RCE) vulnerability in Microsoft SharePoint, the US cybersecurity agency CISA warns. Tracked as CVE-2026-58644 (CVSS score of 9.8) and fixed as part of Microsoft’s July 2026 Patch Tuesday updates, the flaw is described as a deserialization of untrusted data issue. “In a network-based attack, an attacker authenticated as at least a Site Owner could write arbitrary code to inject and execute code remotely on the SharePoint Server,” Microsoft explains. (SECURITYWEEK.COM)

TP-Link Kasa camera flaws let attackers steal admin credentials and geolocation data

TP-Link has revealed several serious vulnerabilities affecting its Kasa EC70 and EC71 smart camera models, which could expose users to credential theft and geolocation data leakage. These vulnerabilities are CVE-2026-9770 and CVE-2026-13230 and specifically affect version 4 of both devices. Attackers with access to the same local network could exploit these flaws, raising concerns about lateral movement risks in both home and enterprise environments. The most critical issue, CVE-2026-9770, is a hardware cryptographic key disclosure vulnerability caused by a hardcoded key embedded in the device firmware. (GBHACKERS.COM)

ADVERSARIES

Russia

Sandworm hackers have a CAPTCHA trick for Ukrainians

Russian military intelligence hackers have begun using fake CAPTCHA prompts on compromised websites to trick Ukrainian targets into infecting their own computers, researchers have found. In a report published Wednesday, Ukraine’s computer emergency response team (CERT-UA) said it observed a shift this spring and summer in how the Kremlin-backed hacking group Sandworm gains initial access to the systems of Ukrainian targets. The agency said the group has increasingly adopted a version of the social engineering technique known as ClickFix. In this case, victims are directed to compromised websites displaying a fake CAPTCHA security check designed to distinguish humans from computers. (THERECORD.MEDIA)

Russian troops survive just 20-30 minutes on Ukraine’s front lines, CIA director says

Russian recruits arriving on the front lines in Ukraine survive an estimated 20 to 30 minutes before they are killed or wounded, Central Intelligence Agency Director John Ratcliffe said Wednesday, marking the first time a senior American intelligence official has confirmed how deadly the war has become for Moscow. The assessment comes as Ukraine’s battlefield technology has stalled Russia’s advance along the front and drawn foreign partners ready to spend billions of dollars in deals with its defense industry. European and Ukrainian officials have said for months that Russian casualty rates have climbed to record levels, with Ukraine’s top general telling NATO allies in May that Russia loses at least 1,000 soldiers a day. (DEFENSENEWS.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

Fed won’t outsource AI decisions to task force helmed by tech titans, chair says

Federal Reserve Chairman Kevin Warsh defended the composition of a new central bank task force on artificial intelligence Wednesday following questions about its members’ personal financial stakes in the emerging technology. One of five new independent Fed task forces unveiled by Warsh in recent weeks, the productivity and jobs group is charged with assessing the economic impact of AI and other new technologies to inform the agency’s “policy judgments.” The three task force members are Marc Andreessen, co-founder and general partner of the Andreessen Horowitz venture capital firm, Asha Sharma, executive vice president and CEO of Microsoft-owned Xbox, and Charles I. Jones, a Stanford economics professor currently on leave from the university at Anthropic. (FEDSCOOP.COM)

Critical minerals

The U.S. is trampling allies in the global hunt for rare earths

Europe’s effort to loosen Beijing’s grip on the materials it needs to rearm has hit an unexpected snag: the deep pockets of the U.S. America is on a global shopping spree outside China to secure critical minerals for jet fighters, tanks and cutting-edge ammunition, while European countries are hunting the same things to counter the threat of Russian aggression. The U.S. is far outspending Europe, sparking fears that an increasingly protectionist Trump administration will hoard the materials and leave Europeans dependent on China — and more vulnerable to its restrictions. (WSJ.COM)

Defense

CMMC may be paused, but cybersecurity audits likely to return: Industry, experts

Despite the pause of third-party audits in a Defense Department program for contractors, the Pentagon will likely have to return to some kind of review regime to ensure there are no unlocked virtual doors for adversary hackers to walk through, according to industry officials and experts. Leaders in the Department of Defense and Small Business Administration announced Monday that they are taking a pause on Phase II of the Cybersecurity Maturity Model Certification (CMMC) program, which requires companies working with the DoD to undergo third-party assessments to ensure they’re compliant with cybersecurity standards. CMMC does not set the standards; those come from NIST SP 800-171 Rev 2, which outlines 110 cybersecurity requirements to protect controlled unclassified information (CUI). CMMC, rather, is focused on ensuring any contractor bidding for a certain capability complies with said standards. (BREAKINGDEFENSE.COM)

Can new drones, 3D printers defeat distance’s tyranny? RIMPAC aims to find out

Replacing broken parts and resupplying ships at sea is a challenge anywhere, but in the Pacific theater, that problem is magnified by thousands of miles of sea water. Now, as part of the sprawling Rim of the Pacific, the U.S. military is practicing how it might use tech like self-driving boats and 3D printers that can be thrown out of airplanes to overcome the region’s oft-lamented tyranny of distance. “We are piloting this program during RIMPAC to experiment with the idea of what theater-wide advanced manufacturing is going to look like for the joint force,” Rear Adm. Michael Mattis told reporters during a media day at the U.S. Pacific Command Joint Advanced Manufacturing Center, calling it the U.S. military’s largest advanced manufacturing demonstration so far. (DEFENSEONE.COM)

Broken drone, far from home: The case for overseas autonomous system sustainment

OPINION: For decades, the Navy’s maintenance model has assumed a large, manned platform serviced at established industrial piers under clear legal and logistical frameworks. The hedge force fits none of those assumptions, and closing the gap will take three steps. First, the Navy needs an honest assessment of what these systems require to stay in the fight. Second, planners should reckon with the wartime vulnerability of large, centralized bases like Guam or Yokosuka, and use the flexibility unmanned systems afford to build out a distributed network of smaller, more austere ports. Finally, the service should establish the organizational, logistical, and legal blueprint to execute that distributed plan. Only by aligning the geographic, operational, and organizational realities of the new fleet can the Navy transform its conceptual unmanned fleet into a combat-ready one. (WARONTHEROCKS.COM)

Forging the future soldier: Exoskeletons, genetic engineering and cyborgs

OPINION: The accelerating convergence of exoskeletons, genetic engineering, and cyborg technology is fueling a global military race to create biologically and technologically enhanced soldiers. While these innovations promise to revolutionize warfare by offering unprecedented human capabilities, they also introduce profound ethical dilemmas and critical security risks that could reshape the future of global conflict. To maintain a strategic advantage, military forces must adopt a forward-thinking framework of robust cybersecurity, international policy collaboration, and adaptive counterstrategies. (SMALLWARSJOURNAL.COM)

Drones

Army’s heavy units face counter-drone capability gaps

During a recent training rotation to the Mojave Desert, soldiers with 2nd Armored Brigade Combat Team reckoned with a problem heavy units across Eastern Europe have become all-too familiar with in recent years: drones. While troops with the Spartan Brigade launched loitering munitions, reconnaissance drones and electronic effects at a simulated enemy in Fort Irwin, California, last month in concert with their tanks, Bradleys and light vehicles, unit leaders also told reporters on Thursday that unmanned aerial systems still present an enduring issue for the tank-centric formation. Lt. Col. Joseph Steadman, commander of 6th Squadron, 8th Cavalry Regiment, said the inability to defeat drones counts as “the biggest capability gap that we have as an Army Brigade Combat Team in order to maintain maneuver.” (DEFENSESCOOP.COM)

South Korea used anti-drone netting during recent logistics exercise

Faced with the ubiquitous threat from small attack drones, military forces around the world are resorting to the use of large amounts of mesh netting for protection, something TWZ was among the first to highlight. Now it appears the South Korean military may be employing this defensive measure as well. After a recent logistics training exercise in South Korea, photographs were posted on the Pentagon’s image distribution site showing what appears to be anti-drone netting on a ship-to-shore floating platform used for moving cargo and troops. While it’s possible that it could be for some other purpose, the netting appears to be in line with other examples of drone defensive measures seen in Ukraine and many other places, including recent usage by Dutch forces. (TWZ.COM)

Energy

GAO recommends efforts to streamline project management at national laboratories and nuclear sites

The Department of Energy and National Nuclear Security Administration manage over $65 billion in construction and acquisition projects at 16 contractor-operated labs and nuclear enterprise sites. DOE and NNSA are implementing changes to streamline how they manage these projects. This includes delegating more authority to contractors and limiting independent reviews. But we found these changes could lead to less confidence in cost estimates and delay with identifying performance issues. The Government Accountability Office recommended DOE and NNSA develop goals and measures to assess whether their reform efforts are effective. (GAO.GOV)

Energy adds more AI startups to Genesis Mission Consortium

Scale AI is joining the Department of Energy’s Genesis Mission consortium, serving as the collaborative hub for working groups and structured partnerships, the vendor shared with FedScoop prior to its announcement Thursday. The technology provider is the latest private-sector partner to join DOE’s Genesis Mission Consortium as the agency continues building up its roster. Emerald AI and SambaNova Systems have also jumped on board in recent weeks. For Scale AI, the partnership represents a further expansion of its role in the Genesis Mission and comes after it signed a memorandum of understanding earlier this year. (FEDSCOOP.COM)

FERC sets year-end deadline for NERC to finalize registry criteria and standards for computational loads

At its monthly open meeting Thursday, the Federal Energy Regulatory Commission (FERC) directed NERC to act by the end of 2026 to finalize registry criteria and initial Reliability Standards pertaining to the integration of computational loads on the bulk power system. This is consistent with NERC’s ongoing large loads activities under its authority as the Electric Reliability Organization. Reliable integration of computational loads is a critical priority for the nation. To enable this objective, NERC is acting with urgency in collaboration with stakeholders to implement a Large Loads Action Plan. Filed with FERC in March, the plan addresses electric reliability risks from large computational loads, such as data centers and cryptocurrency facilities. This multi-pronged effort includes developing three draft foundational Reliability Standards to establish measurable and enforceable requirements. (NERC.COM)

Health care

Breaches from lost or stolen devices hit all-time low

Good news about progress in cybersecurity in healthcare is rare, but this year reports of breaches lost or stolen unencrypted laptops, desktop computers, servers or other computing devices may hit an all-time low. In fact, in the first half of 2026, no such breaches have been reported to federal regulators. The number of breaches tied to endpoints has been steadily declining since 2013, when nearly 80% of all breaches involved lost or stolen unencrypted computing devices, affecting 5.5 million people, according to data reported to the U.S. Department of Health and Human Services. (HEALTHCAREINFOSECURITY.COM)

Leadership

Federal CIO reflects on tenure, calls for congressional tech reforms

Outgoing Federal Chief Information Officer (CIO) Greg Barbaccia said July 16 that the accomplishment he’s most proud of during his public service is changing how the Federal CIO Council and the Office of Management and Budget (OMB) work with agency technology leaders. Barbaccia announced his departure earlier this month, and his last day in federal service will be Aug. 31. He also serves as the federal chief AI officer and the acting director of the General Services Administration’s Technology Transformation Services. “What I’m most proud of is flipping the paradigm of OMB putting out policy in a vacuum without understanding the ground truth,” Barbaccia said while speaking at GovExec’s Government Efficiency Summit on July 16 in Washington, D.C. “I think the worst thing we could do is trade policy in a vacuum.” (MERITALK.COM)

Social media

UK investigates TikTok for alleged age-verification lapses, exposing kids to online harms

TikTok is under investigation for allegedly failing to effectively verify users’ ages and thus inadequately protecting children online, the U.K.’s communications regulator announced Wednesday. Ofcom alleges that the social media platform may be violating Britain’s Online Safety Act. Age inference models, including those TikTok deploys, may have “failed to correctly identify a significant proportion of children, putting them at risk of exposure to harmful content,” Ofcom said in a press release. TikTok’s procedures may have failed to correctly estimate the ages of “a significant proportion of children,” Ofcom said. (THERECORD.MEDIA)

Transportation

San Francisco mayor pushes for tougher rules after the Waymo traffic fiasco

It turns out that even San Francisco mayor Daniel Lurie, who once declared that the city should be a testbed for emerging tech, has his limits. Especially when that emerging tech creates a massive hours-long traffic jam that leaves thousands at a standstill. Mayor Lurie has asked state regulators to bolster rules for autonomous vehicles nearly two weeks after Waymo robotaxis became immobile in heavy July 4 traffic, ran out of power, and blocked key streets, further compounding the gridlock. The traffic jam, which trapped municipal shuttles, became a citywide problem that affected thousands of people. (TECHCRUNCH.COM)

LEGISLATIVE UPDATES

Budget resolution faces dicey House vote after committee approval

The House Budget Committee approved a fiscal 2027 budget resolution Thursday as the first step toward passing a filibuster-proof reconciliation bill to provide tens of billions of dollars for defense, farm aid and voting restrictions. The panel advanced the GOP-backed budget resolution on a strictly party-line vote of 20-14 after rejecting 14 amendments, all offered by Democrats. But in one sign of potential trouble as the resolution heads to the House floor, Rep. Chip Roy (R-Texas), a Budget member who also serves on the powerful Rules Committee, did not vote at Thursday’s markup. (ROLLCALL.COM)

Chinese memory ban would cut off RAMpocalypse relief

Two up-and-coming Chinese memory vendors, YMTC and CXMT, could offer customers relief from shortages and skyrocketing prices, but not if US Representatives John Moolenaar (R-Mich.) and George Whitesides (D-Calif.) have anything to say about it. In a letter to Commerce Secretary Howard Lutnick made public on Thursday, the lawmakers urged the Trump administration to tighten restrictions on Chinese memory manufacturers, arguing that purchases of their chips by US companies would undermine Western memory makers and subsidize the People’s Liberation Army. (THEREGISTER.COM)

GOP senator blasts ‘amateurish’ DOGE work, lack of detail on savings

As the so-called Department of Government Efficiency fades into the federal rearview, a Republican senator on Thursday railed against the White House’s budget chief over the group’s “amateurish” practices and the lack of documentation of its supposed savings. Sen. Thom Tillis (R-N.C.) grilled Russell Vought about DOGE’s impact near the end of a Senate Banking Committee hearing about the Consumer Financial Protection Bureau, which the OMB director has led on an acting basis since February 2025. Vought previously told House lawmakers that there would be no after-action report on DOGE’s performance ahead of its July 4 sunsetting. But Tillis asked him to share one initiative that was the “best example” of what the Elon Musk-created group accomplished. (FEDSCOOP.COM)

Democrats demand transparency from White House on Schedule Policy/Career

Dozens of House and Senate Democrats are demanding answers from the Trump administration on its implementation of Schedule Policy/Career — a move that’s already affecting thousands of career federal employees and may be poised for expansion. A letter sent to the White House on Wednesday, obtained exclusively by Federal News Network, called for details about exactly how many positions were reclassified last month, and whether the administration plans to add to the list of those stripped of their civil service protections. Lawmakers argued that the White House has not provided enough information on who has been affected and why, compounding their concerns about Schedule Policy/Career. (FEDERALNEWSNETWORK.COM)

ALERTS AND ADVISORIES

CISA adds three known exploited vulnerabilities to catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-25089 Fortinet FortiSandbox OS Command Injection Vulnerability, CVE-2026-39808 Fortinet FortiSandbox OS Command Injection Vulnerability, CVE-2026-58644 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

6G: Join CSIS, senior U.S. government officials and leading global partners for a July 29 public forum examining the geopolitical and security landscape of next-generation wireless infrastructure. This event will feature the launch of the “Call to Action for 6G Leadership and Security,” a joint initiative between the United States (coordinated by the National Telecommunications and Information Administration) and partner nations designed to strengthen digital supply chains, accelerate innovation, and expand multilateral cooperation on wireless technology. 

AI HEALTH CARE: The AI in Health Conference from Sept. 15 to Sept. 17 bridges the gap between artificial intelligence and real-world health outcomes — focusing not just on what AI can do, but on what it should do to improve patient care. Hosted by the Ken Kennedy Institute at Rice University, the fifth annual AI in Health Conference will explore the current landscape of artificial intelligence in health and present a research-driven outlook for the future of computational health innovation. The program is designed to connect researchers and innovators with engineers, clinicians, and entrepreneurs at the forefront of AI in healthcare and public health.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!