Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – July 2, 2026


Cyber Briefing

DIRECTOR’S NOTE: Read here

TODAY’S TOP 5

WHEN AI TURNS AGAINST AI INFRASTRUCTURE: The rapid integration of large language models and autonomous artificial intelligence systems into defense, critical infrastructure and enterprise environments has created a fundamentally new attack surface — one that existing cybersecurity frameworks were not designed to address. At Small Wars Journal, Capt. Scott Pleasants examines the emerging threat of AI systems being leveraged to target AI infrastructure itself, with particular focus on four documented attack classes: sponge examples for resource exhaustion, neural trojan backdoor attacks, adversarial workload scheduling and model extraction through black-box querying. Drawing on published academic research and documented adversary behavior from state-sponsored threat actors including Russia’s Sandworm unit and China’s People’s Liberation Army (PLA) Cyberspace Force, the article argues that AI infrastructure has become strategic infrastructure — requiring security treatment commensurate with that status. Defensive countermeasures exist for each attack class but remain largely unimplemented in operational environments.

  • The international community has invested significant normative energy in ensuring that autonomous weapons systems remain subject to meaningful human oversight. That principle — that consequential decisions require transparency, traceability and the possibility of challenge — should not remain confined to the military domain, Mariana Beselga argues at Just Security. It applies equally to the algorithmic systems through which states exercise authority in civilian domains. Extending accountability norms from military to civilian AI governance systems is not a theoretical exercise. In fragile, post-conflict and reconstruction settings undergoing digital transformation, the governance of civilian AI systems is already a defining condition for sustaining peace.

THE BATTLE OVER HOW TO TAME AI HAS JUST BEGUN: Yes, the Fable ban may be over. But America’s debate over the degree to which the federal government should control access to cutting-edge AI tools is just heating up, The Wall Street Journal reports. There is growing awareness of just how powerful new AI tools are, but little agreement over how they should be controlled. Spooked by the potential for new models from Anthropic and OpenAI to help bad actors find unknown software vulnerabilities to launch cyberattacks, the Trump administration recently created a new de facto approval process. It drew lightning bolts from across the tech-policy spectrum for flipping its approach to AI oversight, moving from an earlier hands-off approach. “U.S. labs are getting the message that they should make sure that their models are never very good at cyber evaluations, lest they land in endless model purgatory,” Alex Stamos, chief product officer of AI security firm Corridor, wrote on X after the Fable ban was lifted.

  • Anthropic says that it plans to remove hidden codes it added to Claude Code several months ago to catch other AI companies that are trying to steal from its models. Thariq Shihipar, an engineer at Anthropic who works on the Claude Code team, said on Tuesday that a fix was due Wednesday, The Register reports. “This is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation,” Shihipar explained, using the industry term for copying AI models through repeated queries. “The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while.”
  • Alvin Graylin and Jon Rosenwasser have argued that U.S. AI policy rests on two load-bearing assumptions, and that both are misguided. The first is that the United States can capture the lion’s share of the AI economic windfall by reserving its best models for itself and denying them to rivals. The second is that the United States cannot afford to regulate AI at home, because China will not, so any self-imposed restriction will cede the terrain to Beijing. The past two weeks offer further proof that both propositions are false, they argue at Lawfare, and it is time to correct two seminal fallacies and provide U.S. AI policy with enduring structural integrity. Otherwise, we risk building the AI ecosystem on a foundation that will buckle under the weight of a rapidly maturing infrastructure.

NEW DEFENSE DRONE CZAR: Defense Secretary Pete Hegseth has signed a new memo creating a Direct Reporting Portfolio Manager (DRPM) for autonomy, as part of a high-level effort to keep pace with adversaries’ drone programs, Breaking Defense reports. That role, which would report directly to Deputy Defense Secretary Stephen Feinberg, would subsume a significant portion of unmanned systems efforts currently underway at the service level — including all ground vehicles, all small air vehicles and almost all sea vehicles — under one “czar.” Known as DRPM-UxS, the job will serve as “the single joint integrator for all unmanned and autonomous system programs” within the Pentagon, per the memo, which was signed Monday and obtained by Breaking Defense. Hours after publication of this story, the Pentagon released the memo to the public.

  • The defense industrial base fears AI-powered cyberattacks and firms aren’t confident they can detect such an assault from enemies of the U.S., according to a survey by compliance and security automation platform Secureframe, Corporate Compliance Insights reports. The survey found 85% of DIB companies anticipate AI-powered attacks and deepfake social engineering will affect them within two years while only 28% feel fully confident in their ability to detect nation-state cyber threats. About half (46%) said they were somewhat confident they could assess such a threat despite gaps in their cybersecurity, and 11% said they were not confident in their protections against nation-state cyberattacks.

DEEPSEEK BUILDS IN-BROWSER RANSOMWARE: AI can turn high-level malicious ideas into concrete techniques, and can independently design and implement novel attack paths that have not yet appeared in real-world campaigns, Check Point Research reports. In this research, DeepSeek connected unrealistic browser-malware concepts with a real browser capability, turning an AI-generated malware hallucination into a plausible browser-native ransomware technique. Although the generated sample was incomplete, it exposed a practical abuse path based on the File System Access API and access to photo directories. The technique does not require a native payload, APK installation, browser exploit, or root access. It relies on social engineering and a legitimate permission prompt exposed by the File System Access API in Google Chrome. The Android scenario is especially concerning because photo directories are high value personal data stores and, unlike iOS, modern Android Chrome versions expose a browser API that allows web pages to read and modify files in those directories after user approval. 

THE RIGHT ANALOGUE FOR UNDERSTANDING CYBER OPS: How can a state have experienced cyber operators, a long record of cyberattacks and an incentive to retaliate, yet struggle to produce major effects when it needs them most? Answering this question requires looking at how cyber operations work in reality, Aybars Tuncdogan writes at the Modern War Institute at West Point. Cyber retaliation is often discussed as if it were a form of instant firepower, but it works more like espionage. Its most serious effects usually depend on preparation carried out over months or even years before a crisis begins. Without such groundwork, operators must go through much of this process after a war begins. As a result, major cyber effects may not only arrive late but also prove lackluster, as the work must be carried out against an adversary that is already alert and actively looking for intrusions. This helps explain why Iranian cyber activity, especially against Israeli targets, appeared limited at first and then became more visible over time.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

Army Principal Cyber Advisor Brandon Pugh joins Frank Cilluffo on this replay episode of Cyber Focus to address a stark reality: if critical infrastructure fails, the Army cannot mobilize. To meet this “no fail” mission, Pugh explains how the service is aggressively merging cyber with electronic warfare and cutting red tape to field new technology in days rather than years. They also discuss the Army’s unique edge in this digital fight — reservists who bring high-level private-sector expertise directly to the battlefield. The conversation also explores how AI and operational technology are reshaping the Army’s cyber battlefield and threat landscape.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Cybercrime

Alleged member of hacking group ‘Scattered Spider’ arrested in Finland

An alleged member of the “Scattered Spider” hacking group has been arrested and extradited to the United States, U.S. authorities announced on Wednesday. Peter Stokes, 19, was arrested in Finland in April and faces charges of conspiracy, computer intrusion, and fraud, the Justice Department said in a press release. Stokes, a dual U.S.-Estonian national, appeared at a federal court on Tuesday in Chicago, where he was ordered to remain in custody. (EURONEWS.COM)

Financial

Analysis of ongoing Ousaban attacks targeting the Iberian Peninsula

In May 2026, FortiGuard Labs identified an attack targeting users in Spain and Portugal involving the banking Trojan Ousaban. This malware has been active in Brazil and is spread through an MSI downloader. The malicious payload involves a DLL file that is run via DLL side-loading or process injection. In this campaign, the threat actor primarily targets users in Spain and Portugal. Figure 1 shows how the attack unfolds. The phishing PDF tricks victims into visiting a malicious webpage that scans the user’s environment. If they are in Spain or Portugal, the webpage downloads a VBS file to kickstart the next part of the attack. The final payload is an EXE file that is dropped onto the victim’s computer and executed by the VBS script. (FORTINET.COM)

Manufacturing

Kubota says hackers had monthlong access to network systems

Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. Following an investigation into the incident, the company determined that between March 16 and April 20 the threat actor accessed files with personal information for employees and their dependents. Kubota is a Japanese industrial manufacturer known for its agricultural and construction equipment. It operates in 120 countries, employs more than 52,000 people, and has a reported annual revenue of $20 billion. (BLEEPINGCOMPUTER.COM)

Ransomware

FortiBleed credential-theft campaign linked to Lynx ransomware

The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. Earlier this month, a server containing credentials stolen from more than 73,000 Fortinet devices was discovered exposed on the internet. Researchers found the server contained downloaded FortiGate configuration files, credentials harvested from compromised devices, and infrastructure used to crack password hashes and perform credential-stuffing attacks. The campaign was dubbed “FortiBleed” due to the large number of exposed credentials and the massive credential-theft operation. (BLEEPINGCOMPUTER.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

Sysdig details JADEPUFFER, the first documented agentic ransomware operation

Like any other cybercrime, a ransomware attack also requires an actual human to plan, choose targets, test credentials, or fix mistakes when code breaks. However, according to cybersecurity researchers at Sysdig, they have now documented a case in which the human factor appears to have been replaced by a large language model (LLM) agent, with a full extortion operation carried out from initial access to database destruction. Researchers at the Sysdig Threat Research Team named the operator JADEPUFFER and described it as an agentic threat actor, meaning the attack execution came from an AI agent, not a human-controlled toolkit. The company said the campaign began with an exposed Langflow instance and ended with a destructive database extortion attack on a separate production server. (HACKREAD.COM)

Critical Cursor flaws could let prompt injection escape sandbox and run commands

Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor’s safety sandbox and run any command on a developer’s computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026-50548 and CVE-2026-50549, both rated 9.8 out of 10 (or 9.3 under the newer CVSS 4.0 scale). The fix is already out. Both bugs are patched in Cursor 3.0, released April 2, and every version before 3.0 is affected. Cursor’s maker says more than half the Fortune 500 use the tool, so if you run it, update now. (THEHACKERNEWS.COM)

Cryptocurrency

Fake ‘Google Notes’ browser extension caught swapping crypto wallet addresses

McAfee researchers are warning cryptocurrency users worldwide about a malicious browser extension that hides behind the name “Google Notes” while changing wallet addresses during transactions. In cybersecurity terms, this is clipper malware, more specifically a crypto clipper delivered through a malicious browser extension. Published on June 30, 2026, and shared with Hackread.com, the McAfee Advanced Threat Research report says the campaign uses unsigned installers to place a malicious extension inside Chromium-based browsers, including Google Chrome, Brave, and Microsoft Edge. The extension presents itself as a simple note-taking tool, but its main purpose is to watch for copied cryptocurrency wallet addresses and replace them before the user pastes them into a payment field. (HACKREAD.COM)

Malware

New ChocoPoC RAT targets vulnerability researchers via fake PoC exploit repos

Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and Sekoia published their joint findings on July 1 and warned that, as of that report, the malware and its servers were still live, so do not run any of these PoCs. (THEHACKERNEWS.COM)

Fileless malware abuses Google Blogspot to deploy infostealer in memory

A fileless malware framework has been abusing Google’s Blogspot platform to deliver the PureLog Stealer entirely in memory, letting attackers steal credentials while leaving few traces on disk. Securonix Threat Research, which named the framework Veil#Drop, said the campaign chains together compromised websites, a booby-trapped JavaScript file and PowerShell to reach its target. PureLog Stealer is a known .NET infostealer, but the multi-stage delivery route is what sets this operation apart. (INFOSECURITY-MAGAZINE.COM)

Hackers use Dropbox URLs and TryCloudflare tunnels to deliver AsyncRAT malware

A recent threat intelligence report from Forcepoint X-Labs reveals a sophisticated AsyncRAT malware campaign exploiting legitimate services to bypass detection. Threat actors are using Dropbox URLs and TryCloudflare Quick Tunnels to deliver malicious Python packages to unsuspecting victims. This campaign highlights a growing trend of attackers weaponizing trusted infrastructure to distribute Remote Access Trojans (RATs) and infostealers. (CYBERPRESS.ORG)

Vulnerabilities

CISA warns actively exploited Microsoft SharePoint RCE flaw requires urgent patch

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. Tracked as CVE-2026-45659, the flaw is a deserialization-of-untrusted-data vulnerability affecting Microsoft SharePoint Server. The Vulnerability stems from CWE-502, a well-documented class of bugs where an application processes serialized data from an untrusted source without proper validation. (CYBERPRESS.ORG)

Over 900 Oracle E-Business instances exposed to ongoing attacks

Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. The vulnerability (tracked as CVE-2026-46817) was found in the File Transmission component of EBS’s Oracle Payments product and allows malicious actors without privileges and with HTTP network access to take over vulnerable systems through low-complexity attacks. Oracle has patched this flaw with security updates released as part of its May 2026 Critical Security Patch Update and urged customers to patch their systems immediately. (BLEEPINGCOMPUTER.COM)

Citrix patches NetScaler vulnerabilities, including new ‘HTTP/2 Bomb’ attack

Citrix on Tuesday announced fresh NetScaler ADC and NetScaler Gateway security updates that resolve six vulnerabilities, including the recent HTTP/2 Bomb flaw. Four of the issues, tracked as CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, and CVE-2026-10816, are high-severity out-of-bounds read, memory overflow, and arbitrary file read bugs. Tracked as CVE-2026-10816, the fifth is a medium-severity out-of-bounds read, while the sixth is HTTP/2 Bomb, a denial-of-service (DoS) exploit targeting Apache HTTP Server. (SECURITYWEEK.COM)

Unpatched Argo CD repo-server flaw could let attackers take over Kubernetes clusters

Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD’s maintainers in January 2025; roughly eighteen months later, it remains unpatched, so it published the details to warn users. The bug sits in repo-server, the Argo CD component that reads Git repositories and builds Kubernetes manifests, the files that define what the cluster deploys. (THEHACKERNEWS.COM)

JetBrains patches critical hub authentication bypass and account takeover vulnerabilities

JetBrains has released patches for several critical vulnerabilities in JetBrains Hub that could allow for full authentication bypass, account takeover, and unauthorized privilege escalation across integrated JetBrains services. Administrators are urged to update their Hub instances immediately. JetBrains’ latest fixed-issues bulletin highlights three new critical vulnerabilities affecting Hub, the central identity and access management component that authenticates users for products such as YouTrack, TeamCity, and other JetBrains services. (GBHACKERS.COM)

ADVERSARIES

China

The blind spots in Chinese military studies

OPINION: To make well-grounded assessments of “red,” one should be deeply indoctrinated in Chinese methods of war rooted in doctrinal texts of the People’s Liberation Army. And those sources, at least at the unclassified level, are drying up. The authoritative primary and secondary source documents published by reputable academic institutions affiliated with the Chinese military are dwindling or becoming outdated in the face of the People’s Liberation Army organizational reforms. This creates a “blind spot” for academics and “blue” force planners attempting to simulate how China would react to a fast-evolving battlefield environment. (WARONTHEROCKS.COM)

Iran

Cyber breach was limited, California water agency says

An investigation into a June 11 cyber attack claimed by an Iranian-linked hacker group found that hackers accessed one California Water Service customer’s online account using stolen credentials, but did not breach the utility’s internal systems or billing infrastructure, the company announced this week. Cal Water has continued to investigate claims made on June 11 by an Iranian-linked hacker group that it breached Cal Water’s systems throughout the state — including some in Chico. When the claims were made, Cal Water said it activated its cybersecurity response plan and worked “around the clock” to conduct an investigation, being supported by the state and federal government, as well as cybersecurity experts. (GOVTECH.COM)

Russia

Nebraska representative’s Signal chat hacked by Russia, he reveals

Nebraska Rep. Don Bacon revealed on social media that his Signal chat had been hacked by Russia months ago. Posting on X, Bacon said he had been notified of the breach by law enforcement and House cyber experts. The Republican, who is a member of the House Armed Services Committee, noted in his post that Signal is not secure and is not a good choice for sensitive communications. (NEWSNATIONNOW.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

FTC eyes AI model behavior in new policy push

A Trump administration-dominated U.S. Federal Trade Commission took aim Wednesday at “undisclosed ideological objectives” embedded in the responses of large language models, warning that anything other than “truthful and accurate outputs” could run afoul of consumer protection law. The agency sought public comment on a proposed policy statement declaring that a “hidden agenda” enacted by AI developers could trigger enforcement against deceptive business practices. The proposal takes heavy exception to a recently revised Colorado law creating liability for AI developers whose models result in unlawful discrimination. (GOVINFOSECURITY.COM)

Can you embrace AI without layoffs? This company says it’s trying

Artificial intelligence has taken over much of what used to be Fabrizio Primerano’s software engineering job. It brainstorms with his colleagues, researches competitors and writes and tests code. But Primerano still has a job, at the German software giant SAP. It includes fewer routine tasks and more of what feels like managing and mentoring AI agents, or bots that can be programmed to act like personal assistants and, increasingly, human employees. “It’s freeing me up to do more of this creative work,” Primerano said recently. That is what executives of SAP, the largest software company in Europe by market value, say they want. (NYTIMES.COM)

OMB eyes AI tool to flag grants that don’t align with Trump’s agenda

The White House is exploring the use of artificial intelligence to identify grants that aren’t in sync with Trump administration priorities. Rep. Marie Gluesenkamp Perez (D-Wash.) asked Office of Management and Budget Director Russell Vought during a House Appropriations subcommittee hearing Tuesday if OMB is building an AI tool to “flag grants that are misaligned with the administration’s agenda.” Vought acknowledged that OMB is “definitely working on technology, including AI, to be able to have a wider-angle lens about what is going on with the federal government.” (FEDSCOOP.COM)

Data centers

U.S. data center power plants’ emissions could rival Australia’s, report says

United States data centers generating their own power could emit the same amount of greenhouse gases as the nation of Australia, according to a new analysis by an environmental watchdog group looking at proposed projects. The report from the Environmental Integrity Project examined announced data center projects that include on-site power generation from burning natural gas. The report’s authors identified 74 such projects and then used computer models to calculate that the pop-up power plants, if built, could emit 662 million tons of greenhouse gases annually. The facilities, which are expected to generate 143 gigawatts of power altogether, would also emit some 159,142 tons of health-harming air pollution, including emissions that can trigger heart and asthma attacks. (EENEWS.NET)

New Jersey lawmakers send data center tariff bill to governor

New Jersey lawmakers on Tuesday passed a bill requiring the state’s Board of Public Utilities to establish standards for tariffs that will apply to all data centers of at least 50 MW with the aim of shielding other ratepayers from costs associated with connecting large loads to the grid. The bill now heads to the desk of Democratic Gov. Mikie Sherrill, who has made energy affordability a core issue. Her predecessor, Phil Murphy, pocket-vetoed a similar bill earlier this year by not signing it before his term ended. The bill’s sponsor, Assemblyman David Bailey Jr., D, said Sherrill’s office was involved in forming the latest version and he expressed optimism she would sign it. (UTILITYDIVE.COM)

Drones

Video purportedly shows Ukrainian unit running down Russian Shahed. The U.S. is paying attention

A Ukrainian drone unit has posted a video reportedly showing American-made Merops interceptors running down an Iranian-designed Shahed drone, fresh proof the cheap weapon works as the U.S. Army moves to build a version it can field at scale. Ukraine’s 427th Separate Unmanned Systems Regiment, known as Rarog, posted the unverified night-vision clip to its Telegram channel last month showing an interceptor closing on a one-way attack drone and a flash at the moment of contact. The unit flies Ukrainian-built interceptors alongside foreign systems, and did not specify which it used. (DEFENSENEWS.COM)

Hegseth realigning DoD’s scattered unmanned and autonomy work under new drone boss

Defense Secretary Pete Hegseth established a new direct reporting portfolio manager for unmanned offensive and defensive systems — dubbed DRPM-UxS — to serve as the “single joint integrator” for almost all of the Pentagon’s autonomous and drone assets, investments and operations. In an official memorandum to senior Defense Department and military leaders dated June 29, Hegseth called UxS “the most consequential battlefield innovation of this generation” and laid out instructions to set up the new hub to ensure that the agency is moving “at the speed this moment” demands. “While global military unmanned systems production has skyrocketed over the last three years, the United States has been slow to field these capabilities at scale,” he wrote in the memo, which the department released on Wednesday. (DEFENSESCOOP.COM)

Nuclear

NNSA aims to balance modernization, asset protection amid Genesis Mission

As the Department of Energy spearheads the administration’s AI-fueled Genesis Mission, the nation’s nuclear weapons agency is working to both keep up with the private sector while ensuring security of its work. During a panel at Amazon Web Services’ Washington, D.C., summit Tuesday, National Nuclear Security Administration head Brandon Williams said that while leaders like DOE’s Darío Gil work to get industry involved in the scientific discovery project, his own work at NNSA is “to run the dark side of that.” Williams said he’s making sure the nuclear agency is protecting its assets and “always keeping pace” with the best tools in industry. (FEDSCOOP.COM)

Risk management

State, local cyber grant funding can’t be used on ‘bundled’ services from membership groups, FEMA clarifies

The Federal Emergency Management Agency has clarified its rules for how state and local governments may use funding from the State and Local Cybersecurity Grant Program and the Tribal Cybersecurity Grant Program. In a June 16 information bulletin, FEMA clarified rules created last year by the Department of Homeland Security prohibiting grant funds from being spent on services provided by the Multi-State Information Sharing and Analysis Center, a popular membership organization run by the Upstate New York nonprofit Center for Internet Security. Rather, the new bulletin notes, state and local governments are prohibited only from spending the federal cyber grant funds on “membership fees that include bundled cybersecurity or technical services,” because FEMA is unable to determine if “these costs are reasonable.” (STATESCOOP.COM)

Social media

Majority of Americans support banning social media for kids under 16

Nearly six-in-ten U.S. adults support banning anyone under the age of 16 from using social media sites, according to a new Pew Research Center survey. The survey comes as governments around the world weigh new restrictions on teens’ use of social media. About one-in-five adults oppose banning those under 16 from using social media. And roughly a quarter are unsure, according to the survey conducted May 26-June 1, 2026. (PEWRESEARCH.ORG)

WhatsApp usernames are already raising impersonation red flags

WhatsApp this week started rolling out username reservations ahead of the broader launch planned later this year. The feature — which lets people find and message each other by handle instead of phone number — is already raising impersonation concerns, drawing scrutiny from security experts and regulators in India, the app’s largest market, with more than 500 million users. The rollout marks a shift in how people identify one another on WhatsApp. Instead of relying on phone numbers as the primary identifier, users will increasingly interact through platform-managed usernames, a change that Meta says improves privacy but that critics argue could create new opportunities for impersonation. (TECHCRUNCH.COM)

Space

NASA awards nearly $600M for moon base payload deliveries

NASA awarded nearly $600 million across three commercial lunar delivery orders that will send science and technology payloads to the moon in late 2028 as part of the agency’s Moon Base work. NASA awarded the new lunar lander contracts to Astrobotic, Firefly Aerospace, and Intuitive Machines through the agency’s Commercial Lunar Payload Services (CLPS) initiative, the agency said in a June 30 announcement. CLPS is a backbone of the Moon Base program. The orders include $297.9 million to Astrobotic for two deliveries, $144.2 million to Firefly Aerospace, and $148.3 million to Intuitive Machines for one delivery each. (MERITALK.COM)

LEGISLATIVE UPDATES

Garbarino confident NDAA will include wind rider

Republican Rep. Andrew Garbarino of New York expressed disappointment Tuesday that House GOP leaders blocked his push to curb the Pentagon’s delay in processing wind project permits as part of the annual defense policy bill. A proposed bipartisan amendment from Garbarino and Rep. Don Beyer (D-Va.) would have added language to the House’s National Defense Authorization Act mirroring wind-related text that Sen. Angus King (I-Maine) got included in the Senate’s version of the bill. But Garbarino told POLITICO he’s still optimistic legislation to accelerate the Pentagon’s process for assessing the impacts that proposed wind projects could have on military operations will make it into the final NDAA, given bipartisan support for curbing administration efforts to stymie renewable energy. (EENEWS.NET)

ALERTS AND ADVISORIES

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

DATA SECURITY: From surveillance-capable applications to data-harvesting platforms, foreign adversaries — particularly the Chinese Communist Party — are exploiting technology to access American data at an unprecedented scale. Join Rep. Nathaniel Moran (R-Texas) for a July 2 fireside discussion with Senior Fellow Jason Hsu to discuss the congressman’s bill, H.R. 7509, the Deterring Adversarial Access to Americans’ Data Act, and Congress’s role in facilitating public-private understanding in an era of great power competition.  

SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders. 

COMMUNICATIONS: Join the American Enterprise Institute on July 8 for an exclusive look into the questions defining the Federal Communications Commission (FCC). This public event will begin with a fireside chat, featuring the FCC’s Arpan Sura and AEI’s Shane Tews, to examine the most pressing issues before the commission.

CHINA: Join Hudson Institute’s China Center on July 10 as Miles Yu hosts a panel examining Taiwan’s experience in handling national security cases, foreign interference, technology theft, election influence, proxy networks, and gray-zone legal warfare. The discussion will explore how authoritarian influence exploits democratic openness, social trust, local networks, and legal ambiguity.

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!