Cyber Briefing – July 7, 2026
TODAY’S TOP 5
CISA USING MYTHOS TO AUDIT GOVERNMENT CODE, REPORT SAYS: The U.S. cyber defense agency CISA is using Anthropic’s AI model Mythos to audit government software, three people familiar with the matter said on Monday, another sign of government enthusiasm for adopting the AI startup’s tools even as the company navigates an ongoing standoff with the White House, Reuters reports. The Cybersecurity and Infrastructure Security Agency is using Mythos to scan government code repositories for bugs that could leave the door open for foreign spies and cybercriminals, the sources said. Anthropic did not respond to questions about the initiative. A CISA representative said last month that he would check to see if there was anything to share about the matter but did not respond to further emails. The scanning is being done by CISA’s Attack Surface Evaluation team, according to one of the sources.
- Illinois Gov. JB Pritzker on Monday signed a bill making the state the country’s first to mandate that the largest artificial intelligence labs obtain third-party audits of their safety plans, The Hill reports. Pritzker signed the Artificial Intelligence Safety Measures Act, or S.B. 315, in a ceremony Monday, stating people “want protection from the risks of AI.” The bill mirrors similar legislation in California and New York but goes a step further by mandating frontier labs with more than $500 million in revenue to submit third-party audits of their safety plans every year.
- Alibaba will ban employees from using Anthropic’s artificial intelligence tools for work purposes as of July 10, citing concerns that the U.S. company has backdoor security risks, CNBC confirmed on Monday. The Chinese e-commerce giant has put Anthropic’s Claude Code on a high-risk software list, according to people familiar with the matter, who asked not to be named in order to discuss internal operations. Alibaba’s move follows Anthropic’s decision in June to send a letter to the U.S. Senate Committee on Banking, Housing, and Urban Affairs, blaming the Chinese tech titan of “brazenly” and “illicitly” attempting to extract its AI capabilities. Anthropic accused Alibaba of carrying out “the largest known distillation attack” on it to date.
- Global artificial intelligence (AI) competition should be understood not just as a sprint to develop the most-advanced systems but also as a longer-term marathon to accumulate net benefits — the gains from AI minus the costs of accidents, misuse, and disruption. In that marathon, resilience and risk management could be powerful levers of strategic advantage, not merely responses to safety concerns. In a new RAND paper, drawing on Charles Perrow’s theory of “normal accidents” in complex technological systems, Brian A. Jackson demonstrates how firms and nations that are well prepared to navigate a world of recurring AI risk could outperform those that are not — including those that won the initial development sprint. Four intermediate scenarios explore how different levels of AI-risk cost could affect net benefits at the national and global levels and how even modest resilience advantages could compound into decisive competitive edges over time.
QUANTUM SUMMIT TODAY: The White House will host a summit with industry today dedicated to innovation in quantum information sciences and technologies, featuring remarks from tech policy and agency leadership within the Trump administration, according to two people familiar with the matter. The White House Summit on Quantum Innovation will begin at 11 a.m. in the Eisenhower Executive Office Building, per a document obtained by Nextgov/FCW. White House Office of Science and Technology Policy Director Michael Kratsios and National Quantum Coordination Office Director Brad Blakestand are slated to deliver a keynote that provides updates on the administration’s quantum agenda and on research and development.
- Researchers from Oak Ridge National Laboratory, Cleveland Clinic, and IBM have performed quantum computer-based calculations of nine molecular configurations of FLiBe, a key material for fusion energy fuel production, Quantum Insider reports. The work demonstrates quantum-centric supercomputing applied to modeling complex fusion-relevant chemistry that is difficult to scale on classical computers alone. The study aims to improve understanding of tritium production and extraction, a critical bottleneck in developing practical fusion energy systems.
CHINESE CAMPAIGN TARGETS UNIVERSITY ENGINEERS: China-aligned attackers broke into the networks of U.S. and Canadian universities to steal sensitive data and establish persistent access via webshells and backdoors, Proofpoint threat researchers said Tuesday, CyberScoop reports. The espionage-motivated attacks targeted physics and engineering departments, focusing on administrators and professors with national security links or organizations researching astrophysics and particle physics. Proofpoint identified fewer than 10 university victims and estimates a few dozen universities may be impacted, Greg Lesnewich, principal threat researcher at Proofpoint, told CyberScoop. The company first observed the campaign in May and believes the campaign is ongoing. “There is a high likelihood that many victims have not been made aware of this activity yet,” Lesnewich added.
RARE BACTERIA DISCHARGE TRACED TO DATA CENTER: The Cheyenne Board of Public Utilities has identified Goat Systems LLC, a contractor working on Meta’s in-progress data center campus in the High Plains Business Park, as the source of a discharge that introduced the bacteria Cupriavidus gilardii into the city’s wastewater treatment system, the Wyoming Tribune Eagle reports. Frank Strong, BOPU’s engineering and water resource division manager, told the paper on Thursday that the contamination was discovered during routine testing in February. As a result, BOPU temporarily suspended Cheyenne’s reclaimed water irrigation program, permanently terminated Meta’s discharge privileges and adopted a new policy prohibiting wastewater discharges from data centers using closed-loop cooling systems and fill-and-flush systems, which involves circulating purified water to remove construction debris, flux residue and pipe scale, draining it and filling the loop with fresh coolant.
- Many major tech companies have pledged to pay their fair share of the costs associated with generating and transmitting more electricity to serve large data centers. But ratepayers across the United States are worried about the potential costs they might have to bear. That’s because it’s not immediately clear how the cost of data centers’ energy will be calculated. The effects of price increases are likely just beginning, and their full effects may not be felt for years. It may be almost impossible to make data centers pay their ‘fair share’ of electricity costs, Theodore J. Kury writes at The Conversation.
COUNTER-UAS AUTHORITIES: The Department of Justice and Department of Homeland Security issued an interim final rule codifying how state, local, tribal, and territorial law enforcement and correctional agencies can use counter-unmanned aircraft system (C-UAS) authorities under the SAFER SKIES Act, MeriTalk reports. The rule, published in the Federal Register on Monday, took effect July 1 and sets a Sept. 4 deadline for public comments. The rule covers training and certification, authorized C-UAS technologies, spectrum coordination, airspace approval, real-time air traffic control notification, mitigation reporting, privacy protections and compliance requirements.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
Army Principal Cyber Advisor Brandon Pugh joins Frank Cilluffo on this replay episode of Cyber Focus to address a stark reality: if critical infrastructure fails, the Army cannot mobilize. To meet this “no fail” mission, Pugh explains how the service is aggressively merging cyber with electronic warfare and cutting red tape to field new technology in days rather than years. They also discuss the Army’s unique edge in this digital fight — reservists who bring high-level private-sector expertise directly to the battlefield. The conversation also explores how AI and operational technology are reshaping the Army’s cyber battlefield and threat landscape.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
Bojangles sued again by workers over Russian hacker data breach
A class-action lawsuit over a 2024 data breach of Bojangles employee data linked to Russian hackers can move forward, a North Carolina Business Court judge has ruled. The case had been tossed out of federal court last year. But so far, the plaintiffs have had better luck in the state system. A group of Russian cybercriminals obtained more than 387,000 files and more than 290 gigabytes worth of information, according to the state lawsuit, and posted information on the dark web, including Social Security numbers and other personal data. (CHARLOTTEOBSERVER.COM)
Cryptocurrency
Attackers vote themselves $20 million in BONK cryptocurrency
The decentralized finance organization that oversees BONK cryptocurrency announced Monday that attackers had drained $20 million worth of coins from the project. BonkDAO said in a social media post that it was the victim of a “malicious governance proposal,” or an attack in which holders of a large amount of BONK used that leverage to vote more coins into their wallets. “During the investigation, BonkDAO identified the exchange wallets used to purchase BONK ahead of the proposal,” the organization said. Crypto news sites reported that the attackers gathered about $4 million of the coin in preparation. BonkDAO did not report a figure. (THERECORD.MEDIA)
Cybercrime
FBI and Spanish police arrest alleged Cyber Army of Russia Reborn member
Spanish police have arrested an alleged member of the pro-Russia hacktivist group Cyber Army of Russia Reborn, also known as Z-Pentest, in an operation carried out with support from the FBI. The arrest forms part of ongoing measures to identify and disrupt people involved in cyberattacks targeting critical infrastructure. The FBI confirmed that its Los Angeles field office worked with Spain’s National Police to coordinate the arrest. US authorities said the action falls under Operation Riptide, an international effort aimed at disrupting malicious cyber activity and holding those responsible accountable. (HACKREAD.COM)
Vietnam arrests suspects behind HiAnime anime piracy service
Vietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June. HiAnime provided access to a massive library of English-subbed and dubbed anime without subscription fees, attracting several hundred million visitors each month and temporarily surpassing legal streaming platforms like Disney+ and Crunchyroll in web traffic between late 2024 and 2025. It was launched on the Zoro.to domain, rebranded to Aniwatch (and switched to Aniwatch.to) in July 2023, and again in March 2024 as HiAnime/H!Anime (using the HiAnime.to domain). (BLEEPINGCOMPUTER.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Botnets
Not your grandaddy’s botnet
The latest generation of botnets, architected into large-scale multi-tiered proxy networks, is making traditional indicator-based defenses obsolete, empowering nation-state and cybercrime threat groups – and posing new and thorny technical and policy dilemmas for defenders. For years, researchers have cataloged the phenomenon with growing alarm, veteran security researcher Joe Slowik told ISMG. Unlike traditional, flat botnets, consisting of a simple layer of compromised devices, these next-gen proxy networks are built with multiple tiers, so that adversary traffic can be routed and re-routed, more effectively concealing its origin and its nature. (GOVINFOSECURITY.COM)
Malware
Kazuar backdoor uses DLL side-loading and PowerShell loaders for stealthy execution
Turla’s Kazuar backdoor has re-emerged as a technically sophisticated persistence and reconnaissance tool that combines DLL side-loading with PowerShell-based loaders to achieve stealthy execution and resilient command-and-control. This side-loading technique minimizes disk activity tied to novel executables and leverages trusted host processes to bypass naive allowlists and detection heuristics. The delivery chain frequently uses multi-layered, encoded payloads decoded only at runtime by PowerShell loaders. (GBHACKERS.COM)
Phishing
Phishing poses as big-brand job interview to steal Google accounts
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. The operation is abusing the legitimate cloud-based PeopleForce human resources platform and a domain associated with the Salesforce Marketing Cloud service before redirecting the recipient to a malicious landing page. To further instill trust and increase the chances of success, the threat actor is using the names and pictures of real recruiters at impersonated companies. (BLEEPINGCOMPUTER.COM)
Vulnerabilities
Proof-of-concept exploit released for Linux ‘Bad Epoll’ root access vulnerability
Technical details and proof-of-concept (PoC) code targeting a recent Linux kernel vulnerability that could allow unprivileged processes to gain root privileges on desktops, servers, and Android phones are now public. The security defect, tracked as CVE-2026-46242 (CVSS score of 7.8) and referred to as Bad Epoll, is described as a race-condition use-after-free bug in epoll, the Linux kernel’s I/O event notification facility. Instead of asking programs to poll many file descriptors one by one, the Linux kernel maintains an epoll instance with an interest list and a ready list of file descriptors and return descriptors. (SECURITYWEEK.COM)
Hackers exploit maximum severity Adobe ColdFusion flaw
Adobe has urged ColdFusion customers to patch their instances immediately after at least one maximum severity flaw was reported as being exploited by attackers. The software giant released patches for 11 CVEs on June 30 in the APSB26-68 bulletin. Six of these were given a CVSS score of 10. Security researchers flagged that CVE-2026-48282 was being targeted within hours of the vulnerability being made public. It’s a path traversal flaw in the popular web app development platform which could lead to arbitrary code execution. (INFOSECURITY-MAGAZINE.COM)
BeyondTrust patches critical auth bypass flaws in remote support and PRA
BeyondTrust said all the identified internally as part of ongoing security assessments, with assistance using publicly available artificial intelligence (AI) models like Anthropic Claude Opus 4.8 and its own proprietary research tooling. “The most severe vulnerabilities may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance under specific configurations,” it said. “Additional vulnerabilities may allow service disruption, unintended data access, and, under distinct configurations, elevated access by an authenticated user that may impact system integrity.” (THEHACKERNEWS.COM)
16-year-old Januscape KVM escape vulnerability lets attackers compromise Linux hosts
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-53359 and named “Januscape,” reveals a 16-year-old flaw in KVM/x86 virtualization. This vulnerability allows guest virtual machines (VMs) to escape to the host under specific conditions, raising significant concerns for multi-tenant cloud environments. Discovered by security researcher Hyunwoo Kim, the issue lies within the shadow MMU implementation in KVM. It enables untrusted guest VMs to corrupt the host kernel’s memory using only operations under the guest’s control. (GBHACKERS.COM)

ADVERSARIES
China
CERT/CC warns of hidden admin backdoor in Tenda router firmware
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices’ web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. “An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain full administrative control without valid credentials,” the CERT/CC said in an alert. (THEHACKERNEWS.COM)
Iran
Cavern Manticore: Exposing Iran-linked modular C2 framework
Since early 2026, Check Point Research (CPR) has tracked a new modular command-and-control framework used by Cavern Manticore, an Iran-nexus APT group primarily targeting Israeli organizations, with a focus on IT providers, and government sectors. Cavern Manticore is an Iran MOIS (Ministry of Intelligence and Security)-linked actor, with links to the OilRig subgroup named Lyceum. The framework reflects a mature and adaptable toolset built around a shared .NET foundation, while using multiple compilation formats across different components, including .NET Framework, .NET Mixed-Mode C++/CLI, and .NET Native AOT. The compilation format itself becomes the anti-analysis layer that forces reverse engineers into multiple toolsets and metadata-reconstruction workflows. (RESEARCH.CHECKPOINT.COM)
Russia
Ukrainian media outlets now among ‘priority targets’ for Russian hackers
Russia-linked hackers are increasingly targeting Ukrainian media organizations, local officials warned, as news outlets continue to face pressure not only from cyber operations but also Russia’s ongoing military attacks. Ukraine’s domestic security agency, the SBU, said media organizations have become “one of the priority targets” for Russian hackers. Previous attacks have primarily sought to disrupt broadcasts, spread propaganda and undermine public trust. Volodymyr Karastelyov, head of the SBU’s cyber department, disclosed details of two previously unreported cyberattacks targeting Ukrainian television broadcasters. He did not attribute the incidents to specific Russian entities. (THERECORD.MEDIA)
Russian Tu-142 Bear drops sonobuoys during close encounter with British carrier
A Russian Tu-142 Bear-F maritime patrol aircraft “repeatedly approached” a U.K. Royal Navy carrier strike group in the Norwegian Sea and dropped multiple sonobuoys, the U.K. Ministry of Defense (MoD) said. British F-35B fighters from HMS Prince of Wales intercepted the Tu-142, which was flying “unsafe and unprofessional” maneuvers, according to the MoD. The incident occurred on July 2 but was only disclosed Monday. The Tu-142 passed at low altitude and “unnecessarily close” to HMS Prince of Wales, while the carrier was off the northwest coast of Norway, the MoD added. The Bear-F is understood to have dropped 10 sonobuoys “in close proximity to the carrier,” with at least one of these captured on camera. (TWZ.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
American AI companies say Chinese copycats are quickly catching up
The American companies building artificial intelligence systems are loudly complaining that their Chinese competitors are unfairly copying their technology, and they are pleading with officials to do something about it. On June 10, Anthropic sent a letter to Senators Tim Scott and Elizabeth Warren, accusing the Chinese tech giant Alibaba of surreptitiously copying its AI technologies using a technique called distillation. Like other Chinese companies, Alibaba tapped into Anthropic’s technologies through tens of thousands of unauthorized accounts, according to the letter, which was viewed by The New York Times. Then it used the data it collected to train its own AI systems. Anthropic asked the lawmakers, who lead a Senate committee that was about to hold a hearing on AI, to explore ways of curbing China’s distillation. (NYTIMES.COM)
AI giants are handing out tons of free computing power to grab startup share
Hans Ibarra, a founder building an AI-voice startup, has found himself on the receiving end of a big opportunity: Top artificial-intelligence companies such as OpenAI, Anthropic and others desperate to win his business are ramping up discounts. Across Silicon Valley, startup founders like Ibarra are enjoying a wave of computing credits and fielding competing offers from AI-model makers racing to land new enterprise customers. Cursor, the AI-coding company bought by Elon Musk’s SpaceX, offered a 75% discount through July 5. The offers from growing AI-sales armies at companies such as OpenAI and Anthropic are so rich that some early-stage startup founders say they won’t need to raise money as soon as they expected, and others have been able to play AI companies off one another. (WSJ.COM)
Communications
FCC to end Biden-era rule that forces ISPs to list all their fees
The Federal Communications Commission will vote to eliminate a rule that requires Internet service providers to list all of their so-called “passthrough” fees on an easily accessible broadband price label. The FCC vote could also make the price labels themselves a bit harder for consumers to find. ISPs routinely advertise prices much lower than those actually charged to consumers on their monthly bills. One method of raising monthly bill prices above advertised rates is to tack on fees that, ISPs claim, are used to offset charges imposed by local governments. (ARSTECHNICA.COM)
Data centers
Duke Energy proposes special rules for data centers in North Carolina
For months, clean energy and consumer advocates in North Carolina have pressed Duke Energy to follow the national trend and create special rules and prices for data centers. The state’s predominant utility insisted such rules were unnecessary, rejecting claims that the power-hungry facilities could overwhelm the grid or burden households with unfair costs. But now, the company is changing its tune. In testimony submitted to the North Carolina Utilities Commission in late June, Duke proposed what it calls a “large load tariff” — a scheme by which data centers and other big electricity customers would pay a minimum bill amount for at least a decade, no matter their actual power use. (CANARYMEDIA.COM)
UK guts planning red tape so data centers can bypass the neighbors faster
Reform of the Planning and Infrastructure Act 2025 aims to cut a year off the approval process for Nationally Significant Infrastructure Projects (NSIPs) in England and Wales – a category that now includes data centers. The Ministry of Housing, Communities & Local Government (MHCLG) confirmed that changes under the Act, taking effect later this month, will scrap the statutory requirement for pre-application consultation on NSIPs. These are major developments – power stations, railways, or water reservoirs – that, due to their national importance, bypass local council planning processes and instead get the go-ahead directly from Westminster. MHCLG says the reform could shave up to 12 months off the planning timeline and save up to £1 billion ($1.33 billion) for the industries involved during the life of this Parliament. (THEREGISTER.COM)
Defense
U.S. Army websites defaced with pro-Kurdish sentiments, insults to Trump
Multiple U.S. Army internet subdomains were defaced in a 404 hijacking campaign, CyberScoop has confirmed. As of Monday morning, error pages on two U.S. Army websites – oil.army.mil and ai2c.army.mil – displayed defacement messages visible to users. The messages denigrated President Donald Trump and United States Ambassador to Türkiye Tom Barrack, called to “FREE KURDISTAN,” And included another line reading “Kurdish sr was here.” One of the websites, oil.army.mil, belongs to the Army’s Open Innovation Lab, a test bed for software and cyber capabilities established in 2020. The other belongs to the Artificial Intelligence Integration Center, established in 2019 to integrate AI technologies into the Army and train personnel on emerging technologies. (CYBERSCOOP.COM)
DIU reshaping its tech priorities and portfolio teams under new leadership
The Defense Innovation Unit is undergoing a major reorganization effort that will overhaul and collapse its operational portfolios from seven to three technology priorities “where speed, scale, and lethality intersect,” two sources told DefenseScoop on Monday. One senior defense official and one defense official familliar with this realignment said the Pentagon would likely reveal DIU’s near-term plans and new internal structure publicly this week. The officials requested anonymity to speak freely ahead of the Defense Department’s official, forthcoming announcement. But they suggested that this shake-up and reset is intended to concentrate DIU’s experts and resources on a smaller, more focused set of real-world problem areas so the hub can deliver outcome-driven, reportable combat power to the U.S. military at faster and less expensive rates. (DEFENSESCOOP.COM)
Gathering clouds: Building d digital strategic depth in the compute age
OPINION: The wars in Ukraine and the Middle East have exposed a strategic reality that military planners are only beginning to confront: In a data-centric age, digital infrastructure has become part of the battlespace. Data centers and cloud regions are now the digital backbone of military power and economic prosperity. As such, they present attractive targets for rapidly proliferating long-range strike systems, drones, and cyber capabilities. As the protective value of physical distance erodes, strategic depth — once conceived in geographical terms — must now be measured in the resilience of data and compute. (WARONTHEROCKS.COM)
Drones
Marine Corps establishes robotics integration group for drone and counter-drone training
The Marines are setting up a new organization to oversee training and standardization efforts related to small drones and counter-small unmanned aerial systems, according to a MARADMIN announcement issued July 2. The Marine Corps Robotics Integration Group (MCRIG) will be based at Twentynine Palms, California, and is expected to serve as the “focal point” for Group 1 and Group 2 UAS and C-sUAS training integration, standardization and coordination across the force and support the development of tactics, techniques and procedures for employment of those types of platforms. (DEFENSESCOOP.COM)
NATO to add up to five Northrop Grumman Triton drones for maritime surveillance
NATO will add up to five MQ-4C Triton unmanned aerial vehicles to its network of aerial sensors, Secretary-General Mark Rutte said during the alliance’s Defence Industry Forum today. Built by Northrop Grumman, the MQ-4C Triton is a high-altitude, long-endurance UAV specifically designed for maritime surveillance over vast stretches of sea. According to Rutte, the aircraft will help NATO detect threats early, protect sea lines of communication, and support operations in demanding regions, such as the High North. “These aircraft can fly for long periods at high altitude and cover large areas, including over open water, more efficiently than most other aircraft can,” he said at the event, organized to coincide with the NATO summit this week. (DEFENSENEWS.COM)
The first American autonomous ground vehicles are fighting in Ukraine
Forterra, a U.S. builder of autonomous vehicles, revealed that more than 100 of its self-driving ATVs have been deployed in conflict zones in Ukraine for the past nine months, in what the company believes is the largest deployment of autonomous ground vehicles in combat by any US defense tech company. “I believe this to be true of every defense technology that’s ever been created—until you hit the realities of combat, you’re just not going to know,” Scott Sanders, Forterra’s chief growth officer and a former US Marine officer, told TechCrunch. (TECHCRUNCH.COM)
Education
Why schools are easy prey for hackers — and why they struggle to fight back
When a ransomware gang picks its next target, it looks for a poorly secured organization holding valuable data, providing a vital service or doing both. Few organizations fit that description as perfectly as a K-12 school system. With that in mind, it’s no surprise that schools and their technology vendors have been falling prey to cyberattacks in massive numbers over the past few years. Supply chain vulnerabilities represent the biggest threat to schools, as the recent PowerSchool and Canvas breaches demonstrate. These supplier relationships are difficult for schools, with limited IT personnel, to manage and secure. And once cybercriminals penetrate a vendor’s software, they often use that access to roam freely across schools’ networks. There, they typically find a wealth of valuable data, from employee payroll records to parents’ financial information to students’ healthcare data. The hackers who breached the Los Angeles Unified School District stole information about students’ homelessness status and disabilities. (CYBERSECURITYDIVE.COM)
Financial
ECB asks banks for plans to address AI cybersecurity threats
Europe’s banking regulator asked banks to come up with plans to address the growing threat from frontier artificial intelligence models such as Anthropic PBC’s Claude Mythos to cybersecurity. In a letter to chief executives, the European Central Bank’s top supervisor Claudia Buch called on lenders to submit action plans by the end of October. She urged them to accelerate software patching, strengthen AI-enabled cyber defenses and tighten oversight of third-party providers, while over the longer term, they need to modernize their infrastructure. (BLOOMBERG.COM)
Leadership
Interior Department CIO is out after holding job for over a year
The Interior Department’s top IT official is stepping down after holding the job for over a year. Paul “Macca” McInerny, the department’s chief information officer, has left the department for a new professional opportunity, according to an email to staff obtained by Federal News Network. “We are grateful for Macca’s leadership, service, and the many contributions he made during his tenure, and we thank him for his dedication to the Department and the OCIO,” the Office of the CIO wrote to employees. “We wish him well in his new adventure!” (FEDERALNEWSNETWORK.COM)
Regulations
CISA expects to finalize key cyber reporting rule by September
The Cybersecurity and Infrastructure Security Agency expects to finalize a bedrock cybersecurity incident reporting rule in September, requiring critical infrastructure providers to report major hacks directly to the cyberdefense agency, according to a regulation document published last week. The Cyber Incident Reporting for Critical Infrastructure Act requires critical infrastructure entities to report substantial incidents to CISA within 72 hours and ransomware payments within 24 hours. (NEXTGOV.COM)
Resilience
UK government launches cyber resilience pledge, claiming 60-plus signatories
The UK government has claimed over 60 businesses have signed up to a new initiative designed to improve the cyber resilience of British organizations. The Cyber Resilience Pledge was first trailed at the government’s CYBERUK conference in Glasgow in April, alongside a £90m ($120m) cash injection. Signatories now include Marks & Spencer, Nationwide, ITV, Microsoft UK, Cloudflare, Deloitte LLP, Accenture UK and Vodafone Group, the government claimed. (INFOSECURITY-MAGAZINE.COM)
Space
Deep-space radar construction delayed, GAO says
The Space Force approved the first of three deep-space radars for early operational use last fall, but construction delays at the ground-based radar site in Western Australia are holding up the program, according to a government watchdog. A Government Accountability Office report released July 2 highlights progress on the Deep-Space Advanced Radar Capability — known as DARC — as the program’s first radar undergoes testing. The Space Force approved the radar for early use last September, clearing the way for operations before testing is complete. But “unanticipated cost growth” and delays at the first radar site could have ripple effects, the report said, noting that construction at a third site had been pushed back at least 10 months to July 2030. (AIRANDSPACEFORCES.COM)
Workforce
DHS IG investigating reassignments of senior staff under Noem
The Department of Homeland Security inspector general is investigating whether DHS ran afoul of laws and regulations when it forced senior staff to accept new roles – in some cases to support the Trump administration’s immigration crackdown – under former Homeland Security Secretary Kristi Noem. In a July 1 notice, DHS Inspector General Joseph Cuffari announced his office was initiating a review of DHS senior executive service reassignments that occurred between Jan. 25, 2025, and March 24, 2026. That aligns with Noem’s time as homeland security secretary, before she was replaced by current Secretary Markwayne Mullin. (FEDERALNEWSNETWORK.COM)
LEGISLATIVE UPDATES
Iran War supplemental deepens FY27 budget uncertainty
A recent $87.6 billion supplemental funding request from the White House to pay for the Iran war and other expenses complicates an already tense budget process in Washington. The supplemental follows the release of a record $1.5 trillion defense budget request in April, putting additional pressure on Congress to sort out what has become a complex three-part defense budget comprising a $1.1 trillion base budget request, a $350 billion reconciliation request, and the new supplemental request. Most of the new supplemental funding, $67.1 billion, or 77% of the total, would go to the Pentagon. Other investments outside of the Pentagon include $11 billion for the Department of Agriculture, $3.4 billion for the Department of State, and $2 billion for the Department of Homeland Security, among others. (DEFENSEONE.COM)
ALERTS AND ADVISORIES
Cyber criminal group TeamPCP
The Federal Bureau of Investigation (FBI) is releasing this FLASH to highlight the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the cyber criminal group TeamPCP. TeamPCP actors have conducted large-scale software supply chain compromises by targeting widely used developers and security tools, gaining access to victim environments and extracting sensitive data, including but not limited to cloud access tokens, SSH keys, and Kubernetes secrets. The FBI encourages organizations to contact the FBI if they have been compromised, and to implement the actions in the Recommendations section to reduce the likelihood and impact of compromise by TeamPCP actors. (IC3.GOV)
Vulnerability impacting Citrix NetScaler CVE-2026-8451
The Cyber Centre is aware of a vulnerability impacting NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS (Federal Information Processing Standards). In response to the vendor advisory released on June 30, 2026, the Cyber Centre released AV26-645 on June 30, 2026. Tracked as CVE-2026-8451, this vulnerability is an insufficient input validation (CWE-125) vulnerability affecting many NetScaler ADC and NetScaler Gateway versions. If exploited, this vulnerability can lead to memory overread, if NetScaler ADC or NetScaler Gateway is configured as a Security Assertion Markup Language (SAML) Identity Provider (idP). (CYBER.GC.CA
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
DEFENSE TECH: On the sidelines of the 2026 NATO Summit in Ankara, GMF will host a July 7 sectoral Defense Tech Trilateral that brings together roughly 40 government and military officials, private sector leaders, and subject matter experts. This exclusive event will serve as the venue for releasing guidelines for advancing transatlantic defense tech collaboration that capture initial findings from ongoing research. The discussion will directly inform future GMF work focused on the global allied defense tech ecosystem that offers comprehensive analysis and targeted recommendations for governments and the private sector to leverage a new industrial base comprising national-security-aligned investors, startups, and commercial companies to secure future military advantage.
SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders.
COMMUNICATIONS: Join the American Enterprise Institute on July 8 for an exclusive look into the questions defining the Federal Communications Commission (FCC). This public event will begin with a fireside chat, featuring the FCC’s Arpan Sura and AEI’s Shane Tews, to examine the most pressing issues before the commission.
CHINA: Join Hudson Institute’s China Center on July 10 as Miles Yu hosts a panel examining Taiwan’s experience in handling national security cases, foreign interference, technology theft, election influence, proxy networks, and gray-zone legal warfare. The discussion will explore how authoritarian influence exploits democratic openness, social trust, local networks, and legal ambiguity.
CONNECTED CARS: Join Chris Miller, the author of Chip War and a nonresident senior fellow at AEI, alongside Senator Bernie Moreno and Chairman John Moolenaar of the Select Committee on China for a July 13 discussion on how Congress is addressing the threat posed by Chinese data collection through connected vehicles.
RESEARCH SECURITY: Congress, federal agencies, and some university leaders have taken important steps in recent years to strengthen research security and improve transparency surrounding foreign funding, talent recruitment programs, and research partnerships. However, significant vulnerabilities remain. To discuss the evolving research security landscape, please join FDD for a July 14 conversation featuring House Select Committee on China Chairman John Moolenaar (R-Mich.) and Senator Jim Banks (R-Ind.). Moderated by FDD Senior Fellow Craig Singleton, the conversation will examine the challenges posed by the Chinese Communist Party’s efforts to leverage American universities for strategic gain and potential safeguards in this year’s National Defense Authorization Act.
AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.
AI AND EDUCATION: On July 16, the Center for Universal Education at Brookings will host a conversation to examine the effects of AI slop on young children’s learning, development, and well-being, as well as the incentives driving its production. As the third event in the Generation AI Starts Early webinar series, the discussion will bring together perspectives from health, media, and policy to explore what AI-generated content means for young children, caregivers, policymakers, and the broader media ecosystem.
AI HEALTH CARE: The AI in Health Conference from Sept. 15 to Sept. 17 bridges the gap between artificial intelligence and real-world health outcomes — focusing not just on what AI can do, but on what it should do to improve patient care. Hosted by the Ken Kennedy Institute at Rice University, the fifth annual AI in Health Conference will explore the current landscape of artificial intelligence in health and present a research-driven outlook for the future of computational health innovation. The program is designed to connect researchers and innovators with engineers, clinicians, and entrepreneurs at the forefront of AI in healthcare and public health.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS