Cyber Briefing – July 8, 2026
TODAY’S TOP 5
NOVEL VECTORS FOR AI-ENHANCED TARGETED VIOLENCE: Artificial intelligence is increasingly integrated into everyday life, driving everything from social media algorithms and streaming recommendations to personalized smartphone assistants. While this systemic integration offers numerous daily conveniences, it also introduces a range of novel vectors that can fundamentally influence and elevate the risk of targeted violence, Steve Crimando writes at Threat Beat. Professionals involved in violence prevention must recognize the multifaceted risk landscape introduced by AI, specifically analyzing its impact on mental health (including the potential for “AI psychosis”), the erosion of impulse control via “cognitive debt,” the provision of tactical and logistical guidance to bad actors, and the emergence of anti-AI violent extremism. Given the ubiquity of these technologies, behavioral threat assessment and violence prevention professionals must consider how persons of concern interact with AI to enhance violence risk – a critical step for maintaining contemporary safety, security and legal defensibility.
DRONES LAYING MINEFIELDS: When mounted to a vehicle, the U.S. Army’s Volcano mine dispenser can blanket roughly 32 acres with up to 960 mines. Now, the service is testing a system that can do the same thing without a driver behind the wheel, Defense News reports. During May demonstrations at Camp Grayling, Michigan soldiers remotely fired the Autonomous Volcano for the first time before later having it lay two separate minefields without human assistance, Picatinny Arsenal announced Tuesday. The test represents the Army’s latest move to modernize legacy equipment, systems tactics and munitions with emerging technology. In the combat engineering world, the service is experimenting with using unmanned aerial systems to drop grappling hooks, and it is trying to send drones — instead of humans — into the breach.
- The Marine Corps is working on a first-of-its-kind information warfare plan to translate complex technical concepts into a broader strategic vision for the Corps, policymakers and senior leaders across the Pentagon, according to the service. The plan, still in draft, seeks to streamline the Corps’ information warfare training, justify funding requests to Congress, and explain to industry representatives what capabilities Marines seek to manipulate information on the battlefield, Eric Schaner, deputy director for information plans and strategy within the deputy commandant for information’s office, told Breaking Defense in response to emailed questions.
LIMITED CYBER PLEDGES IN THE UK: Fewer than 15 of Britain’s 350 largest listed companies signed up to the government’s flagship voluntary cybersecurity scheme at its launch on Tuesday, eight months after ministers wrote personally to the chair and chief executive of every FTSE 350 firm urging them to do so, The Record reports. Tuesday’s launch had been planned to follow the unveiling of Britain’s new National Cyber Action Plan on Monday before that was delayed due to Prime Minister Keir Starmer’s resignation. In total, 70 founding signatories for the Cyber Resilience Pledge were named at the 10 Downing Street reception hosted by Technology Secretary Liz Kendall. Twenty of them are strategic government suppliers who had been invited to sign the pledge through a separate Government Cyber Charter governing the obligations of companies delivering critical services to the state.
- Britain’s cyber agency laid out plans on Tuesday for what it called “a national scale, sovereign defense capability” that would use agentic AI systems to discover and fix cybersecurity weaknesses across government networks and critical national infrastructure, The Record reports. The capability, called Cyber Shield, is designed to counter a threat the National Cyber Security Centre (NCSC) said could see attackers “move at machine speed and greater scale, reducing opportunities for detection and response.” Adversaries aided by AI, the agency said in a blog post, can already compress reconnaissance and vulnerability discovery from weeks into minutes.
- This comparative study of EU Member States’ National Cybersecurity Strategies is conducted by the European Cyber Security Organisation (ECSO) within the ‘Support in Eastern Partnership on EU Policy’ project. In line with the project’s objective to assist Ukrainian stakeholders in the development of cybersecurity policies aligned with EU standards, this research aims to guide policymakers in navigating EU requirements in the drafting of a National Cybersecurity Strategy. The analysis explores approaches to NIS2 compliance, public-private partnerships, supply chain security and cybersecurity workforce development. Drawing on best practices from across the EU, the study provides practical insights to support the development of resilient, future-ready national cybersecurity strategies aligned with evolving European policy frameworks.
USING 9 POPULAR AI TOOLS TO ASSEMBLE MASSIVE BOTNETS: To date, most prompt injections have fallen into a class known as push, in which each potential victim is targeted. For example, the adversary injects malicious instructions into an individual email or calendar invitation. Because the injection must then be sent (or pushed) to each specific target, the scale of the attack is limited, hampering mass exploits that hit the Internet at large. Now, researchers have devised a pull-based attack that changes all that. A new attack the researchers have named HalluSquatting has the potential to assemble massive botnets, perform large-scale DDoSes and infect devices at scale, a first for prompt-injection attacks, Ars Technica reports. The attack works against AI coding assistants and agents, including Cursor, Cursor CLI, Gemini CLI, Windsurf, GitHub Copilot, Cline, OpenClaw, ZeroClaw and NanoClaw, which are all susceptible. In the normal course of performing day-to-day activities, these assistants and agents routinely pull code and other resources from repositories and registries.
- Estonia’s government will soon assign official government ID numbers to artificial intelligence agents. Questions remain, though, about how such a system would work in practice, and whether it might expose the state to new cyber-risks, Dark Reading reports. An advisory council established by Estonia’s prime minister agreed to establish this novel idea in June. The point of it is to enable organizations and individuals to use AI when engaging government systems, but in a way that’s limited and auditable. “In the future, artificial intelligence will carry out digital actions on behalf of a person, company, or institution: compiling reports, preparing declarations, or communicating with information systems,” Estonian Prime Minister Kristen Michal wrote on X in June. “But it must be clear who is acting, on whose behalf, with what rights, and who is responsible.”
THE SILENT DEPENDENCY AND THREATS TO NAVIGATION: On December 25, 2024, Azerbaijan Airlines Flight 8243 was reportedly shot down by a Russian air defense system after experiencing GPS jamming – likely also originating from Russia. Thirty-eight passengers and crew were killed. As documented in the peer-reviewed journal GPS Solutions in March 2026, this would be the first instance of civilian fatalities directly attributable to Global Positioning System (GPS) radio-frequency interference. The incident did not become a global watershed because the wider strategic community has yet to absorb a simple but consequential fact: the positioning, navigation and timing services on which modern military and civilian operations depend have become one of the most exploitable vulnerabilities in the contemporary battlespace, Muhammad Waqas Haider writes at Small Wars Journal. Small wars and irregular warfare practitioners, whose operations depend entirely on these services, have not yet developed the doctrine, training or technology choices that this reality demands.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
NEW: AI is changing the speed and scale of cyber conflict, but the burden on defenders remains the same: they have to protect complex systems all the time, while attackers only need one opening. That imbalance is especially urgent as critical infrastructure, intelligence missions and space systems become more connected, more contested and harder to secure. Chris Jones, chief technology officer at Nightwing and a former senior CIA technology leader, joins Frank Cilluffo on the latest episode of Cyber Focus to discuss what that means for national security. He explains why AI may give attackers a short-term advantage, why many breaches still come down to basic defensive discipline and why even the most advanced tools depend on skilled people, sound judgment and mission-focused teams.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Biothreats
CDC must ‘make hard decisions’ triaging work after elevating Ebola response
The Centers for Disease Control and Prevention is stepping up efforts to recruit employees to respond to a major Ebola outbreak overseas, now that the agency has elevated the response to its highest level. Jay Bhattacharya, the Senate-confirmed director of the National Institutes of Health who is performing the delegable duties of CDC director, told CDC employees in an email Tuesday that the 2026 Ebola outbreak — with more than 1,100 confirmed cases — is the second-largest Ebola outbreak ever recorded in the Democratic Republic of Congo, and the third-largest Ebola outbreak documented globally. Bhattacharya told CDC employees, in a renewed call for frontline responders, that the agency’s Ebola response “will likely last several months and requires substantial staffing.” (FEDERALNEWSNETWORK.COM)
Breaches
Accenture confirms breach after hacker offers stolen data for sale
IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. “We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery,” Accenture told BleepingComputer. Accenture is a global professional services company that provides consulting, technology, cloud, engineering, and managed services to businesses and governments worldwide. (BLEEPINGCOMPUTER.COM)
Commercial
Midtown Manhattan buildings evacuated after columns found buckling at high-rise construction site
Evacuation and frozen zones have shrunk as efforts to stabilize an under-construction high-rise in Midtown Manhattan continued on Tuesday night. The installation of temporary shoring has begun at a high-rise at 235 E. 42nd St. after a structural column buckled on the 21st floor, said Department of Buildings Commissioner Ahmed Tigani in a Tuesday evening update. “We were able to get to the 21st floor to inspect the work that’s being done and feel confident that the emergency work is stabilizing the situation,” Tigani said, and also referenced a third party engineer that has been brought in for another set of eyes. (ABC7NY.COM)
Booking.com cyberattack: Holidaymakers stranded as reservations vanish
Last April, the well-known platform acknowledged unauthorized access to some users’ information, such as names, email addresses, phone numbers, and details of certain reservations. According to the tech company i3e, some travelers are arriving at their destination to find that their reservation has been modified, canceled, or simply no longer exists. The attackers have very valuable information to deceive the victims. By knowing the booked hotel, travel dates, or even the amount paid, they can impersonate the accommodation or the booking platform itself to request new payments, modify information, or claim supposed identity verifications. (ESCUDODIGITAL.COM)
Drones
LAPD helicopter makes emergency landing after being hit by drone at Encino brush fire, police say
As crews battled a brush fire near the Encino Reservoir on Tuesday afternoon, prompting evacuation warnings for residents, a drone reportedly hit a police helicopter, forcing an emergency landing. The eight-acre brush fire came dangerously close to homes near the reservoir and Sepulveda Basin. It was first reported shortly before 12:30 p.m. in the 4500 block of North Encino Avenue, south of Ventura Boulevard, according to the Los Angeles Fire Department. Water-dropping choppers were brought in to help keep the fire from spreading. The Los Angeles Police Department said a drone smacked into one of its helicopters, which was dispatched to the scene of the fire. Police said the pilot was forced to make an emergency landing. (ABC7.COM)
Education
Mount Royal University ransomware attack compromised student, employee data
A recent cyberattack that disrupted Mount Royal University’s systems compromised employee and student information in a ransomware attack, the school confirmed Tuesday. In an update on its investigation, MRU said an unauthorized actor accessed and took folders on its “H drive,” who then deleted the drive’s data. The school’s H drive is a file storage system used by employees and students. “Our analysis indicates that this incident affected specific folders rather than the entire H drive,” MRU said in a statement on Tuesday. (CBC.CA)
Government
Pennsylvania county still dealing with aftermath of unauthorized activity on its network
Phone and internet service have been restored inside the Delaware County Courthouse and Government Center, but there are still headaches from what the county says was unauthorized activity in its network. CBS News Philadelphia is learning from multiple sources that the county was the target of a cyberattack nearly two weeks ago. The county said it responded, “by taking the proactive but necessary step of shutting down our network to continue to protect sensitive information and critical systems while following industry best practices in response to the intrusion attempts.” (CBSNEWS.COM)
Phishing
Phishing attacks targeted Facebook users with fake verification offer
Cybercriminals abused Facebook Messenger chatbots in a campaign which distributed phishing attacks designed to steal business information and other sensitive data from Meta For Business users. The campaign, identified by Huntress, found a way to successfully pass security validation checks in many inboxes because the messages looked like they came from a legitimate Facebook Business email account. The phishing email attempted to lure victims in with an offer of verification to ‘protect’ the account, when the attacker intention was the opposite. The aim was to steal credentials including passwords, multi-factor authentication (MFA) codes, business and personal phone numbers, email addresses, plus images of government ID or passports which belonged to the victim. (INFOSECURITY-MAGAZINE.COM)
Ransomware
Mercado Libre hit by ransomware attack
The Latin American e-commerce giant Mercado Libre is reported to have suffered a cyberattack. The ransomware group The Gentlemen, one of the most active at the moment, has included the Argentine company on its dark web leak site. he threat actor has not clarified what specific data it possesses or how it managed to obtain it. However, at the time of writing this article, it appears that the Mercadolibre.com portal is functioning normally and shows no apparent signs of having been hacked. (ESCUDODIGITAL.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Dialogflow CX ‘Rogue Agent’ flaw enabled AI chatbot data theft
Google recently fixed a vulnerability that would have enabled an attacker to seize data from AI agents and chatbots built with one of Google’s flagship AI tools. Varonis researchers this week disclosed “Rogue Agent,” a permission boundary issue in Google Cloud Platform’s Dialogflow CX AI platform that Varonis Threat Labs describes as a “critical vulnerability.” According to a research blog post, Rogue Agent would have “allowed attackers to exploit the Code Blocks feature to inject persistent malicious code into the Dialogflow agents’ pipeline, silently exfiltrating conversations and conducting large-scale phishing campaigns.” (DARKREADING.COM)
Writer AI flaw could let agent previews leak session tokens across tenants
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team. “An outsider could go from having no access to taking over any Writer AI organization inside industry-leading enterprises, with nothing more than a link,” the cybersecurity company said in a report shared with The Hacker News. (THEHACKERNEWS.COM)
GitHub AI agent leaks private repos when asked nicely
Malicious prompters could easily trick GitHub agents into pulling data from private repositories and then leaking the information as a public comment for anyone to access, according to Noma Labs researchers who named the vulnerability GitLost. The issue exists in GitHub’s Agentic Workflows, which allow an AI agent powered by Claude or GitHub Copilot to autonomously execute tasks in GitHub Actions. As the AI security sleuths discovered and detailed in a Monday blog, the workflows are vulnerable to a critical prompt injection flaw that causes GitHub’s AI agent to retrieve data from a private repo by crafting a GitHub issue in a public repository belonging to the same organization. (THEREGISTER.COM)
Financial
RedWing MaaS packages Android bank fraud as a Telegram rental service
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim’s phone, steal their banking logins, and capture the one-time codes that protect their accounts. Zimperium’s zLabs, which found the operation, says it looks like a new variant of Oblivion, a $300-a-month rent-a-malware tool documented earlier this year. RedWing is sold as a complete product, in subscription tiers with referral discounts, guides, and how-to videos, so a buyer needs no malware-writing skill. A Telegram bot builds each buyer a custom app on demand. (THEHACKERNEWS.COM)
Maritime
Somali pirates are back — but the coalition that beat them isn’t coming
OPINION: Somali piracy is now re-emerging amid a changed geopolitical environment and Somalia’s deepening humanitarian crisis. The threat is back, but the 2011 counter-piracy model cannot be rebuilt because NATO has refocused on territorial defense, the United States has pivoted to the Indo-Pacific and is consumed by the Iran war fallout, and European navies cannot spare assets. Therefore, the response should shift to a regionally anchored architecture enabled by external partners, rather than led by them. (WARONTHEROCKS.COM)
Vulnerabilities
Critical Gitea flaw under active exploitation, researchers warn
Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username. Specific to Gitea’s official Docker images, the critical-severity security defect is tracked as CVE-2026-20896 (CVSS score of 9.8) and can be exploited with a single HTTP header, Sysdig Sr. Director of Threat Research Michael Clark says. The issue exists because, in Gitea Docker images before 1.26.3, the default settings allow connections from any source IP address instead of enforcing an allowlist, security researcher Ali Mustafa, who was credited for finding the bug, explains. (SECURITYWEEK.COM)
70% of WordPress sites running outdated PHP versions exposed to cyberattacks
A recent study has revealed that more than 70% of publicly accessible WordPress websites are running outdated versions of PHP, significantly increasing their exposure to cyberattacks. The findings highlight a growing security gap in the global web ecosystem, where millions of sites rely on aging backend technologies despite the availability of regular security updates. WordPress, which powers over 40% of the internet, depends heavily on PHP as its core server-side language. While the platform itself continues to release updates, backend PHP versions often remain neglected. (CYBERSECURITYNEWS.COM)

ADVERSARIES
China
Chinese lidar maker with Nvidia ties accused of being cyber risk for U.S.
Hesai Technology, a Shanghai-based manufacturer of the sensors that allow robots and self-driving vehicles to see, was blacklisted as a national security threat in 2024 by the U.S. Department of Defense, which designated Hesai as a Chinese military entity. Its presence on the blacklist does not prevent U.S. companies from using Hesai’s technology, and the company has been expanding its reach in the U.S., including via a partnership with Nvidia. Researchers and critics told CNBC that lidar can be compromised using malware, with serious consequences. (CNBC.COM)
UAT-7810 continues building ORB networks using new malware
Cisco Talos is actively tracking infrastructure and malware associated with UAT-7810, an advanced persistent threat (APT) actor responsible for maintaining and proliferating the LapDogs Operational Relay Box (ORB) network, first disclosed by SecurityScorecard in 2025. UAT-7810 is most likely tasked with establishing Operational Relay Box (ORB) networks that can then be leveraged by associated secondary threat actors to conduct their own malicious attacks against high value targets. Talos’ latest findings on UAT-7810 indicate that the threat actor continues to develop their custom-made malware, dubbed “SHORTLEASH,” with a newer version already being developed and hosted on attacker-controlled infrastructure. (BLOG.TALOSINTELLIGENCE.COM)
Taiwanese authorities charge executives who helped China’s cyber spies target ICIJ network
A unit of Taiwan’s Investigation Bureau has charged two executives of a company that allegedly helped China’s cyber spies target Taiwanese officials and scholars, impersonating reporters affiliated with the International Consortium of Investigative Journalists. After searching the offices of local firm Abigail and other locations, the Taipei City Investigation Office issued deferred prosecution orders against Li Hualun and Chen Mengsen for violating the personal data protection act and other crimes, according to a statement released by the bureau. (ICIJ.ORG)
Mysterious rectangle ‘silos’ spotted at sprawling Chinese missile test base
Satellite imagery shows China has built what looks to be a new pattern of hardened structures with retractable roofs at a key missile test and training base in Inner Mongolia. Since the late 2010s, this base has also played a key role in the Chinese People’s Liberation Army’s (PLA) dramatic expansion of its silo-based intercontinental ballistic missile (ICBM) capabilities. The more recent additions to the facility appear to be too small and shallow for this purpose. A new report posits they could be used to fire smaller ballistic and/or cruise missiles, and might point to plans for a new “conventional quick-strike capability.” The China Aerospace Studies Institute (CASI), part of the U.S. Air Force’s Air University, first called attention to the two new structures. (TWZ.COM)
Iran
Israel unprepared to counter Iranian election meddling on social media, government probe finds
Israel still has no national policy or designated government body to coordinate its response to foreign influence campaigns online, nine years after the threat was first identified, outgoing State Comptroller Matanyahu Englman said on Tuesday. This finding comes as Israel enters an election year, which the report described as a particularly vulnerable period for attempts to manipulate public debate, shape perceptions, and undermine trust in election results. “The threat of foreign influence in the digital sphere is worrying,” Englman said. “Hostile actors, including Iran, exploit social media covertly and systematically to deepen divisions, sow panic, and engineer the Israeli public’s perception of reality.” (JPOST.COM)
Threat actors
Scattered Spider’s structure more like a cybercrime collective than a unified gang
Scattered Spider has been reclassified as a decentralized cybercrime collective composed of independent clusters rather than a single, organized threat group. Group-IB analysis, published on June 7, challenges the traditional view of the activity as one coordinated operation, arguing that multiple actors share tactics, tools and communities while operating separately. The firm said this model helps explain why activity attributed to Scattered Spider has continued despite arrests and disruption efforts targeting some alleged members. (INFOSECURITY-MAGAZINE.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
Can government of and by API still be government ‘for the people’?
OPINION: Democratic accountability implications of the government’s growing dependence on AI systems like Claude. Policy experts have long worried about the democratic accountability implications of outsourcing core governance functions to for-profit companies. AI replicates that dynamic, but with systems designed to mimic or even substitute for human reasoning and deliberation. That this is occurring against a backdrop of decimated state capacity and erosion of long-standing democratic norms makes it all the more concerning. (LAWFAREMEDIA.ORG)
Deepfakes
Deepfake CSAM lawsuit against xAI, Grok expands
Two new parties have been added to a class-action lawsuit against X.ai over its Grok tool including teenagers and children who say it was used by family members or other people they know to create nonconsensual deepfake child sexual assault material (CSAM). The lawsuit, originally filed in March by three women, was amended this week to include two additional plaintiffs, Jane Does 4 and 5, who say that Grok was used to make the illegal content based on their real photos and videos. All five of the women in the lawsuit are anonymous, and the complaint said the spread of the material had left them humiliated and ashamed. (CYBERSCOOP.COM)
Defense
DoD opens applications for long-awaited cyber apprenticeship program
Applications for the Defense Department’s long-anticipated cyber apprenticeship program are now open, providing additional details about the 12-month paid pilot designed to train the department’s next generation of cyber professionals. The department’s chief information officer’s office announced Monday that applications will be accepted through July 17 on USAJobs.gov. The initiative, first teased in April, has garnered nationwide interest — the Defense Department said it received more than 70,000 inquiries from prospective candidates. (FEDERALNEWSNETWORK.COM)
Navy launches next-gen undersea security initiative
The Navy’s program acquisition executive for strategic systems programs is launching a Next Generation Undersea Security Initiative focused on unmanned systems, autonomy and other high-tech capabilities that could enhance and protect the sea service’s assets. The SSP office is responsible for developing and sustaining sea-based nuclear forces and other advanced weapon systems. Via the NG-USI effort, the Navy aims to create a “sphere of technological excellence” with members of industry and not-for-profit organizations to rapidly develop prototype solutions that “sustain and expand strategic superiority within broadly stated submersible operations,” according to a sources-sought notice published July 2. (DEFENSESCOOP.COM)
Leadership
Federal CIO Barbaccia leaving in August
Federal Chief Information Officer and Chief Artificial Intelligence Officer Greg Barbaccia is leaving federal service. The Office of Management and Budget confirmed Barbaccia’s last day will be Aug. 31. “Greg has done an excellent job as federal CIO and chief AI officer. He will certainly be missed when his time here comes to an end,” an OMB spokesperson said in a statement to Federal News Network. Further details about where Barbaccia is going next or who will be the acting CIO or CAIO were not immediately available from OMB. (FEDERALNEWSNETWORK.COM)
Arvind Raman begins as NIST director
Secretary of Commerce Howard Lutnick swore in Arvind Raman as the new director of the National Institute of Standards and Technology (NIST) and under secretary of commerce for standards and technology on June 30. The Senate confirmed Raman on May 18. NIST announced the appointment in a July 6 press release. As under secretary and NIST director, he will oversee the agency’s collaboration with industry, academia, and other federal agencies to develop the measurements, technologies, and standards that support U.S. innovation. (MERITALK.COM)
LEGISLATIVE UPDATES
House Homeland committee seeks briefing on DHS network hack
House Homeland Security Committee staff are requesting a briefing from the Department of Homeland Security on the breach of the agency’s Homeland Security Information Network, according to a committee aide with knowledge of the matter. Staffers are hoping to be briefed on the intrusion — first reported by Nextgov/FCW last week — by Friday, said the aide, who spoke on the condition of anonymity because the matter is sensitive. Hackers are believed to have penetrated HSIN sometime between late May and early June, though their affiliation and whether any contents were pilfered from the platform is unclear, a person familiar with the matter previously said. (NEXTGOV.COM)
Contractor curbs on repair data causing Marines ‘significant’ issues
The Marine Corps is facing “significant” challenges keeping some of its most important weapons in working order, because Marines too often must rely on contractors for equipment upkeep, the service’s second-ranking general recently wrote to a Senate panel. Gen. Bradford Gering, the Marine Corps assistant commandant, described for the Armed Services Committee cases involving several high-profile military systems — including parts for communications terminals and for armored vehicles — that Marines sometimes wait months for contractors to fix, when Marines could complete the repair in days or even hours for a fraction of the price if they controlled the data. “Sustaining Marines in contested environments is as critical as sensing the enemy or maintaining command and control,” Gering wrote in responses to questions from Sen. Elizabeth Warren (D-Mass.), a member of the Armed Services Committee, that were viewed by CQ Roll Call. (ROLLCALL.COM)
ALERTS AND ADVISORIES
Adobe ColdFusion path traversal vulnerability
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)
CISA adds three known exploited vulnerabilities to catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability, CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability, CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
COMMUNICATIONS: Join the American Enterprise Institute on July 8 for an exclusive look into the questions defining the Federal Communications Commission (FCC). This public event will begin with a fireside chat, featuring the FCC’s Arpan Sura and AEI’s Shane Tews, to examine the most pressing issues before the commission.
CHINA: Join Hudson Institute’s China Center on July 10 as Miles Yu hosts a panel examining Taiwan’s experience in handling national security cases, foreign interference, technology theft, election influence, proxy networks, and gray-zone legal warfare. The discussion will explore how authoritarian influence exploits democratic openness, social trust, local networks, and legal ambiguity.
CONNECTED CARS: Join Chris Miller, the author of Chip War and a nonresident senior fellow at AEI, alongside Senator Bernie Moreno and Chairman John Moolenaar of the Select Committee on China for a July 13 discussion on how Congress is addressing the threat posed by Chinese data collection through connected vehicles.
RESEARCH SECURITY: Congress, federal agencies, and some university leaders have taken important steps in recent years to strengthen research security and improve transparency surrounding foreign funding, talent recruitment programs, and research partnerships. However, significant vulnerabilities remain. To discuss the evolving research security landscape, please join FDD for a July 14 conversation featuring House Select Committee on China Chairman John Moolenaar (R-Mich.) and Senator Jim Banks (R-Ind.). Moderated by FDD Senior Fellow Craig Singleton, the conversation will examine the challenges posed by the Chinese Communist Party’s efforts to leverage American universities for strategic gain and potential safeguards in this year’s National Defense Authorization Act.
AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.
AI AND EDUCATION: On July 16, the Center for Universal Education at Brookings will host a conversation to examine the effects of AI slop on young children’s learning, development, and well-being, as well as the incentives driving its production. As the third event in the Generation AI Starts Early webinar series, the discussion will bring together perspectives from health, media, and policy to explore what AI-generated content means for young children, caregivers, policymakers, and the broader media ecosystem.
AI HEALTH CARE: The AI in Health Conference from Sept. 15 to Sept. 17 bridges the gap between artificial intelligence and real-world health outcomes — focusing not just on what AI can do, but on what it should do to improve patient care. Hosted by the Ken Kennedy Institute at Rice University, the fifth annual AI in Health Conference will explore the current landscape of artificial intelligence in health and present a research-driven outlook for the future of computational health innovation. The program is designed to connect researchers and innovators with engineers, clinicians, and entrepreneurs at the forefront of AI in healthcare and public health.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS