Cyber Briefing – July 9, 2026
TODAY’S TOP 5
CHINA WEIGHS LIMITS ON AI MODELS U.S. COMPANIES LOVE: American companies have a new AI addiction: cheaper Chinese models. But as the race for artificial-intelligence supremacy heats up, Beijing is considering tightening its grip on homegrown technology, The Wall Street Journal reports. Across Silicon Valley, models made by Chinese companies such as DeepSeek and Moonshot AI have become core to daily work at companies large and small, offering a less costly alternative and supplement to the products of OpenAI and Anthropic. Chinese officials have recently held discussions with domestic AI labs that produce the country’s most powerful models about how to safeguard their valuable proprietary technology, according to people familiar with the matter. Beijing is concerned that sharing some of this technology could help adversaries or other malicious actors and ultimately get weaponized against China, the people said.
- OpenAI will release its powerful GPT-5.6 model to the public today, ending a voluntary hold over the Trump administration’s fears about its capabilities to boost cyberattacks, POLITICO reports. The company announced late Tuesday that its models, called Luna, Sol and Terra, will be available globally. The Trump administration had asked the company to stagger its release of the model late last month given its advanced capabilities. OpenAI, in compliance with the administration, initially offered the model to a small group of partners shared with the government.
- The European Commission published on Tuesday an action plan on cybersecurity and artificial intelligence, committing to nine measures on model evaluation, access to frontier systems and vulnerability management, amid the concern that its access to frontier models depends entirely on foreign powers, The Record reports. The communication, adopted in Strasbourg on July 7, is built around three pillars: making frontier AI “safe, accessible and deployable” for European cybersecurity, preparing the EU’s cyber ecosystem and scaling European AI capabilities. Henna Virkkunen, the Commission’s executive for technology, told reporters the plan would not be accompanied by any new legislation, with the focus instead being on enforcing existing rules.
- Two recent Trump administration actions have sent mixed messages about whether foreign-person employees can keep contributing to frontier AI development at U.S. companies. The right response is neither to wave the problem away nor to bar foreign talent, Joe Khawam and Tim Schnabel write at Just Security. U.S. labs can keep recruiting the world’s best researchers while safeguarding national security. For decades, firms that handle export-controlled technology in other sectors have managed foreign-person access through technology control plans (TCPs), and frontier labs can adapt that template.
RUSSIA TRIES TO JAM STARLINK TO COUNTER DRONES: Russian forces are trying to counter Ukrainian “mid-strike” drone attacks by camouflaging cargoes and installing powerful jamming systems to disrupt Elon Musk’s Starlink satellite internet system, Ukrainian drone commanders and pilots told Reuters. Kyiv’s development of “mid-strike” drones that can hit targets dozens of kilometers behind front lines accurately and cheaply, and are often flown via Starlink, has transformed the war in Ukraine. In a concerted mid-strike campaign this year, Ukraine has attacked supply lines, fuel storage facilities, air-defense installations and command centers, disrupting Russian forces’ logistics and causing fuel shortages in Russian-occupied Crimea.
- Drones have indeed become indispensable military tools. They have democratized access to aerial reconnaissance, improved tactical precision, and lowered the cost of surveillance and strike missions. But the public discourse has drifted from acknowledging their importance to declaring them revolutionary. In doing so, it risks repeating a familiar mistake. Throughout history, many generations have believed they had discovered the technology that would fundamentally rewrite the rules of war. Gunpowder, machine guns, tanks, strategic bombers, precision-guided munitions and cyber capabilities were each hyped as revolutionary innovations that would render previous forms of military power obsolete. None of them did. Instead, they became valuable components of broader military ecosystems, Sandor Fabian writes at the Modern War Institute at West Point. Today’s fascination with drones reflects the same pattern. The problem is not that militaries are investing in drones — they indeed should. The danger is that policymakers, security experts, and even some defense planners are mistaking a tactical innovation for a strategic revolution. Doing so risks distorting procurement priorities, weakening combined arms capabilities, and encouraging the repeatedly refuted belief that technology can substitute for strategy.
HELP GPS RESILIENCY AGAINST RUSSIA WITH ONE CHANGE: Numerous experts and advisory groups have observed that the nation’s leadership and governance for GPS and the essential positioning, navigation and timing (PNT) services it provides works against success. Responsibility is too diffuse and no leader is tasked and empowered to solve the problem, retired Air Force Space Command commander Gen. William Shelton writes at Breaking Defense. This is not a technological issue: we have multiple mature technologies available today to protect America. As one option, private and government analyses have concluded that combining signals from space with terrestrial broadcast and timing over fiber would create a system-of-systems architecture nearly impossible to disrupt. Such an architecture could be quickly implemented through commercial contracts with providers who are ready, willing and able. But first we need empowered leadership. GPS vulnerability is a serious national security issue and many federal departments have a role. But if this is everyone’s responsibility, no one is responsible.
- Since U.S. Air Force Gen. Alexus G. Grynkewich became NATO’s top military officer in July 2025, the alliance has contended with Russian drone incursions and hybrid warfare against its members and Moscow’s continued aggression in Ukraine. Now the Supreme Allied Commander Europe, a career fighter pilot, is trying to guide a major transformation of the forces under his command. The “NATO Force Model” is being adapted as the Trump administration scales back the forces it would offer Europe in a crisis as a means of rebalancing toward Pacific threats as other members of the alliance are increasing their defense spending and taking on greater roles within NATO. Grynkewich, who also heads U.S. European Command, recently joined Air and Space Forces Magazine for an interview in his office at Supreme Headquarters Allied Powers Europe near Mons, Belgium.
NEW SATELLITE MEGA-CONSTELLATION: Eight NATO countries plan to link their military satellites into a “mega-constellation” to enable “high-speed communications, intelligence and missile tracking,” the alliance announced on Tuesday at its Summit Defence Industry Forum in Ankara, in a move that joins a number of other a new initiatives aimed at improving NATO space capabilities. Connecting multiple national satellites will “overcome the cost, time and coverage limitations of single-nation satellite fleets,” a NATO press release said. The new network, called the Hybrid Alliance Layered Operations in Space (HALO), initially will involve Denmark, Canada, Finland, Germany, Norway, the Netherlands, Sweden and Turkey, a NATO official told Breaking Defense.
- With countries around the world focusing on building sovereign satellite networks, amid geopolitical tensions, a UAE company is working to mass manufacture commercial satellites, CNN reports. Abu Dhabi-based Orbitworks is developing AI-enabled satellites that will form a 10-satellite Earth observation constellation called Altair, useful for everything from military intelligence gathering to environmental monitoring. A joint venture between Abu Dhabi’s Marlan Space and San Francisco-based Loft Orbital, Orbitworks plans to launch the first satellite in October.
CYBER CHECK, PLEASE: A new report from a cybersecurity and compliance company says that 80% of quick service and fast-casual restaurants surveyed experienced at least one “cyber incident” in the last 12 months and 76% had sensitive data leaked, MassLive reports. That’s despite 94% of the restaurants leaders expressing confidence in their ability to prevent or detect an attack. The data was gathered by VikingCloud, which questioned security and IT leaders, along with franchise owners, as they looked into restaurants in the United States and Canada. The leaked data ranges from payment card information to personal information of customers to internal system credentials and payroll records. The report also found that many of the restaurants did not have consistent systems in place to handle a centralized approach to cybersecurity, and that 78% of those surveyed “delay security patches to avoid disrupting service.” On top of that, more than a third of those questioned “mistook a real cyberattack for a routine technical glitch, meaning many incidents go unrecognized.”se services, have not yet developed the doctrine, training or technology choices that this reality demands.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
AI is changing the speed and scale of cyber conflict, but the burden on defenders remains the same: they have to protect complex systems all the time, while attackers only need one opening. That imbalance is especially urgent as critical infrastructure, intelligence missions and space systems become more connected, more contested and harder to secure. Chris Jones, chief technology officer at Nightwing and a former senior CIA technology leader, joins Frank Cilluffo on the latest episode of Cyber Focus to discuss what that means for national security. He explains why AI may give attackers a short-term advantage, why many breaches still come down to basic defensive discipline and why even the most advanced tools depend on skilled people, sound judgment and mission-focused teams.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Cybercrime
Over 5,800 arrests, $293 million intercepted in global fraud bust
A global anti-fraud operation involving 97 countries and territories has led to the arrest of 5,811 individuals and the interception of USD 293 million in illicit assets. Operation First Light 2026 (15 Jan 2026 – 30 April 2026), coordinated by INTERPOL, focused on combatting social engineering scams and associated money laundering activities. Social engineering is a broad term that refers to techniques that exploit a person’s trust to obtain money or confidential information. This type of fraud can include business email compromise, sextortion, as well as romance, impersonation or investment scams. (INTERPOL.INT)
28 arrests in international strike against child sexual exploitation
Authorities from seven countries, supported by Europol, have carried out a major operation against child sexual exploitation, leading to the arrest of 28 individuals. As a result, three children have been safeguarded. The operation, conducted from late May to mid-June 2026, took place in Canada, Czechia, Germany, Norway, Poland, Sweden, and Switzerland. It also led to the seizure of more than 460 items, including electronic devices, crypto wallets, drugs and large quantities of doping substances. The operation is ongoing and further arrests are expected. (EUROPOL.EUROPA.EU)
Emergency services
Kerala police’s internal app down, cyberattack suspected
A probe has been launched after an application linked to the Kerala police website that handles internal files became dysfunctional, with officials suspecting a cyber attack, police sources said today. According to the sources, the application, which is used for handling internal files and data, has remained non-functional for the past four days and is suspected to have been hacked. (REDIFF.COM)
Spyware
Greek victims file lawsuit against Intellexa over Predator spyware
Eight Greeks who were snooped on by Predator spyware sued the surveillance tech manufacturer Intellexa on Tuesday, as well as 13 individuals tied to the company. The victims are asking for about €7.6 million ($8.7 million) total in compensation, their lawyer Zacharias Kesses told a local news outlet. The damages are sought to make up “for the moral damage suffered by the victims from the illegal violation of their privacy, the confidentiality of their communications and their personal data” due to the confirmed presence of spyware on their devices, Kesses said in a statement provided to the Greek outlet Ekathimerini. (THERECORD.MEDIA)
Transportation
AssuranceAmerica data breach exposes records of 6.9 million drivers
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. AssuranceAmerica operates through a network of over 9,500 independent agents and provides auto, renters, and commercial auto insurance coverage across 14 U.S. states. While the company has yet to publish a press release regarding the incident, it revealed in a filing with Maine’s Office of the Attorney General that the data breach has exposed the information of 6,998,886 people. (BLEEPINGCOMPUTER.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Top AI agents built to catch malicious code can be tricked into running it
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker’s code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls “Friendly Fire.” It works against Anthropic’s Claude Code and OpenAI’s Codex when either is running in an autonomous mode that approves its own commands. It hijacks the exact job these tools are sold for: checking untrusted third-party code for problems. Instead of catching the threat, the agent becomes the way in. (THEHACKERNEWS.COM)
AI coding tools tricked Into hacking developer machine via decades-old technique
Several popular AI coding assistants were tricked into facilitating developer machine hacking via an attack technique that has been known for decades, according to Google-owned cloud security giant Wiz. Dubbed GhostApproval, the attack has been successfully tested against Claude Code, Amazon Q Developer, Cursor, Google Antigravity, Augment, and Windsurf. GhostApproval leverages symbolic link (symlink) following, a longstanding file system behavior where a program resolves and operates on the target of a symbolic link rather than the link itself, enabling an attacker to trick privileged or sandboxed processes into accessing or modifying unintended files via deceptive paths. (SECURITYWEEK.COM)
Authentication
Entra passkey enrollment vishing targets Microsoft 365 users
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. The attacker is taking advantage of a new capability Microsoft opened to administrators in May, allowing them to run “passkey registration campaigns” to entice users to enrol passkeys for more secure authentication. The campaign has been running since April and involves calling targeted users and trying to convince them to register a new passkey under the attacker’s control. (BLEEPINGCOMPUTER.COM)
Cloud
Threat actors uses agentic AI to rapidly compromise cloud target
Thanks to AI, a lone threat actor was able to execute a cyber-attack that would have otherwise taken weeks in just 72 hours, according to a new report by Sygnia. The Israeli security vendor’s reeport, Inside an AI-Assisted Cloud Attack: Familiar Techniques at Unfamiliar Speed, highlighted how the threat actor relied on AI for speed and scale, rather than researching novel malware or zero-day exploits. Using tried-and-tested techniques for attacking cloud infrastructure, an AWS environment was compromised with the goal of extortion, the report noted. (INFOSECURITY-MAGAZINE.COM)
IoT
Apex2 and c2c Golang malware driving faster IoT botnet attacks, raising risks for OT environments
Cybersecurity researchers at Nozomi Networks Labs identified two Golang-based malware families, Apex2 and c2c/meow, that illustrate a growing shift in IoT botnet development toward faster, more modular and reusable malware. The researchers found that attackers are increasingly leveraging reusable open source components, commodity infrastructure and automation to rapidly assemble DDoS (distributed denial-of-service) botnets targeting exposed Linux and IoT systems, reducing the effort required to develop and deploy new malware variants. (INDUSTRIALCYBER.CO)
Malware
Vidar infostealer hammers SMBs via malvertising campaign
Threat actors are targeting consumers and small to midsize businesses (SMBs) globally in a financially motivated malvertising campaign that delivers the Vidar infostealer and cryptomining malware with multifaceted delivery and evasion strategies. Researchers from Palo Alto Networks’ Unit 42 uncovered the campaign in April; it lures victims to pages for downloading files that impersonate cracked versions of copyright-protected software, according to a report published July 7. The files delivered, however, are actually password-protected archives that hide a malware loader for dropping and executing both the Vidar infostealer and the open source XMRig cryptominer. Vidar targets browser credentials, cookies, and crypto wallets, while the XMRig mines Monero cryptocurrency. (DARKREADING.COM)
GoodPersonRAT uses fake LetsVPN installer to give attackers full remote control
A fake installer for a popular Chinese VPN service is quietly handing full remote control of infected computers to unknown attackers. The malicious file poses as a setup tool for LetsVPN, a tool many users in China rely on to bypass strict internet blocks. Instead of just installing the VPN, it also drops a hidden remote access trojan researchers have named GoodPersonRAT. The trick works because the installer contains a real, signed copy of LetsVPN software. Once the hidden malware finishes its work in the background, the legitimate VPN installs normally, so the victim has no reason to suspect their device has been quietly compromised. (CYBERSECURITYNEWS.COM)
QR codes are the new security blindspots that steal your card details and deliver malware
A small pixelated square. You’ve scanned hundreds of them at coffee shops, parking meters, airport lounges, and restaurant tables. It feels instant. It feels safe. It feels routine. That’s exactly what cybercriminals are counting on. QR codes have become one of the most trusted and least scrutinized gateways in everyday digital life. A new category of attack known as “quishing” (QR + phishing) is now one of the fastest-growing cyber threats globally, silently bypassing some of the most sophisticated enterprise email security systems in the world. (CYBERSECURITYNEWS.COM)
Ransomware
GodDamn ransomware uses PoisonX driver to disable endpoint defenses
Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first publicly spotted in the wild on May 21, 2026. It’s assessed to be a rebrand of the Beast ransomware, which, in turn, was an enhanced version of Monster, a Delphi-based ransomware that surfaced in March 2022. Broadcom’s cybersecurity arm is tracing the developer behind these ransomware families under the moniker Hyadina. (THEHACKERNEWS.COM)
Vulnerabilities
Microsoft patches RoguePlanet Defender flaw that can grant SYSTEM privileges
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine (“mpengine.dll”), which provides scanning, detection, and cleaning capabilities for its antivirus and antispyware software. The issue has been remediated in Microsoft Malware Protection Engine version 1.1.26060.3008, along with defense-in-depth updates to harden unspecified security-related features. (THEHACKERNEWS.COM)
Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw tracked as CVE-2026-50746 that can be exploited in command injection attacks. The CVE-2026-50746 vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management software suite that Ubiquiti customers can use to automate and manage commercial building operations (including smart LED lighting systems and electric vehicle chargers) via a single interface. “A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device,” Ubiquiti explained. (BLEEPINGCOMPUTER.COM)
Foxit patches multiple use-after-free flaws leading to remote code execution
Foxit has released critical security updates to address multiple use-after-free vulnerabilities that could lead to remote code execution (RCE) in its widely used PDF Reader and PDF Editor products. The vulnerabilities, disclosed in Foxit’s July 8, 2026 security bulletin, affect Windows versions of Foxit PDF Reader and Foxit PDF Editor across multiple release branches, highlighting the continued risk posed by malformed PDF files weaponized with embedded JavaScript. The patched flaws primarily stem from improper memory handling issues categorized under CWE-416 (Use-After-Free), where the application attempts to access freed or invalid memory objects. (GBHACKERS.COM)
Chrome 150 update patches 27 vulnerabilities
Google on Wednesday announced a Chrome 150 security update that resolves 27 vulnerabilities, including two critical-severity flaws. The two critical bugs are use-after-free issues in Chrome’s Ozone and Views components. Both were found by Google last month. The Chrome refresh resolves a total of 13 use-after-free defects, including 10 high-severity and one medium-severity weakness. (SECURITYWEEK.COM)

ADVERSARIES
China
Understanding China’s party-state intelligence system
Over the past three decades, observers have become far better at documenting the Chinese Communist Party (CCP)’s global espionage and influence activities, from U.S. Navy sailors selling warship secrets and employment ads that presage espionage pitches to the hacking of infrastructure. Hundreds of prosecutions, intelligence assessments, cyber investigations, and indictments have revealed how Chinese intelligence officers and their collaborators recruit agents, acquire technology, conduct cyber intrusions, and pursue influence operations around the world. (THEDIPLOMAT.COM)
Iran
Coercive signaling, cognitive warfare, or total war? Legal and strategic reflections on the U.S/–Israel–Iran war
OPINION: Critical infrastructure is not attacked only for what its destruction immediately achieves. It may also be placed at risk to communicate capability, shape expectations and alter an adversary’s political choices. Responding effectively, therefore, requires protection of both the physical system and the surrounding decision environment, namely the interconnected legal, informational, and cognitive conditions through which governments, publics, infrastructure operators, and allies interpret an attack, assess future risk, and determine how to respond. (SMALLWARSJOURNAL.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
GSA praised for initial changes to AI draft regs, but more work needed
In the three weeks since the General Services Administration updated its proposed regulations for the basic safeguarding of data within large language model artificial intelligence systems, vendors and other interested parties have only officially submitted six comments. But that is not because there isn’t a lack of interest or questions about the new proposed rule that GSA would apply to all schedule and governmentwide acquisition contracts under their purview. The comments likely will start pouring in after GSA holds a listening session on July 14 in Washington, D.C. Registration closed on July 3. Vendors and other AI experts say GSA did a good job updating the proposal from the previous version released in March. GSA reissued the updated draft regulations on June 17 with a request for comments that closes on Aug. 3. (FEDERALNEWSNETWORK.COM)
Found fast, fixed slow: The gap the AI clearinghouse must close
OPINION: The AI-focused executive order President Donald Trump signed last month gave the Treasury Department, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) 30 days to establish a new “AI cybersecurity clearinghouse.” The deadline passed last week. The clearinghouse is meant to coordinate the scanning, discovery, and validation of software vulnerabilities in critical infrastructure, and then prioritize how those vulnerabilities get patched and distributed. It’s the right problem to solve. The question now is whether what is created will actually solve it. (CYBERSCOOP.COM)
Collaboration
French nonprofit starts global intelligence and research hub for AI cyber threats
The Paris Peace Forum, a French non-profit that has convened world leaders on global security issues, is launching a new project to bring together international experts to assess AI-related threats to global internet infrastructure. The Integrated Network for Trusted AI in Cyberspace (INTAiC) will tap researchers and civil society experts from government and the private sector, analyzing current AI cyber threats from the field and creating “forward-looking” reports on how the technology will impact society and what organizations can do to respond. One of the project’s top goals is to create an international, quick-response coalition of government and business to address AI-related threats, similar to coordination mechanisms that exist in other areas of cybersecurity. (CYBERSCOOP.COM)
Data centers
Oregon regulators hike power rates for data centers
Oregon regulators voted Tuesday to boost prices for some data centers — and lower costs for other customers — under a first-in-the-nation law designed to prevent households from paying for tech companies’ infrastructure. The state Public Utility Commission unanimously approved a new tariff from Portland General Electric, Oregon’s largest electric utility, that will see data centers pay an average of 29 percent more for electricity starting Wednesday. Residential customers, meanwhile, will pay about 1.3 percent less under the rates. According to commission staff, that would translate to about $1.91 in monthly savings for the average household. (EENEWS.NET)
Second major Virginia data center project dies, raising AI site selection stakes
The Prince William Board of County Supervisors has halted another massive Virginia data center proposal, voting 8-0 on Tuesday against initiating Comprehensive Plan Amendment CPA2026-00012 for the Dulles South Innovation Center. The decision stopped a proposed 43-million-square-foot campus before the developer could seek rezoning, days after Data Center Knowledge reported that QTS withdrew its appeals in the Digital Gateway case. QTS’s withdrawal ended plans for a campus that could have brought as much as $30 billion in private investment and up to 27 million square feet of development to Prince William County. Viewed together, the consecutive setbacks suggest that local entities now stand alongside power, fiber, and land as determining factors in whether large AI infrastructure projects move from proposal to construction. (DATACENTERKNOWLEDGE.COM)
The ‘time-consuming’ permits dozens of data centers are skipping
By the time Krista Meredith learned last winter that an AI data center was coming to her community in the suburbs of Canton, Ohio, the site was already dotted with construction equipment. A nurse practitioner who has lived in the area for two decades, Meredith is concerned about how the project could affect water and air quality around the Rust Belt city that was once defined by steel mills and now houses a mix of affluent and working-class neighborhoods. But unbeknownst to her — one of hundreds who signed a petition against the data center — the only required federal permit was issued last August. And there was no chance for the public to weigh in. (EENEWS.NET)
Utah’s Stratos project draws warnings from Virginia’s ‘Data Center Alley’
Roughly 2,000 miles away from Utah, Loudoun County, Virginia, is home to 253 data centers. “That data center is the cloud,” Sterling resident Jessica Medeiros said, pointing to a data center across the street from her neighborhood that makes noise at all hours of the day. “There’s not been a single day in 16 years where a data center was not under construction in Loudoun County,” said Mike Turner, vice chair of the Loudoun County Board of Supervisors. (KSL.COM)
Defense
‘Shifting gears away from being just a policy shop’: Q&A with the Pentagon CIO
Pentagon CIO Kirsten Davies recently spoke with Nextgov/FCW about her efforts to update IT acquisition and move beyond policy to operational effectiveness, warfighter readiness, and more. (DEFENSEONE.COM)
Drones
Subpar Secret Service drone defense flagged in Trump assassination attempt report
Lackluster counter-drone skills and faulty processes were among the Secret Service failures that occurred during the July 13, 2024 assassination attempt on then-former President Donald Trump, according to a report published last week by the Department of Homeland Security’s inspector general office. The watchdog found that the would-be assassin, Thomas Crooks, completed a more than eight-minute drone flight undetected and undisturbed as Secret Service personnel were busy attempting to resolve a technical issue that had left the counter-unmanned aircraft system inoperable. “The Secret Service never detected Crooks’ drone flight, its location, or his location while he flew his drone, therefore missing an opportunity to detect and prevent the assassination attempt,” the OIG said in the report. (FEDSCOOP.COM)
U.S. seeks cheaper hunter-killer drones after Iran destroys $1B worth of Reapers
The US military has lost dozens of Reaper drones collectively worth more than $1 billion while carrying out surveillance and attack missions over Iran. Now the Pentagon is seeking large numbers of cheaper drones that can perform such missions despite the expectation that many will be lost in combat. In a call for industry pitches, the Defense Innovation Unit’s notice described the U.S. military’s current reliance on drones and crewed aircraft, each costing more than $30 million, as being “unsustainable against adversaries utilizing layered defenses enabled by increasingly low-cost antiaircraft capabilities.” It envisions deploying more “cost-effective” drones to “overwhelm enemy air defenses even while experiencing numerous [drone] losses.” (ARSTECHNICA.COM)
Taiwan’s Skyguard anti-aircraft guns now equipped with anti-drone nets
Anti-drone nets and cages are rapidly becoming as ubiquitous as the drones they are meant to stop, appearing on today’s battlefields, over roads, around buildings, atop armored vehicles, and even protecting naval vessels. One recent example comes from Taiwan, where anti-aircraft guns have been enclosed in netting to help defend against the growing threat of drone attacks from Chinese forces . An image, heavily edited, that began to circulate recently shows a pair of Republic of China Air Force (ROCAF) Skyguard towed twin-barreled 35mm anti-aircraft cannons with geodesic, dome-like latice structures over them, covered with anti-drone netting. The twin guns protrude out into the open to provide clearance. The design appears intended mainly to defeat small first-person-view (FPV) type drones attempting to dive directly onto the guns. (TWZ.COM)
Health care
Feds delay planned HIPAA security rule overhaul to mid-2027
Federal regulators are putting a sweeping overhaul of the 23-year-old HIPAA Security Rule on hold until at least July 2027, though they’re moving ahead next month with long-awaited changes to the HIPAA Privacy Rule and other initiatives designed to expand patient access to health information and ease health IT regulatory “burdens.” Final rules for both the updated HIPAA Security Rule and the HIPAA Privacy Rule had been previously slated in the federal regulatory agenda for May 2026. But for now, HHS is only moving ahead with the Privacy Rule update in the near term. (HEALTHCAREINFOSECURITY.COM)
Quantum
White House quantum summit aligns industry on transition, innovation
The White House brought together nearly 100 participants from government agencies, quantum technology companies and universities to discuss driving execution, strengthening supply chains, growing the workforce and maintaining U.S. leadership. “The government has done real work to get ready for 2030, NIST has the standards, OMB set the deadlines,” summit attendee and CEO of quantum computing firm Infleqtion, Matt Kinsella, told ISMG. “What they’re asking industry to do now is move with them, get systems crypto-agile and treat 2030 as a shared deadline rather than a federal one.” (GOVINFOSECURITY.COM)
Resilience
European organizations have a collaboration security confidence gap
If confidence alone were enough to secure enterprise collaboration, many organizations in Europe would have little to worry about. A new survey from communications provider Wire found that 84% of IT professionals in the UK, France, and Germany are confident in the security of their collaboration environments, and 79% have the same faith in their ability to control access to collaboration data. But other findings in the survey suggested a more complicated reality. (DARKREADING.COM)
Mexico’s new cyber plan faces its first real test
Mexico adopted its Plan Nacional de Ciberseguridad 2025-2030 — its National Cybersecurity Plan — seven months ago, and while the strategy is still in its “expansion phase,” the FIFA World Cup 2026 tournament has become an early test for the government’s ability to implement the document, experts say. Drafted by the Agencia de Transformación Digital y Telecomunicaciones (ATDT), or Mexico’s Digital Transformation and Telecommunications Agency, the plan aims to guide efforts to update federal legislation and establish cybersecurity capabilities throughout the government. For the current year, the cybersecurity plan calls for the creation of a National Cybersecurity Strategy by the end of the third quarter, the creation of a National Cybersecurity Center to track threats, and greater cooperation between cybersecurity professionals in government, private industry, and academia, according to an analysis published June 25 by threat intelligence firm Recorded Future. (DARKREADING.COM)
Risk management
U.S. enterprises incorporate cyber risk into larger strategic focus
U.S. companies are merging cyber risk issues into their overall enterprise risk strategy, at a time when AI adoption and business resilience are leading to significant shifts in business priorities, according to a report released Tuesday by Information Services Group, a technology research and advisory firm. Cybersecurity is increasingly seen as a business-critical concern, as companies accelerate their adoption of agentic AI and transform much of their technology and data infrastructure to hybrid or multicloud environments. Enterprise leaders are closely integrating cyber spending decisions with overall IT strategy. In addition, C-suite and board members are taking greater accountability for business continuity, financial exposure and regulatory compliance. (CYBERSECURITYDIVE.COM)
Space
NASA’s CAPSTONE completes testing of tech for long-term lunar goals
NASA is one step closer to establishing a long-term human presence on the moon after the agency successfully demonstrated autonomous navigation and resilient deep-space communications technologies in lunar orbit. The Cislunar Autonomous Positioning System Technology Operations and Navigation Experiment (CAPSTONE) concluded NASA’s technology demonstrations last month after nearly four years of testing. According to NASA officials, CAPSTONE launched in June 2022 and became the first U.S. commercial mission at the Moon. The microwave-sized spacecraft – owned and operated by Advanced Space – tested operations in three-body orbits around the Moon, using the combined gravity of the Earth and the Moon to reduce the fuel needed to maintain a stable lunar path. (MERITALK.COM)
How to find alien technology
You might think this column is about UFOs and the Pentagon’s recent declassified files. It’s not. We’re talking about technosignatures, the evidence of alien technology: a radio or laser signal, artificial chemicals in a distant planet’s atmosphere, or a Dyson sphere, a giant structure built around a star to capture its energy. People mix the two up constantly, and astronomer Dr. Jason Wright sets the record straight. “The two fields have been really distinct, but in people’s minds, they’re heavily conflated,” he says. Wright is a professor of astronomy and astrophysics, an expert in SETI, short for the Search for Extraterrestrial Intelligence, and he directs the Penn State Extraterrestrial Intelligence Center. Here’s the first thing he’ll tell you: Forget the movies. (NEXTGOV.COM)
Transportation
Feds demand autonomous vehicle companies stop interfering with first responders
National Highway Traffic Safety Administration (NHTSA) Administrator Jonathan Morrison issued a directive Wednesday to autonomous vehicle (AV) developers, stating that it is unacceptable for their vehicles to interfere with first responders or law enforcement. Morrison noted in the letter that the agency has “identified a clear pattern of driverless AVs interfering with law enforcement and other first responders,” citing instances in which these vehicles drove into active emergency scenes, blocked the paths of ambulances and firefighters, or failed to recognize and respond to basic safety conditions like flashing lights, flares, smoke, fire, and traffic cones. (TECHCRUNCH.COM)
Proposal for a Cybersecurity Act 2
As vehicles become increasingly connected, software-defined products, cybersecurity has become essential for safety, consumer trust and the functioning of the mobility ecosystem. European vehicle manufacturers have invested heavily in robust cybersecurity systems and therefore support the overall objective of the Cybersecurity Act to strengthen ICT supply chain security in response to growing digital risks. However, the proposed Trusted ICT Supply Chain framework raises several important concerns. (ACEA.AUTO)
LEGISLATIVE UPDATES
Senate lawmaker presses DoD, tech firms to disclose AI contract terms
A Senate lawmaker is demanding that the Defense Department and seven technology companies deploying their artificial intelligence capabilities on the department’s classified networks disclose the terms of their agreements in order to better understand what guardrails DoD is putting in place around AI use in the military. In a letter to Defense Secretary Pete Hegseth, Sen. Elizabeth Warren (D-Mass.) said the department “appears to have forged ahead in expanding AI use throughout the military, while releasing no meaningful information about contractual guardrails to prevent the misuse of these tools or communicating to Congress and the public how these tools are used at all.” (FEDERALNEWSNETWORK.COM)
Collins calls on OMB to rescind parts of controversial proposed grant rule
Sen. Susan Collins (R-Maine) called on the Trump administration to withdraw some proposed changes to the federal grantmaking process, joining a growing chorus of opposition to a sweeping new proposal from the Office of Management and Budget (OMB). Collins on Monday sent a letter to OMB Director Russell Vought asking the agency to withdraw portions of the rule that she said would potentially harm small and rural communities and add uncertainty to scientific and biomedical research. The proposed rule, rolled out with little fanfare late last month, would codify many policies the administration attempted through executive order and at the individual agency level. It would de-emphasize peer review and give wide latitude to political appointees to decide what research will “advance the President’s policy priorities.” (THEHILL.COM)
ALERTS AND ADVISORIES
Large-scale exploitation campaign targeting website content management systems (CMS)
A large-scale exploitation campaign is targeting various vulnerabilities in content management systems (CMS) globally, including in Australia, with many small to medium sized Australian businesses impacted. As part of this campaign, malicious cyber actors are actively scanning websites for opportunities to deploy webshells, leveraging various vulnerabilities affecting CMS software and plugins. These vulnerabilities primarily allow unauthenticated file upload, remote code execution, server side request forgery or deserialisation. Once deployed, webshells can allow malicious cyber actors to remotely access and control targeted web servers. Malicious cyber actors may leverage compromised web servers for several purposes. (CYBER.GOV.AU)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
CHINA: Join Hudson Institute’s China Center on July 10 as Miles Yu hosts a panel examining Taiwan’s experience in handling national security cases, foreign interference, technology theft, election influence, proxy networks, and gray-zone legal warfare. The discussion will explore how authoritarian influence exploits democratic openness, social trust, local networks, and legal ambiguity.
CONNECTED CARS: Join Chris Miller, the author of Chip War and a nonresident senior fellow at AEI, alongside Senator Bernie Moreno and Chairman John Moolenaar of the Select Committee on China for a July 13 discussion on how Congress is addressing the threat posed by Chinese data collection through connected vehicles.
RESEARCH SECURITY: Congress, federal agencies, and some university leaders have taken important steps in recent years to strengthen research security and improve transparency surrounding foreign funding, talent recruitment programs, and research partnerships. However, significant vulnerabilities remain. To discuss the evolving research security landscape, please join FDD for a July 14 conversation featuring House Select Committee on China Chairman John Moolenaar (R-Mich.) and Senator Jim Banks (R-Ind.). Moderated by FDD Senior Fellow Craig Singleton, the conversation will examine the challenges posed by the Chinese Communist Party’s efforts to leverage American universities for strategic gain and potential safeguards in this year’s National Defense Authorization Act.
AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.
AI AND EDUCATION: On July 16, the Center for Universal Education at Brookings will host a conversation to examine the effects of AI slop on young children’s learning, development, and well-being, as well as the incentives driving its production. As the third event in the Generation AI Starts Early webinar series, the discussion will bring together perspectives from health, media, and policy to explore what AI-generated content means for young children, caregivers, policymakers, and the broader media ecosystem.
AI HEALTH CARE: The AI in Health Conference from Sept. 15 to Sept. 17 bridges the gap between artificial intelligence and real-world health outcomes — focusing not just on what AI can do, but on what it should do to improve patient care. Hosted by the Ken Kennedy Institute at Rice University, the fifth annual AI in Health Conference will explore the current landscape of artificial intelligence in health and present a research-driven outlook for the future of computational health innovation. The program is designed to connect researchers and innovators with engineers, clinicians, and entrepreneurs at the forefront of AI in healthcare and public health.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS