Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – June 1, 2026


Cyber Briefing

TODAY’S TOP 5

RUSSIAN SPIES ON THE HUNT FOR WESTERN TECH: Russia’s intelligence agencies have grown more aggressive in their efforts to steal Western technology and defense secrets as sanctions squeeze the country’s wartime economy, three senior European intelligence officials told The Associated Press. Moscow’s agents are building fake companies, recruiting middlemen and deploying cyber spies and hackers who are gathering information that could also be used to attack key infrastructure, they said. Four years of international sanctions have hampered Moscow’s ability to procure machinery, technology and research from Europe, while the grinding war in Ukraine has taxed key industries and pushed the country toward a potential financial crisis. “They really know what they need,” and are putting “serious effort” into acquiring advanced machine tools, factory equipment, research and dual-use technology, said Christoffer Wedelin, deputy head of operations at the Swedish Security Service.

  • A wide range of actors are engaged in resisting attacks against critical undersea infrastructure, from governments and militaries to the private sector providers of the infrastructure itself. But too often, efforts are fragmented and piecemeal, preventing the development of a genuinely resilient network. Issues with coordination, situational awareness, and cost asymmetry between attack and defense all frustrate efforts to mount an effective defense and deterrent response. NATO has a critical role to play in overcoming these challenges. The urgent question is how the alliance can best adapt to the increasing tempo of hostile Russian, Chinese, and other — e.g., non-state — activities threatening this vast and vital web of critical undersea infrastructure. Recent initiatives, such as a NATO Centre for Security of Critical Undersea Infrastructure or the uncrewed Task Force X are welcome, Samu Paukkunen and James Black write at War on the Rocks. But the alliance should go further to translate this ambition into enhanced deterrence and resilience.

WHAT CHINA IS BUILDING NEAR NUCLEAR MISSILE SILOS: In a remote Chinese desert, a vast military complex is taking shape that some security scholars say appears built to ensure no American first strike on China’s nuclear arsenal could reliably knock out Beijing’s ability to hit back. China’s nuclear missiles can already reach any city in the United States. Now, satellite images reviewed by Reuters show Beijing is building a sprawling web of launch pads, bunkers and communications nodes near the isolated nuclear silos that hold the Chinese military’s longest-range missiles. The images reveal more than 80 pads for possible use by China’s expanding fleet of mobile missile launchers and air-defense batteries. They also show facilities that may serve electronic warfare, satellite communications and command operations, according to three security analysts, who assessed the imagery for Reuters. 

  • China advances its space research and development to the detriment of other countries’ space goals. China’s path to space power has left a trail of disappointed partner nations in its wake, producing lopsided outcomes in which partners assume financial and political risk while ceding control over infrastructure, data, and dual‑use technologies. Even institutions that choose not to collaborate can face espionage and cyber threats, underscoring the need for rigorous due diligence, legal review and cybersecurity safeguards in all space-related activities involving China, according to a new RAND report.
  • During Operation Epic Fury, Iran pursued a deliberate strategy against United States forces arrayed in the Middle East. Facing U.S. air superiority, the regime’s praetorian Islamic Revolutionary Guard Corps adopted an asymmetric counter-air approach that targeted high-value U.S. military assets across the region, from strategic-enabler aircraft to expensive radar sites. While Iran’s wartime strikes initially appeared to be lucky shots, they were likely cued by foreign space-based targeting data. Open-source indicators suggest that satellite imagery and geospatial-intelligence support from the People’s Republic of China helped Tehran identify and prioritize critical American capabilities in the Middle East, allowing Iran to launch a selective campaign even under pressure. This development highlights a problem that is not unique to the Gulf: China’s commercial satellite sector supported entities hostile to the West in different parts of the world — including the former Russian shadow-army Wagner in the invasion of Ukraine, as well as the Iran-backed Houthi militia group in Yemen, Can Kasapoğlu writes at the Hudson Institute.
  • The PRC is increasingly employing locally hired foreign nationals as staff in its foreign mission abroad. This departs from its previous model where diplomatic missions were staffed exclusively by Chinese citizens, Matt Brazil writes at the Jamestown Foundation. Recent incidents in PRC consulates in New York and Los Angeles show the PRC is hiring local security contractors to act as violent enforcers, silencing opposition against the PRC and advance its political objectives in the host country. The PRC employs members of the Chinese diaspora as local foreign service nationals to improve its diplomatic mission’s understanding of local linguistic, cultural, and political environments.

CYBER FORCE IN THE NDAA?: A new cyber-focused military service branch would sit under the Army if one senator’s proposal comes to fruition. Sen. Kirsten Gillibrand (D-N.Y.) is spearheading a markup amendment to the Senate’s 2027 National Defense Authorization Act that would create a “Cyber Force” as the next armed service branch, Defense One reports. The senator’s office confirmed that the amendment proposes to establish the branch under the Army, just as the Space Force and Marine Corps sit under the Air Force and Navy. Similar provisions are reportedly being floated in the House, according to two people familiar with policy discussions. 

  • U.S. forces deployed to war zones have been targeted using commercially available location data, according to reports fielded by military officials, an illustration of how the global surveillance economy is shaping the battlefield. In a letter shared with Reuters by U.S. Senator Ron Wyden, an Oregon Democrat, U.S. Central Command said it had “received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.” The message, sent on April 14, offered no further specifics, but CENTCOM’s area of responsibility includes the Gulf, where U.S. forces are facing off against the Iranian military over the Strait of Hormuz.

IG HITS NIST’S NVD: A Department of Commerce inspector general report found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs and failure to communicate with users, CyberScoop reports. The National Vulnerability Database, maintained by NIST since 2005, collects information about computer security flaws and adds details like severity ratings and affected products. This information helps cybersecurity professionals across government and the private sector decide which security problems to fix first. In February 2024, the database’s enrichment contract lapsed, creating a backlog of unprocessed security flaws that has only grown worse. The report identified the lack of strategic planning as a core problem. NIST leaders admitted they had no long-term plan for clearing the backlog, even as it grew from about 13,000 unprocessed security flaws in June 2024 to over 27,000 by the end of 2025.

  • NIST’s AI Safety Consortium will now be called the NIST Artificial Intelligence Consortium, the agency said Friday, continuing a shift in approach to the technology under President Donald Trump, FedScoop reports. According to NIST’s announcement, the renamed group will retain some of its previous work but will change its scope. The group is also seeking new member organizations to carry out its aims. “To encourage more extraordinary AI technological innovations, NIST is seeking to expand its AI measurement efforts by harnessing the broader community’s interests and capabilities,” Craig Burkhardt, deputy NIST director, said in a statement included in the release.

HOW ELECTIONS MAY BE TARGETED THIS YEAR: Hackers are already preparing for the 2026 midterms, with a new report warning that campaigns, fundraising platforms, public websites and local governments could face a wave of phishing, credential theft, artificial intelligence-generated deception and foreign influence activity, Nextgov/FCW reports. The findings, produced by cybersecurity firm Check Point, do not point to voting machines as the most likely near-term target, but instead warn that attackers are more likely to exploit infrastructure around elections — like campaign accounts and fundraising platforms — to steal credentials, impersonate trusted organizations, disrupt public information or fuel doubts about the nation’s electoral process.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

For Estonia, cyber resilience is not an abstract policy goal. It is a national survival issue shaped by history, geography and the reality of living next to Russia. In the latest episode of Cyber Focus, Ambassador Kristjan Prikk explains how Estonia turned a lack of legacy infrastructure into a digital advantage, why the 2007 cyberattacks became a strategic wake-up call for the West and what Ukraine’s defense against Russia reveals about preparation, public-private cooperation and the future of conflict. The conversation also looks ahead to AI in government and education, to Estonia’s support for Ukraine and to the cyber lessons NATO must operationalize before the next crisis. At the center is a clear argument from one of the world’s most digitally advanced democracies: cyber defense is not just about hardening systems, but building the relationships, institutions and resilience needed to keep a society functioning under pressure.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Biothreats

WHO chief reports 5 Ebola recoveries as a new treatment center opens in eastern Congo

Five patients have recovered from a rare type of Ebola virus, the head of the World Health Organization said Sunday during a visit to Bunia in eastern Congo, a city at the heart of an outbreak. “Four people will be discharged today and there was one that was discharged the day before yesterday,” WHO Director-General Tedros Adhanom Ghebreyesus said during the opening of a new Ebola treatment center in Bunia, the capital of Ituri province. “Of course, we’re still working on vaccines and treatments but that doesn’t mean that people cannot recover from Ebola,” he added. The WHO said Friday a patient had recovered from the Bundibugyo virus, the current species of Ebola, which has no approved treatment or vaccine. It was the first documented recovery of a confirmed Bundibugyo patient during the current outbreak. (APNEWS.COM)

LISTEN: A new Ebola outbreak has killed hundreds — and the U.S. response is alarming experts (SCIENTIFICAMERICAN.COM)

Cybercrime

Man sent to prison for selling data of 7 millions elderly Americans

A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. 57-year-old Troy Murray (who used the Steve Dixon pseudonym) pleaded guilty in January 2026 to one count of conspiracy to commit wire fraud and was sentenced Thursday to 121 months in prison, three years of supervised release, and ordered to forfeit $5,2 million. Prosecutors said that Murray’s alias was so widely known among Jamaican scammers that it was referenced in a 2022 song lyric by a Jamaican musical artist. (BLEEPINGCOMPUTER.COM)

Leaks

SpeedX data leak exposes more than 840 million customer and driver records

SpeedX, a U.S.-based last-mile delivery company, exposed more than 840 million customer and driver records through an unsecured Microsoft Azure storage bucket, revealing names, home addresses, shipping labels, parcel delivery photos, and driver identification documents in one of the largest known delivery-related data exposures to date. The exposed data was discovered in March 2026 and included extensive operational records tied to parcel deliveries across the United States. The files contained customer delivery information, images confirming package drop-offs at residential properties, shipment tracking documentation, and sensitive driver-related records. (TEISS.CO.UK

Phishing

Hackers target Signal users to steal backups in new attack wave

Hackers are abusing Signal’s in‑app messaging to trick users into giving up their backup recovery keys, allowing attackers to unlock years of supposedly private conversations in a new phishing wave. The campaign uses messages that appear to come from “Signal Support” and warn of imminent data loss. However, they are fraudulent and designed to steal victims’ encrypted chat backups. Victims receive a direct message from an account named “Signal Support,” marked with a “Name not verified” warning and generic safety tips inside the app. (GBHACKERS.COM)

Recovery

How St. Paul, Minn., recovered from a ransomware attack

When ransomware struck St. Paul, Minn., last July, Chief Information Officer Jaime Wascalus turned to the city’s Emergency Management Department as IT teams began shutting down portions of the network. The response moved beyond City Hall, with a recovery effort that included Minnesota Information Technology Services (MNIT), federal and state investigators, private-sector cybersecurity specialists, and the Minnesota National Guard. Since the attack, officials have spoken to legislators, at conferences and at symposia, sharing their story in the hopes it can help other governments improve cybersecurity preparedness and response. (GOVTECH.COM)

Supply chain

27,000-download Codex UI tool secretly stole OpenAI refresh tokens

A popular software tool used by thousands of mobile developers has been found stealing authentication tokens. On May 27, Aikido Security shared research with Hackread.com about a malicious npm package called codexui-android. For context, it is a highly popular remote web user interface for OpenAI Codex, an artificial intelligence (AI) model that writes code, gathering roughly 27,000 weekly downloads. Aikido Security’s researcher, Charlie Eriksen, discovered that this package ran a supply chain attack last month to steal user data. (HACKREAD.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

ChatGPhish vulnerability turns ChatGPT web summaries Into a phishing surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. “The chatgpt.com response renderer trusts Markdown links and Markdown image URLs that originated from a third-party page the assistant has just summarized. It auto-fetches those images and surfaces those links as live, clickable elements inside the trusted assistant UI,” security researcher Andi Ahmeti said in a report. (THEHACKERNEWS.COM)

Meta AI vulnerability allegedly enables Instagram password resets

Instagram is facing scrutiny after a critical vulnerability in its Meta AI-powered support system allegedly allowed attackers to take over user accounts by abusing the password recovery process. The tool, designed to help users regain access to locked accounts, could be tricked into sending password reset codes to unauthorized individuals without proper identity verification. The vulnerability did not involve a direct breach of Meta’s infrastructure. Instead, it existed within the AI assistant’s logic. Attackers reportedly initiated conversations with the chatbot and crafted prompts that convinced it to forward password reset links or codes. (GBHACKERS.COM)

Attackers use LLM agent for post-exploitation after Marimo CVE-2026-39987 exploit

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. “The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised host, replayed them through a fanned-out egress pool to retrieve an SSH private key from AWS Secrets Manager, and used that key to drive eight short SSH sessions against a downstream SSH bastion server,” Sysdig said. (THEHACKERNEWS.COM)

Cloud

With complex cloud integrations, small errors lead to major compromises

Low-code cloud services that allow users to create and run their own sandboxed code could be compromised by multistep exploit chains, leading to a complete platform takeover, if software-as-a-service (SaaS) providers haven’t properly sandboxed their environments, managed the roles and permissions of non-human identities, and inadvertently exposed secrets in code artifacts. Such a compromise almost happened to low-code automation service Zapier. Using a handful of steps that exploited the company’s platform, researchers with agentic-identity security firm Token Security discovered they could reconnoiter Zapier’s sandboxed environment, discover credentials, and move laterally to pull the company’s private repositories, and potentially could have published malicious code, researchers stated in an analysis published May 28. (DARKREADING.COM)

Emergency services

‘Holding our breath’: Hurricane season is here, and FEMA is shorthanded

The Trump administration is approaching hurricane season with the smallest disaster workforce since 2021, a huge backlog of state aid requests and 15 vacancies in top emergency management jobs. President Donald Trump’s cuts to agencies that help with everything from clearing roads to finding emergency lodging are raising fears that a catastrophic hurricane could overwhelm the government’s ability to help desperate people and demolished communities. Overall, that could mean the U.S. is less prepared for this hurricane season, beginning Monday, than it was at the start of last year’s unusually quiet summer and fall, said several emergency managers. (EENEWS.NET)

2026 Atlantic hurricane season has started: 3 things you should know

it only takes one hurricane to make it feel like an active season to you. Ask anyone in Miami in 1992 or Houston in 1983. “Below average” does not mean “safe.” Water temperatures are warming in the Pacific, and that will have an impact this hurricane season on anyone from the Southeast to the Caribbean, and even into the Southwest. (WEATHER.COM)

Vulnerabilities

Exploit code published for critical Flowise RCE vulnerability

Obsidian Security has released technical information and proof-of-concept (PoC) code targeting a remote code execution (RCE) vulnerability in Flowise. The issue, tracked as CVE-2026-40933 (CVSS score of 9.9), was disclosed in April along with several other security defects impacting AI ecosystems that rely on Anthropic’s MCP protocol. Flowise, a popular open source platform that provides developers with a drag-and-drop interface for building LLM flows and AI agents, and which has over 52,000 GitHub stars, was flagged as one of the impacted products. (SECURITYWEEK.COM)

Palo Alto Networks PAN-OS authentication vulnerability bypass exploited in the wild

Palo Alto Networks authentication bypass vulnerability, CVE-2026-0257, affecting PAN-OS and Prisma Access, is now being actively exploited in the wild, with CISA adding it to the Known Exploited Vulnerabilities (KEV) catalog on May 29, 2026. Palo Alto Networks published its security advisory on May 13, 2026, warning that CVE-2026-0257 enables a remote unauthenticated attacker to forge authentication override cookies and establish unauthorized VPN connections through the GlobalProtect gateway. (CYBERSECURITYNEWS.COM)

New CIFSwitch Linux flaw gives root on multiple distributions

A newly discovered local privilege escalation vulnerability dubbed ‘CIFSwitch’ in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel’s key request mechanism, and gain root privileges. The issue impacts multiple Linux distributions that ship vulnerable combinations of the kernel CIFS and cifs-utils (versions 6.14 and higher, although some older variants are also affected). CIFS (Common Internet File System) is a networking protocol that allows access to files, folders, and devices across a local network. Linux uses it to mount, read, and write data from remote systems. (BLEEPINGCOMPUTER.COM)

ADVERSARIES

China

Europe braces for China shock 2.0

OPINION: Chatter in Brussels about an ominous “China shock 2.0” is increasing. In late May, five EU member states circulated a joint “non-paper” calling for stricter protection against “unfair trade practices”, and now all 27 members are debating their China posture at the highest level. A string of reports published in the first half of 2026 adds to the anxiety. The hard numbers are a warning that European industry risks being, in the words of a recent report by France’s strategy commission, flattened by a “steamroller” of cheap Chinese exports targeting the highly advanced manufacturing sectors that fuel the European economy. (GMFUS.ORG)

Trump shouldn’t give China a veto on Taiwan arms sales

OPINION: At stake is far more than the fate of the nearly $14 billion arms sale under consideration. Providing Taiwan with asymmetric weaponry to raise the cost of a Chinese blockade or invasion advances peace and stability by deterring aggression. That deterrence, when coupled with pledges that the United States does not support Taiwan independence and would accept any peaceful resolution of cross-Strait differences that obtains the consent of the Taiwanese people, has kept the peace for decades. The alternative to this approach is to risk a conflict that could cost more than ten percent of global GDP and close the door on American leadership in artificial intelligence, since nearly all AI chips are produced in Taiwan. (CFR.ORG)

Iran

Iran hackers claim hit on Holocaust survivors

Iran hackers who have struck and threatened various infrastructure sectors claimed Sunday to have “completely breached” the largest Israeli nonprofit providing care and support services to elderly Holocaust survivors. In the claim posted on their Telegram and X accounts, the Handala hacking group posted several images of documents including Hebrew-language forms and scans of identification cards that they said were among more than a terabyte of data allegedly swiped from the “National Center for Holocaust Victims’ Support,” while citing and linking to the k-shoa.org site for The Foundation for the Welfare of Holocaust Victims. (THREATBEAT.COM)

Iran-linked hackers wipe IT and recovery systems in Middle East cyberattack

Iran-linked hackers have launched a destructive cyber campaign that wipes IT, backup, and recovery systems at multiple organizations in the Middle East and beyond, severely undermining victims’ ability to restore operations after an attack. Evidence ties the operation to the long-running Iranian threat group Black Shadow, believed to work on behalf of Iran’s Ministry of Intelligence and Security. Threat intelligence analysis shows the campaign, dubbed “Ababil of Minab,” targets organizations in the United States, Israel, Saudi Arabia, Turkey, and other Middle Eastern countries. (GBHACKERS.COM)

Russia

Botnet of more than 17 million devices dismantled

Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center. The action, announced Thursday, came about after a security researcher reported the sprawling network to authorities. The host infrastructure was located in the Netherlands. “The police then seized several botnet servers from a hosting provider for investigation,” the NCSC said. “The botnet was taken offline by the provider because it was used for criminal purposes.” According to a report Thursday by the NL Times, the botnet was linked to ASOCKS, a Russia-based company that provides residential proxy services. (ARSTECHNICA.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

AI investment reshapes U.S. import patterns

In the last few years, the U.S. economy has faced several important transitions. Most notably, the Trump administration has implemented substantial tariffs intended to foster a more equitable trading flows and incentivize U.S. manufacturing. These measures followed a national emergency declaration aimed at strengthening economic security, with the president citing the need to address long-standing trade imbalances to support domestic job and wage growth. Tariffs on commodities such as steel, aluminum, and automobile parts were imposed under Section 232 of the Trade Expansion Act of 1962, tariffs on China and other countries’ unfair trade practices were imposed under Section 301 of the Trade Act of 1974, and reciprocal and fentanyl-related tariffs were imposed under the International Emergency Economic Powers Act. However, after the U.S. Supreme Court ruled that the reciprocal and fentanyl-related tariffs enacted in April 2025 were unconstitutional, the administration removed those tariffs and replaced them with a 10% tariff based on Section 122 of the Trade Act of 1974. (BAKERINSTITUTE.ORG)

Data centers

Ohio data center tax break suspended amid battle over paying cost for AI power

Ohio Gov. Mike DeWine (R) suspended the state’s tax exemption for new data centers, which has drawn developers of the power facilities to the Buckeye State amid the boom of artificial intelligence. DeWine, in an announcement Wednesday, said he directed the chair of the Ohio Tax Credit Authority to temporarily halt consideration of new data center tax exemption requests while the Ohio General Assembly “studies the growth” of data centers in the state. Ohio joins a handful of other states considering changes to tax breaks on data centers as technology companies are increasingly asked to bear the costs of the large-scale facilities. (THEHILL.COM)

Utah governor outlines data center policy framework

Utah Gov. Spencer Cox signed an executive order Friday that seeks to assuage concern that large data center projects could take water from the Great Salt Lake and drive up utility bills. “Utahns deserve confidence that water resources, air quality, utility rates, wildlife, and quality of life will be protected,” the Republican governor said in a post on X. “This framework helps ensure that data center development aligns with Utah’s long-term interests and reflects Utah values.“ The executive order directs agencies to adhere to a broad policy framework that promotes job growth in rural areas, keeps utility bills down and ensures water consumption from the Great Salt Lake doesn’t increase. The Great Salt Lake and its ecosystem are suffering from rapidly declining water levels. It’s considered among the world’s most endangered large water bodies. (EENEWS.NET)

Defense

As the Pentagon pushes for battlefield AI, some military leaders urge caution

The Trump administration is pushing to unleash the power of artificial intelligence for the U.S. military while facing calls to put up guardrails around the rapidly developing technology from some companies — and even notes of caution from top leaders in uniform. Adm. Frank Bradley, head of U.S. Special Operations Command, told attendees of a recent annual special forces conference in Tampa, Florida, that troops “have to be very careful about how we come to (AI’s) employment and its inspiration into the delivery of lethality.” Bradley said he can see a future where AI determines what targets to hit but that “we, as humans, have to have the confidence that … it’s going to deliver violence only where we intend it to be delivered.” (APNEWS.COM)

Army asks its vendors to ‘jailbreak’ their own systems

For years, Army officials have complained that integrating the service’s various pieces of technology together is much more difficult than it should be, forcing soldiers to be their own integrators once they and their equipment reaches the battlefield. But over the last several weeks, the service has been testing an approach the service hopes will radically change that paradigm, urging vendors to “jailbreak” their own technology platforms in ways that create new interfaces between them — or opens up existing ones that the Army hasn’t been using. (FEDERALNEWSNETWORK.COM)

Army’s new data operations center may stay ‘lean’ on people, expecting automation to help pick up growing workload

The Army Data Operations Center — a new, centralized hub to help the service manage data flows — will employ minimal human staffing and require automation to keep up with growing force-wide demands, officials anticipate, key factors that may determine the organization’s future. The service launched the ADOC in April in response to changes on the modern battlefield and frustrations from data teams across the Army that were struggling to connect disparate military systems. ADOC is housed under Army Cyber Command, a higher echelon meant to help fill a “gap” between the service’s operational units and the data connectivity issues they face. (DEFENSESCOOP.COM)

GAO: DoD should assess lessons learned to better understand reduction impacts

Civilian employees at DOD perform a variety of roles to support the military’s mission. Before reducing its civilian workforce, DOD is legally required to analyze potential impacts, such as on workload and costs. In 2025, DOD reduced its civilian workforce by about 10% — over 78,000 employees — including by encouraging voluntary resignations and reducing hiring. But we found that DOD didn’t consistently analyze the impacts of these reductions, either in 2025 or in prior years. DOD also doesn’t have a plan to assess lessons learned from its 2025 workforce reductions. GAO recommended that DOD assess lessons learned. (GAO.GOV)

How America lost its most important defense tech habit

OPINION: On April 15, technology podcaster Dwarkesh Patel published a two-hour interview with Nvidia CEO Jensen Huang. For roughly forty minutes, Patel asked one question six different ways. The question was this: If American-made compute trains AI models with the serious cyber-offensive capabilities Anthropic’s Mythos Preview demonstrated — and that compute is sold to a strategic adversary — what responsibility does the seller bear? Huang’s answers hovered a safe distance away from the question. AI is a “five-layer cake,” he told Patel, and ceding any layer to China would be industrial suicide. The Chinese, he argued, already have enough compute to do whatever they intend to do, so marginal sales do not change the strategic balance. By the end, Patel was visibly worn down. Huang accused him of arguing from extremes and of thinking in absolutes. (WARONTHEROCKS.COM)

Drones

A wake-up call on the Danube

OPINION: The midnight drone strike in the Romanian city of Galați was a rude awakening. Russia has been flying drones over Romanian airspace in the past, but Bucharest’s approach had been to de-escalate and monitor the situation. The May 29 attack, which left several civilians wounded, forces discussions on multiple dimensions that the country was postponing. First, for years, Bucharest did not treat the instances of drones crossing its border as deliberate attacks. This was a calculated choice. By calling them spillover, Romania avoided having to respond as if it had been attacked, and denied Moscow a pretext to claim that NATO was a co-belligerent alongside Ukraine. (GMFUS.ORG)

Fences not F-35s: Drone attacks and the illogic of Gulf procurement

OPINION: One of the most effective counter-drone systems in the largest drone war in history between Ukraine and Russia is a German anti-aircraft gun designed during the Cold War. The Gepard — a self-propelled 35 mm cannon that first entered service in 1976 — has earned recognition from Ukrainian military experts as the most effective weapon against Shahed-type drones, at a cost of a few thousand dollars per engagement. Meanwhile, one of the more novel counter-drone technologies amounts to a sharpened prong mounted on another drone that lances its target mid-flight — a 12th-century solution to a 21st-century problem. Then there is the 2026 Iran war, where the wealthiest states in the Middle East have spent tens of billions of dollars on layered Patriot, Terminal High Altitude Area Defense (THAAD), and related architectures over the past decade but are running out of ammunition for those systems, fast. (WARONTHEROCKS.COM)

Influence ops

How anonymous Wikipedia editors influence global narratives — and AI systems

OPINION: Wikipedia, the fifth-most-visited website in the world, is written by anonymous volunteers. Anyone with an internet connection can edit nearly any article, and editors are under no obligation to disclose their real identity. The platform’s paid-editing rules require editors who are compensated by clients to declare it on their user page, but enforcement depends entirely on volunteer detection. Articles on contentious topics, like the Israel-Palestine conflict, can be placed under so-called “Extended Confirmed Protection,” restricting edits to established accounts. But within those restrictions, the system runs on the assumption of good faith. Once an account passes the threshold for tenure, it can shape any article it chooses, in any direction, behind whatever username it likes. (THE CIPHER BRIEF VIA FDD.ORG)

Regulations

CISA town halls set final stage for CIRCIA debate

The U.S. cyber defense agency is set to host a series of town halls in mid-June that will serve as industry’s last and potentially most consequential opportunity to shape federal cyber incident reporting requirements before regulators move toward a final rule. The meetings come as the Cybersecurity and Infrastructure Security Agency works to finalize regulations implementing the Cyber Incident Reporting for Critical Infrastructure Act. The 2022 law requires certain critical infrastructure operators to report significant cyber incidents ransomware payments to the federal government. The town halls will help determine which entities fall under the reporting regime and which incidents must be disclosed. (GOVINFOSECURITY.COM)

Space

SPACECOM exploring tech for future offensive cislunar ops, chief scientist says

Developing capabilities for operations in cislunar space, including offensive space control, is among the top new science and technology (S&T) priorities for US Space Command (SPACECOM), according to the command’s top scientist. David Denhard, SPACECOM’s chief scientist and technical advisor, told the State of the Space Industrial Base (SSIB) conference in New Mexico on Thursday that operations beyond geosynchronous Earth orbit (xGEO) are on the command’s “what’s hot for tomorrow” list of S&T activities he approved earlier this month. “Cislunar and xGEO is important to us,” Denhard said. (BREAKINGDEFENSE.COM)

Workforce

Many fired probationary employees have not ‘moved on,’ survey shows

More than a year after some 25,000 probationary federal employees were fired under the Trump administration, a new survey is pushing back against the sentiment that those individuals have since “moved on.” In September 2025, U.S. District Court Judge William Alsup ruled that the Office of Personnel Management had unlawfully directed agencies to fire probationary federal employees en masse. Although he ordered agencies to revise employment records to reflect that employees were not removed for “performance,” the ruling did not call for the reinstatement of probationary employees. (FEDERALNEWSNETWORK.COM)

Zero trust

NSA launches zero trust implementation guidelines resource webpage

The National Security Agency (NSA) launched the Zero Trust Implementation Guides (ZIG) webpage to provide consumable, interactive access to Zero Trust (ZT) resources — such as implementation, technical guidance, and associated technologies — for enhancing enterprise cybersecurity posture. The page provides centralized access to previously released guidance, including the Primer, Discovery, Phase One, and Phase Two ZIGs. It will be updated with future Phases as part of NSA’s core cybersecurity missions, which include its responsibilities to identify and disseminate threats, and to develop and issue cybersecurity specifications and mitigations for National Security Systems, Department of War information systems, and the Defense Industrial Base. (NSA.GOV)

LEGISLATIVE UPDATES

House panel poised to hold hearing centered on AI impact on cyber

House subcommittee will hold an open hearing next week on how frontier artificial intelligence models are shaping the cybersecurity landscape, for good and for ill. The June 4 hearing will be the second the Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection has held that was focused at least in part on the subject, following a similar hearing held in December. But unlike at that joint subcommittee hearing, where members also examined other emerging technologies, AI takes center stage next week. It caps a series of closed-door meetings of the Homeland panel where members and staff have been evaluating the intersection of AI and cyber. (CYBERSCOOP.COM)

Rep. Burlison presses MITRE to produce UAP records

Rep. Eric Burlison (R-Mo.) is pressing the MITRE Corp. to identify and produce records related to unidentified anomalous phenomena (UAP), arguing that the federally funded research organization (FFRDC) may possess government-funded data, technical materials, or contract deliverables relevant to ongoing congressional investigations. In a 10-page letter sent on May 22, Burlison – a member of the House Committee on Oversight and Government Reform’s Task Force on the Declassification of Federal Secrets – directed MITRE to search for and preserve records tied to UAPs, unexplained aerospace or undersea events, technologies of unknown origin, and alleged crash-retrieval or reverse-engineering programs. (MERITALK.COM)

COMMITTEE ACTIVITY

NOMINATIONS: The Senate Intelligence Committee will hold a June 2 hearing on the nomination of Dr. Roger Mason to be director of the National Reconnaissance Office and Michael Vance to be assistant secretary of State for intelligence and research. 

BUDGET: The Senate Appropriations Subcommittee on Homeland Security will hold a June 2 hearing to review the Fiscal Year 2027 Budget Request for DHS.

INDUSTRIAL BASE: The House Small Business Committee will hold a June 3 hearing on restoring the industrial base and the role of small businesses in national security.

BUDGET: The House Homeland Security Committee will hold a June 3 hearing to review the Fiscal Year 2027 Budget Request for DHS.

DATA SECURITY: The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade will hold a June 3 hearing examining legislation to establish a federal comprehensive privacy and data security law.

EDUCATION: The House Education and Workforce Subcommittee on Higher Education and Workforce Development will hold a June 3 hearing on higher education in the age of AI.

AI SECURITY: The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a June 4 hearing on how frontier models, agentic AI and AI coding tools are reshaping cybersecurity and critical infrastructure resilience.

PNT: The House Energy and Commerce Subcommittee on Communications and Technology will hold a June 4 hearing examining positioning, navigation and timing capabilities in the United States.

CHINA: The House Foreign Affairs East Asia and Pacific Subcommittee will hold a June 4 hearing on China’s role in the fentanyl crisis.

ALERTS AND ADVISORIES

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability. This type of vulnerability is a frequent attack vectors for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

AL26-013 Security incident impacting GitHub internal repositories

On May 18, 2026, GitHub detected unauthorized access to its internal systems originating from a compromised employee device. The intrusion was facilitated by a maliciously modified version of the Nx Console Visual Studio Code extension (version 18.95.0). The attacker successfully exfiltrated approximately 3,800 internal GitHub repositories, containing proprietary source code and internal configuration data. GitHub Enterprise Server customers are advised to follow vendors recommendations. No action is required for GitHub Enterprise Cloud clients. (CYBER.GC.CA)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

WINNING THE AI ERA: On June 1, the Atlantic Council will launch the flagship report of the Atlantic Council Commission on Artificial Intelligence and U.S. competitiveness, a GeoTech Center initiative. This event will unveil the commission’s findings and recommendations, bringing together government leaders, industry executives, and policy experts for a timely discussion on how the United States can secure its AI advantage.

SOCIAL MEDIA: On June 2, The Hamilton Project at the Brookings Institution will host a virtual event exploring the costs of social media, including overuse driven by addiction and “fear of missing out” (FOMO). The event will feature a fireside chat with Dr. Vivek Murthy (19th and 21st surgeon general of the United States) and Cecilia Kang (The New York Times). It will also include a panel discussion with Benjamin Handel (University of California, Berkeley) and Lena Song (University of Illinois Urbana-Champaign), moderated by Bradley Hardy (Georgetown University). In conjunction with the event, The Hamilton Project will release two publications discussing the findings and policy implications of recent economic research on product market traps in social media and on digital addiction.

AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?

CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.

DEFENSE: On June 3 the Indo-Pacific Security Initiative (IPSI) and the Transatlantic Security Initiative (TSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security will host a seminar on upgrading transregional defense partnerships. This event is part of IPSI’s Cross-Strait and Beyond Seminar Series, which informs the public debate on key issues for Taiwan and the United States, held in partnership with the Taipei Economic and Cultural Representative Office in the United States.

DATA CENTERS: Join the CSIS Economic Security and Technology Department’s Matt Pearl, Aalok Mehta, Joseph Majkut, and Philip Luck on June 4 for a discussion on the rapid expansion of data centers and what it means for the future of AI, energy, and U.S. competitiveness. As artificial intelligence accelerates demand for compute power, data centers have emerged as a critical piece of strategic infrastructure shaping electricity demand, industrial policy, environmental debates, and global technology competition.

BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.

MARITIME: The Stephenson Ocean Security Project highlights the ways that global security challenges arise from marine resource competition and works towards solutions that support sustainable development, coalition building, and the need for American leadership. This year’s forum on June 9 will discuss the escalating pressure facing global maritime governance from a variety of crisis points and how this pressure is affecting shared governance of the maritime commonwealth and our ability to grapple with common challenges including marine resource management, illegal fishing, supply chain transparency, and human rights at sea. This year’s forum is co-hosted in partnership with the CSIS Human Rights Initiative.

AI ECONOMY: How can AI be deployed effectively to enhance economic mobility and ensure the benefits of AI systems are reaped widely? On June 10, the Brookings Center on Regulation and Markets will host a fireside chat with Neil Thompson, director of the FutureTech project at MIT, to explore the intersection of AI and economic mobility. 

DIB: Join Hudson Institute for a June 11 fireside chat between Hudson Senior Fellow Nadia Schadlow and Deputy Assistant Secretary for Industrial Base Growth and Director of the Office of Small Business Programs James Mismash. The discussion will explore current efforts to strengthen the defense industrial base, expand industrial capacity, and foster greater participation and competition across the national security ecosystem.

SECURITY POLICY: From AI and drone warfare to global alliances and economic security, America and its allies need “New Rules” to compete, deter, and win in the 21st century. Join leading voices in national security for an exclusive, all-day Center for a New American Security conference on June 11 at the forefront of today’s most consequential issues — from AI and cybersecurity to the latest developments in Iran, economic statecraft, and America’s strategic readiness across the world.

NORTH KOREA: On June 12 join the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security for the launch of Nonresident Senior Fellow Jieun Baek’s latest book, “Privileged but Powerless.” Baek’s second book on North Korea draws on hundreds of hours of rigorous fieldwork and interviews with defectors to examine a surprising yet critical vector of regime instability. In a fireside chat, Baek will discuss how North Korea’s system of privilege and control shapes elite insecurity at the highest levels of the regime.

DIB: Join CNAS on June 16 for a fireside conversation with DoD’s Michael Cadenazzi examining the challenges and priorities shaping U.S. munitions production and defense industrial base policy. This event will examine how policymakers, industry partners, and acquisition officials can work together to build the surge capacity the United States needs, in a focused conversation on the future of U.S. munitions production and defense industrial base policy.

NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.

NUCLEAR: For the first time, the United States is preparing to deter two nuclear adversaries­­­, Russia and China. In today’s post-New START environment, U.S. adversaries remain committed to weakening American resolve and undermining Washington’s commitment to its allies. Join Hudson Senior Fellow and Keystone Defense Initiative Director Dr. Rebeccah Heinrichs and Administrator of the National Nuclear Security Administration Brandon Williams for a June 18 discussion on the administration’s priorities in strengthening the U.S. nuclear enterprise.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!