Cyber Briefing – June 11, 2026

NEW CISA DIRECTIVE ON VULNERABILITES PRIORITIZATION: The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 26-04: Prioritizing Security Updates Based on Risk that directs federal civilian agencies to assess and align their vulnerability management policies to reduce cybersecurity risk across four criteria: asset exposure, known exploited vulnerabilities (KEV) status, exploit automation and post-exploitation technical impact. The directive consolidates, clarifies and updates the urgency of vulnerability remediation, focuses agencies patching efforts on the highest risk and enhances efficiency for federal civilian agencies, CISA said.

• The directive reflects growing recognition that patching based primarily on severity scores is no longer sufficient in an AI-driven environment where defenders face more vulnerabilities than they can realistically remediate at once, CSO reports. During a media briefing announcing the directive, Chris Butera, acting executive assistant director for cybersecurity at CISA, described the initiative as the culmination of more than a decade of lessons learned from federal vulnerability management programs, adversary activity, and the agency’s growing understanding of AI’s impact on cyber operations. “Prioritizing IT and security operations attention on the most at-risk assets is particularly important now given advancements in artificial intelligence, which allow threat actors to find and exploit vulnerabilities in these assets,” Butera said. “Defenders cannot afford to take weeks to patch systems that can be autonomously exploited en masse.”

• Senate Intelligence Committee Vice Chairman Mark Warner (D-Va.) has new legislation requiring CISA to update cybersecurity plans for each of the nation’s 16 critical infrastructure sectors, citing concerns that fast-evolving artificial intelligence tools will accelerate threats to essential services, Nextgov/FCW reports. The Combat Emerging Threats to Critical Infrastructure Act would direct CISA to work with federal sector risk management agencies to update sector-specific plans within one year of enactment. It would also require CISA to reassess those plans every two years, issue revised versions and send copies to Congress after completion.

CHINA’S THUMB ON THE DATA CENTER DEBATE?: China was likely behind an online influence operation to sway U.S. perceptions of artificial intelligence technology and reshape the debate in Washington around the infrastructure needed to support it, according to research from OpenAI published Wednesday, POLITICO reports. OpenAI said it caught the influence campaign because China-backed operatives were using ChatGPT to create content for the social media campaign. The report’s findings are likely to further fuel claims made by Republicans and others pro-AI voices that foreign entities have tried to meddle in the debate over AI data centers, which has become a policy flashpoint heading into the midterms. Still, OpenAI said it has not seen evidence that the campaigns succeeded in influencing public opinion on a widespread scale, according to Ben Nimmo, principal investigator of intelligence and investigations at OpenAI.

• The FBI and Justice Department seized 13 websites allegedly used by Chinese intelligence operatives to target current and former U.S. officials and military personnel with access to classified government information, Nextgov/FCW reports. In a press release, the DOJ said the domains were designed to look like legitimate consulting firms and were used to advertise vague, well-paid consulting roles aimed at security clearance holders. The campaign, which allegedly began in November 2023, sought to entice Americans into producing research reports or sharing insider information on topics of interest to the Chinese government, according to court documents.

LOOKING FOR MYTHOS GUIDANCE: Several senior federal technology officials responsible for agency cybersecurity and IT systems are frustrated by the lack of White House guidance on adopting Anthropic’s powerful Mythos model, several sources told Nextgov/FCW. Agency chief information officers, or CIOs, manage swaths of digital infrastructure that supports government operations and are facing renewed pressure to better defend agency networks as officials assess how powerful AI systems could help hackers find and exploit vulnerabilities faster. Anthropic surgically rolled out Mythos access to select organizations in early April and recently expanded this effort — dubbed Project Glasswing — to partners in industry and other nations. The model has been going through a non-public distribution process on grounds that, in the wrong hands, it can significantly boost adversaries’ hacking capabilities.

• Major artificial intelligence labs are done waiting on Washington to pass a national standard for AI, turning to state bills to carve out their own policy lines while Congress tries to catch up, The Hill reports. Most AI labs support a national safety framework for AI that would eliminate the patchwork of state regulations, but they are also realistic about Washington’s slow timeline and states’ hunger to jump on the issue. While some firms are still set on fighting all state regulations, others like OpenAI and Anthropic are using them to their advantage to stake out their policy positions and inspire similar language at the federal level. 

HOW HACKERS COULD DISRUPT DATA CENTERS: Researchers at cyber-physical systems security firm Claroty have uncovered multiple vulnerabilities in two widely deployed HVAC and UPS products used in data centers, demonstrating how attackers could exploit them to launch disruptive remote attacks, Security Week reports. The researchers targeted network cards designed to provide a network interface for uninterruptible power supply devices made by Vertiv. “UPSs are heavily used in data centers to maintain operations in the event of a power outage; they also protect systems from power spikes and drops, and enable safe shutdowns,” Claroty noted.

• New research from CYFIRMA identified that energy and utilities organizations remain firmly in the sights of nation-state cyber actors, Industrial Cyber reports. Data revealed that the sector appeared in 66.6% of all observed APT (advanced persistent threat) campaigns over the last three months, making it one of the most heavily targeted industries by state-linked groups. This comes as monthly activity remains uneven, with quieter periods punctuated by spikes in campaign activity. Despite this volatility, the energy and utilities sector has consistently appeared in approximately 35% of observed APT campaigns over the past six months, indicating sustained long-term interest from threat actors.

CYBER MASTERS’ NEW CASH: The Pentagon announced the “Cyber Mastery Incentive Pay” (C-MIP) program on Wednesday, an initiative defense officials described as an effort to attract and develop talented cyber operators through monetary compensation, DefenseScoop reports. C-MIP will go into effect Oct. 1, according to the announcement. Officials billed it as part of the Defense Department’s Cybercom 2.0 initiative, an effort meant to modernize the way the military recruits, assesses, trains and retains a digital force. While money isn’t the only reason people join the cyber community, the new program wades into an enduring challenge for the military, which is competing against lucrative private- sector jobs and wrestling with how to grow a skilled cyber workforce in the face of rapidly evolving digital threats.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

A new executive order on artificial intelligence and cybersecurity sends a clear signal: Advanced AI now sits at the center of how the United States thinks about cyber defense, national security, critical infrastructure resilience and strategic competition. In this episode of Cyber Focus, Frank Cilluffo sits down with Daniel Kroese, vice president of global policy at Palo Alto Networks and a senior fellow at the McCrary Institute, to unpack what the order means in practice. Kroese argues that the most important signal is the administration’s effort to bring government, industry and critical infrastructure operators together quickly — not simply to study AI risk, but to operationalize AI-enabled defense while preserving the innovation advantage that gives the United States its head start.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Agriculture

DARPA aiding America’s fight against flesh-eating screwworm invasion

The Defense Advanced Research Projects Agency is actively involved in the U.S. government’s fight to stop the resurgence of the flesh-eating, New World Screwworm parasite infecting pets and livestock in at least two Southwest states. “Invasive species are a national resilience challenge with significant economic and food supply implications, which DARPA recognizes as a national security risk,” Catherine Campbell, program manager in the agency’s Biological Technologies Office, told DefenseScoop. Campbell’s portfolio at DARPA includes the nascent Genetic Utilization for Advanced Regulation and Defense of Indigenous and Native Species — or GUARDIAN — program. (DEFENSESCOOP.COM)

Cyberattack shuts down major Australian sugar mills, disrupting harvest

A cyberattack has disrupted sugar production in one of Australia’s largest cane-growing regions, forcing two major sugar mills to shut down and bringing harvesting operations to a halt. Mackay Sugar, Australia’s second-largest sugar producer, said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate the attack and restore its systems safely. The incident forced the shutdown of the company’s Farleigh and Racecourse mills in Queensland’s Mackay region, prompting growers to immediately stop harvesting sugarcane until further notice, according to local media reports. (THERECORD.MEDIA)

Biometrics

Man sues Florida cops over arrest spurred by ’93% match’ in facial recognition

A man suing Florida police alleges that cops relied on a faulty facial recognition match and concealed exculpatory evidence when they arrested him on a charge of attempting to lure a child in August 2024. The plaintiff, Robert Dillon, was arrested after a facial recognition system flagged him as a 93 percent match to a suspect filmed by a McDonald’s surveillance camera. “This case is about what happens when police let an error-prone artificial intelligence system stand in for an investigation,” said the lawsuit. (ARSTECHNICA.COM)

Breaches

Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks

Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. PeopleSoft is an enterprise business software suite used by large organizations to manage business operations such as human resources, payroll, finance, supply chain management, procurement, and student administration. Yesterday, BleepingComputer learned of widespread data theft attacks targeting both cloud and on-premises Oracle PeopleSoft customer instances.These customers were receiving extortion demands that were signed by the ShinyHunters extortion gang. (BLEEPINGCOMPUTER.COM)

South Korea fines Coupang $410 million over data-law breaches

South Korean authorities have fined Coupang around $410 million after one of the country’s worst data-breach cases. Seoul’s Personal Information Protection Commission said Thursday it had imposed a fine of 624.68 billion won, equivalent to $410.1 million, on the U.S.-listed Korean e-commerce company. The fine included a 423.5 billion won penalty for data-breach violations and a 201.1 billion won penalty for unlawfully collecting data on Coupang users’ online activities across other websites. The personal-data leak last year affected 37.6 million people — more than 70% of the country’s total population, according to the commission. (WSJ.COM)

Cybercrime

Nearly 1 in 10 drug suspects used virtual assets

A growing share of suspects in South Korea are using virtual assets to buy and sell drugs, police data showed Thursday, adding to concerns that online tools are making transactions harder to trace. Virtual assets were used by 9.2 percent of suspects in drug crimes reported from January to April this year, up from 8.4 percent in 2025, according to National Police Agency data submitted to Rep. Park Soo-min of the main opposition People Power Party. Police tallied the share of drug suspects who used either virtual assets or the dark web from 2021 to 2024, before switching to a separate tally for virtual assets in 2025. (KOREAHERALD.COM)

Education

University of Nottingham confirms breach after hackers leak data

The University of Nottingham in the UK has confirmed suffering a data breach after the notorious ShinyHunters hacker collective leaked files stolen from the university’s systems. The University of Nottingham is a major research university in the UK, ranked among the world’s top 100 institutions and home to more than 35,000 students on its UK campuses, plus thousands more at its international branches in China and Malaysia. The ShinyHunters group listed the organization on its leak website and published gigabytes of files allegedly stolen from its systems. The hackers claimed to have obtained financial information pertaining to all of the university’s campuses. (SECURITYWEEK.COM)

Malware scare keeps schoolkids home for a second day

Great Marlow School in Buckinghamshire, England, has entered its second day of a shutdown following “a suspected malware incident.” Only students sitting their GCSE and A-level exams – those in Years 11 and 13 – were permitted to attend on Wednesday, in line with their exam timetable, and the same goes for Thursday. Students in other years (Years 6-10 and Year 12) were told to stay at home and access what revision materials they can via Microsoft Teams as teachers are currently unable to set them any work. (THEREGISTER.COM)

Identity

Over a quarter of identity crime victims hit by multiple incidents, ITRC data shows

Identity crime experts have warned of “multi-layered crises” after revealing that many victims dealt with two or more incidents over the past year. The findings come from US non-profit the Identity Theft Resource Center (ITRC), which analyzed data from over 6000 reports submitted to it between April 1 2025 and March 31 2026. Its 2026 Trends in Identity Report revealed that nearly 26% of victims managed two or more concurrent identity crime incidents, up from 24% the previous year. ITRC chief operating and programs officer, Mona Terry, said that identity crimes are becoming increasingly complex. (INFOSECURITY-MAGAZINE.COM)

Social media

Fake software tutorials on TikTok spread Vidar stealer

Threat actors have been using short-form videos on TikTok and Instagram Reels to push the Vidar infostealer, disguising the attacks as tutorials for unlocking premium software for free. New analysis from ReversingLabs describes two campaigns that game the platforms’ recommendation algorithms to reach large audiences, both funneling viewers to sites peddling fake free software such as Spotify Premium. Vidar is a long-running infostealer sold as a service for a $300 lifetime license, harvesting credentials, financial data and authentication tokens. A refresh last October made it stealthier. (INFOSECURITY-MAGAZINE.COM)

Water

DC Water to start emergency repairs on Potomac Interceptor to protect local drinking water supply

D.C. Water plans to begin emergency rehabilitation work on a deteriorating section of the Potomac Interceptor sewer line in Potomac, Maryland, to protect drinking water intakes for WSSC Water and the Washington Aqueduct. In a release, D.C. Water said starting Monday, June 15, crews will begin repairing 1,700 linear feet of the sewer line at Muddy Branch near Pennyfield Lock — known as Lock 22 on the C&O Canal. “Inspections found structural deterioration, including significant corrosion and exposed rebar that requires immediate attention,” according to D.C. Water. (WTOP.COM)

Zero-days

Nightmare-Eclipse drops yet another Microsoft exploit, RoguePlanet

The zero-day “nightmare” apparently isn’t over for Microsoft, as a disgruntled researcher who’s been feuding with the company for the past three months has dropped yet another proof-of-concept (PoC) exploit for a purported zero-day flaw. For the second month in a row, that researcher — who goes by the online name “Nightmare-Eclipse” — released a zero-day exploit called RoguePlanet right after Microsoft released its raft of Patch Tuesday updates yesterday, which contained a record 206 CVEs. Some of those updates addressed previous several zero-day exploits published by Nightmare-Eclipse. (DARKREADING.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Companies are failing to keep up with AI’s identity sprawl, creating entry points for hackers

The rate of data breaches at companies that widely use AI tools is significantly higher than the rate at companies that don’t — 43% compared with 11% over the past 12 months — the identity security firm Netwrix said in a report published on Wednesday. AI tools such as agents significantly increase organizations’ “identity footprint,” creating more gaps that hackers can exploit, Netwrix said. At the same time, Netwrix found, the companies using AI the most widely are also the ones taking identity management the most seriously. (CYBERSECURITYDIVE.COM)

Elections

Election systems are now a persistent cyber target

Election security has traditionally been framed as a time-bound problem. Activity intensifies in the months leading up to a vote, defenses are strengthened, monitoring is heightened, and once the election passes, the sense of urgency recedes. That model is increasingly out of step with how adversaries operate. Analysis of cyber activity surrounding the 2024 election cycle, which included major votes in the United States, the United Kingdom, the European Parliament, India, Indonesia, Mexico and South Africa, points to a different pattern. Electoral infrastructure is no longer being treated as a temporary target. It is being treated as a persistent environment. (GOVINFOSECURITY.COM)

ICS/OT

Vulnerabilities fixed by Siemens, Schneider, Phoenix Contact

Siemens published only four new advisories. In Sinec INS, the industrial giant fixed authenticated command execution, information disclosure, privilege escalation, and password exposure flaws. The company also addressed a DoS and potential code execution issue in Siprotec 5, and a sensitive information exposure weakness in WinCC Certificate Manager. Siemens also patched CVE-2025-15467, an OpenSSL vulnerability allowing remote code execution, in Scalance, Simatic, Sinamics, Sinec, and other products. (SECURITYWEEK.COM)

Malware

BLUERABBIT backdoor encrypts files, wipes Windows systems

A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in mid-to-late March 2026 and suspected to target Israeli entities, BLUERABBIT implements a full-spectrum intrusion framework: remote access, system profiling, exfiltration to attacker-controlled cloud storage, file encryption that appends a .candy extension, and two separate disk‑wiping routines capable of rendering systems unrecoverable. (GBHACKERS.COM)

New SilabRAT trojan hijacks sessions to steal crypto

A new remote access trojan sold on dark web forums has been built to drain cryptocurrency, hijacking victims’ logged-in sessions to slip past passwords and multi-factor checks. Dubbed SilabRAT, the malware has been detailed in new analysis from Group-IB, which found it advertised since late 2025 as a malware-as-a-service (MaaS) offering at $5000 a month. Its developer, a Russian-speaking actor known as o1oo1, also sells a code-obfuscation tool called AsmCrypt and discounts buyers who take both. (INFOSECURITY-MAGAZINE.COM)

Hackers abuse VMware-signed binary to deploy NIGHTFORGE loader

Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in turn deploys a Havoc Demon implant in memory. TRU attributes both operations to a previously unreported cluster it calls Khmer Shadow, based on targeting, lure construction and shared infrastructure; the activity appears focused on defense and military intelligence collection in Southeast Asia. Both campaigns used meeting- or cooperation-themed self-extracting (SFX) archives delivered likely via spear-phishing. (GBHACKERS.COM)

Phishing

Cybersecurity software fails to detect fifth of browser-based phishing attacks

Cybersecurity software regularly fails to detect and prevent the cyber-attacks they are designed to protect organizations from, especially within the bowser layer, research by Menlo Security has warned. Published on June 9, Menlo Security’s 2026 Browser Threat Report found that one in five phishing attacks which target the enterprise browser users go completely undetected by the tools which are supposed to protect the network and its users from attacks. Based on platform telemetry across millions of active browser sessions in enterprise customer environments between January 1 and March 31 2026, the research warned that threat actors are gaining entry to enterprise environments through the browser session layer. (INFOSECURITY-MAGAZINE.COM)

Tactics

Infostealers turn millions of devices into credential theft machines

Infostealers have become the primary source of stolen credentials for attackers. Using these credentials is now a favored route for bad actors to access a target effectively as an invited guest. It is quicker, easier, less visible and more effective than forcing an entry. More than 11.1 million devices were infected with infostealers in 2025, reports Flashpoint. More than 3.3 billion credentials, browser artifacts, session information and other forms of identity are now circulating in illicit marketplaces. These don’t simply provide entry to a target, they often provide authorized access to valuable data undisturbed by security defenses within the target. (SECURITYWEEK.COM)

Vulnerabilities

Max severity Ivanti Sentry vulnerability now exploited in attacks

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. Formerly known as MobileIron Sentry, the Ivanti Sentry security gateway appliance secures traffic between back-end corporate systems and remote mobile devices. Tracked as CVE-2026-10520, the maximum-severity vulnerability stems from an OS command injection weakness and was patched by Ivanti on Tuesday with the release of Sentry versions R10.5.2, R10.6.2, and R10.7.1. (BLEEPINGCOMPUTER.COM)

Unpatched Langflow flaw CVE-2026-5027 exploited for unauthenticated RCE

A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. “The ‘POST /api/v2/files’ endpoint does not sanitize the ‘filename’ parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences (‘../’),” Tenable, which discovered the flaw, said in an alert released in late March 2026. (THEHACKERNEWS.COM)

China

China-linked JDY botnet expands targeting of U.S. military networks

The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. According to researchers at Black Lotus Labs by Lumen, who have been monitoring its activity, JDY maintains a strong focus on the United States, where many of its compromised devices are located and where it heavily targets military and associated networks. The security firm notes that JDY has grown from roughly 650 active bots in January 2024 to over 1,500 compromised SOHO and IoT devices today. (BLEEPINGCOMPUTER.COM)

Cybercriminals exploit Chinese guarantee markets to sell stolen credentials

Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of criminal services. These platforms modeled explicitly on consumer escrow systems such as Alipay’s operate as third-party guarantors: the marketplace operator holds buyer funds in escrow, releases them only after delivery is confirmed, and adjudicates disputes. That familiar escrow veneer has enabled rapid scaling from bilateral brokers to industrialized marketplaces that now underpin Southeast Asian scam compounds, money-laundering rings, and transnational fraud operations. (GBHACKERS.COM)

A Sputnik moment: China’s beating the U.S. in neuroscience

The U.S. risks ceding healthcare and science preeminence to China if it doesn’t speed its systems for medical research and regulation, said Max Hodak, former president of Elon Musk’s Neuralink who now heads neurotechnology firm Science Corp. “There is a very real possibility that without significant regulatory reform, if you’re a wealthy American, in 10 years, the only place you’ll be able to get your state-of-the-art cancer care is in Shanghai,” he said Wednesday at the Semafor Tech summit in San Francisco. “This is a thing we should be very mindful of. [China is] executing very competently.” (SEMAFOR.COM)

Financial

Chinese, N. Korean threat groups build on Asia-Pacific success

In its recent 2026 Financial Services Threat Landscape Report, CrowdStrike noted that six of the nine major threat groups targeting financial services in Q1 2026 are linked to China and North Korea, while at least 78 organizations in the Asia-Pacific and Oceania regions were targeted by cybercriminals groups’ data-leak-and-ransom operations. Cybercrime remains a massive problem in the Asia-Pacific region, because financial fraud and digital theft have become tremendous revenue streams for some nations. In 2025, for example, threat actors linked to the Democratic People’s Republic of Korea (DPRK) stole at least $2.02 billion in cryptocurrency, accounting for a 6% to 7% share of the nation’s $29 billion estimated GDP. (DARKREADING.COM)

Iran

Analysis of satellite image and videos suggest precision U.S. strikes on Iranian water facility

Strikes early Wednesday destroyed what appears to be a drinking-water facility on Iran’s southern coast, near the Strait of Hormuz, according to an analysis by The New York Times. Around the time of the strikes, the U.S. Central Command said in a post on X that it had conducted attacks near the strait “with precision munitions from U.S. Air Force and Navy fighter jets.” Iranian state media reported that the U.S. had hit water storage buildings and a local official said that water was cut off to more than 20,000 people living in a town and villages nearby. Temperatures in the area have reached above 100 degrees Fahrenheit this week. (NYTIMES.COM)

Iran’s trolling caught the U.S. off guard. Here’s how to push back

OPINION: Iran’s diplomatic response to President Donald Trump’s threat to destroy Iranian civilization wasn’t a condemnation or a counterthreat. It was a scheduling request. “8PM is not so good. Could you change it to between 1 and 2PM — or if possible, 1 and 2AM?” one Iranian embassy wrote on X. When Trump later delivered an expletive-laden demand that Tehran open the Strait of Hormuz, it responded with a joltingly deadpan quip: “We’ve lost the keys.” These jocular retorts are not one-offs. They are part of Iran’s much broader strategy to push back on the United States in the information domain—one that encompasses satirical memes, artificial intelligence (AI)-generated videos, and sarcastic pile-ons designed to undercut U.S. soft power abroad and deepen reticence for military action among Americans at home. (CFR.ORG)

Ransomware

Who runs the ransomware group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group. Experts at the security firm Check Point Software have been closely covering exploits of The Gentlemen, a so-called “ransomware-as-a-service” (RaaS) offering that pays affiliates handsomely to help spread the group’s malware. (KREBSONSECURITY.COM)

Russia

U.S. hunts down Russian ‘Void Blizzard’ hacker in Thailand raid after attacks on American companies

A suspected Russian hacker has been extradited from Thailand to the United States, where he faces charges for allegedly facilitating a widespread cyberattack campaign that victimized numerous American companies. Denis Obrezko, who was apprehended in Thailand last November, made his initial appearance in federal court in Boston on Tuesday. He is connected to a case that U.S. authorities describe as a large-scale cyber espionage operation carried out by a group known as Void Blizzard. (THE-INDEPENDENT.COM)

Expect Russia to escalate its attacks on our democracies

OPINION: For many in the West, Russian information warfare still conjures images of hacked emails, troll farms, and social media manipulation during the 2016 U.S. election and the Brexit vote in the UK. But those operations were not isolated incidents. They were part of a much older Russian playbook — one refined over a century by Soviet and later Russian intelligence services. Today, that same machinery is evolving again, becoming more aggressive, more technologically sophisticated with cognitive AI, and more focused on exploiting the deepest social fractures within democratic societies. The latest revelations about Russian-linked operations in Europe should therefore not surprise us. They should warn us. (THECIPHERBRIEF.COM)

Artificial intelligence

OpenAI considers drastic price cuts, anticipating war for users with Anthropic

OpenAI is considering drastically lowering the prices it charges users as it seeks to win customers from its rival Anthropic. The company is weighing significant cuts to what it charges for tokens, the unit of measurement artificial-intelligence firms use to bill for their products, according to people familiar with the matter. The move would be in anticipation of similar cuts the company expects at Anthropic, the people said. Business executives have begun to balk at the high prices for AI usage. OpenAI Chief Executive Sam Altman said at a recent event that costs had become “a huge issue.” (WSJ.COM)

Data centers

EPA won’t set nationwide standards for data centers

The Trump administration is not going to set nationwide environmental requirements or recommendations for the rapidly growing data center industry, EPA Administrator Lee Zeldin said Wednesday. While there are technologies and practices that reduce air pollution and water usage, states and communities know what works best for them, Zeldin said at the POLITICO Energy Summit in Washington. “Ten times out of 10, I’m not going to sit inside of an agency building in Washington, D.C., and that we say that we know that local community in Georgia or Florida or Arizona or elsewhere, better than everyone there locally,” Zeldin said. (EENEWS.NET)

Musk’s xAI, SpaceX sued over ‘pervasive and inescapable’ data center power plant noise

Mississippi residents are suing Elon Musk’s xAI and SpaceX over the “pervasive and inescapable” noise from their data center and accompanying power plant in a Memphis, Tenn.-area community. Three individuals who live near the plant in Southaven, a city just south of Memphis across the Mississippi-Tennessee border, filed a class-action lawsuit Monday against Musk’s companies, arguing the noise is diminishing residents’ quality of life and local property values. “Companies like Defendants are rushing to construct massive data centers and power-generation facilities, siting them in quiet residential areas like Southaven, Mississippi, and subjecting residents to near-constant noise, vibrations, and other nuisance-level harms,” the filing reads. (THEHILL.COM)

Defense

Pentagon, contractors need proactive defense to protect against infostealers, new report says

Information-stealing malware has become a persistent cyber threat, and a new report released June 10 identified how the Defense Department and its industry partners can defend against accelerated attacks from infostealers. In 2025, more than 11.1 million devices were compromised by infostealers, and over 3.3 billion credentials were stolen, according to the report, “Identity Is the New Attack Surface: A Guide to Infostealers and Proactive Defense,” produced by cyber-threat intelligence company Flashpoint. One publicly exposed database that surfaced this year contained more than 149 million stolen login credentials, it added. U.S. military and defense contractor credentials have been targeted in infostealing attacks, Ian Gray, Flashpoint’s vice president of intelligence, said in an email. (NATIONALDEFENSEMAGAZINE.ORG)

Energy

FERC approves PJM fast-track review for ‘shovel-ready’ power projects

The Federal Energy Regulatory Commission on Tuesday approved the PJM Interconnection’s proposal for an “expedited interconnection track” for large generating projects, rejecting concerns raised by Vistra, state regulators and others. Under the process, PJM will consider up to 10 interconnection requests a year on a fast-track basis for new or uprated capacity resources of at least 250 MW that can come online within three years. The process is set to expire at the end of 2027. “The EIT proposal will help address PJM’s near-term resource adequacy needs by establishing a separate, time-limited, expedited interconnection process for a limited number of resources that are able to bring significant capacity onto the system in the near-term,” FERC said. (UTILITYDIVE.COM)

DOE unveils road map to develop fusion for electricity

The Department of Energy released a fusion road map Tuesday to expedite development of a technology viewed by the Trump administration as an important player in the future electricity mix. DOE’s final fusion strategy, which involved the input of more than 800 scientists and engineers, outlines infrastructure needed to commercialize the technology within the next decade and sets detailed timelines for the department to reach milestones. Fusion envisions harnessing the same reaction that powers the sun and stars but has not been demonstrated at scale to produce electricity. (EENEWS.NET)

IT modernization

Innovation on ice: How DOGE derailed an SBA tech program

When the natural gas and coal industries around Farmington, N.M., consolidated, contracted and left the rural region in “a death spiral” at the turn of the decade, a group of energy technology experts looked to Washington for help. With Hyperion Technologies, that team created an organization where startups in New Mexico, Arizona, Colorado and Utah would band together and — with some federal backing — establish the Four Corners region as the country’s most innovative energy-transition tech hub. “It was the broader view of, what can we do with this area that’s experienced some economic fallout?” said Travis Kellerman, a Hyperion advisor and senior policy staffer in New Mexico’s Energy, Minerals and Natural Resources Department. (FEDSCOOP.COM)

Maritime

The Maritime Action Plan needs a yardstick: Enter the Mahan ratio

OPINION: Washington is littered with the corpses of grand plans to restore the Merchant Marine. The Trump administration’s Maritime Action Plan is the latest attempt, and to its credit, the most comprehensive since World War II. The plan is the government’s blueprint to resurrect America’s commercial shipping and domestic shipbuilding industry. The goal is straightforward: build enough merchant ships and train enough civilian mariners to sustain the military through war, while cutting reliance on foreign supply chains in peace. With a $1.5 billion Maritime Security Trust Fund, Maritime Prosperity Zones, and fees on foreign-built vessels, it treats over a half-century of decline as the crisis it is. But the Maritime Action Plan repeats the mistake that sank its predecessors: It assembles the tools to rebuild the fleet without ever defining what the rebuilt fleet looks like. (WARONTHEROCKS.COM)

Workforce

Federal science agencies facing a ‘generational loss,’ nonprofit says

Amid the Trump administration’s workforce overhauls, some federal science agencies appear to be bearing the brunt of the changes, according to new research from the Partnership for Public Service. Federal workforce reductions, cuts to resources, and plans to increase political influence in the grantmaking process are all leading to declines in scientific development and innovation, said Max Stier, the nonprofit’s president and CEO. The effects, Stier said, will be felt for decades to come. (FEDERALNEWSNETWORK.COM)

House to vote on short-term spy powers extension today amid Pulte clash

Speaker Mike Johnson (R-La.) announced that the House will vote Thursday morning on extending the nation’s foreign spy powers through July 2, a move that comes amid a partisan clash over President Trump naming Bill Pulte to be the acting director of national intelligence (DNI). The expected vote comes after Democrats in the Senate largely rejected a short-term extension when leaders hotlined a plan to expedite the measure earlier Wednesday. “Democrats in the Senate are playing political games right now with the lives of Americans. It’s a very dangerous situation,” Johnson told reporters Wednesday. (THEHILL.COM)

Thune open to reconciliation 3.0 for military funding

Senate Majority Leader John Thune (R-S.D.) says that a third budget reconciliation package to fund the military amid the ongoing conflict with Iran is on the table, even though senior Republicans on the Senate Appropriations Committee earlier this week expressed their doubts about reconciliation 3.0. “If there’s a good reason to do another reconciliation bill, if there’s support for it, then my assumption is that it will be something that could get 218 [votes] in the House and 50 votes in the Senate,” Thune said Wednesday. (THEHILL.COM)

Transportation safety technology drawing interest in Congress

As advanced safety technologies reach new stages of development across the transportation sector, Congress has been grappling with how to legislate such innovations, trying to balance industry needs against calls to prevent tragic accidents. A subcommittee hearing of the Senate Commerce, Science and Transportation Committee took up the issue of transportation safety technology Tuesday as Congress works on vehicle, rail and aviation safety bills. “Over the past decade, we’ve seen a rise in innovative technologies that require us to reimagine how our transportation networks operate,” Sen. Todd Young (R-Ind.), the chairman of the Surface Transportation, Freight, Pipelines and Safety Subcommittee, said in his opening remarks. (ROLLCALL.COM)

CISA adds three known exploited vulnerabilities to catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability, CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

DIB: Join Hudson Institute for a June 11 fireside chat between Hudson Senior Fellow Nadia Schadlow and Deputy Assistant Secretary for Industrial Base Growth and Director of the Office of Small Business Programs James Mismash. The discussion will explore current efforts to strengthen the defense industrial base, expand industrial capacity, and foster greater participation and competition across the national security ecosystem.

AI AND THE WORKFORCE: Join AEI for the June 11 launch of the Commission on AI and the Future of the American Workforce, a joint initiative of the American Enterprise Institute and the Urban Institute. This commission brings together leaders from industry, labor, academia, and government to develop an actionable policy framework for AI-driven employment disruption. Hear from the commission co-chairs — former Speaker of the House Paul Ryan and former US Secretary of Commerce Gina M. Raimondo — as well as AEI President Robert Doar, and Urban Institute President Sarah Rosen Wartell as they unveil the commission’s mission and approach.

SECURITY POLICY: From AI and drone warfare to global alliances and economic security, America and its allies need “New Rules” to compete, deter, and win in the 21st century. Join leading voices in national security for an exclusive, all-day Center for a New American Security conference on June 11 at the forefront of today’s most consequential issues — from AI and cybersecurity to the latest developments in Iran, economic statecraft, and America’s strategic readiness across the world.

NORTH KOREA: On June 12 join the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security for the launch of Nonresident Senior Fellow Jieun Baek’s latest book, “Privileged but Powerless.” Baek’s second book on North Korea draws on hundreds of hours of rigorous fieldwork and interviews with defectors to examine a surprising yet critical vector of regime instability. In a fireside chat, Baek will discuss how North Korea’s system of privilege and control shapes elite insecurity at the highest levels of the regime.

HYBRID WARFARE: On June 15 the Atlantic Council’s Eurasia Center will host an expert discussion on how the United States can best counter malign Russian and Chinese hybrid operations. Moscow and Beijing have long pursued campaigns of subversion, sabotage, and subterfuge against the West. Today, those efforts appear to be converging. Many of Beijing’s dual-use technologies have been instrumental in sustaining Russia’s war against Ukraine. Eurasia Center Senior Director and former US Ambassador to Ukraine John Herbst moderates a conversation on what the Russia-China hybrid axis means for Washington and its allies.

DIGITAL INFRASTRUCTURE: On June 16 the Atlantic Council’s Democracy + Tech Initiative will host a discussion to launch a new report examining the future of global connectivity financing and strategic competition over digital infrastructure. As China expands its Digital Silk Road through state-backed financing and integrated technology offerings, the United States and its allies face growing pressure to develop a credible alternative for expanding internet access in underserved markets. 

DIB: Join CNAS on June 16 for a fireside conversation with DoD’s Michael Cadenazzi examining the challenges and priorities shaping U.S. munitions production and defense industrial base policy. This event will examine how policymakers, industry partners, and acquisition officials can work together to build the surge capacity the United States needs, in a focused conversation on the future of U.S. munitions production and defense industrial base policy.

NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.

MARITIME SECURITY: Please join the CSIS Defense and Security Department (DSD) and the U.S. Naval Institute (USNI) on June 18 for a Maritime Security Dialogue event featuring Lieutenant General Eric Austin, USMC, CG, MCCDC / DC, CD&I / PAE-MC. LtGen Austin will sit down with Dr. Seth G. Jones, president, CSIS Defense and Security Department, to discuss the future growth of the Marine Corps, lessons from the recent wars in Ukraine and the Middle East, and implications for the Indo-Pacific. Rear Admiral Raymond A. Spicer, USN (Ret.), chief executive officer and publisher, U.S. Naval Institute, will offer opening remarks. 

NUCLEAR: For the first time, the United States is preparing to deter two nuclear adversaries­­­, Russia and China. In today’s post-New START environment, U.S. adversaries remain committed to weakening American resolve and undermining Washington’s commitment to its allies. Join Hudson Senior Fellow and Keystone Defense Initiative Director Dr. Rebeccah Heinrichs and Administrator of the National Nuclear Security Administration Brandon Williams for a June 18 discussion on the administration’s priorities in strengthening the U.S. nuclear enterprise.

AI AND EXPORT CONTROL: Join House Foreign Affairs Committee Chairman Brian Mast and Senator Jim Banks for a June 25 fireside chat hosted by the Hudson Institute on Congress’s role in U.S. export control strategy to outcompete China in technology and AI development. The conversation will examine ways to close loopholes, guard America’s most critical technologies, and prevent Beijing from leveraging American innovation against American interests. 

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP