Cyber Briefing – June 15, 2026

FOREIGN BAN ON ANTHROPIC’S FABLE AND MYTHOS: Anthropic is racing to resolve its latest conflict with the Trump administration, meeting with officials and dispatching top technical staff to Washington over the weekend in pursuit of a deal to end export restrictions on its most powerful artificial-intelligence models, The Wall Street Journal reports. The Trump administration on Friday banned foreign governments, companies and individuals from using Anthropic’s Fable 5 and Mythos 5 models, which prompted Anthropic to shut off access to everyone in order to comply. Anthropic said at the time that many foreign governments, companies and individuals, including some foreign-born Anthropic employees, fell under the restriction. Administration officials and Anthropic leaders spent several hours on calls Saturday discussing Fable 5, a slimmed-down version of Anthropic’s powerful Mythos model meant for the general public, people familiar with the discussions said. 

• The White House imposed export controls on Anthropic’s powerful Mythos AI model partly over suspicions that a China-linked group had accessed it, a person familiar with the matter said, Semafor reports. It’s unclear how the White House learned of the issue, which organization accessed the model, and how it gained access to Mythos. But if the Chinese government had access to Mythos, it could pose national security risks to the U.S. China could also attempt to reverse-engineer and copy the model in a process known as distillation.

• Prominent cybersecurity leaders — including CISOs, security researchers and executives at Adobe, Zoom and Sophos — are urging the Trump administration to reverse restrictions on Anthropic’s most advanced AI models, arguing the move hurts cyber defenders more than attackers, Axios reports.

• The extraordinary move by the U.S. to bar foreign access to Anthropic PBC’s best AI models underscores the Trump administration’s newfound willingness to exert control over a pivotal industry. It also reminds Silicon Valley that it’s working with an imperfectly understood technology with uncertain impact, Bloomberg reports. Washington has taken the unprecedented step of ordering the AI startup to disable access to its most advanced AI platforms for all foreign nationals. The swiftness of the move triggered widespread concern over what the startup called a “disproportionate” response — and a warning that such an approach could “halt all new model deployments for all frontier model providers.”

• Given these events, observers at the intersection of AI policy and security matters may feel a sense of whiplash. That’s particularly so given this latest dispute comes on the heels of recent policy announcements by the Trump administration that many regarded as a change in tune from the aggressively laissez-faire rhetoric officials advanced a year ago, Justin Hendrix writes at Tech Policy Press. Regardless, the immaturity of the federal government’s approach to AI is now on full display. It is likely to have significant and reverberating implications for ongoing debates – and efforts to address – issues at the intersection of AI governance, technological “sovereignty” and the relationship between U.S. state and corporate power that are playing out in Washington and in capitals all over the world. It could be fairly argued that these ad hoc and wild swings on the part of the U.S. administration are no way to exercise state power, and is further evidence of the need for a regulatory system that provides a more stable equilibrium for stakeholders to operate.

• The countries that host buildout will shape the future of AI: who controls it, what values it contains, how it is used, Alasdair Phillips-Robins. Teddy Tawil and Sam Winter-Levy write at the Carnegie Endowment for International Peace. If democracies are in the lead, they will have a shot at ensuring that transformative AI is safe, secure, and reflects liberal values. If authoritarian powers pull ahead, they will gain the tools to reshape the world order in their image, through repression at home and military dominance abroad. And because authoritarian regimes are more likely to suppress dissent and hide failures, an AI race they lead raises the risk of catastrophic accidents. The free world still has the energy, capital, talent and industrial might to win. This paper, built on a detailed new financial model of data center competitiveness, explains what governments can do. The model considers a wide range of factors, including construction, IT, and other capital costs; operating expenses; revenues; tax systems; and operational timelines. It helps explain what is driving billion-dollar company decisions, and how governments can change them.

CHINA’S TECHNO-INDUSTRIAL STRATEGY IN THE XI ERA: At RAND, Gerard DiPippo, Jonathon Sine and Benjamin Lenain examine how China’s techno-industrial policy has evolved under Xi Jinping into a more centralized, security-linked, finance-driven system. They explain how this system operates in practice by organizing Xi-era policy into five channels (fiscal, financial, real economy, Party-firm, and overseas) and 18 instruments through which the Party-state defines priorities, mobilizes institutions and financial resources, disciplines firms and local governments, and projects these arrangements abroad. Under Xi, China’s techno-industrial policy has shifted from a focus on growth and catch-up toward national security, technological self-reliance, and frontier leadership. The Party-state has overhauled institutions, financing, and corporate governance to direct resources toward priority industries. China’s techno-industrial ecosystem has produced impressive gains in technological capabilities, manufacturing scale, and supply chain resilience in priority sectors.

• The United States and its allies face a serious and growing threat from an authoritarian axis led by China and Russia that will erode U.S. power and security if it is not effectively countered, Seth G. Jones, Seamus P. Daniels, Riley McCabe and Daniel Byman write at CSIS. Chinese leader Xi Jinping and the Chinese Communist Party have ordered the People’s Liberation Army to be ready to conduct a successful invasion of Taiwan by 2027, and Russia continues to wage an aggressive war in Ukraine and a sabotage campaign across Europe that includes assassinations, bombings, and subversion. This report outlines a U.S. defense strategy of flexible engagement built around a two-war planning construct and a rapid shift to a wartime industrial footing to counter an axis led by China and Russia. It prioritizes the Indo-Pacific first and Europe second, as well as deterring and, if necessary, defeating two major powers simultaneously with significant allied and partner involvement.

• The World Data Organization (WDO), a new international institution, launched in Beijing in March. Limited information is publicly available regarding its claimed global membership or its institutional design but it is intended to advance the Chinese Communist Party’s global governance agenda, the Jamestown Foundation reports. The WDO’s president, Tan Tieniu, is a world-leading expert in surveillance technologies for public security applications. The U.S. government sanctioned him in 2021 for his role in the Hong Kong government. Tan is also deeply involved in the Party’s united front work and has been a delegate to at least four national Party congresses.

NEW UNDERSECRETARY FOR CYBER?: In an effort to align IT and cyber responsibilities, senators are proposing to create a new Undersecretary of Defense for Cyber, Information, and Networks position within the Pentagon, DefenseScoop reports. The language to create the new role is included in the Senate Armed Services Committee’s draft of the fiscal 2027 National Defense Authorization Act (NDAA), according to a summary of the bill. A committee staffer told reporters Thursday that the undersecretary would serve in a dual-hatted role as both Defense Department chief information officer and principal cyber advisor to the secretary of defense. The Pentagon’s CIO serves as the top advisor for information technology matters while also managing a broad portfolio comprising the department’s IT enterprise, digital modernization and defensive cybersecurity posture.

• Concerned about how artificial intelligence might be used to generate target lists or operational plans, lawmakers want to expand limits on autonomous weapons to address mission planning and target selection, Air and Space Forces Magazine reports. The House Armed Services Committee’s version of the 2027 National Defense Authorization bill would direct the Pentagon to revise Defense Directive 3000.09 to cover mission planning activities. If approved, it would mark a “big change,” said Bryan Clark of the Hudson Institute. The measure is among several moving through Congress that seek to address emerging AI and related capabilities, including one focused on orbital data centers, and another that would establish a new combatant command to oversee autonomous and robotic systems.

• An amendment in the House Armed Services Committee chairman’s mark for the fiscal year 2027 defense policy bill could discourage technology companies from building data centers on military installations, hindering Army modernization efforts and future private investment, an Army official said. The measure, offered by Rep. Cory Mills (R-Fla.), would bar the Defense Department from leasing its land to private companies to build data centers unless they agree not to install or operate data facility equipment that contains components manufactured in China, Russia, Iran or North Korea, Federal News Network reports. The restriction would apply to certain printed circuit boards, advanced semiconductors, chipsets and other components that the Defense Department considers a national security risk. 

CYBER THREAT TO THE WORLD CUP: As CSIS recently outlined, the physical security threats to the World Cup are diffuse and serious. Cyber threats to the World Cup are somewhat more acute; the key threats are likely to be determined cybercriminals targeting ordinary tournament-goers at scale, or state or hacktivist actors seeking to disrupt the tournament for geopolitical or symbolic value, Nikita Shah writes at CSIS. In any case, should such threats materialize, they risk undermining the three host nations and their projection of public safety. The good news is that as with all major sporting events, preparation and exercising runs deep; authorities at all levels will have anticipated cyber and physical threats well in advance and will be ready to mitigate any cyber incidents, letting the show go on.

• Over 80% of professional sports organizations were targeted by cyberattacks during the last year and over half of them were hit more than once, researchers have warned, Infosecurity Magazine reports. In a report published on June 11, the day the FIFA World Cup 2026 kicked off, figures from Darktrace revealed that 84% of sports organizations – including teams, venues and event bodies – were targeted by cyberattacks during the last year. And for most of them, facing a cyberattack was not a one-off event: 57% experienced multiple cyber incidents in the 12-month period.

THE STATE OF CLOUD AND AI FOR FINANCIAL SERVICES: This Cloud Security Alliance report examines how financial institutions are rapidly moving beyond cloud adoption and AI experimentation. Commissioned by Anjuna, the report explores the evolving relationship between cloud security, AI governance and identity management in highly regulated environments. It shows how financial institutions are embracing large-scale AI agents, autonomous systems, and AI-driven financial operations. The findings reveal that financial services are adopting AI faster than governance maturity can keep up. The majority of organizations are already deploying AI agents (62%) and anticipate autonomous AI-driven financial transactions (85%). With these developments, institutions are confronting new challenges around non-human identities, third-party risk and data leakage. 

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

A new executive order on artificial intelligence and cybersecurity sends a clear signal: Advanced AI now sits at the center of how the United States thinks about cyber defense, national security, critical infrastructure resilience and strategic competition. In this episode of Cyber Focus, Frank Cilluffo sits down with Daniel Kroese, vice president of global policy at Palo Alto Networks and a senior fellow at the McCrary Institute, to unpack what the order means in practice. Kroese argues that the most important signal is the administration’s effort to bring government, industry and critical infrastructure operators together quickly — not simply to study AI risk, but to operationalize AI-enabled defense while preserving the innovation advantage that gives the United States its head start.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Breaches

SHADOWBYT3$ claims breach of Nintendo, alleges data theft

The extortion-as-a-service (EaaS) SHADOWBYT3$ threat actor group has publicly claimed responsibility for a cyberattack targeting Nintendo, alleging the theft of approximately 859 MB of sensitive employee data sourced from the company’s use of the HR engagement platform TINYpulse. The claim surfaced on June 12–13, 2026, and is accompanied by a ransom demand of $2 million USD, with a threat to publicly leak all stolen data if payment is not received. Rather than targeting Nintendo’s core gaming infrastructure, SHADOWBYT3$ claims to have executed a precision attack against Nintendo’s third-party HR SaaS provider, TINYpulse. (CYBERPRESS.ORG)

Cybercrime

Ukrainian national pleads guilty to role in Conti ransomware operation

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. The U.S. Department of Justice announced Thursday that 44-year-old Oleksii Oleksiyovych Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware attacks conducted between 2021 and 2022. According to prosecutors, Lytvynenko and his co-conspirators deployed Conti ransomware on victim networks in the United States and abroad, stealing data and encrypting devices to extort Bitcoin ransom payments. (BLEEPINGCOMPUTER.COM)

Fired IT worker jailed for 21 months after sabotaging old school district

A disgruntled IT worker faces 21 months behind bars after being found guilty of sabotaging his former employer’s systems for more than a year and half. Ezekiel Dean Potter, 34, was fired from his IT support job at Iowa’s Saydel Community School District (SCSD) in April 2023. He was found guilty of causing various technical damages to SCSD’s systems between May 2023 and January 2025. At his sentencing hearing on June 11, the court heard that the IT worker had gathered and stored more than 300 Saydel user account credentials before he was terminated from his position. (THEREGISTER.COM)

Education

ShinyHunters uses Oracle zero-day to rampage higher Ed

ShinyHunters used a zero-day vulnerability in Oracle’s PeopleSoft software suite to steal data from potentially more than 100 organizations. PeopleSoft is an enterprise resource planning (ERP) application suite used for things like payroll, supply chain management, human resources (HR), and student administration. It’s primarily oriented to large businesses and organizations, such as government entities and higher education institutions. From May 27 to June 9, 2026, the ShinyHunters extortion gang exploited a zero-day vulnerability in PeopleTools, PeopleSoft’s underlying integrated development environment (IDE) and runtime platform, according to new research from Mandiant and the Google Threat Intelligence Group (GTIG). (DARKREADING.COM)

Supply chain

Over 400 Arch Linux AUR packages hijacked to deploy infostealer and eBPF rootkit

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux’s community package collection, and it is separate from the official Arch repositories, which were not affected. If you installed or updated an AUR package on or after June 11, check it against the current affected-package lists before trusting the host. The list of names is large, still growing, and not yet complete. (THEHACKERNEWS.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Deepfakes

AI deepfakes are getting weirder and harder to spot in the midterms

Political campaigns are employing artificial intelligence in a range of campaign ads to elevate candidates and attack opponents, fueling concerns that the wave of fake content will undermine the midterm elections. In recent weeks, one video portrayed Texas Senate candidate James Talarico singing a rendition of “My Favorite Things” praising transgender children, while another showed Mike Rogers, a Michigan Senate hopeful, as a Hulk-like figure rescuing people from a collapsing building. There also was a viral video of Los Angeles mayoral candidate Spencer Pratt as Batman saving the city from an incumbent depicted as the Joker. The improvement in free AI tools has fueled an explosion of such content, worrying election analysts and politicians on the receiving end of the deepfakes who say that many voters can’t tell that some of the more lifelike videos are imitations. (WSJ.COM)

Malware

Hackers hide new Argamal malware inside working hentai games

Cybersecurity firm Kaspersky has discovered a new campaign delivering malware to people downloading adult video games. Detected in April 2026, Kaspersky’s investigation suggests that this malware is named Argamal, and it is hidden inside hentai game installers. Argamal is a remote access Trojan (RAT) that allows hackers to remotely control a person’s computer. Researchers note that normal internet scams usually give you a broken file that will not open. These infected downloads actually include fully working games built on common systems like RenPy or RPG Maker. The game runs exactly as you want it to, so you never realize your machine is under someone’s control. (HACKREAD.COM)

Phishing

SearchJack adware campaign exposes 758,000 users to privacy and phishing risks

A coordinated campaign of 23 seemingly legitimate Chrome extensions tracked as “SearchJack” has quietly hijacked the default search settings of roughly 758,000 users, routing queries through operator-controlled monetization middleware before returning results. At first glance the extensions promise useful features satellite imagery, productivity tools, news readers, maps but their true purpose is affiliate search monetization, primarily using hosted search partners such as Yahoo and multi-network affiliate brokers. (GBHACKERS.COM)

Vulnerabilities

Palo Alto warns of active exploitation of PAN-OS GlobalProtect VPN flaw

Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad actors to set up VPN connections. According to the network security company, the security defect could be exploited by a bad actor to bypass security controls and initiate VPN connections. (THEHACKERNEWS.COM)

Ivanti Sentry exploitation attempts hitting honeypots

CISA flagged a recently patched Ivanti Sentry vulnerability as exploited, but Ivanti says the activity was observed only on honeypots. Tracked as CVE-2026-10520 (CVSS score of 10/10), the security defect is described as an OS command injection issue that could be exploited remotely, without authentication, to execute arbitrary code with root privileges. Ivanti rolled out patches for the flaw on June 10, saying it has no evidence of in-the-wild exploitation. Ivanti Sentry versions 10.5.2, 10.6.2, and 10.7.1 contain the fixes. (SECURITYWEEK.COM)

phpBB forum fixes auth bypass bug lurking for a decade

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. The flaw does not have an identifier and is trivial to exploit with a single HTTP request. It impacts phpBB versions 4.0.0-a2 or 3.3.16 and below. Researchers at application security company Aikido found the bug on June 2nd and reported it through the developer’s HackerOne Vulnerability Disclosure Program. (BLEEPINGCOMPUTER.COM)

Critical Splunk Enterprise flaw lets attackers run code without authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. “In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint,” Splunk said in an alert this week. (THEHACKERNEWS.COM)

China

Chinese hackers hijack auth flow, spy on isolated network for a decade

Chinese hackers took control of a target organization’s authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. Dubbed “Operation Highland,” the intrusion is attributed to the Velvet Ant cyberespionage threat group, which targeted vulnerable internet-facing systems before pivoting to a network with no direct external path. Chinese hackers of the “Velvet Ant” activity cluster breached the isolated critical infrastructure network of a large organization and conducted cyber-espionage operations for 10 years. (BLEEPINGCOMPUTER.COM)

A place where some AI stocks are still cheap: China

The frenzy over artificial intelligence is sending technology-company valuations through the roof in the U.S. and Asian markets. One country still offers some relative bargains: China. Stock markets feature a parallel universe of Chinese technology champions: an e-commerce giant that isn’t Amazon, a search-engine and robotaxi company that isn’t Google and a chip manufacturer with a four-letter name other than TSMC. While some smaller Chinese tech companies have experienced bubbly surges this year, shares in larger companies that are investing heavily in AI often cost less per dollar of revenue or profit than their famous counterparts abroad. (WSJ.COM)

North Korea

APT37 hackers use NarwhalRAT malware with MS-themed phishing and dead-drop C2

APT37 is using NarwhalRAT in a tightly engineered intrusion chain that starts with Microsoft-themed spear-phishing, pivots through malicious LNK files and PowerShell, and ends with a Python-based backdoor with dead-drop C2 via pCloud. The campaign is notable for its layered tradecraft: social engineering, LOLBin abuse, scheduled-task persistence, in-memory execution, and selective data theft are all combined to reduce visibility and increase dwell time. The lure is designed to look like a Microsoft account security notice or cybersecurity advisory, pushing the victim to open a ZIP archive that contains a disguised LNK file. (GBHACKERS.COM)

Russia

Russia building new infrastructure for major troop deployments along NATO’s northern flank

In another indication of the growing military and economic importance of the Arctic, Russia and NATO are increasing their buildup of forces and facilities in the region. Recent media investigations found that Russia is constructing new bases near Finland to eventually house tens of thousands of troops while NATO on Saturday stood up a long-planned new battalion battlegroup. It is a force that will operate in Finland and Sweden as a deterrent against Russia. TWZ has frequently reported how Russia, and to a lesser extent China, have moved aggressively to assert their presence in the High North, leaving the U.S. and its NATO allies looking to bolster their defenses. (TWZ.COM)

APT28, an evolution of tradecraft

Sekoia’s Threat Detection & Research (TDR) team has been tracking APT28 for several years. The intrusion set, also known as Fancy Bear, Forest Blizzard, Sofacy, Pawn Storm or Sednit and publicly attributed to the GRU’s Unit 26165, is one of the most prolific and persistent state-sponsored actors monitored. Its operations span in two decades and consistently target government, defense, diplomatic and critical infrastructure entities, with a focus on NATO members and Ukraine. Given its relentless activity, this intrusion-set has been extensively documented by government agencies, private cybersecurity vendors, and independent researchers. The scale of this collective coverage is reflected in the list of aliases compiled: That’s 33 names for one adversary. (BLOG.SEKOIA.IO)

Artificial intelligence

Artificial intelligence

Biological intelligence in the AI era

OPINION: Recent outbreaks of disease such as those associated with the Hantavirus or the Ebola virus serve as reminders that biological threats remain an enduring challenge for global health security. At the same time, rapid advances in artificial intelligence (AI), synthetic biology, biomanufacturing, and other emerging biotechnologies are reshaping the biological risk landscape, the implications of which are increasingly brought to the forefront of policy discussions worldwide. Even several leading AI companies recently signed an open letter urging U.S. lawmakers to strengthen safeguards against AI-enabled biological weapons, underscoring growing concerns about the security implications of emerging technologies. (GMFUS.ORG)

German court: Google liable for AI summaries

A German court dealt a blow to Google artificial intelligence-infused search by deciding that the Big Tech firm is liable for defamatory statements in the AI summaries that increasingly dominate its results. A regional court in Munich granted a preliminary injunction in late May to local publishing house Verlagshaus24 and one of its subsidiaries, demanding that Google immediately stop its AI Overviews summaries from generating false claims about their business practices. This feature purports to only summarize publicly-available content, but it often hallucinates facts – and in this case, it misinterpreted third-party content and said the plaintiffs were the targets of accusations that had actually been made against another publisher. (GOVINFOSECURITY.COM)

Critical minerals

U.S. turns to Central Asia to combat China’s rare earth dominance

The United States is vulnerable to Chinese control over critical mineral supply chains. To reduce its dependence on Beijing, Washington is increasingly looking to Central Asia. On June 10, U.S. special envoy Sergio Gor met with representatives of all five Central Asian countries for their first in-person Critical Minerals Dialogue in Astana, Kazakhstan. The summit immediately preceded the Astana Mining and Metallurgy Conference, which featured a record number of U.S. participants, including more than 20 companies and government officials, among them Assistant Secretary of Commerce David Fogel. (FDD.ORG)

Data centers

AI firms are getting creative as they scramble for energy

The major players in AI want energy far faster than utilities can provide it — and that’s prompting them to explore some alternative approaches to powering data centers, ranging from the conventional to the questionable. A lot of U.S. data centers — 59 planned facilities, by one count — are looking to skip slow-moving utility processes altogether and build their own power sources on-site. Pretty much every big tech firm is pursuing this strategy to some extent. But the large-scale, conventional gas turbines these firms would prefer to install are hard to come by amid a massive supply chain crunch. (CANARYMEDIA.COM)

Another N.J. town bans AI data centers after proposal to build one is withdrawn

A proposal for a 16,000-square-foot data center in East Greenwich Township has sparked debate among local residents and led the township to ban future development of data centers. The Mt. Royal Data Storage Facility raised such strong concerns among residents in the New Jersey municipality of roughly 12,000 that American Tower Company, the developer, withdrew its application. The opposition also resulted in the township’s adoption of an ordinance prohibiting future data center development. (NJ.COM)

Tax dispute derails Ohio effort to regulate data centers

A rush to pass sweeping data center regulations in Ohio hit a snag this week when legislative leaders couldn’t reach agreement on proposed tax incentive reforms. Republican majorities in the House and Senate failed to find common ground on what — if any — tax breaks the Buckeye State should offer to lure data center development. The impasse means the Legislature is unlikely to revisit the issue again until the fall. The setback deals a blow to some residents and state officials who wanted the Legislature to act quickly. Gov. Mike DeWine (R) last month paused sales tax exemptions originally established in 2014 following news reports that data centers received $1.6 billion in tax breaks last year — far exceeding earlier state tax department estimates. (EENEWS.NET)

Deepfakes

The world’s leading deepfake expert no longer trusts his own eyes

The emails began to arrive on a Sunday morning, as the worst ones often did. Hany Farid opened the first message at his home in the hills above Berkeley and found a link to a viral video purporting to show a U.S.-made missile hitting an elementary school in Iran, where more than 150 people had been killed, most of them children. “Is this an internet hoax or an international war crime?” one note read. “We’re trying to verify what’s real.” Farid grabbed a pencil and a notepad, leaned into his computer and watched. (NYTIMES.COM)

Defense

1.5M people use GenAI.mil, Pentagon CTO says

The Defense Department’s enterprise generative AI platform is now being used by 1.5 million personnel, according to Pentagon CTO Emil Michael. GenAI.mil was introduced in December to give DOD employees access to commercial AI tools and bring efficiencies to their workflows. Google’s Gemini products were the first to be made available in the new system, and OpenAI’s ChatGPT and xAI’s Grok were also set to be integrated. There were just 80,000 AI users in December, Michael noted during remarks at the Hudson Institute on Friday. (DEFENSESCOOP.COM)

Drones

Pentagon may ‘sacrifice’ traditional weapons to buy more drones if reconciliation fails: CTO

If Congress does not pass $350 billion in funding through the reconciliation process, the Pentagon will consider cutting expensive traditional weapon systems in order to protect drones, the department’s top technologist warned Friday. Emil Michael, who is both the undersecretary of defense for research and engineering, as well as the Pentagon’s CTO, indicated in comments at the Hudson Institute think tank that the building was prepared to protect its focus on buying large numbers of low-cost, high-tech systems if the reconciliation funding does not come through. “If we’re forced into that position, we just make other trade-offs, like against exquisite weapons and systems: How much of those are we willing to sacrifice in place of low-cost autonomous weapons?” Michael said. “It’s just like balancing any budget and any portfolio.” (BREAKINGDEFENSE.COM)

Fully autonomous drones may have killed human soldiers for the first time

Fully autonomous drones with no human oversight have killed soldiers on the battlefield for the first time. This is according to a senior figure in the Ukrainian defence industry, marking a watershed moment in warfare. The one-off test involved 10 AI-controlled “Terminator” drones on the front line of the Ukraine war. Russian soldiers were killed. “We tried it,” says drone-maker Alexander Kokhanovskyy, who supplied the technology and spoke to New Scientist at a press event hosted by the Ukrainian embassy. “It’s a test. We never implemented it [more widely].” (NEWSCIENTIST.COM)

How Ukraine’s drone innovation reversed Russia’s momentum

OPINION: Ukrainian innovation has led to territorial gains on the battlefield. In largepart due to the scaling up of drone operations, Ukraine was able to retake 78 square miles over five days in February 2026 and has continued making gains throughout its fifth spring offensive. Now, compared to the start of the war, Ukrainian drones are able to strike at longer ranges, including 30 to 100 kilometers behind the front lines, expanding the kill zone and forcing Russia to divert resources to protect its supply lines and infrastructure. This reverses a trend of Russian gains throughout 2025 that had many analysts worried about Ukraine’s capacity to continue fighting. Russia continues offensive pressure in the east and Zaporizhzhia region, but the front remains fluid. (CFR.ORG)

Two days, one drone killer: How defense companies built a wheeled counter-UAS robot at the Army’s Operation Jailbreak

Out near the Rocky Mountains, Ben Meager found a good spot to park his robot vehicle. It was the best place to park in a lot packed with some of the defense industry’s newest tech, but it also happened to sit next to a counter-drone turret he’d been eyeing for more than a year. Meager had made renderings of the turret, an autonomous machine gun drone killer made by Allen Control Systems known as “the Bullfrog.” He thought it could fit on top of his company’s small, ruggedized ground robot to help blow swarms of unmanned aerial systems out of the sky. “I won’t lie,” Meager, the CEO of AZAK, told DefenseScoop in a recent interview. “I parked the vehicle next to the ACS Bullfrog in hopes of an actual incorporation of that product onto ours, and that is exactly what happened.” (DEFENSESCOOP.COM)

French army shows Leclerc tank with once-mocked anti-drone cage

The French Army showed off an upgraded Leclerc XLR main battle tank fitted with roof-mounted cage armor, a protective measure widely mocked on social media as “cope cages” when similar structures appeared on Russian tanks during the opening months of Russia’s 2022 invasion of Ukraine, but which has since proven useful against drones on the modern battlefield. The French Army technical section built a prototype of the metal cage, which is now being manufactured by KNDS France and in the process of being delivered to the tank units, said Gen. Olivier Coquet, head of the section known as STAT, in a briefing with reporters at the Eurosatory defense show near Paris on Sunday. (DEFENSENEWS.COM)

Energy

1M-plus customers have connected solar to PG&E’s grid

More than 1 million customers now have solar energy systems connected to Pacific Gas and Electric’s grid — more than any other utility in the U.S., PG&E announced June 4. “As customer-sited solar scaled rapidly, PG&E’s focus expanded beyond simply connecting these systems to also modernizing the grid for safe and reliable two-way power flows at an unprecedented scale,” the utility said in a release. PG&E has recently focused on virtual power plant deployment. In July it executed the largest-ever coordinated demand response test, with its VPP delivering 535 MW for two hours. In February, PG&E and Sunrun completed a hyperlocal VPP deployment, using the storage-plus-solar systems of Sunrun customers to “[export] energy to alleviate local grid constraints, with the goal of helping PG&E avoid or defer distribution upgrades,” Sunrun said. (UTILITYDIVE.COM)

Health care

VA health AI chat tools lack oversight, OIG warns

Although Veterans Health Administration clinicians nationwide are using generative artificial intelligence chat tools for patient care and documentation, the VHA has not established clear oversight and safeguards to mitigate risks, including potential patient safety issues, said a new watchdog agency report. In a review conducted over 90 days, from October 2025 to January 2026, the VA Office of Inspector General found more than 15,000 VA staff actively using VA GPT or Microsoft 365 Copilot Chat, two general-purpose generative AI tools provided by the agency to staff that may have access to patient information. (HEALTHCAREINFOSECURITY.COM)

Leadership

CISA sees leadership shakeup after infrastructure security chief moves to ONCD

Steve Casapulla, an infrastructure security executive in the Cybersecurity and Infrastructure Security Agency, is being detailed as the assistant national cyber director for policy in the White House’s cyber office, prompting a slew of leadership shifts inside CISA, sources tell Nextgov/FCW. With Casapulla pivoting to the Office of the National Cyber Director, Scott Breor — an associate director for the agency’s security programs — will take up his post leading the Infrastructure Security Division, according to one current U.S. official, one former U.S. official and a third person familiar with the matter. Sean Haglund, an associate director in CISA’s Office of Bombing Prevention, will serve as ISD’s acting deputy director, added the sources, who requested anonymity to communicate their knowledge of the new positions. (NEXTGOV.COM)

Regulations

CISA revives push toward long-awaited cyber incident reporting rules

The Cybersecurity and Infrastructure Security Agency is restarting public engagements on delayed cyber incident reporting rules that will likely cover tens of thousands of critical infrastructure organizations. The meetings come as CISA faces pressure to issue the final regulations quickly, while some lawmakers and industry groups also want the agency to amend the draft rules to be less broad and burdensome. Starting Monday, CISA will host a series of virtual town halls to get feedback on the draft regulations to implement the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The meetings will run through Wednesday. (FEDERALNEWSNETWORK.COM)

UAP

Pentagon releases third batch of UFO files, detailing mysterious orb sightings: ‘Are you seeing this?’

The Pentagon on Friday released a new group of documents and videos related to UFOs, or UAPs, the third release since the government began a wave of new disclosures last month. The latest batch includes 53 documents and 10 images from the CIA, FBI, NASA, the Department of Defense and other unspecified agencies, along with six videos and three NASA audio recordings. The videos show orb-like objects in the sky, while a set of images and clips offer “artistic interpretations” of reported sightings. Several of the documents detail encounters reported by federal law enforcement officers in 2023, in which five agents reported seeing strange orbs on the horizon. One agent recounted their partner asking, “Are you seeing this?” as a glowing orb lit up the sky. (CBSNEWS.COM)

Workforce

CyberCorps is adapting to AI. The budget isn’t keeping up

OPINION: The digital battlefield is expanding and changing faster than ever before. Washington must confront mounting threats to critical networks and systems. But there’s one challenge that stands out above the rest: artificial intelligence. The nation’s cyber experts need to be ready to face this new reality. The CyberCorps: Scholarship for Service program is a federal initiative that has done just that for 25 years, contributing nearly 5,000 cybersecurity professionals to the federal workforce. The program is a success story, but the Trump administration has put this program at risk by attempting to drastically cut its funding. Fortunately, Congress has intervened, and will continue to fund the program. The administration should follow Congress’ lead and support it in the future. (CYBERSCOOP.COM)

OPM wants to leverage talent exchanges that would place feds in industry

The Trump administration is already trying to bring talent from industry into the government via its U.S. Tech Force program, but the next step could be putting federal workers on exchanges to companies, according to remarks from an Office of Personnel Management official Thursday. During a panel at a federal technology-focused conference, Kevin Hennecken, senior advisor to the director at OPM and leader of the Trump administration’s Tech Force hiring effort, mentioned the agency’s interest in such a program as a way of helping train federal workers. (FEDSCOOP.COM)

FISA 702 lapse plunges U.S. into unknown territory

The unprecedented expiration of the nation’s warrantless spy powers has plunged the country into legal uncertainty over the extent to which it can surveil foreigners located abroad. Both chambers of Congress on Thursday failed to pass bills to extend Section 702 of the Foreign Intelligence Surveillance Act (FISA) through July 2 amid outrage from Democrats about Bill Pulte being tapped to lead the intelligence community. Each then left town, allowing the spy powers to lapse after they expired at midnight. President Trump is also mulling signing an executive order seeking to shore up the program. (THEHILL.COM)

Blackburn presses Kik on kids safety after ‘disturbing’ research report

Sen. Marsha Blackburn (R-Tenn.) is pressing the messaging platform Kik over its dangers to users, accusing the platform of “turning a blind eye” or “allowing” the exploitation and abuse of minors. The letter, sent Friday and first shared with The Hill, comes a week after the National Center on Sexual Exploitation (NCOSE) released a new report finding the Kik app is a “predator’s paradise” and has not done enough to keep users younger than 18 years off the platform. “The results of this investigation, while disturbing, are not shocking. Kik’s policies are designed to allow this kind of predatory behavior,” Blackburn wrote in the letter to Michael Heyward, the CEO and co-founder of MediaLab, the parent company of Kik. (THEHILL.COM)

COMMITTEE ACTIVITY

AI AND EDUCATION: The Senate Health, Education, Labor and Pensions Subcommittee on Education and the American Family is scheduled to hold a June 16 hearing on the future of K-12 education in the age of AI.

ENERGY RESILIENCE: The Senate Energy and Natural Resources Committee will hold a June 17 hearing to examine the state of the U.S. territories.

DNI: The Senate Intelligence Committee will hold a June 17 nomination hearing to consider Jay Clayton to be director of national intelligence. 

CHINA: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party is scheduled to hold a June 25 hearing.

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

CHINA: European cities and regions have developed hundreds of formal partnerships with counterparts in the People’s Republic of China (PRC) over the past three decades. Sister city and friendship city agreements span nearly every corner of the continent, yet relatively little systematic data exists on what these partnerships involve, how they have evolved, and what risks and opportunities they present for local governments today. This June 15 German Marshall Fund webinar will present comprehensive research and data to address that gap.

HYBRID WARFARE: On June 15 the Atlantic Council’s Eurasia Center will host an expert discussion on how the United States can best counter malign Russian and Chinese hybrid operations. Moscow and Beijing have long pursued campaigns of subversion, sabotage, and subterfuge against the West. Today, those efforts appear to be converging. Many of Beijing’s dual-use technologies have been instrumental in sustaining Russia’s war against Ukraine. Eurasia Center Senior Director and former US Ambassador to Ukraine John Herbst moderates a conversation on what the Russia-China hybrid axis means for Washington and its allies.

DIGITAL INFRASTRUCTURE: On June 16 the Atlantic Council’s Democracy + Tech Initiative will host a discussion to launch a new report examining the future of global connectivity financing and strategic competition over digital infrastructure. As China expands its Digital Silk Road through state-backed financing and integrated technology offerings, the United States and its allies face growing pressure to develop a credible alternative for expanding internet access in underserved markets. 

DIB: Join CNAS on June 16 for a fireside conversation with DoD’s Michael Cadenazzi examining the challenges and priorities shaping U.S. munitions production and defense industrial base policy. This event will examine how policymakers, industry partners, and acquisition officials can work together to build the surge capacity the United States needs, in a focused conversation on the future of U.S. munitions production and defense industrial base policy.

NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.

HYPERSONIC: What are hypersonic delivery systems, and what makes them strategically and technologically distinct from other missiles? What makes hypersonic flight a militarily desirable capability, and how can the United States and its allies defend against these threats? Should the United States policy community debate the merits of nuclear armed hypersonic missiles? To discuss these questions and more, please join the CSIS Defense and Security Department’s HTK Series for a June 18 conversation featuring Heather Williams, director of the CSIS Project on Nuclear Issues, Tom Karako, director of the CSIS Missile Defense Project, and Kari Bingen, director of the CSIS Aerospace Security Project. 

MARITIME SECURITY: Please join the CSIS Defense and Security Department (DSD) and the U.S. Naval Institute (USNI) on June 18 for a Maritime Security Dialogue event featuring Lieutenant General Eric Austin, USMC, CG, MCCDC / DC, CD&I / PAE-MC. LtGen Austin will sit down with Dr. Seth G. Jones, president, CSIS Defense and Security Department, to discuss the future growth of the Marine Corps, lessons from the recent wars in Ukraine and the Middle East, and implications for the Indo-Pacific. Rear Admiral Raymond A. Spicer, USN (Ret.), chief executive officer and publisher, U.S. Naval Institute, will offer opening remarks. 

NUCLEAR: For the first time, the United States is preparing to deter two nuclear adversaries­­­, Russia and China. In today’s post-New START environment, U.S. adversaries remain committed to weakening American resolve and undermining Washington’s commitment to its allies. Join Hudson Senior Fellow and Keystone Defense Initiative Director Dr. Rebeccah Heinrichs and Administrator of the National Nuclear Security Administration Brandon Williams for a June 18 discussion on the administration’s priorities in strengthening the U.S. nuclear enterprise.

CHINA AND AI: Join CNAS on June 24 for a live event on China’s AI capabilities and the risks to U.S. national security. The event will mark the release of a new CNAS report, “Red Lines: Understanding the National Security Risks of China’s Advanced AI,” which assesses the capabilities and trajectory of China’s advanced AI models, provides a framework for understanding the risks to national security, and outlines actionable recommendations for a stronger U.S. analytical capacity and response.

AI AND EXPORT CONTROL: Join House Foreign Affairs Committee Chairman Brian Mast and Senator Jim Banks for a June 25 fireside chat hosted by the Hudson Institute on Congress’s role in U.S. export control strategy to outcompete China in technology and AI development. The conversation will examine ways to close loopholes, guard America’s most critical technologies, and prevent Beijing from leveraging American innovation against American interests. 

DATA CENTERS: Join the CSIS Strategic Technologies Program for a June 25 discussion on the future of data centers and AI infrastructure in the United States. The event will feature two panels bringing together federal and local government officials alongside industry leaders to examine the policy, economic, and security implications of large-scale data center expansion. The conversation will explore how the United States can scale the infrastructure required for advanced AI systems while ensuring resilience, trusted operations, and long-term strategic advantage.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP