Cyber Briefing – June 16, 2026

THE DANGEROUS TECH FOUND ABOARD DARK-FLEET TANKERS: As tankers ferry sanctioned oil from Iran and Russia around the world, their criminal owners are using a mishmash of digital tools to control crews and cover their tracks, The Wall Street Journal reports. The practices, discovered by U.S. Coast Guard cyber teams, have left ships in the so-called dark fleet exposed to bad actors who could use those weaknesses to cause an explosion or oil spill. The Coast Guard’s discoveries, which haven’t been previously reported, paint a picture of criminal bosses skimping on physical-safety measures while relying on information systems that could be exploited or hacked, making some tankers far more dangerous to the environment, to other mariners and to the crews on board than previously known.

• A severe ransomware attack orchestrated by the Anubis ransomware group targeted the Adriatic Port Authority, crippling its operations and disrupting maritime logistics across the region. This cyberattack has raised significant concerns about the vulnerabilities in critical infrastructure. Considering ongoing global supply chain disruptions and the emergence of new threats in the maritime security domain, Resecurity forecasts an increase in malicious activity by nation-states, cyber-mercenaries, advanced cybercriminal and espionage groups. Ransomware attacks have repeatedly targeted port authorities and maritime operations across countries, causing widespread disruption and massive financial losses.

INSIDE THE ANTHROPIC STANDOFF: Trump administration officials began weighing sanctions on Anthropic weeks before they demanded the company take its latest and most advanced artificial intelligence model offline, after a dispute shattered the White House’s already-fragile trust in the company, according to two White House officials who spoke to The Washington Post on the condition of anonymity to describe private deliberations. Several weeks ago, Anthropic gave the administration a list of 111 organizations slated to receive advanced access to Mythos, its newest model, one of the officials said. Anthropic later disclosed that the list had ballooned and roughly 50 additional entities had already received access. Senior officials began to consider using export controls to claw back the technology after the company did not identify the new recipients for days. When Anthropic finally turned over the names, the administration discovered that one recipient was a South Korean telecommunications company the administration suspected of having ties to China, the officials said.

• Anthropic is seeking to resolve this fresh confrontation with the Trump administration, Bloomberg reports. Senior technical staff from Anthropic met with administration officials at the Commerce Department on Monday to discuss the national security concerns raised by the government, according to a person familiar with the planning. It wasn’t immediately clear which administration officials participated in the talks. An Anthropic spokesperson said following the meeting that both sides were working quickly to reach a solution. Spokespeople from Commerce didn’t immediately respond to requests for comment.

• It will likely take longer than a few days to reach a resolution that eases the federal government’s Friday action, which had barred Anthropic from allowing non-U.S. users to access its newest model because of potential security vulnerabilities, a senior White House official said. But the official left the door open to the possibility that it can be done quickly, POLITICO reports. 

• Signatories across industry, academia and expert groups issued a public letter Monday asking the Trump administration to roll back new restrictions imposed on Anthropic’s Fable 5 model, Nextgov/FCW reports. Featured on a new “Free Fable” website, the letter — signed by representatives from companies like Adobe, NVIDIA and Zoom, along with academics from Johns Hopkins and the University of Maryland, Baltimore College — asks Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross to reverse the suspension of Anthropic’s latest model.

• The current situation marks the first time that export controls have been enforced to control access to an AI model. The applicability of such controls depends on how far they purport to reach: to the model’s weights alone, to the potentially dangerous content the model can produce, or (as Anthropic’s broad description of the directive suggests) to any access to the running model at all, Alan Z. Rozenshtein writes at Lawfare.

• A new White House memo aims to strengthen the cybersecurity of sensitive government systems by centralizing oversight of those systems, while also setting aggressive deadlines for updating incident response procedures and other policies, Federal News Network reports. In a national security presidential memorandum signed Friday, President Donald Trump re-establishes and updates the Committee on National Security Systems (CNSS), a decades-old interagency body that sets security policies for military and intelligence systems, as well as systems that process classified information. It charges the committee with leading a policy aimed at fostering “a proactive, adaptive, and resilient cybersecurity ecosystem for all NSS to better safeguard the nation against persistent cyber threats from sophisticated adversaries.”

CHINESE CAMPAIGN TARGETS CYBER OFFENSE, MEDICAL RESEARCH: Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical and military research community. While remaining undetected for over a year, the threat actor compromised externally facing web applications, deployed bespoke malware, pivoted to sensitive internal systems and abused enterprise administrative tools for covert data exfiltration. The threat actor had broad collection aspirations, including sensitive defense intelligence related to national security, Indo-Pacific command operations, artificial intelligence, uncrewed vehicle systems, cyber offensive programs and medical research. 

UK SOCIAL MEDIA BAN: Britain will ban children aged under 16 from using a range of social media apps, including Snapchat, TikTok and YouTube, to protect them from harmful content and excessive screen time, Prime Minister Keir Starmer said Monday, The Associated Press reports. The ban, which is expected to take effect early next year, makes the UK part of a growing global movement to tighten online safety for children. Australia, Canada, Brazil and Indonesia have introduced legislation or announced age-based restrictions or requirements for children’s access to social media. France, Spain, Denmark, Thailand and South Korea are among others studying or developing similar approaches. “Every parent can see it with their own eyes. Social media is making children unhappy,” said Starmer, who has two teenage children. “I’ve heard first hand from families crying out for change and we will do right by them.”

• Ministers have embarked on a concerted lobbying operation to prevent a backlash from the Trump administration to the ban, The Guardian reports. Officials said they had spent weeks trying to reassure senior Trump officials and the U.S. president himself that the restrictions were not specifically aimed at U.S. technology companies. The ban on platforms including X, Facebook, YouTube, Snapchat and TikTok makes the UK the second country in the world to put sweeping limits on social media for children, after Australia did the same earlier this year. But British officials are aware of the risk of retaliation from Trump, whom Starmer will meet at the G7 summit in Évian-les-Bains this week and who has previously threatened the UK with “a big tariff” if the government does not drop its digital services tax.

• TechCrunch has compiled a list of countries that are considering or have already moved forward with bans on social media for young users.

GAO SAYS NAVY NOT MEETING URGENT UNMANNED CHALLENGES: Recent conflicts in Ukraine and the Middle East prove that robotic and autonomous systems (RAS) are disrupting naval warfare and challenging traditional naval superiority. To provide more adaptable, dispersed operations, the Navy intends to shift away from its World War II-era operating model, which was based on closely knit battle groups comprised of several traditional platforms, such as planes, ships and submarines. According to Navy strategic documents, a hybrid fleet is necessary to enable this shift and would incorporate smaller, more numerous and distributed capabilities — including RAS capabilities — as a complement to larger, more individually powerful, traditional capabilities. In this context, RAS capabilities could allow naval forces to take on greater operational risk while maintaining a tactical and strategic advantage. The Navy plans to spend billions of dollars on researching and developing enabling technologies for RAS. In March 2025, GAO found that the Navy had not taken steps to address key challenges to developing RAS capabilities quickly despite critical needs for RAS implementation. 

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

A new executive order on artificial intelligence and cybersecurity sends a clear signal: Advanced AI now sits at the center of how the United States thinks about cyber defense, national security, critical infrastructure resilience and strategic competition. In this episode of Cyber Focus, Frank Cilluffo sits down with Daniel Kroese, vice president of global policy at Palo Alto Networks and a senior fellow at the McCrary Institute, to unpack what the order means in practice. Kroese argues that the most important signal is the administration’s effort to bring government, industry and critical infrastructure operators together quickly — not simply to study AI risk, but to operationalize AI-enabled defense while preserving the innovation advantage that gives the United States its head start.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Breaches

Council of Europe hacked in ShinyHunters’ PeopleSoft heist

ShinyHunters claims to have breached the Council of Europe and stolen more than 297 GB of data after exploiting a zero-day flaw in Oracle PeopleSoft and abusing that hole to hack more than 100 organizations. According to a post on the extortion crew’s data-leak site, the 429,000 pilfered files contain HR and payroll records, payslips, purchase-order records, CVs, and employees’ salary, banking, tax, and medical records. A Council of Europe spokesperson told The Register that it is “currently investigating the matter and assessing the situation,” but declined to comment further. (THEREGISTER.COM)

Critical infrastructure

Finland brings charges against cargo ship officers for cutting submarine cables

The Finnish Prosecution Service announced Monday it was bringing charges against the captain and the bosun of a cargo vessel which damaged several submarine cables in the Baltic Sea on New Year’s Eve. The Fitburg, which had been transporting sanctioned steel products from Russia to Israel, according to Finnish Customs, was seized by Finnish authorities following cable faults detected in the region. Two of its crew were subsequently arrested. According to the deputy prosecutor general, the ship’s officers have now been charged with “having damaged two subsea telecommunications cables and of having attempted to damage a total of eight other subsea connections.” (THERECORD.MEDIA)

Defense

8 crew members dead after B-52 bomber crashes at California’s Edwards Air Force Base

Eight crew members are dead in a B-52 bomber crash shortly after takeoff from Edwards Air Force Base, northeast of Los Angeles, on Monday morning, the base said. It is the deadliest crash involving a B-52 bomber since 1982. In that crash, nine crew members died in test training at the Mather Air Force Base near Sacramento, The Associated Press reported at the time. The B-52 Stratofortress in Monday’s crash was on a routine test mission that took off at 11:20 a.m. local time at the remote air base, officials said. It is now considered a recovery operation. “It was tragic and unsurvivable,” Colonel James Hayes said at a news conference. (CNN.COM)

Education

Infinite Campus data breach affects 137,000 school staff accounts

The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. Infinite Campus is an education technology (EdTech) company that provides a student information system (SIS) to over 3,200 school districts across the United States, managing data for 11 million students in 46 states. Although it didn’t attribute the incident to a specific hacking group when it notified customers of the breach in March, Infinite Campus described the attacker as “part of a group known for targeting the Salesforce accounts of hundreds of companies.” (BLEEPINGCOMPUTER.COM)

Government

Officials: SLED cybersecurity unit assisting Spartanburg County with ongoing network outage

Spartanburg County, S.C., offices are currently experiencing temporary disruptions affecting network connections and internet services. County officials said they are aware of the outages and the IT team is working to restore the systems. According to county officials, all county offices remain open and operational. However, some services and communications may experience temporary interruptions during this process. The outages started Wednesday. The cause is still unknown, according to county officials. (FOXCAROLINA.COM)

Health care

iRhythm discloses data breach, says hackers stole patient info

Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients’ personal and health information stored on third-party-hosted business applications. The company says its cardiac monitoring service has been used to analyze more than 2 billion hours of curated heartbeat data from over 12 million patients. In a filing with the U.S. Securities and Exchange Commission (SEC) on Monday, iRhythm said it discovered the incident one day earlier, prompting it to launch an investigation with external cybersecurity experts and activate its cybersecurity response plan to contain the breach. (BLEEPINGCOMPUTER.COM)

Space

A Chinese rocket breaks apart dangerously close to the Starlink constellation

The upper stage from a commercial Chinese rocket that launched last week has broken apart in space, spreading debris in a heavily trafficked part of low-Earth orbit home to the International Space Station and a significant portion of SpaceX’s Starlink broadband network. The breakup occurred shortly after the Zhuque-2E rocket reached orbit on June 9 with two satellites providing direct-to-cell communications, perhaps around the time the upper stage was expected to perform a disposal burn. The US Space Force confirmed the breakup event in a post on space-track.org, a website used by the military to distribute orbit data to the public. (ARSTECHNICA.COM)

Supply chain

Attackers hijack popular WordPress plugins to deploy backdoors

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator accounts on as many as 1.2 million sites. The supply-chain attack, detailed by Dutch malware research firm Sansec on June 13, tampered with JavaScript served for OptinMonster, TrustPulse and PushEngage, three plugins run by WordPress vendor Awesome Motive. Rather than living on victim servers, the malicious code rode in through Awesome Motive’s own delivery network, so any site loading the scripts pulled the tampered files straight from the source. (INFOSECURITY-MAGAZINE.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Attackers can turn AI agent guardrails into denial-of-service weapons

New research found a single poisoned document can dramatically slow shared AI agent workflows by trapping reasoning-based safety systems in extended thinking loops. “Reasoning-based guardrails introduce a new attack surface where security mechanisms themselves become the target,” the researchers from Hong Kong University of Science and Technology and collaborators wrote in the paper. They added that “a single poisoned document can saturate shared guardrail infrastructures, effectively starving co-located agents and paralyzing the entire system,” describing a reasoning-extension denial-of-service (DoS) attack that targets the security layer rather than the underlying AI model. (CSOONLINE.COM)

UK government finds 400-plus vulnerabilities in AI hackathons

The UK government has discovered and patched hundreds of vulnerabilities after running a series of internal hackathons using frontier AI models. The weekly, in-person events were organized by the Government Cyber Coordination Centre (GC3) – an initiative from the National Cyber Security Centre (NCSC) and the Department for Science, Innovation and Technology (DSIT). The idea was to use the models to scan public code repositories across nine government departments. “Rather than mandate a single approach, we gave teams model access and let them build their own tooling, noticing what worked each week and building on the best approaches,” the GC3 said. (INFOSECURITY-MAGAZINE.COM)

Russian and Chinese actors use AI translation and visual content in malign influence operations

AI is reshaping foreign malign influence operations in subtle but consequential ways. Our analysis of pro-Russia and pro-China inauthentic accounts on X across 2024–2026 shows actors are not leveraging AI primarily to flood platforms with volume. Instead, they are using AI to refine content quality, create more believable personas, and broaden linguistic and visual reach moves designed to evade detection and increase persuasive power among real users. Using a novel machine-learning pipeline that blends unsupervised clustering with supervised classifiers trained on human-labeled signals, we identified likely inauthentic accounts with high confidence (average precision 86%, recall 83%). (GBHACKERS.COM)

Phishing

Ghostwriter APT uses fake Gmail login panels to steal passwords and 2FA codes

Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Polish email providers such as Onet, Wirtualna Polska and Interia shifted in March 2026 to high-volume Gmail-targeted campaigns. Attackers send professionally worded Polish-language emails that allege suspicious activity or imminent account suspension and lure recipients to counterfeit login pages hosted on a rotating set of domains and abused hosting services. (GBHACKERS.COM)

Ransomware

Gentlemen ransomware actively exploiting Fortinet FortiGate vulnerabilities: 478 victims hit by rapid worm-like attacks

The Gentlemen ransomware has rapidly established itself as a formidable threat in the global cyber landscape, with at least 478 confirmed victims spanning 66 countries and over 20 industry sectors as of June 2026. This ransomware, operated as a Ransomware-as-a-Service (RaaS), is distinguished by its advanced worm-like propagation, robust encryption mechanisms, and aggressive double extortion tactics. The malware’s ability to autonomously spread laterally across networks within minutes, combined with its anti-forensic and defense evasion capabilities, makes it a critical risk to organizations of all sizes. This advisory provides a comprehensive technical analysis of the Gentlemen ransomware, its tactics, techniques, and procedures (TTPs), exploitation in the wild, victimology, and actionable mitigation strategies. (RESCANA.COM)

Rhysida and Interlock ransomware groups linked to initial access brokers and crypter ecosystem

Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse. IBM X-Force’s long-term analysis ties both groups to initial access brokers, private crypters, downloaders, and backdoors that help them stage intrusion chains before encryption. The core finding is that both operations rely on a layered ecosystem rather than a single malware family. Interlock is associated with NodeSnake, InterlockRAT, JunkFiction downloader, Supper, and the JunkFiction crypter, while Rhysida’s recurring tooling includes Endico downloader, Broomstick, Supper, and Tomb crypter. (GBHACKERS.COM)

Vulnerabilities

CISA flags LiteSpeed cPanel plugin flaw exploited for root privilege escalation

The Cybersecurity and Infrastructure Security Agency has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege escalation. It allows a user with FTP or web shell access to escalate privileges to root on shared hosting servers running CloudLinux or CageFS. (THEHACKERNEWS.COM)

Copilot ‘SearchLeak’ attack allows 1-click data theft

A novel Microsoft Copilot attack that researchers dubbed “SearchLeak” would have enabled an attacker to silently exfiltrate user files, including emails, meeting notes, OneDrive files, SharePoint documents, and other business files the user has access to. Varonis Threat Labs detailed the three-stage vulnerability, which works as a relatively unknown subset of indirect prompt-injection attacks called parameter-to-prompt Injection (P2P), which needs to be on defender radar screens. (DARKREADING.COM)

SimpleHelp bug lets hackers create rogue remote support accounts

A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. The flaw is tracked as CVE-2026-48558 and received a critical severity rating. It impacts SimpleHelp versions 5.5.15 and older, as well as 6.0 pre-release versions. Researchers at offensive security company Horizon3.ai explain that the issue is caused by how identity assertions received from an OIDC identity provider (IdP) are validated. (BLEEPINGCOMPUTER.COM)

Cisco patches another SD-WAN zero-day exploited in attacks

The flaw, tracked as CVE-2026-20262, has been described as a medium-severity arbitrary file write issue affecting Catalyst SD-WAN Manager. An attacker can send specially crafted HTTP requests to an affected API endpoint to create or overwrite any file on the underlying operating system. “This file could later be used to elevate to root,” Cisco explained, adding, “To exploit this vulnerability, the attacker must have valid credentials with at least write access.” (SECURITYWEEK.COM)

Iran

CIA director doubts Iran’s intentions on deal, sources say

CIA Director John Ratcliffe told President Trump and other senior officials that evidence gathered by U.S. intelligence agencies raises serious doubts about Iran’s willingness to make the nuclear concessions the U.S. is seeking in any final deal, according to three sources familiar with those discussions. Ratcliffe isn’t the only skeptic in Trump’s top team. In internal discussions, Secretary of State Marco Rubio and Secretary of Defense Pete Hegseth both expressed concerns and raised questions about the memorandum of understanding (MOU) announced Sunday, while Vice President Vance and U.S. envoys Steve Witkoff and Jared Kushner advocated for it, according to two of the sources. (AXIOS.COM)

Iran says Strait of Hormuz won’t have ‘tolls’ but it will have ‘fees’

Though President Trump declared on Sunday that the Strait of Hormuz would reopen and be “permanently toll-free,” Iran indicated on Monday that it intended to charge fees for unspecified services in the strait. The net effect — paying for passage through the vital waterway for global energy supplies, which was not required before the U.S.-Israeli war on Iran — could add expense and complications for commercial shipping in the waterway, and set a dangerous precedent for shipping in international waters worldwide. Iran’s foreign ministry spokesman, Esmaeil Baghaei, said on Monday that Iran was “not seeking to levy transit tolls; however, fees will be charged in exchange for the services that are provided.” But there was little indication of what services Iran would be providing. (NYTIMES.COM)

North Korea

North Korean hackers are turning developer tools into malware delivery channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes to target nearly 100 organizations in finance, cryptocurrency, education, technology, and several other sectors. The activity has been codenamed UNK_DeadDrop. “The infection chain begins with emails containing links to actor-controlled GitHub repositories hosting malicious scripts that result in the execution of cross-platform malware for macOS, Linux, and Windows, including an open-source Go framework named Overlord,” Proofpoint researchers Saher Naumaan and Carlos Rubio said. (THEHACKERNEWS.COM)

Russia

A man who set fire to homes linked to Starmer is in jail. His Russian-speaking handler slipped away

The Russian-speaking handler, a shadowy figure known as “El Money,” was not happy. A string of arson attacks targeting a car and two London homes linked to British Prime Minister Keir Starmer had attracted little attention, possibly because the then 21-year-old attacker, a Ukrainian recruited online, was not very good at documenting them. One video that was supposed to show Starmer’s former car on fire lasted only seconds. The second, filmed in the dark, largely captured the repeated sound of striking matches. El Money wanted publicity and was prepared to pay. (APNEWS.COM)

Drones

Closing the Title 32 gap in domestic counter-UAS authority

OPINION: At a West Virginia Air National Guard base, Boeing C-17 Globemaster III aircraft sit on a ramp. These high-value assets support global deployment and rapid mobility. Like many National Guard installations, the base is secured by guard personnel operating under Title 32 of the United States Code. If a small unmanned aircraft system (UAS) enters that airspace, the National Guard members on site would be the first to respond. Despite being the first on scene, no statute authorizes these Title 32 personnel to detect, track, or mitigate UAS threats. (LAWFAREMEDIA.ORG)

ISACs

MS-ISAC enters uncertain new era after losing federal funding and thousands of members

Eight months after the Multi-State Information Sharing and Analysis Center lost its federal funding, the cybersecurity threat intelligence sharing group for state and local governments has lost dozens of states and more than ten thousand local jurisdictions that can no longer afford its vital cybersecurity services, even as the hacking threats they face have grown more numerous and more dangerous. The MS-ISAC, run by the nonprofit Center for Internet Security (CIS), says it’s working hard to recruit new members, including through discounted fees, and it stresses that it’s still collecting enough data from its remaining members to produce high-quality cyber threat intelligence for that community. But the MS-ISAC’s membership drain could leave thousands of small jurisdictions and their critical infrastructure more vulnerable to nation-state sabotage and ransomware attacks — local impacts that could resonate nationally at a time when China and Iran are using cyberattacks as a tool of foreign policy in their conflicts with the U.S. (CYBERSECURITYDIVE.COM)

Nuclear

Exercise Prominent Hunt trains for nuclear forensics mission

Soldiers and airmen joined the FBI to train for a simulated interagency nuclear forensics mission during Exercise Prominent Hunt 2026 in Colorado Springs June 8-12. Prominent Hunt is an annual full-scale interagency training exercise that the U.S. government has conducted since 2012. This is an exercise of the National Technical Nuclear Forensics Ground Collection Task Force, which would support the investigation and attribution of a nuclear detonation. The FBI is the only federal agency with jurisdiction and capabilities to investigate a nuclear incident, including collecting evidence that might be used in an eventual prosecution. The Task Force mission is to collect nuclear debris samples near the site of a nuclear detonation for analysis at the national laboratories. The Task Force is composed of members of the FBI, Department of War, and the Department of Energy/National Nuclear Security Administration. (FBI.GOV)

Space

DARPA seeks industry ideas for ‘rapid reconstitution’ of space systems

The Defense Advanced Research Projects Agency (DARPA) is turning to industry for help in identifying technologies and operational concepts to allow the reconstitution of space assets damaged or destroyed by adversaries, or on-orbit accidents. “The end goal is to develop and deploy effective response mechanisms to rapidly restore critical services to minimum levels or higher, on tactical timelines of hours to weeks, in response to demand surge needs, lost assets resulting from potential adversaries’ ASAT [anti-satellite weapons] engagements, or orbital debris collisions,” the Pentagon’s far-future agency said in a June 12 request for information (RFI). (BREAKINGDEFENSE.COM)

Workforce

IRS IT department has shrunk 42% under Trump

More than 2 in 5 IRS IT employees have either been separated from the agency or involuntarily reassigned to other positions during the second Trump administration, according to a watchdog report released last week. In its third workforce snapshot since President Donald Trump began his second term, the Treasury Inspector General for Tax Administration found that the IRS lost 30% of its workforce (31,273 staffers) from January 2025 through January 2026, though it also added 2,000-some positions for a net decrease of 28%. Those departures were a mix of voluntary separations, deferred resignations or other incentive-induced exits. (FEDSCOOP.COM)

UK AI hiring surges as firms seek people to babysit the bots

Britain’s AI jobs boom is creating a two-track labor market, according to PwC, which just so happens to make a healthy living helping companies navigate AI-driven transformation. The consulting giant’s latest AI Jobs Barometer found hiring for AI specialists in the UK jumped 61 percent over the past year, rising from 112,000 roles in 2024 to 180,000 in 2025, even as overall job vacancies across the economy fell by 6.6 percent. That headline figure is the sort of thing consultancies put in press releases, but the more interesting bit comes later. (THEREGISTER.COM)

Thune says Senate will move FISA bill without SAVE America Act, rebuffing Trump

Senate Majority Leader John Thune (R-S.D.) on Monday said the Senate will attempt to pass an extension of the Foreign Intelligence Surveillance Act’s (FISA) enhanced surveillance powers without the Safeguard American Voter Eligibility (SAVE America) Act attached, rebuffing President Trump’s demand to link the two bills. Thune, who has repeatedly warned that letting Section 702 of FISA expire poses a risk to national security, said he would try to move an extension of the controversial surveillance law as a stand-alone measure. The provision, which allows the U.S. to spy on foreigners located abroad without a warrant, lapsed over the weekend. (THEHILL.COM)

Congress must review Iran agreement, senators say

Congress needs to be able to review the agreement between the Trump administration and Tehran that is intended to end the Iran war, senators in both parties said Monday. President Donald Trump announced Sunday that the United States and Iran had reached a memorandum of understanding to end the war, reopen the Strait of Hormuz and begin more comprehensive negotiations on Iran’s nuclear program and sanctions relief. The deal has been signed electronically, while a formal, in-person signing ceremony is scheduled for Friday in Geneva, Trump said Monday. (ROLLCALL.COM)

Senator questions Pentagon’s plan to revise autonomous weapons policy

Sen. Ruben Gallego (D-Ariz.) is pressing the Pentagon to disclose how it’s confronting potentially serious operational risks to U.S. military personnel as insiders hustle to fulfill the Trump administration’s new 90-day mandate to rewrite the policy for deploying and safeguarding autonomous weapon systems in warfare. In a new letter to Secretary of Defense Pete Hegseth, exclusively obtained by DefenseScoop, Gallego asked about specific measures being taken to mitigate possible unintended harm to Americans and allies that could accompany any swift revisions to Department of Defense Directive 3000.09. (DEFENSESCOOP.COM)

COMMITTEE ACTIVITY

AI AND EDUCATION: The Senate Health, Education, Labor and Pensions Subcommittee on Education and the American Family is scheduled to hold a June 16 hearing on the future of K-12 education in the age of AI.

ENERGY RESILIENCE: The Senate Energy and Natural Resources Committee will hold a June 17 hearing to examine the state of the U.S. territories.

DNI: The Senate Intelligence Committee will hold a June 17 nomination hearing to consider Jay Clayton to be director of national intelligence. 

CHINA: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party is scheduled to hold a June 25 hearing.

Scammers use couriers to collect cash in cryptocurrency investment scams

The FBI warns the public about scammers instructing victims, usually senior citizens, to participate in cash pickups purportedly to protect funds purchased through the scammer’s cryptocurrency investment platforms, which, at this point, continued to deceptively appear legitimate to the victim. The scammers arrange for couriers to meet the victims in person to retrieve cash for fraudulent investments. In-person cash collection via couriers is a method utilized across many scams, including grandparent, law enforcement impersonation, tech support, and other scams. (IC3.GOV)

CISA adds two known exploited vulnerabilities to catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability, CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

DIGITAL INFRASTRUCTURE: On June 16 the Atlantic Council’s Democracy + Tech Initiative will host a discussion to launch a new report examining the future of global connectivity financing and strategic competition over digital infrastructure. As China expands its Digital Silk Road through state-backed financing and integrated technology offerings, the United States and its allies face growing pressure to develop a credible alternative for expanding internet access in underserved markets. 

DIB: Join CNAS on June 16 for a fireside conversation with DoD’s Michael Cadenazzi examining the challenges and priorities shaping U.S. munitions production and defense industrial base policy. This event will examine how policymakers, industry partners, and acquisition officials can work together to build the surge capacity the United States needs, in a focused conversation on the future of U.S. munitions production and defense industrial base policy.

NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.

HYPERSONIC: What are hypersonic delivery systems, and what makes them strategically and technologically distinct from other missiles? What makes hypersonic flight a militarily desirable capability, and how can the United States and its allies defend against these threats? Should the United States policy community debate the merits of nuclear armed hypersonic missiles? To discuss these questions and more, please join the CSIS Defense and Security Department’s HTK Series for a June 18 conversation featuring Heather Williams, director of the CSIS Project on Nuclear Issues, Tom Karako, director of the CSIS Missile Defense Project, and Kari Bingen, director of the CSIS Aerospace Security Project. 

MARITIME SECURITY: Please join the CSIS Defense and Security Department (DSD) and the U.S. Naval Institute (USNI) on June 18 for a Maritime Security Dialogue event featuring Lieutenant General Eric Austin, USMC, CG, MCCDC / DC, CD&I / PAE-MC. LtGen Austin will sit down with Dr. Seth G. Jones, president, CSIS Defense and Security Department, to discuss the future growth of the Marine Corps, lessons from the recent wars in Ukraine and the Middle East, and implications for the Indo-Pacific. Rear Admiral Raymond A. Spicer, USN (Ret.), chief executive officer and publisher, U.S. Naval Institute, will offer opening remarks. 

NUCLEAR: For the first time, the United States is preparing to deter two nuclear adversaries­­­, Russia and China. In today’s post-New START environment, U.S. adversaries remain committed to weakening American resolve and undermining Washington’s commitment to its allies. Join Hudson Senior Fellow and Keystone Defense Initiative Director Dr. Rebeccah Heinrichs and Administrator of the National Nuclear Security Administration Brandon Williams for a June 18 discussion on the administration’s priorities in strengthening the U.S. nuclear enterprise.

CHINA AND AI: Join CNAS on June 24 for a live event on China’s AI capabilities and the risks to U.S. national security. The event will mark the release of a new CNAS report, “Red Lines: Understanding the National Security Risks of China’s Advanced AI,” which assesses the capabilities and trajectory of China’s advanced AI models, provides a framework for understanding the risks to national security, and outlines actionable recommendations for a stronger U.S. analytical capacity and response.

AI AND EXPORT CONTROL: Join House Foreign Affairs Committee Chairman Brian Mast and Senator Jim Banks for a June 25 fireside chat hosted by the Hudson Institute on Congress’s role in U.S. export control strategy to outcompete China in technology and AI development. The conversation will examine ways to close loopholes, guard America’s most critical technologies, and prevent Beijing from leveraging American innovation against American interests. 

DATA CENTERS: Join the CSIS Strategic Technologies Program for a June 25 discussion on the future of data centers and AI infrastructure in the United States. The event will feature two panels bringing together federal and local government officials alongside industry leaders to examine the policy, economic, and security implications of large-scale data center expansion. The conversation will explore how the United States can scale the infrastructure required for advanced AI systems while ensuring resilience, trusted operations, and long-term strategic advantage.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP