Cyber Briefing – June 18, 2026

HOW HACKERS FOUND A BACK DOOR INTO OUR LIVING ROOMS: The discovery that millions of digital home devices are secretly powering dangerous cyberattacks began with a phone call more than two years ago from a top Microsoft security executive to his counterpart at Comcast, The Wall Street Journal reports. The tech giant was investigating a digital break-in the company had linked to one of the most capable cybersecurity foes in the world and needed information on six IP addresses, the internet’s equivalent of a phone number. Following that trail, Comcast investigators discovered that Midnight Blizzard, a hacking group linked to Russia’s Foreign Intelligence Service, had managed to access emails belonging to Microsoft’s senior leadership by using consumer internet connections to mask nefarious traffic. What Comcast found has rocked the cybersecurity world and taken years to unravel: More low-cost consumer devices have shipped into the U.S. with backdoor software pre-installed, and this software is also being sneaked into mobile apps and copyright-free illegal copies of videogames.

AI AT THE G7: Just days after the U.S. government banned foreign nationals from using Anthropic’s most powerful artificial intelligence models, executives from the top labs urged the leaders of Western democracies to work together to reap the benefits of the AI revolution, The Washington Post reports. At a working lunch Wednesday during the Group of Seven summit, Anthropic CEO Dario Amodei called on world leaders to share the benefits of AI among democratic nations and suggested it would be possible to coordinate the trade of powerful AI technologies among them, while excluding China, according to a person familiar with the discussion who spoke on the condition of anonymity to share privileged information. The summit marked the first face-to-face meeting between Amodei and Trump since the administration took the extraordinary step Friday of restricting Anthropic’s latest and most powerful AI models, Fable and Mythos. 

• AI executives who met with heads of state at the G7 summit Wednesday discussed how to create an international forum, potentially helmed by the US, that could establish global standards for advanced models — an idea floated by OpenAI CEO Sam Altman, Semafor reports. Altman, who sat between President Donald Trump and Egyptian President Abdel Fattah el-Sisi, was the first CEO to speak at the hours-long lunch, an OpenAI official said. OpenAI’s Chris Lehane told reporters after that “there was really a coalescing amongst the countries and the businesses … in the room around this idea … of being able to try to create; design; develop a forum or a space for the different democratic countries to be able to work together to ultimately see if there’s a way to establish some type of standards,” adding that the hope was those standards “would be an avenue or pathway to helping to ensure ongoing and continued access to the frontier models.”

• Trump’s action cutting off foreign access to Anthropic’s most powerful AI models is stretching the legal limits of government control on tech exports. It’s a warning for other AI companies, POLITICO reports. The Commerce Department, which oversees export control rules, has only applied those restrictions to Anthropic’s models, and has not formalized the rule by publishing it in the Federal Register. But if left unchallenged, the maneuver could embolden the agency to impose the same restrictions on high-end models across the entire AI industry, allowing them to potentially choke off access for any foreign person who uses models such as OpenAI’s ChatGPT and Google’s Gemini.

• The Cybersecurity and Infrastructure Security Agency now has full access to Anthropic’s flagship Mythos Preview model, according to a U.S. official and a second person familiar with the matter, Nextgov/FCW reports. The cyberdefense agency received access around a week ago, the official said. Both sources spoke on the condition of anonymity to discuss internal deliberations. The White House Office of the National Cyber Director has not yet set clear parameters for how the agency should use the model, the official added.

• At intelligence agencies, AI systems are trusted not only to retrieve information but also to help decide what it means. A classified intelligence model probably will not blackmail an official. Anthropic reported in May 2026 that Claude Sonnet 4.5, a new model, reached a blackmail rate “near zero.” That is the wrong lesson, Melissa Graves writes at Lawfare. The more serious problem is institutional. Once an AI system has sensitive access, is assigned objectives, and has room to act or shape analysis, the agency must assess not just whether the model is accurate but also whether it is doing the job the institution believes it is doing. That is why the Anthropic experiment matters for intelligence. Intelligence agencies are not merely experimenting with AI as a search tool or office assistant. They are starting to place AI inside the workflow by which information becomes judgment.

75% OF UK INFRASTRUCTURE ATTACKS COME FROM HOSTILE STATES: Britain is already fighting the opening exchanges of future conflicts in cyberspace, the country’s cyber chief warned Wednesday, as he disclosed that hostile states are responsible for three-quarters of the attacks striking the country’s critical national infrastructure, The Record reports. Richard Horne, chief executive of the National Cyber Security Centre (NCSC), said his teams had handled more than 200 incidents affecting critical infrastructure and its supporting ecosystem in the year to May, of which about 75% were believed to be the work of state actors. The detail builds on Horne’s disclosure earlier this year that his agency was handling four nationally significant cyber incidents a week, with the majority traced back to what are believed to be hostile governments rather than criminal hackers.

• Germany and Poland signed a new defense agreement on Wednesday, putting aside their complicated past to strengthen European military cooperation amid heightened tensions with Russia and growing uncertainty over U.S. engagement in Europe, The Associated Press reports. The defense agreement is to include plans for protecting the Baltic Sea region and details about cooperation on military mobility and infrastructure, cyber defense and new technologies.

MICROSOFT MAKES BIG AI INROADS IN CHINA: Microsoft Corp. has built a big business selling AI models to Chinese companies despite the growing rivalry between the U.S. and China over artificial intelligence, Bloomberg reports. Social media and AI giant ByteDance Ltd. has generally been Microsoft’s biggest AI customer in recent years, largely using OpenAI models, according to people familiar with the matter. The Beijing-based company is on track to spend more than $1 billion a year on Microsoft AI and cloud services, said some of the people, who requested anonymity to discuss a private matter. Other Chinese tech firms, such as Ant Group Co., Meituan and Tencent Holdings Ltd. are also significant spenders on AI models via Microsoft’s Azure cloud service, people familiar with the business said. 

• China and the U.S. are competing for global economic and geopolitical influence — from mining critical minerals to developing military technology. Since 2020, Congress has directed the State Department and USAID to spend at least $1.6 billion on projects to counter Chinese influence worldwide. State and USAID funded about 470 projects — valued at nearly $1.2 billion — from FYs 2020-2023. But they haven’t assessed the overall results of these projects, the Government Accountability Office found.

BRACE FOR CI DISRUPTIONS, CISA CHIEF WARNS: U.S. cybersecurity resilience in the face of sophisticated threats from China and other adversaries will increasingly depend on critical infrastructure’s ability to weather major disruptions, a top U.S. cyber official said Wednesday. “Each and every one of us is operating right now on the front lines of a war that is never going to be cleared,” Nick Andersen, the acting director of CISA, said at ICS Village and the Institute for Security and Technology’s Critical Effect conference, Cybersecurity Dive reports. “We are going to see an adversarial disruption of our critical infrastructure,” Andersen said. “It’s going to have significant not just technical impact, it’s going to have a significant psychological impact on the safety of the American people. … We need to start operating like that’s the reality of where we’re at — that we’re not going to be able to keep everything persistently online and available as much as we would like.”

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

In this episode of Cyber Focus, Frank Cilluffo sits down with FBI Assistant Director for Cyber Brett Leatherman for a wide-ranging conversation about how the bureau is using law enforcement authorities, intelligence, partnerships and court-authorized technical operations to disrupt adversaries, help victims and defend U.S. critical infrastructure. Leatherman explains why the FBI expects to conduct more operations like Operation Masquerade, which evicted Russian GRU actors from compromised routers, and why privately owned routers, edge devices and small networks can become valuable infrastructure for foreign intelligence services and criminal groups. He also discusses the rise of agentic AI in ransomware, China-linked threats to operational technology and critical infrastructure, Operation Winter SHIELD, supply-chain risk and why early victim reporting can help the FBI move upstream against cyber adversaries.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Agriculture

Global ransomware group reportedly claim cyberattack that shut down Mackay Sugar mills

A Russian-speaking ransomware operation known as The Gentlemen has reportedly claimed responsibility on the dark web for a cyber attack that shut down two regional Queensland sugar mills for a week. The Racecourse and Farleigh mills have not been fully operational since June 10. Farleigh mill undertook a manual crush of cane harvested before the attack and both mills have run steam trials in preparation for a staged restart of operations. (ABC.NET.AU)

Breaches

Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world

Cybercriminals have compromised tens of thousands of Fortinet firewalls and VPNs used by major companies all over the world, according to two cybersecurity firms. The widespread hacking campaign, which is ongoing and has been dubbed FortiBleed, appears to not involve abusing any unknown vulnerability in the targeted devices, but rather on a more basic issue: Companies may not be changing passwords to the firewall, nor making sure that the credentials they use for sensitive systems exposed on the internet are not already known by hackers. (TECHCRUNCH.COM)

Crime Stoppers cyber breach may identify anonymous tipsters on dark web

The Canadian Crime Stoppers Association is unsure if tipsters’ personal information has been exposed months after a “security incident” affecting prominent software used to share anonymous tips of crimes. The data breach allegedly involves Crime Stoppers in the United States as well, where media reports in the U.S. allege that approximately 8.3 million records and decades of confidential tips, including the personal details of individuals who submitted anonymous tips, was compromised by online hackers. The reports also allege that the personal contact information of those who sent in anonymous tips was then put up for sale on the dark web. (CTVNEWS.CA)

Cybercrime

Cybercrime surges in APAC as digitalization takes hold

Cybercrime is taking hold in Asia and the South Pacific just as it has elsewhere in the world, with organized crime gangs exploiting the adoption of new technologies, according to Interpol. The policing network said that cybercrime now accounts for 30% of crime in over half of the countries covered by its 2025/2026 Asia and South Pacific Cyberthreat Assessment Report. The study, which is sponsored by the UK government, assessed cybercrime trends across 18 Southeast Asian countries and Pacific Island states. (INFOSECURITY-MAGAZINE.COM)

Financial

GitBait phishing campaign abuses GitHub pages to attack financial institutions

A sophisticated phishing campaign called “GitBait” has been caught targeting Mexico’s financial sector with a level of precision rarely seen in credential-theft operations. The campaign abuses GitHub Pages, a widely trusted free hosting service, to deliver fake banking portals that look nearly identical to the real thing. Victims who land on these pages are tricked into handing over their login credentials, payment card details, and other sensitive information without ever suspecting anything is wrong. (CYBERSECURITYNEWS.COM)

Tactics

Hackers use reporter impersonation to target C-suite executives in social engineering attacks

A recent engagement demonstrates how persuasive pretexts and careful reconnaissance let attackers bypass technical controls by exploiting human trust at the executive level. Rather than inventing a sophisticated exploit, testers impersonated a journalist reporting an anonymous tip about hazardous-waste disposal at a client’s high-profile construction site. The attack relied on credibility, urgency, and conversational email tactics designed to disarm senior leaders who are trained to respond quickly to reputational threats. (GBHACKERS.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Researchers show how one fake bug report can hijack AI coding agents

Tenet Threat Labs has demonstrated Agentjacking, an attack technique that shows how fake Sentry error reports could trick AI coding agents into running commands on a developer’s machine. The technique abuses the way AI coding assistants process untrusted error logs from Sentry, a popular application monitoring platform. According to Tenet’s blog post, Agentjacking does not require stolen passwords or direct access to a company’s internal network. In the demonstrated attack path, an attacker could inspect a website’s public source code to find its Sentry Data Source Name (DSN), a project identifier that is often exposed by design so applications can send error reports to Sentry. (HACKREAD.COM)

Sensitive enterprise data uploads to AI models double in a year

The amount of sensitive enterprise data which employees uploaded to AI and machine learning applications has almost doubled in the last year, putting organizations at increased risk of data breaches and cyber espionage, a new report has warned. Published on Wednesday, the Zscaler 2026 AI Threat Report said that there has been a 93% year-over-year increase in employees transferring enterprise data to AI tools. Over half of these data transfers were driven by staff using two tools in particular: Grammarly (38%) and ChatGPT (21%). Other tools included OpenAI, Codium, GitHub Co-Pilot, Perplexity, Microsoft Co-Pilot, Google Gemini and Claude. (INFOSECURITY-MAGAZINE.COM)

ICS/OT

Rockwell Automation patches vulnerabilities in ICS controllers and software

Rockwell Automation informed customers on Tuesday that patches are available for several vulnerabilities affecting its Logix and CompactLogix controllers, Flex I/O dual-port Ethernet/IP adapters, RSLinx industrial communication software, and FactoryTalk automation suite. In FactoryTalk Historian Site Edition the industrial giant patched three high- and critical-severity vulnerabilities that can be exploited to bypass authentication and launch DoS attacks. (SECURITYWEEK.COM)

Malware

Crypto clipper campaign abuses fake reviews, AI narrators and VirusTotal comments

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub, alongside GitHub and SourceForge projects promoted by fake accounts, a YouTube channel, and a cluster of accounts that engage in coordinated activity on VirusTotal with the intent to misclassify malicious files as safe. The end goal of the campaign is to push a cryptocurrency clipboard hijacker that’s concealed within Solana and Pump.fun sniper bots and crash-game predictors, suggesting that cryptocurrency asset holders and online gamblers on the hunt for shortcuts and quick profits are the targets. (THEHACKERNEWS.COM)

Junior hacker used Tailscale and OpenSSH to keep access after his C2 went offline

A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s machine, building a way back in that did not run through the C2 at all. When the Havoc server went offline the next day, his access did not. Eighteen days later, the C2 came back, his agents reconnected on their own, and he carried on. Researchers’ lesson is blunt: pulling a C2 server offline is not remediation if the attacker has already built a separate door. (THEHACKERNEWS.COM)

Vulnerabilities

Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April

Attackers are actively exploiting a pair of critical Fortinet vulnerabilities in FortiSandbox, a security product customers use to identify and defend against emerging threats across their network, according to researchers. Fortinet disclosed and patched the vulnerabilities — CVE-2026-39808 and CVE-2026-39813 — in April, but it hasn’t confirmed exploitation. The company did not respond to a request for comment. VulnCheck said it first observed exploitation of CVE-2026-39808, an OS-command injection vulnerability, on June 9. Researchers at threat intelligence firm Defused confirmed exploitation of the same defect June 11, and observed exploitation of CVE-2026-39813, a path-traversal vulnerability, on June 15. (CYBERSCOOP.COM)

F5 patches critical, high-severity NGINX vulnerabilities

F5 on Wednesday released out-of-band security updates to resolve multiple NGINX vulnerabilities, including critical flaws that could lead to code execution. The most severe are CVE-2026-42530 and CVE-2026-42055 (CVSS score of 9.2), two bugs affecting HTTP modules that could be exploited without authentication to trigger a use-after-free or a heap-based buffer overflow, respectively. Successful exploitation of these issues would result in the NGINX worker process restarting, causing a denial-of-service (DoS) condition. If Address Space Layout Randomization (ASLR) is disabled or can be bypassed, the attacker can execute arbitrary code. (SECURITYWEEK.COM)

Iran

Pentagon AI chief: Musk’s Grok chatbot used to launch thousands of missiles at Iran

The Pentagon artificial intelligence chief on Monday said Elon Musk’s Grok chatbot is tantamount to national security in a sworn statement that noted xAI’s technology has been used throughout the Iran war. Cameron Stanley, the chief digital and artificial intelligence officer for the Department of Defense, wrote that the chatbot “enabled U.S. forces to deploy over 2,000 munitions to 2,000 distinct targets within 96 hours during Operation Epic Fury, a testament to the greatly increased operational efficiency made possible by the Grok Gov Model.” Stanley’s statements were used as evidence in efforts by the Trump administration to preserve the xAi data center near Memphis, where the NAACP alleges the company is illegally polluting the air. (THEHILL.COM)

U.S. officials see Iran cyber threat persisting despite preliminary deal

The preliminary U.S.-Iran agreement reached over the weekend likely won’t stop cyber operations launched by Tehran and Iran-aligned hacking groups at American systems, five current and two former U.S. officials told Nextgov/FCW. Most of them were granted anonymity because they were not authorized to publicly discuss forward-looking perspectives of Iranian cyber activity after the agreement. Cyber conflict is “definitely part of warfare that keeps going” and is pretty “accepted” as an “ongoing normal course of business,” one of the officials said, adding that cyber activity may decelerate, but that it “definitely won’t stop.” (NEXTGOV.COM)

North Korea

North Korean hiring fraud runs on AI and U.S. laptop farms

A North Korean scheme to plant fake IT workers inside Western companies has been exposed from the inside, after one of its operatives tried to infiltrate the very firm that tracks the fraud. Risk intelligence provider Nisos recently detailed how a supposed Florida-based AI architect applied for a remote job at the company in June 2025, and how the application unraveled into a look inside an active fraud cell. The resume mirrored Nisos’ job posting almost word-for-word and listed tools that did not exist during the stated employment periods. A brand-new email address with no breach history, a VoIP phone number and several conflicting resumes deepened the suspicion. (INFOSECURITY-MAGAZINE.COM)

Ransomware

INC ransomware thrives by mastering the basics

INC is a ransomware group that has excelled in the ransomware-as-a-service (RaaS) space through doing the basics effectively — alongside a bit of good timing. Researchers with security vendor Acronis today published a blog post covering RaaS gang INC, a group that emerged in 2023 and has claimed more than 800 victims to date. INC is a ransomware actor that greatly benefited from the shutdown of ALPHV/BlackCat and the disruption of LockBit; this is an attribute shared with other ascendant gangs like The Gentlemen. (DARKREADING.COM)

Communications

EU gets a head start in developing 6G network security

European academics and researchers are already working on securing 6G communications in anticipation of a widening attack surface, increased interconnectivity, and classical nation-state threats. Did you know that 6G is already a thing? Word on the street is that it might get rolled out globally around 2030. In anticipation of that near future, 19 organizations have signed onto the “Shield-6G” project — a European Union (EU)-funded venture to develop 6G cybersecurity. The ultimate goal is to develop a cyber threat intelligence platform across network operators, securing the future of mobile communications by the time it arrives. (DARKREADING.COM)

Defense

Good medicine is combat power: Clinical innovation and the lessons of the Russo-Ukrainian war

OPINION: War is a brutal driver of medical innovation. Russia’s full-scale invasion of Ukraine has forced clinicians and commanders alike to confront a hard truth: Survival depends not only on tactics and technology, but on the ability to deliver advanced care under fire, evacuate and resuscitate the wounded, and preserve fighting strength despite repeated attacks on healthcare systems. Ukraine’s experience has reshaped combat medicine through necessity, resilience, and improvisation. The central question is no longer whether NATO can observe these lessons, but whether it can build a system bold enough to capture, test, scale, and field them at wartime speed. (WARONTHEROCKS.COM)

Drones

How one U.S. Army brigade is learning to sacrifice robots in lieu of humans 

This spring, soldiers from the 3rd Mobile Brigade Combat Team, 101st Airborne Division stood idle while drones buzzed overhead and unmanned ground vehicles (UGVs) trudged forward in their places. For the first time the soldiers would see for themselves if robots could take out the adversarial defenses, albeit pretend, before they would have to hypothetically risk their own lives to defeat the enemy. Such an exercise is referred to as a robotic combined arms breach — where uncrewed ground and aerial vehicles are used to defeat enemy defenses — Col. Ryan Bell, commander of the 3rd MBCT, 101st Division, told Breaking Defense in a recent interview. The exercise was part of the larger Joint Readiness Training Center (JRTC) rotation in Fort Polk, Louisiana in April. (BREAKINGDEFENSE.COM)

Marine Corps activates first unmanned maintenance squadron to repair its own MQ-9A Reaper drones

The Marine Corps activated its first unmanned systems maintenance unit Tuesday, a move officials said gives an East Coast aviation wing an organic entity capable of repairing its own large drones. Marine Unmanned Maintenance Squadron 14 (MUMS-14) is a “first of its kind” for the Corps, according to a press release this week. It will serve as the primary sustainer for the service’s fleet of MQ-9A Reaper drones aboard Marine Corps Air Station Cherry Point, North Carolina. The unit will consist of roughly 300 Marines and sailors, a spokesperson for 2nd Marine Aircraft Wing, for which MUMS-14 is part of, told DefenseScoop on Wednesday. Most of those troops are unmanned aerial vehicle technicians, mechanics and ground control station maintainers. (DEFENSESCOOP.COM)

Emergency services

Trump’s pick to lead FEMA plans IT overhaul

The Federal Emergency Management Agency might undergo a major change to its IT operations if President Donald Trump’s nominee to lead the Department of Homeland Security unit is confirmed. “What I will state is that some of the tools and technology that FEMA uses is a bit antiquated,” Cameron Hamilton, Trump’s pick to lead FEMA, told Senate lawmakers during a Wednesday hearing. “If confirmed, I’m planning to do a significant IT overhaul of the entire agency for better accountability.” If confirmed, Hamilton would be the first permanent leader of FEMA in Trump’s second term. The agency has gone through four different acting administrators, including Hamilton, whose stint lasted from January-May 2025. (FEDSCOOP.COM)

Simultaneous drones, better data: NOAA hurricane tech hits milestones

Gusts of wind pulled flags taut outside a conference room window in NOAA’s central Florida-based Aircraft Operations Center as crewmembers went over the flight plan for an emerging hurricane tech-testing day. It was early April, statistically one of the state’s driest months; nevertheless, the skies were overcast and light rain sprinkled throughout the morning. But rather than throwing a damper on the plans, the weather was a source of excitement for those gathered around the long conference table. For the first time, there was an opportunity to evaluate budding technologies — including plane-deployed drones — in precipitation ahead of the hurricane season. (FEDSCOOP.COM)

Energy

New 339-mile transmission line brings Canadian hydropower to NYC

North America’s longest fully-buried transmission line has begun delivering Canadian hydropower to New York City, state policymakers and grid officials said Tuesday. The $6-billion Champlain-Hudson Power Express is expected to deliver 10.4 TWh annually, helping meet up to 20% of the city’s electric needs. Construction was completed ahead of schedule and power flows from Hydro-Québec to New York commenced June 1. Champlain-Hudson will help to replace the Indian Point nuclear plant, which was shuttered in 2021. Since Indian Point’s closure, New York City has relied more on gas-fired plants that have caused emissions downstate to grow, according to a statement from Democratic Gov. Kathy Hochul. (UTILITYDIVE.COM)

Maritime

From sea denial to market shock: Maritime swarms and the weaponization of global energy logistics

OPINION: Maritime swarm tactics enable weak actors to transform global energy chokepoints into strategic battlefields. By leveraging numbers, speed, and dispersion, asymmetric forces — most notably the Islamic Revolutionary Guard Corps Navy (IRGCN) — can overwhelm conventional naval defenses and target vulnerable commercial tankers. These low-cost “mosquito fleets” bypass traditional naval engagements to strike at the global economy’s logistics center of gravity. Through an analysis of the Strait of Hormuz and recent disruptions in the Red Sea, this article demonstrates that swarm warfare imposes disproportionate economic costs, shapes market expectations, and amplifies systemic risk. It argues that these tactics function not only as instruments of sea denial but also as economic coercion targeting global energy supply chains, with implications for convoy adaptation and multinational coordination. (SMALLWARSJOURNAL.COM)

Space

GAO: NASA faces impending decisions for replacing International Space Station with commercial stations

NASA faces several risks that could lead to a gap in human presence in LEO. For example, there would be a gap if the commercial stations are not available before NASA retires the ISS. NASA historical data suggest that developing the commercial stations might take longer than currently planned. NASA also faces an overall risk of a potential gap in LEO. However, it has not yet assessed the likelihood or duration of a gap since undergoing several changes such as revising its acquisition approach. Assessing the likelihood of a potential gap would help NASA make more informed decisions on how to mitigate this risk. NASA is approaching a critical juncture when it must assess readiness and decide whether to pursue the retirement of the ISS and transition to the use of commercial space stations. If the commercial space stations are not assessed to be ready in time, NASA may need to consider other options, such as extending ISS operations beyond 2030, which would have budget implications. (GAO.GOV)

UAP

New science advisory council forms to help US government ‘resolve the UAP mystery’

A new multidisciplinary team of expert researchers is assembling to supply scientific guidance to the U.S. government’s unidentified anomalous phenomena investigations and help agencies determine whether unexplained sightings pose national security threats or represent major new discoveries. Well-known theoretical physicist and Harvard University Professor of Science Avi Loeb announced he would be leading this new UAP Science Advisory Council, which he unveiled in a post online this week. (DEFENSESCOOP.COM)

Workforce

Want to join NGA? Bring AI skills, agency leader says

As the National Geospatial-Intelligence Agency rebuilds its workforce after last year’s DOGE cuts, job applicants need to bring some AI proficiency, the agency’s associate operations director said Tuesday. “We’re hiring now, and every single new person we hire has to prove some capability of AI and data management,” Navy Rear Adm. Michael Baker said at the Defense One Tech Summit. “Every single new hire has to go through AI and data management training.” It’s not just the new employees, Baker said: “Every single old hire has to go through AI training and data management so that all of us are operating inside of the reality of what this ecosystem is.” (DEFENSEONE.COM)

Senate fumes as Clayton chaos unwinds path to renew FISA

President Trump’s scuttling of a hearing to review his pick for director of national intelligence has once again plunged Congress into chaos over who will lead the intelligence community and how lawmakers can renew the nation’s lapsed spy powers. The Senate spent the morning ping-ponging over whether members would even hear from nominee Jay Clayton, who serves as a U.S. attorney. Trump said the hearing was canceled, but Senate Intelligence Committee Chair Tom Cotton (R-Ark.), an ally of the president, initially rebuffed him, saying the hearing would still go on. Cotton later backtracked and announced the “regrettable” decision that the president had directed his nominee to not show. (THEHILL.COM)

Senate NDAA proposes CMMC grant program

The Senate Armed Services Committee has advanced legislation that would set up a grant program for small businesses and nontraditional contractors to cover the costs of Cybersecurity Maturity Model Certification (CMMC) compliance. The CMMC grant program is included in the full text of the committee’s fiscal 2027 defense authorization bill, released Tuesday. The committee released the text Tuesday after approving the bill in a June 10 closed-door mark up. If passed into law, the provision would require the Defense Department to establish the CMMC grant program by July 1, 2027. (FEDERALNEWSNETWORK.COM)

Pentagon’s ability to supply Ukraine with more Patriot interceptors questioned by Congress

Concerned with Ukraine’s ability to protect itself from the onslaught of Russian missile and drone attacks, the Senate Armed Services Committee (SASC) is demanding to know if the Pentagon can increase deliveries of Patriot air defense system interceptors to that war-torn nation. This comes against the backdrop of extreme U.S. and allied demand on dwindling supplies of these weapons. Between U.S. usage in recent Middle East conflicts and commitments to Ukraine and nearly 20 other nations, there have long been concerns about the supply of Patriot interceptors. Still, the Pentagon has maintained that it has sufficient supplies. (TWZ.COM)

COMMITTEE ACTIVITY 

CHINA: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party is scheduled to hold a June 25 hearing.

Reported widespread credential exposure affecting Fortinet Firewalls and VPN Gateways

The ASD’s ACSC is aware of public reporting of a widespread malicious campaign against Fortinet Firewalls and VPN gateways, largely utilising exposed credentials and credential-based attacks, leading to potential compromise and further credential exposure. Leveraging these credentials could enable malicious actor’s remote access to the devices and connected networks, as well as allow changes to various settings, including security controls. (CYBER.GOV.AU)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.

HYPERSONIC: What are hypersonic delivery systems, and what makes them strategically and technologically distinct from other missiles? What makes hypersonic flight a militarily desirable capability, and how can the United States and its allies defend against these threats? Should the United States policy community debate the merits of nuclear armed hypersonic missiles? To discuss these questions and more, please join the CSIS Defense and Security Department’s HTK Series for a June 18 conversation featuring Heather Williams, director of the CSIS Project on Nuclear Issues, Tom Karako, director of the CSIS Missile Defense Project, and Kari Bingen, director of the CSIS Aerospace Security Project. 

MARITIME SECURITY: Please join the CSIS Defense and Security Department (DSD) and the U.S. Naval Institute (USNI) on June 18 for a Maritime Security Dialogue event featuring Lieutenant General Eric Austin, USMC, CG, MCCDC / DC, CD&I / PAE-MC. LtGen Austin will sit down with Dr. Seth G. Jones, president, CSIS Defense and Security Department, to discuss the future growth of the Marine Corps, lessons from the recent wars in Ukraine and the Middle East, and implications for the Indo-Pacific. Rear Admiral Raymond A. Spicer, USN (Ret.), chief executive officer and publisher, U.S. Naval Institute, will offer opening remarks. 

NUCLEAR: For the first time, the United States is preparing to deter two nuclear adversaries­­­, Russia and China. In today’s post-New START environment, U.S. adversaries remain committed to weakening American resolve and undermining Washington’s commitment to its allies. Join Hudson Senior Fellow and Keystone Defense Initiative Director Dr. Rebeccah Heinrichs and Administrator of the National Nuclear Security Administration Brandon Williams for a June 18 discussion on the administration’s priorities in strengthening the U.S. nuclear enterprise.

CHINA AND AI: Join CNAS on June 24 for a live event on China’s AI capabilities and the risks to U.S. national security. The event will mark the release of a new CNAS report, “Red Lines: Understanding the National Security Risks of China’s Advanced AI,” which assesses the capabilities and trajectory of China’s advanced AI models, provides a framework for understanding the risks to national security, and outlines actionable recommendations for a stronger U.S. analytical capacity and response.

AI AND EXPORT CONTROL: Join House Foreign Affairs Committee Chairman Brian Mast and Senator Jim Banks for a June 25 fireside chat hosted by the Hudson Institute on Congress’s role in U.S. export control strategy to outcompete China in technology and AI development. The conversation will examine ways to close loopholes, guard America’s most critical technologies, and prevent Beijing from leveraging American innovation against American interests. 

DATA CENTERS: Join the CSIS Strategic Technologies Program for a June 25 discussion on the future of data centers and AI infrastructure in the United States. The event will feature two panels bringing together federal and local government officials alongside industry leaders to examine the policy, economic, and security implications of large-scale data center expansion. The conversation will explore how the United States can scale the infrastructure required for advanced AI systems while ensuring resilience, trusted operations, and long-term strategic advantage.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP