Cyber Briefing – June 22, 2026

HEAT WAVES AND DROUGHT IMPERIL DATA CENTERS: More than half of data centers worldwide are in areas facing extreme heat or drought, making them vulnerable to periodic shutdowns from power outages or water restrictions, according to a new report, E&E News reports. Data centers require enormous amounts of electricity and water for operations and cooling. But the analysis — released by First Street climate modelers — found that 54% of all data centers are located in areas facing “chronic stress conditions” such as extreme heat or water scarcity. “In other words,” the analysis said, “scale is being built where operating conditions are hardest, not where they’re easiest.”

• Only a small fraction of data center opponents actually live near one, according to new polling by a consulting firm that counsels leading AI labs and tech startups, Axios reports. The findings by Milltown Partners, shared first with Axios, highlight how data centers have become a stand-in for broader anger at an AI future many Americans don’t want but fear they’ll have to pay for. The public is still divided on data centers, with direct opposition not yet a majority view. But nearly half of respondents support a temporary construction ban, according to Milltown’s findings. 

• Data centers operating in Australia say the introduction of tougher penalties and tighter supply chain checks by the government aimed at beefing up national security obligations could deter artificial intelligence investment, even as experts say they must do more to help protect critical national assets, The Australian Financial Review reports. The peak body representing data centers has raised the alarm about the cost and compliance burden of upcoming government reforms designed to protect high-risk critical infrastructure against cybersecurity or physical attacks.

CRITICAL NATURAL SYSTEMS AS MACRO-CRITICAL INFRASTRUCTURE: National and global prosperity, resilience and security rest on a foundation that remains largely invisible in economic and financial decision-making: the stability of the Earth’s natural systems. While all ecosystems are important, scientific evidence indicates that a subset are so foundational to wellbeing, economic growth and resilience that their degradation would not simply represent an environmental loss: it could materially impact food, water and energy prices, national fiscal balances, supply chains and financial markets, Nicola Ranger, Thea Philip, Tom Tayler and Emma O’Donnell argue in an Earth Capital Nexus report. The authors of this paper refer to these systems as “critical natural systems.” First, they explore the economic, finance and governance implications of critical natural systems including forests, rivers, biodiversity hotspots and productive land and how they are analogous to national critical infrastructure. Second, the authors surface a new concept of Global Systemically Important Natural Systems (G-SINS), analogous to the Global Systemically Important Banks (G-SIBs). 

• Extreme heat and dry, windy conditions fueled several wildfires in the West on Sunday, including an uncontained blaze in Utah that forced the evacuation of a small town southwest of Salt Lake City, The Associated Press reports. The Iron Fire in Utah’s Juab County was first detected Saturday and had blackened 34 square miles, authorities said.

• Disaster recovery researchers and survivors of disasters themselves have known for years that policymakers shouldn’t use the same old methods in the face of what is to come, but now they simply can’t. The nation was too reliant on a disaster recovery framework that prioritized cleaning up and rebuilding what was there before, instead of planning for the future. Now the money that supported the old framework isn’t flowing and a new vision is needed for how to survive disasters while adapting to a new climate reality, Sarah Labowitz and Katie Mears write at the Carnegie Endowment for International Peace.

ARMY’S NEWEST UNIT AIMS TO ‘OVERWHELM’ ADVERSARY WITH DRONES: On Thursday, U.S. Army Pacific (USARPAC) stood up a new command to speed up reaction times and sustain operations within the anti-access/area denial environments of the Pacific. To help achieve that goal, the commander of this new unit told The War Zone he wants to be able to saturate any future adversary with so many drones they have trouble operating. “We have learned, particularly looking at Ukraine, there really is no sanctuary area that is protected from observation and potential targeting,” Maj. Gen. Bernard J. Harrington told us during a media roundtable to introduce his new command. It’s called the 7th Infantry Division Multi-Domain Command – Pacific (7th ID MDC-PAC). Headquartered at Joint Base Lewis-McChord in Washington, it combines the 7th Infantry Division and the 1st Multi-Domain Task Force (MDTF). The idea is to merge the maneuver capabilities of the 7th ID’s two Stryker brigades with the long-range sensing, fires, cyber, space, electronic warfare, and information capabilities of the MDTF. The new unit was created as the U.S. still struggles to be on the leading-edge of modern drone warfare, especially when it comes to the lower-end segment of this broad capability set.

NOT JUST THE OIL SUPPLY CHAIN WAS HIT: The Iran war caused one of the biggest supply shocks to ever hit the aluminum market, but the runaway price surge that many were bracing for has been blunted by the ingenuity of producers from the Middle East to China, Bloomberg reports. When the conflict began, market watchers warned that unless the Strait of Hormuz reopened quickly, smelters were likely to run out of raw materials within weeks, potentially forcing widespread shutdowns that would plunge the global market into crisis and send prices to record highs above $4,000 a ton. Those fears escalated dramatically when Iran targeted smelters in the region in missile strikes, and there was broad agreement that aluminum looked set to be one of the worst-hit commodity markets outside of oil and gas. However, in recent weeks Middle Eastern smelters have carried out a series of complex logistical operations — including daring voyages through the strait — to replenish reserves of alumina and other raw materials, helping to avert widespread closures in a region that accounts for nearly 10% of global supply. 

• The G7 has made critical minerals a strategic priority, but its current approach risks overlooking a key factor for success: development. In a Hague Centre for Strategic Studies analysis, Irina Patrahau and Fiona De Cuyper argue that resilient mineral supply chains cannot be built through standards and coordination alone. Producer countries must be involved in shaping supply chain rules and supported in meeting them. Without investment in local capacity, infrastructure and value addition, the G7’s critical minerals strategy will remain incomplete.

FROM PACKAGE TO POSTINSTALL PAYLOAD: Microsoft assesses with high confidence that the Mastra npm supply chain compromise is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The infrastructure and post-compromise TTPs observed in this campaign are consistent with previously documented Sapphire Sleet activity. Sapphire Sleet also conducted a separate npm supply chain compromise affecting Axios, a popular JavaScript HTTP client, in April 2026. Microsoft Threat Intelligence observed a large-scale npm supply chain attack affecting 140-plus packages across the mastra and @mastra scopes on the npm registry. 

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

In this episode of Cyber Focus, Frank Cilluffo sits down with FBI Assistant Director for Cyber Brett Leatherman for a wide-ranging conversation about how the bureau is using law enforcement authorities, intelligence, partnerships and court-authorized technical operations to disrupt adversaries, help victims and defend U.S. critical infrastructure. Leatherman explains why the FBI expects to conduct more operations like Operation Masquerade, which evicted Russian GRU actors from compromised routers, and why privately owned routers, edge devices and small networks can become valuable infrastructure for foreign intelligence services and criminal groups. He also discusses the rise of agentic AI in ransomware, China-linked threats to operational technology and critical infrastructure, Operation Winter SHIELD, supply-chain risk and why early victim reporting can help the FBI move upstream against cyber adversaries.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Breaches

Klue OAuth breach victim list grows as Icarus hackers claim attack

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack. The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce CRM data from multiple organizations. In a statement published this week, Klue CEO Jason Smith confirmed that the company discovered unauthorized activity on June 12 affecting part of Klue’s integration infrastructure. (BLEEPINGCOMPUTER.COM)

Energy

London Hydro investigating data breach affecting some customer accounts

An investigation is underway at London Hydro after a recent “data security incident” may have seen the personal information of some accounts compromised, officials with the utility said. Impacted customers were first notified of the incident on Friday. In an update posted to London Hydro’s website on Saturday, officials with the utility said the incident “may have impacted a portion of personal information on some accounts.” It’s not clear how many customers have been affected. In a statement, London Hydro’s CEO, Ysni Semsedini, said the utility became aware of “some suspicious activity on a customer account on June 18th,” and launched an investigation. (CBC.CA)

Government

Metro Atlanta city discloses cybersecurity incident

The city of Acworth said a cybersecurity incident on June 8 affected some of the city’s computer systems. Once the city learned of the issue, it said city officials contacted a cybersecurity professionals and law enforcement. The city said in a news release distributed via a social media post that its systems are now fully operational. (WSBTV.COM)

Health care

ShinyHunters threatens to leak Amazon One medical records

Amazon bought One Medical for $3.9 billion in 2023 in its bid to bring transformational healthcare experiences to patients through a network of onsite and virtual primary care services. It serves employees of more than 8,500 U.S. clients. In a post on its leak site Thursday, ShinyHunters warned One Medical that it would publish the compromised data “along with several annoying digital problems that’ll come your way” unless the company responds to the gang by June 22. ShinyHunters did not specify in the post its demands of One Medical. (HEALTHCAREINFOSECURITY.COM)

Maritime

Pirate attacks on ships in the Gulf of Aden are on the rise

The Gulf of Aden and other waters around the Horn of Africa are seeing an increase in maritime attacks. Since late April, Somali pirates have been attacking and seizing vessels at a rate not seen since 2011, when piracy in the region was at its peak. The United Kingdom Maritime Trade Operations (UKMTO) Centre, which offers a monitoring and alert service for commercial shipping, issued four warnings in the Somali Basin in April and eight in the Gulf of Aden in May and June. Both areas are in Somali pirate areas of activity. (FDD.ORG)

Nuclear

Inside the daring operation to avert a new disaster at Chornobyl

When Ukrainian emergency workers clambered onto a damaged structure above Reactor No. 4 at the Chornobyl Nuclear Power Plant, there were eerie echoes of 1986. Back then, when Ukraine was part of the Soviet Union and the site was known by its Russian name, Chernobyl, firefighters suffered horrific aftereffects from exposure to radiation while dealing with the consequences of an explosion in the reactor. In February of last year, emergency workers again raced to help put out a fire that Ukraine said was triggered by a Russian attack drone. To tackle the fire, they climbed the so-called confinement structure that stands taller than the Statue of Liberty and covers the destroyed reactor to prevent radiation from escaping. (WSJ.COM)

Spyware

Bulgaria allowed surveillance tech firm to sell products to repressive regimes, report says

A Bulgaria-based surveillance technology firm sold its controversial wares to countries known for repressing their citizens, allowing those governments to snoop on conversations and monitor phones’ locations and web browsing, according to a new report. The nonprofit Human Rights Watch obtained export licensing records covering 2018 through 2023, which show the Bulgarian government allowed the surveillance firm Circles to peddle the tech to law enforcement and intelligence agencies in El Salvador, the United Arab Emirates, Serbia, Azerbaijan, Guatemala, Bahrain, Jordan, Malaysia, Morocco and Panama. (THERECORD.MEDIA)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Attackers can poison AI research agents using Reddit and Wikipedia content

Attackers can now manipulate AI “deep-research” agents by discreetly editing Reddit threads and Wikipedia pages. They can insert as little as a 13-word snippet, which these agents may later reference as authoritative advice, product recommendations, or even scams in their responses. New research from Cornell Tech shows that these agents often rely on the same user-generated content (UGC) URLs. This makes public discussion platforms a significant target for influencing AI search results and research outputs without altering the underlying models. At the center of this risk is a class of multi-step “deep‑research” systems such as STORM, Co‑STORM, and OmniThink, which decompose user questions into multiple sub‑queries, issue a flurry of web searches, and synthesize long‑form, citation‑rich reports from the retrieved sources. (GBHACKERS.COM)

Critical infrastructure

Legacy kit behind vast majority of cyber attacks on utilities

More than three-quarters of utilities organizations were hit by cyber attacks involving outdated software or unavailable patches on legacy equipment over the last year. At 77%, it was the most common type of cyber incident facing the sector, according to Bridewell’s Cyber Security in Critical National Infrastructure Report 2026. And the most common effect was IT disruption or outages, affecting 47% of organizations, despite the fact that 99% of respondents described themselves as resilient after their worst cyber attack. (ITPRO.COM)

Malware

AryStinger malware infects 4,300 legacy routers to build reconnaissance proxy network

A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin’s XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The distinction matters. AryStinger exists for the stage of an attack that comes before the break-in. Infected devices scan the internet, fingerprint services, enumerate subdomains, tunnel traffic, and run commands on demand, then ship the results back to the operator. Each router becomes a footprinting node and a relay that hides where the real attacker is. (THEHACKERNEWS.COM)

CryptoBandits malware doubles as a backdoor, abuses Tor

Microsoft warns of a Windows-based cryptocurrency clipper that establishes a lightweight backdoor blending data exfiltration and remote code execution (RCE) capabilities. Dubbed CryptoBandits, the malware has been used in attacks since February 2026, deploying a portable Tor client on the infected systems and routing traffic through a local SOCKS5 proxy. “The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C&C server. It carries out high-frequency clipboard theft, screenshot exfiltration, and wallet-address substitution,” Microsoft explains. (SECURITYWEEK.COM)

Ransomware

New Prinz Eugen ransomware prioritizes recent files for encryption

A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system. An investigation from Threatdown, Malwarebytes’ enterprise cybersecurity arm, found that the Prinz Eugen hackers have a hands-on-keyboard style and prefer to use legitimate remote monitoring and management (RMM) software and living-off-the-land tools. According to the researchers, initial access is likely achieved through stolen RDP credentials, followed by the manual download and execution of the main payload, ‘servertool.exe.’ (BLEEPINGCOMPUTER.COM)

Trends

New INTERPOL report highlights escalating cyber threats across Asia and South Pacific

INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report has revealed a dramatic increase in cybercrime across the region driven by rapid digitalization, new technologies and increasingly organized criminal networks. The report, covering the period from January 2024 to March 2025, found that more than half of the countries surveyed reported cybercrime now accounting for 30 per cent of all crimes recorded nationally. Cyber-scam techniques such as phishing have emerged as the most widespread and financially damaging form of cybercrime, with 33 per cent of countries reporting over 10,000 cases. (INTERPOL.INT)

Vulnerabilities

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Your AI agent did exactly what it was designed to do. The framework underneath it just handed an attacker a shell on the box that holds your OpenAI key, your database credentials, and your CRM tokens. That is not a hypothetical. In a few months, three of the most widely deployed AI agent frameworks each turned a known, ordinary bug class into a way through. Check Point Research chained a SQL injection in LangGraph’s SQLite checkpointer to full remote code execution. Tenable and VulnCheck tracked a path traversal in Langflow’s file upload endpoint to active, in-the-wild RCE. Cyera documented a path traversal in LangChain-core’s prompt loader that reads your secrets off disk. Two paths to a shell, one to your keys. They are the same bug, wearing three frameworks. (VENTUREBEAT.COM)

Hackers exploit Gravity SMTP WordPress plugin bug to expose API keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens configured for the plugin’s email integrations. (THEHACKERNEWS.COM)

China

New activity at possible Chinese intelligence facilities in Cuba

For decades, Cuba’s proximity to the United States has made the island strategically valuable for foreign intelligence collection. Recent warnings from senior U.S. officials about expanding Chinese and Russian intelligence activities have once again drawn attention to Cuba’s role in supporting those efforts just 90 miles from U.S. shores. In 2024, CSIS identified four Cuban sites featuring equipment that could support signals intelligence (SIGINT) collection, including several with possible links to China. Follow-on analysis of two of these sites, conducted in 2025, found major changes underway at one location, while work at the other had largely stalled. Now, new commercial satellite imagery reveals that activity at both sites has continued, though the pace and scale of development differ considerably. (CSIS.ORG)

China slaps restrictions on dozens of U.S. companies

China imposed trade restrictions on dozens of U.S. entities, including two producers of rare-earth minerals, in a sign that tensions between the two countries haven’t dimmed following the summit between President Trump and Chinese leader Xi Jinping. Earlier this month, the Pentagon added a number of Chinese companies to a blacklist of entities that it said were linked to China’s military. Today, China’s Commerce Ministry responded by adding 10 U.S. defense firms to its control list, barring exports to those companies of any Chinese-made products with potential military applications. The inclusion of two American rare earth producers — MP Materials and USA Rare Earth. — was a particularly pointed statement from Beijing, suggesting that China sees an advantage in constraining U.S. capabilities around materials needed for advanced electronics, defense systems and renewable energy technologies. The controls also targeted other sectors tied to the military: drones, robotics and aerospace. (WSJ.COM)

Systems over steel: How China is redefining amphibious armor survivability 

OPINION: For Beijing, a full-scale amphibious landing remains the option of last resort for unification, favored only if gray zone coercion, blockades, or political pressure fail. Yet Chinese planners recognize a basic reality: Uncrewed systems can deny space, but they cannot seize territory, clear fortified urban centers, or consolidate a political victory. Despite the PLA’s planned campaign of conducting exhaustive initial joint firepower strikes to decapitate command nodes prior to a landing, such barrages will likely fail to neutralize decentralized, mobile drone operators who will retain the ability to orchestrate a resistance. As seen in the PLA’s development of new weapons platforms with counterdrone capabilities, China is not ignoring the drone threat; it is engineering through it. However, the physics of an open-ocean swim strip the Type-05 of legacy protection, forcing the PLA to pursue radical engineering and system-level alternatives. (MWI.WESTPOINT.EDU)

Iran

Iran showed us the future of asymmetric warfare

OPINION: Most Americans associate asymmetric warfare with terrorism or insurgencies. The attacks of September 11 represented a classic asymmetric strike, using civilian aircraft against symbols of American power. The improvised explosive devices that wounded and killed thousands of coalition troops in Iraq and Afghanistan provided another example, allowing inexpensive weapons to impose disproportionate costs on the world’s most advanced military. But modern asymmetric warfare extends far beyond terrorism. (THEBULWARK.COM)

Russia

Here is how Russia’s Skyfall nuclear-powered cruise missile actually works

Russia’s mysterious Burevestnik (also known to NATO as SSC-X-9 Skyfall) cruise missile likely leaves a trail of radioactive material in its wake, making the weapon even more alarming than was first thought. This is the conclusion of two scientists from the Massachusetts Institute of Technology (MIT), who have recently published a detailed analysis of one of the so-called ‘super weapons’ revealed by Russian President Vladimir Putin back in 2018. The report, from Jake Hecla, an MIT professor who covers aerospace and nuclear science and engineering, and co-author R. Scott Kemp, provides the most compelling analysis so far on how the Burevestnik is actually powered. Uncertainty around this has led to previous questions about whether Russia’s claims of nuclear propulsion for the weapon even stack up. (TWZ.COM)

Loyal but powerless: The downgrading of Russia’s elite

OPINION: When Russia launched its full-scale invasion of Ukraine on February 24, 2022, many Russian and Western observers expected that the Russian elites — liberal-minded economists and bureaucrats, businesspeople, and intellectuals — would speak out against the war, or at least quietly generate internal pressure to slow it down. After all, many of these people had assets in the West, Western education, family abroad, and considered themselves part of the interconnected world. But in the end, only a very small handful publicly condemned their country’s aggression.That cannot be put down solely to individual cowardice, pressure from the security services, or plain self-interest. Of course, such factors clearly had a significant impact, but they don’t answer the structural question of why the agency of the elites and their capacity for autonomous political action were replaced by loyalty and acquiescence. (CARNEGIEENDOWMENT.ORG)

How declining oil production could weaken Russia’s geopolitical power

OPINION: Russia’s era of easily accessible oil from Western Siberia appears to be coming to a close. This creates a fiscal constraint that Moscow is unlikely to offset through conflict or narrative engineering. Over time, the country’s diminished oil production capacity is expected to weaken its ability to hold geopolitical influence. In the next five years, however, it may have the opposite effect — raising the risk of conflict if the Kremlin decides to act militarily beyond Ukraine before its financial advantages erode further. (BAKERINSTITUTE.ORG)

Ukraine launches ‘TrophyLab’ platform to share captured Russian weapons with allies

Ukraine’s Ministry of Defense launched an access-controlled online platform last week that provides allied governments, defense companies and research institutions with technical intelligence drawn from captured Russian military hardware − a formalization of what Kyiv has long done informally with select partners. The snazzily branded platform, called TrophyLab and accessible at trophylab.mod.gov.ua, currently catalogs more than 115 samples of seized Russian equipment across 79 categories. Users who pass a vetting process gain access to blueprints, component analyses, schematics, and the findings of Ukrainian state laboratories and intelligence agencies − more than 225 studies at present, according to the ministry. (DEFENSEONE.COM)

Artificial intelligence

Trump tells ‘The Axios Show’ that Anthropic was a national security threat

President Trump reached the point last week of viewing Anthropic as a national security threat, he said in an exclusive interview for “The Axios Show,” though he signaled that relations have improved since. National security concerns and personality clashes landed AI heavyweight Anthropic in the middle of a government crackdown with domestic and international repercussions. Between the Commerce Department’s imposition of sweeping export controls and the Pentagon’s designating it a supply chain risk, the company has faced treatment typically reserved for foreign adversaries. (AXIOS.COM)

Success-induced orientation collapse: Extending the OODA loop in AI-accelerated decision environments

OPINION: In rapid decision environments, success may become a liability. Success-Induced Orientation Collapse (SIOC) describes how AI-driven acceleration increases the risk of acting on degraded or outdated models of reality. As decision cycles compress, the central challenge is no longer speed but preserving orientation under conditions of apparent success. A unit implements an effective targeting process. Initial strikes are successful. The system identifies patterns, analysts confirm them, decisions are made rapidly, and positive results follow. Confidence grows as the workflow becomes increasingly streamlined. Fewer questions are raised because fewer appear necessary. Fewer questions are raised because fewer appear necessary. For a while, the system appears to work exactly as intended. At first, the inconsistencies seem minor. High-value targets stop producing results. The activity shifts gradually, then more noticeably. (SMALLWARSJOURNAL.COM)

Americans and AI 2026: Chatbots, smart devices and views on impact

Artificial intelligence (AI) is no longer a futuristic concept – it’s transforming everything from medicine to work to entertainment. At the same time, Americans are using chatbots more than ever before and some are bringing smart devices into their households, according to a new Pew Research Center survey of U.S. adults. About half of U.S. adults now report using AI chatbots, up substantially from the summer of 2024.1 This includes roughly one-in-four who use these tools on daily basis. (PEWRESEARCH.ORG)

Why Amazon hates ‘human-in-the-loop’ AI governance

Humans tend to be “a little bit precious about humans,” according to Eric Brandwine, distinguished engineer and VP at Amazon Security. We like to think we are all very good at our jobs, and we have high opinions of ourselves, he explained during a phone interview with The Register. “But when you actually get down to it, humans are not terribly consistent,” Brandwine said. Humans, like AI agents and systems, are non-deterministic. Neither can be guaranteed to produce the same output given the same input twice. Both will make mistakes and even make stuff up. However, we’ve got millennia of experience dealing with humans and less than a decade with more modern LLMs and the AI systems built on top of them. (THEREGISTER.COM)

Commercial

Anatomy of a retail ransomware attack: Tabletop simulates modern mayhem methods

Attacks on AI systems and disinformation starred as key elements of a ransomware tabletop exercise CSO participated in during this month’s Infosecurity Europe conference. The “Enter the War Room” exercise — organised and run by cybersecurity vendor Semperis — featured a scenario focused on a cyberattack against a fictional supermarket chain, BlueCart. CSO took part as one of eight members of a red team of supposed national state–linked attackers (APT 64, AKA Checkout Chaos) that was as much interested in thrashing the reputation of the supermarkets it targeted and causing disruption as in making money. (CSOONLINE.COM)

Communications

FCC to review telecom supply chain security reporting requirements amid rising cybersecurity, espionage threats

The U.S. Federal Communications Commission (FCC) is seeking public comment on an information collection review tied to its supply chain security oversight, highlighting the growing regulatory focus on cybersecurity risks in telecom infrastructure. As part of the FCC’s review under the Paperwork Reduction Act, the notice requires agencies to assess whether information collections are necessary, accurate and minimally burdensome. The Commission is specifically seeking feedback on the practical utility of the data collected, the accuracy of its burden estimates and ways to improve the quality, clarity and security of information submitted by respondents. (INDUSTRIALCYBER.CO)

Data centers

Amazon employees file civil rights complaint over company probe into data center testimony

An employee group filed a civil rights complaint against Amazon with the City of Seattle on Thursday on behalf of three engineers who allege that the company is wrongly investigating them for testifying before the Seattle City Council in favor of regulating data centers. The complaint, filed by Amazon Employees for Climate Justice (AECJ), invokes an unusual Seattle law that bars employers from discriminating against workers based on political ideology. Amazon acknowledged the investigations but characterized them differently, citing its policy against employees speaking publicly as representatives of the company without first going through specific procedures. (GEEKWIRE.COM)

Defense

DoD excels at prototyping. Getting to production is another story

The Defense Department is skilled at developing prototypes to test innovations, but speakers at the Defense One Tech Summit told attendees on Tuesday that getting the tech into production remains a challenge. “We’ve gotten really good at prototyping innovation, however you want to define it. But the challenge is what does it lead to,” said Jerry McGinn, senior fellow of the defense-industrial initiatives group at Center for Strategic and International Studies. McGinn was joined on a panel at the summit by Kedar Pavgi, director of commercial strategy and operations at the Defense Innovation Unit; and Veronica Daigle, president of the national security practice at investment firm Red Cell Partners. (NEXTGOV.COM)

Health care

These workers thought they were getting an extra day off. Turns out it was just a ‘cruel’ cyber test

Union leaders in Newfoundland and Labrador say a “cruel” cybersecurity test has outraged health-care workers across the province and may push some to an early exit. Thousands of nurses, doctors and other workers at Newfoundland and Labrador Health Services (NLHS) received emails from the employer on Tuesday, promising an extra paid day off in recognition of recent hard work — only to learn later that the email was a phishing cybersecurity test, designed to trick employees. (CP24.COM)

Defense

DoD excels at prototyping. Getting to production is another story

The Defense Department is skilled at developing prototypes to test innovations, but speakers at the Defense One Tech Summit told attendees on Tuesday that getting the tech into production remains a challenge. “We’ve gotten really good at prototyping innovation, however you want to define it. But the challenge is what does it lead to,” said Jerry McGinn, senior fellow of the defense-industrial initiatives group at Center for Strategic and International Studies. McGinn was joined on a panel at the summit by Kedar Pavgi, director of commercial strategy and operations at the Defense Innovation Unit; and Veronica Daigle, president of the national security practice at investment firm Red Cell Partners. (NEXTGOV.COM)

Health care

These workers thought they were getting an extra day off. Turns out it was just a ‘cruel’ cyber test

Union leaders in Newfoundland and Labrador say a “cruel” cybersecurity test has outraged health-care workers across the province and may push some to an early exit. Thousands of nurses, doctors and other workers at Newfoundland and Labrador Health Services (NLHS) received emails from the employer on Tuesday, promising an extra paid day off in recognition of recent hard work — only to learn later that the email was a phishing cybersecurity test, designed to trick employees. (CP24.COM)

Senate lawmakers bring back acquisition reforms dropped from final 2026 NDAA

The fiscal 2026 defense policy bill contained some significant reforms to defense acquisition processes — congressional leaders said the legislation would deliver “the most significant acquisition reforms in a generation.” But several key provisions were scaled back or dropped entirely from the final version of the bill. Now, some of the ideas that failed to survive negotiations last year are resurfacing in the Senate Armed Services Committee’s version of the fiscal 2027 authorization bill while building on existing reforms enacted in the 2026 National Defense Authorization Act. (FEDERALNEWSNETWORK.COM) 

Committee sets vote on data center, grid bills

The House Energy and Commerce Committee will take initial steps this week to advance legislation that would make sure ratepayers don’t foot the bill for data center expansion along with measures to address the need to transmit more power across the country to meet rising demand. The Energy Subcommittee, chaired by Rep. Bob Latta (R-Ohio), will vote on a suite of bills including the bipartisan “Ratepayer Protection Act” on Wednesday as part of an electricity policy focused markup, the details of which were shared first with POLITICO. That headlining bill would codify the principle behind President Donald Trump’s “Ratepayer Protection Pledge,” where Big Tech companies committed to covering their own data center energy costs. (EENEWS.NET)

COMMITTEE ACTIVITY

TRANSPORTATION: The Senate Commerce, Science, and Transportation Subcommittee on Aviation, Space, and Innovation will hold a June 23 hearing on improving safety in national airspace.

CRITICAL MINERALS: The House Energy and Commerce Subcommittee on Environment will hold a June 24 hearing examining legislation to support domestic critical mineral recovery and recycling.

DHS: The House Appropriations Subcommittee on Homeland Security will hold a June 25 oversight hearing for the Department of Homeland Security.

CHINA: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party will hold a June 25 hearing on China’s economic espionage and subnational influence in the United States.

CISA urges hardening Fortinet devices after reports of credential exposure

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways. (CISA.GOV)

Cyber criminals redirecting users to fraudulent websites with malicious traffic distribution systems

The Federal Bureau of Investigation (FBI) is publishing this Public Service Announcement (PSA) to warn the public of cyber criminal use of traffic distribution systems (TDSs) to gain access to victim networks for ransomware or other financial scams. TDS is a technology used to route internet traffic visitors to different destinations after users visit webpages, click advertisement links, sign up for promotions and discounts, or download an application. Cyber criminals use TDSs to selectively redirect users to compromised or fake login websites that can host phishing pages for online financial fraud or prompt users to download software updates containing malware. (IC3.GOV)

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-20253 Splunk Enterprise Missing Authentication for Critical Function Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

QUANTUM: The Center for a New American Security will hold a virtual panel discussion on June 23 on the future of U.S. quantum networking policy. Panelists will examine the national and economic security stakes of different quantum networking applications, compare U.S. and Chinese approaches and progress, and discuss the policy choices most likely to strengthen U.S. leadership in the field.

TECH SOVEREIGNTY: On June 24, the Atlantic Council’s Europe Center and Atlantic Council Technology Programs will host a conversation with Roberto Viola, director-general of DG Connect at the European Commission, on the EU’s rapidly evolving approach to tech sovereignty and its implications for transatlantic cooperation.

CHINA AND AI: Join CNAS on June 24 for a live event on China’s AI capabilities and the risks to U.S. national security. The event will mark the release of a new CNAS report, “Red Lines: Understanding the National Security Risks of China’s Advanced AI,” which assesses the capabilities and trajectory of China’s advanced AI models, provides a framework for understanding the risks to national security, and outlines actionable recommendations for a stronger U.S. analytical capacity and response.

ARCTIC: New technologies such as low-earth-orbit sensing and communication satellites and autonomous vehicles are making Arctic operations easier and more effective for military and commercial users. Please join Hudson Institute and Ocean Conservancy for a June 25 public event on changing conditions in the Central Arctic Ocean and the implications for governance, economic development, conservation, and national security.

AI AND EXPORT CONTROL: Join House Foreign Affairs Committee Chairman Brian Mast and Senator Jim Banks for a June 25 fireside chat hosted by the Hudson Institute on Congress’s role in U.S. export control strategy to outcompete China in technology and AI development. The conversation will examine ways to close loopholes, guard America’s most critical technologies, and prevent Beijing from leveraging American innovation against American interests. 

DATA CENTERS: Join the CSIS Strategic Technologies Program for a June 25 discussion on the future of data centers and AI infrastructure in the United States. The event will feature two panels bringing together federal and local government officials alongside industry leaders to examine the policy, economic, and security implications of large-scale data center expansion. The conversation will explore how the United States can scale the infrastructure required for advanced AI systems while ensuring resilience, trusted operations, and long-term strategic advantage.

CHINA MARITIME: On June 26, the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security will host a fireside chat with Rear Admiral Jay Tarriela of the Philippines Coast Guard on maritime security developments in the South China Sea.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders. 

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP