Cyber Briefing – June 23, 2026

FIVE EYES WARNING TO ‘ACT NOW’ ON FRONTIER AI THREATS: Powerful AI models capable of devastating new cyber attacks on governments and businesses are mere months away, intelligence agencies for the Five Eyes have warned in a rare joint statement urging leaders to “act now,” The Guardian reports. The surprising public intervention by signals agencies for Australia, the U.S., the UK, New Zealand and Canada comes after the Trump administration earlier this month decided to block “foreign nationals” from using a much-hyped AI model built by tech company Anthropic, called Fable. The statement, issued Monday, said while AI “would help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats.”

• “Cyber risk can no longer be treated as a purely technical issue,” Five Eyes leaders Stephanie Crowe, Rajiv Gupta, Catriona Robinson, Richard Horne, David Imbordino and Nick Andersen said in their joint statement. “This is a core business risk and leadership responsibility. Boards and executives should ensure cyber resilience is in place and works under pressure. It is not enough to have controls. Leaders must be confident those controls will perform during a real incident. This requires reassessing long-standing trade-offs and using AI deliberately to strengthen defence – not just improve efficiency.”

QUANTUM EXECUTIVE ORDERS: President Trump accelerated his efforts to boost the burgeoning quantum-computing industry, signing a pair of executive orders aimed at speeding the development of advanced quantum computers and mitigating the security threats they present, The Wall Street Journal reports. One of the orders the president signed Monday directs federal agencies, including the Energy Department, to work with the private sector and academics to deploy a quantum computer powerful enough to conduct scientific research by 2028. Such benchmarks are seen as crucial to showing that the technology has real-world applications. Quantum computers are capable of solving problems much faster than traditional supercomputers, making them a growing priority for countries around the world.  

• READ THE EOs: Ushering in the next frontier of quantum innovation and Securing the nation against advanced cryptographic attacks

IRAN WAR SPOTLIGHTS MAJOR DATA VULNERABILITY: As the war between the United States and Iran reaches a ceasefire, U.S. Central Command (CENTCOM) has received reports of an alarming activity, the first known of its kind: a U.S. adversary using commercial location data to track and target U.S. forces in the Middle East. This likely refers to data on the latitude, longitude and identifiers of a specific mobile device, obtained via advertising technology, data-selling or other systems. It is far more than an isolated incident in one region. An adversary, likely Iran, using commercial location data in this fashion — tapping into the sea of commercial data to enable military or intelligence operations — spotlights a major vulnerability in the United States’ digital footprint, Justin Sherman writes at Lawfare.

• Information obtained by Alhurra from four Iranian opposition figures points to an extensive cyber warfare network operated by Iran’s Islamic Revolutionary Guard Corps (IRGC), with units deployed both inside and outside Iran and receiving advanced training under the supervision of foreign experts. According to the sources, the IRGC’s Cyber Command oversees roughly 3,000 cyber battalions engaged in electronic warfare operations across Iran and abroad. The most sensitive and sophisticated missions, however, are reportedly carried out by Iranian cyber units based in Europe. These battalions are composed of multinational mercenaries recruited by the Quds Force — the IRGC’s external operations arm — to carry out intelligence missions on behalf of Tehran, the sources said. 

DATA CENTERS’ POWER THIRST COULD DOUBLE BY 2030: Data centers could more than double their share of U.S. power and account for 9.5 to 15 percent of electricity use by decade’s end, according to a new analysis backed by the Department of Energy. The long-awaited report from Lawrence Berkeley National Laboratory suggests that pressure on the electricity grid from artificial intelligence is growing, E&E News reports. The findings are the first major estimate from the lab on data centers’ future power use during the second Trump administration. “Although successive generations of computing hardware improve in energy efficiency,” the report says, “the scale and growth of computational demand more than offset these efficiency gains, leading to continued increases in absolute electricity consumption.”

• The heartbeat of the artificial intelligence economy sounds like a low-frequency thrum of a neighbor’s central air-conditioning unit, an airplane flying overhead at high altitude or a truck engine idling down the road. But it feels like the vibrating, rhythmic pulse of a subwoofer from a party that will never end. Yes, the cloud has a sound, and some who live closest to data centers that emit the noise have reached their wit’s end trying to block it out, The New York Times reports. Residents in three small cities last month filed lawsuits against data centers specifically about noise.

• MORE: 6 takeaways from FERC’s data center interconnection decision at Utility Dive

U.S. OPTIONS FOR POTENTIAL ESCALATING SPACE CONFLICT: With Space Force leaders making the case that the service must grow to meet the demand of new threats, a recent workshop with 50 experts studied how those threats could impact American civilian and military capabilities as they escalate in severity and how the U.S. might respond to them, Air and Space Forces Magazine reports. The Mitchell Institute Spacepower Advantage Center of Excellence hosted the workshop in January and is releasing a 40-page report summarizing the results this week, coauthored by retired Cols. Charles Galbreath, Jennifer Reeves, and Kyle Pumroy. The report includes six key findings and seven recommendations based on them, but the big picture takeaway, Galbreath told reporters Monday, is that the threat, especially from China, is such that the Space Force needs sustained growth on top of the sizable increase being proposed for fiscal 2027.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

In this episode of Cyber Focus, Frank Cilluffo sits down with FBI Assistant Director for Cyber Brett Leatherman for a wide-ranging conversation about how the bureau is using law enforcement authorities, intelligence, partnerships and court-authorized technical operations to disrupt adversaries, help victims and defend U.S. critical infrastructure. Leatherman explains why the FBI expects to conduct more operations like Operation Masquerade, which evicted Russian GRU actors from compromised routers, and why privately owned routers, edge devices and small networks can become valuable infrastructure for foreign intelligence services and criminal groups. He also discusses the rise of agentic AI in ransomware, China-linked threats to operational technology and critical infrastructure, Operation Winter SHIELD, supply-chain risk and why early victim reporting can help the FBI move upstream against cyber adversaries.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Agriculture

New screwworm cases found in two more Texas counties as U.S. total reaches 16

New World screwworm cases continue to rise in the United States. The U.S. Department of Agriculture has now confirmed 16 infestations nationwide, with 15 in Texas and one in New Mexico. The latest detections include two calves in Edwards County, a lamb in Crockett County and a goat in Terrell County. The Crockett and Terrell County cases are the first reported infestations in those counties. The Edwards County cases were found within an area already affected by the flesh-eating parasite. The Crockett County case was detected outside the current affected zone. (TPR.ORG)

ALSO: Texas launches ‘one stop shop’ website for info on New World screwworm outbreak (STATESCOOP.COM)

Breaches

Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach

Tata Electronics, an Indian electronics and semiconductor manufacturer and a key supplier to Apple and Tesla, among other tech giants, confirmed a data breach weeks after files purportedly obtained from the company appeared on a hacker forum. The confirmation comes as the hacker forum listing claims to offer more than 630GB of data allegedly stolen from Tata Electronics, comprising over 204,300 files. A review of a sample of the files by TechCrunch found what appear to be Apple supplier specifications and Tesla manufacturing documents. The authenticity, provenance, and completeness of the data could not be independently verified. (TECHCRUNCH.COM)

Hundreds of Belgian organizations hit by cyberattack

Around 270 organizations in Belgium, including law firms, local councils and schools, were affected by a cyberattack in February after their firewalls were compromised. According to Belgian cybersecurity company Secutec, more than 100 of these organizations can still be accessed online using stolen administrator accounts. The attack is linked to a Russian hacking group and targeted systems connected to U.S. cybersecurity firm Fortinet. Secutec described it as one of the biggest security incidents ever involving a cybersecurity supplier. (BELGANNEWSAGENCY.EU)

Commercial

Federal probe finds Surfside collapse started three weeks before final breakdown

Federal investigators concluded that the catastrophic 2021 partial collapse of the Champlain Towers South condominium in Surfside, Fla., began roughly three weeks before the building fell. In a report released on Monday, the National Institute of Standards and Technology, or NIST, determined that a structural failure first occurred at two critical garage column connections beneath the pool deck in early June 2021. That failure trapped the 12-story building in an undetected, slow-motion domino effect that ultimately claimed 98 lives, concluding something that many engineers had long suspected. (WSJ.COM)

Cryptocurrency

JaredFromSubway MEV bot hacked in $15 million crypto theft

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. The drain was detected on Saturday by blockchain security firm Blockaid, and today, JaredFromSubway confirmed that the attacker used fake pools and tokens to trick the bot into approving helper contracts. According to Blockaid, the attacker deployed contracts designed to appear as profitable MEV opportunities to JaredFromSubway’s automated execution system. (BLEEPINGCOMPUTER.COM)

Cybercrime

Two Britons plead guilty to £39m 2024 cyberattack on Transport for London

Two British cybercriminals from the Scattered Spider hacking group have pleaded guilty to a cyber-attack on Transport for London in 2024 that cost £39m and affected 10 million people. Thalha Jubair, 20, and Owen Flowers, 18, pleaded guilty to offences under the Computer Misuse Act at Woolwich crown court on Monday. The National Crime Agency (NCA) said the duo were part of an online hacking community known as Scattered Spider, suspected of carrying out several attacks in recent years. TfL, the London mayor’s transport authority, handles up to 5m passenger journeys a day on the underground alone. (THEGUARDIAN.COM)

Health care

Xsolis data breach affects 1.4 million individuals

Healthcare technology company Xsolis, Inc. has disclosed a data breach affecting nearly 1.4 million individuals. Tennessee-based Xsolis provides utilization management and revenue cycle solutions for hospitals, health systems, and payers. The company published a data security notice in early June, revealing that unauthorized activity was detected on its systems on January 22. The intrusion resulted from a targeted phishing attack carried out two days earlier. (SECURITYWEEK.COM)

How 100 hospitals switched to pen and paper to defeat a national cyberattack

One after another the calls came in from hospitals; criminals were infecting computer networks in a mass hack that was putting countless lives at risk. At Bucharest’s national cybersecurity centre (DNSC) they watched helplessly as the hackers spread across Romania through a popular piece of medical software. Cyber-chief Dan Cimpean had a tough decision to make, but it was the only option they had. The order went out to more than 100 hospitals. Disconnect from the internet, now. (BBC.COM)

Transportation

Fatal Tesla crash into Texas home now under federal safety investigation

U.S. auto-safety regulators have opened an investigation into a fatal wreck involving a Tesla that crashed into a home Friday evening and killed one person inside. The National Highway Traffic Safety Administration, the top auto regulator in the country, said Monday that it would examine a crash involving a Tesla Model 3 near Houston. The driver of the Tesla told police he was operating with an automated driving assistance system, according to a statement by the Harris County Sheriff’s Office. The vehicle left the roadway, “entered through the brick residence at a high rate of speed,” and struck a woman who was inside, sheriff’s officials said. (WSJ.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Researchers detail DifyTap flaws in Dify that could expose AI chats across tenants

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers’ applications without requiring authentication. The vulnerabilities have been collectively codenamed DifyTap by Zafran Security. “Two were critical severity, two required no authentication, and three carried cross-tenant impact on Dify’s multi-tenant cloud service, allowing one customer’s data to be exposed to another,” researchers Ido Shani and Gal Zaban said. (THEHACKERNEWS.COM)

Malware

WhatsApp VBScript campaign uses fake documents to install ManageEngine RMM tool

Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp Web across Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, Australia, Russia, and Vietnam. The highest concentration of victims has been reported in Malaysia. “The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment,” security researcher Fareed Radzi said. (THEHACKERNEWS.COM)

FlutterShell malware uses C2-delivered JavaScript payloads to evade sandbox detection

Targeted macOS endpoint monitoring, the CL-CRI-1089 cluster tied to Operation FlutterBridge repurposes the Flutter framework to deliver a novel macOS malware family dubbed FlutterShell. Rather than rehashing prior campaign reporting, this piece treats recovered artifacts as a technical detection case study built from static analysis of ten Mach‑O samples collected between December 2025 and March 2026. Across three generations and both x86_64 and arm64 architectures, the threat demonstrates a deliberate separation of static binary and malicious command payload. (GBHACKERS.COM)

Phishing

Zscaler: Phishing attacks targeting government up 50% amid overall decline

Cyberattackers are using phishing to target government networks more than ever, with the government sector logging a 50% increase in phishing attacks in 2025, according to a new report from the cybersecurity platform provider Zscaler. The Zscaler ThreatLabz 2026 Phishing and Initial Access report found that phishing attacks on the government rose from 92.4 million to 138.5 million between 2024 and 2025. Globally, government was the third-most targeted industry in the Zscaler cloud, the report said. “Public sector organizations cannot reduce their digital footprint and attackers know it. The incentives are broader, ranging from disruption to intelligence gathering to influencing operations,” said the report, which contained multiple recommendations to help government and other sectors fight off phishing attacks. (MERITALK.COM)

CodeStorm phishing kit uses tenant-aware M365 replay to hijack Microsoft 365 accounts

A highly sophisticated Microsoft 365 phishing campaign leveraging the CodeStorm phishing kit. This multi-organization campaign uses a clever mix of rotating frontend infrastructure and a stable, tenant-aware backend to hijack accounts. By combining deceptive voicemail lures with real-time credential replay, attackers can bypass multi-factor authentication (MFA) and leave clear traces in a victim’s Entra ID logs. The attack begins with a deceptive email that appears to be a standard Microsoft voicemail notification. It includes a reference ID, duration, and a prominent button to open a voicemail portal. However, the true evasion technique lies beneath the surface. (CYBERPRESS.ORG)

Supply chain

Malicious npm packages pose as postCSS tools to deliver Windows RAT

All the packages were published over the past month by an npm user named “abdrizak” and continue to be available for download from npm as of writing. “Aes-decode-runner-pro and postcss-minify-selector-parser both present themselves as layered AES/custom-codec packages and depend on the legitimate postcss-selector-parser,” JFrog said in an analysis. “Postcss-minify-selector presents itself as a PostCSS selector minifier and depends on postcss-minify-selector-parser.” (THEHACKERNEWS.COMM)

Vulnerabilities

Unpatchable BootROM flaw impacts Apple A12, A13 chips

A novel iPhone BootROM vulnerability has been discovered by researchers that gives attackers with physical access a route to compromise the boot chain on Apple A12, S4/S5 and Apple A13 systems-on-chips (SoCs). Paradigm Shift’s new analysis shared how the bug, which the firm dubbed usbliter8, could be exploited by combining a hardware vulnerability in the USB controller with a firmware configuration flaw in SecureROM. The finding matters because BootROM code is immutable after manufacture. Unlike recent Apple software flaws, this class of issue cannot be fully corrected through an operating system update. (INFOSECURITY-MAGAZINE.COM)

Decades-old Squid Proxy flaw ‘Squidbleed’ can expose user data

Security researchers at Calif.io have disclosed a memory leak vulnerability in Squid Proxy that has existed in the software since 1997. Squid is a widely used open source web proxy that can reduce bandwidth and improve response times via caching. Squid supports HTTP, HTTPS, FTP, and other protocols. Calif researchers discovered that Squid is affected by a vulnerability that is similar to the notorious OpenSSL vulnerability known as Heartbleed, which is why they have dubbed it Squidbleed. (SECURITYWEEK.COM)

FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed ‘PixelSmash’ could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. The vulnerability is tracked as CVE-2026-8461 and is a heap out-of-bounds write in the MagicYUV decoder. It received a high-severity score of 8.8 and can be leveraged via a malicious video file in AVI, MKV, or MOV format. Any application that uses libavcodec, FFmpeg’s core library for video decoding and encoding, is considered vulnerable. (BLEEPINGCOMPUTER.COM)

Critical libssh2 vulnerability lets remote attackers execute code via crafted SSH packets

A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by sending specially crafted SSH packets. The vulnerability, tracked as CVE-2026-55200, has a CVSS score of 9.2 and affects libssh2 versions up to and including 1.11.1. The issue has been resolved in a recent patch commit, 7acf3df, following responsible disclosure by security researcher Tristan Madani. The vulnerability is classified as CWE-680, an integer overflow that leads to a buffer overflow. Specifically, the flaw exists in the `ssh2_transport_read()` function within `transport.c`. Here, insufficient validation of the `packet_length` field allows attackers to trigger an out-of-bounds write. (GBHACKERS.COM)

China

The People’s Liberation Army navy’s approach to maintenance management

The ability for navies to procure, field, and sustain large surface combatants is central to modern power projection. The U.S. Navy’s approach to ship procurement coupled with infrastructure issues and workforce shortages at U.S. shipyards have led to significant delays in both naval shipbuilding and maintenance activities. Tensions between high operational demands and the need to conduct training and maintenance to sustain ship readiness levels have resulted in significant mishaps and crashes. The ability of the People’s Liberation Army Navy (PLAN) to sustain its growing inventories of more-capable systems will rely on its logistics capabilities and processes. Understanding the PLAN’s approach to maintenance management is a necessary step in assessing the People’s Liberation Army’s ability to sustain a modernized force, and there are implications for both competition and conflict. (RAND.ORG)

China is turning the waters east of Taiwan grey

OPINION: China’s opposition to Japan and the Philippines’ maritime boundary delimitation talks shows how China is using its “sovereignty narrative” to turn a normal bilateral maritime legal process into a pretext to extend its jurisdictional claims into the waters east of Taiwan. On May 28, after the Japan-Philippines Summit Meeting, both countries announced that they would begin formal delimitation talks over overlapping parts of their exclusive economic zones and continental shelves, in accordance with the United Nations Convention on the Law of the Sea (UNCLOS). China’s Ministry of Foreign Affairs quickly issued a statement, claiming that the Japan-Philippines talks “seriously infringed upon China’s maritime rights and interests” and were “completely illegal and invalid.” (LOWYINSTITUTE.ORG)

Can China’s latest air-to-air missile take on its US equivalent? Definitely maybe, experts say

China’s newest air-to-air missile, the PL-16, could vie with an equivalent advance by the U.S. military and give the People’s Liberation Army an edge in any Asia-Pacific conflicts because of its increased travel distance and a second-wind feature, experts say. The PL-16 beyond-visual-range missile as described in social and trade media would answer Lockheed Martin’s AIM-260 Joint Advanced Tactical Missile (JATM) for the U.S. armed forces, analysts believe, and improve on previous generations developed in China. (MILITARYTIMES.COM)

Iran

If Iran accepts new inspections, can the U.S .even make them work?

A new U.S.-Iran peace plan can work only if the United States can overcome three difficult challenges, experts said: the Iranians must agree to tighter international inspections, the inspecting agency must fix its budget crisis, and the White House must heed nuclear experts over real-estate developers with ties to President Trump. As U.S. and Iranian diplomats met in Switzerland on Monday, they seemed unable to agree even about whether they disagreed on inspections. U.S. Vice President JD Vance triumphantly proclaimed that the Iranians had agreed to allow the return of International Atomic Energy Agency inspectors back to monitor nuclear materials and research activity. Iranian officials said they’d done no such thing. Should the Iranians agree, experts said, the IAEA will have enough technical expertise to make inspections work again, but only if U.S. nuclear security professionals are involved, experts said. (DEFENSEONE.COM)

Russia

Russia’s Wiki warfare tries to distort reality, documents show

Russian influence operators called it Project 2026. The plan wasn’t just to spread fabricated stories on social media platforms. It outlined efforts to create an alternative information ecosystem. Leaked documents from a private Russian agency reviewed by Bloomberg News reveal plans to build a sprawling network of Wikipedia-style reference sites, media outlets and phony think tanks to shape how people and AI chatbots understand political issues. The documents from the Social Design Agency (SDA), which has been sanctioned by the U.S., the UK and the European Union for supporting Kremlin-directed disinformation, show how the Moscow-based agency has emerged as a central node in Russia’s cognitive warfare system, involved in false flag operations and planting sham stories online. (BLOOMBERG.COM)

Russia is building huge protective shelters for Its strategic bombers

Satellite imagery reveals Russian progress in building protective shelters for its military aircraft, which now extends to long-range bombers, an unprecedented development for the Russian Aerospace Forces. The imagery reveals extensive work underway at Russia’s Engels Air Base, one of the country’s most important long-range aviation hubs, marking a significant shift after decades of leaving these high-value aircraft exposed on the flight line. The base has long been a key target for Ukraine, due to its central role in the cruise missile campaign waged by Russia against that country. A satellite image taken on June 20, 2026, obtained by TWZ from Planet Labs, shows the extent of construction work on shelters at Engels Air Base in the Saratov region in the southeast of the country. Unlike previous protective shelters, which are sized for tactical aircraft, those at Engels are much larger, in keeping with the dimensions of the Tu-95MS Bear-H and Tu-160 Blackjack strategic bombers that are stationed there. (TWZ.COM)

Artificial intelligence

AI companies should release environmental impact, commit to clean energy, says UN chief

United Nations Secretary-General António Guterres on Tuesday called on artificial intelligence companies to release information about the carbon pollution they create, along with the water and land used to power their operations. While urging action in an address at London Climate Action Week, Guterres proposed the AI Environmental Transparency Initiative, arguing AI companies should measure and disclose the impact of their increasingly in-demand technology — impact which has been cited by opponents as reasons to curb the rapid growth of data centers. These companies have faced mounting pressure, both from governments and locally in areas with data centers that support AI, for increased transparency and more standardized reporting across the industry. (APNEWS.COM)

Power, dilution and the AI chokepoint

OPINION: On June 12, global access to Anthropic’s new Mythos-class models – the most capable ever released – was abruptly disabled. This was in response to a White House directive to restrict access to all foreign nationals. Without a way to verify user nationality in real time, Anthropic took the models offline for everyone. It was the first time export controls have been used to restrict access to AI models (as opposed to the chips or weights underpinning them). And it came only days after Trump signed an executive order requesting early government access to every frontier model before public release. An administration explicit about wanting to win the AI race has just shown how readily state-level power concentration can be exercised. (LOWYINSTITUTE.ORG)

First Amendment questions for AI transparency laws

OPINION: The basic idea behind AI transparency laws is straightforward: As AI plays a larger role in public life, the public should have access to basic information about how these systems are built and the risks they pose. But laws requiring companies to publish information about their AI systems can face First Amendment scrutiny. Legislators drafting disclosure requirements will need to do so with an eye toward how courts may evaluate those laws. (LAWFAREMEDIA.ORG)

Cybercrime

Europol and INTERPOL strengthen partnership against global criminal threats

Europol and INTERPOL have renewed their joint commitment to combatting transnational organized crime, agreeing on a new set of Joint Key Operational Priorities (JKOP) that will guide cooperation between the two organizations in the year ahead. The renewed framework strengthens coordination across a range of crime areas, including organized crime, cybercrime, economic and financial crime, and counter-terrorism. Developed jointly by operational experts from both organizations, the priorities are designed to support a more proactive and coordinated response to criminal networks operating across borders. (EUROPOL.EUROPA.EU)

Defense

DIA considering new AI-powered platform to streamline procurement system

The Defense Intelligence Agency is taking steps toward the potential launch of an artificial intelligence prototype project as it seeks new technologies to overcome inefficiencies in its procurement enterprise. The DIA — which has a workforce of more than 16,000 personnel and is tasked with providing intel support to the military and Intelligence Community — issued an RFI on June 17 to inform its pursuit of a next-generation, AI-powered “acquisition platform.” The organization is “exploring innovative approaches to improve the effectiveness, usability, transparency, and speed of the federal acquisition lifecycle through an AI-enabled procurement environment integrated with FAR, DFAR, and Agency processes,” officials wrote in the sources-sought notice. (DEFENSESCOOP.COM)

Drones

Army looking toward autonomous robots to recover its downed vehicles from combat zones

The Army is looking for an autonomous ground vehicle to get its broken platforms out of combat zones, the service said in a notice last week, as it continues exploring the use of robots for difficult battlefield tasks. In a request for information posted June 17, officials said the service was interested in a “robust, ruggedized” vehicle to help recover disabled equipment in contested environments. The vehicle should be able to execute recovery missions in denied network conditions while reducing the number of soldiers needed to participate without draining resources on the operating unit. The service has been experimenting with ground robots for various tasks such as medical evacuations and logistics resupply, often looking to Ukraine for solutions after Kyiv significantly bolstered its use of unmanned ground vehicles for such missions amid the war with Russia. (DEFENSESCOOP.COM)

Kyiv’s drone leverage moved the U.S. Moscow could be next, a top Ukrainian official says

U.S. President Donald Trump told Ukrainian President Volodymyr Zelenskyy at the Group of Seven summit in France that he would consider letting Ukraine build its own Patriot interceptor missiles, the first time Washington has signaled openness to a request Kyiv has made since Russia launched its full-scale invasion in 2022. Ukraine previewed the shift weeks before Trump’s signal proved the point. Asked by Defense News earlier this month in Kyiv whether its growing web of weapons deals was changing its hand in the peace talks, Kyrylo Budanov, head of the Office of the President of Ukraine and the country’s former military intelligence chief, said Kyiv no longer comes to the table empty-handed. (DEFENSENEWS.COM)

Health care

VA medical facility security: Actions needed to address longstanding risks

The Department of Veterans Affairs (VA) is responsible for securing its facilities. GAO has identified security challenges at VA medical facilities and made recommendations to help manage related risks. In January 2018, for example, GAO found limitations with VA’s risk assessment methodology and recommended VA review and revise its risk management policies to reflect interagency standards and develop an oversight strategy to assess its facilities’ risk management programs. VA has not fully implemented these recommendations. In April 2026, GAO reported that its 2025 covert testing found security vulnerabilities at selected VA facilities related to security vulnerabilities that VA had previously identified in its risk assessments of its medical facilities. Specifically, VA failed to detect almost all of GAO’s covert tests. (GAO.GOV)

ISACs

MS-ISAC membership tops 5,700 after funding shift

Less than a year since its pivot to a paid membership model, the Multi-State Information Sharing and Analysis Center’s (MS-ISAC) ranks have come to include 5,703 state, local, territorial and tribal (SLTT) members. MS-ISAC has for two decades provided no-cost cybersecurity support through federal funding — and its membership had topped 18,000 SLTTs in May 2025, according to a report cited in September shortly before its federal funding ended. When news of the federal funding cut came in early 2025, the nonprofit needed to rethink the way it would continue serving entities that relied on the community, collaboration and information sharing it had engendered across government bodies of all shapes and sizes. (GOVTECH.COM)

Maritime

Drones, cables and the Indonesia–Australia maritime frontier

OPINION: Indonesia and Australia share a maritime boundary of approximately 3,000 kilometres, one of the longest in the world. A series of meetings between Indonesian and Australian maritime security institutions in the past two months has sought to strengthen bilateral cooperation, following the inaugural Indonesia-Australia Maritime Dialogue established last year by President Prabowo Subianto and Prime Minister Anthony Albanese. Rapid technological development in the maritime domain has become a defining focus of the new dialogue. Drone systems, for example, offer the technology needed to extend and enhance Indonesia’s operational surveillance and were a focus of a visit by the Australian Border Force (ABF) to the Indonesian Coast Guard (BAKAMLA) headquarters in April this year. (LOWYINSTITUTE.ORG)

Resilience

Policymakers struggle to factor cybersecurity into federal funding programs

A new policy report is urging Congress and the Trump administration to more effectively make cybersecurity a factor in grants and other federally funded projects, as power grids, water utilities and other critical systems are increasingly vulnerable to hacking threats. In a policy memo first shared with Federal News Network, the Institute for Security and Technology says Congress has missed multiple opportunities in recent years to include stronger cyber requirements in infrastructure investments and other big spending legislation. Agencies have also largely failed to implement and ensure cyber standards are upheld as they awarded billions of dollars in grants and other funding to state and local governments and the private sector for infrastructure upgrades, according to the report. (FEDERALNEWSNETWORK.COM)

Space

Report: Kennedy Space Center not ready for era of super heavy rockets

NASA’s infrastructure at Kennedy Space Center, the crown jewel of U.S. spaceports, is aging and approaching its limit due to increased demand from private companies, including SpaceX and Blue Origin, a new report finds. “NASA’s launch infrastructure is vital to providing the agency, other government agencies, and commercial partners access to space for their most complex and expensive missions,” states the report, published by the NASA Office of Inspector General. “Nevertheless, NASA’s launch infrastructure is dated and often does not provide the capacity to meet the growing demands of the agency and its partners.” (ARSTECHNICA.COM)

Senate defense bill seeks to attract cyber talent, limit civilian layoffs

Senate lawmakers want to give the Defense Department new tools in fiscal 2027 to recruit and retain cyber talent, limit the department’s ability to carry out workforce reductions and establish a program to retain high-performing supervisors and managers across the department. The Senate Armed Services Committee’s version of the fiscal 2027 defense policy bill includes several Pentagon-backed civilian workforce initiatives while adding protections for civilian employees at some DoD organizations and increasing congressional oversight of workforce reductions. (FEDERALNEWSNETWORK.COM)

House unveils bipartisan kids online safety deal

House lawmakers announced a bipartisan deal on a package for protecting kids online on Monday, months after negotiations on digital and social media regulation fell apart between the two parties. House Energy and Commerce Committee Chair Brett Guthrie (R-Ky.) and Rep. Frank Pallone (D-N.J.) said they “worked across the aisle for many months” and found “common ground on polices to significantly improve the digital environment” for kids. “Through empowering parents, establishing safety as a default, strengthening privacy for children and teens, increasing transparency around data brokers, and holding Big Tech accountable, the KIDS Act delivers the 21st century protections parents have demanded and our kids deserve,” the lawmakers wrote in a statement. (THEHILL.COM)

Intelligence Democrats warn Trump nominee Bill Pulte as ODNI braces for firings 

Intelligence Democrats are warning acting Director of National Intelligence (DNI) Bill Pulte against carrying out sweeping firings or improperly declassifying intelligence as Congress braces for the controversial new intelligence chief’s full first week on the job. Pulte, who also remains the head of a federal housing agency, was tapped by Trump to lead the Office of the Director of National Intelligence (ODNI) on an acting basis, an appointment that sidesteps the traditional Senate confirmation required for the role. (THEHILL.COM)

COMMITTEE ACTIVITY

TRANSPORTATION: The Senate Commerce, Science, and Transportation Subcommittee on Aviation, Space, and Innovation will hold a June 23 hearing on improving safety in national airspace.

CRITICAL MINERALS: The House Energy and Commerce Subcommittee on Environment will hold a June 24 hearing examining legislation to support domestic critical mineral recovery and recycling.

DHS: The House Appropriations Subcommittee on Homeland Security will hold a June 25 oversight hearing for the Department of Homeland Security.

CHINA: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party will hold a June 25 hearing on China’s economic espionage and subnational influence in the United States.

Reported widespread credential exposure affecting Fortinet Firewalls and VPN Gateways

The ASD’s ACSC is aware of public reporting of a widespread malicious campaign against Fortinet Firewalls and VPN gateways, largely utilising exposed credentials and credential-based attacks, leading to potential compromise and further credential exposure. Leveraging these credentials could enable malicious actor’s remote access to the devices and connected networks, as well as allow changes to various settings, including security controls. (CYBER.GOV.AU)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

QUANTUM: The Center for a New American Security will hold a virtual panel discussion on June 23 on the future of U.S. quantum networking policy. Panelists will examine the national and economic security stakes of different quantum networking applications, compare U.S. and Chinese approaches and progress, and discuss the policy choices most likely to strengthen U.S. leadership in the field.

TECH SOVEREIGNTY: On June 24, the Atlantic Council’s Europe Center and Atlantic Council Technology Programs will host a conversation with Roberto Viola, director-general of DG Connect at the European Commission, on the EU’s rapidly evolving approach to tech sovereignty and its implications for transatlantic cooperation.

CHINA AND AI: Join CNAS on June 24 for a live event on China’s AI capabilities and the risks to U.S. national security. The event will mark the release of a new CNAS report, “Red Lines: Understanding the National Security Risks of China’s Advanced AI,” which assesses the capabilities and trajectory of China’s advanced AI models, provides a framework for understanding the risks to national security, and outlines actionable recommendations for a stronger U.S. analytical capacity and response.

ARCTIC: New technologies such as low-earth-orbit sensing and communication satellites and autonomous vehicles are making Arctic operations easier and more effective for military and commercial users. Please join Hudson Institute and Ocean Conservancy for a June 25 public event on changing conditions in the Central Arctic Ocean and the implications for governance, economic development, conservation, and national security.

AI AND EXPORT CONTROL: Join House Foreign Affairs Committee Chairman Brian Mast and Senator Jim Banks for a June 25 fireside chat hosted by the Hudson Institute on Congress’s role in U.S. export control strategy to outcompete China in technology and AI development. The conversation will examine ways to close loopholes, guard America’s most critical technologies, and prevent Beijing from leveraging American innovation against American interests. 

DATA CENTERS: Join the CSIS Strategic Technologies Program for a June 25 discussion on the future of data centers and AI infrastructure in the United States. The event will feature two panels bringing together federal and local government officials alongside industry leaders to examine the policy, economic, and security implications of large-scale data center expansion. The conversation will explore how the United States can scale the infrastructure required for advanced AI systems while ensuring resilience, trusted operations, and long-term strategic advantage.

CHINA MARITIME: On June 26, the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security will host a fireside chat with Rear Admiral Jay Tarriela of the Philippines Coast Guard on maritime security developments in the South China Sea.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders. 

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP