Cyber Briefing – June 24, 2026

MYTHOS SPOTS HIGHLY SENSITIVE VULNERABILITIES IN GOV SYSTEMS: A U.S. official told The Associated Press on Tuesday that one of Anthropic’s artificial intelligence models had identified vulnerabilities in highly sensitive and secure U.S. government computer systems during a testing exercise. The official, who spoke on the condition of anonymity to discuss the matter, said Anthropic had teamed up with U.S. intelligence agencies to conduct tests using the company’s Mythos model. It had identified certain vulnerabilities within hours, but that does not mean the model was able to exploit them within that time, the official said. The official said the testing was done through an Anthropic initiative called Project Glasswing, which brought together tech giants and other companies in hopes of securing the world’s critical software from “severe” fallout that the Mythos model could pose to public safety, national security and the economy.

• The National Security Agency has lost access to a powerful AI model developed by Anthropic amid the Trump administration’s brawl with the start-up, U.S. officials said, depriving the intelligence agency of a tool that has impressed and alarmed its analysts with how good it is at finding software weaknesses, The New York Times reports. This month the Trump administration imposed export controls on Anthropic, citing national security concerns. That action forced Anthropic to pull back the release of its most advanced models, known as Mythos 5 and Fable 5. The NSA’s cybersecurity analysts had been testing versions of Anthropic’s tools when the latest models were unplugged. The controlled tests proved impressive even within the halls of the NSA.

POSSIBLE ACTION AGAIST IMPORTED CHINESE ROBOTS: Commerce Secretary Howard Lutnick told executives at a closed-door meeting Monday that his department is studying state-subsidized robotics imports and signaled the administration could take strong action once the review is complete, according to three people who attended the meeting and were granted anonymity to discuss it, POLITICO reports. Officials increasingly see China’s state-backed robotics industry as a national security threat, fearing subsidized Chinese robots could dominate global markets before U.S. manufacturers have the scale to compete. Chinese-made robots already face U.S. tariffs, though several attendees said Lutnick’s comments suggest the administration is considering additional action.

• Alibaba, one of China’s most valuable technology companies, sued the U.S. Department of Defense, challenging the Pentagon’s decision to designate it as a company affiliated with the Chinese military, The New York Times reports. Best known internationally for its e-commerce business, Alibaba has also become a major cloud-computing provider and one of China’s leading developers of advanced artificial intelligence systems. In a lawsuit filed on Tuesday in Federal District Court in the Northern District of California, the company said it had no ties to the Chinese military and argued that the Pentagon had acted unlawfully in labeling it as such.

• The world risks “losing control” of frontier technology such as artificial intelligence if governments are too slow to regulate it, China’s premier warned attendees at “Summer Davos” on Wednesday, AFP reports. Fears are growing of AI-driven disruption to labor markets and the security risks it poses — from use in conflict to breaches of cyber defenses and the potential creation of new bioweapons. “The speed of technological progress is unprecedented,” Premier Li Qiang said in a speech, noting that artificial intelligence has boosted “innovation efficiency” but “if governance in this area fails to keep pace, there could be serious consequences.”

AFTER THE QUANTUM EOs: The Department of Energy is kickstarting a quantum computing effort tied to the Genesis Mission following a pair of quantum-focused executive orders signed by President Donald Trump on Monday, FedScoop reports. The newly launched Quantum Genesis initiative aims to develop and deploy a more resilient quantum computing capability by 2028. “President Trump’s Executive Order set a clear mandate: accelerate American leadership in quantum computing and prepare our institutions for the breakthroughs ahead,” Darío Gil, under secretary for science and Genesis Mission lead, told FedScoop via email. “The Genesis Mission embodies that charge, with the Quantum Genesis initiative serving as a foundation — challenging America’s quantum information science community and industry to build the world’s first fault-tolerant quantum computing capability that will transform scientific discovery, strengthen national security, and power the next era of American innovation.”

• Technology and quantum experts say Trump’s quantum executive orders send a clear signal to agencies and contractors to accelerate quantum readiness and strengthen post-quantum cryptography (PQC) efforts, MeriTalk reports. “The administration’s new quantum executive orders set the pace for modernizing the cryptographic foundations our nation’s digital security depends on. As quantum innovation accelerates and adversaries harvest encrypted data for future exploitation, quantum readiness has become an urgent priority,” said Ryan Gillis, senior vice president, global head of government partnerships at cybersecurity firm Zscaler and a McCrary Institute senior fellow. Matt Hayden, a McCrary Institute senior fellow and vice president of cyber and emerging threats at GDIT, added, “The new quantum executive orders are timely and necessary and represent a critical step forward in how we innovate, create and defend all types of compute, networks and new sensing capabilities to compete on the global stage.”

• READ THE EOs: Ushering in the next frontier of quantum innovation and Securing the nation against advanced cryptographic attacks

400% SURGE IN SPACE SECTOR ATTACKS: The space sector is seeing a dramatic rise in the tempo and sophistication of cyberattacks following U.S. and Israel-led military operations in Iran, according to cybersecurity experts, Via Satellite reports. “From a high-level activity perspective, we’re operating at a tempo about 400% above where we were before the war,” Norm Laudermilch, CISO of Vantor, said during a CyberSat webinar Tuesday on Iranian threats to space infrastructure. The spike in security events is similar to other geopolitical conflicts, like the Russian invasion of Ukraine, according to Laudermilch. What is different, he said, is the convergence of hacktivist groups and nation-state actors. Unlike previous conflicts that saw a rise in hacktivists and cybercriminals conducting low-level attacks, experts are seeing a sustained targeting of the defense, industrial base and adjacent sectors, including aerospace and space.

• The Space Force needs to better define its policies regarding conflict in space and better rehearse for various scenarios, a new research paper argues. The paper flowed from a January workshop held by the Mitchell Institute. About 50 space experts envisioned various new ways that satellites and spacecraft might be used in gray-zone or even wartime conflicts. These included Russian cyber-attacks in Europe, jamming of U.S. satellites, the mysterious destruction of Cape Canaveral’s bridges, the “repositioning of a recently inoperable European commercial satellite without prior coordination,” the deactivation of Midwestern power grids — even an unattributed “nuclear detonation” in low earth orbit, Defense One reports. But determining who is behind a space-focused strike and how the U.S. military should appropriately respond is often difficult, according to the Mitchell Institute’s findings.

HISTORY IN THE CYBER CROSSHAIRS: Britain’s museums and galleries are being left vulnerable to thefts and cyberattacks that could put priceless collections at risk, MPs have warned. A report by the public accounts committee (PAC) said big security failures in recent years, including the theft of thousands of artefacts from the British Museum and a devastating cyberattack on the British Library, had exposed serious weaknesses across the sector, but that the government had failed to take a strategic approach to preventing similar incidents, The Guardian reports. The warning comes less than three years after the British Museum revealed that about 2,000 objects had been stolen, damaged or gone missing from its collections over a period of years, in a scandal that led to the resignation of its director, Hartwig Fischer.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

NEW: As frontier AI models become more capable at finding vulnerabilities, cybersecurity is entering a period where old timelines, disclosure norms and governance tools may no longer fit the speed of the technology. In this episode of Cyber Focus, Frank Cilluffo speaks with CyberScoop editor-in-chief Greg Otto about the recent controversy surrounding Anthropic’s Fable-5 and Mythos 5 models, the government’s use of export controls, and the difficulty of distinguishing between dangerous AI capability and legitimate defensive cyber use. The conversation moves from the Anthropic fight to a broader operational challenge: AI may help defenders discover more weaknesses, but organizations still have to validate, prioritize and fix them. Otto explains why vulnerability disclosure, patching, open-source security and public-private coordination are all being tested by AI’s pace — and why the most important question may not be whether AI can find the problem, but whether institutions can absorb what it reveals.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Breaches

LastPass confirms customer data breach after Klue OAuth token theft

LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen OAuth tokens from the third-party market intelligence platform to access customer data stored in its Salesforce environment. The company said it learned of the Klue incident on June 12, 2026, after Klue, a market intelligence platform used by LastPass go-to-market teams, notified customers about unauthorised activity. Klue integrates with business tools, including Salesforce and Gong, which made the stolen tokens valuable because they could be used to reach connected customer systems without needing normal login credentials. (HACKREAD.COM)

Data breach impacts Madison Square Garden sports and the New York Knicks

A data breach at Madison Square Garden Sports (MSGS) and the New York Knicks has exposed more than 26 million corporate and customer records, including the personal information of players and celebrities. MSGS learned of the data breach after the notorious hacking gang ShinyHunters, linked to several recent breaches, listed the company on a dark web data leak site and demanded a ransom. On June 12, 2026, the prolific English-speaking cybercrime group ShinyHunters claimed responsibility for the Madison Square Garden and Knicks data breach and listed the company on its dark web data leak site. (CPOMAGAZINE.COM)

Cybercrime

Algerian man charged with running two cybercrime marketplaces

An Algerian man known online as “SPOX” was extradited from Spain and charged with running a black-market cybercrime operation that prosecutors say defrauded thousands of victims and funneled roughly $900,000 through a cryptocurrency account over a three-year period. Abdellah Belmili, 26, made his initial appearance Monday in the U.S. District Court for the Western District of New York in Buffalo. He faces a single count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison. He was extradited from Spain earlier this month. (CYBERSCOOP.COM)

DOJ seizes Huione Group cloud computing account used to launder billions in fraud proceeds

The U.S. Justice Department has seized a cloud computing account used by subsidiaries of the Cambodia-based Huione Group, an organization that has been accused of laundering billions of dollars in cryptocurrency fraud proceeds. “Today’s seizure strikes a blow against one of the world’s most prolific criminal marketplaces,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division, in an announcement on Tuesday. According to Duva, the Huione Group used the seized cloud computing account as part of “a technological backbone that allowed billions in fraud proceeds to be transferred, moved, and concealed,” often through Southeast Asian scam centers. (THEBLOCK.CO)

Emergency services

Suspected cyberattack triggers false emergency alerts across parts of Brazil

Brazil suspended its mobile phone emergency alert system after a suspected cyberattack triggered false warnings on phones across several states. The incident occurred early Saturday when at least a dozen unauthorized alerts were sent through Brazil’s Civil Defense Alert system, a platform designed to warn residents about imminent threats such as floods, landslides and other natural disasters. According to a statement from Brazil’s National Protection and Civil Defense Secretariat, the alerts included the word “misanthropy” and were issued at the system’s highest emergency level, causing phones to emit loud alarm sounds even when set to silent mode. (THERECORD.MEDIA)

Drones

Hackers exploit RAR vulnerability to drop startup VBS in Ukraine UAV malware campaign

A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking Besomar, a Ukrainian developer of fixed-wing drones. The archive exploits CVE-2025-8088 / CVE-2025-6218 during extraction to copy a VBS file into the Windows Startup folder using multiple relative paths to ensure persistence regardless of the archive’s working directory. (GBHACKERS.COM)

What was the ‘jellyfish-like’ drone swarm the downed F-15E pilot reportedly saw over Iran?

Many questions remain about the complex mission to rescue the crew of the U.S. Air Force F-15E Strike Eagle that came down over Iran in April of this year and what led to it. Now, the reported testimony of the Strike Eagle pilot involved describes a ‘jellyfish-like’ swarm of drones in the sky, moments before they ejected from the stricken jet. According to a report from CNN, the pilot recounted seeing “multiple Iranian drones hovering in the air, moving as one, in a formation that resembled a jellyfish.” The report is based on statements from four unnamed sources said to be familiar with the matter. (TWZ.COM)

Transportation

India’s Bajaj Auto’s systems hit by ransomware attack

Bajaj Auto on Tuesday disclosed that it was hit by a ransomware attack that affected the systems of the company and its wholly owned subsidiary, Bajaj Auto Technology Ltd (BATL), prompting an immediate response from its technical teams and cybersecurity experts In a regulatory filing, the automaker said the cyber security incident occurred at around 8 am IST on June 23. The company said it promptly initiated precautionary measures and response protocols to contain the attack and mitigate its impact. (ECONOMICTIMES.INDIATIMES.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Fake AI agent skill passed security scans and reportedly reached 26,000 agents

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user’s email address and did nothing else. The point was to show that none of the signals people lean on to trust a skill caught it: not the scanners, not the GitHub stars, not the open-source reputation. (THEHACKERNEWS.COM)

AI is making attacks cheaper, faster and more covert, says ReliaQuest

AI is making cyber-attacks cheaper, faster to scale, easier to customize and harder to spot, but it’s not fundamentally changing the tradecraft of intrusions, a new ReliaQuest report has revealed. The threat intelligence specialist has been tracking the progress of the technology on the cybercrime underground over the past two years. In 2024, AI was mainly used for “polishing” phishing emails, generating basic scripts, and in malicious tools like FraudGPT. By mid-2025, that picture had expanded to include “deepfake services, AI-assisted scripts, and a growing underground market for AI-enabled tools,” it said. (INFOSECURITY-MAGAZINE.COM)

Communications

Eight-year-old Samsung KNOX flaw exposed millions of Galaxy devices to kernel attacks

Researchers found an eight-year old high severity vulnerability affecting nearly all Samsung devices from the Galaxy S9 to S25 living within the KNOX kernel. The flaw (CVE‑2026‑20971, CVSS 7.8) could be exploited through the interaction between PROCA and FIVE. PROCA, the process authenticator, is a proprietary subsystem in the kernel of the Samsung devices designed to prevent unauthorized processes from executing. It validates process authenticity using FIVE, the kernel side integrity subsystem, based on the Linux integrity-measurement model and extended by Samsung. (SECURITYWEEK.COM)

Scams

GTA 6 scam websites use AI-generated images and fake download buttons to lure gamers

A fresh wave of scam websites is targeting gamers worldwide, using the massive hype around Grand Theft Auto VI to trick people into handing over their money. These fake pages promise something millions of players desperately want: early access to GTA 6 before its official release. The offers sound tempting, but every single one is fraudulent, and victims who pay almost never see their money again. The scam follows a clear playbook. A user stumbles upon a site through an ad, a social media post, or a comment section link claiming to sell “VIP Early Access” or an “Exclusive Early Access Preview” to GTA 6. (CYBERSECURITYNEWS.COM)

Supply chain

‘Cordyceps’: Mushrooming malicious pull requests threaten developer workflows

A new class of CI/CD workflow weakness enables attackers to use malicious pull requests to compromise software supply chains. Elad Meged, founding engineer and security researcher at penetration-testing firm Novee, published a blog post today covering a weakness dubbed “Cordyceps” that exists across code repositories at organizations large and small. The issue behind Cordyceps involves pull requests — the type of request developers make when they want a software code change to be merged into the main repository. (DARKREADING.COM)

Vulnerabilities

Hackers exploiting Cisco Unified CM vulnerability

A recently patched vulnerability affecting Cisco’s Unified Communications Manager (Unified CM) product is being exploited in attacks, according to exploit intelligence firm Defused. Cisco announced patches for the vulnerability, tracked as CVE-2026-20230, on June 3. The company said the critical security hole can be exploited by an unauthenticated, remote attacker to conduct SSRF attacks, write arbitrary files to the underlying operating system, and escalate privileges to root. Exploitation requires enabling the WebDialer service, which is disabled by default. (SECURITYWEEK.COM)

Webmin stored XSS vulnerability lets attackers exploit root users

A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited privileges to target and potentially compromise root users. This vulnerability, tracked as CVE-2026-22678, affects Webmin versions before 2.641 and resides in the System and Server Status module, a commonly used component for monitoring system performance and managing alerts. According to the official Webmin security advisory published on April 25, 2024, the vulnerability arises from improper sanitization of user-supplied input in notification email templates. (GBHACKERS.COM)

China

Balancing openness and control: Cross-border health data and AI governance in China

The approach of the People’s Republic of China (PRC) to health data sits at the intersection of national security, economic development, and technological competition. The regulatory system examined in this report reflects a clear set of drivers: a push for data sovereignty, the strategic importance of health and biometric data, and the role of large-scale datasets in advancing artificial intelligence (AI). At the same time, the rapid digitization of China’s healthcare system, which increasingly deploys AI across clinical, administrative, and pharmaceutical domains, generates strong demand for integrated, high-quality data. (ATLANTICCOUNCIL.ORG)

Iran

What Iran wants and how it can still fight

U.S. Vice President JD Vance is touting success out of the latest round of talks in Switzerland focused on seeking a permanent end to the war in Iran. But despite his description of a “very, very good day” of negotiations on Sunday, Iran is denying that it has made any new agreements. It’s more of the same inconsistent messaging the world has become accustomed to over the past three months since the U.S. and Israel launched attacks intended to eliminate Iran’s nuclear program. Since that time, Iran’s supreme leader was killed, the Strait of Hormuz was shuttered and the world has witnessed the largest oil-supply disruption on record. Amid fragile talks aimed at ending the war, former National Intelligence Manager for Iran Norm Roule explains why diplomacy with Tehran is so hard and how the regime still has plenty of asymmetric tools in its arsenal. (THECIPHERBRIEF.COM)

Russia

Russian initial access broker behind FortiBleed campaign

A Russian initial access broker (IAB) is targeting over 430,000 FortiGate firewalls as part of the FortiBleed credential-harvesting campaign, SOCRadar reports. Discovered last week, the campaign has been ongoing since at least February, and was initially believed to be Fortinet-exclusive. But it is not. In a fresh report (PDF), SOCRadar explains that FortiBleed is in fact a multi-vendor credential and access operation, likely mounted by a financially motivated threat actor. (SECURITYWEEK.COM)

NATO and Ukraine turning to private sector to help crater Russian airfields

One of Russia’s biggest advantages in the war against Ukraine is its ability to launch tactical airstrikes from bases largely out of reach of kinetic responses. While we have frequently reported about Ukrainian attacks on these bases, they aren’t sustained enough to stop Russia from generating devastating sorties. Now Ukraine and NATO are looking to the private sector for ways of changing that equation through what is being called the Airfield Denial Challenge. It offers a 250,000 Euro award to companies or individuals who come up with workable ideas to prevent Russia from being able to use its air bases. (TWZ.COM)

Artificial intelligence

Use of AI to get news in U.S. is rare

Seven percent of Americans say they rely “a great deal” (2%) or “a fair amount” (5%) on artificial intelligence tools when getting news and information. Another 12% say they rely on AI “some” for news, and 23% say “only a little.” The majority of U.S. adults (57%) don’t rely on AI tools at all for this purpose. Reliance on AI tools to get news and information is slightly more common among adults aged 18 to 49 (10%) than among those aged 50 and older (3%), but majorities of both age groups say they don’t rely on AI at all when getting news. (NEWS.GALLUP.COM)

Data centers

A new tax in Data Center Alley

The world capital of data centers is poised to slap a new tax onto the energy-hungry facilities. Virginia lawmakers today voted to tax data centers for the electricity they use, capped at $600 million per year. Democratic Gov. Abigail Spanberger is expected to approve the eleventh-hour agreement — which breaks a monthslong budget stalemate and allows the state’s Democratic trifecta to avoid what would have been Virginia’s first government shutdown. “For the first time anywhere in America, Virginia will institute a statewide energy consumption tax on data centers — an idea I first proposed this spring — to ensure this industry pays its fair share and does not drive up costs for Virginia families,” Spanberger said. (POLITICO.COM)

GETs, demand response can ease near-term data center electricity price pressure: report

Grid-enhancing technologies, or GETs, and increased demand response could ease electricity price pressures caused by growing demand from data centers and advanced computing, according to commentary released Tuesday by Columbia University researchers. Rising electricity prices are driven by various factors, including inefficient infrastructure planning, supply chain inflation, misaligned utility incentives, inefficient grid operations, and storm damage and wildfire costs, the researchers with Columbia’s Center on Global Energy Policy said. Higher load growth — including from data centers — is compounding those pressures, they said. However, electric bill increases aren’t inevitable, according to the researchers. (UTILITYDIVE.COM)

Defense

Army will ‘open up’ ranges for defense vendors to speed up testing, with some sites mimicking Ukrainian frontlines

With vendors facing lengthy wait times to test new technology, the Army plans to increase industry access to its domestic ranges over the next several weeks, according to senior service officials, who said that at least two of those sites will mimic Ukrainian frontlines. The service is also planning to establish a range abroad where the Army and industry “can start to do much more aggressive testing,” Army Secretary Dan Driscoll said Tuesday, though he declined to say which international U.S. ally the service will partner with to build it. Driscoll, along with the Army’s top acquisition chief, Brent Ingraham delivered the remarks to reporters on Tuesday at the service’s low-cost interceptor industry day, where several officials urged defense vendors to help rapidly develop systems to take down drones, missiles and other aerial threats. (DEFENSESCOOP.COM)

Army aims to sync two divisions using next-gen C2 by year’s end

Two Army infantry divisions will soon run the same next-gen command-and-control system, if all goes as planned, bringing the service one step closer to digitally sharing key battle data. That’s the next phase for NGC2, which began as experiments in 2024 and became a program of record in April 2025. In recent months, two divisions have been working on prototypes: the 25th Infantry Division, led by Lockheed Martin, and the 4th Infantry Division, led by Anduril and Palantir. The Colorado-based 4ID has been using the technology for about a year, testing the “full stack” system in recent military exercises. (DEFENSEONE.COM)

Drones

Frustrating Israel, fiber-optic killer drone technology has arrived in southern Lebanon

Fiber-optic First Person View (FPV) drones operated by the Iran-backed armed group Hezbollah have changed the battlefield in southern Lebanon, inflicting losses and causing damage to Israeli forces occupying parts of the area. The technology, a hallmark of the fighting in Ukraine, arrived here shortly after Hezbollah launched an attack against Israel on March 2, following the U.S.-Israeli war against Iran that began days prior, reigniting a new large-scale war. The tethered drones rely on a spool of fiber-optic cable that maintains a direct link between the operator and the aircraft, making them immune to jamming and to other regular electronic warfare measures. In the context of southern Lebanon, their appearance represents a major shift in the nature of the conflict. (DEFENSENEWS.COM)

The counter-UAS certification bottleneck

OPINION: Congress recently expanded counter-unmanned aircraft system (UAS) authority to state and local law enforcement by amending 6 U.S.C. § 124n. But the statute conditions the exercise of that authority on certification through a “national schoolhouse,” which serves as the “sole certifying authority.” The result is a bottleneck: More than 18,500 state, local, and correctional agencies depend on a single federal schoolhouse that opened in fall 2025 and is projected to certify only about 60 state, local, tribal, and territorial personnel by June 2026. The operational implications are immediate. (LAWFAREMEDIA.ORG)

Recovery

With jobs on the line, CEOs now demand cyberattack recovery in hours, not days or weeks

UK CEOs are placing huge demands on security professionals, with most now expecting to be notified of a cyber attack within half an hour – they even want basic operations back up and running within a day That’s according to new research from Cohesity, which found two-third expect to be notified within 30 minutes, and 19% within just five. Meanwhile, 14% think they should have basic business operations restored within an hour and 38% within a day; only 11% thought a week was reasonable. (ITPRO.COM)

Risk management

Open-source security is posing challenges governments can’t easily solve

An epidemic of cyberattacks on open-source software has mounted in recent months, making clear how uniquely difficult it is to protect the publicly available code, from both a policy and a technical perspective, that serves as the foundation for so much of the digital world. While open-source software security got a boost in attention under President Joe Biden — whose administration grappled with the fallout from the potentially catastrophic Log4j flaw that emerged in 2021 — a number of open-source experts say that government protection efforts have suffered setbacks under President Donald Trump. Many also say companies that heavily rely on open-source software, which is basically all of them, haven’t shouldered enough of the responsibility for safeguarding it. (CYBERSCOOP.COM)

Transportation

FAA awards software and AI contract as part of air traffic control modernization

The Federal Aviation Administration announced on Monday that it awarded Air Space Intelligence a 12-year, $875 million contract for new software and artificial intelligence capabilities, part of the agency’s ambitious effort to modernize the nation’s outdated air traffic control system. The software company will provide “two complementary, cutting-edge technologies that will improve how flights are scheduled and managed throughout the National Airspace System,” according to the FAA. These include Flow Management Data and Services, which the agency said will serve as “the new technological backbone” of a modernized Air Traffic Control System Command Center. ASI is also tasked with delivering a Strategic Management of Airspace, Routes and Trajectories — or SMART — system. (NEXTGOV.COM)

Water

Rural water infrastructure: Better agency coordination could help unserved communities address their needs

Some rural communities across the U.S. don’t have access to drinking water or wastewater utilities. The Government Accountability Office found 28 U.S. Department of Agriculture and Environmental Protection Agency programs that can provide financial and expert-led assistance to these communities on getting funding to meet these needs. But varying application and funding deadlines and requirements make it difficult for communities to apply for federal and state grants. GAO recommended both agencies regularly update and monitor their joint memorandum that includes best practices for improving access to water infrastructure financial assistance. (GAO.GOV)

SASC advances provision to allow contractor cyber operations

Tucked in the Senate Armed Services Committee’s annual defense policy bill is a provision to partner the US government with civilian hackers who experts and former military officials say could help the US tip the scales against China’s far deeper bench of cyber operators. The committee seeks to authorize a pilot program that would assess the feasibility of conducting cyber operations limited to gaining access to systems using civilian contractors with their own infrastructure, but still under the operational direction and authority of US Cyber Command. It’s not clear the provision will become law, as the Senate and House must reconcile their versions of the National Defense Authorization Act before passing each chamber and receiving the president’s signature. (BREAKINGDEFENSE.COM)

State and local governments ask Senate for $300M in cyber grant funding

A group of associations representing state and local governments on Tuesday sent a letter to leaders of the Senate’s appropriations committee, requesting $300 million for one year of funding for the State and Local Cybersecurity Grant Program. The groups, which in the letter called themselves “the collective voice of state and local governments,” said the funding level requested is consistent with the average funding level provided by the grant program during its first four years, after being created in 2021. The groups, which include the National Association of State Chief Information Officers, the National League of Cities and four other groups, said the funding would “enable state and local governments to continue strengthening their cybersecurity posture against constantly evolving threats.” (STATESCOOP.COM)

Senate votes to direct Trump to withdraw troops from Iran conflict, 4 Republicans break ranks

The Senate on Tuesday approved a House-passed resolution directing President Trump to withdraw U.S. armed forces from hostilities against Iran after four GOP senators broke ranks and voted to undercut Trump’s authority as commander in chief. The Senate voted 50 to 48 to approve the resolution, which passed the House 215-208 earlier this month. The measure came straight to the Senate floor Tuesday for an up-or-down vote on final passage. It does not need Trump’s signature because it is a concurrent resolution. (THEHILL.COM)

House passes bill to force SBA’s hand on AI reporting

The House is ramping up an effort to make the Small Business Administration more transparent about its artificial intelligence work, passing a bill Tuesday that would require the agency to deliver an annual report to Congress on its use of the emerging technology. The SBA Artificial Intelligence Utilization Act (H.R. 8881) advanced out of the House Small Business Committee last month, following the release of a Government Accountability Office report that highlighted years of SBA noncompliance with federal AI use case reporting requirements. The agency posted its first-ever AI use case inventory in March, two months after the Office of Management and Budget deadline. (FEDSCOOP.COM)

COMMITTEE ACTIVITY

CRITICAL MINERALS: The House Energy and Commerce Subcommittee on Environment will hold a June 24 hearing examining legislation to support domestic critical mineral recovery and recycling.

DHS: The House Appropriations Subcommittee on Homeland Security will hold a June 25 oversight hearing for the Department of Homeland Security.

CHINA: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party will hold a June 25 hearing on China’s economic espionage and subnational influence in the United States.

CISA adds four known exploited vulnerabilities to catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability, CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability, CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability, CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

TECH SOVEREIGNTY: On June 24, the Atlantic Council’s Europe Center and Atlantic Council Technology Programs will host a conversation with Roberto Viola, director-general of DG Connect at the European Commission, on the EU’s rapidly evolving approach to tech sovereignty and its implications for transatlantic cooperation.

CHINA AND AI: Join CNAS on June 24 for a live event on China’s AI capabilities and the risks to U.S. national security. The event will mark the release of a new CNAS report, “Red Lines: Understanding the National Security Risks of China’s Advanced AI,” which assesses the capabilities and trajectory of China’s advanced AI models, provides a framework for understanding the risks to national security, and outlines actionable recommendations for a stronger U.S. analytical capacity and response.

ARCTIC: New technologies such as low-earth-orbit sensing and communication satellites and autonomous vehicles are making Arctic operations easier and more effective for military and commercial users. Please join Hudson Institute and Ocean Conservancy for a June 25 public event on changing conditions in the Central Arctic Ocean and the implications for governance, economic development, conservation, and national security.

AI AND EXPORT CONTROL: Join House Foreign Affairs Committee Chairman Brian Mast and Senator Jim Banks for a June 25 fireside chat hosted by the Hudson Institute on Congress’s role in U.S. export control strategy to outcompete China in technology and AI development. The conversation will examine ways to close loopholes, guard America’s most critical technologies, and prevent Beijing from leveraging American innovation against American interests. 

DATA CENTERS: Join the CSIS Strategic Technologies Program for a June 25 discussion on the future of data centers and AI infrastructure in the United States. The event will feature two panels bringing together federal and local government officials alongside industry leaders to examine the policy, economic, and security implications of large-scale data center expansion. The conversation will explore how the United States can scale the infrastructure required for advanced AI systems while ensuring resilience, trusted operations, and long-term strategic advantage.

CHINA MARITIME: On June 26, the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security will host a fireside chat with Rear Admiral Jay Tarriela of the Philippines Coast Guard on maritime security developments in the South China Sea.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders. 

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP