Cyber Briefing – June 25, 2026

CHINA’S ‘VERSION OF MYTHOS’ UNVEILED: Chinese cybersecurity firm 360 Security Technology has developed what it calls a domestic answer to Anthropic’s Mythos, it said on Wednesday, casting the U.S. model as a strategic cyber capability that China could not afford to lack, Reuters reports. Speaking at the ISC.AI 2026 cybersecurity conference in Beijing, 360 founder Zhou Hongyi unveiled two AI security tools under the banner “Yitian Tulong,” a name drawn from a classic Chinese martial arts novel meaning “Heavenly Sword and Dragon Saber.” Zhou said one tool, “Tulongfeng,” was designed to automatically discover software vulnerabilities, calling it “China’s version of Mythos,” while a second system, “Yitianzhen,” was built to automate cyber defense and incident response.

• Anthropic accused Chinese technology giant Alibaba of waging a large-scale effort to “illicitly” access its Claude artificial intelligence model using thousands of fraudulent accounts that undermine the AI developer’s decision to keep its products out of China, Bloomberg reports. Anthropic claimed that a campaign by operators linked to Alibaba’s Qwen AI lab targeted Claude’s most prized capabilities, including software engineering and agentic reasoning, according to a letter that the AI startup sent to several U.S. senators and White House officials. The company said it was the biggest attempt so far by a Chinese company to piggyback on the work of top U.S. labs. In its letter, Anthropic claimed that the effort involved 28.8 million exchanges with Claude between April and June through almost 25,000 fraudulent accounts, according to people familiar with the document and a copy seen by Bloomberg News. The company said the Alibaba campaign resembled past efforts by other Chinese developers that Anthropic flagged in a blog post earlier this year.

CHINESE AI AGENTS COULD CHALLENGE AIR AND SPACE OPS: Current and near-term Chinese artificial intelligence capabilities could counter or replicate how the U.S. military plans and conducts operations, especially complex strike packages such as those seen recently in Iran, Air and Space Forces Magazine reports. Daniel Remler, a senior fellow with the Center for a New American Security, took a broad look at China’s advanced AI systems and their impact on national security in his new report, “Red Lines: Understanding the National Security Risks of China’s Advanced AI.” More specifically, though, his findings on the Chinese military AI and cyber capabilities reveal potential impacts on the Air Force and Space Force. Remler argues that while the current status of Chinese AI development can’t be fully assessed using unclassified means, a number of unclassified sources do give some important clues of how the People’s Liberation Army is starting to use AI.

• Space is now the ultimate high ground in warfighting. Whoever dominates space has a decisive advantage over our adversaries. The recent combat operations in Iran, Ukraine and Venezuela, where space operations were vital to each and every movement of military forces, have shattered any remaining illusions about space having a secondary role in modern conflict, Gen. (Ret) Jim Slife, former Air Force vice chief of staff, writes at Breaking Defense. Our ability to maintain our advantages in space while denying them to a sophisticated adversary has become a baseline requirement for everything we do in the maritime, air, ground and cyber domains. But even as America’s space capabilities play a vital role in modern operations, that advantage is not guaranteed, and our comfortable and familiar bureaucratic behaviors are actively putting it at risk. 

THE NAVY’S SUBSEA RARE-EARTH VULNERABILITY: This is perhaps the Navy’s most consequential and least discussed vulnerability. The dependency runs through every layer of the capability stack. The next-gen Columbia-class ballistic missile submarine’s permanent magnet motor requires significant quantities of dysprosium and neodymium. Neodymium is the base element in the world’s most powerful permanent magnets. Dysprosium is what keeps those magnets functional under heat and stress. Without it, the magnets demagnetize under the sustained temperatures of operational use, and the motor fails. In addition, the acoustic systems that will give the Columbia-class its stealth advantage — sonar transducers, vibration dampeners, noise isolation arrays — rely on terbium and dysprosium-based magnetostrictive materials. The guidance systems in the submarine-launched missiles they carry depend on samarium-cobalt permanent magnets. China controls the refining capacity for all of it, Ryan Musto writes at War on the Rocks. This is a supply chain dependency that is far less addressed than the radar and semiconductor vulnerabilities that have consumed Washington’s attention.

• In grainy video footage, U.S. special forces guide sea drones toward the hull of a large, unsuspecting ship. Seconds later, they detonate and the vessel sinks beneath the waves, leaving behind a rapidly dissipating cloud of smoke. The attack against a decommissioned target ship unfolded as part of a recent exercise in the Philippines, unannounced but shown on video to Bloomberg News. It marked the first Indo-Pacific trial of Magura-class uncrewed surface vehicles, developed in Ukraine and used with deadly effect against the Russian Black Sea fleet. Just as the wars in Ukraine and the Middle East have laid bare the value of cheap airborne drones, sea drones are seen as playing a crucial role in the Indo-Pacific region — an area 30 times larger than continental U.S. and dominated by vast expanses of water, Bloomberg reports. Militaries from the U.S. to China are now racing to develop and deploy such systems above and below the surface.

‘PREPARING FOR SABOTAGE’ OF CRITICAL INFRASTRUCTURE DOWN UNDER: Australia’s Security and Intelligence Organisation (ASIO) has established dedicated teams to counter nation-state attacks on critical infrastructure, the org’s director general Mike Burgess revealed, The Register reports. “We discovered nation-state hackers had compromised the network of an Australian critical infrastructure provider,” Burgess said Wednesday in remarks accompanying the release of ASIO’s annual threat assessment, a task it performs in its role as Australia’s equivalent to the FBI and MI5. “ASIO assessed the hackers were preparing for sabotage. They weren’t planting ‘digital dynamite’ as such; they were mapping out the network and maintaining access so they could cripple it at a time of their choosing.”

• Burgess revealed new details of Iran’s involvement in the firebombing of the Adass Israel synagogue in Melbourne, and an arson attack on a Jewish business in Sydney’s east, the Australian Broadcasting Corporation reports. The attack on the Lewis Continental Kitchen was coordinated by an Australian citizen living in Iran, and working as a senior agent within Iran’s Islamic Revolutionary Guard Corps (IRGC), he said. And the Adass Israel firebombing was directed by a former Australian resident living in Iraq and recruited by the IRGC, who has since been imprisoned. He issued a fresh warning about the scale of foreign-orchestrated violent attacks within Australia. Burgess also revealed details about a foreign plot to gain classified intelligence on the AUKUS nuclear-powered submarine pact. He said a foreign spy contacted an Australian official with a security clearance, pretending to be from a consulting company and offering paid work.

• This past March, the FBI warned state law enforcement that Iran might be planning to attack targets in California using drones launched from vessels floating offshore. As it turned out, the threat wasn’t real. The warning was based on “unverified” intelligence, and there was no evidence of an actual plot. Californians could breathe a sigh of relief. But we shouldn’t get too comfortable. While the FBI might have been wrong about the specific Iranian plot, the threat of a serious drone attack is growing. And we’re not even remotely prepared for it — or the public panic that would likely ensue, Seth Stodder writes at Lawfare.

STATE INFRASTRUCTURE CYBERSECURITY INITIATIVE STALLED: Three months after the Trump administration announced a plan to help states fund cybersecurity defenses for their critical infrastructure, half of the states say they haven’t heard anything from the White House about participating in the program, Cybersecurity Dive reports. National Cyber Director Sean Cairncross said in early March that the federal government would launch a pilot program for states to accelerate the deployment of security technology at critical infrastructure facilities. He described the goal as “finding solutions at cost and an ability to scale that meet the moment and the threat,” adding that the administration was already working with Texas on its water sector, and with South Dakota on its beef industry. With a significant enough infusion of federal dollars, the pilot program could transform how cash-strapped state and local governments work with the operators of power grids, hospitals, railways and other vital infrastructure to fend off malicious hackers intent on sowing chaos. But despite the program’s promise, the Trump administration appears to have made little progress with it so far. 

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

As frontier AI models become more capable at finding vulnerabilities, cybersecurity is entering a period where old timelines, disclosure norms and governance tools may no longer fit the speed of the technology. In this episode of Cyber Focus, Frank Cilluffo speaks with CyberScoop editor-in-chief Greg Otto about the recent controversy surrounding Anthropic’s Fable-5 and Mythos 5 models, the government’s use of export controls, and the difficulty of distinguishing between dangerous AI capability and legitimate defensive cyber use. The conversation moves from the Anthropic fight to a broader operational challenge: AI may help defenders discover more weaknesses, but organizations still have to validate, prioritize and fix them. Otto explains why vulnerability disclosure, patching, open-source security and public-private coordination are all being tested by AI’s pace — and why the most important question may not be whether AI can find the problem, but whether institutions can absorb what it reveals.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Cybercrime

Global cyber strike disrupts SocGholish, Amadey, and StealC malware networks

Europol together with partners from across the globe today announces a landmark blow to cybercriminal networks as part of Operation Endgame, a sweeping international operation targeting the criminal infrastructure behind ransomware and malware like SocGholish, Amadey, and StealC. In coordinated actions over the past two weeks, key components of these malicious toolkits were dismantled as part of a public-private effort. (EUROPOL.EUROPA.EU)

Third DraftKings hacker gets 18 months in prison for 2022 credential-stuffing attack

Nathan Austad, the third person sentenced over the 2022 DraftKings credential-stuffing attack, received 18 months in prison. The group used usernames and passwords stolen from other breaches to access about 1,600 accounts and steal roughly $600,000. Austad also ran a website selling compromised accounts. Austad must pay about $1.8 million in restitution and forfeiture and faces three years of supervised release. (SECURITYAFFAIRS.COM)

Maritime

Plan to evacuate hundreds of ships still stranded from Strait of Hormuz closure is coalescing

Oman and the U.N. International Maritime Organization (IMO) are sharpening up their plan to evacuate hundreds of ships still stuck in the Persian Gulf since Iran closed the Strait of Hormuz after being attacked by the U.S. and Israel on Feb. 28. The move comes as shipping traffic in this strategic chokepoint is increasing amid tense ongoing peace negotiations between the U.S. and Iran. However, there is still a very long way to go and many challenges, including the possible presence of mines, to overcome before transits reach pre-war levels. “The Sultanate of Oman based on its responsibilities toward the Strait of Hormuz, and its importance to the global economy, and in accordance to its continued commitment to the international law and the law of the sea to ensure freedom of navigation in the strait without imposing any tolls, in line with the outcomes and efforts reached by the United States and Islamic Republic of Iran…has worked in coordination with the International Maritime Organization (IMO) to provide vessels with the option of a temporary maritime corridor defined by the coordinates announced by IMO and Omani authorities. Ships willing to transit must coordinate with IMO,” Oman’s Maritime Security Center stated Wednesday on X. (TWZ.COM)

Ransomware

Europe evolves into ransomware’s favorite region

A specter is haunting Europe — the specter of ransomware. After a global lull in 2024 and 2025, the ransomware-as-a-service (RaaS) ecosystem appears to be back to form, at least in Europe. Researchers from Black Kite tracked 684 publicly known ransomware attacks across the continent through the first four months of 2026. That’s 55% more than the 441 recorded in the first four months of 2025, even more than the 643 recorded through the first half of 2025. “Globally, the US absorbs almost half of all ransomware victims. Canada and the UK have traded second place. Europe was a step behind. Now that’s shifting,” Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, tells Dark Reading. He believes that at least a couple of factors are at play. (DARKREADING.COM)

Tactics

Malicious Edge extension abuses native messaging as bridge to malware

A malicious Microsoft Edge extension dubbed ‘Edgecution’ has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained by leveraging the Chrome Native Messaging protocol that allows browser extensions to interact with native desktop applications, such as a password manager communicating with the extension to fill in web forms. This allows the browser to launch the native application as a separate process and communicates with it over standard input/output data streams. (BLEEPINGCOMPUTER.COM)

Transportation

German rail services resume after wireless communications outage

Germany’s state-owned rail operator Deutsche Bahn restored train services early Wednesday after a technical failure in its railway communications network brought rail traffic across the country to a standstill for roughly two hours overnight, disrupting both long-distance and regional services. The outage, which began late Tuesday, halted trains nationwide and also affected S-Bahn commuter services connecting major cities with surrounding suburbs. While services resumed Wednesday morning, Deutsche Bahn warned passengers to expect lingering delays and cancellations. (THERECORD.MEDIA)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Researchers trick AI browsers into leaking credentials

A range of AI-powered web browsers have been tricked into abandoning their safety guardrails and leaking user data after being convinced they were playing a game. Researchers at LayerX demonstrated the technique, which they named BioShocking, against six agentic browsers and plugins, including OpenAI’s ChatGPT Atlas, Perplexity’s Comet and Anthropic’s Claude extension. In a proof-of-concept (PoC) attack, all six were steered into copying a user’s login credentials and sending them to an attacker. (INFOSECURITY-MAGAZINE.COM)

More malicious OpenClaw skills threaten AI supply chain

Security researchers have identified multiple malicious skills on a marketplace for the OpenClaw ecosystem that can steal credentials, bypass security scans, and conduct other novel malicious activity for an attacker’s financial gain. Researchers at Palo Alto Networks’ Unit 42 recently identified five malicious skills that appeared legitimate on ClawHub, OpenClaw’s dedicated marketplace, demonstrating that such platforms are emerging as a significant AI supply chain attack surface. ClawHub sells these skills — which can access local files, credentials, APIs, and other resources on the host system — to add functionality to the open source AI agent, which has seen meteoric adoption among developers and businesses since its launch last November. (DARKREADING.COM)

Malware

New Gaslight macOS malware uses prompt injection to disrupt AI-assisted analysis

A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst’s artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been codenamed Gaslight owing to this deceptive behavior. It’s been assessed with high confidence that the tool is the work of North Korea-aligned threat actors. “Its most notable feature is an embedded cascade of fabricated system-failure messages, designed to make an LLM-assisted triage agent doubt its own session,” SentinelOne researcher Phil Stokes said in a technical report. “It attacks the agent’s perception, rather than the sandbox it runs in. (THEHACKERNEWS.COM)

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

StealC is an infostealer that collects sensitive data from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms. It is a malware-as-a-service (MaaS) offering that threat actors use to generate customized payloads and manage stolen data through a centralized web panel. Meanwhile, Amadey is a MaaS loader that threat actors use to deliver StealC and other malware. Modular, pay-as-you-go models like StealC and Amadey allow threat actors to use a single initial infection to quickly escalate into multiple other threats. (MICROSOFT.COM)

Be on the lookout for Mistic, a new backdoor used by ransomware broker

Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs. Dubbed Mistic by researchers from Symantec, the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and professional services. In some cases it has been used alongside ModeloRAT, a piece of malware written in Python that’s associated with threat actor Woodgnat, also known as KongTuke. (CSOONLINE.COM)

Phishing

Hackers abuse Cloudflare-hosted AWS phishing domains to steal console logins

A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) credential theft. Each domain served an almost identical clone of the AWS console sign-in page and implemented a server-driven flow that dynamically branched into email, SMS, or authenticator-app MFA challenges, enabling real-time capture of second factors. The phishing kit used a gating mechanism that validates the visitor before rendering the page. A URL parameter named input_24 carried an encrypted base64 blob that the kit POSTed to /api/check; the server decrypted it to identify the target email and set a cookie (observed as validEmail). (GBHACKERS.COM)

EvilTokens hides its attack flow in the browser, exposing static analysis gaps 

EvilTokens is drawing attention in phishing investigations for abusing Microsoft Device Code authentication and hiding key parts of its attack flow from static URL analysis. In a recent analysis, the phishing page was found encrypted in the initial HTML response and appeared only after browser-side decryption rendered it in the DOM. The case shows why analysts need browser-level visibility to confirm dynamic phishing behavior, extract evidence, and move faster from triage to response. (CYBERSECURITYNEWS.COM)

Vulnerabilities

Apple’s MacOS gap lets users disable security tools

Researchers have uncovered a novel macOS privilege-escalation technique that allows a user with standard privileges to disable enterprise security tools and invoke privileged functions without administrator credentials. The technique exploits how macOS establishes and validates application trust information. It enables an attacker to impersonate trusted application components and silently perform actions that should only be available to privileged processes. (DARKREADING.COM)

25-year-old vulnerability patched in Curl

The open source data transfer tool and library curl has been updated this week with patches for 18 vulnerabilities, including one introduced 25 years ago. The flaws, four medium and 14 low-severity, were discovered as part of a community effort after Anthropic’s Mythos discovered a single curl bug in early May. This release resolves the highest number of CVEs patched with a single curl update, including an issue that was introduced in version 7.7, shipped on March 22, 2001. (SECURITYWEEK.COM)

Cisco Catalyst SD-WAN zero-day CVE-2026-20245 exploited to gain root access

An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges by supplying a crafted file to the affected system by taking advantage of the device’s insufficient validation of user-supplied input. Earlier this month, Cisco acknowledged that it became aware of exploitation of this vulnerability, adding that a malicious actor must have netadmin privileges on an affected system to pull off a successful attack. (THEHACKERNEWS.COM)

Fake document reader in the Google Play store with 100K downloads delivers Android malware

A dangerous Android banking trojan is once again spreading through the Google Play Store, hiding inside what appears to be a simple document reader app. The app has already been downloaded more than 100,000 times, putting a large number of Android users at serious risk of financial theft and personal data loss. The malware in question is Anatsa, also known as TeaBot, which first appeared in 2020. Since its early days, it has steadily evolved into one of the more sophisticated Android banking threats discovered in the wild. (CYBERSECURITYNEWS.COM)

China

China makes new U.S. warship target for missile tests, images show

China has built a new U.S. destroyer replica at a remote missile-testing site in its northwestern desert, satellite imagery shows, a target analysts say could be used to test anti-ship weapons. Satellite images show a structure resembling a US Navy Arleigh Burke-class guided-missile destroyer in the Taklamakan Desert in far-western Xinjiang since at least June. The feature was first identified by Joseph Wu, co-founder of the Taiwan Defense Studies Initiative. China’s Defense Ministry didn’t immediately respond to a request for comment. The Department of Defense said it had no comment to provide. (BLOOMBERG.COM)

China studied U.S. stealth aircraft — and learned the wrong lessons

If imitation is the sincerest form of flattery, then China’s embrace of stealth aircraft technology is a compliment to American ingenuity. Both awed by — and apprehensive about — U.S. stealth capabilities, China has invested heavily in developing stealth aircraft, as well as anti-stealth air defenses. But China has learned the wrong lessons from America’s stealth program, according to U.S. Air Force analysis released this month. China is convinced that advanced technology is the foundation of U.S. stealth capabilities. But in reality, the key to American success has been treating stealth as just one component of integrated aerial warfare, the report said. (DEFENSENEWS.COM)

Iran

How a crypto exchange became a major hub for illicit Iranian cash

Earlier this year, crypto sleuths found an alarming series of transactions tied to two digital wallets controlled by the Central Bank of Iran. Tracing backward, investigators discovered the wallet’s funds were linked to $1.5 billion that North Korean hackers stole from the crypto exchange Bybit. After reaching the Iranian wallets, the money flowed through a complex maze of transactions. One destination was a crypto exchange that has become key to Iran’s ability to use cryptocurrency to evade far-reaching U.S. economic sanctions. CoinEx, an 8-year-old exchange founded by a Chinese engineer, has played a growing role in connecting Iran’s crypto operations to the wider world, blockchain data shows. Since 2019, wallets with an identifiable link to Iran have moved more than $3.84 billion through CoinEx, according to blockchain intelligence firm TRM Labs. (WSJ.COM)

Slow OT patching a boon for Iranian nation-state hackers

Iranian nation-state hackers have honed in on the typically sluggish and onerous pace of operational technology as a tactical advantage they can exploit to great psychological effect, warn researchers. Critical infrastructure hacks provoke shock and can undermine a populace’s confidence in its government. An anti-Israeli screed splayed across a water system pressure monitoring panel can be downright spooky (see: Internet-Exposed Water PLCs Are Easy Targets for Iran). Tehran has made unnerving civilians a hacking specialty beginning with the start of the Israel-Hamas war in 2023, say researchers from OT security firm Claroty in a Thursday blog post. Iranian threat actors reached a critical turning point this year when the CyberAv3ngers threat actor claimed to have silenced Israeli air raid sirens during a missile attack. (GOVINFOSECURITY.COM)

Iran-linked MuddyWater poses as ransomware gang to mask cyber espionage

The line between ransomware activity and nation-state backed cyber campaigns is blurring, as state-sponsored cyber espionage groups adopt tools and techniques associated with cyber criminals to disguise their intelligence operations, a report has warned. Analysis by cybersecurity researchers at NCC Group has described how MuddyWater, a hacking and cyber espionage group associated with Iran’s Ministry of Intelligence and Security, posed as the Chaos ransomware group to hide its espionage activity. The findings were published in the NCC Group Monthly Threat Pulse on June 24. This is not the first time a state-backed group has attempted to disguise its activity as that of a cybercrime gang, but in this case, MuddyWater put significant effort into making their espionage activity appear as if it was genuinely a financially motivated attack by Chaos. (INFOSECURITY-MAGAZINE.COM)

Russia

Cellebrite said it cut off Russia, but Russia used its tools anyway

Russian authorities hacked into the phone of a prominent political opponent while he was in custody, using technology made by forensics firm Cellebrite — even after the company had said it cut ties with Putin’s government agencies, according to a new report that raises fresh questions about whether Western tech companies can truly control how their tools are used once they’re in the wild. The case is a cautionary tale for any technology company that sells to governments. Cellebrite, an Israeli outfit with a second headquarters in Virginia that sells to governments all over the world — including in the U.S — had announced it would stop providing hardware and software to Russia. It apparently didn’t, or couldn’t, follow through. (TECHCRUNCH.COM)

Artificial intelligence

The new push to ready millions for AI career upheaval

Just how many jobs will AI upend? A new coalition of companies and policymakers said it is time to ready the U.S. workforce for major disruption, no matter the ultimate scale. To that end, the bipartisan consortium, which includes state governments, philanthropic groups and employers ranging from Amazon.com and Microsoft to Bank of America and Eli Lilly, is coming together to develop a new “people strategy” for the artifcial-intelligence era. Called RAISE US, it launches Thursday and will be led by former Commerce Secretary Gina Raimondo, who served under President Joe Biden, and former Indiana Gov. Eric Holcomb, a Republican. (WSJ.COM)

Open-source coalition pushes California to rework AI act

GitHub and a coalition of open-source artificial intelligence players are pressing California lawmakers to overhaul a provision in state law meant to make it easier for users to identify content generated by AI, saying it clashes with how open-source licensing fundamentally works. The coalition – GitHub, Black Forest Labs, Hugging Face and Mozilla – called on legislators to rewrite a license-revocation provision in the bill, writing in a letter to state Sen. Josh Becker that it could lead to uncertainty across the software supply chain. (GOVINFOSECURITY.COM)

The code war: A race to what end?

OPINION: Authors wrestling with the realities of Artificial Intelligence (AI) and the impending evolutionary step toward Artificial General Intelligence (AGI) find touchpoints in science fiction as a prophetic voice in making sense of the current landscape and its possible future. While citing “Terminator” or “Alien” as dystopian views may seem unacademic, it is worth noting that science fiction predicted the submarine, the atomic bomb, and the rise of the authoritarian police state, the latter being the most prescient of the AI race and China’s integration of AI within its Social Credit System. In this vein, “Terminator” predicted robotics, which Michael O’Hanlon notes, if placed “in the wrong hands, or in the wrong context… could be very dangerous and hard to control,” spelling potentially disastrous consequences not only for an adversary but the user as well. Alien, on the other hand, accurately predicted what Ian Bremmer fears could be a shift away from government in preference for a “techno-elite” at the helm of powerful AI tools that give them a seat at the geopolitical table and create an opportunity for corporations to subvert representative government. (SMALLWARSJOURNAL.COM)

Cloud

GAO: Outdated rules, conflicting guidance hinder federal cloud adoption

Federal agencies face persistent challenges in acquiring and managing cloud computing services due to outdated procurement rules, conflicting federal guidance, and workforce constraints, according to a new Government Accountability Office (GAO) report. Senior officials at 22 of the 24 agencies GAO reviewed said they primarily rely on historical procurement data to inform cloud acquisition decisions, according to the report. The watchdog said implementing prior recommendations to improve federal acquisition data quality could provide agencies with more reliable information for decision-making. (MERITALK.COM)

Communications

FCC plans ID mandate that could block anonymous use of prepaid burner phones

A Federal Communications Commission proposal to collect more identifying information from phone users has drawn protests from privacy-focused groups and advocates for domestic violence survivors. The plan is ostensibly designed to thwart robocallers but could make it difficult for individuals to use prepaid phones that can protect their privacy, devices that are often referred to as burner phones. The FCC is seeking comment on the proposal to require phone companies to obtain and retain, at a minimum, “the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services.” (ARSTECHNICA.COM)

Defense

Pentagon’s quantum strategy ‘a first step’ in preparing for the future, CIO says

The Pentagon’s new strategy for defending against quantum computers will ensure “the integrity of our systems for decades to come,” its IT lead said Wednesday, but network modernization “is only a first step” in readying the U.S. military for the threat. Speaking at the SAP NOW summit in Washington, D.C., Chief Information Officer Kirsten Davies said the Defense Department’s new guidance for “accelerating our adoption of post-quantum cryptography” will mitigate the danger. The strategy was released on Tuesday, one day after President Donald Trump signed two executive orders meant to hasten domestic development of quantum capabilities and ward off threats to federal agencies’ cryptographic security systems. (DEFENSEONE.COM)

How AI and decision analytics can revolutionize leader performance for the future force

OPINION: As the Army prepares for the coming era of sustained great-power competition, the defense industry is already churning out countless solutions to solve supposed problems. However, the U.S. military often treats defense industry products like a “deus ex machina” from an ancient Greek theater. To solve an intractable plot situation, Greek playwrights introduced a godlike figure on stage by lowering them from the heavens with a crane; the “god” from the “machine”. The god’s arrival resolved the situation and allowed the playwright to wrap up the play conveniently. However, an ending with a deus ex machina could feel like a rushed solution. The U.S. military is falling into the same trap with many of its current defense solutions, primarily hardware but increasingly with AI-enabled software as well. Rather than doing the hard work to determine the root issue of its problems, the U.S. military simply drops convenient solutions from the proverbial offstage defense machine, promising a quick fix. (SMALLWARSJOURNAL.COM)

Education

Powered by AI, cyber threats can even reach second graders

As if the job of cybersecurity officers was not made difficult enough in today’s world of threats ginned up by AI, try introducing risk-avoidance tools like multifactor authentication to second graders using Chromebooks. “It’s not going to happen,” Hailie Roark, information security manager at Clackamas Education Service District (CESD) in Clackamas County, Ore., said during a cybersecurity panel Tuesday at the annual meeting of Link Oregon at Portland State University. CESD offers specialized instruction to children ages 3-21 with complex needs, helping the eldest find employment; and offers teacher, student and technology support to area districts. (GOVTECH.COM)

Energy

3 home energy providers offer 16.8 GW of distributed capacity to utilities, hyperscalers

Sunrun, Tesla and Renew Home could deliver nearly 17 GW of distributed energy capacity to unlock headroom in an increasingly congested U.S. power grid, the companies said Wednesday. The “capacity-as-a-solution” agreement combines the capabilities of the country’s three largest home energy providers. Sunrun and Tesla’s hundreds of thousands of solar-and-battery customers are concentrated in key data center markets like Texas, California and Virginia, Chris Rauscher, Sunrun’s head of grid services and electrification, told Utility Dive. Renew Home has more than 8 million smart thermostats and other devices under management. (UTILITYDIVE.COM)

CESER supports the oil and natural gas subsector with critical energy security exercises

The Department of Energy’s (DOE) Office of the Cybersecurity, Energy Security, and Emergency Response (CESER) is conducting critical security exercises for oil and natural gas (ONG) operators to test the sector’s emergency mechanisms, evaluate coordination pathways, and address any gaps in their security plans. The cyber and physical threat landscape continues to evolve. Nation-state adversaries continue to pre-position inside U.S. critical infrastructure networks to hold our energy infrastructure at risk for a time and place of their choosing. Opportunistic threat actors are increasingly targeting operational technology (OT) and industrial control systems (ICS) within the ONG subsector. Strengthening this sector’s resilience is vital to national security. (INDUSTRIALCYBER.CO)

IoT

NIST opens updated IoT security guidance to public review

The National Institute of Standards and Technology (NIST) announced Wednesday that it’s seeking public feedback on updated Internet of Things (IoT) security guidelines. Updated to reflect current security needs, the guidance provides general considerations on the impact of IoT products on risk assessments and aims to establish cybersecurity requirements to support security controls. The initial public draft (IPD) of SP 800-213 Revision 1, titled ‘IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements’, is available for download on NIST’s website (PDF), with the public comment period ending August 24. (SECURITYWEEK.COM)

Leadership

A general many hoped would lead the Army is forced to step aside

Defense Secretary Pete Hegseth has forced Gen. Christopher T. Donahue, the top U.S. Army commander in Europe, to retire, a blow to those who saw him as a key leader of the military’s push to adapt to a future battlefield dominated by drones and artificial intelligence, defense officials said. General Donahue is expected to relinquish command of U.S. Army Europe and Africa on July 2, the Army said in a statement. He plans to retire in August. The general spent most of his Army career in the secretive world of U.S. military special operations, first as an Army Ranger and later as a commando in the elite Delta Force, where he rose to become the unit’s commanding officer. (NYTIMES.COM)

ODNI deputy director pushed out amid Pulte cuts

Will Ruger, the deputy director of national intelligence for mission integration, was placed on administrative leave as part of a broader personnel shakeup at the Office of the Director of National Intelligence that has removed roughly 50 career and political staffers from their roles since Bill Pulte became acting director Friday, according to a person familiar with the matter. Around 15 to 20 mission integration personnel detailed to ODNI from other U.S. intelligence units are believed to have been sent back to their home agencies, added the person, who spoke on the condition of anonymity to communicate the personnel shifts. (NEXTGOV.COM)

NASA names Sean Gallagher as CIO

NASA selected Sean Gallagher as the agency’s chief information officer (CIO), making permanent a role he had held in an acting capacity since January. In a June 23 press release, the space agency said Gallagher’s permanent role is effective immediately. He is responsible for the agency’s entire portfolio of IT products and services. “Sean Gallagher’s leadership has been instrumental in strengthening NASA’s IT foundation and ensuring our workforce has the secure, modern tools needed to enable groundbreaking missions every day,” said NASA Deputy Administrator Matt Anderson. (MERITALK.COM)

Workforce

Education CIO office lost more than half of its employees to Trump’s reduction in force, watchdog says

The Education Department’s Office of the Chief Information Officer lost more than half of its staff in early 2025 during the Trump administration’s reduction-in-force campaign, leaving some suboffices completely empty, the agency’s Office of the Inspector General found in a report issued Monday. The OIG used Microsoft Office and Teams to track down who was subject to the RIF during the first nearly ten weeks of President Donald Trump’s second term, finding it gutted 40% or 1,579 of the agency’s workers in total. “We were presented with a scope limitation for our review due to the Department not providing all requested information to the OIG, or permitting us unfettered access to Department staff, which limited our ability to fully address our review objective,” the report said. (FEDSCOOP.COM)

New CISA guide assists federal agencies with transitioning to modernized zero trust architectures

The Cybersecurity and Infrastructure Security Agency (CISA) published a guide that helps federal civilian agencies advance their zero trust capabilities and adopt modern architectures supported under the Trusted Internet Connections (TIC) 3.0 Initiative. Part of CISA’s Journey to Zero Trust series, this guide helps agencies transition away from the limitations of using TIC 2.0 and capitalize on TIC 3.0 flexibilities to employ Secure Access Service Edge (SASE) solutions. Federal agencies will better understand, plan and mature to zero trust architecture to improve user experience, increase visibility and control, and enable telemetry sharing with CISA services. (CISA.GOV)

Federal cyber bill would probe attacks on small businesses

The U.S. House of Representatives unanimously passed cybersecurity legislation co-led by Rep. Rob Bresnahan (R-Pa.) on Tuesday. The Small Business Cybersecurity Assistance Evaluation Act of 2026 aims to ensure small businesses are protected from cybersecurity risks by studying the effects of these attacks on them. The legislation was first passed out of the House Committee on Small Business on May 20, by a bipartisan vote of 23-0. (GOVTECH.COM)

Top House cyber lawmaker plans to introduce DHS overhaul bill by next year

The top Democrat on the House Homeland Security Committee’s cybersecurity panel says she has engaged fellow lawmakers about a sweeping legislative plan to dismantle the Department of Homeland Security that would involve sectioning out key components into their own standalone entities, including the Cybersecurity and Infrastructure Security Agency. In a phone interview, Rep. Delia Ramirez (D-Ill.) told Nextgov/FCW that she aims to have preliminary bill language in place that could be introduced at the start of next year, adding that she has spoken with other Democratic colleagues, including Mark Pocan of Wisconsin, Greg Casar of Texas, Seth Magaziner of Rhode Island, Robert Garcia of California and Washington state’s Emily Randall and Pramila Jayapal. (NEXTGOV.COM)

Senator plans to propose quantum initiative reauthorization as part of NDAA

Upper chamber lawmakers are angling to fit reauthorization for one of the government’s biggest quantum efforts into the FY27 National Defense Authorization Act. Sen. Todd Young (R-Ind.) is leading the effort to offer reauthorization of the National Quantum Initiative Act as an amendment to the NDAA, his spokesperson confirmed to Nextgov/FCW. The National Quantum Initiative Act was signed into law in 2018 by President Donald Trump during his first term in office. It expired in 2023, and Young sponsored the reauthorization of the bill alongside Sen. Maria Cantwell (D-Wash.) earlier this year, with a full floor vote still pending in the upper chamber. A House version is still awaiting committee vote. (NEXTGOV.COM)

Window shrinks for Congress crypto deal

Senators are running out of time to strike a bipartisan deal on one of Trump’s top legislative priorities — an industry-friendly overhaul of how agencies oversee cryptocurrency — before midterms sap their momentum. “There’s going to be a fish-or-cut-bait time on that pretty soon here,” Senate Majority Leader John Thune told Semafor. “This thing’s going to have to come together fairly quickly.” Outstanding issues include how to restrict Trump’s ability to profit from digital assets and how to fill empty seats on the SEC and CFTC, Thune said. He added that lawmakers “continue to massage” language governing yields on stablecoins. (SEMAFOR.COM)

White House helped Mark Zuckerberg and the Google CEO dodge a Senate grilling

The White House intervened to try to spare Meta CEO Mark Zuckerberg and Google CEO Sundar Pichai from appearing at an upcoming Senate hearing on their companies’ child safety practices, five people with knowledge of the events told POLITICO. Instead, Judiciary Chair Chuck Grassley (R-Iowa) has agreed to let the heads of the tech giants’ Instagram and YouTube brands testify in the chief executives’ place at next month’s hearing, tentatively scheduled for July 28, four of the people said. And in turn, the White House is supporting a Grassley-backed package of bills — called the James T. Woods Act — aimed at combating online child exploitation, they added. (POLITICO.COM)

Pallone, top Energy Democrat, backs AI data center moratorium

The top Democrat on the House Energy and Commerce Committee is backing a moratorium on AI data centers — a show of support from a mainstream, influential Democrat for a policy that has thus far been endorsed at the national level mainly by anti-establishment figures. During a committee markup on Wednesday, Rep. Frank Pallone (D-N.J.) said, “I am in favor of a national AI data center moratorium until we can find a way to ensure they don’t harm our nation’s air, water and power bills.” In his remarks, Pallone cited both the centers’ impacts on electricity prices and the environment, including their water use, air pollution and use of chemicals including “forever chemicals.” (THEHILL.COM)

COMMITTEE ACTIVITY

DHS: The House Appropriations Subcommittee on Homeland Security will hold a June 25 oversight hearing for the Department of Homeland Security.

CHINA: The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party will hold a June 25 hearing on China’s economic espionage and subnational influence in the United States.

Using SASE in a modern TIC 3.0 solution

CISA’s guidance, The Journey to Zero Trust – Using Secure Access Service Edge in a Modern TIC 3.0 Solution, details how the Trusted Internet Connections (TIC) 3.0 initiative is helping agencies modernize the way their users connect to applications, data and services. While federal agencies are the target audience, any organization looking to modernize its perimeter-based architectures, advance zero trust adoption, and improve visibility and control across distributed environments will benefit from this guidance. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

ARCTIC: New technologies such as low-earth-orbit sensing and communication satellites and autonomous vehicles are making Arctic operations easier and more effective for military and commercial users. Please join Hudson Institute and Ocean Conservancy for a June 25 public event on changing conditions in the Central Arctic Ocean and the implications for governance, economic development, conservation, and national security.

AI AND EXPORT CONTROL: Join House Foreign Affairs Committee Chairman Brian Mast and Senator Jim Banks for a June 25 fireside chat hosted by the Hudson Institute on Congress’s role in U.S. export control strategy to outcompete China in technology and AI development. The conversation will examine ways to close loopholes, guard America’s most critical technologies, and prevent Beijing from leveraging American innovation against American interests. 

DATA CENTERS: Join the CSIS Strategic Technologies Program for a June 25 discussion on the future of data centers and AI infrastructure in the United States. The event will feature two panels bringing together federal and local government officials alongside industry leaders to examine the policy, economic, and security implications of large-scale data center expansion. The conversation will explore how the United States can scale the infrastructure required for advanced AI systems while ensuring resilience, trusted operations, and long-term strategic advantage.

CHINA MARITIME: On June 26, the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security will host a fireside chat with Rear Admiral Jay Tarriela of the Philippines Coast Guard on maritime security developments in the South China Sea.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders. 

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP