Cyber Briefing – June 26, 2026

DIRECTOR’S NOTE: Read here

OPENAI ASKED TO SLOW ROLL FRONTIER AI RELEASE: The Trump administration has asked OpenAI to stagger the release of an upcoming powerful artificial intelligence model, according to a person familiar with the matter, nearly two weeks after rival Anthropic PBC suspended its most capable offerings from the market under regulatory pressure, Bloomberg reports. OpenAI Chief Executive Officer Sam Altman told employees on Wednesday that the U.S. government requested that it initially release GPT-5.6 to a short list of trusted partners before pushing it out more widely, said the person, who spoke on condition of anonymity to discuss private information. In the meeting with staffers, Altman said that the U.S. government has grown more anxious about the capabilities of the most cutting-edge models, the person said. Altman stressed that staffers need to work with the Trump administration on any input that officials may have on safety and restrictions related to OpenAI’s upcoming models, even if the company disagrees, the person said. Altman did not explicitly mention the Anthropic situation, the person said.

• AI in China should be understood first and foremost as a state-led initiative. China’s AI ambitions have been built into the highest levels of state planning for years. In 2017, the government’s “New Generation Artificial Intelligence Development Plan” set the goal of making China the world’s primary AI innovation center by 2030. Since then, AI has been folded into Beijing’s broader strategy for technological self-reliance, industrial upgrading and national security, Yaqui Wang writes at Lawfare. The state treats AI not just as consumer technology or private-sector innovation, but as a strategic capability central to China’s economic modernization and geopolitical competition. That priority has only intensified.

CHINA’S SPACE JUNK ENDANGERS SATELLITES: China has been abandoning used launcher rocket stages in low Earth orbit (LEO) at an ever-increasing pace, putting both military and commercial satellites in that crowded orbital regime at greater risk of serious debris-creating collisions, according to a new report. Used rocket bodies are among the most dangerous kinds of space junk because they carry residual amounts of fuel that often causes them to explode, thus creating even more on-orbit debris, Breaking Defense reports. The analysis from space monitoring firm LeoLabs found that from January 2021 to January 2025 China has abandoned 51 spent rocket bodies in LEO above 650 kilometers (about 404 miles) in altitude, more than doubling the number for the previous five years to bring the total to 96.

• The Space Development Agency last year quietly canceled plans to launch 11 satellites meant to conduct communications experiments in low-Earth orbit, Air and Space Forces Magazine has learned. The agency made the decision to “descope” the Tranche 1 Demonstration and Experimentation System late last year, according to an SDA official, as a deliberate move to focus on operationalizing its first satellites.

MOVEMENT ON A CISA NOMINEE?: CISA has been constrained by not having a Senate-confirmed director since January 2025, but is ready to rebound once the expected nominee is in place, Homeland Security Secretary Markwayne Mullin said at a hearing Thursday. “We don’t have the personnel and so we’ve got to get my director in place, that we have, that the president’s met with. We got to put, we got to get him in place,” Mullin told lawmakers on the House Appropriations Committee subcommittee overseeing the agency, The Record reports. “Put him in place, let him hire his people, and get it built.” Mullin said he believes CISA needs about 600 new hires, a process that can’t start with gusto until a new director is confirmed. Mullin did not name the planned pick at the hearing. Shyam Sankar, the chief technology officer of Palantir Technologies, is thought to be the likely nominee, though the White House previously said he is not a top contender “at this time.” 

• At FDD, Jiwon Ma details 5 reasons why CISA is indispensable to America’s cyber cefense

PENTAGON’S RESEARCH INFRASTRUCTURE ‘DETERIORATING’: The research infrastructure that underpins America’s prowess in defense technology is “deteriorating,” according to a Department of Defense report released Wednesday, Defense News reports. One reason is that research funds are being diverted to operations. The Pentagon’s “research, development, test, and evaluation (RDT&E) infrastructure is deteriorating and weakening the Department’s ability to maintain a technically advanced warfighting capability,” warned the report by the Office of the Under Secretary of Defense for Research and Engineering. “Authorized major military construction (MILCON) projects for modernization of critical joint-mission RDT&E infrastructure continually slip due to the services’ reprioritizing of scarce MILCON funds toward other operationally relevant priorities.” 

• It’s not entirely clear how much the fixes will cost, but the report recommends a fenced-off fund be fed with just under $5 billion over five years, starting with $650 million in the first year and ramping up to almost $952 million in year five, Breaking Defense reports. It does not explicitly say how big an increase this would be over current funding for lab infrastructure, and it’s difficult to calculate a baseline because, to date, there is no single line in budgets for the labs.

NEW CYBER RULES FOR EMERGENCY SYSTEMS, UNDERSEA CABLES: The Federal Communications Commission approved new rules Thursday that boost cybersecurity regulations for the nation’s emergency alert systems and update security rules for the nation’s undersea cables, CyberScoop reports. The new rule would overhaul two national emergency systems, the Emergency Alert System and Wireless Emergency Alerts, to better protect against hijacking attacks from malicious actors. The EAS is a national public warning system that state and local authorities use to disseminate information related to weather events, AMBER alerts and other emergencies via radio and television broadcasting stations. The WEA handles much of the same messaging via text.

• The Secret Service has serious gaps in its mobile device management and security practices, leading to heightened risks for the nation’s leaders, other protectees and its employees, according to an inspector general report published Thursday, FedScoop reports. The security and management gaps included a culture of using personal devices even in protective operations, a lack of security software on government-issued devices and the approval of apps containing vulnerabilities, among others. Much of the blame, per the report, lies with the Department of Homeland Security unit’s Office of the CIO, which is responsible for establishing security standards and ensuring compliance with policies.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

As frontier AI models become more capable at finding vulnerabilities, cybersecurity is entering a period where old timelines, disclosure norms and governance tools may no longer fit the speed of the technology. In this episode of Cyber Focus, Frank Cilluffo speaks with CyberScoop editor-in-chief Greg Otto about the recent controversy surrounding Anthropic’s Fable-5 and Mythos 5 models, the government’s use of export controls, and the difficulty of distinguishing between dangerous AI capability and legitimate defensive cyber use. The conversation moves from the Anthropic fight to a broader operational challenge: AI may help defenders discover more weaknesses, but organizations still have to validate, prioritize and fix them. Otto explains why vulnerability disclosure, patching, open-source security and public-private coordination are all being tested by AI’s pace — and why the most important question may not be whether AI can find the problem, but whether institutions can absorb what it reveals.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Agriculture

Another Russian dairy company reportedly disrupted by cyberattack

A cyberattack has snarled logistics and accounting operations at a dairy producer in Russia’s republic of Bashkortostan, forcing the company to process shipments and paperwork manually, according to local media. The attack affected the IT systems of Ufagormolzavod, a manufacturer based in Ufa, the regional capital, but did not interrupt production, the company’s chief executive, Ildar Faizullin, said. “Production has not stopped. Only the processing of documents and shipments has slowed down. The entire workforce has been mobilized to keep operations running,” he added. (THERECORD.MEDIA)

Breaches

Polymarket says hackers stole users’ funds

Prediction market giant Polymarket confirmed that hackers stole funds from an unspecified number of users after a third-party breach. In an X post on Thursday, Polymarket said that a compromise at a third-party vendor allowed hackers to inject malicious code into its website “for some users.” The company said it has “contained” the incident and is now contacting the affected victims and “refunding them in full.” As of Thursday afternoon, it’s unclear exactly what happened. (TECHCRUNCH.COM)

NAIC confirms June data breach

The National Association of Insurance Commissioners has confirmed it experienced a data breach earlier this month. According to a security update on its website, the NAIC identified, on or about June 11, unauthorized access to its PeopleSoft systems. The NAIC uses PeopleSoft primarily for internal financial reporting purposes, it said. Hackers were “able to obtain information needed to gain temporary access to certain data storage areas. The ability to gain this temporary access has been blocked and remediated,” NAIC said. (BUSINESSINSURANCE.COM)

Cybercrime

Poland busts SIM-swapping gang tied to millions in crypto theft

Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. The operation was carried out by the Polish Cybercrime Bureau (CBZC) with support from the FBI and Homeland Security Investigations (HSI) in the United States. According to investigators, the suspects carried out sophisticated cyberattacks to obtain data used in SIM-swapping attacks. (BLEEPINGCOMPUTER.COM)

PirloTV sports piracy network disrupted as 44 domains seized

A major sports piracy ring linked to the illegal PirloTV streaming platform has been disrupted in an action that targeted 44 domains. PirloTV is a network of websites that aggregate and embed links to unauthorized live sports streams, primarily soccer, replaying feeds from various licensed broadcasters, depending on the event. The platform, which does not stream content directly, is notorious for its aggressive migration to new domains following takedown actions from authorities. (BLEEPINGCOMPUTER.COM)

Drones

Ukraine’s growing drone armada is overwhelming Russia’s air defenses

Denys Shtylerman was surprised how many of his company’s drones were getting through as he watched footage of them slamming into an oil refinery on the edge of Moscow last week, sending plumes of black smoke billowing over the Russian capital. “We just used a big bunch of drones and they overwhelmed the Russian air-defense systems,” Shtylerman, the head designer at Fire Point, one of Ukraine’s largest defense manufacturers, said in an interview. Ukraine is swamping Russia’s air defenses with a growing armada of long-range drones that target refineries, port infrastructure, military industries and those air defenses themselves. (WSJ.COM)

Education

CMC releases analysis and guidance for education sector after Canvas data breach

The UK’s Cyber Monitoring Centre (CMC) has shared its analysis of the Canvas cyber incident affecting Instructure’s Learning Management System as the education technology firm prepares to share its own findings next week. The CMC said that approximately 160 UK higher education institutions were affected and threat actors exfiltrated confidential course and user data. In total, around 9000 educational institutions are thought to have been affected worldwide. While the incident has not met the CMC’s minimum category threshold, the review aims to better understand the financial impact of data breach events, inform the development of the CMC’s data breach analysis model and deepen insight into cyber risk within the UK higher education sector. (INFOSECURITY-MAGAZINE.COM)

Ransomware

Europe evolves into ransomware’s favorite region

A specter is haunting Europe — the specter of ransomware. After a global lull in 2024 and 2025, the ransomware-as-a-service (RaaS) ecosystem appears to be back to form, at least in Europe. Researchers from Black Kite tracked 684 publicly known ransomware attacks across the continent through the first four months of 2026. That’s 55% more than the 441 recorded in the first four months of 2025, even more than the 643 recorded through the first half of 2025. “Globally, the US absorbs almost half of all ransomware victims. Canada and the UK have traded second place. Europe was a step behind. Now that’s shifting,” Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, tells Dark Reading. He believes that at least a couple of factors are at play. (DARKREADING.COM)

Tactics

Malicious Edge extension abuses native messaging as bridge to malware

A malicious Microsoft Edge extension dubbed ‘Edgecution’ has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained by leveraging the Chrome Native Messaging protocol that allows browser extensions to interact with native desktop applications, such as a password manager communicating with the extension to fill in web forms. This allows the browser to launch the native application as a separate process and communicates with it over standard input/output data streams. (BLEEPINGCOMPUTER.COM)

Transportation

German rail services resume after wireless communications outage

Germany’s state-owned rail operator Deutsche Bahn restored train services early Wednesday after a technical failure in its railway communications network brought rail traffic across the country to a standstill for roughly two hours overnight, disrupting both long-distance and regional services. The outage, which began late Tuesday, halted trains nationwide and also affected S-Bahn commuter services connecting major cities with surrounding suburbs. While services resumed Wednesday morning, Deutsche Bahn warned passengers to expect lingering delays and cancellations. (THERECORD.MEDIA)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Trust in automated AI vulnerability scanning collapses to 9%, new study finds

A large number of false negatives has significantly eroded confidence in automated AI testing for vulnerabilities, a new study from Cobalt has found. The Cobalt State of Pentesting Report 2026 is based on two comparative surveys in 2025 and 2026 of around 450 cybersecurity professionals. It found that the percentage of organizations relying entirely on AI automation for testing sank from 29% to 9% over the period, with nearly half (47%) of respondents now preferring a hybrid testing model. (INFOSECURITY-MAGAZINE.COM)

Cybercrime

Twenty million U.S. IP connections used by proxy services

Millions of residential IP connections in the US are collected annually for use in proxy services, with many households unaware that they may ultimately be used by threat actors, a new report has warned. Non-profit the Digital Citizens Alliance claimed in a new report, Cybercrime by Doorbell, that an estimated 20 million or more connections end up as proxies, often without the knowledge of their owners. Although proxy services were originally introduced for legitimate business-oriented data collection, such as ad verification and geo-testing of websites, they’re increasingly used by state actors and cybercriminals alike, the report warned. (INFOSECURITY-MAGAZINE.COM)

ICS/OT

First-ever exploitation of PTC Windchill vulnerability discovered in the wild

Threat actors have successfully exploited a vulnerability in PTC Windchill in the wild, marking the first confirmed real-world abuse of the popular product lifecycle management (PLM) platform. The vulnerability is tracked as CVE-2026-12569 and it affects PTC’s Windchill and FlexPLM products. The improper input validation flaw can be exploited by a remote, unauthenticated attacker to execute arbitrary code via specially crafted requests. The cybersecurity agency CISA added the security hole to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal agencies to address it by June 28. (SECURITYWEEK.COM)

Malware

Chrome ad blocker with 10M-plus installs found with dormant script injection capability

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extension description states that it allows users to prevent web page elements like ads, including preroll ads, from being displayed on the video sharing platform, as well as on external sites that load YouTube. (THEHACKERNEWS.COM)

KuinaExtractor stealer targets browser data, crypto wallets, Roblox, Steam and Discord

A previously undocumented Rust-based infostealer they call KuinaExtractor, a family that has evolved from a capable early prototype into a hardened, stealth-focused threat now rebranded as “k0to.” Analysis of dozens of samples and function-level code comparisons reveals a clear single-operator lineage, steady feature expansion, and deliberate moves toward concealment rather than new capabilities. The actor’s artifacts shared mutex names, build-host paths, repeated Telegram handles and Vietnamese-language strings link the builds and point toward a Vietnamese-speaking developer and Vietnam-hosted infrastructure as supporting signals. (GBHACKERS.COM)

Miasma malware uses binding.gyp and Bun to execute hidden payloads in npm packages

Supply chain attackers are getting more creative, and the latest threat is proof of that. A malware campaign known as Miasma has been caught hiding inside widely used npm packages, using a clever mix of tools and techniques to stay hidden while stealing sensitive developer credentials. The attack involves packages tied to the LeoPlatform and RStreams ecosystems, which are used in data pipeline and cloud integration workflows. Malicious versions of over 20 npm packages were published within a tight window on June 24, 2026, catching many developers off guard. (CYBERSECURITYNEWS.COM)

Phishing

Bluekit phishing kit adopts browser-in-the-middle for login theft

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week, and by adding browser-in-the-middle (BitM) capabilities for improved data theft. First documented in April by Varonis researchers, Bluekit provides an AI assistant that supports multiple large language models (Llama, GPT-4.1, Claude, Gemini, and DeepSeek) for drafting phishing emails. At the time, the phishing kit offered “customers” 40 distinct templates targeting popular online services such as Outlook, Hotmail, Gmail, Yahoo, ProtonMail, iCloud, GitHub, and Ledger. (BLEEPINGCOMPUTER.COM)

Microsoft warns of photo ZIP phishing campaign targeting hotels with Node.js implant

An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says. The company has not attributed the activity to a known threat actor, and the operators’ end goal is still unclear. The lure plays to how hotels work. Phishing emails carry the display name “Booking Manager (via Calendly)” and reference guest complaints, bedbug infestations, room inquiries, health inspections, and stay reviews. (THEHACKERNEWS.COM)

Order-tracking app Shop abused to push callback phishing attacks

Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users’ order histories to trick them into providing sensitive data or installing remote access software. The Shop digital shopping assistant serves as a centralized platform where users can track orders from multiple online retailers, access receipts and shipping updates, and discover and purchase products from merchants that use Shopify. (BLEEPINGCOMPUTER.COM)

China

CL-STA-1062 targets Southeast Asian governments and critical infrastructure

Throughout 2025, we observed a cluster of activity targeting government entities and critical infrastructure in Southeast Asia. Specifically, the activity targeted state-owned enterprises in the energy and government sectors. The Chinese-speaking attackers behind this cluster, which we track as CL-STA-1062, have been active since at least March 2022. We assess with high confidence that this is the same cluster, known as UAT-7237, that was reported for its campaigns against web hosting infrastructure in Taiwan in mid 2025. We also observed CL-STA-1062 campaigns in earlier operations targeting strategic sectors in East Asia, indicating a broader, sustained regional focus. (UNIT42.PALOALTONETWORKS.COM)

China sharpens tools for hitting back at foreign sanctions

China is preparing new legal tools for striking back against economic pressure from abroad, raising risks for foreign businesses operating in the world’s second-largest economy. Senior lawmakers in Beijing reviewed a bill this week that would empower state prosecutors to file civil suits against foreign organizations and individuals who allegedly damage China’s interests, state media said. The proposed law on “procuratorial public-interest litigation” would add to an array of legal mechanisms that China has created in recent years to counter foreign sanctions and other forms of what Beijing considers coercion, particularly from the U.S. (WSJ.COM)

Fake USB sticks spread China-linked virus in Japan’s army

Fake USB sticks used by the Japanese army spread a China-linked computer virus inside a secure network for nearly a year before they were found to contain malware, Japan’s Nikkei newspaper reported on Thursday. The flash drives were delivered to Japan’s Ground Self-Defense Force during disaster relief operations in March 2024 following an earthquake in central Japan, the paper said, citing internal army documents. The infection was not discovered until February 2025, when a Japanese soldier in Itami, near Osaka, reported that a computer was operating slowly. (NEWSWEEK.COM)

Iran

Iran-linked CyberAv3ngers escalating cyber-psychological warfare against civilian alert systems

Researchers at Claroty‘s Team82 documented a cyber operation by Iran-linked attackers that targeted warning systems, calling it a ‘cyber-psychological operation.’ Rather than just causing conventional disruption, the attack engaged directly with the communication layer of critical alerting infrastructure. Team82 says the activity shows how geopolitically motivated threat actors are increasingly eyeing cyber-physical systems at the crossroads of public safety and operational continuity. Targeting warning systems specifically raises a broader risk of manipulating how alerts get generated or perceived, which compounds operational and psychological impact. (INDUSTRIALCYBER.CO)

How Iran devastated an American naval base — and caused a U.S. recalculation

When the Iranian missiles and drones came for the nerve center of America’s naval operations in the Middle East, some of them hit their mark. The U.S. Navy base in Bahrain was repeatedly targeted between late February and June. Strikes that got through caused extensive damage, according to a Wall Street Journal analysis of satellite imagery, social-media footage and interviews with current and former servicemembers — damage that the Pentagon hasn’t publicly acknowledged. Hit hard were the command headquarters and at least a dozen other buildings, along with two satellite communications terminals. (WSJ.COM)

North Korea

North Korea’s Kim calls for ‘destructive’ military posture as South vows to boost drones

North Korean leader Kim Jong Un observed major weapons tests and called for the military’s “deadly and destructive offensive posture” to be bolstered, state media reported today, as South Korea announced it would drastically boost its drone warfare capabilities. The development comes as tensions remain high on the Korean Peninsula, with Kim pushing to strengthen both nuclear and conventional military capabilities while refusing to return to talks with South Korea and the United States. The tests watched by Kim on Thursday were meant to evaluate the power of a “special mission” warhead for a tactical ballistic missile, an upgraded multiple rocket launch system and the hit accuracy of shells with an extended firing range of a self-propelled gun-howitzer, the official Korean Central News Agency said. (APNEWS.COM)

Russia

A $2.5 billion whodunit: The hack that dented the UK economy

Last year, hackers burrowed into the computer systems of Jaguar Land Rover, a crown jewel of British manufacturing. It was a devastating attack that forced Jaguar to lock down its computers and suspend production for five weeks. The hack even put a dent in the broader economy, making it the costliest cyberattack in the nation’s history. The hack was alarming, but also mysterious. There was never a demand for money, as is common in such intrusions. A loose collective of hackers that included some in Britain took credit. Their claim led to news media speculation that they were the culprits. They were not. A group of Russian hackers was responsible, according to five people familiar with an investigation into the hack. They spoke on the condition of anonymity because of the sensitivity of the case. (NYTIMES.COM)

Russian APT ‘Gamaredon’ upgrades its arsenal, requiring new defenses

A Russian cyber espionage group has improved a variety of its tactics, techniques, and procedures (TTPs), helping it become a more effective belligerent in the Ukraine war and beyond. Enterprises should implement fresh strategies to be effective against this adversary, which reaped dividends from the upgrade in terms of mounting larger and more successful cyberattacks. Organizations often grow stale and outmoded over time, but the Gamaredon group (aka Aqua Blizzard, Armageddon, BlueAlpha) is fighting back against old age. It’s been around since at least 2013 — a lifetime in hacker years — and it’s still one of the Russian government’s most active and evolving threat actors. (DARKREADING.COM)

Russian APT deploys ‘StockStay’ backdoor against Ukrainian targets

Russia-linked APT Turla has been targeting government and military organizations in Ukraine with a new backdoor specifically designed for espionage, Google Threat Intelligence Group (GTIG) reports. Also known as Krypton, Snake, Summit, UAC-0194, Venomous Bear, and Waterbug, Turla has been active since at least 2004. The U.S. officially linked the APT to Russia’s Federal Security Service (FSB) in 2023. According to a fresh GTIG report, Turla has been developing a .NET backdoor tracked as StockStay since 2022, and has been using it in attacks against Ukraine’s government and military, as well as against entities with an interest in Italian foreign policy. (SECURITYWEEK.COM)

Artificial intelligence

CRS tried to use AI, but less than 3% of results met their standards, director says

The Congressional Research Service has been testing artificial intelligence on bill summaries in an attempt to address its backlog, but less than 3% of the results met its standards, its director said Thursday. To improve it, Director Karen Donfried told the House Administration Committee during a hearing that the service needs a recurring $1.6 million to upgrade to more specialized and confidential models, as well as to staff five data scientists and AI developers. “AI is advancing rapidly, and CRS sees its potential to streamline our workflow and enhance our service to Congress,” she said in the hearing. “The use of AI, however, also carries risks of outdated information, hallucinations, bias and distortions.” (FEDSCOOP.COM)

AI as a higher headquarters

OPINION: The character of warfare is in a state of perpetual evolution, demanding that the Army seek a decisive edge through technological superiority. For the FY25 school year, the Command and General Staff College (CGSC) faculty explored how to utilize artificial intelligence (AI) to achieve training objectives at echelon. The integration of AI into the execution phase of the Operations Process represents the next frontier in this pursuit. Recent practical applications during the Advance Operations Course capstone LSCO exercise at CGSC have provided a concrete blueprint for how Large Language Models (LLMs) can revolutionize simulations by acting as a virtual Higher Headquarters. This would enable units at echelon to increase staff proficiency at the pace and convenience of their own schedule without impacting adjacent or higher organizations. (SMALLWARSJOURNAL.COM)

Cloud

GAO: Selected agencies need to better protect cloud data

Four selected agencies — the Departments of State, Transportation, Veterans Affairs (VA), and the Small Business Administration (SBA) — varied in their efforts to implement and ensure contractor compliance with three key cloud security practices. Specifically, one agency had fully implemented all three practices for two of its systems and one agency had fully implemented the practices for one of its systems. Although most of the agencies developed and implemented a plan for continuous monitoring, they did not always review continuous monitoring deliverables from the provider. Agencies fully implemented the practice regarding service level agreements for five out of eight systems. For the remaining three systems, agencies’ agreements did not consistently define performance metrics, including how they would be measured and the enforcement mechanisms. (GAO.GOV)

Defense

U.S. military’s weapons shortage shows few signs of easing soon

President Trump and senior Pentagon officials sought to solve the country’s munitions shortage by approaching the problem from two directions in meetings this week. They urged defense companies to speed up production of depleted weapons systems. And they pushed lawmakers to approve additional money to pay for the war against Iran, which helped to deplete munitions. It is likely to be an uphill battle. In a meeting at the White House on Wednesday, defense companies told Trump that they wanted more money to fund expanding production, according to two officials with knowledge of the meeting. (NYTIMES.COM)

Insurance

As cyber risk evolves, the insurance industry tightens guardrails

As the risk of cyberattacks has increased in recent years, the long-term financial consequences of such attacks have become a top concern for large enterprises, small to medium-sized businesses and even national governments. Cyberattacks can have devastating consequences on businesses, resulting in data loss, weeks of downtime and millions of dollars in lost sales. The cyber insurance market has matured as a tool to help protect against these risks, growing into a global $15 billion industry. But the insurance industry has major concerns about systemic cyber risk and will not function as a blank check to secure organizations from malicious attacks. (CYBERSECURITYDIVE.COM)

Nuclear

AI has helped to slash nuclear licensing review times, NRC official says

Artificial intelligence has already helped the Nuclear Regulatory Commission shave years off its typical licensing review process, an agency official said on Thursday. Now, the NRC is looking at how it can safely adopt other emerging capabilities to further speed up its review processes. Speaking at the ATARC AI for impact summit in Virginia, NRC Chief Data Officer and Deputy Chief AI Officer Basia Sall said uses of AI have built upon recent regulatory changes and federal guidance to turbocharge the once drawn-out procedure for granting licenses for nuclear facilities. “I’m happy to report we’ve already reduced the amount of time it takes for licensing,” Sall said. “For example, one type of licensing would take four years. We said we’re going to get it down to 18 months. We just finished that first round of that licensing in nine months.” (NEXTGOV.COM)

Quantum

OMB issues instructions for agency migration to quantum-proof encryption

The Office of Management and Budget issued a memorandum to federal agencies on Wednesday outlining the steps they need to take to migrate select government systems to post-quantum cryptography, or PQC, an encryption standard intended to withstand the anticipated code-breaking capacity of a fault-tolerant quantum computer. The memo expands on requirements outlined in President Donald Trump’s June 22 executive order on government PQC migration. The guidance has been in the works for approximately a year, with a draft version first reported in July 2025 by Nextgov/FCW. Multiple aspects from the draft memo made it into the final version, such as requirements for federal agencies to conduct inventories of their digital networks. The final version placed priority on migrating legacy systems and high-value assets. (NEXTGOV.COM)

Resilience

Evaluating Mexico’s new cybersecurity plan

Mexico recently unveiled a new National Cybersecurity Plan to be implemented over the remainder of this decade. The proposed plan lays the foundation to address the top cybersecurity threats Mexico has identified, including organized crime, geopolitical threats, and emerging artificial intelligence (AI) threats. The plan comes at a critical moment, as repeated cyber incidents across federal, state, and local institutions in Mexico have exposed the need for a more coordinated national response to reduce the risk of data theft, ransomware, service disruptions, and institutional reputational damage. (RECORDEDFUTURE.COM)

Water

NIST offers security guidance for water utilities using remote-access tools

Water utilities that use remote-access software should carefully restrict access, enforce multifactor authentication (MFA) and maintain comprehensive access logs to help them investigate possible breaches, the National Institute of Standards and Technology (NIST) said in guidance published on Wednesday. The secure remote-access guidance, developed through NIST’s National Cybersecurity Center of Excellence (NCCoE), lists security considerations and describes how water utilities can implement remote access through either on-premises or cloud environments. Remote-access software is one of the water sector’s biggest cybersecurity weaknesses, enabling several Iran-linked cyberattack campaigns against U.S. water systems. (CYBERSECURITYDIVE.COM)

Data center energy bill hits speed bump

A call from a powerful House Democrat to impose a nationwide moratorium on new data center development exposed new divisions in Congress over how aggressively to regulate the fast-moving industry — and whether to act at all. The surprise call from Energy and Commerce ranking member Frank Pallone (D-N.J.) overshadowed a vote Wednesday on bipartisan legislation to make sure ratepayers don’t foot the bill for energy infrastructure associated with data center expansion. And even if the Ratepayer Protection Act can get through the House, top Senate lawmakers are divided on how and whether to move forward with federal data center legislation. Pallone, who would take over Energy and Commerce next year should Democrats win back the House, called that bill and others being considered by the Energy Subcommittee “not nearly enough.” (POLITICO.COM)

House breakthrough on kids online safety faces long odds in Senate

The clock is ticking for Congress to pass kids online safety legislation before the end of the year, but clashing priorities between the Senate and House are complicating a path forward. In a rare breakthrough this week, lawmakers in the House reached a bipartisan deal on a package of kids safety bills, but it quickly met pushback from their Senate counterparts who are doubling down on their own versions, including one that could have the backing of the White House. Facing pressure for years from kids safety groups, lawmakers have introduced dozens of bills to regulate social media and AI chatbots, but long-standing disagreements have stopped nearly everything from passing in time. (THEHILL.COM)

CISA adds two known exploited vulnerabilities to catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability and CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

CHINA MARITIME: On June 26, the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security will host a fireside chat with Rear Admiral Jay Tarriela of the Philippines Coast Guard on maritime security developments in the South China Sea.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders. 

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP