Cyber Briefing – June 3, 2026
TODAY’S TOP 5
NEW AI EXECUTIVE ORDER SIGNED: President Donald Trump finally found an artificial intelligence policy he can live with, POLITICO reports. In a quiet action with none of his usual fanfare, Trump issued an executive order Tuesday that seeks to address the potentially catastrophic cybersecurity threats posed by artificial intelligence. But the directive calls for less-advanced government scrutiny than the White House had been set to impose last month — the AI industry’s latest victory in its push to avert heavier federal oversight. It still represents more government scrutiny than some AI industry representatives had wanted. Trump privately signed the order earlier Tuesday, two White House officials familiar with the matter told POLITICO.
- The EO does not detail how the NSA will define “covered frontier models,” although it does require the NSA to consult with a wide range of other agencies, from Commerce to Homeland Security to the Treasury, Breaking Defense reports. While most of the system the executive order set up is indeed voluntary, there’s no opting-out of the NSA oversight. Instead, the document directs the NSA to “develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models” — that is, to assess whether or not any given AI could be a dangerously powerful tool for hackers. The AI developers themselves may or may not be informed of those assessments, “as appropriate.”
- It was messy, muted and far less ambitious than Silicon Valley’s critics had hoped for. But supporters of tougher federal scrutiny of artificial intelligence still see Trump’s much-awaited AI executive order as a long-term win for their side, POLITICO reports. Tuesday’s order, signed with no celebration after weeks of mixed signals from the White House, nonetheless represents a sea change in Washington’s willingness to tighten oversight of the technology, a politically diverse array of advocates for tougher AI rules told POLITICO. And they say it could soon pave the way for mandatory vetting, federal pre-approval of advanced AI systems and other regulations. Even more striking is that the order came from a Trump administration determined to beat China in the race for AI supremacy — and to eliminate red tape that could get in the way.
- Leading artificial intelligence developer Anthropic hosted briefing sessions for federal agency chief information officers in early May, several sources familiar with the sessions told Nextgov/FCW. Meetings occurred May 7 and May 8. While briefing topics varied, they focused on defending digital assets from cyber threats powered by advanced AI models including Anthropic’s Mythos Preview, the sources said.
- Anthropic on Tuesday said an additional 150 partners in more than 15 countries will gain access to its powerful Mythos artificial intelligence model, which has proven adept at finding software vulnerabilities, CNBC reports. The startup said the expansion of Project Glasswing includes industries that weren’t well represented in the initial launch, such as power, water, healthcare, communications and hardware. New partners will need to meet security requirements before gaining access to the model. “This expansion is the next step toward our long-term goals: for AI to make all software more secure, and for us to help the industry adjust to how AI could change many of the core assumptions of cybersecurity,” the company said in a blog post.
- Researchers at the University of Toronto say they have found a way to use artificial intelligence to create a dangerous computer “worm” capable of targeting any known flaw in the world’s computers and quickly spreading mayhem throughout the internet, The New York Times reports. The computer scientists said in a paper published on Tuesday night that this program could be built and that a prototype they had created spread across a test network with no human intervention. The researchers kept their test network isolated from the public internet. They also redacted some details from the paper describing how they built the worm so that hackers would not be able to use the paper as a blueprint for attacks.
DATA CENTER BUILD-OUT FALLING WAY BEHIND SCHEDULE: Tech companies are earmarking unprecedented sums of money to finance the build-out of massive data centers, with a planned $80 billion equity-raise by Google parent being the latest example. But even as the piles of capital secured have grown ever larger, the ability to deploy it in the artificial intelligence race has become less certain, The Wall Street Journal reports. Supply-chain backlogs, permitting fights and availability of power supplies are among the issues that have caused the construction of data centers to fall behind targeted timelines, with the gap growing wider in recent months: A JP Morgan analysis last month found that more than 60% of data center capacity planned for completion in 2027 isn’t yet under construction, and another 7% is delayed.
- Texas’ main power grid operator approved two landmark sets of rules Tuesday that would shape the future of data centers in the state if finalized, E&E News reports. One package establishes new criteria and processes for bringing big electricity users onto the grid — by reviewing them in batches. The other rules require data centers and cryptocurrency-mining facilities to stay online during brief grid disruptions, attempting to mitigate a risk of cascading outages that could imperil the entire electric system.
- Air-cooled condenser arrays in four data centers near Phoenix created thermal plumes that raised temperatures between 1.3 and 4 degrees Fahrenheit in neighborhoods a third of a mile away, Arizona State University researchers found, Utility Dive reports. The discharge was 14 to 25 degrees F higher than the air immediately around the condenser arrays, according to the study, Data Center Waste Heat as an Emerging Urban Thermal Hazard. With the number of data centers in the United States expected to double by 2030, these higher temperatures could pose a problem, says research lead David Sailor, director of ASU’s School of Geographical Sciences and Urban Planning.
WATCH: Discussion on findings from the Commission on Cyber Force Generation at CSIS today at 6:15 p.m. EST
CYBER FORCE COMMISSION REPORT: A possible new uniformed service focused solely on cyberspace operations would require an initial budget of at least $10 billion, according to a new report. There has been a growing chorus in recent years calling for an independent cyber force to remedy readiness shortfalls with the underlying cyber personnel in the military and inconsistencies across each of those services, Breaking Defense reports. Currently, each of the military services — all with their own personnel polices, troop rotations, and pay scales — are responsible for providing personnel for a set number of teams to U.S. Cyber Command, which then employs those forces in operations for the other geographic combatant commands. That report was published Tuesday by the Commission on U.S. Cyber Force Generation — launched in September by the Center for Strategic and International Studies (CSIS), in partnership with the Cyber Solarium Commission 2.0 (CSC 2.0) project at the Foundation for Defense of Democracies. The commission is made up of several recently retired two- and three-star cyber commanders, former top Pentagon cyber officials, and mid-level cyber personnel.
INTEGRATING CYBER INTO ALL DEFENSE OPERATIONS: The Pentagon is focusing on integrating cyber into all its operations, and wants to make sure it integrates security into artificial intelligence usage from the outset, the Defense Department’s top cyber policy official said Tuesday, CyberScoop reports. Recent conflicts have made clear how important cyber is, said Katherine Sutton, assistant secretary for cyber policy and principal cyber adviser at DOD — especially when it’s paired with physical force. Defense officials have noted that there’s been a cultural shift on the importance of cyber at the department since the war in Iran and the capture of Venezuelan leader Nicolas Maduro. “Information is becoming more and more important on the battlefield, so having the ability to integrate space, cyber and other non-kinetic effects to be able to degrade that information advantage is something that’s going to be critical and foundational to any future conflicts going forward,” she said at the GDIT’s Emerge: Battlespace of the Future conference, hosted by Scoop News Group.
- The Pentagon’s top IT officer is pushing for a more forceful and aggressive “foundational cybersecurity” posture, not just for the military, but for the contracting community as well, Breaking Defense reports. “Our posture extends beyond our own digital networks into yours, our defense industrial base,” Department of Defense Chief Information Officer Kirsten Davie said at the TechNet Cyber conference. “A compromise at a small supplier can jeopardize a warfighter making a real time decision, and I don’t think that’s acceptable for any one of us in this room. That should make us all very uncomfortable, that that small of a compromise can impact a war fighter out at the edge. Let’s put a greater focus on our foundational cybersecurity.”
- While small drones increase the distance at which small units can identify or destroy an adversary target, Marines are still contending with how much those systems weigh and the “cognitive drains” it takes to operate them, a service official said Tuesday. Early in the Pentagon’s latest, sweeping crusade to put a slew of drones into the hands of troops, military officials identified that adopting small unmanned aerial systems comes with its tradeoffs, DefenseScoop reports. Soldiers and Marines, who have become primary adopters of small drones and already carry a suite of conventional weapons, supplies and radios, for example, are contending with the extra pounds that come with ground control systems, batteries, ordnance and the UAS themselves.
- On any given day, the Army needs up to 20 people to monitor screens for potential threats — a requirement so labor-intensive that the service at one point pulled cooks from the mess hall overseas to help the half-dozen troops assigned to the task. In addition to the drain on soldiers, it delays crucial defenses when the aerial threats are complex and seconds matter, The Wall Street Journal reports. “What you’ll see is there are a lot of different systems in here, and these systems don’t necessarily talk to each other—they don’t show the same picture,” said Maj. Ben Schiff, a software operations officer based in Europe who has been working with the Ukrainian military on drone and missile threats. But in recent weeks, Army officials say they have found a solution by convincing defense contractors to share data with one another, something companies have long resisted amid fears of losing intellectual property to competitors. The removal of software restrictions on the service’s weapons and radar systems—a technique known as “jailbreaking”—required the service to waive more than 700 pages of regulatory requirements.
GAO CALLS FOR BETTER HEALTH RECORDS CYBERSECURITY COORDINATION: The Department of Defense (DOD) has primary responsibility for ensuring the cybersecurity of the federal electronic health record (EHR). The Federal Electronic Health Record Modernization office (FEHRM) is responsible for providing direction and oversight on joint functions. To that end, the FEHRM works to improve interagency cybersecurity and privacy collaboration by providing opportunities for partner agencies to coordinate and by initiating joint activities to enhance the security of the system. Accordingly, the FEHRM facilitated collaboration among partner agencies; however, the collaboration would be improved by fully addressing leading practices, the Government Accountability Office said. For example, it has not fully articulated specific or common goals or outcomes related to the cybersecurity of the EHR or the privacy of data within it. Further, the FEHRM reported that it did not have related performance measures for monitoring progress towards these outcomes.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
NEW: In this episode of Cyber Focus, Frank Cilluffo speaks with Geoffrey Fowler, head of public engagement for the Youth AI Safety Institute at Common Sense Media, about why AI requires a different kind of safety framework than movies, apps, games or social media. Fowler argues that generative AI is not static content; it is dynamic, conversational, multipurpose and capable of changing from one interaction to the next based on the user, the prompt, the model and the length of the conversation. The conversation explores how AI products that appear friendly, educational or therapeutic can create new risks for children, from emotional dependency and privacy concerns to unsafe mental-health guidance and weakening guardrails over extended conversations. Fowler explains how Common Sense Media is working to build independent AI safety ratings for kids, modeled in part on crash testing for cars: transparent evaluations that help parents and schools make better decisions while pushing companies toward safer design.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Biothreats
WHO scales back number of suspected Ebola cases in Congo, but front-line medics say major challenges remain
The United Nations’ World Health Organization significantly scaled back on Tuesday the number of suspected Ebola cases in central Africa, lowering it to 116 from more than 900, with 330 total cases confirmed. The WHO said that as of May 31, there were 116 suspected cases of the deadly virus registered in Democratic Republic of Congo — a massive reduction from the 906 that had been on the books late last week. In total, there were 321 cases confirmed in the DRC, including 48 people who had died, while neighboring Uganda had nine confirmed cases, including one death. (CBSNEWS.COM)
Breaches
Data of 600,000 Gaza households exposed in WFP cyberattack
A cyberattack targeting the World Food Programme has exposed sensitive personal information belonging to some 600,000 households in Gaza, the UN’s food agency has confirmed, in what may be the largest-known breach of humanitarian beneficiary data to date. WFP is investigating a “security-related incident” in which “unauthorised actors” accessed personal information submitted by Palestinians in Gaza, the agency said in a statement sent to aid recipients via Telegram on May 31. The exposed information included names, ID and mobile numbers, and location data, the statement said. (THENEWHUMANITARIAN.ORG)
Streaming service Tving confirms third party user data leak
Personal information of users of the Korean streaming platform Tving has been leaked in a data breach, the streaming platform said on Wednesday. The breached data includes personal information of its users such as names, date of birth, sex, phone numbers, usernames and email addresses. The data was leaked by “an unauthorized external party” but no further details were provided in a notice posted on the platform’s website. (KOREAJOONGANGDAILY.COM)
Cybercrime
29 arrested as law enforcement strikes criminal networks behind illegal streaming
Criminal networks making millions from illegal access to premium sports broadcasts, film and television channels have been targeted in a major international operation coordinated by Bulgaria with Europol’s support. The seven-month operation resulted in 29 arrests, the dismantling of nine organised crime groups and the removal of over 27 000 illegal streaming URLs. Operation KRATOS 2 brought together law enforcement authorities from across Europe and beyond to target criminal groups profiting from the unauthorised distribution of copyrighted content through sophisticated online platforms. (EUROPOL.EUROPA.EU)
Financial
Global stock exchange hit by months-long email campaign
An unknown hacker or hackers managed to spy on a senior member of an unnamed global stock exchange for at least five months. Lots of questions still surround an email spying campaign reported by Symantec and Carbon Black this week, like who was behind it and how they obtained initial access. What’s clear is that some threat actor subtly, meticulously crept into a high-ranking finance executive’s Microsoft Outlook mailbox and siphoned off months’ worth of emails. Those emails likely contained intimate information about the target’s organization, from contacts and calendar events to the details of specific business deals. Considering the nature of the target’s organization — a major financial exchange — that intelligence could have been of significant value to businesses, investors, or a foreign government. (DARKREADING.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Threat actor uses AI to build EDR evasion tools
A threat actor has been observed using AI coding tools to develop and refine malware designed to slip past endpoint detection and response (EDR) software, in what was presented as a red team project. The activity was uncovered by Sophos X-Ops. According to new analysis from its Counter Threat Unit, the activity was discovered after an unusual endpoint in a customer environment raised alerts for malicious files in a local test folder. Those files, alongside a linked Git repository, revealed a lab built to develop evasion tooling and test it against EDR agents from Sophos, CrowdStrike and Microsoft. Many of the Python scripts were partly AI-generated and written in Russian. (INFOSECURITY-MAGAZINE.COM)
Communications
Critical vulnerability in HP VoIP phones enables enterprise network breaches
A critical-severity vulnerability in multiple HP Poly Voice VoIP phone models can be exploited for remote code execution (RCE) with root privileges, allowing attackers to gain a foothold in enterprise networks, Rapid7 warns. Tracked as CVE-2026-0826 (CVSS score of 9.2), the bug is described as a stack-based buffer overflow issue in the parsing of Session Description Protocol (SDP) attributes and affects devices that have the Interactive Connectivity Establishment (ICE) feature enabled. The security defect was identified in a function that parses individual components of candidate attributes. The parsing function is called during the processing of SDP data, when ICE is enabled. (SECURITYWEEK.COM)
Dark web
Infosecurity Europe: AI-powered cybercrime tools surge on dark web
There has been an explosion in AI-powered cybercrime tooling available on underground marketplaces over recent months, according to a leading ransomware expert. Cynthia Kaiser, SVP Ransomware Research Center at Halcyon, is also a former FBI deputy cyber director and White House advisor. At Infosecurity Europe on 2 June, she said that her time in government made her realize that tackling cyber threats is the national security challenge of our lifetime. “It’s scary to look at some of the most powerful people in the world and see the fear in their eyes and know that’s because of what people are doing at keyboards thousands of miles away,” she told attendees. (INFOSECURITY-MAGAZINE.COM)
Espionage
HazyBeacon campaign abuses AWS for stealthy C2 communications
A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels that are difficult for defenders to detect. The campaign primarily targets government networks in Southeast Asia and represents a growing shift toward cloud-native attack infrastructure. This misconfiguration enables threat actors to create covert communication relays within trusted AWS environments, effectively masking malicious traffic as legitimate cloud activity. (GBHACKERS.COM)
Malware
Fake purchase orders spread JS.MonoGlyphRAT in U.S. enterprise attacks
Hackers are using highly convincing fake purchase orders and sales documents to sneak a new JavaScript backdoor, JS.MonoGlyphRAT, into US enterprises, where it quietly establishes persistence and enables full remote control of infected systems. The malware arrives as a .js attachment masquerading as a purchase order, quotation, or business proposal, and it encourages staff in procurement, sales, or finance to double‑click and execute it. Once launched, it runs under wscript.exe, blends into normal Windows activity, and silently contacts a command‑and‑control (C2) server over HTTP to register the host and receive commands. (GBHACKERS.COM)
Weedhack attacks Minecraft users, CountLoader hits 86K, miners spread via pirated content
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820 unique malicious JAR files and over 240 URLs responsible for distributing the malware have been identified. (THEHACKERNEWS.COM)
Phishing
FBI-flagged phishing kit Kali365 expands its reach
The operators of Kali365, a phishing-as-a-service platform that drew considerable attention for helping attackers bypass multifactor authentication (MFA) on Microsoft 365 accounts, have significantly broadened both their capabilities and their target list. In a report released this week, Arctic Wolf described Kali365 as evolving from a purely Microsoft-focused phishing kit to a broader account-compromise platform that targets digital identities across AWS, Okta, Xerox DocuShare, and several Russian online services. The most notable among them is MAX Messenger, a Russian state-backed messaging platform with more than 80 million users that the Russian government has promoted as the country’s national message service. (DARKREADING.COM)
Vulnerabilities
How one line of code put billions of Microsoft Android app downloads at risk
Six Microsoft 365 Android apps contain an identical flaw that could risk billions of downloads being compromised. The findings, shared exclusively with SecurityWeek ahead of the expected public release of the research on Tuesday, were uncovered by Enclave, an AI-powered exploitable bug hunter. It is nothing more than a single debug flag being left in the production code of Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop and OneNote for Android. Someone left debug mode enabled in production: – set IsDebugMode(true). This was enabled across all six apps, but was not enabled in other Microsoft (MS) apps such as Teams. These were not affected by any consequent potential exploitation attempt. (SECURITYWEEK.COM)
New HTTP/2 Bomb vulnerability allows remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. “The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining together two known techniques: a compression bomb and a Slowloris-style hold. (THEHACKERNEWS.COM)
Critical Kirki flaw exploited to hijack WordPress admin accounts
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours. The full name of the plugin is Kirki – Freeform Page Builder, Website Builder & Customizer. It is a freeform visual builder and advanced theme customizer active on more than 500,000 websites. (BLEEPINGCOMPUTER.COM)
Oracle’s first monthly patches resolve 77 vulnerabilities
Oracle has debuted its monthly Critical Security Patch Update (CSPU) with patches for 77 vulnerabilities, including a dozen critical-severity flaws. Announced in early May, the monthly rollouts are meant to supplement the quarterly Critical Patch Update (CPU) fixes and resolve high-priority issues faster. The first CSPU landed at the end of May and will be followed by another in mid-June. July will see the release of a quarterly CPU, with two additional CSPUs planned for August 18 and September 15. (SECURITYWEEK.COM)

ADVERSARIES
China
Commerce Department admits failure to enforce AI export controls on China
The United States may have allowed American firms to sell an untold number of high-end chips to China for over a year. On May 31, the Commerce Department issued guidance clarifying new enforcement actions to restrict the sale of high-end U.S. artificial intelligence (AI) chips to Chinese subsidiaries located outside of China. This guidance, which notes both that these sales require a license and that firms could continue to operate already-purchased components, suggests that American firms had illicitly sold these components to Chinese firms. The updated enforcement posture highlights the Commerce Department’s previous failure to regulate U.S. AI exports to Chinese firms while showcasing the need for stronger, more clearly enforceable controls. (FDD.ORG)
Russia
Gamaredon x Turla: Unveiling a 2025 espionage alliance targeting Ukraine
ESET researchers Matthieu Faou and Zoltán Rusnák present the first technical evidence that Gamaredon actively facilitated Turla’s access to high-value Ukrainian targets in Ukraine. Across incidents observed between February and June 2025, Gamaredon tooling, including PteroGraphin and PteroOdd, was used to deploy Turla’s Kazuar backdoor and, in at least one case, restore Turla’s access after the group appeared to have lost its foothold. The talk opens with a current view of Gamaredon’s tradecraft. Still one of the most active espionage actors targeting Ukraine, the group relies on relentless spearphishing, lightweight custom tooling, and fast operational tempo to compromise military and government organizations. (SENTINELONE.COM)
Russia claims foreign spy agencies hacked officials’ phones
Russia’s domestic security agency on Tuesday accused foreign intelligence services of conducting an espionage operation against senior Russian officials, alleging that spies used the infrastructure and capabilities of major international technology companies to secretly collect sensitive government information. In a statement, Russia’s Federal Security Service (FSB) said it had uncovered what it described as a “large-scale operation” involving malicious software installed on the mobile devices of senior Russian officials. The agency alleged the malware was used to extract data, intercept communications and conduct covert audio and video surveillance. (THERECORD.MEDIA)

GOVERNMENT AND INDUSTRY
Artificial intelligence
U.S. opposes global AI standards but sees value coordinating on ‘real-world harms,’ State official says
Although the Trump administration is opposed to working with international governing bodies to establish any frameworks around the use and development of AI technologies, a top State Department official said conversations are still taking place with allies about coordinating responses to certain national security threats. During an Atlantic Council event on Monday, Under Secretary of State for Economic Affairs Jacob Helberg said the White House “is highly skeptical of supranational bodies in the business of governance,” but added that the administration is open to closer global collaboration on other tech- and cyber-related issues despite its “America First” agenda. (NEXTGOV.COM)
AI cyber risks are testing the office built to coordinate them
OPINION: Artificial intelligence (AI) models with increasingly sophisticated cyber capabilities are forcing a basic institutional question: Is the federal government prepared to help public and private actors anticipate and respond to the risks those models may create? A review of the administration’s whipsaw approach to AI-related cyber risks indicates that a component of that preparedness—the Office of the National Cyber Director (ONCD)—may not be fulfilling its intended purpose. More specifically, the ONCD does not seem to be leveraging its cyber expertise to inform and coordinate the executive branch’s response to emerging issues. (LAWFAREMEDIA.ORG)
Maryland’s new AI Innovation Lab to help state agencies adopt, experiment with tech
Maryland Gov. Wes Moore announced the launch last week of an AI Innovation Lab, a new initiative that aims to equip state agencies with the tools to adopt and experiment with the emerging technology across their operations. The lab, which will be housed within Maryland’s Department of Information Technology, will give the state’s agencies access to a controlled sandbox environment for securely testing AI tools. They will also have access to ready-to-use software packages through the lab that will help them rapidly build and prototype those solutions. Some of those solutions include a tech stack to power chatbots, architecture sessions to try new AI offerings and access to the state’s first AI red-teaming service, which is a testing process where security professionals act as hackers to probe AI systems, stress-testing them to ensure the product’s security. (STATESCOOP.COM)
Biometrics
FBI looks to beef up its biometric matching capabilities
The FBI is asking providers of biometric matching algorithms to participate in market research as the bureau looks to expand the range and quality of its identification and investigative processes, per documents published Friday. Prospective partners on the project will need to be able to handle an average monthly search volume of 3,500 iris scans, 4,800 facial images and millions of fingerprint records to meet the FBI’s requirements. The selected algorithm will support and be integrated into the FBI’s Next Generation Identification system, currently overseen by the agency’s Criminal Justice Information Services Division. (FEDSCOOP.COM)
Defense
Combatant commanders tour SNC’s Rocky Mountain Campus for updates on C2, comms protocols
Senior military officials from U.S. Transportation Command and U.S. Strategic Command toured Sierra Nevada Corporation’s Rocky Mountain Campus in Colorado on Monday, where they received executive briefings on modernization efforts to enable next-generation command and control. This engagement comes as America’s adversaries are actively attempting to disrupt industrial supply lines and degrade the military’s communication networks. “From the connectivity perspective, absolutely, we’re in the same place. [The two commands] face the same challenges,” Transcom commander Gen. Randall Reed said. “So, there’s an opportunity for our common needs to help inform the entire joint force.” (DEFENSESCOOP.COM)
Health care
AI governance playbook calls for enterprise risk controls
Risk managers are worried about the governance of artificial intelligence tools in healthcare settings: Sensitive patient information could be shared by a publicly accessible chatbot. A hacker could insert a fake medical image data into an AI radiology tool. Worst-case scenario: A large language model could hallucinate the wrong diagnosis or drug recommendation, leading to patient harm or even death. “With AI, data governance in healthcare organizations is becoming much more complicated due to all of these flows of data, both within the organization and to third parties,” said regulatory attorney Jordan Cohen, a partner of the law firm Akerman LLP. (HEALTHCAREINFOSECURITY.COM)
Leadership
Trump names housing official Bill Pulte as acting U.S. spymaster
President Donald Trump has named a housing official to serve as acting Director of National Intelligence (DNI), the country’s top spy chief who oversees 18 government intelligence agencies. Bill Pulte, part of a powerful home-building dynasty and a private equity financier, has no known background in intelligence, and his selection to temporarily fill the position is stirring controversy among lawmakers and others. Pulte has been accused of using his role of director of the Federal Housing Finance Agency to target Trump’s perceived enemies by making criminal referrals over claims of mortgage fraud. Outgoing Director Tulsi Gabbard’s last day is 30 June. (BBC.COM)
Resilience
2026 State of Modern Application and AI Security
A new report from CSA and Miggo Security explores how the “patch gap” leaves organizations exposed as exploitation timelines compress and AI accelerates both vulnerability discovery and exploit generation. It also examines why organizations increasingly need runtime visibility, exploitability validation, and mitigation capabilities. The findings reveal that most organizations struggle to distinguish exploitable vulnerabilities from theoretical findings, limiting confidence in prioritization and enforcement decisions. At the same time, investment priorities are beginning to shift toward runtime security, continuous monitoring, and production defense. Organizations are adapting to faster-moving threats and AI-driven application behavior. (CLOUDSECURITYALLIANCE.ORG)
Risk management
Infosecurity Europe: NCSC urges immediate action to boost resilience as uncertainty persists
Security teams must improve collaboration and enhance cyber resilience if they are to survive in an increasingly volatile world, one of the UK’s leading cybersecurity agencies has warned. Speaking at Infosecurity Europe on June 2, National Cyber Security Centre (NCSC) director of operations, Paul Chichester, shared his vision of the threat landscape, and what organizations must do to manage risk at a time of tremendous change. Despite having observed the “arc of cybersecurity” for over three decades, Chichester admitted “now is perhaps the first time I’m not sure ‘where next?’.” That’s down to a confluence of technological change, geopolitical uncertainty, and threat landscape evolution. (INFOSECURITY-MAGAZINE.COM)
LEGISLATIVE UPDATES
Democratic senators push for AI guardrails on military in NDAA
Democratic senators are hoping to add guardrails on the military’s AI use to an annual defense policy bill as the House Armed Services Committee prepares to debate the massive legislation on Thursday. Sen. Kirsten Gillibrand (D-N.Y.) introduced a bill Tuesday that would limit AI use for launching nuclear weapons, surveilling Americans and developing or deploying autonomous weapons. She plans to offer elements of the measure as an amendment to the Senate version of the National Defense Authorization Act (NDAA), a congressional aide told The Hill on Tuesday. The Senate is expected to start the markup of the bill next week. (THEHILL.COM)
Sanders: Give public 50 percent stake in AI companies
Sen. Bernie Sanders (I-Vt.) on Monday said that he will soon introduce a bill proposing to give the public a 50 percent stake in large artificial intelligence (AI) companies. In a nearly seven-minute video message, the progressive senator said that he will introduce the AI Sovereign Wealth Fund Act “in the coming weeks.” He said that the legislation would give the public “a direct ownership stake” in the country’s largest AI companies via a one-time, 50 percent tax on their stocks. (THEHILL.COM)
COMMITTEE ACTIVITY
INDUSTRIAL BASE: The House Small Business Committee will hold a June 3 hearing on restoring the industrial base and the role of small businesses in national security.
BUDGET: The House Homeland Security Committee will hold a June 3 hearing to review the Fiscal Year 2027 Budget Request for DHS.
DATA SECURITY: The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade will hold a June 3 hearing examining legislation to establish a federal comprehensive privacy and data security law.
EDUCATION: The House Education and Workforce Subcommittee on Higher Education and Workforce Development will hold a June 3 hearing on higher education in the age of AI.
AI SECURITY: The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a June 4 hearing on how frontier models, agentic AI and AI coding tools are reshaping cybersecurity and critical infrastructure resilience.
PNT: The House Energy and Commerce Subcommittee on Communications and Technology will hold a June 4 hearing examining positioning, navigation and timing capabilities in the United States.
CHINA: The House Foreign Affairs East Asia and Pacific Subcommittee will hold a June 4 hearing on China’s role in the fentanyl crisis.
ALERTS AND ADVISORIES
CISA and partners urge hardening automatic tank gauge systems
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA) — hereafter referred to as “the authoring organizations” — are aware of malicious cyber activity targeting U.S.-based automatic tank gauge (ATG) systems. ATG systems are widely used throughout the Energy, Chemical, Food and Agriculture, and Transportation Systems Sectors for automated and remote monitoring of storage tank parameters, including fuel and liquid levels, temperature, and possible leak detection. The authoring organizations urge ATG owners and operators to defend against this malicious activity by securing their ATG systems with strong passwords and by removing them from the internet to reduce public exposure. (IC3.GOV)
CISA adds two known exploited vulnerabilities to catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2022-0492 Linux Kernel Improper Authentication Vulnerability, CVE-2025-48595 Android Framework Integer Overflow Vulnerability. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?
CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.
DEFENSE: On June 3 the Indo-Pacific Security Initiative (IPSI) and the Transatlantic Security Initiative (TSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security will host a seminar on upgrading transregional defense partnerships. This event is part of IPSI’s Cross-Strait and Beyond Seminar Series, which informs the public debate on key issues for Taiwan and the United States, held in partnership with the Taipei Economic and Cultural Representative Office in the United States.
DATA CENTERS: Join the CSIS Economic Security and Technology Department’s Matt Pearl, Aalok Mehta, Joseph Majkut, and Philip Luck on June 4 for a discussion on the rapid expansion of data centers and what it means for the future of AI, energy, and U.S. competitiveness. As artificial intelligence accelerates demand for compute power, data centers have emerged as a critical piece of strategic infrastructure shaping electricity demand, industrial policy, environmental debates, and global technology competition.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
MARITIME: The Stephenson Ocean Security Project highlights the ways that global security challenges arise from marine resource competition and works towards solutions that support sustainable development, coalition building, and the need for American leadership. This year’s forum on June 9 will discuss the escalating pressure facing global maritime governance from a variety of crisis points and how this pressure is affecting shared governance of the maritime commonwealth and our ability to grapple with common challenges including marine resource management, illegal fishing, supply chain transparency, and human rights at sea. This year’s forum is co-hosted in partnership with the CSIS Human Rights Initiative.
AI ECONOMY: How can AI be deployed effectively to enhance economic mobility and ensure the benefits of AI systems are reaped widely? On June 10, the Brookings Center on Regulation and Markets will host a fireside chat with Neil Thompson, director of the FutureTech project at MIT, to explore the intersection of AI and economic mobility.
DIB: Join Hudson Institute for a June 11 fireside chat between Hudson Senior Fellow Nadia Schadlow and Deputy Assistant Secretary for Industrial Base Growth and Director of the Office of Small Business Programs James Mismash. The discussion will explore current efforts to strengthen the defense industrial base, expand industrial capacity, and foster greater participation and competition across the national security ecosystem.
SECURITY POLICY: From AI and drone warfare to global alliances and economic security, America and its allies need “New Rules” to compete, deter, and win in the 21st century. Join leading voices in national security for an exclusive, all-day Center for a New American Security conference on June 11 at the forefront of today’s most consequential issues — from AI and cybersecurity to the latest developments in Iran, economic statecraft, and America’s strategic readiness across the world.
NORTH KOREA: On June 12 join the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security for the launch of Nonresident Senior Fellow Jieun Baek’s latest book, “Privileged but Powerless.” Baek’s second book on North Korea draws on hundreds of hours of rigorous fieldwork and interviews with defectors to examine a surprising yet critical vector of regime instability. In a fireside chat, Baek will discuss how North Korea’s system of privilege and control shapes elite insecurity at the highest levels of the regime.
DIB: Join CNAS on June 16 for a fireside conversation with DoD’s Michael Cadenazzi examining the challenges and priorities shaping U.S. munitions production and defense industrial base policy. This event will examine how policymakers, industry partners, and acquisition officials can work together to build the surge capacity the United States needs, in a focused conversation on the future of U.S. munitions production and defense industrial base policy.
NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.
NUCLEAR: For the first time, the United States is preparing to deter two nuclear adversaries, Russia and China. In today’s post-New START environment, U.S. adversaries remain committed to weakening American resolve and undermining Washington’s commitment to its allies. Join Hudson Senior Fellow and Keystone Defense Initiative Director Dr. Rebeccah Heinrichs and Administrator of the National Nuclear Security Administration Brandon Williams for a June 18 discussion on the administration’s priorities in strengthening the U.S. nuclear enterprise.
GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS