Cyber Briefing – June 30, 2026

DIGITAL PRIVACY RULING AT SCOTUS: The Supreme Court on Monday said that police must generally obtain a warrant to gather detailed location data tracked by smartphones, in a case that brings into sharper relief the Constitution’s protections for Americans’ digital privacy, The Washington Post reports. In a 6-3 vote that scrambled ideological lines, the majority found that a request by police officers for Google to turn over a robbery suspect’s location history constituted a search protected by the Constitution’s guarantee to be free of unreasonable searches and seizures. “An individual has a reasonable expectation of privacy in records about his cell phone’s location, and police intrude on that constitutionally protected interest when they demand the information — even though for only a limited time, and from a third-party tech company,” Justice Elena Kagan wrote for the majority.

• The issue at the center of Chatrie v. United States arose after a man armed with a gun entered a federal credit union outside Richmond, Va., and gave the teller a note demanding money. He made off with nearly $200,000, but law enforcement officials did not have any leads until they served Google with a geofence warrant, which directed the tech company to provide location data for cellphone users who were near the bank at the time of the robbery. The information that Google provided to law enforcement officials came in three tranches, SCOTUS Blog reports. First, Google gave law enforcement officials a list of the 19 accounts (but without the names attached to those accounts) linked to devices that were within 150 meters of the bank during the 30 minutes before and after the robbery. Second, based on that list of 19 accounts, the government asked for additional information about nine accounts that were in the area during a two-hour period. At the third step, a detective asked for, and received, the names and information associated with three accounts – one of which was Chatrie’s.

CHINA AND THE STRATEGIC IMPORTANCE OF NEXT-GEN POWER: On Dec. 20, 2025, the China National Nuclear Corporation (CNNC) announced that Chaotan One, the world’s first commercial supercritical carbon dioxide power generator, began commercial operations. Chaotan One is a joint effort developed by the CNNC and the Nuclear Power Institute of China (NPIC) and is the world’s first commercial 2×15 megawatt (MW) supercritical CO₂ waste-heat power generation demonstration project. While platforms like autonomous drones and artificial intelligence (AI)-enabled weapon systems dominate discussions on irregular warfare and strategic competition, the energy systems required to power these technologies receive little attention by comparison, Hugh Harsono writes at Small Wars Journal. In this context, the race to commercialize and industrialize supercritical CO2 (sCO2) systems is a critical national security imperative that will dictate which military forces can sustain high-power operations in contested, austere environments.

• China is emerging from the Iran war energy crisis with clear economic and geopolitical advantages, a new report argued. China’s oil stockpiles and deep push into renewables helped shield the country from the worst of the disruptions from the Strait of Hormuz’s closure, unlike several Asian economies that had to enact emergency fuel rations and work-from-home orders, Semafor reports. China’s relative insulation from supply and price shocks will “deepen economic dependencies” that Beijing could leverage for geopolitical advantage as it presents itself as “the stable global partner of choice,” The Asia Group wrote. Countries are buying more clean tech from China as a result of the war, and “even some U.S. partners will have incentives to hedge back” toward Beijing.

• Tens of millions of Americans trust U.S. financial institutions with their life savings. People give these platforms their most sensitive data and rely on them to save for a home, build a college fund or prepare for retirement. But these institutions are being exploited by the People’s Republic of China. The PRC wields U.S. market access as a weapon: a tool for capital theft, intelligence collection and economic espionage operating at scale, Ritchie Torres and Don Graves write at The Washington Post. Beijing seeks to embed itself in the digital underpinnings of American life, like connected hardware in homes and fintech platforms carrying sensitive financial data. 

WATER SYSTEM HIT: Russian cybercriminals managed to hack into a Quebec municipality’s water treatment plant systems and had the ability to wreak havoc on the crucial infrastructure before getting caught, according to Canada’s cyber spy agency. In its latest annual report released Monday, the Communications Security Establishment (CSE) said that it detected over 3,200 cyber incidents affecting either federal government organizations or one of 10 of the country’s critical infrastructure sectors, such as energy, critical minerals and water, the National Post reports. In one particular case discussed in the report, the signals intelligence agency said it was advised last October that Russian hacktivist group NoName had broken into the Quebec water plant’s network and gained access to many crucial systems.

• Nation-state threat actors continue to attack systems that regulate, distribute and protect water, but adversary objectives in these attacks can be more complex than they might first appear, Dark Reading reports. That’s according to threat intelligence provider DomainTools, which last week published research concerning recent nation-state targeting of water systems as far back as 2024. The research carried particular focus on how and why cyber adversaries are going after the infrastructure. The intersection of “cyberattacks” and “water systems” is inherently alarming, as it calls to mind “cyber Pearl Harbor” scenarios where criminals attempt to stop the flow of, or poison, a community’s water supply.

• Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees, Ars Technica reports. The operation has been active since at least March, when the FBI published an advisory warning of ongoing phishing campaigns targeting high-value targets by attackers associated with Russian intelligence services. Messages masquerading as automated support communications ask that users click a link or provide verification codes or account passcodes. In the event the user complies, they unknowingly link the attacker’s device to their account or have their account completely taken over and are locked out.

DRONE STRIKE AT JFK: A passenger jet reported striking a drone while approaching JFK International Airport on Monday, and just hours later, a helicopter pilot alerted a close call with a remote-control airplane near the same airport, The Associated Press reports. The Federal Aviation Administration is investigating the first incident that happened as a JetBlue plane passed through 3,000 feet Monday morning while it was crossing the coastline. The plane landed safely in New York without any additional help, and no damage was found when the plane was inspected afterwards. “We collided with a drone back there in the turn,” the pilot told an air traffic controller, according to ATC.com. “It hit us right above the cockpit.” 

• Self-flying fighter jets, uncrewed submarines and drones will be at the center of Britain’s future military under a defense plan being announced Tuesday that reflects a world of conflicts transformed by technology, The Associated Press reports. The Defense Investment Plan has been repeatedly delayed as military leaders and Treasury officials wrangled over the cost of equipping the U.K. military for an increasingly dangerous world. Like other NATO countries, the U.K. is under pressure to increase defense spending to counter a more aggressive Russia and less reliable United States. John Healey resigned as defense secretary on June 11, accusing the government of being unwilling to spend enough on the military at a time of “rising threats.”

GAO FLAGS TELECOM ADMIN’S IT FLAWS: The National Telecommunications and Information Administration (NTIA) has yet to implement most of the Government Accountability Office’s (GAO) priority recommendations for improving the agency’s operations, including modernizing legacy IT systems, according to a report released Monday, MeriTalk reports. The federal watchdog said it identified 11 priority recommendations for NTIA in July 2025. Since then, NTIA has implemented only one, leaving 10 recommendations still open, GAO said. Among the most significant outstanding issues is NTIA’s effort to modernize the custom IT systems it uses to manage federal radio-frequency spectrum. 

• Given the extensive use of information systems in government operations, it is essential that federal agencies have effective controls over these systems. The Federal Information System Controls Audit Manual (FISCAM) provides auditors a methodology and framework for assessing the design, implementation and operating effectiveness of information system controls in accordance with the Yellow Book. This June 2026 revision replaces the 2024 version of FISCAM.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

As frontier AI models become more capable at finding vulnerabilities, cybersecurity is entering a period where old timelines, disclosure norms and governance tools may no longer fit the speed of the technology. In this episode of Cyber Focus, Frank Cilluffo speaks with CyberScoop editor-in-chief Greg Otto about the recent controversy surrounding Anthropic’s Fable-5 and Mythos 5 models, the government’s use of export controls, and the difficulty of distinguishing between dangerous AI capability and legitimate defensive cyber use. The conversation moves from the Anthropic fight to a broader operational challenge: AI may help defenders discover more weaknesses, but organizations still have to validate, prioritize and fix them. Otto explains why vulnerability disclosure, patching, open-source security and public-private coordination are all being tested by AI’s pace — and why the most important question may not be whether AI can find the problem, but whether institutions can absorb what it reveals.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Commercial

Japan hotel industry targeted with TONResolver RAT and guest complaint phishing emails

Japan’s hotel sector is the latest target of a sophisticated phishing and remote-access trojan (RAT) campaign that leverages guest-complaint lures and an unusual resilience mechanism: a TON blockchain–based dead-drop resolver. Beginning in late May 2026, attackers sent highly targeted emails to Booking.com partner properties in Japan with subject lines such as “重要：ゲスト滞在レビュー依頼” (Important: Guest Stay Review Request) and “【重要】お客様からの重大な苦情に関するご連絡.” The messages requested that staff review photos or evidence via a hyperlink. (GBHACKERS.COM)

Cybercrime

DOJ seizes 400 illegal FIFA World Cup streaming domains

The Department of Justice has seized nearly 400 internet domains that were illegally streaming FIFA World Cup 2026 matches. The operation, known as Operation Offsides, targeted websites that distributed unauthorized live broadcasts and highlighted the cybersecurity risks often associated with illegal streaming platforms. According to the DOJ, the seized websites provided unauthorized real-time streams of World Cup matches in violation of US copyright law. (TECHREPUBLIC.COM)

Ukraine to use seized crypto from cybercrime group to buy war bonds

Ukraine plans to convert several million dollars’ worth of cryptocurrency seized from an alleged international cybercrime group into government war bonds, the first time the country has used confiscated digital assets to support its wartime economy, according to state authorities. Ukraine’s Asset Recovery and Management Agency (ARMA), which manages property seized in criminal proceedings, said more than $8.3 million in cryptocurrency had been transferred to its official digital wallet following a court order. (THERECORD.MEDIA)

Government

Washington Department of Social and Health Services announces massive data breach involving personal information

The Washington Department of Social and Health Services (DSHS) is issuing a notice of a massive data breach that happened in March, potentially compromising the personal data of around 8,600 people. An internal investigation revealed that a former DSHS employee accessed the data without authorization. The investigation determined that the employee viewed specific client accounts for “reasons unrelated to their job duties,” DSHS said. (KIRO7.COM)

Health care

UK healthcare sector records tenfold increase in cyberattacks

The UK’s healthcare sector is being “stress-tested to breaking point,” with a tenfold increase in attacks during January-May 2026 compared to the whole of 2025, according to SonicWall. The security vendor’s data comes from its intrusion prevention system (IPS) sensors dispersed across UK healthcare clients. They recorded 264,000 individual events in the first five months of the year compared to just 27,000 for 2025. (INFOSECURITY-MAGAZINE.COM)

Manufacturing

Blackfield ransomware asks Nidec Corporation for $2 million ransom

The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. Nidec is a leader in producing motors of all sizes, from micro-precision ones used in phones and hard drives to heavy-duty motors for robotics, elevators, and large HVAC systems. The company also designs motors for electric vehicles, electric power steering systems, and advanced driver-assistance systems. (BLEEPINGCOMPUTER.COM)

Ransomware

Over 300 UK firms hit by ransomware in a year

UK organizations suffered more than 26 successful ransomware attacks each month last year, with SMEs hit hardest, according to new data from Report Fraud. The UK’s cybercrime and fraud reporting service was contacted by 323 corporate ransomware victims between April 2025 and March 2026, according to City of London Police. Over 50% of reports were from small and mid-sized companies. Financial losses associated with these incidents increased 50% annually to around £270,000 ($357,000), although the police force admitted this was likely an underestimate given many businesses do not fully disclose the figure. (INFOSECURITY-MAGAZINE.COM)

Scams

212 new Venezuela earthquake domains prompt donation scam warnings

A rush of new websites referencing Venezuela’s June earthquake has added a new online risk to an already urgent humanitarian crisis, with researchers warning that donation pages, missing person listings, and crypto payment requests need careful checks before people share money or personal details. WhoisXML API, a cyber threat intelligence provider, said its latest review found 212 domains registered between 24 and 28 June 2026 that clearly reference the Venezuela earthquake. The company said the names were pulled from its newly registered domain feed and filtered for terms linked to Venezuela, local place names, earthquake wording, and aid-related phrases. (HACKREAD.COM)

Transportation

Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs

Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Friday, Nissan Americas said Oracle had informed it of “a cyber event” involving the personnel records of “hundreds of companies.” The automaker said it later learned Nissan had been “specifically targeted” in the attack. (THEREGISTER.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Malware

‘Djinn’ stealer targets cloud, AI credentials

Vulnerabilities in remote monitoring and management (RMM) tools can give attackers a direct path into enterprise environments, often with the same trusted access that IT administrators rely on to remotely manage systems. A recent intrusion campaign shows how quickly attackers can leverage that access to deploy malware and establish a broad foothold across enterprise networks. The attack began with the threat actor exploiting CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, an RMM platform used by more than 6,000 organizations to manage millions of endpoint devices, eventually delivering a second-stage payload dubbed Djinn Stealer. (DARKREADING.COM)

Transportation

New controller flaws expose highway signs and billboards to remote hacking

Critical and high-severity vulnerabilities in some Daktronics controllers could allow hackers to tamper with highway signs and billboards, according to the cybersecurity researcher who discovered the flaws. Daktronics is an American company that designs, manufactures, and services large-scale LED video displays, electronic scoreboards, digital billboards, and dynamic audio systems. Its displays can be seen worldwide, spanning everything from high school gymnasiums and professional sports arenas to highways, international airports, and metropolitan billboards. (SECURITYWEEK.COM)

Vulnerabilities

Hackers now exploit critical Oracle E-Business flaw in attacks

Attackers have begun exploiting a critical vulnerability (tracked as CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. This security flaw was found in the File Transmission component of EBS’s Oracle Payments product and enables unauthenticated malicious actors with HTTP network access to take over vulnerable systems through low-complexity attacks. Oracle released security updates to address the vulnerability with its May 2026 Critical Security Patch Update and urged customers to patch their systems immediately. (BLEEPINGCOMPUTER.COM)

AirDrop and Quick Share flaws let nearby attackers trigger crashes and bypass checks

Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt. The same research found Quick Share flaws that bypass Samsung’s session checks and trigger a potentially exploitable crash in Google’s Windows app. (THEHACKERNEWS.COM)

Critical SimpleHelp vulnerability exploited for malware delivery

A recent authentication bypass vulnerability in the SimpleHelp remote monitoring and management (RMM) software has been exploited for malware delivery. Tracked as CVE-2026-48558 (CVSS score of 10), the bug impacts SimpleHelp’s OpenID Connect (OIDC) authentication flow and allows a remote attacker to obtain a fully authenticated technician session. The issue exists because, when OIDC authentication is configured, the application does not verify the cryptographic signature of identity tokens, allowing an unauthenticated attacker to submit a forged token during login. (SECURITYWEEK.COM)

Progress Kemp LoadMaster flaw could let attackers run root commands pre-auth

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published its advisory on June 4 and says it has not received any reports of exploitation. On June 29, researchers at watchTowr Labs published a detailed technical write-up that walks through the full exploit chain. (THEHACKERNEWS.COM)

China

Lost in translation: How a premier Chinese think tank views U.S.-Chinese competition

OPINION: On May 13, 2026, Air Force One landed in Beijing for President Donald Trump’s first state visit to China in nearly a decade. That same morning, the China Institutes of Contemporary International Relations published a report titled The Evolving World and the Right Way to China-US Coexistence. The summit dominated global media coverage for two days. The report received almost none. The Beijing summit produced familiar imagery: honor guards, a state banquet in the Great Hall of the People, and carefully choreographed warmth. Chinese leader Xi Jinping announced that both sides had agreed to “strategic stability” as a framework for the next three years, and both leaders praised the collegial atmosphere. (WARONTHEROCKS.COM)

Mustang Panda targets India’s government and energy sectors with ZOHOMURK and MINIRECON

Acronis Threat Research Unit (TRU) has been tracking two concurrent campaigns orchestrated by Mustang Panda targeting Indian government entities, delivering new malware implants and abusing Zoho WorkDrive, a legitimate cloud storage platform commonly used in the Indian government sector. The two identified campaigns target India’s hydropower sector and government entities engaged in cooperation agreements (MOUs) with Taiwanese government institutions, leveraging a newly discovered malware toolkit comprising SHARDLOADER, MINIRECON and ZOHOMURK. (ACRONIS.COM)

Russia

Moscow is attacked by dozens of drones, its mayor says

Moscow came under a major drone attack overnight, the city’s mayor said Tuesday, less than two weeks after Ukraine launched a large-scale drone assault on the Russian capital. Mayor Sergei Sobyanin reported several waves of drones, starting Monday night. He said on Telegram that Russian air defenses had shot down more than 60 drones, and that emergency services were working at crash sites. He did not mention any injuries. Sobyanin did not say where the drones had come from, and there was no immediate public comment from the authorities in Ukraine. (NYTIMES.COM)

Where did all these passports come from? Russia’s manipulation of citizenship as hybrid warfare in Ukraine

OPINION: Even long before Russia’s full-scale invasion of Ukraine in 2022, the Kremlin employed various “hybrid” methods to extend its influence within Ukrainian territory, including by cultivating allies in Ukrainian government circles in the years after the 1991 breakup of the Soviet Union and by supporting oligarchs in their drive for control over sectors of Ukraine’s economy. With its 2014 capture of Crimea and parts of eastern Ukraine and subsequent full-scale invasion eight years later, it has manipulated citizenship and the granting of Russian passports in various ways to justify its invasion and consolidate control over occupied Ukrainian territory. These tactics of hybrid warfare have significantly supplemented the power of Russia’s conventional military operations to exert political and administrative control over occupied populations. (JUSTSECURITY.ORG)

Artificial intelligence

How the AI bubble could pop and take down the global economy, according to the BIS

The central bank for central banks is concerned about the eye-watering sums being invested into AI, and it’s raising the specter of a global recession should the bubble burst. In its annual report for 2026, the Bank for International Settlements compared the current craze to historical events, including canal and British railway mania in the 1800s, electrification exuberance of the 1920s, and the dotcom boom of the 1990s. The report states: “all shared one common trait: a genuine technological breakthrough that attracted capital in excess of what commercial returns could ultimately justify. (THEREGISTER.COM)

Can frontier AI labs lawfully agree to pause?

OPINION: Anthropic’s essay closes with a call for a slowdown in AI development to deal with the implications of RSI. It suggests that it “would be good for the world to have the option to slow or temporarily pause frontier AI development” and that if systems existed that could verify peer company compliance, “we expect that we would slow down or temporarily pause, if other developers at or near the frontier also did so in a verifiable manner.” This is a market-leading company publicly stating that it is prepared to halt development of its most important and financially lucrative products, provided that its competitors verifiably do the same. (LAWFAREMEDIA.ORG)

Poll finds bipartisan support for tighter AI regulation

There is bipartisan support for tighter regulation on AI, according to a new poll. In the Artificial Intelligence Policy Institute (AIPI) poll, 68 percent of respondents said they would be in favor of the government making “a formal review process for the most advanced AI models before they can be widely released.” Twenty percent of respondents in the same poll said that they were in favor of the government leaning “mostly on companies to test their own AI models,” intervening “mainly after problems occur.” Twelve percent were unsure about which choice they favored. (THEHILL.COM)

California agencies get access to Anthropic’s AI tools at half price

California Gov. Gavin Newsom on Monday announced that the state has negotiated a contract with Anthropic to provide agencies access to Claude, the company’s AI assistant, with the aim of improving government operations and public services. Under the agreement, state agencies can use Anthropic’s tools at a 50% discounted rate, to streamline administrative work, analyze large volumes of information, draft documents and improve constituent services. The agreement includes the same offer for California’s local governments. Newsom said in a press release that generative AI deployments should augment, not replace, state employees, and that agencies remain responsible for ensuring accuracy, transparency and privacy protections. According to the announcement, deployments will be evaluated on a case-by-case basis under California’s AI policies. (STATESCOOP.COM)

Austria urges Anthropic to move to EU to avoid U.S. controls

Stung by the Trump administration’s export controls on Anthropic’s most powerful cyber-capable artificial intelligence models, Mythos and Fable, the Austrian government wants Europe to tempt Anthropic into moving across the Atlantic. “Let us jointly explore the strategic establishment and participation of Anthropic within the European Union – with legal certainty, market access, capital and a set of values that suits this company,” Alexander Pröll, the Austrian state secretary for digitalization, wrote in a letter sent Saturday afternoon to Henna Virkkunen, the European Commission’s vice president for tech sovereignty. (GOVINFOSECURITY.COM)

Europe will never be an AI superpower

OPINION: The U.S. government’s decision this month to impose sweeping export controls on the most advanced Anthropic models, Mythos 5 and Fable 5, made Europe’s dependence on leading U.S. artificial intelligence providers starkly clear. Even if the U.S. government were to lift these restrictions soon, it is obvious that this can happen again at any time. Similarly, the growing scarcity of AI computing power makes political intervention to prioritize the needs of U.S. users a constant possibility. Without a change of course, Europe risks becoming a tech backwater cut off from the most advanced capabilities, with possibly disastrous consequences for its security and prosperity. (FOREIGNPOLICY.COM)

Defense

Navy sees scores of applications for tech-focused Reserve unit, mirroring Army push

The Navy announced a search to recruit commercial technology experts into the unit on June 12, and said it’s seeking those with experience in cybersecurity, artificial intelligence, autonomous and unmanned systems, among other things. Specifically, the Navy said it wants senior engineers, software architects and other technical leaders for the new unit. “We’ve gotten over 200 applications for the direct commission officer program as it stands right now, and a lot of these are senior executives from the names you’d recognize, both on the traditional tech scene, whether it’s from hyperscalers or defense primes, all the way down to some of the vibey startups in El Segundo, in Austin, and elsewhere,” Benjamin Kohlmann, assistant secretary of the Navy for Manpower and Reserve Affairs, told Breaking Defense. (BREAKINGDEFENSE.COM)

Drones

U.S. Army wants up to 100 drone boats to fill watercraft gap in Pacific

As the Army contends with a shortage of ships to carry troops and supplies in the Pacific, it’s pressing contract vessels into service – and looking to a future in which dozens of heavy-duty autonomous watercraft take on a significant portion of the task. The Army’s little-known fleet of watercraft included about 70 Pacific-based vessels in 2024, down from 134 in 2018. According to a Government Accountability Office report published two years ago, the mission-capable rate of the remaining vessels has sharply declined, from more than 70% in 2020 to less than 40% in 2024. (DEFENSENEWS.COM)

Transcom seeks partners to study autonomous, cargo-moving drone boats for future ops

U.S. Transportation Command wants to partner with external stakeholders to explore integrating autonomous and remotely piloted drone boats into its global mobility network and military supply chains. Participants interested in entering new cooperative research and development agreements with the combatant command to study “the uses, limitations, and delivered value” of Maritime Autonomous Surface Ships (MASS) for moving military personnel and cargo are invited to submit white papers by July 6. “CRADAs resulting from this announcement are forecast to be in effect for approximately a 2-year period, although duration can be tailored to suit the parties’ interests before or even after work begins, by mutual agreement,” officials wrote in a recent request for information. (DEFENSESCOOP.COM)

Marine Corps inks first contract for autonomous ground vehicle production

The Marine Corps will pay Overland AI $19.7 million to produce more than a dozen autonomous ground vehicles by early 2027. The vehicles, due to be delivered in about nine months, will be part of the Marine Air Defense Integrated Systems program, which is part of the service’s counterdrone approach, and support resupply missions. “Ground autonomy matters now more than ever. We’re seeing the proliferation of uncrewed ground vehicles in conflicts like the one in Ukraine, and tech maturity is really there,” Byron Boots, Overland AI’s CEO told reporters. “We’re registering extremely high demand from U.S. operational units who want to incorporate this technology into their concepts of operation.” (DEFENSEONE.COM)

ICS/OT

OTCC warns AI is challenging long-held assumptions around patching, risk scoring and OT cyber defense

The Operational Technology Cybersecurity Coalition (OTCC) warned that AI (artificial intelligence) is fundamentally reshaping assumptions underpinning OT (operational technology) cybersecurity, compressing attack timelines from days to hours and exposing the limits of traditional defenses such as patch-first security models and static risk scoring. During the second session of its AI Working Group Series, industry and government participants argued that OT security must increasingly prioritize resilience, operational consequence, machine-speed detection, and secure-by-design engineering as critical infrastructure operators confront a threat landscape in which AI increasingly empowers both attackers and defenders. (INDUSTRIALCYBER.CO)

Intelligence

Inside intelligence agencies, a fight over building a master list of spies

The Trump administration is demanding that American intelligence officials turn over the names of all foreign espionage targets, including suspected spies and potential recruits, to create a master list that some officials fear will be misused or compromise operations, according to people familiar with the matter. The effort by the Office of the Director of National Intelligence has intensified in recent months, frustrating counterparts at the F.B.I. and C.I.A., who are skeptical of the claims that a master list is necessary to avoid inadvertent conflicts between agencies and to better track foreign intelligence threats in real time. The office was established in the wake of the Sept. 11 attacks to streamline coordination among the intelligence agencies. (NYTIMES.COM)

Regulations

Brussels claps back at Trump’s tech threats

The European Commission fired back Monday at Donald Trump’s fresh tariff threats against Europe’s tech rules, just as EU and U.S. officials opened talks in Washington meant to repair their increasingly strained digital relationship. A delegation led by the EU’s top tech official, Roberto Viola, is in Washington until Wednesday for what the Commission is calling a “dialogue on a future potential dialogue” with its U.S. counterparts. The visit comes after the U.S. president threatened new tariffs on EU countries that impose digital service taxes on American tech companies in a post on his social media platform Friday. The U.S. State Department also called recent EU initiatives to boost tech sovereignty “protectionist,” in a comment to POLITICO on Sunday. (POLITICO.EU)

Space

Space Force approves new satellite jammer for operational use

The Space Force formally accepted its Meadowlands jammer for operational use earlier this month, an upgrade to its current electronic warfare portfolio. Built by L3Harris, the upgraded satellite signal jammer is more mobile and compact than its predecessor, the Counter Communications System. The company delivered the first Meadowlands production unit late last year and is working toward a delivery cadence of one unit per month. The operational acceptance milestone, which the service announced June 26, paves the way for the Space Force to employ the system in combat. (AIRANDSPACEFORCES.COM)

House passes kids online safety package despite watchdog pushback

The House passed a sprawling package of kids online safety bills Monday night, marking the first time a version of the landmark Kids Online Safety Act (KOSA) made it out of the lower chamber. The House passed the Kids Internet and Digital Safety (KIDS) Act in a 267-117 vote, with 47 members not voting. The package, taken from portions of 14 digital safety bills, was brought to the floor Monday under a fast-track process called suspension of the rules, which requires two-thirds majority support for passage. (THEHILL.COM)

Warner bill would create federally vetted list for secure, trustworthy AI agents

A new Senate draft bill would establish a list of AI agent software providers that people can use to establish human ownership and securely run agents on social media and other online platforms. The Artificial Intelligence Access, Gatekeeper Exchange, and Nondiscriminatory Transfer (AI AGENT) Act, led by Sen. Mark Warner (D-Va.), would allow end users of large online platforms with more than 50 million customers or subscribers per month the right to choose at least one AI agent provider who complies with security and identity standards developed by the Federal Trade Commission. Such agents are increasingly making decisions on behalf of users, like shopping, posting content on social media, or changing account settings, sometimes without the user’s consent or knowledge. (CYBERSCOOP.COM)

Top Trump officials face bipartisan questions in first all-member Iran briefings

Lawmakers of both parties questioned Secretary of State Marco Rubio and top Middle East envoy Steve Witkoff Monday in the first broad congressional briefings on President Donald Trump’s Iran deal. While Democrats asked some of the sharpest questions, participants in an afternoon conference call with House members said, Rep. Darrell Issa (R-Calif.) at one point pressed the administration officials on the fate of Iran’s stockpile of near-bomb-grade uranium. According to two people granted anonymity to disclose the private remarks, Witkoff and Rubio repeated assurances the administration has privately made to select lawmakers in prior briefings — that the goal is to negotiate a final deal that would prohibit Iran from keeping its highly enriched uranium. (POLITICO.COM)

COMMITTEE ACTIVITY

INTERNET: The House Judiciary Subcommittee on Courts, Intellectual Property, Artificial Intelligence, and the Internet will hold a June 30 hearing on IP and the Internet after 40.

TECH LEADERSHIP: The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade will hold a June 30 hearing on legislative proposals to secure U.S. technology leadership.

SPACE: The House Science, Space and Technology Committee will hold a July 1 hearing on advancing America’s space weather capabilities. 

DATA: The House Administration Subcommittee on Modernization and Innovation will hold a July 1 hearing on modernizing public access to legislative data and information.

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

DATA SECURITY: From surveillance-capable applications to data-harvesting platforms, foreign adversaries — particularly the Chinese Communist Party — are exploiting technology to access American data at an unprecedented scale. Join Rep. Nathaniel Moran (R-Texas) for a July 2 fireside discussion with Senior Fellow Jason Hsu to discuss the congressman’s bill, H.R. 7509, the Deterring Adversarial Access to Americans’ Data Act, and Congress’s role in facilitating public-private understanding in an era of great power competition.  

SOUTH CHINA SEA: The CSIS Southeast Asia Program and Asia Maritime Transparency Initiative are pleased to present the Sixteenth Annual CSIS South China Sea Conference. This full-day conference July 7 will feature keynote addresses and in-depth panel discussions on recent developments in disputed waters and the importance of the 10-year anniversary of the landmark South China Sea arbitration. Panels will address the state of play, legal developments and dispute management, evolving alliance networks, and the role of global stakeholders. 

COMMUNICATIONS: Join the American Enterprise Institute on July 8 for an exclusive look into the questions defining the Federal Communications Commission (FCC). This public event will begin with a fireside chat, featuring the FCC’s Arpan Sura and AEI’s Shane Tews, to examine the most pressing issues before the commission.

CHINA: Join Hudson Institute’s China Center on July 10 as Miles Yu hosts a panel examining Taiwan’s experience in handling national security cases, foreign interference, technology theft, election influence, proxy networks, and gray-zone legal warfare. The discussion will explore how authoritarian influence exploits democratic openness, social trust, local networks, and legal ambiguity.

AI CYBER DEFENSE: Join the CSIS Economic Security and Technology Department on July 15 for a discussion on the growing role of artificial intelligence in cyber defense and what it means for the future of national security, critical infrastructure protection, and digital resilience. As cyber threats become more sophisticated and persistent, governments and industry are increasingly turning to AI-enabled tools to detect intrusions, automate threat analysis, strengthen network defense, and respond to attacks at machine speed.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP