Cyber Briefing – June 5, 2026

DIRECTOR’S NOTE: Read here

DID LOOPHOLES LET CHINA GET ADVANCED AI CHIPS?: Trump officials have spent the past week embroiled in a remarkable argument — over what, exactly, their China tech policy has been for the past year, Bloomberg reports. The debate concerns whether the Trump administration narrowed the scope of U.S. restrictions on China’s tech sector far more than intended or publicly acknowledged, according to people familiar with the matter. The potential loopholes may have allowed Chinese companies like Alibaba Group Holding Ltd. to legally buy servers with Nvidia Corp.’s most advanced AI chips in most countries outside of China itself, the people said, asking not to be identified because the discussions are confidential.

• China is erecting walls to prevent money, technology and companies from leaving the country, The New York Times reports. This week, the State Council, China’s cabinet, announced new rules requiring national security screening for Chinese companies seeking to invest overseas. The move follows regulations introduced in April that allowed the authorities to intervene when foreign companies tried to relocate supply chains out of China. Taken together, the measures amount to a new blueprint for the economic fortress China is building around its technology and supply chains amid rising tensions with Europe and the United States.

• Chinese AI phenom DeepSeek is closing in on a $7.4 billion funding round, at around a $52 billion valuation, in one of the country’s largest startup raises, Semafor reports. Tech giant Tencent and battery pioneer CATL are reportedly among the investors in the maiden fundraise, along with a state-backed AI investment fund. DeepSeek and other Chinese startups are increasingly looking to take on Silicon Valley, using cheaper costs as their main selling point. A corporate spending tracker showed more US firms are making direct payments to DeepSeek.

GLOBAL PAUSE URGED IN AI DEVELOPMENT: Anthropic is calling for top artificial intelligence labs to weigh slowing the pace of development, suggesting that AI systems are advancing so rapidly that they may soon be able to improve themselves without human intervention in ways that could pose significant societal risks, The Wall Street Journal reports. The ability to slow global AI development would “likely be a good thing,” the company said Thursday in a blog post that disclosed internal data documenting how quickly its most advanced models are improving. The post, written by the head of its internal research institute and a company co-founder, noted that model advances appear to be on a path toward “recursive self-improvement,” when AI systems can improve on their own without human intervention. Some AI insiders have seen that threshold as a potential marker of danger and enormous societal upheaval.

DATA CENTERS HAD A ROUGH WEEK: California’s first-ever anti-data center ballot measure is shaping up to be an absolute shellacking for the tech industry — part of a wave of opposition rising across the country, as communities and lawmakers grapple with the frenzied push to build AI infrastructure, POLITICO reports. Monterey Park, a city of 60,000 people about 10 miles east of downtown Los Angeles, placed a measure on Tuesday’s ballot asking voters if they wanted to prohibit data centers in their city. The response, so far, has been an unequivocal “yes,” with 86 percent of votes counted as of Wednesday afternoon in favor of the proposal. 

• The North Carolina House passed a sweeping energy bill Wednesday that would impose new restrictions on data centers, offer a lifeline to coal-fired power plants and jeopardize the state’s long-term climate goal, E&E News reports. The measure passed 69-44 with two Democrats joining with Republicans to get it through the GOP-controlled chamber. Prior to the vote, several Democratic legislators expressed support for the proposed data center rules, such as requiring large computer warehouses to pay their own way. But the bill’s additional provisions turned off most members of the Democratic caucus. 

• Investor Kevin O’ Leary agreed to shrink a massive data center project by over 20,000 acres after a Utah state leader requested a major size reduction in response to public pushback, KUTV reports. Utah Senate President J. Stuart Adams said Monday that he sent a letter to O’Leary calling for a 75% size reduction to the data center project in Box Elder County. Adams demanded that he bring the project down from approximately 40,000 acres to about 10,000. O’ Leary responded on Thursday, agreeing to cut over 20,000 acres from the project, removing the land near the Locomotive Springs Waterfowl Management Area.

PENTAGON’S CYBER DEFENSE PLAN TO PROTECT CI: The Pentagon’s newest cyber organization, the Defense Cyber Defense Command (DCDC), is working to build out a framework for how to respond to cyberattacks against critical infrastructure in the homeland, according to a military official, Breaking Defense reports. “I’m currently assigned there to build out a [Joint Task Force Defense of Critical Infrastructure] framework and command and control footprint, because the most important thing, besides understanding the technology, the people, the processes, is who’s in control, who’s executing, what’s the common rail amongst all the authorizations that we have between CISA, FBI, Coast Guard, Department of War writ large,” Col. Adolph Rodriguez, director of Defense Critical Infrastructure at the DCDC, said at the TechNet Cyber conference Wednesday.

• U.S. Cyber Command’s new Cyber Warfare Innovation Center will pair operators and members of industry side by side in order to drive faster capabilities and tactics, and bridge the so-called valley of death, Breaking Defense reports. “For too long, prototypes developed by industry have withered in the so-called valley of death, failing to transition to operational use. We do not have the luxury of time anymore to let good technology sit on the shelf,” Katie Sutton, Assistant Secretary of Defense for Cyber Policy, said at the TechNet Cyber conference. “The Cyber Innovation Warfare Center, or the CWIC, will be our proving ground, a collaborative environment where operators and industry will sit side by side to test new concepts against realistic threats and operational scenarios.” CWIC is one of three enabling organizations under the so-called CYBERCOM 2.0 plan, the department’s push to improve how cyber forces are generated from the services to the command. The other two are a Cyber Talent Management Organization and an Advanced Cyber Training and Education Center.

HOUSE UNVILS AI BILL THAT WOULD PREEMPT STATE LAWS: Two key House lawmakers unveiled bipartisan artificial intelligence legislation on Thursday that would override some state AI laws and require top developers to disclose the safety and security risks of their new models, POLITICO reports. The rollout of the much-anticipated discussion draft by Reps. Jay Obernolte (R-Calif.) and Lori Trahan (D-Mass.) represents the first significant bipartisan effort to advance AI legislation before Congress’ August recess — and the last realistic chance to craft federal rules governing the technology before the midterm elections. The 269-page framework, which matches a version that POLITICO published earlier Thursday morning, would require top AI developers to create and implement plans to address the potentially catastrophic risks posed by their advanced models, including the potential for new systems to supercharge cybersecurity threats. It would also task third-party auditors with ensuring that AI companies comply with those plans.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

In this episode of Cyber Focus, Frank Cilluffo speaks with Geoffrey Fowler, head of public engagement for the Youth AI Safety Institute at Common Sense Media, about why AI requires a different kind of safety framework than movies, apps, games or social media. Fowler argues that generative AI is not static content; it is dynamic, conversational, multipurpose and capable of changing from one interaction to the next based on the user, the prompt, the model and the length of the conversation. The conversation explores how AI products that appear friendly, educational or therapeutic can create new risks for children, from emotional dependency and privacy concerns to unsafe mental-health guidance and weakening guardrails over extended conversations. Fowler explains how Common Sense Media is working to build independent AI safety ratings for kids, modeled in part on crash testing for cars: transparent evaluations that help parents and schools make better decisions while pushing companies toward safer design.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Breaches

Nightclub giant RCI says data breach affects 40,000 individuals

Adult nightclub giant RCI Hospitality Holdings has informed authorities that a data breach disclosed in April affects roughly 40,000 individuals. RCI Hospitality is one of the largest adult nightclub operators in the United States, and its portfolio also includes sports bars and dance clubs. The company told the SEC in mid-April that its RCI Internet Services subsidiary discovered an insecure direct object reference (IDOR) vulnerability on March 23 in an IIS web server, allowing unauthorized access to personal information. (SECURITYWEEK.COM)

iFood confirms data breach affecting 1.2 million users in Brazil

Brazilian food delivery app iFood has confirmed becoming the victim of a data breach in December 2025 that affected 1.2 million users (which makes up about 2% of its customer base). According to the iFood announcement on Wednesday, June 3, the incident was an isolated issue where hackers took names, phone numbers, addresses, and CPF numbers. Like Social Security Numbers (SSN) in the United States, CPFs are Brazilian taxpayer identity documents used everywhere for everyday tasks like opening bank accounts, shopping, and verifying identity. Fortunately, iFood clarified that hackers did not get passwords, bank details, or credit card records. (HACKREAD.COM)

Cybercrime

Fake document factory dismantled in Spain: around 800 IDs seized

The suspect is believed to have administered an online marketplace offering forged identity and administrative documents, in both physical and digital formats, to customers across Europe. The platform allegedly facilitated migrant smuggling operations by supplying criminal networks with fraudulent documents used to evade border controls, fraudulently obtain residence rights and facilitate secondary movements within the European Union. The investigation was triggered by the identification of a website advertising counterfeit identity documents. Supported by Europol, French and Spanish investigators traced the suspect to Alicante, where he had been residing since 2024. (EUROPOL.EUROPA.EU)

Health care

DentaQuest data breach exposed info of 2.6 million accounts

A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. The security incident came to light last month, when the infamous extortion group ShinyHunters listed the company on its data leak site and claimed to have stolen more than 234 GB of data. Following what the threat actor describes as a failure to reach an agreement with the company, the data was publicly leaked. (BLEEPINGCOMPUTER.COM)

Supply chain

Hola Browser for Windows compromised to deliver cryptominer

The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. The compromise was uncovered during periodic certification checks on Hola Browser as part of its AppEsteem certification testing procedure, which it had previously passed. Hola is an Israeli company best known for Hola VPN, a service that allows users to route internet traffic through other users’ devices or through paid proxy infrastructure to bypass geographic restrictions and access content from different countries. (BLEEPINGCOMPUTER.COM)

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files. According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF kernel rootkit, and communicates with the operator over the Tor network. (BLEEPINGCOMPUTER.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Claude Code GitHub action flaw let one malicious issue hijack repositories

A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it. RyotaK of GMO Flatt Security reported the core bypass to Anthropic in January, and Anthropic fixed it within four days, with further hardening through the spring; the fixes are in claude-code-action v1.0.94. Anthropic rated the issues 7.8 under CVSS v4.0 and paid a bug bounty. (THEHACKERNEWS.COM)

Gemini voice assistant hijacked via messaging notifications

SafeBreach researchers uncovered a critical vulnerability in Google’s Gemini voice assistant that could have allowed attackers to hijack the AI using indirect prompt injections delivered through ordinary messaging notifications. The cybersecurity firm previously discovered a calendar invite attack targeting Gemini and Google Workspace that an attacker could have used to conduct spam and phishing, delete calendar events, learn the victim’s location, remotely control home appliances, and exfiltrate emails. Building on that research, SafeBreach discovered a new attack class named Fake Context Alignment. (SECURITYWEEK.COM)

Your AI agent could become your biggest insider threat 

Government agencies, cybersecurity companies and threat researchers are pouring resources into studying how fast-developing AI tools can be wielded by malicious actors to hack into victim organizations. But as agentic AI becomes more embedded in business infrastructure, there’s also a high possibility that a breach could be caused by an insider guiding the tool, whether maliciously or due to lack of security controls. In research shared exclusively with CyberScoop, DTEX researchers detail how a common workflow in Anthropic’s Claude Cowork used in corporate environments offers convenience for AI agent deployment but grants near-total access to the system. (CYBERSCOOP.COM)

Malware

Fake sites mimicking open-source tools rank high on Google to deliver malware via TDS

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. “The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing real upstream resources,” Check Point security researcher Alexey Bukhteyev said in a breakdown of the campaign. “The deception is not in the page content alone, it’s in what happens when a user interacts.” (THEHACKERNEWS.COM)

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag Manager and Stripe domains – googletagmanager.com and api.stripe.com – that are trusted implicitly by online stores. The new malware family was discovered by researchers at ecommerce security company Sansec, who found that the malicious code is loaded from a Google Tag Manager (GTM) container and executes on every page that loads it. (BLEEPINGCOMPUTER.COM)

Vulnerabilities

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. The zero-day flaw impacts all deployment types, including On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP). In a Thursday advisory, Cisco said the issue stems from insufficient validation of user-supplied input, and it can allow local attackers with low privileges to execute arbitrary commands as root. (BLEEPINGCOMPUTER.COM)

Hackers exploit critical Everest Forms Pro WordPress plugin flaw to take over sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12. A patch for the flaw was released on March 18, 2026, with version 1.9.13. “This is due to the Calculation Addon’s process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(),” Wordfence said. (THEHACKERNEWS.COM)

Mirasvit vulnerability exploited to execute code on Magento servers

CISA on Wednesday urged federal agencies to immediately patch a critical-severity vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension that has been exploited in the wild for remote code execution (RCE). Cache Wormer monitors a page’s cache status and automatically adds the latest version of the page to the cache to speed up loading and improve page rankings. The exploited bug, tracked as CVE-2026-45247 (CVSS score of 9.8), is described as a PHP object injection vulnerability that can be exploited remotely, without authentication, to execute arbitrary code on Magento and Adobe Commerce servers. (SECURITYWEEK.COM)

North Korea

Lazarus Group uses npm brandjacking campaign to target developers

A new npm campaign linked to North Korea’s Lazarus Group shows how attackers are using familiar-looking package names to gain access to developers’ systems and software build environments. Sonatype Security Research said it is tracking dozens of malicious npm packages connected to the campaign, including some that reached up to 500 weekly downloads. The packages were designed to look related to trusted JavaScript projects and tools, increasing the chance that developers would install them during normal work. (HACKREAD.COM)

Why Xi Jinping is going to North Korea to court Kim Jong-un

The last time China’s top leader, Xi Jinping, traveled to North Korea, that country’s dictator, Kim Jong-un, was reeling from sanctions and failed nuclear talks with the United States. Now, nearly seven years later, as Xi returns to North Korea on Monday, he will meet with a leader who is newly emboldened by an alliance with Russia that has helped his economy break out of isolation. Xi is expected to use the two-day summit with Kim to project a united front between allies against the West. But analysts say China is likely also keen to assert its influence over a neighbor that has leaned toward Russia. Kim, for his part, wants to be treated less like a junior partner to China and will likely use his new closeness to Russia to press Beijing for economic concessions. (NYTIMES.COM)

Russia

Putin allies wishcast nuclear war, America in crisis, and real-estate deals

Allies of Russian leader Vladimir Putin are openly advocating nuclear war and wishcasting for a diminished United States even while boasting about better trade relations. The venue was the St. Petersburg International Economic Forum, a Putin-backed conference that took place on Wednesday against a backdrop of billowing smoke from a Ukrainian drone attack at a nearby oil terminal. The forum, which featured presentations by Russian oligarchs and elites, also attracted high-ranking Russian officials, representatives of far-right European groups, and American internet influencers. (DEFENSEONE.COM)

These LLMs are the best at resisting Russian propaganda

The government-sponsored Estonian Language Institute (ELI) has released a new “Propaganda Resistance” benchmark ranking dozens of LLMs on their ability to avoid “tak[ing] positions on topics that the Russian Federation uses in its strategic narratives.” As a former member of the Soviet Union that has been independent for just a few decades, many Estonians are particularly alert to what they see as false narratives being promoted from their large and often belligerent neighbor to the east. Alongside volunteer-run Estonian defense collective Propastop, the ELI identified 14 broad categories in which it sees Russian influence operations trying to sway public discussion. These range from narratives on the current status of Crimea and justifications for the war in Ukraine to the history of NATO and justification for Russia’s annexation of Baltic states during World War II. (ARSTECHNICA.COM)

Artificial intelligence

U.S. announces science and AI partnership with Japan

The U.S. has announced a new partnership with Japan on science and artificial intelligence. Energy Department Under Secretary for Science Darío Gil told reporters Thursday that each country would invest $500 million in the joint venture. “This is the defining moment for the next era of science,” he said. “We’re linking our brightest minds and the most advanced tools — both in the U.S. and in Japan, and around the world — into a cohesive engine of discovery.” (THEHILL.COM)

Defense

Pentagon looks to AI, other tech to help tackle contested logistics challenges

With U.S. military supply chains facing a growing risk of adversary attack, senior defense officials are keen on using AI and other advanced technologies to address the challenges associated with contested logistics. Supply chains face a variety of potential threats, including kinetic strikes, cyberattacks, geopolitical instability and infrastructure vulnerabilities. “Logistics will be sort of the key as we go forward, ensuring that we can produce the mass and scale and really reconstitute all of our capabilities at a time of need and, you know, much faster than any adversary can,” Brent Ingraham, assistant secretary of the Army for acquisition, logistics and technology, said Tuesday at GDIT’s Emerge: Battlespace of the Future conference, produced by Scoop News Group. (DEFENSESCOOP.COM)

The Pentagon’s AI edge is being distilled away

OPINION: Adversaries do not need to breach the Pentagon’s systems: They only need to harvest the logic of the publicly released frontier AI models that underpin them. This is a defining risk as the Department of Defense pivots to an “AI-first” warfighting machine. In this new context, military predominance is a derivative of AI model supremacy. From Project Maven’s intelligence fusion to the high-velocity sensor-to-shooter loops of Anduril’s Lattice, the Defense Department’s most advanced systems are tethered to the frontier models forged by tech heavyweights like Anthropic, Google, and OpenAI. As long as these firms hold the high ground in the global race among frontier AI models, the Pentagon will enjoy a strategic advantage. Granted, access to frontier models is only a necessary condition: Securing an operational edge requires that they be successfully integrated, tested, and deployed across the joint force, yet their foundational importance cannot be overstated. The department’s own leadership has admitted as much, framing mission success in terms of “the ability to out-compute,” a race to innovate faster than the adversary can learn. (WARONTHEROCKS.COM)

Drones

Real-time satellite Intelligence is making Ukraine’s drone strikes deadlier than ever

The small unit of the Ukrainian Armed Forces, stationed about 10 kilometers from the front line in the country’s southeast, knew there was something afoot in a building obscured by thick tree cover. The spring foliage hid its outline but not the signals from the electronic devices within. The team launched a reconnaissance drone, which couldn’t see much through the trees. But the soldiers had another card to play: high-definition, near-real-time images taken by commercial satellites, delivered directly to their phones, tablets and laptops. The satellite sensors showed the thick, metal frames of armored vehicles — the type used by senior Russian military officials — parked around the building. After three days of surveilling the site from orbit, the unit determined it was a Russian meeting spot for planning operations, members said. Then they struck the building and vehicles with an attack drone, one of the members said. (WSJ.COM)

A Navy carrier is about to deploy with a robot ship. Could it change the service forever?

The aircraft carrier Theodore Roosevelt is gearing up for a deployment with a Seahawk medium unmanned surface vessel (MUSV) as part of its strike group for the first time — a key milestone signifying the transition of the unmanned system from an experimental to operational part of the fleet. In fact, multiple experts told Breaking Defense that this deployment could lay the foundation for how the Navy develops its concept of operations (CONOPS) for integrating unmanned into the rest of the fleet, at a time when the Navy is still struggling to articulate how and when it will make autonomous vessels a core part of its arsenal. (BREAKINGDEFENSE.COM)

Anti-drone 5.56mm rifle rounds that break into multiple projectiles sought by marines

The U.S. Marine Corps is aiming to put in an order for new anti-drone 5.56x45mm ammunition for its M4 carbines and M27 rifles by the end of the year. Produced by a company called Drone Round, the L Variant cartridge has a projectile that breaks into multiple segments to improve the probability of scoring a hit on a small, fast-moving aerial target. The idea is to give anyone with a rifle an immediate boost in their ability to defend against growing drone threats, especially first-person view (FPV) kamikaze types now proliferating around the globe after becoming a fixture in the war in Ukraine. (TWZ.COM)

Energy

Electric sector needs firm gas supply to protect grid reliability, gas industry report says

A recent report by Energy Ventures Analysis for the Natural Gas Council concluded that reforms implemented following Winter Storm Uri in 2021 helped insulate the electric grid from outages during Winter Storm Fern in January, even amid near-record consumption driven by sustained cold across the Central and Eastern U.S. The report credited winterization investments, flexible liquefied natural gas operations and large-scale storage withdrawals with helping to maintain system reliability during the event, noting that storage supplied roughly 30% of total U.S. gas demand during peak periods. (UTILITYDIVE.COM)

Used Waymo robotaxi batteries become backup storage for power grids

Thousands of electric vehicles in Waymo’s autonomous robotaxi fleet may eventually give up their used batteries for a very different purpose—contributing up to hundreds of megawatt-hours of stationary energy storage to local power grids. That prospect comes from a “strategic supply agreement” announced by Waymo and B2U Storage Solutions on June 4. B2U has been repurposing thousands of used batteries from various electric vehicles by installing them in large stationary energy storage projects. Such energy storage facilities can capture excess renewable energy during low demand periods and release such energy when local power grids are experiencing peak demand periods. (ARSTECHNICA.COM)

IT modernization

GAO: Census Bureau needs to better manage schedule for modernization program

The Census Bureau fully implemented leading practices for risk management for its enterprise-wide data storage and processing modernization program (known as the Enterprise Data Lake). It also substantially implemented leading practices for managing requirements and cost estimating. However, the Bureau partially implemented leading practices for developing and maintaining the schedule for the program. (GAO.GOV)

Policy

New coalition will enter legal debate over industry’s role in government cyber missions

A new Washington initiative seeks to shape policy debates over how the government and private sector collaborate on cyber operations, a conversation that will inevitably raise complex questions about the legal authorities governing industry’s role, participants say. Venable’s Center for Cybersecurity Policy and Law launched the Cyber Operations Policy Coalition this week, seeking to be a “trusted forum for collaboration among industry, government, legal experts, academia, and civil society to help develop policy frameworks for collective cyber defense,” according to its mission statement. (NEXTGOV.COM)

Hill Dems hammer GOP for $250M CISA budget cut

House Democrats criticized a draft Republican Department of Homeland Security spending bill Thursday that they said would cut funding for the Cybersecurity and Infrastructure Security Agency by $250 million. Republicans said the bill provides $2.4 billion for CISA, and that among its focuses are “improving cybersecurity resilience,” in the words of House Appropriations Chairman Tom Cole (R-Okla.). But Democrats decried it as a funding reduction. The panel’s subcommittee on homeland security is set to vote on the bill Friday. (CYBERSCOOP.COM)

House passes Ukraine aid bill with new sanctions for Russia

In a rare moment of bipartisanship in the U.S. Congress, the House tonight passed a package of Russian sanctions and military aid for Ukraine, with 18 Republicans voting to move the bill forward despite the Trump administration’s opposition for further funds for Ukraine. House members voted 226-195 to pass the Ukraine Support Act, which authorizes $8 billion in military finance loans to Ukraine and extends the Ukraine Security Assistance Initiative through 2027. “Today’s bipartisan vote to pass the Ukraine Support Act demonstrates that the House stands with the Ukrainian people and that we will hold the criminal Russian regime accountable for its illegal war,” Rep. Gregory Meeks, the top Democrat on the House Foreign Affairs Committee and the sponsor of the bill, in a statement following the vote. (BREAKINGDEFENSE.COM)

Republicans reject renewable energy, data center amendments to Interior-EPA bill

The House Appropriations Committee on Wednesday approved a spending bill to fund environmental and public lands programs across the federal government. The panel voted 35-27 along party lines to advance its fiscal 2027 Interior, Environment and Related Agencies bill. House Republicans authored the legislation as a marker for future negotiations. The Senate has yet to release its version. The markup was tense at times, with Democrats moving to block projects backed by President Donald Trump. They also wanted to push the administration on renewable energy permits. (EENEWS.NET)

Safeguarding our secrets

China’s military intelligence services are using an increasingly wide array of professional networking sites and online job platforms to target Five Eyes government and military personnel—and anyone with access to classified or privileged information. These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks or human resources (HR) firms, and place online job advertisements for foreign policy and defense analysts (or similar). (IC3.GOV)

Emerging hospice fraud targeting Medicare recipients

The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement to warn the public of an emerging hospice fraud scheme that targets vulnerable Medicare recipients who are not in need of hospice services. Scammers are enrolling Medicare patients in hospice care for services they do not need or for services that are not provided. Enrollment can also occur without the patient’s knowledge, allowing the scammers to bill Medicare for a patient that is not present in the hospice facility. Some scammers use door-to-door solicitation tactics and offer free home services such as house cleaning and meal delivery, which are conditional on using a specific hospice. (IC3.GOV)

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-45247 Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

MARITIME: The Stephenson Ocean Security Project highlights the ways that global security challenges arise from marine resource competition and works towards solutions that support sustainable development, coalition building, and the need for American leadership. This year’s forum on June 9 will discuss the escalating pressure facing global maritime governance from a variety of crisis points and how this pressure is affecting shared governance of the maritime commonwealth and our ability to grapple with common challenges including marine resource management, illegal fishing, supply chain transparency, and human rights at sea. This year’s forum is co-hosted in partnership with the CSIS Human Rights Initiative.

AI ECONOMY: How can AI be deployed effectively to enhance economic mobility and ensure the benefits of AI systems are reaped widely? On June 10, the Brookings Center on Regulation and Markets will host a fireside chat with Neil Thompson, director of the FutureTech project at MIT, to explore the intersection of AI and economic mobility. 

DIB: Join Hudson Institute for a June 11 fireside chat between Hudson Senior Fellow Nadia Schadlow and Deputy Assistant Secretary for Industrial Base Growth and Director of the Office of Small Business Programs James Mismash. The discussion will explore current efforts to strengthen the defense industrial base, expand industrial capacity, and foster greater participation and competition across the national security ecosystem.

SECURITY POLICY: From AI and drone warfare to global alliances and economic security, America and its allies need “New Rules” to compete, deter, and win in the 21st century. Join leading voices in national security for an exclusive, all-day Center for a New American Security conference on June 11 at the forefront of today’s most consequential issues — from AI and cybersecurity to the latest developments in Iran, economic statecraft, and America’s strategic readiness across the world.

NORTH KOREA: On June 12 join the Indo-Pacific Security Initiative (IPSI) of the Atlantic Council’s Scowcroft Center for Strategy and Security for the launch of Nonresident Senior Fellow Jieun Baek’s latest book, “Privileged but Powerless.” Baek’s second book on North Korea draws on hundreds of hours of rigorous fieldwork and interviews with defectors to examine a surprising yet critical vector of regime instability. In a fireside chat, Baek will discuss how North Korea’s system of privilege and control shapes elite insecurity at the highest levels of the regime.

DIB: Join CNAS on June 16 for a fireside conversation with DoD’s Michael Cadenazzi examining the challenges and priorities shaping U.S. munitions production and defense industrial base policy. This event will examine how policymakers, industry partners, and acquisition officials can work together to build the surge capacity the United States needs, in a focused conversation on the future of U.S. munitions production and defense industrial base policy.

NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.

NUCLEAR: For the first time, the United States is preparing to deter two nuclear adversaries­­­, Russia and China. In today’s post-New START environment, U.S. adversaries remain committed to weakening American resolve and undermining Washington’s commitment to its allies. Join Hudson Senior Fellow and Keystone Defense Initiative Director Dr. Rebeccah Heinrichs and Administrator of the National Nuclear Security Administration Brandon Williams for a June 18 discussion on the administration’s priorities in strengthening the U.S. nuclear enterprise.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP