Cyber Briefing – May 1, 2026

DIRECTOR’S NOTE: READ HERE

WHITE HOUSE PRESSES TECH FIRMS FOR SUPPORT ON AI-DRIVEN ATTACKS: The White House has asked a group of tech companies to answer a set of questions this week about how to ward off digital attacks that frontier AI tools could soon enable, according to four people with knowledge of discussions between the administration and the tech sector, POLITICO reports. The questions, from the White House’s Office of the National Cyber Director, focus on how specific sectors in the tech and cybersecurity industries can work with the White House to boost their defenses with AI, these people said. Companies have been asked to respond to them by Friday. Some of the questions were discussed during a Tuesday afternoon meeting between White House cyber officials and approximately 30 industry representatives, said one of the people, who, like others in this report, was granted anonymity to share details of ongoing, highly confidential discussions.

• The National Security Agency has been testing the capabilities of Anthropic PBC’s new artificial intelligence model to find cybersecurity vulnerabilities in popular software, including Microsoft Corp. products, according to a U.S. official and another person familiar with the matter, Bloomberg reports. NSA officials studying the Mythos model have been impressed by its speed and efficiency in searching for potential security flaws, said the official and person, who both spoke on condition of anonymity because they weren’t authorized to discuss the matter publicly.

DHS SHUTDOWN SHUT DOWN: The House on Thursday approved a Senate-passed bill that would fund much of the Department of Homeland Security, ending the record 75-day shutdown of the sprawling federal agency, NBC News reports. President Donald Trump, who had urged lawmakers to pass the bill, signed the measure into law Thursday afternoon, funding DHS agencies such as the Federal Emergency Management Agency, the Coast Guard, the Transportation Security Administration and the Secret Service through the end of September. The bill does not provide new funding for Immigration and Customs Enforcement or the Border Patrol, however, as Democrats demand changes to immigration enforcement. Both ICE and border enforcement had funding during the shutdown, and Republicans will try in the coming weeks to keep them funded for the rest of Trump’s term.

• The immediate impact for CISA will likely provide some much-needed stabilization for an agency disproportionately impacted by reductions-in-force efforts and major budget cut threats. The agency can resume work that had been curtailed during the shutdown, including proactive engagement with critical infrastructure operators, vulnerability coordination, election security support and cyber risk reduction efforts – which officials and former staffers warned were being pushed aside, Gov Info Security reports. But the new funding will not erase the operational strain that accumulated during the shutdown.

AN INTEGRATED APPROACH TO DRONE DOMINANCE: As the Pentagon goes all-in on “drone dominance,” the U.S. military must pivot away from existing service-by-service stovepipes and institute a connected, joint approach to deploying autonomous and robotics assets in warfare, according to Marine Corps Commandant Gen. Eric Smith and Chief of Naval Operations Adm. Daryl Caudle. “I want to be direct on something here — the Navy and Marine Corps should not be independently building two versions of the same autonomous future,” Caudle said onstage Thursday morning at the Modern Day Marine conference. “Where requirements overlap, we should converge quickly. Where standards matter, we should align. Where speed matters, we should and must integrate.” In response to questions from DefenseScoop after his keynote Thursday afternoon, Smith said he “absolutely” agrees with the CNO.

• Romania will now be able to acquire counter-unmanned aerial system technology through the U.S.’s counter-drone marketplace, the Army announced on Wednesday, Defense News reports. The agreement gives the southeastern European country access to a U.S.-managed marketplace that links partner nations with counter-drone technology as part of the Pentagon’s push to speed up procurement systems that have struggled to keep pace with ever-evolving unmanned threats.

• Ukrainian President Volodymyr Zelenskyy announced on Tuesday that the war-torn country will partially lift the ban on selling domestically-produced weapons abroad, but only to countries found to be non-cooperative with Russia, Breaking Defense reports. In a long-awaited move, the Ukrainian leader said Kyiv will alter the current export rules, in order to still prioritize Ukraine’s domestic needs while allowing local companies to tap into a new funding stream by selling excess systems out of the country.

CYBER AMBASSADOR PICK CLEARS COMMITTEE: The Senate Foreign Relations Committee on Thursday advanced President Donald Trump’s pick to be the country’s next cyber ambassador, The Record reports. Adam Cassady, who was nominated last month to helm the State Department’s Bureau of Cyberspace and Digital Policy, was approved by a vote of 17-5. Five panel Democrats voted against him. His nomination now goes to the full Senate. The bureau, which by statute must be helmed by an ambassador, has been without a leader since the start of the second Trump administration and seen its portfolio divided up between three offices as part of a larger department reshuffle.

MEDICARE PORTAL DATABASE EXPOSED SOCIAL SECURITY NUMBERS: The Trump administration inadvertently exposed the Social Security numbers of health care providers in a database powering a new Medicare portal, The Washington Post found. The Centers for Medicare and Medicaid Services (CMS) last year created a directory to help seniors look up which doctors and medical providers accept which insurance plans, framing it as an overdue improvement and part of the Trump administration’s initiative to modernize health care technology. But a publicly accessible database used to populate the directory contains some of the providers’ Social Security numbers, linked to their names and other identifying information. For at least several weeks, CMS made the database available for public use as part of its data transparency efforts. The files are not immediately visible to users who visit the provider directory.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

America is asking more from its critical infrastructure just as adversaries are finding more ways to target it. AI, data centers, electrification and next-generation energy systems all depend on operational technology — the control systems that keep power, water, transportation and industry moving. As that backbone grows more connected, the stakes of securing it grow even higher. In this episode of Cyber Focus, Frank Cilluffo speaks with Zach Tudor, Associate Laboratory Director at Idaho National Laboratory, about how INL tests and secures critical infrastructure at scale. Tudor explains why resilience must guide infrastructure defense, what Ukraine and China reveal about the risks facing critical infrastructure, and why cyber-informed engineering is essential as new technologies move into energy, nuclear, wireless and industrial systems. The conversation also covers AI’s role in control environments, the workforce needed to secure future infrastructure and the challenge of moving faster before a major event forces action.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Breaches

Al Nassr FC and Asian Football Confederation player database allegedly leaked

A threat actor crediting ShinyHunters claims to have leaked the complete AFC player and coach database — allegedly comprising 150,000+ player and coach passports, contracts, emails, and AFC Champions League Elite registration records. The combination of passport scans, verified email addresses, and player contract data creates a highly actionable package for financial fraud, contract manipulation, and targeted social engineering against some of the world’s highest-earning athletes. The timing is critically significant: the 2026 FIFA World Cup officially kicking off on June 11th, with multiple AFC member nations actively competing — meaning compromised player and official data is live and operationally relevant right now. (DATAMINR.COM)

France investigates 15-year-old over alleged hack of national ID agency

A teenage hacker is suspected of breaching a French government agency responsible for identity documents and attempting to sell millions of citizens’ personal data, Paris prosecutors said on Thursday. The minor was taken into police custody on April 25 on suspicion of involvement in a data breach affecting the National Agency for Secure Documents (ANTS), which processes applications for passports, national identity cards, residence permits and driver’s licenses. French authorities did not reveal the suspect’s identity but said he may have operated online under the pseudonym “breach3d,” an alias used to advertise between 12 million and 18 million records for sale on cybercriminal forums earlier this month. (THERECORD.MEDIA)

Cybercrime

Romanian leader of online swatting ring gets 4 years in prison

A Romanian national who led an online swatting ring that targeted more than 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. Swatting is a dangerous criminal harassment tactic involving making false reports to emergency responders of an ongoing violent threat at a target’s address to provoke an armed police response. 27-year-old Thomasz Szabo, who was extradited from Romania in November 2024, was also ordered three years of supervised release after he pleaded guilty to one count of conspiracy and one count of threats involving explosives in June 2025. (BLEEPINGCOMPUTER.COM)

DDoS

Anti-DDoS firm heaped attacks on Brazilian ISPs

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company’s public image. (KREBSONSECURITY.COM)

Education

UK: Education sector faces surge in cyber breaches despite stable national threat levels

The British public education sector has faced a significant increase in cyber breaches over the past year, despite stable threat levels recorded in the UK. These findings are part of the Cyber Security Breaches Survey 2025/2026, released by two UK government agencies, the Department for Science, Innovation and Technology (DSIT) and the Home Office, on April 30. The new edition of this annual report, which is the result of a quantitative survey and qualitative interviews carried out between August and December 2025, shows stable trends compared to the previous version, published in April 2025. (INFOSECURITY-MAGAZINE.COM)

Health care

Moldova’s health insurance agency reports possible data leak after cyberattack

Moldova’s National Health Insurance Company (CNAM) confirmed this week that it had suffered a cyberattack that may have resulted in the exfiltration of some data. The agency said the incident occurred several weeks ago and that technical assessments indicated a possible theft of limited information. CNAM said in a statement to local broadcaster TVR Moldova that the affected system was secured quickly and that the integrity of its database remained intact. The agency added that the attack did not disrupt the work of hospitals or other medical institutions that rely on the national insurance system. (THERECORD.MEDIA)

Leaks

Private chats, photos of celebs exposed in suspected stalkerware leak

Cybersecurity researcher Jeremiah Fowler uncovered a large leak of private photos, screenshots, and messages linked to a well-known European celebrity and several social media figures. The files were stored in a publicly accessible database with no password protection, exposing 86,859 images. Further analysis showed many screenshots were taken directly from a victim’s phone, which points to the use of stalkerware. The leak also contained private chat logs from apps such as WhatsApp, Facebook, TikTok, and Instagram. Fowler suspects that the person(s) who set up the stalkerware probably didn’t put a password on their storage folder, which is why anyone with an internet connection and the ability to find misconfigured and unprotected servers could access these private files. (HACKREAD.COM)

Misconfigured server run by hackers leaks 345,000 stolen credit cards

Researchers came across a misconfigured server that was left unprotected by a group of hackers. This server, discovered on 16 April, was linked to an online shop called Jerry’s Store, a carding market where hackers check if stolen credit cards still work. Further digging revealed that the hackers accidentally leaked their own database because of a mistake with an AI code editor. The people running Jerry’s Store used an AI-assisted development environment called Cursor to help write their code. Cursor is a legitimate tool used by programmers to build software quickly. However, according to Cybernews’ findings shared with Hackread.com, hackers were essentially vibecoding, meaning they relied heavily on the AI to do the work for them. (HACKREAD.COM)

Ransomware

Ransomware negotiators get 4 years in prison over BlackCat attacks

Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. 40-year-old Ryan Clifford Goldberg (a former Sygnia incident response manager) and 36-year-old Kevin Tyler Martin (a DigitalMint ransomware negotiator) were charged in November and pleaded guilty in December to conspiracy to obstruct commerce by extortion. Together with 41-year-old Angelo Martino, a third accomplice who also pleaded guilty in April, the two acted as BlackCat ransomware affiliates between May 2023 and November 2023, breaching the networks of multiple victims across the United States. (BLEEPINGCOMPUTER.COM)

Supply chain

PyTorch Lightning and Intercom-client hit in supply chain attacks to steal credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign is assessed to be an extension of the Mini Shai-Hulud supply chain incident that targeted SAP-related npm packages on Wednesday. (THEHACKERNEWS.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

AI fuels ‘industrial’ cybercrime as time-to-exploit shrinks to hours

The industrialization of cybercrime began in the 1990s. As crime began to mimic the means, methods and motives of other industries, it effectively became a business. Business efficiency requires an efficient organization and more return for less effort; and cybercrime today achieves this through AI, automation and efficient data sharing. FortiGuard has analyzed the current threat landscape targeted by cybercrime using telemetry from millions of sensors deployed worldwide since 2002. This analysis covers data gathered in 2025 (or the most recent 12-month window available per dataset) across multiple security domains and vectors of compromise. (SECURITYWEEK.COM)

Everyone’s building AI agents. Almost nobody’s ready for what they do to identity

OPINION: The same AI systems that companies are racing to deploy as autonomous assistants — scheduling your appointments, writing your code, managing your workflows — are also capable of probing digital defenses at a speed and scale no human team can match. And most of the systems they’d be probing still rely on a security model designed for an era when a person sat behind every keyboard. (CYBERSCOOP.COM)

ICS/OT

EnOcean SmartServer flaws expose buildings to remote hacking

EnOcean SmartServer is a multi-protocol gateway and edge controller designed to unify building automation by connecting industrial devices to cloud-based management platforms. The solution is advertised as ideal for smart buildings, factories, and data centers. Researchers at Claroty, a company specializing in the security of ICS and other cyber-physical systems, discovered that SmartServer is affected by a security bypass vulnerability tracked as CVE-2026-22885 and a remote code execution flaw tracked as CVE-2026-20761. (SECURITYWEEK.COM)

Malware

EtherRAT distribution spoofing administrative tools via GitHub facades

A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO) poisoning, a dual-stage GitHub distribution architecture, and decentralized blockchain-based command-and-control (C2) resolving, Threat Actors have established a highly resilient delivery and persistence mechanism. (THEHACKERNEWS.COM)

Spyware

New Android spyware platform enables rebranding and resale

A newly discovered Android spyware platform is raising concerns among cybersecurity researchers by introducing a business model that allows buyers to rebrand and resell surveillance malware as their own product. Buyers can subscribe to the service, customize branding, and launch their own spyware operation with minimal effort. KidsProtect presents itself as a parental monitoring app, a common tactic used in the stalkerware ecosystem. (GBHACKERS.COM)

Vulnerabilities

Multiple Exim mail server vulnerabilities could trigger crashes via malicious DNS data

The developers of the Exim mail server have officially rolled out version 4.99.2 to address four newly discovered security vulnerabilities. This critical update patches multiple software flaws that could allow attackers to crash server connections, corrupt memory heaps, or potentially leak sensitive system data. Mail server administrators are strongly advised to apply these fixes immediately to prevent disruptions to their email infrastructure. (GBHACKERS.COM)

Another AI-assisted software scan yields 9-year-old Linux bug

With a hunch, and an hour of AI-assisted scanning, cybersecurity researchers identified and then figured out how to exploit a nine-year-old root escalation vulnerability affecting every Linux build since 2017. The vulnerability, which researchers at Xint are calling “Copy Fail,” has officially been given the designation CVE-2026-31431. It allows any local user to escalate root by leveraging a logic flaw in the Linux kernel’s cryptography system. The flaw allows any unprivileged attacker to write four specific bytes of data to the in-memory copy of a readable file, to essentially piggyback on the program’s default root powers. (DARKREADING.COM)

Multiple Wireshark vulnerabilities allow arbitrary code execution via malformed packets

The Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, addressing a massive wave of security vulnerabilities. This urgent update patches over 40 distinct security flaws, driven by a recent surge in AI-assisted vulnerability reports. The most critical bugs in this release allow for possible arbitrary code execution, elevating the risk beyond typical denial-of-service (DoS) crashes. Among the extensive list of patches, four specific vulnerabilities stand out for their potential to enable arbitrary code execution. (GBHACKERS.COM)

China

The limits of China’s NCO corps and future warfare

OPINION: China’s military modernization has expanded the technical capabilities of the People’s Liberation Army (PLA) and improved the professional development of its noncommissioned officers (NCOs). However, these advances have not fully transformed the centralized leadership culture that governs decision-making. Drawing on PLA personnel studies and lessons from Russia’s war in Ukraine, this article argues that China’s modernization may still encounter operational friction in future conflicts, particularly in environments where degraded communications and battlefield uncertainty require greater subordinate initiative than the current system supports. (SMALLWARSJOURNAL.COM)

Iran

Iran’s monthslong internet shutdown is crushing businesses in an already battered economy

At her studio in Iran’s capital, Amen Khademi prepared a fashion shoot for a jacket she designed with Persian-inspired motifs. But even as she applied lipstick to the model, she was distracted, worrying if her business would survive after four months without its main link to customers — the internet. Iran’s 90 million people have been cut off from the internet for most of 2026, one of the world’s longest and strictest national shutdowns. That is devastating an online economy that had long defied government restrictions and international sanctions. From fashion to fitness, to advertising and retailers, many have seen their incomes evaporate. (APNEWS.COM)

Russia

Investigation: Russian shadow airlines use Algeria as base for secretive missions

A fleet of Russian military-affiliated cargo aircraft has made over a hundred flights to Algeria over the past year, likely delivering modern fighter jets and equipment to bolster an increasingly important Russian ally at Europe’s southern flank, and using the country as a hub to project Russia’s power deeper into Africa. A Defense News investigation found at least 167 cargo flights linking Russia to Algeria between March 2025 and April 2026, making the North African country one of the key hubs in Moscow’s global freight network. (DEFENSENEWS.COM)

How China’s fear of secondary sanctions pushed Moscow into leveraging stablecoins to reshape financial warfare

OPINION: On March 10, 2026, Central Bank of Russia’s Governor Elvira Nabiullina announced that the digital ruble was on-track to launch in September 2026. Since initial pilot testing in mid-2023, Russia’s central bank digital currency (CBDC) has often been thought of as a potential tool to counter Western sanctions, with this being even more important due to increased sanctions resulting from Russia’s full-scale invasion of Ukraine. Despite these initial assumptions from both policymakers and analysts, these developments within Russia’s digital asset ecosystem suggest a different reality, especially due to the potential of secondary sanctions issued by the U.S. against China, which is Russia’s largest trading partner and ostensible economic lifeline. Privately-issued stablecoins like the A7A5 stablecoin have emerged as the more immediate tool for enabling Russian cross-border transactions and sanctions evasion. (SMALLWARSJOURNAL.COM)

China’s legal warfare against Taiwan

OPINION: In October 2025, Chinese police opened a criminal investigation into Puma Shen, a sitting Taiwanese legislator, on charges of “separatism”—the first application of Beijing’s 2024 judicial guidelines targeting “Taiwan independence diehards.” Within weeks, People’s Republic of China (PRC) state media broadcast calls for his arrest via Interpol. Chinese social media accounts circulated satellite imagery marking his home and office in Taipei. Two months later, the PLA conducted its largest blockade exercise around Taiwan in years, with state media listing “leadership decapitation” among the drill’s stated objectives. (LAWFAREMEDIA.ORG)

Threat actors

Two new extortion crews are speedrunning the Scattered Spider playbook

A pair of persistent and problematic threat groups affiliated with The Com are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, according to CrowdStrike. The financially-motivated attackers, which CrowdStrike tracks as Cordial Spider and Snarky Spider, have used voice-phishing and social engineering attacks to break into victims’ identity platforms and traverse SaaS environments since at least October 2025, the company said in a report Thursday, which it shared exclusively with CyberScoop prior to release. (CYBERSCOOP.COM)

Artificial intelligence

Disclosed government AI use increased by 70% in 2025, per OMB 

The Office of Management and Budget’s public tally of governmentwide AI use again grew in 2025 — this time amid the Trump administration’s push to use the technology in the name of efficiency. Per OMB’s recent publication on GitHub, the U.S. government reported about 3,600 AI use cases across agencies, a nearly 70% increase in disclosed applications of the technology from the previous reporting year. As with previous disclosures, the accounting captures pre-deployment uses, pilot projects, those in active operation, and retired deployments. The figure does not include uses in the Department of Defense or elements of the intelligence community. Per the 2025 inventory, roughly 9% of the reported uses had been retired. (FEDSCOOP.COM)

NGA taking cautious approach to AI adoption in human resources

As the National Geospatial-Intelligence Agency adopts artificial intelligence into HR workflows, the organization is taking a prudent approach to ensure its workforce doesn’t become overdependent on the technology. “My biggest fear is that in five years, we’re going to lose a lot of expertise because we have automated so many of the things that have helped those individuals really understand their tradecraft, understand HR and the nuances and complexities and be able to grow,” Sasha Muth, deputy director of human development at NGA, said Tuesday during a panel the Workday Federal Forum, presented by FedScoop. (DEFENSESCOOP.COM)

AI companies can’t regulate themselves. They should regulate each other

OPINION: Competition is preventing artificial intelligence (AI) safety. Anthropic recently abandoned its industry-leading safety guarantee for new model releases, stating that “[w]e didn’t really feel, with the rapid advance of AI, that it made sense for us to make unilateral commitments … if competitors are blazing ahead.” A company that invests more in safety deploys models later, loses customers, and risks losing the investors it needs to fund compute for the next generation. OpenAI faced the same problem and responded by cutting pre-deployment safety testing time. Effective AI regulation must address the collective action problem at the heart of AI risk. (LAWFAREMEDIA.ORG)

Colorado attorney general to delay enforcing AI law after xAI lawsuit

Following a suit filed this month by xAI against Colorado, the state’s attorney general has indicated that he will not enforce the state’s artificial intelligence law when it goes into effect this summer, and asked the federal court hearing the case to temporarily delay enforcement. Elon Musk’s AI company filed its suit in early April, seeking to stop enforcement of Colorado’s 2024 AI law before it takes effect on June 30. It was the first state law of its kind to broadly regulate high-risk AI systems used in areas like hiring, lending, housing, insurance and government services. (STATESCOOP.COM)

Met Police’s Palantir deployment has its own officers watching their backs

London cops are being told by their staff association to be “extremely cautious” about carrying work devices off duty, after the Metropolitan Police Service (MPS) deployed Palantir’s technology to investigate hundreds of its own officers. The Metropolitan Police Federation, which represents more than 30,000 MPS officers, is considering legal action over the force’s use of the US firm’s AI to analyze employee data, including location tracking. “Courageous colleagues across London do not deserve to be treated with this level of suspicion by their Big Brother Bosses,” said Matt Cane, the federation’s general secretary, in a statement. (THEREGISTER.COM)

Defense

U.S. seeks to deploy hypersonic missile for the first time against Iran

U.S. Central Command has asked to send the Army’s long-delayed Dark Eagle hypersonic missile to the Middle East for possible use against Iran, seeking a longer-range system to hit ballistic-missile launchers deep inside the country. If approved, it would mark the first time the U.S. will have deployed its hypersonic missile, which is running far behind schedule and hasn’t been declared fully operational even as Russia and China have deployed their own versions. The Request for Forces submission justifies the move by saying Iran has moved its launchers out of range of the Precision Strike Missile, a weapon that can hit targets at more than 300 miles, a person with direct knowledge of the request said. (BLOOMBERG.COM)

Ukrainian official advocates for artificial intelligence, autonomous drones for battlefield deployment

Head of the Office of the President of Ukraine, Kyrylo Budanov, made the comments during discussions around drone technology and Ukrainian strikes on Russian oil facilities at the Kyiv Security Forum this month. Bundanov advocated for the development of drones capable of independently identifying targets and manoeuvring, as well as the full integration of artificial intelligence. “In military terms, we are at a stage where the quantitative increase in drones no longer solves the issue fundamentally. Both we and the enemy have reached a certain maximum in the use of existing control technologies. The next stage is the full integration of artificial intelligence,” he said. (CYBERDAILY.AU)

Drones

Israel now using netting to protect combat vehicles against scourge of Hezbollah drones

Over the course of a nearly two-month old war with Israel, Hezbollah has been increasing its use of fiber-optic controlled first-person view (FPV) drones against Israeli troops and vehicles, something we were among the first to note. Now, it appears that Israel is resorting to the use of anti-drone netting on its vehicles to help protect them from the one-way attack drones. These attacks are occurring even amid an ongoing, though extremely fragile, ceasefire. A video emerged Wednesday on social media showing an Israeli vehicle festooned with the netting, draped like a soccer goal from metal arms extending out and above. (TWZ.COM)

Energy

In a first, fusion company applies for U.S. grid connection

Commonwealth Fusion Systems said Tuesday that it is the first developer of nuclear fusion to request a connection to a regional grid, a move aiming to boost prospects for a landmark power plant. The application to PJM Interconnection, the nation’s largest power market, is a notable milestone for a technology that envisions creating low-carbon electricity using the same reaction fueling the sun and stars. It’s an idea that has never been proven at commercial scale, but the company is eyeing what could be a first-of-a-kind demonstration by the early 2030s. “We’re not just proving fusion physics works — we’re showing exactly how fusion power plant watts get from our machine to the customer,” said Commonwealth CEO Bob Mumgaard, in a statement. “When you’re serious about building a power plant in the early 2030s, you act now. This is execution.” (EENEWS.NET)

U.S. battery startup builds factory in China after nixing Kentucky plant

Battery startup EnerVenue is planning an iconoclastic comeback. After failed plans to build a U.S. factory for its NASA-inspired tech, the firm announced $300 million in fresh funding to execute a manufacturing strategy that flies in the face of broader trends in the American battery market. EnerVenue seeks to commercialize a version of the pressurized nickel-hydrogen energy storage system that NASA used on the International Space Station and the Hubble Space Telescope. The original technology cost far too much to succeed in civilian power markets, but EnerVenue’s founders claimed to have swapped the platinum catalyst for a much cheaper material. (CANARYMEDIA.COM)

Financial

Claude Mythos fears startle Japan’s financial services sector

While the world waits to see if Anthropic’s Mythos model is really as scary as people say it is, the financial services industry in Japan is establishing a task force dedicated to addressing the cyber threat it poses. On April 24, the people who manage the world’s fourth largest economy — Japan’s finance minister, the governor of its central bank, presidents of its three megabanks, and a senior executive of its stock exchange — gathered at the headquarters of Japan’s Financial Service Agency in Tokyo. There, they agreed to form a working group to address the fact that artificial intelligence (AI) may now be able to totally undermine the systems underpinning their industry. (DARKREADING.COM)

Health care

FDA piloting use of AI for ‘real-time’ clinical trials

The U.S. Food and Drug Administration will test out real-time clinical trials using artificial intelligence tools and data science. The goal is to accelerate the development of promising new drug therapies, which the agency said are slowed by data and procedural bottlenecks. The agency said Wednesday a real-time clinical trial has already involved “successful initiation” of two proof-of-concepts – one by pharmaceutical giant AstraZeneca and the other by Amgen. AstraZeneca is conducting a phase 2 multi-site trial called Traverse involving patients with mantle cell lymphoma who haven’t yet received treatment. (HEALTHCAREINFOSECURITY.COM)

Social media

Meta told it’s violating EU law by not doing enough to keep children off Facebook and Instagram

The European Commission has found that Meta breached EU law by failing to prevent under-13s from accessing its platforms, as scrutiny of the tech giant’s handling of child safety intensifies. The commission said Wednesday that its preliminary investigations concluded that Meta violated the EU’s Digital Services Act because the minimum age requirement of 13 for Instagram and Facebook is not adequately enforced. When creating an account, minors can input a false birth date, with no controls in place to verify it, the Commission said. (CNBC.COM)

States take up kids online safety as Congress stalls

From new investigations to a string of settlements, verdicts and state laws, state leaders are trying to fill a gap left by Congress, which has failed to pass a major kids’ online safety bill despite substantial bipartisan concern and growing pressure from advocates. While most in Congress say protecting children and teens online is a priority, a string of intraparty and partisan disagreements, procedural hurdles and clashes between the House and Senate have derailed legislative efforts for years. (THEHILL.COM)

Space

Meet the 3-star insiders say will be Space Force’s next top leader

Lt. Gen. Douglas Schiess is likely to be nominated by President Donald Trump to serve as the Space Force’s next top uniformed leader, Defense One has learned. Schiess currently serves as the deputy chief of space operations for operations at the Pentagon. If confirmed by the Senate, the three-star general will replace Gen. Chance Saltzman — who was confirmed as the service’s top military leader in September 2022. Two defense insiders confirmed to Defense One that Schiess was the likely nominee. A Space Force spokesperson declined to comment on the presumptive nominee. White House officials did not immediately return a request for comment on Wednesday afternoon. (DEFENSEONE.COM)

Space Force awards first contracts for satellite threat warning radar payloads

The Space Rapid Capabilities Office (Space RCO), in partnership with the Space Force’s innovation arm SpaceWERX, has awarded three small companies contracts worth $3 million each to develop new radar warning receivers to equip future highly maneuverable satellites in geosynchronous Earth orbit (GEO). The awards to Assurance Technology Corporation, Raptor Dynamix and Innovative Signal Analysis, Inc. are being funded via the Small Business Innovation Research (SBIR) Direct-to-Phase II program, according to a Space RCO press release. The radar warning receivers “will detect and characterize emissions from ground-based radars” tracking Space Force satellites in GEO, thus improving the service’s space domain awareness capabilities, the release explained. (BREAKINGDEFENSE.COM)

Transportation

California’s new autonomous vehicle rules give police power to cite driverless vehicles for moving violations, self-driving big rigs allowed

Under the new rules, law enforcement may cite AV companies for moving violations committed by their vehicles. Specifically, police may issue a Notice of AV Noncompliance to manufacturers when an AV commits a moving violation, “enhancing visibility and accountability for AV traffic law compliance,” according to state officials. AV companies are also required to respond to first responder calls within 30 seconds and to provide access to manual vehicle override systems. The new AV rules also authorize local emergency officials to create temporary “do not enter” or “restricted area” zones in response to a public safety issues in order to clear AVs from active emergency zones. (CDLLIFE.COM)

Congress kicks the can down the road on surveillance law (again)

Congress extended a controversial surveillance law for 45 days on Thursday, hours before its latest expiration following an earlier extension. The Senate passed — then the House cleared — a 45-day extension of Section 702 of the Foreign Intelligence Surveillance Act, which authorizes warrantless surveillance of foreign targets. But those targets are sometimes communicating electronically with Americans, and intelligence officials can search the database using their identifying information, which has long given privacy groups and privacy-minded lawmakers heartburn. (CYBERSCOOP.COM)

Senate panel advances bill to curb AI chatbot ‘companions’ for kids

The Senate Judiciary Committee unanimously advanced a bill Thursday to ban minors from artificial intelligence companions and prevent AI chatbots from exposing children to sexual or harmful content. The Guidelines for User Age-verification and Responsible Dialogue (GUARD) Act, cosponsored by Sens. Josh Hawley (R-Mo.) and Richard Blumenthal (D-Conn.), would prohibit AI companions for users under the age of 18 and require these systems to disclose their “non-human status and lack of professional credentials” for all users. (THEHILL.COM)

Cyber-enabled strategic cargo theft surging

The Federal Bureau of Investigation is publishing this Public Service Announcement (PSA) to warn the public of cyber threat actors increasingly using sophisticated, cyber-enabled tactics to impersonate legitimate businesses to hijack freight, steal high-value shipments, and reroute deliveries, resulting in a surge of strategic cargo theft. Cyber threat actors target US transportation and logistics sectors, including companies with interests in shipping, receiving, delivering, and insuring cargo. Since at least 2024, cyber threat actors have gained unauthorized access to the computer systems of brokers and carriers — typically via spoofed emails, fake URLs, and compromised carrier accounts. The cyber actors pose as victim companies and post fraudulent listings on load boards to deceive shippers, brokers, and carriers into handing over goods, which are redirected from their intended destination and stolen for resale. (IC3.GOV)

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

TRANSPORTATION: With new technology comes questions about data privacy, security and accountability with high stakes for businesses and consumers. On May 5, as part of the seventeenth annual A. Alfred Taubman Forum on Public Policy, Governance Studies at Brookings will host a webinar to discuss the benefits and implications of connected cars.

AI AND IRAN: The conflict in Iran reveals urgent lessons about AI as a weapon of war and statecraft. Led by one of Washington’s top experts on Iranian strategy, military doctrine, and the IRGC, this May 6 FDD panel provides an assessment of how the Iranian regime has used autonomous systems and machine learning to expand its reach; how AI tools have supercharged propaganda campaigns and cyber-enabled information warfare; and in the financial realm, how emerging technologies have enabled large-scale fraud and illicit funding of Tehran’s proxies. 

EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP