Cyber Briefing – May 11, 2026
TODAY’S TOP 5
WHICH WAY NOW ON AI POLICY?: The White House is scrambling to find its footing on AI policy, as the development of new, more powerful models forces the Trump administration to rethink its strategy on AI safety, The Hill reports. From the outset of President Trump’s second term, the White House has promoted a pro-innovation, light-touch stance on AI regulations, prioritizing the U.S.’s competitive standing against other countries. AI battles in the White House and Congress have focused largely on efforts to preempt state AI laws deemed overly restrictive as a result. But the release of Anthropic’s Mythos, the company’s newest model capable of spotting decades-old security vulnerabilities, has shaken the administration’s commitment to its typical hands-off approach, prompting discussions about heavier government involvement in new model rollouts.
- The Trump administration’s shifting stance on regulating artificial intelligence is fueling fresh uncertainty for the tech industry. Seven lobbyists and policy advisers told POLITICO they’ve struggled to get specifics on a possible executive order that could impose tough vetting rules on new AI models, a major question that has gotten mixed messages from the White House in recent days. “There is no clarity,” said one senior tech lobbyist, who like others in this piece was granted anonymity to describe sensitive and fast-changing discussions. The person contended that “different factions within the White House have different views about what should happen.”
THIS WEEK’S CHINA SUMMIT AND TECH CONCERNS: Long before this week’s trip to China, President Donald Trump was already predicting on social media that his Chinese counterpart, Xi Jinping, would “give me a big, fat hug when I get there.” But Beijing’s deep economic ties to Iran, as well as trade tensions over tariff threats stretching back to Trump’s first term, could crimp the good feelings when Trump flies to Beijing this week — even though the Republican president has for years effusively praised Xi, making it clear he sees China’s leader as a competitor strong enough to warrant his respect and admiration, the Associated Press reports. Trump arrives in Beijing on Wednesday night.
- More than a decade into Xi Jinping’s rule, China’s military has grown more formidable, its factories dominate global manufacturing and its technology pioneers are closing the gap with Silicon Valley. Yet big parts of its economy are a mess, The Wall Street Journal reports. A colossal property bust has destroyed trillions of dollars in wealth, consumer confidence has been gutted and the job market has grown bleak. The disconnect shows how Xi has made China’s security a priority over its economy. He is steering hundreds of billions of dollars into pursuing self-sufficiency in artificial intelligence, semiconductors, electric cars and other strategic sectors, while holding back on economic reforms that would help create more jobs and lift the country’s middle class.
- The general in charge of keeping the United States Marine Corps sustained in a fight dismisses the notion that China poses a near-peer threat to the U.S., The War Zone reports. It’s far more serious and will make the currently paused conflict with Iran pale by comparison should the two superpowers come to blows, said Lt. Gen. Stephen Sklenka, the USMC Deputy Commandant for Installations and Logistics. “There is no threat that looms larger than the People’s Republic of China,” Sklenka said during the 2026 Modern Day Marine Expo in Washington, D.C. “Don’t listen to this garbage about them being a near peer. They’re a peer because they rival us in nearly every single measure of national influence.”
- Science and technology are central pillars of China’s national strategy, underpinning the country’s ambitions for economic modernization, global competitiveness, and national security. In this report, the authors provide an analysis of how China conceptualizes S&T as part of its broader national strategy. Shanshan Mei and Judith Huismans at RAND draw on a variety of publicly available sources, including official Chinese government documents, China’s policy statements, Chinese and international academic literature and international reports.
- The United States and China are reportedly considering establishing a dialogue on AI safety. The Chinese government has long sought such a dialogue, but the unfortunate reality is the Chinese government’s willingness to make and abide by robust international commitments on AI safety is low, Chris McGuire writes at the Council on Foreign Relations. It views these dialogues as an opportunity to increase its access to technology that China needs to catch up to the United States in AI. If the United States and China do establish a regular AI dialogue, the only effective way to change the Chinese government’s calculus is to ensure it is exclusively focused on safety and to couple it with a “maximum pressure” campaign that tightens export controls and expands the U.S. lead in AI as much as possible.
LEGOS AT WAR IN IRAN’S INFO OPS: Those of a certain age will remember that the predominant information operations (IO) efforts of Iran in the past consisted largely in having mass crowds chanting “Death to America” and ineffectual governmental condemnations of U.S. activities. It seems to be fair to assume that Iranian IO was not a particularly high priority for U.S. planners in the leadup to the military operations against Iran. The reality, however, is that Iranian IO has become an increasingly salient aspect of the conflict, including videos with Lego-style animation and typically hip-hop soundtracks, Lawrence E. Cline writes at Small Wars Journal. Some Iranian official sources have dipped their toes into the IO campaign beyond the expected strategic communications efforts. Iranian embassies in particular have increasingly become active in their IO efforts. In some ways, there seems to be almost a competition among Iranian embassies for who can post the catchiest IO meme.
- Infostealer marketplaces should be treated the way America treats ransomware infrastructure: as legitimate military and intelligence targets. The Pentagon’s Cyber Command has the authority and capability to take dark web credential markets offline, and has used those authorities against ransomware operators with real effect. There is no defensible reason to treat the marketplace selling Iran the keys to American hospitals as a lower priority than the one selling Russia the keys to American pipelines, Omri Raiter writes at Fox News.
- According to the Wall Street Journal, the Iran-linked Handala Hack Team claimed it published the names and details of 2,379 US Marines stationed in the Persian Gulf region. Task & Purpose reported that some U.S. service members received threatening WhatsApp messages suggesting they were being watched. Handala has also claimed it holds home addresses, family information, base details, and daily routines. Whether every claim is true or exaggerated, the intent is clear to make American personnel and their families feel exposed. This is why Washington should treat the incident as a force-protection issue, not simply a privacy breach, Dr. Usman writes at Modern Diplomacy.
CANVAS BACK ONLINE BUT DISRUPTIONS LINGER: The online education platform Canvas went offline after a data breach on Thursday, temporarily leaving students and faculty at thousands of U.S. colleges — and K-12 schools — without access to course materials and communications during finals period, NPR reports. “I’m sure somewhere in the country when the outage happened, there probably were people actually taking final exams on the platform when it crashed,” says Damon Linker, a senior lecturer in political science at the University of Pennsylvania. Thirty million users — including at half of the higher education institutions in North America — rely on Canvas to manage courses, submit assignments, view grades and facilitate communication, according to its parent company, Instructure.
- Universities across the U.S. were forced to delay final exams following the cyberattack, The Record reports. On Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more. The message, from the ShinyHunters cybercriminal gang, said they breached Instructure “again” after the company did not negotiate a ransom the previous week. The note urged schools to reach out to the hackers directly to negotiate a ransom by May 12.
AMERICAN AI COMPANIES CAN’T GET ENOUGH CHIPS: In 2026, artificial intelligence (AI) chip production has become a binding constraint on the pace of the AI compute buildout. Demand for computing power to train and deploy advanced AI models continues to grow exponentially, outpacing many chip manufacturers’ forecasts. Supply chains for AI chips and key inputs cannot scale rapidly enough to meet demand, as it takes years to build additional manufacturing capacity. Given these constraints on AI chip supply, the United States has both greater leverage and greater reason to ensure every chip is put to its highest-value use, giving rise to five key policy implications, James Sanders, Janet Egan and Rory Madigan write at the Center for a New American Security.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
Most people think secure messaging begins and ends with encryption. Signal CTO Ehren Kret says that is only part of the picture. On the latest episode of Cyber Focus, host Frank Cilluffo sits down with Kret to discuss what private communication really requires, from protecting message content to limiting what platforms can learn from metadata, identity, group membership and social graphs. Kret explains how Signal’s nonprofit model shapes its privacy-first design choices, why endpoint security remains a major challenge and how AI built into operating systems could create new risks for private communication. The conversation also explores post-quantum encryption, lawful access debates, phishing threats against messaging accounts and why the future of secure communication depends not only on better technology but on helping users understand what is and is not truly private.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Artificial intelligence
Anthropic reveals text portraying AI as evil triggered Claude’s attempt at blackmail
Anthropic has finally revealed the reason its artificial intelligence (AI) models exhibited harmful behavior in a simulation last year. The San Francisco-based AI startup claimed that the Claude 4 series models blackmailed users into completing the objective because of training data that portrayed AI as evil. The researchers found that the post-training techniques were not able to overpower this pre-training learning, and it persisted in the model’s behavior. However, nearly a year after publishing the initial report, the company has finally found a way to fix agentic misalignment from the latest models. (GADGETS360.COM)
Biothreats
American tests positive for hantavirus as U.S. airlifts cruise passengers home
All 17 Americans aboard a cruise ship hit with a deadly hantavirus outbreak have disembarked and are being taken to a specialized treatment facility in Nebraska, including one passenger who tested positive for the Andes virus and another who has mild symptoms. The passengers will be assessed and receive care at the ASPR Regional Emerging Special Pathogen Treatment Center at the University of Nebraska Medical Center in Omaha, the Health and Human Services Department said in a statement. Two of the passengers, one with mild symptoms and another who tested “mildly PCR positive for the Andes virus,” are traveling in biocontainment units “out of an abundance of caution,” it said. (WASHINGTONPOST.COM)
WATCH: Inside the facility monitoring Americans exposed to hantavirus (NBCNEWS.COM)
Breaches
Zara data breach impacts nearly 200,000 customers
A ShinyHunters campaign has resulted in the compromise of information belonging to over 197,000 customers of fashion outlet Zara, according to HaveIBeenPwned. The data breach notification service posted a brief note on its website explaining data stolen during an April 2026 incident included unique email addresses alongside product Stock Keeping Units (SKU), order IDs and information relating to support tickets. Initially, Zara parent company Inditex claimed that no names, passwords, bank-card details or any other payment methods were affected by the incident. (INFOSECURITY-MAGAZINE.COM)
NVIDIA confirms GeForce NOW data breach affecting Armenian regional partner
GFN.am disclosed the breach occurred between March 20 and 26, 2026, with users who registered after March 9, 2026 confirmed as unaffected. The threat actor claimed to have stolen full names, email addresses, usernames, dates of birth, membership status, and 2FA and TOTP status, and listed the alleged database for sale at $100,000 in Bitcoin or Monero. The forum post has since been removed, and it is unclear whether the database was sold or deleted. NVIDIA and BleepingComputer noted that the threat actor claiming to be ShinyHunters is believed to be an impersonator, as the actual ShinyHunters group does not operate via forums or Telegram and has not posted related information on its leak site. (SECURITYBOULEVARD.COM)
Cybercrime
Resurrected ‘Crimenetwork’ marketplace taken down, administrator arrested
German police last week announced the shutdown of the second iteration of the Crimenetwork crime marketplace. Crimenetwork was taken down in December 2024, after more than 12 years of operation, and a suspected administrator was arrested. Days later, the German-speaking online marketplace was resurrected on newly built infrastructure, and has since grown to have over 22,000 users and more than 100 sellers. The majority of the marketplace’s users are likely German speakers, the police said. (SECURITYWEEK.COM)
Health care
Missouri alleges Conduent is stonewalling state on hack
Missouri regulators are widening an investigation into a 2024 hacking incident at Conduent Business Services, alleging that the company is stonewalling the state’s attempts to obtain information about the data breach, which is estimated to affect more than 25 million people nationwide. Missouri’s Department of Commerce and Insurance on Tuesday published a public request that insurers share with the state information “about any services utilized through Conduent Business Services or its affiliates” following the company’s cybersecurity incident, which was first publicly disclosed in April 2025. (HEALTHCAREINFOSECURITY.COM)
Outages
AWS data center outage hits trading on FanDuel, Coinbase
Amazon Web Services, a leading cloud provider, started reporting operational issues on Thursday that affected trading on platforms including Coinbase and FanDuel. “Full recovery is still expected to take several hours,” AWS wrote in its latest update at 3:29 p.m. ET on Friday, adding that “efforts are slower than we had previously anticipated. According to AWS, the outage was tied to overheating at a data center in its main US-East-1 region hosted in northern Virginia. AWS said issues were in a “single Availability Zone” in the region. (CNBC.COM)
Phishing
Over 500 organizations hit in years-long phishing campaign
A phishing campaign that has been ongoing for more than four years has made hundreds of victims across multiple industries, SOCRadar reports. Dubbed Operation HookedWing, the campaign was first documented in 2022 but has sustained activity and adapted its infrastructure while keeping core patterns largely unchanged. Over the course of four years, more than 2,000 user credentials across over 500 organizations in the aviation and travel, critical infrastructure, energy, financial, government, logistics, public administration, and technology sectors were stolen as part of the campaign. (SECURITYWEEK.COM)
Supply chain
Fake OpenAI Privacy Filter repo hits No. 1 on Hugging Face, draws 244K downloads
A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, released by OpenAI late last month (openai/privacy-filter), including copying the entire description verbatim to trick unsuspecting users into downloading it.Access to the malicious model has since been disabled by Hugging Face. (THEHACKERNEWS.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI
As businesses and governments turn to AI agents to access the internet and perform higher-level tasks, researchers continue to find serious flaws in large language models that can be exploited by bad actors. The latest discovery comes from browser security firm LayerX, involving a bug in the Chrome extension for Anthropic’s Claude AI model that allows any other plugin – even ones without special permissions – to embed hidden instructions that can take over the agent. “The flaw stems from an instruction in the extension’s code that allows any script running in the origin browser to communicate with Claude’s LLM, but does not verify who is running the script,” wrote LayerX senior researcher Aviad Gispan. (CYBERSCOOP.COM)
Financial
TrickMo Android banker adopts TON blockchain for covert comms
A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. The TrickMo banker was first spotted in September 2019 and has remained in active development, constantly receiving updates since then. In October 2024, Zimperium analyzed 40 variants of the malware delivered via 16 droppers, communicating with 22 distinct command-and-control (C2) infrastructures, and targeting sensitive data belonging to users worldwide. (BLEEPINGCOMPUTER.COM)
Malware
Hackers abuse Google ads, Claude.ai chats to push Mac malware
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac. The campaign was spotted by Berk Albayrak, a security engineer at Trendyol Group, who shared his findings on LinkedIn. (BLEEPINGCOMPUTER.COM)
ODINI malware uses CPU magnetic signals to exfiltrate data from air-gapped systems
Air-gapped systems and Faraday cages have long represented the gold standard for protecting critical infrastructure and sensitive military networks. However, a groundbreaking threat known as ODINI demonstrates that even these extreme isolation measures can be compromised. Researchers have developed a new technique in which malicious software exploits low-frequency magnetic fields generated by a computer’s central processing unit to exfiltrate data stealthily. (GBHACKERS.COM)
JDownloader site hacked to replace installers with Python RAT malware
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. The supply chain attack affects those who downloaded installers from the official website between May 6 and May 7, 2026 via the Windows “Download Alternative Installer” links or the Linux shell installer. According to the developers, the attackers modified the website’s download links to point to malicious third-party payloads rather than legitimate installers. (BLEEPINGCOMPUTER.COM)
Vulnerabilities
A hacker ran me over with a robot lawn mower
I’m lying in the dirt. It’s coming for me. Then, with a lurch, it’s climbing up my chest. If Andreas Makris doesn’t stop the 200-pound robot lawn mower in time, it could drag its blades across my body. Makris certainly can’t reach over and hit the emergency stop button — he’s nearly 6,000 miles away, having hacked this robot from the other side of the planet, to demonstrate the gaping security holes in Yarbo’s robot lawn mowers. And I’ve made the questionable decision of lying down in the mower’s path — to see just how far Makris, the security researcher who discovered those flaws, is able to push the mower. (THEVERGE.COM)
Windows CreateFileW API flaw could let attackers lock SMB files at scale
The multi-billion-dollar ransomware defence industry operates on a fundamental assumption: to cause catastrophic operational damage, malicious actors must write corrupted data to a disk. However, a newly disclosed attack technique, GhostLock, completely invalidates this foundational premise by demonstrating how threat actors can paralyze enterprise file systems without encrypting a single byte. Published in May 2026 by security researcher Kim Dvash, the open-source proof-of-concept reveals how a standard, low-privileged domain user account, typically acquired through routine phishing campaigns, can lock hundreds of thousands of files on an enterprise network attached storage system. (GBHACKERS.COM)
Ollama out-of-bounds read vulnerability allows remote process memory leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has been codenamed Bleeding Llama by Cyera. Ollama is a popular open-source framework that allows large language models (LLMs) to be run locally instead of on the cloud. On GitHub, the project has more than 171,000 stars and has been forked over 16,100 times. (THEHACKERNEWS.COM)

ADVERSARIES
China
Why China waits: Beijing is playing a long game on Taiwan
OPINION: A Chinese military takeover of Taiwan is often portrayed as inevitable and imminent. For many observers, including those writing in Foreign Affairs, U.S. President Donald Trump’s ambivalent public statements about the United States’ commitments to Taiwan’s defense and apparent indifference to the island’s fate might tempt Beijing to achieve unification with Taiwan through military force soon—possibly before the end of 2026. Washington’s war with Iran and the redeployment of U.S. defenses from the Indo-Pacific to the Middle East have further raised concern that China could seize the island without having to fear a U.S. response. (FOREIGNAFFAIRS.COM)
Iran
Iran nuclear talks: Three lessons from the war for negotiators
OPINION: President Donald Trump was unequivocal last month when asked whether the United States would use a nuclear weapon against Iran: “A nuclear weapon should never be allowed to be used by anybody,” he said. That statement, striking in its restraint from a president who had threatened Iran with civilization-ending force, coincidentally came just before diplomats from 191 countries gathered in New York City to review the future of a treaty that has largely kept nuclear weapons from proliferating for more than 50 years. (CFR.ORG)
Russia
Russia rehearsing tactics along NATO’s Baltic frontline
OPINION: Drones originating from Russia entered Latvian airspace on May 7. Irrespective of whether the drones are Russian or Ukrainian, the threat against the Baltics is a result of Russia’s ongoing war against Ukraine. Russia is using the Baltic frontline of the North Atlantic Treaty Organization (NATO) to rehearse airspace incursions and provocations while remaining below the threshold of open military confrontation. NATO’s ability to respond to repeated probing in the Baltic states will shape whether Moscow’s methods expand elsewhere in NATO, as they have already done with targeting of subsea critical infrastructure. (JAMESTOWN.ORG)
Latvian Defense Minister resigns, following lagging response to drone incursions
Latvian Defense Minister Andris Sprūds resigned on Sunday following several criticized shortcomings in drone detection and lagging mobile alarms after drones entered the country’s airspace in the direction of Russia and hit an oil storage plant. The official announced his resignation during a press conference yesterday evening, stating that the decision was made “in order to protect Latvia’s army from divisive political campaigning.” The declaration came shortly after Latvian Prime Minister Evika Siliņa convened an extraordinary meeting of the coalition partners on May 10 and called on him to step down while informing them of her decision, her office told Breaking Defense in an email statement. (BREAKINGDEFENSE.COM)
In fraught geopolitical times, accountability for Russian aggression remains crucial despite U.S. policy reversals
OPINION: When Russia invaded four years ago, the unprovoked attack sent shockwaves around the world, becoming a watershed moment for Ukraine as a nation, for European continental security, and for world order more generally. The international community condemned the aggression almost in unison, but to no avail. In response, Ukraine and its partners mounted a military defense and have implemented a series of unprecedented measures aimed at holding Russia and its leaders accountable for the war and the myriad atrocities Russian troops have perpetrated to date. (CARNEGIEENDOWMENT.ORG)
Strategic snapshot: Russia cracks down on internet
Russia has been severely cracking down on Internet access for its population over the past few months. This is a continuation of a trend of information control that Russia has been using for years. Russia has long been banning hundreds of sites, including independent media, human rights groups, and even major global platforms, and trying to create a sovereign internet to isolate its domestic internet from global networks, all under the pretext of national security. The Kremlin’s goal with internet restrictions is to essentially control what the Russian people see, say, and believe. (JAMESTOWN.ORG)
Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia
A pro-Ukraine hacktivist group known as BO Team appears to be coordinating its cyber operations with another group, Head Mare, in attacks targeting Russian organizations, according to a new report. Researchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination. In previous reports, Kaspersky said BO Team, also known as Black Owl, operates more autonomously than other pro-Ukraine hacktivist groups, with its own resources and approaches to deploying malicious tools. (THERECORD.MEDIA)

GOVERNMENT AND INDUSTRY
Artificial intelligence
California invites residents to help shape statewide AI policy
California Gov. Gavin Newsom on Thursday launched the statewide rollout of Engaged California, a public participation platform designed to gather resident feedback on how artificial intelligence is affecting workers, government services and the broader economy across the state. The platform allows Californians to weigh in directly on issues ranging from workplace automation to the responsible use of generative AI in government. The feedback will help guide decisions by state officials, according to the website. In a statement announcing the launch, Newsom said the government wants residents to have a “seat at the table” as the state develops its AI policy frameworks. (STATESCOOP.COM)
Defense
First-of-its-kind electromagnetic spectrum exercise tests senior leaders in Arctic conditions
For the first time, the Joint Electromagnetic Spectrum Operations Center (JEC) hosted a tabletop event for senior leaders to examine what it means to operate within the electromagnetic spectrum environment. “Aurora Pulse was designed for senior leaders. It allows us to get together and really discuss at that strategic level how we would operate in this particular environment, and then how do we need to adapt our tactics, techniques and procedures,” Maj. Gen. AnnMarie Anthony, director of the center, said in an interview with Breaking Defense. The March exercise hosted a variety of organizations from all the services — to include the Coast Guard, the Joint Staff, members of the Intelligence Community as well as Northern Command, Cyber Command, Indo-Pacific Command and Strategic Command. (BREAKINGDEFENSE.COM)
Marines ‘wrestling’ with tough questions over sensors, robotics for Corps’ revamped reconnaissance training
The Marine Corps is overhauling how it trains its reconnaissance troops as ubiquitous surveillance tools redefine modern conflict and service officials wrestle with difficult questions over sensor and robotic employment for new training. Two new courses replaced the Basic Reconnaissance Course, a 12-week program known for its grueling nature in a move service officials said was meant to modernize training, reduce wait times for advanced schools and strengthen baseline infantry skills to meet fleet demands. An initial batch of troops began the new Ground Reconnaissance Course late last month, the first of two schools that will each usher hopefuls through nine weeks of training, for a total of 18 weeks. (DEFENSESCOOP.COM)
DCAA to close additional offices amid agency reorganization
After shutting down 40 smaller audit suboffices around the country, the Defense Contract Audit Agency announced additional office closures as it continues its sweeping effort to reorganize the structure of the agency and shrink its physical footprint. DCAA said it has identified six additional small offices for closure in fiscal 2026. The agency described the closures as part of “ongoing and separate efforts” to evaluate office locations and ensure services are delivered “in an efficient and cost-effective manner.” (FEDERALNEWSNETWORK.COM)
Hegseth aims to cut through the bureaucracy with ‘Deal Team Six’
The Department of Defense launched a team of elite private sector businessmen tasked with handling and approving defense contractor negotiations, aimed at fixing the former “broken Pentagon bureaucracy.” Dubbed “Deal Team Six,” the crew is tasked with creating better deals with defense companies to ensure their production of U.S. military equipment is not at the expense of the taxpayer, but that of the contractor, according to a Thursday social media video posted by Secretary of Defense Pete Hegseth. (DEFENSENEWS.COM)
Drones
Pentagon counter-drone task force announces pilot program to get directed energy systems to 5 installations
The Pentagon’s counter-drone task force announced a new pilot program last week aimed at fielding directed energy systems for UAS defense to five military installations across the country over the next six months. Joint Interagency Task Force 401, an Army-led entity charged with boosting the military’s counter-drone efforts, said the initiative is intended to protect infrastructure, military installations and domestic missions against unmanned aerial systems. Concerns over the domestic drone threat have been galvanized in recent years by technological advancements, increased UAS sightings over military bases and key infrastructure as well as their use overseas, which have wrought new tactics that make homeland defense worrisome. (DEFENSESCOOP.COM)
Ukraine ramps up ground robot production to spare soldiers, haul ammo — and rescue grandma
She had walked for hours through the Lyman grey zone, past shell craters and the bodies of neighbors who hadn’t made it out, when the robot caught up to her. The 77-year-old saw it first as a blanket, then as the three words painted across it in an operator’s hand: “Grandma, get on!” Ukraine’s 3rd Army Corps and its Cerberus unmanned ground systems unit ran the April 25 rescue with a reconnaissance drone overhead. The woman lived in the same house for 53 years before Russian forces destroyed it. Three other civilians from the same area were drone-escorted to a pickup point and handed to a 1st Mechanized Battalion armored vehicle, according to a Telegram post by the 3rd Army Corps. (DEFENSENEWS.COM)
Energy
Eversource CEO: ‘We are resisting data centers’
Eversource Energy CEO Joe Nolan is “not interested” in the development of data centers in the company’s service territory, as it’s “only going to drive up the price of energy,” he said on the company’s first quarter earnings call on Thursday. “It’s of no value to our residential customer — actually, any customer,” Nolan said. “If you look at the volatility in ISO New England, there’s not a very volatile market compared to PJM. So, I feel good about it.” However, in its quarterly earnings report filed with the Securities and Exchange Commission, Eversource noted that ISO-NE “average market prices received for [Connecticut Light and Power’s] wholesale sales increased to an average price of $112.71 per MWh for the three months ended March 31, 2026, as compared to $99.02 per MWh for the same period in 2025.” (UTILITYDIVE.COM)
Many Americans hold utility companies responsible for their rising home energy bills
Overall, three-quarters of U.S. adults say their home energy costs have gone up in recent years, according to a recent Pew Research Center survey. This includes 42% who say these costs have gone up a lot. When asked why they think their home energy costs are rising, Americans most commonly say it’s due to utility companies wanting to make more money: 64% say this is a major reason. But many see other factors at play, too. For example, most say electrical grid upgrade costs and increased energy use at data centers are at least minor reasons for their rising bills. (PEWRESEARCH.ORG)
How the Trump administration can reform the Jones Act to lower U.S. energy costs
OPINION: With the geopolitical crisis over the Strait of Hormuz in its third month with no resolution in sight, a related crisis is creeping onto American shores: that of affordable, accessible supplies of refined oil products. Volumes of these critical fuels are already at low levels elsewhere in the world. The United States, despite its vast oil production capacity and mature domestic refining sector, will not be exempt from these secondary impacts of the Iran war indefinitely. Rather, the Trump administration should take steps to mitigate this looming supply problem, and quickly. (ATLANTICCOUNCIL.ORG)
Leadership
NBIS a ‘key priority’ for new DCSA director
A new director at the Defense Counterintelligence and Security Agency will take on DCSA’s longstanding challenge to modernize the federal government’s background investigations system. DCSA announced last week that Joseph Tonon has been selected as director of DCSA. Tonon replaces Justin Overbaugh, the deputy under secretary of defense for intelligence and security who had also been serving as acting director of DCSA since last November. DCSA’s previous permanent director, David Cattler, retired last September. (FEDERALNEWSNETWORK.COM)
Quantum
Quantum entangles the heavens
OPINION: Countries are racing to match their space and quantum ambitions with national strategies. The White House is reportedly drafting an executive order to strengthen US competitiveness in quantum technologies. The rumored draft directs multiple US government bodies, including NASA, to develop a five-year roadmap to expand quantum sensing and networking capabilities. The EU’s 2025 Quantum Europe Strategy highlights “Space and Dual-Use Quantum Technologies” as one of its five strategic focuses, and China’s 15th Five-Year Plan has called for expanding the country’s ground-to-space quantum communications network. Quantum technologies have long seemed too technical and too distant for policymakers to prioritize, but that is now changing as key quantum applications have moved from theory to practice. As quantum matures, it is important to understand what these technologies are, and how they might shape the new space age. (GMFUS.ORG)
Transportation
The impacts may be en route, but cities should plan for AVs
Self-driving cars could make any number of impacts on cities in areas including traffic congestion, parking or even suburban sprawl, prompting officials to begin thinking about how to plan for these changes. But despite the attention given to robotaxis, sidewalk delivery robots and other related next-gen automated devices, autonomous vehicles (AVs) are not a big piece of the transportation ecosystem, and it could be some time before cities and regions will experience sizable impacts, researchers said. “Yes, we need to be looking at it. Yes we need to figure out the readiness. But also, our hair’s not on fire,” is the way Nico Larco, director of the Urbanism Next Center at the University of Oregon, described the current AV climate. (GOVTECH.COM)
UAP
The newly released government UFO archives will leave you shrugging
The U.S. government has released 162 declassified videos, pictures, and documents regarding so-called unidentified aerial phenomena (UAP), which are also still commonly referred to as unidentified flying objects (UFO). The records span in date from the 1940s to the 2020s, come from multiple agencies, and include materials related to claimed UAP sightings at home, abroad, and even on the surface of the moon. Upon initial cursory review, there doesn’t appear to be anything groundbreaking in this release, which should come as no surprise. That assessment could change as we have more time to examine the files, but as it sits now, that is where we are at. (TWZ.COM)
LEGISLATIVE UPDATES
Schumer presses DHS to help local governments defend against AI cyber risks
Senate Minority Leader Chuck Schumer (D-N.Y.) is calling on the Department of Homeland Security (DHS) to help state and local governments shore up their defenses against new cybersecurity risks, as more advanced AI models raise concerns about increasingly powerful hacking operations. In a letter to Homeland Security Secretary Markwayne Mullin on Thursday, Schumer said he is concerned about the “lack of an effective plan” to coordinate with state and local governments to protect against AI-enabled hacking. (THEHILL.COM)
Inside the effort to connect Congress with the feds enacting its policies
Congress is flying blind on the effectiveness of the laws it creates. That’s the thesis of a new project released last week by the POPVOX Foundation, a nonpartisan nonprofit, based on the input of 50 federal employees pushed out of their government jobs last year. The intent of this work was partly to gather insights on how policy implementation works in the executive branch and what barriers exist to effective government that lawmakers may not know about. But it’s also about showing Capitol Hill what’s possible, said Anne Meeker, senior advisor for the POPVOX Foundation, which collaborated with the Niskanen Center, Civil Service Strong, the Partnership for Public Service and the Foundation for American Innovation on the work, called Departure Dialogues. (NEXTGOV.COM)
COMMITTEE ACTIVITY
DEFENSE: The House Appropriations Subcommittee on Defense will hold a Defense Department budget hearing on May 12.
LAW ENFORCEMENT: The Senate Appropriations Subcommittee on Commerce, Justice, Science, and Related Agencies will hold a May 12 hearing to review the president’s Fiscal Year 2027 budget request for the Federal Bureau of Investigation; the Drug Enforcement Administration; the United States Marshals Service; and the Bureau of Alcohol, Tobacco, Firearms and Explosives.
ENERGY: The House Energy and Commerce Subcommittee on Energy will hold a May 13 hearing on transmission permitting.
NUCLEAR: The Senate Armed Services Committee will hold a May 13 hearing to examine the Department of Energy and National Nuclear Security Administration’s atomic energy defense activities.
SOCIAL MEDIA: The Senate Judiciary Subcommittee on Privacy, Technology and the Law will hold a May 13 hearing on why landmark social media verdicts demand federal action to protect kids online.
DEFENSE S&T: The House Armed Services Subcommittee on Cyber, Information Technologies and Innovation will hold a May 13 hearing on the Department of Defense’s science and technology (S&T), artificial intelligence (AI) and innovation enterprise.
CYBER OPS: The Senate Armed Services Subcommittee on Cybersecurity will receive a closed briefing May 13 on cyber operations and readiness for the fourth quarter of fiscal year 2025 and the first quarter of fiscal year 2026.
ALERTS AND ADVISORIES
CISA adds one known exploited vulnerability to catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-42208 BerriAI LiteLLM SQL Injection Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
CHINA POLICY: On May 11, to mark the launch of a new project, the John L. Thornton China Center at Brookings will host Senator Jeanne Shaheen (D-N.H.) and Senator Thom Tillis (R-N.C.) for a conversation on the evolving congressional approach to U.S.-China competition, key takeaways from their recent congressional delegation to Asia, and their perspectives on policy priorities that should guide America’s approach to the next phase of this strategic rivalry.
CHINA STRATEGY: In Defending Taiwan, Eyck Freymann offers a comprehensive strategy to deter war and sustain peace. With Jason Hsu, Freymann will discuss in a May 11 Hudson event how the United States and its partners can adapt to China’s evolving strategy and develop a coherent plan to prevent conflict while safeguarding Taiwan’s future.
EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”
ENERGY: The grid was historically planned by utilities and regulators and financed by ratepayers. Now, rapid load growth from data centers, electrification, and reshored manufacturing has large customers stuck in interconnection queues and pushing for reform. Join the CSIS Energy Security and Climate Change Program on May 15 for a conversation with Travis Fisher and Daniel Palken on competing visions of the U.S. power grid and its policy future.
RUSSIA: Russia’s growing influence and engagement in Africa is a significant and often overlooked dimension of global great power competition. Join the Center for a New American Security (CNAS) on May 18 for a virtual panel discussion on this topic to mark the release of a new report, Beyond the Sahel: Russia’s Toolbox for Influence in Africa, by Kate Johnston and Valeria Allende, with Isabel Dlabach. This report looks at Russia’s activities in key states in Africa—Egypt, Ethiopia, Nigeria, and South Africa.
SECURITY POLICY: Congressman Michael McCaul has been at the center of Congress’s foreign policy debates over the past two decades, first as chairman of the House Homeland Security Committee and later as the chairman of the House Foreign Affairs Committee. As Chairman Emeritus McCaul prepares to leave Congress and begin a new chapter of his service to the nation, please join Mariano-Florentino (Tino) Cuéllar, president of the Carnegie Endowment for International Peace, for a May 20 conversation with the congressman reflecting on his legacy on Capitol Hill, his views on the future of American global leadership, and the lessons that his career offers to the next generation of policymakers.
AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS