Cyber Briefing – May 12, 2026
TODAY’S TOP 5
GOOGLE SAYS HACKERS USED AI TO DEVELOP MAJOR SECURITY FLAW: Cybercriminals were recently caught using a zero-day exploit believed to have been discovered and developed by artificial intelligence, Google announced Monday, POLITICO reports. The announcement comes as major AI companies, including Anthropic and OpenAI, have begun testing newer models that can find and exploit critical software vulnerabilities better than most humans. The report noted that this was the first time Google had seen evidence of AI being used to develop these types of vulnerabilities.
- Google Threat Intelligence Group said it has “high confidence” that it recorded hackers using an AI model to find and exploit the zero-day vulnerability, or a software flaw unknown to developers, creating a way to bypass two-factor authentication, CNBC reports. “The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use,” Google wrote in the post, without disclosing the name of the hacker group. Google said it does not believe that its homegrown Gemini model was used.
- GTIG has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks.
DEAL STRUCK WITH SHINYHUNTERS IN ED BREACH: The maker of Canvas, the software used by thousands of schools and universities around the world, said on Monday that it had reached a deal with the hackers that recently breached its systems for the return of stolen data and the destruction of any copies, The New York Times reports. ShinyHunters, a hacking group, had claimed responsibility for the attack on Instructure, the Salt Lake City-based company that provides Canvas to about half of all colleges and universities in North America. The hackers said they had accessed the data of more than 275 million users at nearly 9,000 schools worldwide, including private conversations between students and teachers as well as personal identifying information such as names and email addresses. Canvas was shut down for hours after the cyberattack on Thursday.
- A monetary demand from ShinyHunters was not surprising. The ransomware group is known for extorting victims following a data breach. A second breach at Instructure, however, was a surprise, Mashable reports. Canvas once again went offline, and when it came back, the company had removed the source of the second incident: Free-For-Teacher accounts. According to a newly updated incident page on Instructure’s website, the company says it “identified a vulnerability regarding support tickets in our Free for Teacher environment that was exploited.”
CHINA SEEKS AI INDEPENDENCE: When the Chinese start-up DeepSeek released its latest artificial intelligence model last month, it edged Beijing closer to a future that it has spent years trying to build. In a small but meaningful break from American technology, DeepSeek said for the first time that its new model had been optimized to run on chips made by the Chinese tech giant Huawei. This was a milestone in China’s long-running effort to develop advanced technologies at home and reduce its reliance on Western innovation, The New York Times reports. While most of the world’s leading AI systems still rely on semiconductors from the U.S. chip-making giant Nvidia, Chinese AI firms are increasingly turning to homegrown alternatives. The timing of DeepSeek’s announcement — before this week’s scheduled summit between President Trump and Xi Jinping, China’s leader — gives Beijing fresh confidence entering trade talks that U.S. export controls on Nvidia chips have not derailed China’s AI development.
- Behind the pageantry that will be on display during Trump’s meeting with President Xi Jinping of China this week is a less pleasant reality. For at least the last decade, Beijing has been actively targeting America’s telecommunications networks, intellectual property and electrical and water utilities in a sustained campaign of intrusion. The summit provides an opportunity to raise the issue more forcefully with Mr. Xi than American leaders have in the past. But America also has its own unpleasant reality to face: Protecting the country from bad actors in cyberspace is a job for Americans, and we haven’t been doing enough to defeat China’s efforts, former U.S. Cyber Command leader and NSA Director Gen. Timothy D. Haugh (ret.) writes at The News York Times. The good news is that the United States has a huge advantage in today’s cybercompetitions: the extraordinary concentration of technical capability, network reach and institutional knowledge embedded in American industry.
- Tesla CEO Elon Musk, Apple CEO Tim Cook and more than a dozen other business leaders are set to join Trump on his trip to China this week, according to a White House official, The Hill reports. Trump, who is traveling to Beijing to meet with Chinese President Xi Jinping on Thursday and Friday, plans to bring along a coterie of prominent business and technology executives. The guest list includes BlackRock CEO Larry Fink, Blackstone CEO Stephen Schwarzman, Citigroup CEO Jane Fraser, Goldman Sachs CEO David Solomon, Mastercard CEO Michael Miebach and Visa CEO Ryan McInerney.
U.S. SPY AGENCIES VIE FOR MORE SWAY OVER AI: As Trump prepares to travel to China, his administration is sharply split over a plan to give U.S. intelligence agencies a bigger role in evaluating AI models, according to two people familiar with the matter, who spoke with The Washington Post on the condition of anonymity to discuss a proposal that is not yet public. Trump could sign an executive order addressing AI security soon. But the administration’s response to new advanced AI models remains in flux and a topic of extensive debate, according to multiple people with knowledge of the conversations. The debate within the administration pits Commerce Department officials against national security aides in a battle, which one person described as a “knife fight,” to determine which part of the government will have sway over technology that Silicon Valley leaders say can transform the economy.
- Despite the growing consensus that AI will be transformative, few have analyzed how AI interacts with institutions, Sarosh Nagar and David Eaves write at Lawfare. Some literature, for example, does analyze how artificial general intelligence (AGI) may strengthen or erode state legitimacy, highlighting the need for a middle path. Other literature highlights how AI might empower public infrastructure. Yet there is little work analyzing how AI may be a critical juncture and interact with existing institutional structures. Furthermore, if governments — national, state and local — are not careful, they risk ending up on the wrong side of this juncture, locked out of the technology’s benefits and subject to its harms.
NEW CRITICAL INFRASTRUCTURE COALITION LOOKS FORWARD: As some of the organizations that run essential services in the U.S. lose faith in the federal government’s willingness and ability to help them, a few of the biggest critical infrastructure operators are taking matters into their own hands to improve coordination — and prepare for a major crisis, Cybersecurity Dive reports. In February, a coalition that includes corporate titans JPMorgan Chase, Mastercard, AT&T and Berkshire Hathaway Energy launched the Alliance for Critical Infrastructure (ACI), vowing to take the lead in helping infrastructure sectors work more closely together to understand and mitigate the shared cybersecurity risks they face. Reading between the lines, the message was clear: The critical infrastructure community, increasingly alarmed at the Trump administration’s retreat from decades-long partnerships, is trying to fill the growing void of coordination and leadership. “If the private sector does not step up to self-organize,” said McCrary Institute senior fellow Brian Harrell, a former assistant director for infrastructure security at the Cybersecurity and Infrastructure Security Agency (CISA), “the nation faces a period of unprecedented visibility gaps in its most vital systems.”
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
Most people think secure messaging begins and ends with encryption. Signal CTO Ehren Kret says that is only part of the picture. On the latest episode of Cyber Focus, host Frank Cilluffo sits down with Kret to discuss what private communication really requires, from protecting message content to limiting what platforms can learn from metadata, identity, group membership and social graphs. Kret explains how Signal’s nonprofit model shapes its privacy-first design choices, why endpoint security remains a major challenge and how AI built into operating systems could create new risks for private communication. The conversation also explores post-quantum encryption, lawful access debates, phishing threats against messaging accounts and why the future of secure communication depends not only on better technology but on helping users understand what is and is not truly private.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Artificial intelligence
OpenAI sued over ChatGPT’s alleged role in guiding FSU shooter
OpenAI is being sued by the family of a victim killed in the April 2025 mass shooting at Florida State University that left two people dead. The lawsuit alleges that OpenAI’s ChatGPT enabled the attack. Vandana Joshi, the widow of Tiru Chabba, who was killed alongside the university dining director Robert Morales, filed the federal lawsuit against OpenAI in Florida on Sunday. In a Monday news briefing announcing the lawsuit, one of Joshi’s attorneys accused ChatGPT of placing “the dollar above the lives of everyday average Americans.” (NBCNEWS.COM)
Biothreats
CDC alerts clinicians about potential for imported hantavirus cases
The CDC has issued a Health Alert Network (HAN) health advisory on hantavirus, urging clinicians to be aware of the potential for imported cases of hantavirus disease in connection with an outbreak of Andes virus aboard a cruise ship. While the risk of broad spread in the U.S. is “considered extremely unlikely at this time,” the agency noted that early symptoms can be easily confused with influenza or other viral illnesses. In addition, the virus may not be accurately detected in body secretions and excretions within the first 72 hours of symptom onset, so testing should be repeated after that window, the agency warned. (MEDPAGETODAY.COM)
Americans on both coasts who weren’t on MV Hondius being monitored for hantavirus after possible flight exposure
At least five Americans on both U.S. coasts are being monitored for hantavirus symptoms, even though they never set foot on board the ill-fated MV Hondius cruise ship. Two New Jersey residents, two Marylanders, and one Californian are in isolation under the strict supervision of health department officials after they all took international flights that included passengers from the virus-stricken cruise. None has exhibited any symptoms, and it’s unclear if they contracted the virus. (NYPOST.COM)
Breaches
SailPoint GitHub repo hit by third-party cyberattack
SailPoint on May 8 reported that the company experienced a cyberattack in which the attackers gained “unauthorized access” to a subset of its GitHub repositories. The company said the incident was detected on April 20 and involved a vulnerability in a third-party application, which has since been remediated. In Friday’s filing with the Securities and Exchange Commission, SailPoint maintained it found no evidence that customer data in its production or staging environments were accessed, or that its services were interrupted. (SCWORLD.COM)
Cybercrime
Romanian man faces up to 30 years in U.S. prison over vishing scams
A 53-year-old Romania male identified as Gavril Sandu is now in federal custody in Charlotte, North Carolina for his involvement in a massive bank fraud scam. He arrived in the United States on 30 April 2026 after being extradited by Romanian authorities to face charges of conspiracy and bank fraud after years of investigation. The U.S. Department of Justice revealed in a press release that the scheme was launched in 2009 by a group, including Sandu. Until October 2010 this group allegedly targeted small businesses, specifically hacking into Voice over Internet Protocol (VOIP) systems. For your information, VOIP technology allows people to make phone calls over a broadband internet connection instead of a traditional analogue phone line. (HACKREAD.COM)
Ransomware
Gentleman Ransomware suffers data breach
The cybercriminal group, which first surfaced in May 2025, has reportedly become the target of a major data breach that allegedly took place on May 4, 2026. According to reports circulating on underground cyber-crime forums, sensitive information stolen from the group is now being offered for sale on the notorious “Breached” forum under the headline “The Gentleman – Hacked Data for Sale.” The leaked information was initially priced at approximately $10,000, attracting attention from cyber-criminals, security researchers, and threat intelligence analysts alike. (CYBERSECURITYINSIDERS.COM)
Supply chain
Mini Shai-Hulud worm compromises TanStack, Mistral AI, Guardrails AI and more packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed to profile the execution environment and launch a comprehensive credential stealer capable of targeting cloud providers, cryptocurrency wallets, AI tools, messaging apps, and CI systems, including Github Actions, Aikido Security, Endor Labs, SafeDep, Socket, and StepSecurity said. The data is exfiltrated to the “filev2.getsession[.]org” domain. (THEHACKERNEWS.COM)
Water
Hackers hid inside major UK water utility for nearly 2 years
A British privacy regulator fined a major water supplier nearly $1.3 million after finding the utility left longstanding security gaps unaddressed across its corporate network, allowing a ransomware intrusion to expose personal information affecting more than 633,000 customers, employees and contractors. The U.K. Information Commissioner’s Office said Monday it fined South Staffordshire Water and parent company, South Staffordshire, 963,900 pounds following an investigation into a 2022 cyberattack that compromised names, dates of birth, contact information, payment details, online account credentials and limited health-related information. The penalty notice links the breach to a September 2020 phishing attack that installed malware inside the company’s corporate network. (GOVINFOSECURITY.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Fake Claude code page pushes PowerShell stealer at devs
A previously undocumented information stealer has been distributed through fake Claude Code installation pages, hijacking Chromium browsers to bypass App-Bound Encryption and exfiltrate cookies, passwords and payment data from developer workstations. The campaign was detailed on 11 May by Ontinue’s Cyber Defense Center, which traced the activity to three operator-controlled domains registered within a six-day window in April 2026. Victims arrived at the lookalike installation page after clicking sponsored search results for “install claude code.” The lure page mimicked the layout of legitimate Claude Code documentation but rendered an altered one-line installation command directly in HTML, swapping the canonical Anthropic host for an attacker-controlled domain. (INFOSECURITY-MAGAZINE.COM)
Phishing
Fake TronLink Chrome extension steals crypto wallet credentials
A newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign highlights how modern browser extension abuse is evolving beyond static code inspection, making detection significantly harder. At first glance, it appears legitimate, even displaying “1,000,000+ users” and strong ratings on the Chrome Web Store. However, these metrics are inherited from a previously legitimate extension listing that attackers likely hijacked and repurposed. (GBHACKERS.COM)
Tactics
New GhostLock tool abuses Windows API to block file access
A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares. This technique, created by Kim Dvash of Israel Aerospace Industries, abuses the Windows ‘CreateFileW’ API and file-sharing modes to prevent other users and applications from opening files while handles remain active. The GhostLock technique abuses the ‘dwShareMode’ parameter in the CreateFileW() function, which specifies the type of access other processes have to a file while it is opened. (BLEEPINGCOMPUTER.COM)
Vulnerabilities
BitUnlocker downgrade attack bypasses Windows 11 disk encryption in minutes
A proof-of-concept (PoC) exploit that demonstrates how attackers can bypass Windows 11 BitLocker disk encryption in under 5 minutes. Dubbed the “BitUnlocker” attack, this physical downgrade technique exploits a known vulnerability, CVE-2025-48804. Initially documented by the Microsoft STORM team in July 2025, the flaw exposes a critical weakness in how Secure Boot interacts with legacy certificates. (GBHACKERS.COM)

ADVERSARIES
China
California mayor admits to being a China agent after probe
The mayor of an affluent Los Angeles suburb resigned after agreeing to plead guilty of acting as an unregistered foreign agent for China in the U.S. Eileen Wang admitted to posting pro-China propaganda at the direction of Chinese government officials, according to court documents unsealed Monday. Wang was the mayor of Arcadia, a city of about 55,000 located around 15 miles (24 kilometers) northeast of downtown Los Angeles, after being elected to the city council in 2022. She stepped down on Monday, according to a statement from City Manager, Dominic Lazzaretto. (BLOOMBERG.COM)
Iran
The UAE has been secretly carrying out attacks on Iran
The United Arab Emirates has carried out military strikes on Iran, people familiar with the matter said, casting the Gulf monarchy as an active combatant in a war in which it has been Iran’s biggest target. Its military is well-equipped with Western-made jet fighters and surveillance networks. And the attacks suggest the country is now more willing to use them to protect its economic power and growing influence across the Middle East. The strikes, which the U.A.E. hasn’t publicly acknowledged, have included an attack on a refinery on Iran’s Lavan Island in the Persian Gulf, the people familiar with the matter said. (WSJ.COM)
Possibility of operation to retrieve Iran’s enriched uranium appears to rise as negotiations sputter
President Donald Trump on Monday alluded to the U.S. sending troops into Iran to retrieve its highly enriched uranium (HEU). His comments follow similar words on the same topic from Israeli Prime Minister Benjamin Netanyahu made to “60 Minutes” on Sunday. Taken in aggregate, the statements suggest that there is coordinated messaging on the issue between Washington and Jerusalem and, after stalled talks with Iran, the possibility of such an operation may have been elevated. A mission into Iran to rid the country of its highly enriched nuclear material, once and for all, would be extremely risky and very complex. (TWZ.COM)
Maritime
The other border problem: How Russia and China’s lawfare threaten the Arctic
OPINION: What happens when the Arctic starts to look like the South China Sea? Historically, a neutral region where cooperation prevailed, the Arctic is quickly becoming a contested space. This is no more evident than in the increasing scope and volume of Russian and Chinese lawfare affecting the region. Through excessive maritime regulations, coordinated challenges to Western continental shelf claims, and the use of shadow fleets to avoid accountability, Russia and China are increasingly coordinating their efforts to exert influence and challenge Western claims to Arctic resources and freedom of navigation. As these tactics continue to converge, the United States and its partners — Arctic and non-Arctic — should establish clear strategies to respond and counter or risk ceding control of this critical region to those who seek to reshape the law in their favor. (WARONTHEROCKS.COM)
Russia
Assessing Russian network warfare through the lens of the Ukraine conflict
OPINION: Russia’s approach to warfare has never been strictly kinetic; it has extended beyond the battlefield through multiple forms of shaping tactics and subversive operations. Rooted in Soviet-era traditions like reflexive control and maskirovka, a long-standing doctrine of strategic deception, the Russian leadership at all levels and across domains has always treated conflict as something to be fought simultaneously in the cognitive, electromagnetic, and informational domains. In recent history, this mindset has fused with digital technology, producing a network-centric model of warfare that integrates computer network operations (CNO), artificial intelligence (AI), electronic warfare (EW), and space-based capabilities into a single operational posture. (SMALLWARSJOURNAL.COM)
Anti-drone ‘cope cage’ appears on Russian patrol boat
A recent development in the Black Sea drone war has seen a Russian Navy patrol boat appear with a screen, commonly known as a “cope cage,” on top of its superstructure to help protect against drones. Whether the modification is a one-off or part of a broader plan, it emphasizes the growing ubiquity of drone threats, a reality that the U.S. Navy is also increasingly having to contend with. Two photos showing Russian Navy Project 21980 Grachonok class patrol boats underway in the Black Sea were published by Ukrainian defense adviser Serhii Sternenko. The photos were reportedly taken this month, but it’s not clear if they show the same vessel (in one photo, the Russian Navy flag is flying from a mast, and in the other, it is not). (TWZ.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
DOGE pitched AI-fueled ‘regulation extermination’ tool to HUD
DOGE’s playbook for using artificial intelligence to eliminate regulations was on full display at the Department of Housing and Urban Development last summer with the introduction of an AI tool built for the “extermination” of federal housing rules. Documents obtained by Democracy Forward via Freedom of Information Act requests reveal a PowerPoint presentation delivered at HUD on SweetREX, a tool named for DOGE associate Christopher Sweet, according to Wired reporting last August. The new documents, shared with FedScoop and first reported by Lever, laid out a multistep process in which all HUD regulations would be analyzed by the AI. The tool would then provide recommendations to “keep, delete, or partial delete” each rule, per the presentation. (FEDSCOOP.COM)
AI guardrails should be dynamic, evolving, says Alabama’s AI chief
Aaron Wright, who was last month named Alabama’s first chief artificial intelligence officer, is stepping into the role with a number of priorities and objectives already in sight, including ensuring that the state’s AI guardrails are dynamic, and evolve continuously. Wright, the state’s former director of application development who was tapped to helm the state’s AI efforts from the newly created CAIO role housed within the Alabama Office of Information Technology late last month, said that because AI is an “evolving space,” his goals and how the state thinks about the tech will also likely evolve. Wright, who co-led a working group under the Alabama Governor’s generative AI task force in his previous role, said those goals also include helping to ensure the state uses AI efficiently, responsibly and transparently. (STATESCOOP.COM)
How nuclear deterrence can inform Europe’s AI strategy
OPINION: Two months ago, leaders gathered in India to discuss the future of artificial intelligence (AI). One question was of particular importance: How can states retain their agency and sovereignty in the emerging AI-enabled geopolitical order? For Europe, there is a paradox at the heart of this question. Europe must diffuse AI across its economies, public services, and governments, or else it will fall behind those that do — with major economic and security consequences. Yet becoming a competitor at the AI frontier — which is dominated mostly by the U.S. and China — is out of reach due to the staggering capital, energy, and research and development required. (LAWFAREMEDIA.ORG)
Communications
DHS units to re-up contract with controversial mobile device data extractor
The Department of Homeland Security intends to continue its work with Cellebrite, a provider of digital forensics hardware and software tools, according to forecast documents released last week. Immigration and Customs Enforcement, as well as Homeland Security Investigations, plan to award a five-year, indefinite delivery indefinite quantity contract with a $100 million ceiling to the vendor later this year. Cellebrite’s products enable the agency to access data from cellphones, tablets and — more recently — unmanned aerial vehicles. (FEDSCOOP.COM)
Data
After banning foreign routers, FCC says existing ones can get updates until 2029
The Federal Communications Commission is relenting a bit on its restrictive router rules, saying it will allow foreign-made routers to receive software and firmware updates until at least January 1, 2029. The FCC also expanded the waiver to cover more types of software updates. Previously, the FCC said routers currently on the market or already sold to consumers could receive security patches and other updates only until March 1, 2027. On Friday, the agency announced a waiver extension that lets devices receive updates until January 1, 2029, and said the waiver may eventually become permanent. (ARSTECHNICA.COM)
Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent
Texas Attorney General Ken Paxton said Monday that the state is suing Netflix for allegedly not obtaining user consent before collecting and sharing subscriber data with advertisers and data brokers. The lawsuit cites several examples of Netflix leadership asserting that the company does not collect and share user data with advertisers even as the company has long used “intentional engineering to track and log users’ viewing habits, preferences, devices, household networks, application usage, and other sensitive behavioral data,” according to a press release. (THERECORD.MEDIA)
Defense
Missile Defense Agency looks to demo hypersonic weapon interceptor in 2027
The Missile Defense Agency is planning to deliver a provisional capability to defend against hypersonic weapons in the near term as it continues development of more advanced systems. Under a new effort dubbed “Project Maverick,” MDA intends to conduct a flight test of a defensive system to prove the agency’s ability to track and defeat hypersonic missiles in fiscal 2027, according to the organization’s latest budget request. If the demonstration is a success, the resulting capability could serve as an interim counter-hypersonics capability until more advanced systems are fielded. (DEFENSESCOOP.COM)
SOCOM to test SkyFi satellite imagery-to-tablet prototype
U.S. Special Operations Command (SOCOM) has contracted Texas startup SkyFi to test a software platform built to deliver unclassified commercial satellite imagery directly to warfighters ― including a capability for commanders in the field to task a satellite to provide images in near-real time, the company announced. SkyFi’s web-based platform, in essence, is meant to serve as a network operator linking SOCOM users to the best available imagery provided by the company’s some 150 satellite remote sensing providers via a plug-in to the Android Tactical Assault Kit (ATAK) application for mobile phones and tablets, Luke Fischer, the company’s CEO, told Breaking Defense. (BREAKINGDEFENSE.COM)
The future of war arrived. We aren’t ready
OPINION: Every OPLAN, CONPLAN, and campaign design sitting in a classified vault somewhere — from European Command to Indo-Pacific Command, from NATO’s Article 5 contingencies to the South China Sea access-denial scenarios — was built on assumptions that are no longer true. The target sets have changed. The kill chains have changed. The very physics of the battlefield have changed. And the institutions that own those plans are, by and large, heads down — still recruiting for the team, still building the product, still defending the roadmap. The question is no longer whether the force must change. It is whether the institution can move fast enough to matter. (DEFENSESCOOP.COM)
Drones
5 U.S. bases selected for anti-drone pilot program
The U.S. task force responsible for countering small, unmanned aircraft chose five military installations to partake in an upcoming anti-drone pilot program. The U.S. Army-led Joint Interagency Task Force 401, which was stood up in August 2025 and included in the fiscal 2026 National Defense Authorization Act, selected two southern border installations to join and assist the program in advanced directed energy capabilities, according to a May 6 Department of Defense release. “Countering unlawful and adversarial drone activity is a homeland defense imperative,” Brig. Gen. Matt Ross, JITF 401 director, said in the release. (DEFENSENEWS.COM)
Modeling the lethality of small attack drones and loitering munitions
OPINION: This paper presents a probabilistic model to assess the lethality of small tactical strike drones, including widely used first-person view (FPV) quadcopters, and provides a basic yet flexible analytical tool for researchers and planners seeking to better understand the role of these systems in contemporary military operations. The model underpins a series of simulations examining lethality distributions in campaigns against inferior and peer adversaries, enabling the derivation of notional quantitative requirements and cost implications for low-end and high-end strike systems. The results provide an empirical basis to challenge simplistic cost-centric comparisons and mainstream assumptions about the universal effectiveness of attritable mass and to show why inexpensive FPV-type drones are ill-suited as a one-size-fits-all solution across diverse operational environments. (SMALLWARSJOURNAL.COM)
Energy
PPL ‘advanced’ data center pipeline grows to 28.3 GW in Pennsylvania
PPL Electric’s “advanced” stage data center pipeline jumped 12% to 28.3 GW by 2034, up from 25.2 GW three months ago, company officials said Friday during PPL Corp.’s first-quarter earnings conference call. The pipeline ramps up from 0.6 GW expected online this year to 20.7 GW in 2030, according to the Allentown, Pennsylvania-based company’s earnings call presentation. Advanced stage projects have signed agreements with developers and PPL will be paid for project-related work even if the projects don’t advance, the company said. (UTILITYDIVE.COM)
EPA plan would let work start on data centers, power plants before air permits
EPA on Monday proposed allowing data centers, power plants and other industrial facilities to begin certain construction work before obtaining required federal air permits. The proposal is the latest development in the Trump administration’s effort to juice new manufacturing and other industries, especially artificial intelligence. EPA Administrator Lee Zeldin said the change will cut through red tape to speed up projects. “Today’s proposal works to provide solutions to issues that have held up critical American infrastructure and advance the next great technological forefront,” he said in a statement. (EENEWS.NET)
A data center drained 30M gallons of water unnoticed — until residents complained about low water pressure
The neighbors of a data center in Georgia are steaming after they discovered the facility had sucked up nearly 30 million gallons of water — without initially paying for it. Outrage started bubbling up last year when residents of an affluent subdivision named Annelise Park in Fayetteville, Georgia, noticed their water pressure was unusually low. When the county utility investigated, officials discovered two industrial-scale water hookups feeding a data center campus located 20 miles south of downtown Atlanta. One water connection had been installed without the utility’s knowledge, and the other was not linked to the company’s account and therefore wasn’t being billed. (POLITICO.COM)
Health care
Why hospitals must rethink cyber resilience
Hospitals face relentless ransomware attacks that threaten patient safety and operations. More than ever, cyber teams need to strengthen their resilience, with clinical continuity, immutable secure backups and coordinated recovery as critical strategies in a rapidly evolving threat landscape, said John Riggi of the American Hospital Association and Josh Howell of Rubrik. “In this increasingly digitally complex, digitally interdependent ecosystem that healthcare operates in, there is no way for us to 100% prevent attacks and eliminate all the vulnerabilities which expose us to attacks,” said Riggi, national advisor for cybersecurity and risk at the AHA. (HEALTHCAREINFOSECURITY.COM)
Space
Space Force to overhaul key early warning, surveillance radars around the world
The Space Force plans to overhaul eight legacy missile warning and space surveillance radars located around the world, taking them from analog to digital operations, according to a May 7 notice. Under the Ground Based Radar Digitization project, or GBRD, the service will install new hardware and software on the radars, upgrading everything from front-end antennas to back-end data processors. “These aging systems face critical obsolescence and sustainment challenges and require a comprehensive technological upgrade to meet evolving threats,” according to the notice. “GBRD will modernize the entirety of these systems.” (AIRANDSPACEFORCES.COM)
LEGISLATIVE UPDATES
Committee tees up another hearing on bolstering the grid
The House Energy and Commerce Committee will hold the latest in a string of hearings and markups focused on the electric grid to address rising demand and prices. Energy and Commerce Chair Brett Guthrie (R-Ky.) has said he wants the committee to be a part of a broad deal on permitting for all types of energy projects, including power lines. A hearing this week is part of that goal but will likely show persistent divisions on the issue. “Strengthening our grid and winning the race for AI dominance requires the right power at the right time,” said Guthrie and Energy Subcommittee Chair Bob Latta (R-Ohio). (EENEWS.NET)
House bill takes aim at cutting federal agency legacy IT tech
A bill introduced in the House of Representatives on April 21 would push the federal government to hasten its pace in evaluating and replacing legacy IT systems in favor of more modern systems. TheLegacy IT Reduction Act of 2026 is sponsored by Rep. Maxwell Frost (D-Fla.). It does not appear to have companion legislation in the Senate. The bill has been forwarded to the House Oversight and Government Reform Committee, of which Rep. Frost is a member. (MERITALK.COM)
COMMITTEE ACTIVITY
DEFENSE: The House Appropriations Subcommittee on Defense will hold a Defense Department budget hearing on May 12.
LAW ENFORCEMENT: The Senate Appropriations Subcommittee on Commerce, Justice, Science, and Related Agencies will hold a May 12 hearing to review the president’s Fiscal Year 2027 budget request for the Federal Bureau of Investigation; the Drug Enforcement Administration; the United States Marshals Service; and the Bureau of Alcohol, Tobacco, Firearms and Explosives.
ENERGY: The House Energy and Commerce Subcommittee on Energy will hold a May 13 hearing on transmission permitting.
NUCLEAR: The Senate Armed Services Committee will hold a May 13 hearing to examine the Department of Energy and National Nuclear Security Administration’s atomic energy defense activities.
SOCIAL MEDIA: The Senate Judiciary Subcommittee on Privacy, Technology and the Law will hold a May 13 hearing on why landmark social media verdicts demand federal action to protect kids online.
DEFENSE S&T: The House Armed Services Subcommittee on Cyber, Information Technologies and Innovation will hold a May 13 hearing on the Department of Defense’s science and technology (S&T), artificial intelligence (AI) and innovation enterprise.
CYBER OPS: The Senate Armed Services Subcommittee on Cybersecurity will receive a closed briefing May 13 on cyber operations and readiness for the fourth quarter of fiscal year 2025 and the first quarter of fiscal year 2026.
ALERTS AND ADVISORIES
Update on vulnerabilities impacting Cisco ASA and FTD devices
The Canadian Centre for Cyber Security (Cyber Centre) is aware of exploitation targeting Cisco Adaptive Security Appliance (ASA) 5500-X Series devices that are running Cisco Secure Firewall ASA Software with VPN web services enabled. On September 25, 2025, Cisco published security advisories for critical vulnerabilities, CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363, affecting certain ASA and Cisco Secure Firewall Threat Defense (FTD) software release products. This update covers additional affected products and versions. (CYBER.GC.CA)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
DATA AND AI TRUST: Learn how security, identity and resilience leaders are preparing their data for the agentic era at a May 12 VeeamON event featuring White House Cyber Director Sean Cairncross.
EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”
ENERGY: The grid was historically planned by utilities and regulators and financed by ratepayers. Now, rapid load growth from data centers, electrification, and reshored manufacturing has large customers stuck in interconnection queues and pushing for reform. Join the CSIS Energy Security and Climate Change Program on May 15 for a conversation with Travis Fisher and Daniel Palken on competing visions of the U.S. power grid and its policy future.
RUSSIA: Russia’s growing influence and engagement in Africa is a significant and often overlooked dimension of global great power competition. Join the Center for a New American Security (CNAS) on May 18 for a virtual panel discussion on this topic to mark the release of a new report, Beyond the Sahel: Russia’s Toolbox for Influence in Africa, by Kate Johnston and Valeria Allende, with Isabel Dlabach. This report looks at Russia’s activities in key states in Africa—Egypt, Ethiopia, Nigeria, and South Africa.
SECURITY POLICY: Congressman Michael McCaul has been at the center of Congress’s foreign policy debates over the past two decades, first as chairman of the House Homeland Security Committee and later as the chairman of the House Foreign Affairs Committee. As Chairman Emeritus McCaul prepares to leave Congress and begin a new chapter of his service to the nation, please join Mariano-Florentino (Tino) Cuéllar, president of the Carnegie Endowment for International Peace, for a May 20 conversation with the congressman reflecting on his legacy on Capitol Hill, his views on the future of American global leadership, and the lessons that his career offers to the next generation of policymakers.
AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS