Cyber Briefing – May 13, 2026
TODAY’S TOP 5
WILL TRUMP AND XI TRY TO SLOW THE AI RACE?: When President Trump and President Xi Jinping of China meet in Beijing this week, they are expected to discuss, for the first time, how to manage the risks of AI. But in many ways, the two countries seem farther apart than ever on that question, The New York Times reports. Both the United States and China are racing to develop AI-powered weapons that could wreak immense damage without human involvement. Powerful new AI models could enable cyberattacks that might cripple the world’s banks and power grids. Experts have also raised the alarm about how AI could be misused by terrorists or even become sentient and wipe out humankind. But the United States and China are locked in a battle for supremacy in AI that has left policymakers and some researchers increasingly wary of engagement, even as they warn of the technology’s risks. In both countries, many policymakers fear that imposing guardrails on AI development — for example, curtailing the technology’s ability to create bioweapons — would give the other country an opportunity to race ahead.
- Nvidia CEO Jensen Huang has joined Trump’s trip to China, after initial indications the executive had not been invited. After seeing the media coverage of Huang’s absence from the delegation, Trump called the Nvidia executive and asked him to join, a source familiar with the situation told CNBC. Huang flew to Alaska to board Air Force One, the source said.
- One of the most pressing issues facing the United States, the European Union and Japan lies in China’s restrictions on exports of rare-earth metals and magnets essential to advanced manufacturing, The New York Times reports. Manufacturers of commercial aircraft, electronics, cars, semiconductor manufacturing equipment and military hardware are facing acute shortages of rare earths, many of which are refined almost exclusively in China. Prices for some of these metals have soared as much as a hundredfold since Beijing halted most exports in early April last year. China announced on Oct. 9 that it planned to impose sweeping new restrictions on exports of rare earths and products containing even trace amounts of Chinese rare earths. Three weeks later, Xi Jinping, China’s top leader, agreed at a meeting with Trump to postpone those measures for a year, though the restrictions issued in April remained in place.
- China appeared to ramp up missile production last year by the most since Xi Jinping became president in 2013, according to a Bloomberg analysis that mapped out the sector’s finances for the first time. Bloomberg reviewed the corporate filings of every listed Chinese company that mentioned either of the nation’s two leading state-owned missile makers at least once per year in that period. The number of firms that disclosed producing key missile components rose to 81 last year, more than double than during Xi’s first year in office. Within that group, last year saw the highest percentage of companies reporting record revenues of any during Xi’s tenure, which the analysis indicates is due to a surge of new orders to expand China’s missile program. That contrasted with an aggregate drop in revenue over the same period among China’s 300 largest listed companies.
- As Trump and hundreds of aides, security personnel and officials prepare to travel to China, many will leave behind one of the most basic tools of modern government: their everyday cellphones. Instead, officials entering China often travel with stripped-down “clean” devices, temporary laptops and tightly controlled communications systems designed to minimize the risk of surveillance, hacking or data collection in what U.S. officials consider one of the world’s most aggressive cyber environments, Fox News reports. The precautions can transform even routine tasks into logistical headaches. Messages that would normally travel instantly through encrypted apps or synced devices are instead routed through controlled channels, temporary accounts or relayed in person.
IRAN SUPPLY CHAIN AND CYBERATTACK UPDATES: Convoys of heavy-duty trucks barreling across the Arabian desert have become an escape valve for the global economy, The Wall Street Journal reports. In a mechanized revival of the caravans of goods-laden camels that once sustained Arabian commerce, highways, railroads and ports in Saudi Arabia, the United Arab Emirates and Oman have been transformed into an emergency logistics lifeline, circumventing the Strait of Hormuz waterway. After the U.S. and Israel attacked Iran, Bob Wilt, CEO of Saudi Arabian state-controlled mining company Maaden, dispatched executives to Red Sea ports and, within two weeks, lined up rail and truck operators to move fertilizer across the kingdom.
- A pro-Iran hacking group that has claimed a spate of DDoS attacks against Western companies since the United States and Israel went to war against the Islamic Republic said it attacked Spotify on Tuesday with the intent that “the hand of revenge will reach the killers of Imam Khamenei,” Threat Beat reports.
- Asian chipmakers, including giants Taiwan Semiconductor Manufacturing Co. and Samsung Electronics Co., are facing disruptions to their supplies of oil and other essential commodities as a result of the closure of the Strait of Hormuz. The companies are preparing contingencies to mitigate the impact should conflict in the Middle East drag on, Bloomberg reports.
AI SBOM SECURITY GUIDANCE: A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure, CyberScoop reports. The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any supply chain risks are easier to identify. There’s been a growing focus from cyber experts on how they interact with AI. The guidance produced by agencies from the G7 group of nations, including the Cybersecurity and Infrastructure Security Agency, is aimed at setting minimum voluntary standards for what SBOMs for AI should look like. It builds on past efforts to produce other kinds of SBOM guidance.
- On a recent Friday morning, seven cybersecurity veterans gathered in a suite on the 60th floor of the Cosmopolitan hotel in Las Vegas. Surrounded by laptops, network cables, spare Wi-Fi antennas and a wall-mounted television that doubled as a massive computer screen filled with esoteric programming code, they spent the next two days hacking into a computer network in San Antonio as part of an annual event called the National Collegiate Cyber Defense Competition. As this “red team” of cybersecurity professionals attacked the network, dozens of elite computer science students sat in makeshift command centers across the country, trying to stop them. This elaborate competition aimed to simulate the high-stakes world of cyberwarfare, which meant it included a new participant: artificial intelligence. And one of the blue teams was made up entirely of so-called AI agents, working mostly on their own, The New York Times reports.
JOINT ORBITAL WARFARE PLAN: U.S. Space Command (SPACECOM) and its six closest space-savvy allies expect to complete a joint plan for conducting future “orbital warfare” by the end of the year, SPACECOM Commander Gen. Stephen Whiting said, Breaking Defense reports. Like the U.S. military, the allied militaries participating in SPACECOM’s Multinational Force Operation Olympic Defender (MF-OOD) have been internally discussing “the need for protect and defend capabilities, orbital warfare capabilities.” Thus, the group decided the time has come to figure out how to work together via a collective concept of operations (CONOPS), he told the Mitchell Institute. “[W]e are in the process now of building a defense of orbital assets CONOPS together. So, how do we leverage all these capabilities that these nations will be bringing with our capabilities to deconflict them at a minimum, but really we want to be able to integrate them, synchronize them and synergize them going forward,” Whiting said.
- The price tag for the Golden Dome for America could reach $1.2 trillion to develop, deploy and operate over 20 years, according to a new report published Tuesday by the Congressional Budget Office. The updated cost estimate is based on a “notional” missile defense architecture that broadly includes capabilities outlined in President Donald Trump’s 2025 executive order calling for Golden Dome’s development, DefenseScoop reports. CBO’s projections are significantly larger than the $185 billion already budgeted for the project — with space-based interceptors (SBIs) accounting for over half of the office’s estimate. “Of the $1.2 trillion amount, acquisition costs for the notional [national missile defense] system would total just over $1 trillion,” the report stated. “The most expensive component is the space-based interceptor layer, which accounts for about 70 percent of acquisition costs and 60 percent of total costs.”
FOXCONN RANSOMWARE ATTACK: A ransomware group is attempting to extort the electronics manufacturing giant Foxconn, claiming that it stole 8 terabytes of data from the company, including schematics and project details from customers including Dell, Google, Apple, and Nvidia, WIRED reports. Foxconn did not immediately respond to WIRED’s request for comment about the validity of the claims, but the company did acknowledge that some of its North American factories “suffered a cyberattack” in recent days, and that “affected factories are currently resuming normal production” after outages. st vital systems.”
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
NEW: Cyber defense is entering a machine-speed era. With Mythos and Project Glasswing bringing AI-driven vulnerability discovery and exploit development into the center of the cyber conversation, CrowdStrike’s Drew Bagley says organizations need to prepare for a world where vulnerabilities can be found, chained and exploited faster than traditional patching cycles can handle. Bagley joins Frank Cilluffo on the latest episode of Cyber Focus to explain why this shift is not just about one model, one company or one headline-grabbing project. It points to a broader change in how attackers and defenders will operate: exploit stacks may make once-latent vulnerabilities newly dangerous, critical infrastructure operators may face risks they cannot patch away and unmanaged AI agents inside organizations may become another source of exposure. The answer, Bagley argues, is not panic or patching alone, but continuous discovery, continuous remediation, visibility across the kill chain, AI-powered defense and resilience planning built for a world moving faster than human-speed cyber.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Artificial intelligence
‘Will I be OK?’ Teen died after ChatGPT pushed deadly mix of drugs, lawsuit says
OpenAI is facing down another wrongful-death lawsuit after ChatGPT told a 19-year-old, Sam Nelson, to take a lethal mix of Kratom and Xanax. According to a complaint filed on behalf of Nelson’s parents, Leila Turner-Scott and Angus Scott, Nelson trusted ChatGPT as a tool to “safely” experiment with drugs after using the chatbot for years as a go-to search engine when he was in high school. The teen viewed ChatGPT so highly as an authoritative source of information that he once swore to his mom that ChatGPT had access to “everything on the Internet,” so it “had to be right,” when she questioned if the chatbot was always reliable, the complaint said. (ARSTECHNICA.COM)
Biothreats
French hantavirus patient is critically ill and on an artificial lung as outbreak grows to 11
A French woman infected in the deadly hantavirus outbreak on a cruise ship is critically ill and being treated with an artificial lung, a doctor at the Paris hospital caring for the sickened passenger said Tuesday. The outbreak has now reached 11 total reported cases, 9 of which have been confirmed. Three people on the cruise died, including a Dutch couple that health officials believe were the first exposed to the virus while visiting South America. The French passenger hospitalized in Paris has a severe form of the disease that has caused life-threatening lung and heart problems, said Dr. Xavier Lescure, an infectious disease specialist at Bichat Hospital. (APNEWS.COM)
Commercial
Best Western Hotels warns customers reservation data may have been spilled in breach
BWH Hotels, a major global hospitality chain operating thousands of hotels around the world, has confirmed suffering a cyberattack and losing sensitive customer data. In a data breach notification recently sent to affected individuals, the company’s Chief Technology Officer (CTO) Bill Ryan said the attack was spotted on April 22, 2026. The crooks stole sensitive data, including people’s names, email addresses, telephone numbers, and postal addresses, of a yet undetermined number of people. Reservation details, including reservation numbers, dates of stay, and special requests, were also nabbed. (TECHRADAR.COM)
Health care
West Pharmaceutical warns of ransomware attack impacting business operations
A large Pennsylvania pharmaceutical company said a ransomware attack has impacted critical systems used to ship, receive and manufacture products. West Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems. “The incident and the Company’s proactive response have temporarily disrupted the Company’s business operations globally,” the company’s general counsel wrote in the 8-K form. (THERECORD.MEDIA)
Maritime
Ship operator and employee are charged in crash that caused the deadly collapse of Baltimore bridge
Prosecutors announced criminal charges Tuesday in the deadly 2024 collapse of Baltimore’s Francis Scott Key Bridge, accusing a Singapore-based ship operator of intentionally relying on an improper fuel pump that contributed to the ruinous crash and then lying about it to investigators. Acting Attorney General Todd Blanche called it a “preventable tragedy of enormous consequence.” The indictment names Synergy Marine Pte Ltd., based in Singapore, and Synergy Maritime Pte Ltd., based in Chennai, India. Radhakrishnan Karthik Nair, 47, an Indian national who was technical superintendent for the Dali container ship, was also charged. (APNEWS.COM)
Transportation
Škoda warns of customer data breach after online shop hack
Škoda Auto, a wholly owned subsidiary of the Volkswagen Group, has disclosed a data breach after attackers hacked its online shop and stole the personal information of an undisclosed number of customers. The 130-year-old Czech car maker has over 34,000 employees and reported sales of more than €27 billion and a profit of nearly €2 billion in 2025, having delivered over 1 million cars to customers. As Škoda revealed, threat actors gained access by exploiting an unspecified vulnerability in the software of its e-commerce portal. After detecting the breach, the company reported the incident to the relevant authorities and has fixed the security flaw exploited in the attack. (BLEEPINGCOMPUTER.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Communications
Why Canadian telecom providers are prime targets for cyberattacks
Telecommunications providers have quietly become one of the most targeted sectors in global cybersecurity. While banks, hospitals, and government agencies often dominate headlines after major breaches, telecom companies sit in an even more strategic position. They control massive volumes of customer data, mobile authentication systems, enterprise connectivity, internet backbone infrastructure, and increasingly, cloud and managed IT environments used by both businesses and public institutions. (HACKREAD.COM)
Identity
Identity takes center stage as a leading factor in enterprise cyberattacks
Seven out of every 10 organizations suffered at least one identity-related breach over the past year, according to a report released Tuesday by Sophos. Organizations, on average, reported three separate identity-related incidents during that time. Two-thirds of ransomware victims said the cyberattack stemmed from an identity-related incident, said Sophos. The report is based on a survey of 5,000 IT and cybersecurity leaders across 17 countries. The mean recovery cost was $1.64 million, read the report, and the median cost was $750,000. Seven of every 10 respondents reported recovery costs of more than $250,000. (CYBERSECURITYDIVE.COM)
Malware
Free OnlyFans lure used to spread cross-platform CRPx0 malware
CRPx0 is a complex, stealthy and persistent malware campaign. It currently targets macOS and Windows systems, and appears to have Linux capabilities in development. It currently comprises cryptocurrency theft followed by large scale data exfiltration and ransomware. The campaign has been analyzed in detail by Aryaka Threat Research Labs. The initial social engineering lure is the offer of a free OnlyFans account. Users interested in free access to OnlyFans might actively search for available options, and stumble across the threat actors’ OnlyfansAccounts.zip. (SECURITYWEEK.COM)
Infostealer malware fuels corporate breaches from personal devices
Infostealer malware is no longer just a consumer nuisance it has become a direct bridge between personal device infections and full-scale enterprise breaches. Once these credentials are harvested and posted on dark web forums, attackers gain immediate footholds into corporate environments. A longstanding assumption in cybersecurity is that infostealers primarily target gamers downloading cracked software. While gaming-related lures still account for 43% of infections, the data shows a broader and more dangerous landscape. (GBHACKERS.COM)
Supply chain
GemStuffer abuses 150-plus RubyGems to exfiltrate scraped UK council portal data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. “The packages do not appear designed for mass developer compromise,” Socket said. “Many have little or no download activity, and the payloads are repetitive, noisy, and unusually self-contained.” (THEHACKERNEWS.COM)
Vulnerabilities
New Exim BDAT vulnerability exposes GnuTLS builds to potential code execution
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free vulnerability in Exim’s binary data transmission (BDAT) message body parsing when a TLS connection is handled by GnuTLS. (THEHACKERNEWS.COM)
Intel and AMD patch 70 vulnerabilities
Intel and AMD have released over two dozen advisories on May 2026 Patch Tuesday, addressing 70 vulnerabilities across their product portfolios. Intel published 13 advisories describing 24 security defects, including one critical and eight high-severity flaws. The critical bug, tracked as CVE-2026-20794 (CVSS score of 9.3), is described as a buffer overflow issue in the Data Center Graphics Driver for VMware ESXi software that could be exploited for privilege escalation and potentially for code execution. (SECURITYWEEK.COM)
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Fortinet has released security updates to address two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code on unpatched systems. The first one, tracked as CVE-2026-44277, impacts the company’s FortiAuthenticator Identity and Access Management (IAM) solution and was patched in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3. “An Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests,” Fortinet said in a Tuesday advisory. (BLEEPINGCOMPUTER.COM)
Microsoft fixes 17 critical flaws in May Patch Tuesday
Microsoft has published security updates to fix 120 CVEs in the May Patch Tuesday, 16 of which were discovered by a new multi-model agentic security system. The overall list included 17 critical vulnerabilities, 14 of which were classed as remote code execution (RCE), two were elevation of privilege (EoP) flaws and one was an information disclosure vulnerability. In total, the majority of the 120 CVEs listed were EoP (61), RCE (31) and information disclosure (14). (INFOSECURITY-MAGAZINE.COM)
Adobe closes over 50 vulnerabilities in After Effects & Co.
Attackers can exploit several security vulnerabilities in Adobe After Effects, Connect, and Premiere Pro, among others. In the worst case, this can lead to the execution of malicious code. Security patches are available. Currently, there are no indications of attacks in the software manufacturer’s security advisories. According to the classification, the most dangerous is a malicious code vulnerability (CVE-2026-34659, “critical”) in Connect. This allows attackers to execute malicious code. (HEISE.DE)
New security advisories from Siemens, Schneider, CISA
Only Siemens, Schneider Electric, CISA, and CERT@VDE have published new ICS security advisories for the May 2026 Patch Tuesday. Siemens has published 18 new security advisories, and several of them describe critical vulnerabilities. The company has addressed critical issues in Sentron 7KT PAC1261 Data Manager (device takeover), Simatic S7 PLC web server (XSS), Ruggedcom Rox (command execution as root, old vulnerabilities in third-party components), ROS# (arbitrary file access), Simatic CN4100 (over 300 third-party component flaws), and Opcenter RDnL (missing authentication). (SECURITYWEEK.COM)
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in Commerce Cloud and S/4HANA. Commerce Cloud is an enterprise-grade e-commerce platform used by online stores owned by large retailers and global brands, while S/4HANA is a cloud-based Enterprise Resource Planning (ERP) suite that will replace the company’s on-premises ECC ERP system. Tracked as CVE-2026-34263, the first critical flaw is a missing authentication check in SAP Commerce Cloud that allows unauthenticated attackers to execute code on vulnerable servers. (BLEEPINGCOMPUTER.COM)
Zoom rooms and workplace flaws expose users to elevated access attacks
A newly disclosed batch of vulnerabilities in Zoom’s software suite could give attackers the leverage they need to hijack systems. Zoom has released critical security updates to patch three distinct flaws affecting its Windows and iOS applications. The most dangerous of these vulnerabilities allows authenticated attackers to elevate their system privileges, effectively turning a standard user account into a high-level administrative threat. The first major flaw targets Zoom Rooms for Windows. Tracked as CVE-2026-30906, this high-severity vulnerability carries a CVSS base score of 7.8 out of 10. (GBHACKERS.COM)

ADVERSARIES
North Korea
Lazarus Group: The North Korean hacking syndicate’s on-chain footprint
The Lazarus Group is a North-Korean backed hacker group that has been responsible for a significant number of the largest exploits in the cryptocurrency space. The Lazarus Group started gaining mainstream attention through attacks such as the 2014 Sony Pictures hack and 2017 WannaCry ransomware attack. Eventually, the Lazarus Group realized that the cryptocurrency industry had more money on the table and was easier to exploit. The group began focusing on cryptocurrency hacks around 2017, and in 2025 were able to pull off the largest exploit the industry had ever seen. (INFO.ARKM.COM)
Ransomware
Ransomware sector reconsolidating as Qilin, LockBit, and The Gentlemen expand influence in Q1 2026
Check Point researchers disclosed ransomware ecosystem showed signs of consolidation in the first quarter of 2026 after a period of heavy fragmentation. The top 10 ransomware groups accounted for 71% of all victims recorded during the quarter, marking a sharp reversal from the fragmented landscape observed in the third quarter of 2025. The findings suggest that ransomware activity is once again concentrating around a smaller number of dominant operators. The research found that ransomware activity volumes remained historically high, even as overall growth began to stabilize. (INDUSTRIALCYBER.CO)
Russia
In Russian military parade meant to project power, analysts see ‘real vulnerability’
Russia’s Victory Day parade in Red Square over the weekend came and went without the usual accompaniment of high-end weapon systems and power projection that has long symbolized the annual event, as Moscow decided to scale back on both hardware and military personnel amid fears of a Ukrainian attack. While normally defense analysts use the parade to gauge Russian military and technical prowess, several told Breaking Defense that this year the lack of gear showed something else: Moscow’s implicit acknowledgement that Ukrainian capabilities remains a serious threat, more than four years since Russia’s invasion. One described it also as potentially a watershed moment in President Vladimir Putin’s declining grip on power, behind only the short-lived coup by Yevgeny Prigozhin, the former leader of the Wagner Group. (BREAKINGDEFENSE.COM)
Threat actors
Canvas hackers ShinyHunters say their official domain was suspended
The notorious hacking group ShinyHunters, recently linked to the large-scale compromise and defacement of Instructure’s Canvas LMS platform, claims its official clearnet domain has been suspended by the domain registry, fueling online speculation that the site may have been targeted following the group’s recent attacks. The issue surfaced on Monday, May 11, 2026, when the group’s public-facing domain, shinyhunte.rs, suddenly went offline. Soon after, rumors spread across underground forums and social media platforms suggesting the domain may have been seized by law enforcement agencies, including speculation about possible FBI involvement. (HACKREAD.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
The newest AI boom pitch: Host a mini data center at your home
Data centers may be coming to your neighborhood as side installations associated with new homes — and in exchange would offer subsidized electricity and Internet access along with backup batteries to homeowners. The company behind the plan has already begun pilot testing in preparation for a 100-home trial run this year. The “distributed data center solution” announced by the San Francisco startup SPAN would deploy thousands of XFRA nodes that contain liquid-cooled Nvidia RTX Pro 6000 Blackwell Server Edition GPUs operating with minimal noise, according to a press release. By harnessing excess power capacity among U.S. households, SPAN aims to quickly expand the available compute for AI workloads without the costs and delays associated with trying to build warehouse-sized data centers. (ARSTECHNICA.COM)
Mayorkas endorses ‘voluntary’ policies for tackling threats posed by advanced AI models
Alejandro Mayorkas, the Homeland Security chief during the Biden administration, encouraged the federal government to develop voluntary policies for tech companies to secure rapidly evolving artificial intelligence tools. “A voluntary paradigm combined with market forces could actually drive progress in safety and security that gets you where you need to go,” Mayorkas said during POLITICO’s Security Summit on Tuesday. “It’s a method of achieving progress, and I think we should hit the pedal on voluntary architecture while this debate is underway.” (POLITICO.COM)
In the age of AI, a new approach to public engagement
The state of California is gathering statewide input about AI technology — and using AI to turn that input into policy recommendations that could be implemented, a public engagement approach which could be an example for other governments. This is the third project using the Office of Data and Innovation (ODI)’s digital conversation platform, Engaged California, which was designed to enable discussions that could shape public policy. Its first pilot, in February 2025, focused on aiding victims of the L.A. wildfires that January. The second pilot involved gathering input from state workers about government efficiency. (GOVTECH.COM)
Defense
The Pentagon’s cyber rules leave MSPs as an attack vector
OPINION: At a time when China, Russia and criminal groups are increasingly targeting military supply chains, a narrow regulatory gap has created an attack vector adversaries can exploit to undermine national security. The Cybersecurity Maturity Model Certification (CMMC) program, which took effect in late 2025, is designed to protect those supply chains. By requiring contractors that handle Controlled Unclassified Information (CUI) to implement NIST SP 800-171 controls and undergo third-party verification, CMMC seeks to eliminate weak links across the Defense Industrial Base (DIB). But as CMMC shifts from regulation to real-world enforcement, a fundamental question looms: Who actually holds the keys to military contractor information systems? (NEXTGOV.COM)
AI-first professional military education: Validating the grade chain before the kill chain
OPINION: This article argues that reluctance to trust Artificial Intelligence (AI) for grading within Professional Military Education (PME) represents a critical failure to validate the core hypothesis of its own AI-first strategy. It posits that PME has a professional and moral obligation to serve as the proving ground for human-machine teaming, using the low-stakes “grade chain” to test and refine the AI agents and leader skills required for the high-consequence “kill chain.” (SMALLWARSJOURNAL.COM)
Drones
In Latvia, military robots roll across a new communication challenge: woodlands
In southeastern Latvia, roughly 180 kilometers (112 miles) away from the Russian border, multinational operators of cutting-edge robot-like vehicles are grappling with an inevitable force of nature: deep woodlands disrupting their communication links. From May 5-15, the Latvian-led NATO exercise Crystal Arrow is taking place here, during which the alliance is conducting large-scale testing of hundreds of unmanned ground vehicles at the brigade level for the first time. NATO’s Task Force X (TFX) selected European manufacturers to test their platforms under the Eastern Flank Deterrence Initiative, aimed at accelerating the adoption of new defense technologies. (BREAKINGDEFENSE.COM)
Drone boats make debut in Navy’s 30-year shipbuilding plan
The Navy’s new 30-year shipbuilding plan outlines an effort to buy 15 battleships by 2055, and reveals details about the 80-plus robot boats it aims to add within five years. “Our success will be measured by one metric: a larger, more capable fleet — manned and unmanned — ready to defend our homeland and project power globally,” Acting Navy Secretary Hung Cao said in the report’s foreword. The fiscal year 2027 update of the plan, released Monday, adds new details on the Navy’s vision for a 450-vessel fleet by 2031, including 299 warships, 68 auxiliary ships, and 83 unmanned vessels, which would likely include medium unmanned surface vessels and extra large unmanned underwater vessels. (DEFENSEONE.COM)
Energy
SPP, PJM, CAISO anticipate being able to meet power demand this summer
Although their regions might see hotter-than-average temperature days over the summer, the Southwest Power Pool, California Independent System Operator and PJM Interconnection project that they have enough power supplies to meet electricity demand, according to recent releases from those organizations. PJM said in a May 7 release that although the National Weather Service is forecasting “hotter-than-normal conditions this summer in the PJM region’s mid-Atlantic and southern states, as well as West Virginia, Kentucky and Tennessee,” it should have adequate reserves to maintain reliability. The RTO said it expects energy demand to peak around 156 GW over the summer, but has 182 GW of capacity ready, along with 7.8 GW of contracted demand response. (UTILITYDIVE.COM)
Health care
NHS England confirms: Palantir staff can access patient data
The National Health Service in England has confirmed it is allowing staff from Palantir access to patient data following a change in policy. The US spy-tech firm provides the technology for the Federated Data Platform (FDP), under a £330 million ($446 million) contract it won in 2023. The system is designed to improve data sharing across the NHS in England and help the state healthcare provider recover from the pandemic backlog. Under previously agreed rules, Palantir staff working on the FDP could only access the National Data Integration Tenant (NDIT), a data repository for patient data before it is transferred to the “pseudonymized” analytics system, if they apply to access for specific data sets. (THEREGISTER.COM)
IT modernization
DOT advisor urges ‘lift-and-shift’ path to modernize legacy systems without downtime
A senior technology advisor at the Department of Transportation is urging federal agencies to prioritize “lift-and-shift” strategies and tighter collaboration between developers and program staff to modernize legacy IT systems without disrupting mission operations. Speaking during a Red Hat Government Symposium session, Anil “Neil” Chaudhry, senior advisor for artificial intelligence (AI) at the Department of Transportation, said agencies can accelerate infrastructure overhauls by focusing first on foundational platforms and deferring application-level changes until systems are stabilized in modern environments. (MERITALK.COM)
Spyware
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first. The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it out. “The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigations into sophisticated attacks on Android devices,” Amnesty International said in a Tuesday technical briefing. “This is the first time a major device vendor has released a feature specifically to enhance the ability to forensically detect and respond to advanced digital threats.” (CYBERSCOOP.COM)
LEGISLATIVE UPDATES
Anthropic to brief House Homeland Security panel about Mythos in closed-door meeting
The House Committee on Homeland Security will host Anthropic for a closed-door briefing on its Mythos cybersecurity model on Wednesday, as fears grow in Washington about the safety risks of artificial intelligence. A source familiar with Wednesday’s meeting confirmed it to The Hill, stating that the briefing will focus on the “capabilities, national security implications and policy considerations” around Mythos. This marks at least the second briefing in as many weeks that Homeland Security lawmakers have been planning with Anthropic after the limited release of Mythos sent shockwaves through Washington. (THEHILL.COM)
ALSO: ‘It would be insane’ for spy agencies to not have AI model early access, lawmaker says (NEXTGOV.COM)
Congress investigates Canvas breach as company pays ransom
Congress has summoned education tech firm Instructure’s CEO Steve Daly to the Hill to explain how digital thieves breached its Canvas online platform twice within two weeks. In a letter sent to the digital learning giant late Monday – around the same time Instructure said it had reached an “agreement” with extortion crew ShinyHunters – the House Homeland Security Committee “requested” that Daly or a “senior representative” schedule a briefing with the committee as part of its investigation into the hacks. (THEREGISTER.COM)
Lawmakers propose to establish AI guardrails for VA in FY27 funding
The House Rules Committee is set to hold a hearing on the VA funding proposal and proposed amendments Tuesday afternoon. The FY27 funding package passed out of the House Appropriations Committee last month. Separate proposals offered by Reps. Paul Gosar (R-Ariz.) and James Walkinshaw (D-Va.) specifically call for additional oversight of VA’s uses of AI to ensure they are being deployed appropriately. Although both proposed amendments may not make it into the final funding package voted on by the full House, they signal lingering lawmaker unease about the VA’s use of the emerging capabilities to augment department operations. (NEXTGOV.COM)
Hegseth, Caine encounter intense bipartisan frustration with Iran war
Defense Secretary Pete Hegseth faced intense scrutiny from members of Congress on Tuesday over the Trump administration’s handling of the Iran war, as lawmakers from both parties pressed him to clarify the Pentagon’s plan to cover the conflict’s rising costs and reopen the Strait of Hormuz. His testimony alongside Gen. Dan Caine, chairman of the Joint Chiefs of Staff, marks the senior Pentagon officials’ last scheduled appearance before Congress to defend the administration’s record $1.45 trillion defense budget proposal. They spoke first with the House panel on defense spending before meeting with Senate appropriators. (WASHINGTONPOST.COM)
House Foreign Affairs Committee considers proposals to speed up U.S. weapons exports
Several bills slated for markup Wednesday by lawmakers on the House Foreign Affairs Committee include provisions that aim to make American defense products easier, faster, or more enticing for foreign partners to purchase. Senior committee staff previewed the newly proposed foreign military sales and financing reforms on a call with a small group of reporters Tuesday. Allies’ ability to buy American-made military equipment and related assets have historically faced challenges associated with lagging administrative processes and bureaucracy. The second Trump administration aims to change that, along with lawmakers on Capitol Hill. (DEFENSESCOOP.COM)
COMMITTEE ACTIVITY
ENERGY: The House Energy and Commerce Subcommittee on Energy will hold a May 13 hearing on transmission permitting.
NUCLEAR: The Senate Armed Services Committee will hold a May 13 hearing to examine the Department of Energy and National Nuclear Security Administration’s atomic energy defense activities.
SOCIAL MEDIA: The Senate Judiciary Subcommittee on Privacy, Technology and the Law will hold a May 13 hearing on why landmark social media verdicts demand federal action to protect kids online.
DEFENSE S&T: The House Armed Services Subcommittee on Cyber, Information Technologies and Innovation will hold a May 13 hearing on the Department of Defense’s science and technology (S&T), artificial intelligence (AI) and innovation enterprise.
CYBER OPS: The Senate Armed Services Subcommittee on Cybersecurity will receive a closed briefing May 13 on cyber operations and readiness for the fourth quarter of fiscal year 2025 and the first quarter of fiscal year 2026.
ALERTS AND ADVISORIES
Cross-sector alert on copper wire theft from electric vehicle charging stations
Electric vehicle (EV) charging station wires are made with copper, making the cables a target for thieves who want to sell the copper wires for profit. The damage to EV charging stations from copper wire theft is costly to repair and, when experienced at a large scale, can threaten public safety and disrupt transportation, energy systems, and other critical infrastructure. This Cross-Sector Alert provides information on the safety concerns with a damaged EV charging station and how to identify and respond to copper wire theft from EV charging stations. The alert is for law enforcement, first responders, recycling centers, and other entities that work with EV charging stations. (CISA.GOV)
Software bill of materials for AI – minimum elements
A software bill of materials (SBOM) acts as an “ingredients list” for software that better positions organizations to understand their supply chains and make risk-informed decisions about how to protect their critical systems. The guidance builds on CISA’s previous work with federal and international partners to establish a shared vision for a software bill of materials and provides recommendations on minimum elements that should be included in an SBOM for AI. Because AI systems are software systems, these recommendations should be considered in addition to the general minimum elements for an SBOM. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”
ENERGY: The grid was historically planned by utilities and regulators and financed by ratepayers. Now, rapid load growth from data centers, electrification, and reshored manufacturing has large customers stuck in interconnection queues and pushing for reform. Join the CSIS Energy Security and Climate Change Program on May 15 for a conversation with Travis Fisher and Daniel Palken on competing visions of the U.S. power grid and its policy future.
RUSSIA: Russia’s growing influence and engagement in Africa is a significant and often overlooked dimension of global great power competition. Join the Center for a New American Security (CNAS) on May 18 for a virtual panel discussion on this topic to mark the release of a new report, Beyond the Sahel: Russia’s Toolbox for Influence in Africa, by Kate Johnston and Valeria Allende, with Isabel Dlabach. This report looks at Russia’s activities in key states in Africa—Egypt, Ethiopia, Nigeria, and South Africa.
SECURITY POLICY: Congressman Michael McCaul has been at the center of Congress’s foreign policy debates over the past two decades, first as chairman of the House Homeland Security Committee and later as the chairman of the House Foreign Affairs Committee. As Chairman Emeritus McCaul prepares to leave Congress and begin a new chapter of his service to the nation, please join Mariano-Florentino (Tino) Cuéllar, president of the Carnegie Endowment for International Peace, for a May 20 conversation with the congressman reflecting on his legacy on Capitol Hill, his views on the future of American global leadership, and the lessons that his career offers to the next generation of policymakers.
AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS