Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – May 15, 2026


Cyber Briefing

TODAY’S TOP 5

DIRECTOR’S NOTE: Read here

AI DRIVES NEW DEBATE AROUND CISA PATCHING DEADLINES: Growing concerns about artificial intelligence-driven cyber attacks are driving new debates around how quickly organizations should patch software vulnerabilities, including whether federal agencies should be required to meet patch deadlines in days rather than weeks, Federal News Network reports. Cyber experts say faster patching will be needed in many cases, especially considering recent advancements in AI. But many also say shortening deadlines is unlikely, by itself, to drive speedier remediation and could have the reverse effect in some cases. In response to Anthropic’s Claude Mythos preview, Trump administration leaders have reportedly considered cutting the standard deadline for agencies to patch Common Vulnerabilities and Exposures (CVEs) that are posted to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog.

  • The U.S. can talk to China about artificial intelligence because “we are in the lead,” U.S. Treasury Secretary Scott Bessent told CNBC, as the countries unveiled their intention to develop a protocol on best practices for the rapidly improving technology. “The two AI superpowers are going to start talking. We’re going to set up a protocol in terms of how do we go forward with best practices for AI to make sure nonstate actors don’t get a hold of these models,” Bessent said on the sidelines of President Donald Trump’s two-day meeting in Beijing with Chinese President Xi Jinping.
  • When Jensen Huang, Nvidia’s chief executive, joined the group of American business leaders traveling with Trump to Beijing at the last minute this week, many took it as a sign that progress was in store for the company’s long-stalled sales in China. But as the summit between Trump and Xi wrapped up today, the fate of Nvidia’s artificial intelligence chips in China was no clearer than it had been before, The New York Times reports.

IDENTITY SECURITY EXPECTED TO DO THE MOST DAMAGE: As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday, CyberScoop reports. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI models will present unique threats to federal networks, they will still generally require trusted access first, something defenders can use to their advantage. “I think the important thing is that in many cases in order to use and exploit the vulnerabilities that [AI] might find, or use them in a manner…that could be malicious or adversarial, the first thing you have to do is get into the network,” Polk said at the Rubrik Public Sector Summit presented by FedScoop.

  • Advanced artificial intelligence models will “fundamentally change warfare as we know it,” a top cyber official at the Defense Department said Thursday, saying it represents “not evolutionary warfare, but revolutionary warfare.” Paul Lyons, principal deputy assistant secretary for cyber policy, said the development of frontier AI models like Mythos amounted to a “watershed moment,” CyberScoop reports. Such models will “change both offense and defensive posture within the Department of War to something that’s close to you for critical infrastructure,” he said. “This is the ability to hunt and speed across the domain and outside the fence line in critical dependencies with water, power, compute.”
  • The State Department is exploring how to use artificial intelligence agents to speed up its work, an agency official said at the Rubrik event, FedScoop reports. Ray Romano, deputy assistant director of State’s Cyber Threat and Investigations division, said that the agency is moving forward with its pursuit of agentic AI to sort through malware quickly as the agency’s use case inventory grows. “It’s one example of what we’re doing to understand that that is going to be the future,” he said.

‘UNPRECEDENTED THREAT’ AT ALABAMA DAM: A routine dive repair at a federally recognized Alabama dam led to an unexpected discovery as divers found a hidden explosive device Tuesday, according to the Mobile Area Water and Sewer System, AL.com reports. After the grenade type-IED was located at the Converse Reservoir dam, MAWSS contacted the Mobile County Sheriff’s Office, which facilitated a multi-agency response to retrieve and detonate the explosive. The Gulf Coast Regional Maritime Response and Render-Safe Team performed a successful retrieval and detonation of the IED. “Our top priority is keeping your drinking water safe,” Bud McCrory, MAWSS director, said. “This is an unprecedented threat, and we are fortunate that this device was discovered before it could cause serious damage to our water supply or harm to individuals.”

MANUFACTURING TARGETED IN OT ATTACK SURGE: Attacks on operational technology (OT) are surging, according to new research, with industrial organizations the biggest target of ransomware in every single month over the last year, IT Pro reports. According to a new analysis from cyber security firm NCC Group, in the 12 months to March 2026, industrial organizations experienced 2,073 ransomware attacks, accounting for 30% of all ransomware activity. Manufacturers of capital goods such as machine equipment and infrastructure were particularly hard-hit, accounting for 1,192 attacks. Within this industry, machinery was the most-targeted sub-sector, with 442 attacks, followed by construction and engineering with 394.

THE THREAT OF SINO-RUSSIAN OPPORTUNISM AND INTELLIGENCE MISCALCULATION: As Washington’s attention continues to be diverted with an Iran unwilling to come to a comprehensive peace, a more dangerous question lurks in the strategic shadows: what if America’s most daunting rivals, one of whom is already at war, and the other not, decide to act with what they see as a historic imperative to change the global order? A Russian attack, for instance, against the Baltics and a move against Taiwan might not require a secret Sino-Russian war plan — only the same strategic conclusion in Moscow and Beijing that the moment is ripe, Sean Wiswesser writes at The Cipher Brief. In such a scenario, would Russia and China share intelligence, coordinate contingency planning, or align potential operational timelines? Or is the greater risk something subtler: parallel opportunism fueled by intelligence miscalculation about U.S. resolve and capacity. These questions are no longer theoretical. However, the debate and war games are often focused on the wrong factor: whether Beijing and Moscow would officially coordinate an attack on the U.S. or its allies. History suggests a more unsettling possibility. 

              OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
              WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

              CYBER FOCUS PODCAST

              (Watch on YouTube or click the player above)

              Cyber defense is entering a machine-speed era. With Mythos and Project Glasswing bringing AI-driven vulnerability discovery and exploit development into the center of the cyber conversation, CrowdStrike’s Drew Bagley says organizations need to prepare for a world where vulnerabilities can be found, chained and exploited faster than traditional patching cycles can handle. Bagley joins Frank Cilluffo on the latest episode of Cyber Focus to explain why this shift is not just about one model, one company or one headline-grabbing project. It points to a broader change in how attackers and defenders will operate: exploit stacks may make once-latent vulnerabilities newly dangerous, critical infrastructure operators may face risks they cannot patch away and unmanaged AI agents inside organizations may become another source of exposure. The answer, Bagley argues, is not panic or patching alone, but continuous discovery, continuous remediation, visibility across the kill chain, AI-powered defense and resilience planning built for a world moving faster than human-speed cyber.

              SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

              CYBER AND CI UPDATES

              ATTACKS AND INCIDENTS

              Biothreats

              CDC monitoring 41 people for hantavirus, no reported cases

              Federal health officials said they are monitoring 41 people in the U.S. for hantavirus but are not going to impose any movement restrictions on them. David Fitter, incident manager for the Centers for Disease Control and Prevention’s (CDC) hantavirus response, told reporters Thursday there no hantavirus cases in the U.S. Most of the affected people have been advised to remain at home and avoid contact with others during a 42-day monitoring period, Fitter said. (THEHILL.COM)

              Commercial

              Hospitality IT provider allegedly breached by Qilin

              Bluize is an IT supplier of hospitality solutions for pubs, bars, restaurants, and gaming venues. They provide venue management systems, point-of-sale software and more. The company was listed on the dark web leak site of the Qilin ransomware gang on Wednesday; however, the threat group did not provide details of the incident, with the listing lacking any information or sample data. (CYBERDAILY.AU)

              Government

              Surfside Beach, S.C., loses over $500K in cyber scam, state authorities investigating

              A small Horry County beach town lost more than $545,000 in a cyber scam and the State Law Enforcement Division is now investigating the theft, according to public records and officials. Surfside Beach sent a payment of $545,598.30 to what town officials believed was the North Carolina construction firm Wildcat Contractors, Inc., on March 13 for work it had completed, according to town records. But the company says it never received the payment. Officials now believe the money went to an account of someone posing as the contractor. (POSTANDCOURIER.COM)

              Tactics

              KongTuke hackers now use Microsoft Teams for corporate breaches

              Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. The threat actor tricks users into pasting a PowerShell command that ultimately delivers the ModeloRAT, which has been previously seen in ClickFix attacks. Initial access brokers (IAB) like KongTuke typically sell company network access to ransomware operators, who use it to deploy file-theft and data-encrypting malware. (BLEEPINGCOMPUTER.COM)

              WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

              THREATS

              Phishing

              FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

              A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an escalation in phishing-kit sophistication that could make attacks harder for traditional email and static-analysis tools to detect. Researchers at Sublime Security said in April that they identified the campaign, which used KrakVM, an open-source JavaScript virtual machine recently published on GitHub, to obfuscate malicious code delivered via HTML attachments in phishing emails. (CSOONLINE.COM)

              Tycoon 2FA operators use OAuth device code phishing to bypass MFA

              A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol disrupted Tycoon 2FA infrastructure. Despite that operation, the actors have quickly adapted, reusing their existing kit while shifting to a more advanced, stealthier attack method. (GBHACKERS.COM)

              Scams

              From phishing to porn star impersonators: how scamming athletes became a billion-dollar industry

              With exorbitant ticket, travel and hotel prices making fans desperate to find an affordable way of attending this summer’s World Cup, it’s no surprise that security firms and law enforcement agencies are warning that fans are at significant risk of becoming fraud victims. While major tournaments are moments of heightened vulnerability for supporters, players themselves are increasingly attractive year-round targets for cybercriminals who can use AI to mount ever more sophisticated attacks. (THEGUARDIAN.COM)

              Supply chains

              TeamPCP and BreachForums launch $1,000 contest for supply chain attacks

              A cybercrime operation is turning software supply chain attacks into a public competition. TeamPCP, in collaboration with BreachForums operators, has launched a $1,000 contest that rewards hackers for compromising open-source packages, and the implications stretch far beyond the prize money. The campaign, first highlighted by Dark Web Informer, was announced on BreachForums by an account believed to be the forum’s owner. Participants must use a tool called “Shai-Hulud” to compromise open-source packages and submit proof of access alongside their forum identity. (CYBERPRESS.ORG)

              Transportation

              Taiwan incident highlights cybersecurity gaps in rail systems

              While few details have been reported, the compromise may have been simple — a voice or text that announced an emergency situation, says Wouter Bokslag, a founding partner of Dutch cybersecurity consultancy Midnight Blue, which has studied vulnerabilities in emergency radio systems. THSR reportedly used the emergency radio protocol known as Terrestrial Trunked Radio (TETRA), which can be secure, if set up correctly and maintained assiduously, but is also easy to leave in an insecure configuration, he says. (DARKREADING.COM)

              Vulnerabilities

              Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

              Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. CVE-2026-20182 has a maximum severity of 10.0 and impacts Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager in on-prem and SD-WAN Cloud deployments. In an advisory, Cisco said the issue stems from a peering authentication mechanism that “is not working properly.” (BLEEPINGCOMPUTER.COM)

              On-prem Microsoft Exchange server CVE-2026-42897 exploited via crafted email

              Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. “Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network,” the tech giant said in a Thursday advisory. (THEHACKERNEWS.COM)

              Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

              Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused analytics plugin active on 200,000 WordPress sites and marketed as a lightweight alternative to Google Analytics. The flaw, tracked as CVE-2026-8181, was introduced on April 23 with the release of version 3.4.0 of the plugin. The vulnerable code was also present in the following iteration, version 3.4.1. (BLEEPINGCOMPUTER.COM)

              ADVERSARIES

              China

              China-linked hackers deploy new TencShell malware against global manufacturer

              An undocumented malware implant suspected to be associated with a China-linked actor has been identified by researchers at Cato Networks’ Cyber Threats Research Lab (CTRL). Their discovery was made when they responded to an intrusion attempt affecting the Indian branch of an unnamed global manufacturing customer with multiple regional sites in April 2026. While the Cato CTRL team managed to block the intrusion, they also identified suspicious traffic associated with a third-party user connected to the customer environment. The attack chain used a first-stage dropper, Donut shellcode, a masqueraded .woff web-font resource, memory injection and web-like command-and-control (C2) communication. (INFOSECURITY-MAGAZINE.COM)

              Iran

              FBI offers $200,000 for information on former Air Force intelligence specialist charged with spying for Iran

              The FBI is offering $200,000 for information that could lead to the arrest of a former Air Force intelligence specialist who was charged in 2019 with spying for Iran. In an announcement Thursday, the FBI said it is still trying to locate Monica Witt, who it believes defected to Iran in 2013. The agency said it believes she “likely continues to support (Iran’s) nefarious activities.” The FBI “has not forgotten and believes that during this critical moment in Iran’s history, there is someone who knows something about her whereabouts,” Daniel Wierzbicki, special agent in charge of the FBI Washington Field Office’s Counterintelligence and Cyber Division, said a statement, likely referring to the US’ ongoing tensions with Iran. (CNN.COM)

              North Korea

              North Korean hackers pose as police in spear phishing attacks

              A North Korean hacking group linked to the country’s military intelligence agency has posed as police investigators, defense officials and North Korea experts in spear phishing attacks targeting South Korean security and policy figures, a cybersecurity company said Thursday. Genians, a South Korean information security company, said it detected cyberattacks suspected of being linked to APT37, a North Korea-backed hacking group associated with the Reconnaissance General Bureau. (UPI.COM)

              Russia

              Putin’s parade projected weakness but he is now more dangerous than ever

              OPINION: Since taking office in 2000, Russian President Vladimir Putin has transformed the country’s Victory Day celebrations into the most important holiday of the year. During the Soviet era, Victory Day had been a solemn occasion marking the defeat of Nazi Germany, with only four military parades held between 1945 and the collapse of the USSR in 1991. Under Putin, the Victory Day parade has become an annual affair that dominates the Kremlin calendar and is used to demonstrate modern Russia’s resurgence as a major military power. This helps explain why last week’s muted celebrations in Moscow attracted so much international attention. Unlike previous years, the 2026 parade was dramatically scaled down and featured no military hardware at all amid reports of concerns about possible Ukrainian drone strikes. The downgraded holiday was preceded by days of wrangling over a possible Victory Day ceasefire, with Putin seeking President Donald Trump’s help to secure Kyiv’s backing for a temporary pause in hostilities. (ATLANTICCOUNCIL.ORG)

              GOVERNMENT AND INDUSTRY

              Artificial intelligence

              Pope decries the rise of AI-directed warfare, saying it leads to a spiral of annihilation

              Pope Leo XIV on Thursday denounced how investments in artificial intelligence and high-tech weaponry were leading the world into a “spiral of annihilation,” as he called for peace in the Middle East and Ukraine during a visit to Europe’s largest university. He called for better monitoring of how AI was being developed and used in military and civilian contexts “so that it does not absolve humans of responsibility for their choices and does not exacerbate the tragedy of conflicts.” (APNEWS.COM)

              ALSO: The pope’s encyclical on artificial intelligence is coming (OSVNEWS.COM)

              Defense

              Air Force readiness: Actions needed to address depot maintenance delays and staffing challenges

              Three Air Force aviation depots maintain critical aircraft, such as the F-16 fighter and C-17 cargo transport. But maintenance delays are increasing—reducing aircraft availability for operations and training. Also, the Air Force’s method for tracking target completion dates of the maintenance process does not fully reflect delays, including the extent of unplanned work discovered during maintenance. The Air Force is also competing with the private sector to staff essential aircraft maintenance jobs, including engineers and mechanics. (GAO.GOV)

              Army holds first Cybersecurity Summit at Fort Bragg with local partners

              Local and federal leaders gathered Thursday at Fort Bragg for the U.S. Army’s first Defense Critical Infrastructure Summit, focusing on strengthening cybersecurity through local partnerships and technological innovation. The summit brought together 14 agencies, including representatives from Duke Energy, Fayetteville Technical Community College (FTCC), and various military and civilian organizations. The goal: to develop integrated strategies to protect the nation’s critical infrastructure and ensure the Army can continue operating amid cyberattacks and emerging threats. (ABC11.COM)

              DoD civilian workforce losses strain military installation operations

              The Pentagon’s deferred resignation program and other civilian workforce reduction efforts have led to staffing shortages in critical installation support roles, which have caused cost increases, inadequate oversight of installation projects and contributed to delays in project design and execution. “My staff and subcommittee staff have been inspecting and visiting installations across Georgia this year. We pretty consistently heard that as a result of the deferred resignation program and the reduction in the civilian workforce, there have been serious losses in engineering, in housing oversight, service member support, facilities maintenance, property management,” Sen. Jon Ossoff (D-Ga.) said during the Senate Appropriations Subcommittee hearing. (FEDERALNEWSNETWORK.COM)

              Drones

              Near Russian border, NATO grapples with ground robots in combat

              Exercising in Latvia’s dense pine and birch forests this week, local troops found themselves in an unfair fight against a new enemy: unmanned ground vehicles. As NATO tries to keep pace with fast-changing drone warfare, the alliance used Latvia’s Crystal Arrow exercise to test unmanned ground combat, equipping opposing forces with wheeled robots. The systems gave the red team an element of surprise over a blue team relying only on aerial drones, said Lt. Col. Andris Brūveris, the Latvian battalion commander leading the opposing side. (DEFNSENEWS.COM)

              Army flexes additive manufacturing capabilities during Flytrap counter-drone exercise

              A major counter-drone exercise taking place in Europe this month has demonstrated U.S. soldiers’ additive manufacturing prowess, according to an officer involved in the experimentation and training event. The effort, dubbed Flytrap 5.0, is being held at Pabradė Training Area in Lithuania, May 1-15. Led by the American Army’s V Corps, it involves the 2nd Cavalry Regiment; 10th Army Air and Missile Defense Command; 5th Battalion, 4th Air Defense Artillery Regiment; the United Kingdom’s 3rd Battalion, Parachute Regiment; and other allies and industry partners. (DEFENSESCOOP.COM)

              South Korea’s 500,000 drone warriors will be a hollow force

              OPINION: Ukraine has reshaped the battlefield with cheap, expendable drones. South Korea reads the signals and wants to match the scale. North Korea has been reading the same signals through a more direct channel. Since late 2024, North Korea has rotated thousands of troops through Russia’s war in Ukraine, alongside what is currently the world’s most combat tested drone force — tied with Ukraine’s, of course. Ukrainian defense intelligence reports that some of those troops have begun returning home and moving into instructor roles within the North Korean military. What exactly they are bringing back is harder to pin down from the outside, and reasonable people will disagree on what counts as modern warfare. But it is hard to argue that they are returning with nothing. (WARONTHEROCKS.COM)

              Elections

              ODNI assigns two officials to lead intelligence coordination on election threats

              Dave Mastro and James Cangialosi will jointly oversee the intelligence community’s election threat mission, serving in the role of election threats executive. Both sources requested anonymity to communicate the appointments. Mastro serves on the National Intelligence Council, which produces intelligence assessments drawn from findings across the nation’s spy agencies, including reports requested by Congress and senior policymakers. Cangialosi serves as deputy director of the National Counterintelligence and Security Center. (NEXTGOV.COM)

              Energy

              The world is burning through its oil safety net

              An underappreciated surplus of crude oil, sloshing around storage tanks and aboard ships, cushioned the global economy when the Persian Gulf closed 2½ months ago. That excess supply is now dwindling at a record pace, with oil executives and analysts predicting that a harsh reckoning is set to upend the relative calm in energy markets. Acute shortages of key fuels and soaring prices could emerge within weeks if the Strait of Hormuz remains shut. The drawdown in private storage and government strategic reserves along with a fall in demand due to the higher prices, has bought time and prevented oil prices from exploding. But it has left little margin for error in the months ahead. (WSJ.COM)

              Nuclear

              Nuclear-powered AI: The risks of deregulation

              OPINION: Incorporating solar and wind energy in hybrid systems could provide an attractive solution to both problems, but the Trump administration has declared all-out war on renewable energy, taking a range of actions to stymie its development. The administration has instead embraced nuclear—particularly new-generation small modular nuclear reactors (SMRs) situated near data centers—as the optimal means to bolster energy generation for our expanding AI universe. This move has considerable appeal, particularly for those concerned about the climate change crisis and interested in cleaner alternatives to fossil fuels. But the manner and speed with which it is being developed raises serious legal and policy concerns. (JUSTSECURITY.ORG)

              Space

              CBO’s $1.2 trillion Golden Dome estimate based on bad data: Guetlein

              The Pentagon’s Golden Dome czar Gen. Michael Guetlein today pushed back at the Congressional Budget Office’s estimate that the program could cost up to $1.2 trillion over 20 years ― asserting that the assessment was based on old technology and incorrect assumptions about the planned architecture. “They’re not estimating what we’re building. It’s as simple as that,” he said. “They’re not necessarily wrong, but they take legacy capabilities, they take technology from the two early 2000-2004 reports, etc., and then they just multiply that forward by the geography of the [homeland].” Last month, Guetlein told lawmakers the cost to stand up Golden Dome would come in around $185 billion. (BREAKINGDEFENSE.COM)

              Transportation

              FAA claims victory in first phase of NOTAM overhaul

              The Federal Aviation Administration (FAA) said this week it completed the first phase of a major overhaul of the nation’s Notices to Airmen (NOTAM) system, marking an early milestone in a modernization effort that officials say will help prevent nationwide airspace shutdowns, improve safety, and strengthen communications with pilots. Transportation Secretary Sean Duffy announced the milestone on May 12, saying the agency finished phase one of the project more than a year ahead of a timeline set during the Biden administration. (MERITALK.COM)

              UAP

              ‘Data alone is not disclosure’: UAP research community reacts to Trump’s first PURSUE file drop

              On May 8, the Trump administration released pixelated imagery of strange, seemingly out-of-this-world objects and official reports by military pilots and other U.S. personnel about metallic spheres, flying discs and glowing orbs, via its first trove of interagency declassified “unidentified anomalous phenomena” files. This highly anticipated records-drop follows a dedicated, yearslong public campaign led by veterans, former defense officials, researchers and other experts to force the disclosure of government-held UAP data. Six officials deeply involved in that work told DefenseScoop this week that this first tranche of media published under the new Presidential Unsealing and Reporting System for UAP Encounters (PURSUE) project marks a historic — yet incomplete — step towards government transparency. (DEFENSESCOOP.COM)

              LEGISLATIVE UPDATES

              House barely rejects limits on Iran war as GOP defections grow

              The House narrowly rejected a fresh effort to restrict President Donald Trump’s war powers on Thursday, despite increased defections from Republicans as the Iran war drags on. The 212-212 tie vote saw three Republicans side with Democrats to support war powers legislation, another sign of unrest in the GOP as the unpopular war stretches on and skyrocketing gas prices weigh on Trump’s party less than six months out from the midterm elections. (POLITICO.COM)

              Takeaways from the House Energy-Water spending bill

              The House’s new funding bill for federal energy and water programs lays out congressional Republicans’ vision for a retooled Department of Energy — one more focused on nuclear weapons, artificial intelligence and computing than ever before. The fiscal 2027 Energy-Water bill, unveiled Thursday, outlines the GOP majority’s spending plans for DOE, the Army Corps of Engineers and a number of independent agencies and commissions. The legislation leans into the Trump administration’s budget request, but it rejects some of the steepest cuts the White House proposed last month, including for Democratic priorities like renewable energy. (EENEWS.NET)

              House panel approves slate of DHS intelligence reform bills

              The House Homeland Security Committee advanced a raft of bills on Thursday seeking to refine the Homeland Security Department’s Office of Intelligence and Analysis and improve its ability to defend against various threats targeting state, local, tribal and territorial communities. The seven bipartisan bills mark Congress’ latest attempt to shore up the intelligence office after a year of workforce upheaval and longstanding bipartisan pressure for reforms tied to concerns over politicization and surveillance overreach. (NEXTGOV.COM)

              Senate panel advances key crypto bill with bipartisan support

              A cryptocurrency regulation bill advanced out of the Senate Banking Committee on Thursday, clearing a key hurdle with the support of a pair of Democrats following a last-minute bipartisan push. The Senate panel voted 15-9 to send the Clarity Act to the floor, with Sens. Ruben Gallego (D-Ariz.) and Angela Alsobrooks (D-Md.) joining their GOP colleagues to advance the measure. The vote marked a major step forward for the bill, which has faced a long and winding path through the Senate over the past year. (THEHILL.COM)

              ALERTS AND ADVISORIES

              CISA adds one known exploited vulnerability to catalog

              CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

              Events

              TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

              ENERGY: The grid was historically planned by utilities and regulators and financed by ratepayers. Now, rapid load growth from data centers, electrification, and reshored manufacturing has large customers stuck in interconnection queues and pushing for reform. Join the CSIS Energy Security and Climate Change Program on May 15 for a conversation with Travis Fisher and Daniel Palken on competing visions of the U.S. power grid and its policy future.

              RUSSIA: Russia’s growing influence and engagement in Africa is a significant and often overlooked dimension of global great power competition. Join the Center for a New American Security (CNAS) on May 18 for a virtual panel discussion on this topic to mark the release of a new report, Beyond the Sahel: Russia’s Toolbox for Influence in Africa, by Kate Johnston and Valeria Allende, with Isabel Dlabach. This report looks at Russia’s activities in key states in Africa—Egypt, Ethiopia, Nigeria, and South Africa. 

              SECURITY POLICY: Congressman Michael McCaul has been at the center of Congress’s foreign policy debates over the past two decades, first as chairman of the House Homeland Security Committee and later as the chairman of the House Foreign Affairs Committee. As Chairman Emeritus McCaul prepares to leave Congress and begin a new chapter of his service to the nation, please join Mariano-Florentino (Tino) Cuéllar, president of the Carnegie Endowment for International Peace, for a May 20 conversation with the congressman reflecting on his legacy on Capitol Hill, his views on the future of American global leadership, and the lessons that his career offers to the next generation of policymakers.

              AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.

              BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.


              FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

              SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

              SUBMIT A TIP

              Click to listen highlighted text!