Cyber Briefing – May 18, 2026
TODAY’S TOP 5
HACKERS ADD PAIN AT THE PUMP: U.S. officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity, CNN reports. The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them in some cases to tinker with display readings on the tanks but not the actual levels of fuel in them, the sources said. The cyber intrusions are not known to have caused physical damage or harm, but the breaches have raised safety concerns because gaining access to an ATG could, in theory, allow a hacker to make a gas leak go undetected, according to private experts and U.S. officials.
- As the American and Israeli campaign against Iran enters its second phase of hostilities, Western analysts have been quick to catalog the visible actors: the bunker-busters delivered by B-2s, Iran’s ballistic retaliation, the Shahed drones reprogrammed with Russian assistance, and the tolls exacted on a Strait of Hormuz effectively closed to hostile shipping. Conspicuously absent in most of these assessments is the actor likely to walk away with the largest structural gains. While Moscow’s fingerprints are on satellite imagery shared with the Islamic Revolutionary Guard Corps, and its hand is visible in upgraded drone guidance kits, Beijing has played a quieter, more patient, and ultimately more rewarding game. The People’s Republic has extracted from this war a combination of energy leverage, monetary ambition, operational intelligence and diplomatic capital that neither a direct intervention nor a conspicuous airlift could have secured, Tahir Azad writes at Small Wars Journal. The gains are asymmetric, deliberately understated and — as regional chanceries in Riyadh, Abu Dhabi, Ankara and Islamabad now recognize — substantially larger than the public record suggests.
- After weeks of fighting, the Iran war has already generated a stream of claims about its significance. Some commentators have labeled it the world’s “first AI war,” arguing that for the United States and Israel, artificial intelligence has moved from a supporting role to the center of the battlefield. Others have focused on Iran’s ability to wage an asymmetric campaign against a far stronger opponent by using cheap drone and missile strikes against economically vital targets, thereby raising the costs of continued fighting. They suggest that Tehran’s strategy offers a playbook for weaker states confronting powerful militaries such as the United States. These assertions aren’t wrong, but it’s important to place them in context. AI warfare didn’t start with the Iran war, Steve Feldstein writes at the Carnegie Endowment for International Peace.
MYTHOS IN ADVERSARIES’ MILITARY ARSENALS: We’re seeing a shift in how frontier large language models like Claude’s Mythos can identify, sequence and act on vulnerabilities. For commanders, this widening gap matters less as a technical problem than as an operational condition. It increases the likelihood that units will deploy and fight on networks that have already been mapped, probed and quietly accessed by an adversary. The implications become clearer in conflict, Travis Veillon of the U.S. Army Corps of Engineers writes at Small Wars Journal. Against a near-peer adversary such as China, this dynamic would not appear as a single cyber strike, but as a system already under strain. Effects would emerge through controlled degradation across the interconnected systems that allow the U.S. military to function as a coherent force. Systems remain online but behave unpredictably at critical moments. Logistics continues, but with corrupted data that misroutes fuel and delays resupply. Communications function but degrade enough to introduce hesitation into command decisions. Satellite support persists, but with reduced fidelity that erodes confidence in precision. This is not disruption in the traditional sense. It is functional presence with degraded reliability. Military units should not expect systems to fail outright. They should expect them to work — incorrectly, inconsistently or at the worst possible moment.
- Security researchers say they have discovered a new way of circumventing Apple’s state-of-the art security technology, using techniques they discovered while testing an early version of Anthropic’s Mythos AI software in April, The Wall Street Journal reports. The researchers with Calif, a Palo Alto-based security research company, say the software they wrote links together two bugs and a handful of techniques to corrupt the Mac’s memory and then gain access to parts of the device that should be inaccessible. It is what’s known as a privilege escalation exploit, and if it were chained together with other attacks it could be used by a hacker to seize control of the computer. The technique is noteworthy because Apple has put so much effort into locking down MacOS.
- Officials within the Trump administration are reportedly worried that National Cyber Director Sean Cairncross is not equipped to lead the White House’s response to rapidly advancing artificial intelligence models with potentially dangerous hacking capabilities. Four current U.S. officials and five industry representatives who spoke to POLITICO said they fear Cairncross isn’t moving with sufficient urgency and lacks the expertise to lead on such a technically complex and emergent national security issue.
- Anthropic released a new paper that explains the company’s views on AI competition between the U.S. and China. The most important ingredient for developing AI is access to the computer chips on which the models are trained. Anthropic presents two scenarios for what the world might look like in 2028, when we expect transformative AI systems to have arrived.
DECADE OF POLICY SUPPORT DRIVES PRC QUANTUM BREAKTHROUGHS: A decade of increasingly specific policy direction in the People’s Republic of China — Five-Year plans, Ministry of Industry and Information Technology (MIIT) technical mandates — has shifted focus from basic science to engineering targets and deployment, effectively guiding both industry pathways and investor behavior, Sunny Cheung writes at the Jamestown Foundation. The sector is supported by a multi-tiered, state-aligned capital architecture that provides large-scale, patient funding, reducing commercial pressure and enabling quantum firms to prioritize deployment over short-term profitability. The PRC has already translated research into operational infrastructure, exemplified by the Beijing–Shanghai quantum network and Micius satellite, demonstrating end-to-end quantum communication capabilities at national scale. Despite strong central coordination, provincial competition introduces fragmentation and inefficiencies, creating parallel ecosystems that may dilute resources but also drive innovation pressure.
- China is constructing a functional closed-door regime for the core factors of production, simultaneously retaining people, capital, frontier technology, and proprietary information inside the country under the banner of national security, Christopher Nye and Charles Sun write at Jamestown. Mobility controls once limited to senior cadres now extend across the entire administrative apparatus and into the private sector, with judicial and administrative exit bans applicable to ordinary citizens, private-sector founders and foreign nationals operating inside the PRC.
DRONE TARGETS NUCLEAR FACILITY: A drone strike sparked a fire on the edge of the United Arab Emirates’ sole nuclear power plant on Sunday in what authorities called an “unprovoked terrorist attack,” The Associated Press reports. No one was blamed, but it highlighted the risk of renewed war as the United States and Iran signaled they were ready to fight again. There were no reported injuries or radiological release. The UAE, which has hosted air defenses and personnel from Israel, recently accused Iran of launching drone and missile attacks. Tensions have risen over the Strait of Hormuz, a vital energy waterway gripped by Iran, which is under a U.S. naval blockade.
- A coalition of over 40 nations have said they’re committed to the Multinational Military Mission (MMA), led by France and the UK, to reopen the Strait of Hormuz once a ceasefire has been agreed upon. Backed by a European flagship aircraft carrier, fourth-generation fighter jets, counter-drone systems and mine-hunting vessels, the push to eventually reopen the Strait appears to be resolute, Breaking Defense reports.
- The closure of the Strait of Hormuz is not a crisis in isolation. It is a data point in a larger story American defense planners can no longer afford to read slowly. Rear Adm. (Ret.) Milton “Jamie” Sands III writes at DefenseScoop that he spent over three decades in the United States Navy, much of it operating in and around the Arabian Gulf and the approaches to Hormuz. The Fifth Fleet lives in that water. Our carriers, destroyers and aviation assets have been the guarantor of freedom of navigation for the global economy that moves through those 21 miles. What is unfolding now is an inconvenient truth.
U.S., CHINA, RUSSIA ON THE PROWL IN GEO: The world’s leading space powers desperately want to know what the others are up to high above the equator. For more than a decade, the U.S. military has operated a fleet of “inspector” satellites designed to sidle up to other spacecraft in geosynchronous orbit and take pictures. China started launching its satellites for a similar mission in 2018. Ars Technica has written about these activities in geosynchronous orbit (GEO) before, but the last few months have seen a couple of interesting developments. First, Russia has now joined the fray with the recent arrival of its own suspected inspector (or attack) satellite in GEO. Second, the U.S. Space Force is poised to order more — perhaps many more — reconnaissance satellites of its own to send into the geosynchronous belt.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
Cyber defense is entering a machine-speed era. With Mythos and Project Glasswing bringing AI-driven vulnerability discovery and exploit development into the center of the cyber conversation, CrowdStrike’s Drew Bagley says organizations need to prepare for a world where vulnerabilities can be found, chained and exploited faster than traditional patching cycles can handle. Bagley joins Frank Cilluffo on the latest episode of Cyber Focus to explain why this shift is not just about one model, one company or one headline-grabbing project. It points to a broader change in how attackers and defenders will operate: exploit stacks may make once-latent vulnerabilities newly dangerous, critical infrastructure operators may face risks they cannot patch away and unmanaged AI agents inside organizations may become another source of exposure. The answer, Bagley argues, is not panic or patching alone, but continuous discovery, continuous remediation, visibility across the kill chain, AI-powered defense and resilience planning built for a world moving faster than human-speed cyber.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Biothreats
In Ebola outbreak, a number of Americans in the Congo believed to have had exposure to suspected cases
A number of Americans who are in the Democratic Republic of the Congo are believed to have had exposure to suspected cases in the country’s latest Ebola outbreak, with several deemed to have had high-risk exposures, sources have told STAT. At least one of these individuals may have developed symptoms. One source said that there are not yet test results for any of the individuals, but the U.S. government is reportedly trying to arrange to transport them out of the DRC to somewhere they can be safely quarantined, and cared for, if they prove to have been infected. It’s not clear if that would be in the United States; there is some discussion of perhaps taking the individuals to an American military base in Germany, a source said. (STATNEWS.COM)
MORE: Epidemic of Ebola Disease caused by Bundibugyo virus in the Democratic Republic of the Congo and Uganda determined a public health emergency of international concern (WHO.INT)
Canadian cruise ship passenger tests positive for hantavirus
The total number of confirmed and probable cases of hantavirus of those who were onboard the MV Hondius cruise ship stands at 11, including two people confirmed to have died from the virus and one person who remains suspected to have died from the virus. No cases of Andes hantavirus have been confirmed in the U.S. The eighteen American ship passengers are being monitored at the quarantine unit at the University of Nebraska Medical Center. (ABCNEWS.COM)
ALSO: Man threatened mass shooting at Walmart if hantavirus outbreak led to lockdown, sheriff says (KKTV.COM)
Breaches
Hackers access GitHub and download codebase in Grafana Labs breach
U.S. software company Grafana Labs has confirmed a breach in which hackers gained access to the organization’s GitHub system, stole a private token and downloaded the company’s codebase. An open source and visualization web app, with 25m users and more than 7,000 customers, including Anthropic, Bloomberg, Nvidia, Microsoft and Salesforce, Grafana Labs has a presence in more than 40 countries. In a statement posted on LinkedIn, a representative from Grafana Labs said, “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations. (SILICONREPUBLIC.COM)
American Lending Center data breach affects 123,000 individuals
The organization is notifying individuals affected by the data breach that information such as names, dates of birth, and SSNs may have been stolen in a ransomware attack detected in July 2025. “Through a forensic investigation into this breach, it was discovered that the threat actor compromised internal network, executed a ransomware attack, and accessed certain files that may have contained personal identifying or sensitive information,” ALC said in its notification to impacted customers, a copy of which was submitted to the Maine attorney general’s office. (SECURITYWEEK.COM)
France’s holiday industry hacked three times in 72 hours
A cyberattack affecting the French holiday accommodation network Gîtes de France has potentially exposed data belonging to more than 389,000 customers, according to breach monitoring site French Breaches, following a series of similar incidents targeting the country’s tourism sector. The organization confirmed on May 17 that it had suffered a data breach on May 16 involving unauthorized access to certain booking records. “An incident of security led to fraudulent access to certain data relating to reservation files,” it said in a statement. (CALIBER.AZ)
Cryptocurrency
More than $10 million stolen from crypto platform THORChain
Cryptocurrency platform THORChain said more than $10 million was stolen during a security incident on Friday morning. The cyberattack was first identified by blockchain security firm Peckshield and cryptocurrency investigator Zachary Wolk, who goes by the online alias ZachXBT. Around 6 am EST, both reported that more than 36 Bitcoin, worth about $3 million, and another $7 million in other coins was siphoned from THORChain. THORChain published its own statement shortly after confirming the incident. (THERECORD.MEDIA)
IC3 cryptocurrency kiosk complaint data by state
As a supplement to the Internet Crime Complaint Center (IC3) 2025 Annual Report, the Federal Bureau of Investigation (FBI) provides the following data involving cryptocurrency kiosks at the state level. Cryptocurrency kiosks are ATM-like devices or electronic terminals that allow users to exchange cash and cryptocurrency. Criminals may direct victims to send funds via cryptocurrency kiosks. According to IC3 data, the use of cryptocurrency kiosks to perpetrate fraudulent activity against the US population is increasing. In 2025, the IC3 received more than 13,400 complaints reporting the use of cryptocurrency kiosks, with losses over $388 million — a 23% increase in complaints and a 58% increase in losses from 2024. More than half of the complaints involved individuals over 50, with losses over $302 million. (IC3.GOV)
Tactics
Hackers abuse Cloudflare storage to exfiltrate network files
A sophisticated cyber espionage campaign targeting multiple Malaysian organizations has been uncovered, revealing a highly structured attack chain that blends custom tooling, cloud infrastructure, and stealthy data exfiltration. At the center of the operation is an Azure virtual machine (IP: 20.17.161.118) used to orchestrate attacks across government-linked networks. The infrastructure contained a wide range of attacker tools, including tailored Python scripts, Laravel exploit chains, webshell deployment utilities, and even source code for previously undisclosed command-and-control (C2) components. (GBHACKERS.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Malware
Experts confirm the Fast16 malware was sabotaging nuclear weapons tests, likely in Iran
Researchers have confirmed that a remarkable piece of malware discovered years ago but analyzed only recently was designed to subvert nuclear weapons testing simulations with the aim of undermining those tests and slowing the progress of a nuclear program. The new report, from researchers at the security firm Symantec, confirms what has only previously been speculated about the code by the company that first discovered it — SentinelOne. The malicious code, known as Fast16, was designed to subvert at least two specialized software programs that were commonly used for simulating weapons explosions at the time the code was active in 2005. According to Vikram Thakur, technical director for Symantec, and Eric Chien, a fellow in Symantec’s security technology and response division, it cleverly swapped out legitimate data produced by the simulation software, replacing it with false data that was fed to engineers monitoring those simulated tests. (ZETTER-ZERODAY.COM)
Gremlin Stealer’s evolved tactics: Hiding in plain sight with resource files
This article examines new obfuscation techniques the Gremlin stealer malware uses to conceal malicious payloads within embedded resources. We analyze a variant protected by a sophisticated commercial packing utility that employs instruction virtualization, transforming the original code into a custom, non-standard bytecode executed by a private virtual machine. Gremlin stealer siphons sensitive information from compromised systems and exfiltrates it to attacker‑controlled servers for potential publication or sale. It targets web browsers, system clipboard and local storage to exfiltrate sensitive information. (UNIT42.PALOALTONETWORKS.COM)
OtterCookie malware steals dev secrets, SSH keys, cloud credentials and tokens
A newly analyzed malware strain, OtterCookie, is emerging as a serious threat to developers, quietly harvesting sensitive data from active workstations in real time. Unlike earlier assumptions, OtterCookie is not a variant of BeaverTail but a separate Node. js-based remote access trojan (RAT) with a different command-and-control design and a stronger focus on continuous surveillance. Security researchers observed that OtterCookie operates over Socket.IO using Engine.IO v4, maintaining persistent connections with infected machines instead of relying on simple HTTP requests. (GBHACKERS.COM)
Hackers hide PureLogs infostealer in PawsRunner loader
Threat actors are increasingly hiding malware inside seemingly harmless files, and a new campaign shows just how effective this tactic has become. The attack begins with a phishing email carrying a TXZ archive attachment. Disguised as an urgent invoice, the file pressures victims into opening it quickly. Once extracted, the archive reveals a JavaScript file filled with misleading comments written in multiple languages, likely to evade analysis. (GBHACKERS.COM)
Phishing
Scammers send physical phishing letters to steal Ledger wallet seed phrases
Crypto wallet owners using Ledger hardware wallets are being targeted through physical mail, with scammers impersonating the company in a campaign designed to steal recovery seed phrases. The operation uses printed letters that look official, complete with Ledger branding, a reference number, and a fake security notice warning recipients about an urgent “Quantum Resistance” update. One example of the scam circulating online shows an Italian language version addressed to a customer in Italy, suggesting the attackers are tailoring the campaign based on regional customer data. The letter claims users must complete a mandatory security upgrade for their Ledger device before a deadline or risk losing wallet functionality. (HACKREAD.COM)
Vulnerabilities
Funnel Builder flaw under active exploitation enables WooCommerce checkout skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. It affects all versions of the plugin before 3.15.0.3. It’s used in more than 40,000 WooCommerce stores. The flaw lets unauthenticated attackers inject arbitrary JavaScript into every checkout page on the store, the Dutch e-commerce security company said. (THEHACKERNEWS.COM)
Critical Marimo RCE flaw could let attackers execute malicious code remotely
A newly disclosed critical vulnerability in the Marimo Python notebook framework is raising serious alarms across the cybersecurity community, as it allows attackers to execute arbitrary commands remotely, without authentication. Tracked as CVE-2026-39987, the flaw exposes a WebSocket endpoint that can be abused to spawn a system-level shell, potentially leading to full infrastructure compromise. The vulnerability exists in the /terminal/ws WebSocket endpoint, as per Resecurity, which fails to enforce authentication before granting access to a pseudo-terminal (PTY) shell. (GBHACKERS.COM)
Exploit available for new DirtyDecrypt Linux root escalation flaw
A recently patched local privilege escalation vulnerability in the Linux kernel’s rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. Named DirtyDecrypt and also known as DirtyCBC, this security flaw was also autonomously found and reported by the V12 security team earlier this month, when the maintainers informed them that it was a duplicate that had already been patched in the mainline. “We found and reported this on May 9, 2026, but was informed it was a duplicate by the maintainers,” V12 said. “It’s a rxgk pagecache write due to missing COW guard in rxgk_decrypt_skb. See poc.c for more details.” (BLEEPINGCOMPUTER.COM)
MiniPlasma Windows zero-day enables SYSTEM privilege escalation on fully patched systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver, and resides in a routine named “HsmOsBlockPlaceholderAccess.” It was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020. (THEHACKERNEWS.COM)

ADVERSARIES
China
China is preparing for a robot-led Taiwan invasion
OPINION: In future wars, machines will go first. Humans will follow. Today, China’s military is developing attritable robotic systems as part of a broader shift in how it plans to fight. That includes field testing four-legged “robotic wolves,” dog-sized quadrupeds equipped with cameras, sensors, and onboard computing, now appearing in Chinese military exercises and state media. These robots can reportedly scout ahead of infantry, clear obstacles, and haul supplies under enemy fire. China’s goal is not to substitute machines for soldiers. It is to ensure that expendable robotic systems absorb the first wave of battlefield risk. (NATIONALINTEREST.ORG)
Why are more U.S. allies exploring ties with China?
OPINION: U.S. President Donald Trump is visiting Beijing this week to meet with Chinese President Xi Jinping for the first time in nearly a decade. Since Trump returned to office in 2025, several U.S. allies have made similar trips, sending a clear message to Washington: An unstable geopolitical environment and unreliable U.S. support is driving them to bolster their relationships with other countries. Engaging more with China appears to be a critical component of this strategy. (CFR.ORG)
Russia
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection and disruption more difficult. The Turla APT group (aka Secret Blizzard, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. (SECURITYAFFAIRS.COM)
Russia presses college students to fill ranks of drone pilots
Students at one of Russia’s leading engineering universities are getting a lucrative offer: ditch their studies for a year, fly drones for the military and earn more than 5 million rubles ($68,275) in pay as well as free tuition on their return. Pamphlets distributed at Bauman Moscow State Technical University promise students who sign up for the unmanned systems forces will fly drones from far behind the front lines, but still qualify for combat veteran status. It’s part of a broader push across Russia to recruit university and college students, using lavish signing bonuses, academic leave and even outright coercion to convince young men to join the fight. (BLOOMBERG.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
AI license plate cameras tore this town apart and led to a state of emergency
The civic uproar began quietly, when a mom walking her newborn spotted a strange black contraption at the end of her block: a camera topped with a solar panel. Dierdre Shea researched the camera and learned that it was an artificial-intelligence-assisted license plate reader — the type that have caused privacy concerns across the country in recent months, leading to laws limiting their use in more than a dozen states. She emailed her neighbors, sparking fierce debate in this town of 52,000 overlooking the Hudson River. Residents called for the devices to be taken off the streets, and the Republican mayor, who supports the cameras, clashed with the Democratic city council, which tried to halt funding for them. (WASHINGTONPOST.COM)
Bank of England, FCA and Treasury raise alarm over frontier AI
The UK’s financial services firms must take active steps to manage the cybersecurity risks stemming from frontier AI, the UK government, the UK’s Financial Conduct Authority (FCA) and Bank of England have said. A missive from the trio on May 15 was intended to clarify and reinforce their message “as the operating environment becomes more complex.” It warned that the sector must put in place “effective protective, detective, threat containment and cyber-response capabilities” in order to mitigate cyber risks posed by the rapidly advancing technology. (INFOSECURITY-MAGAZINE.COM)
Vatican sets up commission on Artificial Intelligence
Pope Leo XIV has approved the creation of a new Vatican commission on artificial intelligence to coordinate the Holy See’s response to the rapidly expanding technology and its implications for human dignity, integral development, and the Church’s own internal use of AI. The move comes as the Vatican is preparing for the release of Leo’s first encyclical, which is expected to deal extensively with artificial intelligence and its ethical, social, and economic consequences. Reports have indicated that the document will likely frame AI as one of the defining moral questions of the present age, drawing a parallel with the social upheavals of the Industrial Revolution addressed by Pope Leo XIII in Rerum Novarum. (NCREGISTER.COM)
Don’t count on courts to rein in unregulated AI
OPINION: Over the past few months, the headlines might give the impression that the U.S. court system is deftly navigating the world of tech regulation. A federal judge quickly enjoined the Department of Defense’s overbroad and retaliatory attempt to label artificial intelligence (AI) developer Anthropic a supply chain risk. Juries in California and New Mexico issued major verdicts against Meta and Google for harms arising from their social media products, in cases that could influence thousands of other similar claims. And the U.S. Supreme Court let stand a lower court’s decision over the copyrightability of AI-generated art, in one of the first actions by the Court in the area of intellectual property (IP) and artificial intelligence. Based on this flurry of activity, one might think that when it comes to the current greatest challenge for technology policy — artificial intelligence — the courts can be trusted to man the regulatory helm. (LAWFAREMEDIA.ORG)
Cloud
Europe built sovereign clouds to escape U.S. control. Then forgot about the processors
Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach. The EU’s IPCEI-CIS program funds infrastructure development. France qualifies operators under SecNumCloud, a framework with nearly 1,200 technical requirements promising “immunity from extraterritorial laws.” But most datacenters and qualified cloud operators still rely heavily on Intel or AMD processors. And inside those processors sits a computer beneath the computer: management engines operating at Ring -3, below the operating system, outside the control of host security software, persistent even when the machine appears powered off. Under the US Reforming Intelligence and Securing America Act (RISAA) 2024, hardware manufacturers count as “electronic communications service providers” subject to secret government orders. (THEREGISTER.COM)
Defense
Army’s autonomy office looks beyond drone, robot platforms to ‘packages of capability’
Earlier this year, the Army stood up the Capability Program Executive Office for Mission Autonomy (CPE Mission Autonomy) to interconnect all unmanned operations in the Army from drones to robots. The new office won’t build or acquire them but will integrate such systems into “packages of capability” that can be tasked by commanders depending on the mission, CPE Mission Autonomy’s leader Brig. Gen. Anthony Gibbs said here at the joint Xponential/MDEX conference. The initial focus will be to develop such autonomy packages in three areas: combat engineering, where sappers traditionally have been called upon to shape the terrain in the breach prior to ground assault, considered one of the most dangerous jobs in the military and ripe for autonomy; as well as fires and logistics. (BREAKINGDEFENSE.COM)
Drones
Here’s how the Army plans to spend nearly $1 billion in procuring small counter drone tech
Under the Defense Department’s nearly $1.5 trillion fiscal 2027 budget request, the Army would have almost $1 billion in procurement funding to spend on small counter unmanned aerial system technology (cUAS) capabilities — nearly double the amount the service was granted in its enacted budget for FY26. Should Congress approve it, the FY27 budget would set aside $994 million in total for small cUAS, with all of that sum coming from discretionary funding. The FY26 enacted budget included $596 million for the same line item with $336 deriving from discretionary spending and $260 coming from mandatory, or reconciliation, funding. (BREAKINGDEFENSE.COM)
Army aviation’s wasted decade: Lessons for the next generation of drone integration
OPINION: In 2006, the U.S. Army’s 25th Combat Aviation Brigade deployed to Iraq, where it paired Task Force ODIN (Observe, Detect, Identify, and Neutralize) with an Apache battalion from the 82nd Airborne Division — a first-of-its-kind teaming of attack helicopters with drones. These units combined manned and unmanned sensors to identify and destroy improvised explosive devices and high-value targets, leveraging drones to fill gaps in traditional rotary wing aviation. Col. Jamie LaValley, at the time a captain with the 82nd, told me he felt he was witnessing “the future of warfare.” “Man, Army Aviation is on to something,” he recalls thinking. “It was apparent that a mass of sensors and weapon systems on a host of platforms provided a decisive advantage.” Two decades later, however, Army Aviation has made little progress in manned-unmanned teaming. (WARONTHEROCKS.COM)
Energy
Commercial electricity use will likely surpass residential in 2027: EIA
Commercial electricity consumption is likely to surpass residential use for the first time on record in 2027, the U.S. Energy Information Administration said Tuesday in its Short-Term Energy Outlook. The commercial sector, which includes hyperscalers, bitcoin miners and cloud computing, is expected to see electricity sales grow 2.2% to about 1,530 billion kWh in 2026 — roughly the same as the residential sector — followed by 5.3% growth the following year, EIA said. Demand from the residential sector, which has historically accounted for the largest share of U.S. electricity use, will remain largely flat over the next two years, growing about 0.5% in 2026 and 2027. (UTILITYDIVE.COM)
The Defense Production Act’s expanding role in energy
On April 20, 2026, the White House signed a series of presidential determinations invoking Section 303 of the Defense Production Act of 1950 (DPA). The act was not deployed once but five times in a single day. The targets covered petroleum production and refining, coal supply chains, natural gas transmission and liquefied natural gas (LNG) capacity, grid infrastructure, and large-scale energy infrastructure. Historically, these actions are not typically routine. When a President reaches for the DPA this extensively, it signals that the market economy’s typical operations are not moving at the necessary speed to meet what the administration sees as a legitimate national security threat. (BAKERINSTITUTE.ORG)
Health care
AI doctors? Lawsuits say no, some doctors say yes
Medical professionals are pushing back against artificial intelligence assuming the persona of a doctor, arguing it amounts to practicing without a license. One solution floated in the Journal of the American Medical Association would be to license AI as if it went to medical school. Spotlighting the tension is a recent lawsuit filed by the commonwealth of Pennsylvania against Character Technologies, a Silicon Valley-based AI company. The complaint alleges that the company’s chatbots are illegally practicing medicine, purporting to be healthcare professionals in their conversations with consumers. (HEALTHCAREINFOSECURITY.COM)
Regulations
EU’s Cyber Resiliency Act will put IT leaders to the test
Unlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encodes existing best practices, enforces minimum product support lifecycles, and could mean developing stronger relationships with open source projects your organization relies on. And it comes with a deadline: by September 11 this year, you need to have vulnerability and incident reporting processes in place. Even for organizations already using software bills of materials (SBOMs), following new CRA obligations to report an actively exploited vulnerability in a product within 24 hours, and having to deliver a full report within three days may prove hard to meet. (CSOONLINE.COM)
Can laws stop deepfakes? South Korea aims to find out
South Korea will hold local elections on June 3, and for the first time will enforce two laws aiming to curb the use of AI deepfakes to support political campaigns. The big question is: will it be enough? While not the most dramatic issue facing voters, deepfakes remain a problem for elections worldwide. In 2024, some New Hampshire voters received a robocall claiming to be from then-US President Joe Biden asking residents not to vote in the state primary. South Korea, meanwhile, has faced everything from fake videos of political candidates on social media to AI-generated television news reports and more. (DARKREADING.COM)
Resilience
NIST updates SP 800-172 to strengthen segmentation, resilience, and supply chain security for nonfederal systems
The U.S. National Institute of Standards and Technology (NIST) published final versions of Special Publication 800-172 Revision 3 and SP 800-172A Revision 3, expanding cybersecurity requirements and assessment procedures designed to protect controlled unclassified information in nonfederal systems and organizations. Announced on May 13, the updated guidance introduces enhanced security requirements focused on cyber resiliency, including expanded controls for access management, network segmentation, asset management, and supply chain security practices. NIST said the revisions align with SP 800-171r3 and SP 800-53r5 to improve consistency across federal cybersecurity frameworks. (INDUSTRIALCYBER.CO)
LEGISLATIVE UPDATES
Tech CEOs invited to Capitol Hill to answer questions about kids online safety
Senate Judiciary Committee Chair Chuck Grassley (R-Iowa) has invited the leaders of four major technology companies to appear before lawmakers next month for a kids safety hearing after a pair of landmark court decisions against two of the firms. Grassley, in a post Friday, announced he’d invited Meta CEO Mark Zuckerberg, Alphabet CEO Sundar Pichai, TikTok CEO Shou Zi Chew and Snap CEO Evan Spiegel to the June 23 hearing. (THEHILL.COM)
Chatbot bills look to address safety fears as midterms loom
Hearings filled with heart-wrenching stories of children who died by suicide after their interactions with artificial intelligence chatbots have made it easy for those on both sides of the aisle to agree that something needs to be done to regulate the new technology. But as one bill has been voted out of committee and another heads toward a markup, observers say bipartisan support in the Senate for curtailing kids’ use of chatbots masks as-yet unanswered questions. Those center on which bots need regulating and how far legislation can or should go before it crosses boundaries of free speech and privacy. Late last month, the Senate Judiciary Committee voted unanimously to advance a bill sponsored by Sen. Josh Hawley (R-Mo.) that would ban minors from using companion chatbots and ban all bots from engaging in sexual conversations with minors or encouraging them to commit suicide. (ROLLCALL.COM)
HASC leader threatens Pentagon with ‘pain’ over canceled Europe deployment
Lawmakers ripped into Army leaders on Friday, asking why the service this week canceled the imminent deployment of a brigade combat team to Poland. But Army Secretary Dan Driscoll and acting Chief of Staff Gen. Christopher LaNeve had few answers about the decision. It wasn’t theirs, LaNeve told lawmakers at the House Armed Services Committee hearing. The general said Defense Secretary Pete Hegseth had ordered U.S. European Command boss Gen. Alexus Grynkewich to reduce forces. (DEFENSEONE.COM)
Schiff enters data center fray with ratepayer protection bill
California Democratic Sen. Adam Schiff is entering the hotly contested political debate over data centers with legislation he says would ensure artificial intelligence developers pay the full cost of their energy demand, instead of ratepayers. The “Energy Cost Fairness and Reliability Act” is the latest in a growing list of proposals from both Democratic and Republican lawmakers aimed at mitigating the electricity price impacts of energy-hungry data centers. “Artificial intelligence is already deeply impacting our society, economy and national security, and it is critical that we maintain our international leadership — however, that growth cannot come at the cost of consumers or society,” Schiff said in a statement. “There need to be guardrails that protect Americans’ pocketbooks.” (EENEWS.NET)
COMMITTEE ACTIVITY
CHINA: The Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party will hold a May 19 hearing on the rise of CCP-linked scam networks targeting Americans and threatening U.S. security.
BUDGET: The Senate Homeland Security and Governmental Affairs Committee is scheduled to hold a May 19 business meeting to consider reconciliation recommendations to the Budget Committee.
TSA MODERNIZATION: The House Homeland Security Committee will hold a May 20 hearing on to hear industry perspectives on key security and travel reforms 25 years after 9/11.
SLTT CYBER: The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a May 21 hearing on state and local cybersecurity in the context of escalating threats, federal partnership and the resilience of America’s communities.
WATER: The House Science, Space and Technology Environment Subcommittee will hold a May 21 hearing on applying science to secure U.S. water systems from cyber threats.
ALERTS AND ADVISORIES
ShinyHunters: Cyber criminal group attacks learning management system
The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning Management System (LMS), resulting in an interruption of service to educational institutions and students across the country. The LMS platform is now fully operational. ShinyHunters (SH) — which claimed the cyber-attack that caused the disruption—is a cyber criminal group specializing in large — scale data breaches and extortion. They target major companies across tech, finance, and retail, often stealing millions of customer records at once. (IC3.GOV)
CISA adds one known exploited vulnerability to catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)
Critical vulnerability affecting Cisco Catalyst SD-WAN
The Canadian Centre for Cyber Security (Cyber Centre) is aware of active exploitation of Cisco Catalyst Software-Defined Wide Area Network (SD-WAN) devices. In response to the Cisco security advisory released on May 14, 2026, the Cyber Centre issued AV26-471 on May 14, 2026. Tracked as CVE-2026-20182, this vulnerability is a critical Improper authentication vulnerability (CWE-287) affecting the peering authentication process of Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). (CYBER.GC.CA)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
RUSSIA: Russia’s growing influence and engagement in Africa is a significant and often overlooked dimension of global great power competition. Join the Center for a New American Security (CNAS) on May 18 for a virtual panel discussion on this topic to mark the release of a new report, Beyond the Sahel: Russia’s Toolbox for Influence in Africa, by Kate Johnston and Valeria Allende, with Isabel Dlabach. This report looks at Russia’s activities in key states in Africa—Egypt, Ethiopia, Nigeria, and South Africa.
AI AND CHINA: As the U.S.-China AI competition intensifies, Congress is playing an increasingly active role in shaping America’s response. Join CNAS on May 19 for a fireside chat on the U.S.-China AI competition with House Foreign Affairs Committee Chairman Brian Mast (R-Fla.).
SECURITY POLICY: Congressman Michael McCaul has been at the center of Congress’s foreign policy debates over the past two decades, first as chairman of the House Homeland Security Committee and later as the chairman of the House Foreign Affairs Committee. As Chairman Emeritus McCaul prepares to leave Congress and begin a new chapter of his service to the nation, please join Mariano-Florentino (Tino) Cuéllar, president of the Carnegie Endowment for International Peace, for a May 20 conversation with the congressman reflecting on his legacy on Capitol Hill, his views on the future of American global leadership, and the lessons that his career offers to the next generation of policymakers.
AI AND HEALTHCARE: As AI rapidly transforms healthcare, the ability to responsibly access, share, and scale health data has become a defining factor in U.S. competitiveness and national security. How can the U.S. unlock the value of health data while protecting privacy? On May 21, the Atlantic Council’s Cyber Statecraft Initiative will host a panel discussion at the Capitol Visitors’ Center on the future of health data and artificial intelligence (AI).
SPACE: Join the Center for Strategic and International Studies (CSIS) Aerospace Security Project and Secure World Foundation (SWF) on May 22 for a discussion on the evolving space threat environment and the latest trends in global counterspace capabilities.
AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.
RUSSIA: For nearly two decades, U.S. strategy produced meaningful cooperation as Russia and the United States cooperated in outer space, counterterrorism and nuclear energy. While today is starkly different from the 1990s, what lessons can be learned from this period of cooperation? Once there is a fair peace in Ukraine and Russia atones for the damage it has done, will it be worth resuming cooperation? Join Rose Gottemoeller, a nonresident fellow in Carnegie’s Nuclear Policy Program and former deputy secretary general of NATO, for a May 27 conversation with Andrew S. Weiss, the James Family Chair and vice president for studies at the Carnegie Endowment, to explore how Gottemoeller tackles these questions in her new book “Security Through Cooperation.”
ELECTROTECH STACK: The most pressing danger may not be Chinese hardware but rather American policy paralysis: overcorrection that delays the technologies this buildout demands, or indecision that continues ceding strategic ground to Beijing. FDD and CMIST will host a May 28 discussion moderated by Harry Krejsa, director of studies at CMIST, featuring Phoebe Benich, non-resident fellow at CMIST; and Dr. Emma Stewart, non-resident fellow at CMIST and lead for Idaho National Laboratory’s Center for Securing Digital Energy Technology. RADM (Ret.) Mark Montgomery, senior director of FDD’s Center on Cyber and Technology Innovation (CCTI), will provide introductory remarks.
AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?
CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS