Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – May 19, 2026


Cyber Briefing

TODAY’S TOP 5

ANTHROPIC TO LET PARTNERS SHARE MYTHOS FINDINGS: Anthropic said on Monday it is revising its earlier position to allow users of its Mythos cybersecurity model ‌to share information about cyber threats with others who may be exposed ‌to similar vulnerabilities, Reuters reports. Mythos, announced on April 7, is being deployed as part of Anthropic’s “Project Glasswing,” a controlled initiative under which select organizations, including major tech firms such as Amazon, Microsoft, Nvidia and Apple, are permitted to use the unreleased Claude Mythos Preview model for defensive cybersecurity purposes. Last week, Anthropic began telling partners that they are generally permitted to disclose ⁠their involvement in Glasswing and, at their own discretion, share findings, best practices, tools or code developed through the program.

  • A bipartisan group of House lawmakers is urging the White House Office of the National Cyber Director (ONCD) to develop a federal-industry strategy for handling what they say could soon be a flood of software vulnerabilities discovered by advanced artificial intelligence systems, Meritalk reports. In a May 13 letter to National Cyber Director Sean Cairncross, the group of 35 House members led by Reps. Bob Latta (R-Ohio) and Doris Matsui (D-Calif.) asked ONCD to convene government agencies and private-sector stakeholders to prepare for “a large increase in vulnerability disclosures discovered by advanced artificial intelligence (AI) systems.”
  • Pope Leo XIV will personally present his first major teaching document on the ethical challenges posed by artificial intelligence on May 25 alongside Christopher Olah, a co-founder of Anthropic, the AI research company recently thrust into a public clash with the Trump administration over the use of its models in military and surveillance contexts, National Catholic Reporter reports. Leo’s decision to take part in the launch of his own encyclical is atypical and highlights his desire to position the Vatican’s voice as a leading moral authority on the development and application of AI. 
  • Advanced AI models with unique hacking capabilities like Anthropic’s Mythos should bring federal agencies that handle some of the government’s most sensitive information to a “reflection point,” according to one of the CIA’s top tech officials. “I think it is a reflection point and I think people need to view it in that fashion,” said Dan Richard, associate deputy director of the CIA’s Digital Innovation Directorate, on a panel Friday at the Qualys ROCon Public Sector 2026 conference, Nextgov/FCW reports
  • Governments and boardrooms are patching, monitoring and reinforcing. But the harder question is whether the United States can scale what it intends to build with confidence that the ground beneath it will bear the weight. Leadership in AI will not be decided by who trains the largest models. It will be decided by who can deploy them most deeply into the systems that generate advantage, and that depends on whether the foundations can withstand what is now being asked of them, Vinh Nguyen writes at the Council on Foreign Relations.

THE AMERICAN REBELLION AGAINST AI IS GAINING STEAM: The only thing growing faster than the artificial-intelligence industry may be Americans’ negative feelings about it — as former Google Chief Executive Eric Schmidt saw on Friday. Delivering a commencement address at the University of Arizona, Schmidt told students the “technological transformation” wrought by artificial intelligence will be “larger, faster and more consequential than what came before.” Like some other graduation speakers mentioning AI, Schmidt was met with a chorus of boos. In one poll after another in recent weeks, respondents have overwhelmingly voiced concerns about AI, a challenge to claims by industry executives that their technology would gain popularity by improving people’s lives, The Wall Street Journal reports. Consumers resent energy-price jumps exacerbated by the spread of data centers. Workers fear widespread job losses. Parents worry about AI undermining education and harming children’s mental health. In recent months, the wave of anger has brought protests, swayed election results and spurred isolated acts of violence.

CISA ADMIN LEAKED AWS GOVCLOUD KEYS ON GITHUB: Until this past weekend, a contractor for the Cybersecurity and Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history. On May 15, KrebsOnSecurity heard from Guillaume Valadon, a researcher with the security firm GitGuardian. Valadon’s company constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures. Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive.

DoD IG FLAGS ADVANA INTERFACE CONTROL WEAKNESSES: recent audit by the Defense Department’s Inspector General found that the Office of the Chief Digital and Artificial Intelligence Officer (OCDAO) failed to implement several required interface controls for Advana, the department’s enterprise data and analytics platform, MeriTalk reports. Advana, launched in 2021, is a department-wide data repository that collects, aggregates and stores data from 437 financial and non-financial systems to support analytics and data-driven decision-making. The findings come as the Pentagon moves to restructure Advana under a directive issued earlier this year by Defense Secretary Pete Hegseth. The directive calls for separating financial data functions from a new War Data Platform intended to support warfighting and intelligence missions across the department. 

  • Officials across the services are racing to get disparate military platforms to talk to each other, an effort buoyed by the idea that the speedy transfer of information across multiple domains and automated systems will give U.S. forces an advantage on the battlefield, DefenseScoop reports. For America’s most elite forces, the development of such a network — one that doesn’t rely on equipment-specific software — is not moving fast enough, according to one of U.S. Special Operations Command’s top acquisition officials. Other parts of the military have echoed those concerns. Earlier this month, the Army announced a “hackathon” alongside major defense companies meant to connect decades-old equipment the service still uses with new, incoming technology under a common software architecture. 

HOW IRAN AND CHINA WEAPONIZE FOOD SUPPLY CHAIN: Iran did not improvise the Hormuz crisis. The mine stockpiles, the Islamic Revolutionary Guards Corps’ fast-boat fleet, and the Houthi program at Bab al-Mandab are a coordinated architecture assembled over the years to make commercial insurance a controllable coercive mechanism. The 2024 Houthi campaign proved the concept. Without sinking a vessel, it drove Asia-Europe freight rates up sevenfold and collapsed Suez Canal revenues roughly 50%. Iran does not need to sink fertilizer ships. It needs to make them uninsurable. Any sufficiently concentrated agricultural input supply chain is a targetable strategic system. No G7 government has built the architecture to manage this kind of deliberate attack, Bruce Randolph Tizes writes at Small Wars Journal. The convergence of two distinct supply restrictions, one geographic, one political, constitutes a compound chokepoint on global agricultural inputs. The geographic gate is the Strait of Hormuz, through which roughly one-third of global seaborne fertilizer trade transits, including the ammonia, urea, and sulfur that underpin crop production on five continents. The policy gate is China’s export licensing regime, through which Beijing periodically restricts urea and NPK exports. When the U.S.-Israeli campaign against Iran commenced on February 26, 2026, both gates closed within three weeks. This convergence makes 2026 structurally unprecedented.many more — reconnaissance satellites of its own to send into the geosynchronous belt.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

Cyber defense is entering a machine-speed era. With Mythos and Project Glasswing bringing AI-driven vulnerability discovery and exploit development into the center of the cyber conversation, CrowdStrike’s Drew Bagley says organizations need to prepare for a world where vulnerabilities can be found, chained and exploited faster than traditional patching cycles can handle. Bagley joins Frank Cilluffo on the latest episode of Cyber Focus to explain why this shift is not just about one model, one company or one headline-grabbing project. It points to a broader change in how attackers and defenders will operate: exploit stacks may make once-latent vulnerabilities newly dangerous, critical infrastructure operators may face risks they cannot patch away and unmanaged AI agents inside organizations may become another source of exposure. The answer, Bagley argues, is not panic or patching alone, but continuous discovery, continuous remediation, visibility across the kill chain, AI-powered defense and resilience planning built for a world moving faster than human-speed cyber.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Biothreats

WHO chief is ‘deeply concerned’ by speed and scale of Ebola outbreak as cases rise

The head of the World Health Organization said on Tuesday that he was “deeply concerned about the scale and speed” of the Ebola outbreak spreading in the Democratic Republic of Congo and Uganda, as the suspected death toll in Congo climbed to over 130 people. Laboratory testing has now definitively linked 30 cases to the virus in Congo’s northeastern Ituri Province, where the outbreak was first identified, Dr. Tedros Adhanom Ghebreyesus, the director-general of the WHO, said in an address to the World Health Assembly. Tedros said the deaths of health care workers, high population mobility in the area and the absence of vaccines or therapeutics for the Bundibugyo species of Ebola behind the outbreak raised fears of further spread and deaths. (NYTIMES.COM)

Breaches

ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. “Over 600k Salesforce records containing PII and other internal corporate data have been compromised,” the cybercrime group claimed on its Tor data leak site. “The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don’t care.” (SECURITYAFFAIRS.COM)

Cybercrime

201 arrests in first-of-its-kind cybercrime operation in MENA region

A first-of-its-kind cybercrime operation in the MENA region has led to the arrest of 201 individuals, with a further 382 suspects identified. Thirteen countries from the Middle East and North Africa took part in Operation Ramz (October 2025 – 28 February 2026) which aimed to investigate and disrupt malicious infrastructure, identify and arrest suspects, and prevent future losses. The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region. In addition to the arrests made, 3,867 victims were identified, and 53 servers were seized. (INTERPOL.INT)

Education

Roanoke school division reconsidering online platform after recent data breach

Roanoke City Public Schools is reconsidering the division’s use of the online education platform Canvas after a massive data breach left the system offline and student information exposed earlier this month. The division was one of hundreds of K-12 systems and colleges across the country impacted after hackers breached Instructure, the company behind Canvas, which schools use to manage assignments, track grades and deliver course content. The cyberattack left varying levels of access to Canvas after hackers gained initial unauthorized access April 25 through May 8, when Instructure restored access to most users. (CARDINALNEWS.ORG)

Health care

Hospital cyberattacks are increasingly hitting patient care

The main risk from hospital cyber incidents is no longer data breaches or IT disruption – it’s direct threats to care delivery. According to a Black Book Research survey of 284 European hospital cybersecurity buyers, 82% rate their 2026 cyber attack concern as very high or extreme, while 74% believe their organization is likely or highly likely to face a major cyber event this year. And, the researchers found, attacks are no longer viewed primarily as privacy events, compliance events, or IT disruptions – but as threats to the delivery of care. (ITPRO.COM)

Tactics

How Storm-2949 turned a compromised identity into a cloud-wide breach

Microsoft Threat Intelligence recently uncovered a methodical, sophisticated, and multi-layered attack, where a threat actor we track as Storm-2949 launched a relentless campaign with a singular focus: to exfiltrate as much sensitive data from a target organization’s high-value assets as possible. The attack exfiltrated data from Microsoft 365 applications, file-hosting services, and Azure-hosted production environments, where the organization’s production application ecosystem resides. What began as a targeted identity compromise rapidly evolved into a full-spectrum assault on the organization’s cloud infrastructure. The attack spanned various Azure resources, with emphasis on software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) layers. (MICROSOFT.COM)

Hackers bypass security tools to target users directly

Threat actors are eschewing traditional malware-driven attacks in order to bypass security tools and socially engineer their victims, according to a new study from Bridewell. The consulting specialist made the claims in its Cyber Threat Intelligence Report 2026, published on May 18. The report draws on Bridewell’s “sustained monitoring of malicious infrastructure, client telemetry, incident response activity, and targeted research.” Attack techniques like ClickFix, FileFix and ConsentFix trick users into copying commands, approving fake authentication prompts and completing legitimate login processes to bypass endpoint security, multifactor authentication (MFA) and other controls, it said. (INFOSECURITY-MAGAZINE.COM

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

AI coding is fueling a secrets-sprawl crisis few CISOs are containing

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself. He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. Experts at cloud security company Wiz and, independently, researcher Jameson O’Reilly, discovered that Moltbook’s backend database, hosted on Supabase, had been improperly configured. As a result, it granted broad read and write access to platform data. “The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents,” Wiz researchers noted in a blogpost. (CSOONLINE.COM)

Financial

Experts warn of privacy risks as AI firms looks to connect to financial accounts

OpenAI announced Friday that it is rolling out a new ChatGPT feature allowing users to connect all of their financial accounts to the chatbot for personal finance advice, a move which is raising concerns among privacy and cybersecurity experts. The financial tech company Plaid, which connects individuals’ bank accounts to third party financial apps, is supporting the new feature. In the near future, the ChatGPT financial planning platform will also be powered by Intuit, which offers personal finance, tax prep and small business accounting software. The feature is now available for paid subscribers to ChatGPT Pro, but will be rolled out to Plus users in the future, with the “goal of making it available to everyone” in the future, according to a ChatGPT blog post about the offering. (THERECORD.MEDIA)

ICS/OT

Critical vulnerability exposes industrial robot fleets to hacking

Universal Robots, a Danish company specializing in collaborative industrial robots, or cobots, has patched a critical vulnerability affecting one of its operating systems. Advisories published last week by the cybersecurity agency CISA and Universal Robots revealed that PolyScope 5, an operating system and GUI designed to power and control the company’s cobots, is affected by CVE-2026-8153, an OS command injection vulnerability in the Dashboard Server interface. The flaw, rated critical with a CVSS score of 9.8, has been patched in PolyScope 5.25.1. (SECURITYWEEK.COM)

Four-faith industrial routers targeted in botnet hijacking campaign

Four-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as CVE-2024-9643. Security researchers warn that attackers are rapidly weaponizing the vulnerability to hijack exposed devices and repurpose them as part of large-scale malicious infrastructure. CVE-2024-9643 affects Four-Faith F3x36 industrial routers and carries a critical CVSS score of 9.8. The flaw stems from hard-coded administrative credentials embedded within the device’s web interface. (GBHACKERS.COM)

Malware

Shai-Hulud worm clones spread after code release

TeamPCP published Shai-Hulud source code to GitHub last week, and the infamous worm already shows signs of spreading. TeamPCP is a financially motivated threat actor that has long been assessed as a key, if not the key, culprit behind the Shai-Hulud self-replicating worm attacks, as well as various successor worms. Shai-Hulud, named after the sandworms from the popular science fiction novel Dune, is a self-replicating malware worm that began infecting node packet manager (NPM) packages last summer. (DARKREADING.COM)

New Reaper malware uses fake Microsoft domain to steal macOS passwords

A malicious new malware is targeting macOS users, disguised as a critical system update and popular workplace software. Cybersecurity firm SentinelOne’s research unit, SentinelLABS, recently discovered this threat and shared the details with Hackread.com. The malware is a fresh variant of an infostealer called SHub, tracked under the name Reaper. Apple recently updated its macOS Tahoe 26.4 to stop similar attacks, but researchers found that “Reaper tricks routes around that fix entirely,” making it a serious threat for Mac users. (HACKREAD.COM)

Supply chain

Compromised Nx Console 18.95.0 targeted VS Code developers with credential stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2 million installations. The Open VSX version has not been affected by the incident. “Within seconds of a developer opening any workspace, the compromised extension silently fetched and executed a 498 KB obfuscated payload from a dangling orphan commit hidden inside the official nrwl/nx GitHub repository,” StepSecurity researcher Ashish Kurmi said. (THEHACKERNEWS.COM)

Vulnerabilities

Ivanti, Fortinet, SAP, VMware, n8n patch RCE, SQL injection, privilege escalation flaws

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. “External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks,” Ivanti said in an advisory. (THEHACKERNEWS.COM)

20-year-old PostgreSQL flaw gets public PoC exploit for remote code execution

A newly released proof-of-concept (PoC) exploit for CVE-2026-2005 has brought renewed attention to a critical vulnerability in PostgreSQL’s pgcrypto extension, exposing systems to remote code execution (RCE). Security researchers warn that the flaw, rooted in legacy code paths dating back nearly two decades, could allow attackers to escalate privileges and execute arbitrary commands on affected servers. The vulnerability exists in the PGP session key parsing logic within the pgcrypto module. Specifically, it involves a heap-based buffer overflow that can be exploited to achieve arbitrary read and write memory access. (GBHACKERS.COM)

‘Claw Chain’ OpenClaw flaws allow sandbox escape, backdoor delivery

Four vulnerabilities in the OpenClaw AI assistant can be chained together to plant backdoors on the underlying host, cybersecurity firm Cyera warns. The bugs, collectively known as Claw Chain, allow an attacker with code execution privileges inside the sandbox to control the agent runtime and abuse it to compromise the system. According to Cyera, the attacker can rely on prompt injections, malicious plugins, and compromised external input to trigger the attack chain and turn the AI into their own assistant. (SECURITYWEEK.COM)

ADVERSARIES

China

Former University of Michigan researcher accused of hiding Chinese military drone ties

Federal authorities say a Chinese national who worked as a research scholar at the University of Michigan lied about his work on drones in the People’s Republic of China. According to a criminal complaint filed last week, Chuan Wang allegedly denied involvement in the production of military products during an interview with customs officers in 2023 when in reality he ran a company that designs and manufactures unmanned aerial vehicles and drones for the Chinese military. (MILITARYTIMES.COM)

Arms without strings: What buying Chinese military technology really means

OPINION: The May 2025 India–Pakistan crisis and the United States–Israel–Iran war that began on 28 February 2026 have transformed the global perception of Chinese military technology. From the J-10C and PL-15 fighter engagements over the Line of Control, the de facto border between Indian- and Pakistani-administered Kashmir, to the suspected use of BeiDou for Iranian missile guidance, the steady flow of Chinese precursor chemicals, sensors, and dual-use components to Tehran, Beijing’s defense-industrial offer is no longer a marginal alternative to the Western arms market. It is becoming a parallel ecosystem. This article examines what “buying Chinese” buys: competitive pricing, flexible financing, joint-production options, near-immediate access to dual-use technologies, and an alternative satellite-navigation backbone, all without the political conditions that govern Western export licensing. (SMALLWARSJOURNAL.COM)

Iran

U.S. and Europe in coordinated action against IRGC’s online presence

Europol announced Monday that a total of 14,200 posts linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) have been targeted in a coordinated action against terrorist content online. The operation involved 19 countries coordinated by Europol and working in synchronized phases to collect intelligence, cross-check targets and carry out joint referrals to online platforms. Led by Europol’s EU Internet Referral Unit (EU IRU), the action focused on identifying and disrupting the group’s online presence used to spread propaganda, recruit supporters and raise funds. (THREATBEAT.COM)

North Korea

Kimsuky uses LNK, JSE lures to target recruiters, crypto users, defense officials

North Korea-linked threat group Kimsuky has launched at least four distinct spear-phishing campaigns in early 2026, targeting recruiters, cryptocurrency users, developers, defense personnel, and academic administrators. Despite using different themes and delivery methods, all campaigns follow a consistent attack chain: decoy document display, payload deployment, persistence setup, and command-and-control (C2) communication. (GBHACKERS.COM)

North Korea’s chemical weapons program is a weapons of mass destruction ‘black hole’

Typically, discussions about the Democratic People’s Republic of Korea (DPRK) having weapons of mass destruction (WMD) center on the issue of its nuclear weapons program. Less talked about is Pyongyang’s chemical weapons (CW) arsenal, where they are made, and how many facilities where they are produced actually exist. Unfortunately, comparatively little is known about the CW effort in the North, and what is known is limited. If statements by DPRK defectors are accurate, what we do think we know about the industry and research enterprises that make up the country’s chemical arsenal is like looking at an iceberg: what we can see is only a small fraction, and the rest is hidden beneath the surface. (NATIONALSECURITYJOURNAL.ORG)

GOVERNMENT AND INDUSTRY

Artificial intelligence

Jury tosses Elon Musk’s lawsuit against OpenAI and Sam Altman

A federal jury found Monday that tech billionaire Elon Musk waited too long to bring his lawsuit against OpenAI CEO Sam Altman and others, throwing out the suit, claimed Altman had unlawfully enriched himself from the organization Musk and Altman co-founded. The verdict means Altman, co-founder Greg Brockman and OpenAI are not liable on all claims after a blockbuster three-week trial that has captivated the tech industry and could have reshaped the race to develop artificial intelligence. (NBCNEWS.COM)

AI might cut false positives, but it won’t stop the slop 

As defenders get their hands on newer AI models with more powerful cybersecurity capabilities like Anthropic’s Mythos and OpenAI’s Daybreak, organizations are being told to prepare for a flood of new vulnerability reports. But for bug bounty programs across the nation, that day may already be here, as yesterday’s frontier models and today’s open-source AI tools have dramatically increased the volume of bug reports flowing into companies around their own products or on larger bounty platforms online. GitHub, one of the world’s largest online code repositories, said it is tightening its definition of a “complete” bug report after a significant increase in AI-assisted submissions over the past year. (CYBERSCOOP.COM)

How a government contest launched a revolution in AI-based bug hunting

While the world alternates between panicking and fawning over Anthropic’s powerful new AI model Claude Mythos and its ability to discover serious software vulnerabilities, open-source AI systems are already revolutionizing the vulnerability-hunting landscape — at a far lower cost. These increasingly sophisticated open-source tools are the product of the Defense Advanced Research Projects Agency’s (DARPA) Artificial Intelligence Cyber Challenge, a multiyear effort to spur the development of AI systems that can quickly find and fix bugs in America’s sprawling web of critical infrastructure. The vulnerability-hunting systems that emerged from DARPA’s contest didn’t get splashy launches like Claude Mythos or OpenAI’s similar new tool, but because they’re open source and much cheaper to run, they could help far more infrastructure providers, businesses and independent software developers. (CYBERSECURITYDIVE.COM)

How much power does the EU AI Office actually have?

OPINION: On Aug. 2, the European Commission’s AI Office will gain three significant authorities. This includes the ability to demand documentation from the developers of the world’s most powerful artificial intelligence models, commission independent evaluations of those models (including access to source code), and impose fines of up to 3 percent of global annual turnover for noncompliance. These are among the most far-reaching regulatory powers any government has claimed over frontier AI—yet they have received surprisingly little detailed analysis. (LAWFAREMEDIA.ORG)

Defense

‘Going to change everything’: Special Forces joins Army’s next-gen C2 prototype experiments

It started by happenstance. Last summer, a senior Army special forces leader was on a routine visit to Fort Carson to see 10th Special Forces Group when he got to talking to the commander of the 4th Infantry Division, which also resides at the base. The 4th ID commander, Maj. Gen. Patrick Ellis, mentioned the conventional unit’s work with a prototype of the Next Generation Command and Control (NGC2), the Army’s high-priority, high-profile network modernization effort. The talk made enough of an impression that word got back to 10th Group: “Figure out what it is.” To do that, Maj. Jaysin Williams, 10th Group’s SOF NGC2 Integration Director, told Breaking Defense he found his way into a 4th ID briefing — and a lightbulb went off. (BREAKINGDEFENSE.COM)

Drones

U.S. soldiers learn to identify drones by sound

Honing that skill, along with practicing identifying aerial threats by sight, were key takeaways from the recent US-led Project FlyTrap 5.0 exercise in Lithuania, which ran from the first two weeks of May. “No longer am I just scanning to my 12:00 and around me at ground level — we’ve incorporated this warfare to where we have to scan up and out as well … you have to now learn the sounds of the drones. Does it sound like one of the one-way attack ones coming in our potential direction?” said Sgt. 1st Class Tyler Harrington, a platoon sergeant for Eagle Troop, 2nd Cavalry Regiment, who led counter-drone tactics during the exercise, during a virtual media roundtable on May 14. (BREAKINGDEFENSE.COM)

ALSO: Five companies win DoD’s Drone Dominance small drone ‘Lethality Prize Challenge’ (BREAKINGDEFENSE.COM)

Education

Childcare workers’ digital lives under scrutiny as firm offers dark web screening after horror abuse scandals

Educators could face digital footprint and dark web screening under a provocative new vetting push in the wake of horror child abuse scandals that exposed catastrophic failures in childcare safeguarding systems. A private investigations firm is pitching a new child-safety vetting service that goes beyond Working With Children Checks and police checks by scrutinising a person’s online life, social media activity, compromised data, dark web exposure and behavioural patterns. Hunterwhite Recoveries and Investigations director Darren Whiteman says the current recruitment screening system remains too focused on historical offending and not enough on identifying emerging behavioural risk. (THENIGHTLY.COM.AU)

Energy

Pennsylvania releases ‘first-of-its-kind’ large-load model tariff

The Pennsylvania Public Utility Commission last week released a final order establishing a “first-of-its-kind” model tariff framework for large-load customers, including data centers, the PUC said. Notably, the order — which is nonbinding — recommends utilities charge large-load customers for any system upgrades that “would not have been needed ‘but for’ the interconnection” of that customer, “irrespective of whether other customers will benefit” from the infrastructure. It also instructs utilities to allow large-load customers to self-construct certain upgrades. (UTILITYDIVE.COM)

IT modernization

DHS data-migration guidance falls short as modernization project nears

The Department of Homeland Security has a couple of units readying plans for an overhaul of its financial management systems, but lagging best practices are putting the project at risk, according to a report published Monday by the Government Accountability Office. DHS has already migrated the Coast Guard’s systems and plans to use lessons learned to inform what’s up next: the Federal Emergency Management Agency and Immigration and Customs Enforcement. Despite the goals and prior experience, the watchdog’s audit found that DHS guidance and planning documents “varied in consistency.” (FEDSCOOP.COM)

Maritime

Port of Long Beach unveils new Cyber Defense Operations Center

The Port of Long Beach has opened a new Cyber Defense Operations Center (CDOC) dedicated to protecting the seaport from cyberattacks, utilizing monitoring and threat analysis to secure the digital infrastructure of one of the busiest maritime gateways in the United States. The Port of Long Beach says that it currently stops an attempted cyberattack approximately every three seconds, highlighting the constant threat to the $300 billion in trade handled annually by the complex. The new center will allow the Port to double its on-site cybersecurity staff. (SMARTMARITIMENETWORK.COM)

Nuclear

The race to develop American-made nuclear fuel

Nuclear power companies and the U.S. government are approaching a cliff — a gradually emerging shortage of enriched uranium to fuel new reactors and the backbone of America’s military deterrence. Companies, with help from the Department of Energy, are racing to build factories and enrichment capabilities in an effort to stand up an industry that the United States abandoned at the end of the Cold War. If it fails, according to DOE reports and interviews, developers of next-generation reactors that hope to deploy power plants this decade might not have what they need. And naval ships and warheads could see shortages of highly enriched uranium and tritium in the 2040s and 2050s. (EENEWS.NET)

Quantum

A quantum computing deadline looms. It threatens to kick off the biggest cybersecurity crisis ever

The clock is ticking on Q-Day, the looming yet unknown date when quantum computing will have the capacity to quickly and easily break the encryption keys that keep most internet communication safe. Experts have known about the hypothetical risk of Q-Day since the 1990s. But Google recently warned that quantum computers may be able to hack some encrypted systems by 2029 — a timeline that drastically narrows the window to safeguard data that many cybersecurity specialists had previously predicted. The new estimate means that governments, companies and other entities may have far less time to prepare. (CNN.COM)

Resilience

S. Korea enhances cyber command unit amid push for ‘soft-kill’ deterrence

South Korea’s military has upgraded a key operational unit under its Cyber Operations Command, in a move seen as part of efforts to strengthen cyber and electromagnetic capabilities against North Korea’s growing nuclear and missile threats, according to data submitted to a lawmaker Tuesday. The Cyber Operations Command has raised the rank of the commander of its 1st Operations Group from colonel to brigadier general starting this year, according to data submitted by the Defense Ministry to Rep. Kang Dae-sik of the People Power Party. The change is expected to be reflected in the next round of personnel appointments. (KOREAHERALD.COM)

Space

The newest space race is in cyber

Now that space is becoming a battlefield, cyberwar will be waged there, experts predict, and the race is on to develop cyber defenses that can protect new satellite constellations from foreign cyber-warriors, online spies and even criminal hacker gangs. The problem is that conventional cybersecurity tools mostly don’t work in orbit. Space is an unforgiving environment, with traditionally unique hardware and no room for uncertainty or even latency, both of which are characteristic of conventional cybersecurity tools. Intrusion detection and response looks very different in the various proprietary on-orbit network environments created by the new low earth orbit mega-constellations like Starlink and Amazon LEO. (GOVINFOSECURITY.COM)

LEGISLATIVE UPDATES

Federal agencies would use NIST’s AI guidelines under bipartisan House bill

Federal agencies would be required to develop artificial intelligence standards and use the National Institute of Standards and Technology’s AI guidelines under a bipartisan bill introduced Thursday. Led by Rep. Ted Lieu (D-Calif.), the bill would require agencies to use the Artificial Intelligence Risk Management Framework, developed by the NIST in 2023, and work with the agency in developing other consistent standards and guidelines. Reps. Zach Nunn, an Iowa Republican, and Don Beyer, a Virginia Democrat, co-sponsored the bill, with Beyer calling it “a natural starting point” to ensure agencies have the tools they need to navigate AI’s complexities. (FEDSCOOP.COM)

House bill looks to improve Pentagon’s data recovery efforts

Reps. Suhas Subramanyam (D-Va.) and Richard McCormick (R-Ga.) introduced bipartisan legislation that would require the Department of Defense (DOD) to ensure it can quickly restore military data in the event of a cyberattack. The lawmakers introduced the National Defense Data Resilience Act on May 7. The legislation is aimed at setting clear deadlines, known as recovery time objectives (RTOs), for the Pentagon to restore critical systems and data after an attack. “Cyber warfare is a growing threat, and our federal government should be prepared. Without this bill, we are leaving the safety and security of our nation vulnerable instead of maintaining necessary technological advancements,” Subramanyam said in a May 14 press release. (MERITALK.COM)

Bipartisan senators unveil legislation banning gambling ads to minors

A pair of Senate lawmakers introduced legislation Monday to ban digital gambling advertisements targeting minors. The bill, titled the Gaming Advertisement to Minors Enforcement (GAME) Act, would establish a federal ban on sports betting ads placed on social media platforms. Its co-sponsors, Sens. Richard Blumenthal (D-Conn.) and Katie Britt (R-Ala.), said the bill hopes to combat the “rapid and concerning rise in youth gambling.” (THEHILL.COM)

COMMITTEE ACTIVITY

CHINA: The Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party will hold a May 19 hearing on the rise of CCP-linked scam networks targeting Americans and threatening U.S. security.

BUDGET: The Senate Homeland Security and Governmental Affairs Committee is scheduled to hold a May 19 business meeting to consider reconciliation recommendations to the Budget Committee.

TSA MODERNIZATION: The House Homeland Security Committee will hold a May 20 hearing on to hear industry perspectives on key security and travel reforms 25 years after 9/11.

SLTT CYBER: The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a May 21 hearing on state and local cybersecurity in the context of escalating threats, federal partnership and the resilience of America’s communities.

WATER: The House Science, Space and Technology Environment Subcommittee will hold a May 21 hearing on applying science to secure U.S. water systems from cyber threats.

ALERTS AND ADVISORIES

ShinyHunters: Cyber criminal group attacks learning management system

The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning Management System (LMS), resulting in an interruption of service to educational institutions and students across the country. The LMS platform is now fully operational. ShinyHunters (SH) — which claimed the cyber-attack that caused the disruption—is a cyber criminal group specializing in large — scale data breaches and extortion. They target major companies across tech, finance, and retail, often stealing millions of customer records at once. (IC3.GOV)

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

Critical vulnerability affecting Cisco Catalyst SD-WAN

The Canadian Centre for Cyber Security (Cyber Centre) is aware of active exploitation of Cisco Catalyst Software-Defined Wide Area Network (SD-WAN) devices. In response to the Cisco security advisory released on May 14, 2026, the Cyber Centre issued AV26-471 on May 14, 2026. Tracked as CVE-2026-20182, this vulnerability  is a critical Improper authentication  vulnerability (CWE-287) affecting the peering authentication process of Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). (CYBER.GC.CA)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

AI AND CHINA: As the U.S.-China AI competition intensifies, Congress is playing an increasingly active role in shaping America’s response. Join CNAS on May 19 for a fireside chat on the U.S.-China AI competition with House Foreign Affairs Committee Chairman Brian Mast (R-Fla.).

SECURITY POLICY: Congressman Michael McCaul has been at the center of Congress’s foreign policy debates over the past two decades, first as chairman of the House Homeland Security Committee and later as the chairman of the House Foreign Affairs Committee. As Chairman Emeritus McCaul prepares to leave Congress and begin a new chapter of his service to the nation, please join Mariano-Florentino (Tino) Cuéllar, president of the Carnegie Endowment for International Peace, for a May 20 conversation with the congressman reflecting on his legacy on Capitol Hill, his views on the future of American global leadership, and the lessons that his career offers to the next generation of policymakers.

AI AND HEALTHCARE: As AI rapidly transforms healthcare, the ability to responsibly access, share, and scale health data has become a defining factor in U.S. competitiveness and national security. How can the U.S. unlock the value of health data while protecting privacy? On May 21, the Atlantic Council’s Cyber Statecraft Initiative will host a panel discussion at the Capitol Visitors’ Center on the future of health data and artificial intelligence (AI).

SPACE: Join the Center for Strategic and International Studies (CSIS) Aerospace Security Project and Secure World Foundation (SWF) on May 22 for a discussion on the evolving space threat environment and the latest trends in global counterspace capabilities.

AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.

RUSSIA: For nearly two decades, U.S. strategy produced meaningful cooperation as Russia and the United States cooperated in outer space, counterterrorism and nuclear energy. While today is starkly different from the 1990s, what lessons can be learned from this period of cooperation? Once there is a fair peace in Ukraine and Russia atones for the damage it has done, will it be worth resuming cooperation? Join Rose Gottemoeller, a nonresident fellow in Carnegie’s Nuclear Policy Program and former deputy secretary general of NATO, for a May 27 conversation with Andrew S. Weiss, the James Family Chair and vice president for studies at the Carnegie Endowment, to explore how Gottemoeller tackles these questions in her new book “Security Through Cooperation.”

ELECTROTECH STACK: The most pressing danger may not be Chinese hardware but rather American policy paralysis: overcorrection that delays the technologies this buildout demands, or indecision that continues ceding strategic ground to Beijing. FDD and CMIST will host a May 28 discussion moderated by Harry Krejsa, director of studies at CMIST, featuring Phoebe Benich, non-resident fellow at CMIST; and Dr. Emma Stewart, non-resident fellow at CMIST and lead for Idaho National Laboratory’s Center for Securing Digital Energy Technology. RADM (Ret.) Mark Montgomery, senior director of FDD’s Center on Cyber and Technology Innovation (CCTI), will provide introductory remarks.

AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?

CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.

BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!