Cyber Briefing – May 21, 2026
TODAY’S TOP 5
AI EXECUTIVE ORDER COMING: President Donald Trump is poised to issue an executive order as soon as today aimed at bolstering artificial intelligence cybersecurity and has asked tech industry leaders to join for the event, according to people familiar with the matter, Bloomberg reports. The order that Trump is expected to sign would revamp existing cybersecurity information-sharing programs to include AI companies while stopping short of mandatory federal approval of cutting-edge models. Instead, it would call for voluntary government testing of frontier AI systems to find and patch weaknesses across federal, state and local networks, as well as critical US infrastructure, without requiring extensive new oversight.
- The National Security Agency is expected to play a key role under the order and would potentially handle classified testing of models offered up by AI labs before those models are publicly distributed, Nextgov/FCW reports. Sources also cautioned that decisionmaking in the White House is highly fluid and that details and timing around the final version of the directive may change.
- China’s diplomats are on an “AI governance” offensive, Audrye Wong and Ryan Fedasiuk write at War on the Rocks. At a May 5 United Nations meeting, China’s vice minister of science and technology championed China’s role in shaping U.N.-led frameworks that determine how the technology should be built and used. Just a week earlier, two top Chinese AI experts actively involved in Beijing’s governance efforts appeared by video on a Capitol Hill panel discussion hosted by Senator Bernie Sanders, touting China’s contributions to AI safety and cooperation. Norms and standards on AI development and applications are still being defined. Being a standards-setter rather than a standards-follower can simultaneously solidify a country’s technological leadership and ensure its companies retain an edge in global markets. Even as the United States maintains its lead in frontier AI capabilities, the rapid proliferation and adoption of lower-cost open-weight Chinese models not only poses security risks but also risks entrenching Chinese standards.
- Developing and deploying AI systems in government settings requires myriad choices, many of which could impact safety, security and constitutional values. Congress cannot easily anticipate all of these choices, much less decide on rules for them in advance. This creates a dilemma: A complete legislative specification of these design choices will remain impossible, but reliance on the good faith of the executive branch to govern its own AI deployments responsibly is equally unwise, Cullen O’Keefe writes at Lawfare. Additional oversight mechanisms are therefore necessary. This article proposes a new approach: Congress should require the executive branch to secure affirmative congressional approval before deploying AI in certain high-risk domains.
- The White House is preparing a new executive order aiming to spur federal agency migration to a post-quantum cryptographic standard under particular deadlines, as well as requiring covered contractors to take similar steps within the same window. A person familiar with the draft order told Nextgov/FCWthat the current version tasks the Office of Management and Budget with issuing guidance and deadlines for transitioning high-impact systems to encryption standards intended to withstand code-breaking powered by an eventual fully operational quantum computer. The person confirmed that all agencies must migrate their high-value assets, apart from national security systems.
NEW INFRASTRUCTURE THREAT FROM IRAN HACKERS: Iranian hackers said today that they have detected “preparations for the renewed outbreak of military conflict in the coming days” and would respond to U.S. and Israeli actions with “devastating” widespread attacks targeting energy and IT infrastructure, Threat Beat reports. In a statement posted on their Telegram and X accounts, Handala said they believed more war is coming based on “an investigation into certain covert accesses” into U.S. and Israeli “military and security systems,” and have a launch plan in place with the IRGC for “combined cyber, missile, and drone operations.”
- U.S. officials suspect Iranian hackers are behind the breach of gas station pump displays in several states. The hacks are part of a long-term Iranian campaign targeting U.S. critical infrastructure, including water and transportation systems. Iran’s cyber activity against U.S. targets has only increased since Washington and Jerusalem went to war against the Tehran regime, targeting systems enabling essential services that are all too often unprotected, Johanna Yang and Ari Ben Am write at FDD. The systems that Iran is exploiting either have default passwords or none at all. Critical infrastructure owners and operators must install their products with better cybersecurity in mind.
STATE LEADERS ON THE HILL FOR SLCGP: Three state tech leaders plan to testify before Congress today to discuss cybersecurity as well as the currently unfunded State and Local Cybersecurity Grant Program, Government Technology reports. The group is slated to speak with the U.S. House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection in an afternoon hearing that will be livestreamed. The National Association of State Chief Information Officers (NASCIO), a nonpartisan group that represents state technology leaders, announced via LinkedIn that they would discuss “how the State and Local Cyber Grant Program has improved cybersecurity and what states are doing to protect their networks.” The trio includes CIOs from Florida and Tennessee, along with the director of security and intelligence for New York.
- A newly updated Congressional Research Service report cataloguing major cyberattacks 2012-2025 offers Congress its most comprehensive public accounting yet of foreign adversaries targeting U.S. networks, and the picture it paints is not reassuring. The report, authored by CRS cybersecurity specialist Chris Jaikaran and updated May 18, 2026, documents dozens of nation-state and criminal cyberattacks against U.S. government agencies, critical infrastructure, financial institutions, and private companies, Legis1 reports. It arrives at a moment when the Trump administration has reduced staff at the Cybersecurity and Infrastructure Security Agency and moved to roll back Biden-era cyber regulations, creating a direct tension between the threat landscape the report describes and the policy direction currently underway.
DRONE THREATS AND TECH: Residents of Lithuania’s capital were told to take shelter and the president and prime minister were taken to safe locations on Wednesday after an alarm over drone activity near the border with Belarus, underlining jitters on NATO’s eastern flank over incursions related to Russia’s all-out invasion of Ukraine, The Associated Press reports. An emergency announcement from the military urged people in the region of Vilnius, the country’s capital, to “immediately head to a shelter or a safe place.” The alert, which lasted for about an hour, also led to the closure of the airspace over Vilnius Airport. President Gitanas Nauseda and Prime Minister Inga Ruginiene were taken to shelters, and there was also an evacuation order at Lithuania’s parliament, the Seimas, the BNS news agency reported.
- While U.S. forces deployed to the southern border employ several fixed and mobile counter-drone systems, the top general in charge of stateside defense said troops lack adequate technology for patrols, DefenseScoop reports. Within days of President Donald Trump’s inauguration, troops quickly flooded to the southern border as part of the administration’s crackdown on immigration, soon taking to mounted and dismounted patrols along the barrier. Since then, the region has become what officials dubbed a testbed for counter-UAS systems, part of an effort to zap drones coming over the border. Gen. Gregory Guillot, commander of U.S. Northern Command, reaffirmed that the southern border has become a “literal and a figurative sandbox” for industry and operations. But he also said that cartel drones are flying over Marines and soldiers “all the time” and that troops don’t have enough counter-unmanned aerial system coverage while conducting patrols.
- The U.S. Navy sees a future in which uncrewed underwater vehicles (UUV) work together with submersibles loaded with SEALs. The service has already been conducting tests to explore how crewed-uncrewed teaming under the waves might work. UUVs could help extend the operational reach of operators riding in SDVs, as well as help reduce their vulnerability, but there are communications and other challenges still to overcome. Navy Capt. Mike Linn shared details about the Navy’s plans for teaming UUVs and various types of swimmer delivery vehicles (SDV) with The War Zone on the sidelines of the annual SOF Week conference.
NEW PENTAGON TASK FORCE ON SUPERCHARGED AI MODELS: The Pentagon’s cyber-warfighting arm is launching a task force to speed up the adoption of cutting-edge artificial intelligence tools with powerful hacking capabilities, according to three people with knowledge of the effort. The initiative from U.S. Cyber Command — which has not been previously reported — underscores the Pentagon’s concerns about the sudden emergence of private sector-built AI models that can unearth security flaws in digital systems faster than the world’s best hackers. The task force was announced to staff two weeks ago by Gen. Joshua Rudd, the dual-hat leader of the National Security Agency and Cyber Command, according to an internal email described to POLITICO by two of the people with knowledge of the effort. seen.utting remote-controlled air and ground systems to uses the world has never seen.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
In the latest episode of Cyber Focus, Frank Cilluffo speaks with Walter Haydock, founder of StackAware, about the accountability, governance and national security challenges emerging as organizations rush to deploy artificial intelligence. Haydock argues that AI does not erase familiar cybersecurity and risk-management problems but accelerates them. From non-human identities and AI agents to third-party risk, federal regulation and the environmental demands of AI infrastructure, the conversation centers on a core question: Who is accountable when AI systems act, fail or cause harm? Rather than treating AI governance as a compliance checklist, Haydock makes the case for assigning clear ownership, focusing policy on outcomes and giving business leaders — not risk advisors alone — responsibility for the risks their organizations accept.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Biothreats
Ebola fears surge on the ground in Congo over rapid spread of a rare type
Anxious healthcare workers in eastern Congo said Wednesday they are underprotected and undertrained in a rapidly spreading Ebola outbreak of a rare type of the virus in one of the world’s most remote and vulnerable places. Long the scene of attacks by an array of armed groups, the region’s volatility now further complicates efforts to handle the crisis. Local leaders said an attack by militants linked to the Islamic State group killed at least 17 people on Tuesday night in Alima village in Ituri, a province that has become the hot spot of the outbreak. The World Health Organization, which noted a low risk globally, has said “patient zero” has not been found. (APNEWS.COM)
Breaches
Grafana Labs says code breach stemmed from TanStack attack
A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages. Grafana Labs, which makes the AI-powered visualization app Grafana, said on May 17 that it had discovered an unauthorized attacker had downloaded its codebase after accessing the firm’s GitHub environment. In an update this week, the developer shared more about the incident, revealing that it first spotted the malicious activity on May 11 and tied it to the TanStack supply chain attack. (INFOSECURITY-MAGAZINE.COM)
Cybercrime
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. According to the Ukrainian police, the threat actor used information-stealing malware between 2024 and 2025 to infect users’ devices and steal browser sessions and account credentials. Infostealers are a popular type of malware that harvests sensitive data, including passwords, browser cookies, session tokens, crypto wallets, and payment information, from infected devices and sends it to cybercriminals for account theft, fraud, and resale. (BLEEPINGCOMPUTER.COM)
Education
Delano becomes latest Minnesota school district hit by ransomware attack
Classes have been canceled in Delano, Minnesota, on Wednesday after the school district said it suffered a “cyber incident.” Delano Public Schools Superintendent Matt Schoen says they discovered early Tuesday morning that someone gained access to their system, printing out hundreds of pages throughout the district that just said the word “ransom” at the top, with a message that was otherwise encrypted. (CBSNEWS.COM)
Health care
Data breach on New York public health system claims 1.8M victims, leaking biometric data to hackers
The largest public health system in the U.S. confirmed in a filing with the Department of Health and Human Services that a data breach on its network impacted 1.8 million patients, exposing their personal data to hackers. The data breach, which was said to have lasted for months, was revealed by NYC Health + Hospitals in March. At the time, the health system said it first discovered “suspicious activity” on its network in February, at which time it moved to “immediately” secure its systems from access by the unauthorized third-party. An investigation found cybercriminals had been inside its IT infrastructure since November 2025, stemming from a breach on an unnamed vendor the organization contracts with for services. (HEALTHEXEC.COM)
Supply chain
GitHub internal repositories breached via malicious Nx Console VS Code extension
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its developers’ systems was hacked in the wake of the recent TanStack supply chain attack. Other companies that were impacted by the TanStack compromise include OpenAI, Mistral AI, and Grafana Labs. (THEHACKERNEWS.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Google’s surge in Chrome vulnerability discoveries likely driven by AI
Chrome security advisories published by Google in late March and early April mentioned a handful of vulnerabilities “reported by Google”, but the number increased to 16 for the Chrome update released on April 15 and 21 for the update issued on April 28. The number of vulnerabilities found by Google surged to 100 in the advisory published on May 5. More than 70 vulnerabilities patched in the two most recent Chrome releases were found internally by the tech giant. While Google has not specifically said the vulnerabilities were discovered using AI, the timing of the surge and other aspects suggest that artificial intelligence is responsible. (SECURITYWEEK.COM)
AI code accelerates production failures and spending, study finds
The rapid adoption of AI-generated code is driving production failures and higher costs for enterprise customers. Eighty-one percent of enterprise technology leaders among more than 200 surveyed reported an increase in production issues linked to AI-generated code, according to a study published by enterprise software delivery biz CloudBees. Sunil Gottumukkala, CEO of Averlon, an agentic vulnerability remediation biz, told The Register in an email that these issues tend to refer to functionality bugs, performance issues, availability problems, and security vulnerabilities rather than CI/CD failures. (THEREGISTER.COM)
Education
Indian student data weaponized in phishing and financial fraud campaigns
A growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering, and financial fraud. As educational institutions rapidly adopt digital platforms for admissions, fee payments, examinations, and communication, the volume of sensitive student information stored across systems has expanded significantly, creating new opportunities for threat actors. A report highlights that cybercriminals are no longer relying on generic scams. Instead, they are using structured, data-driven approaches that leverage real student information to craft highly convincing attacks. (GBHACKERS.COM)
Health care
Why smaller health care providers remain easy targets
Small and mid-sized health care organizations continue to fall victim disproportionately to hacking incidents, including ransomware attacks and data thefts – affecting large populations of patients. Eight recently reported hacking incidents by smaller medical practices affected nearly 2 million individuals, with single breaches ranging from about 100,000 to nearly 600,000 individuals. The victims span a broad range of medical specialties and geographic regions. The victims include Coastal Carolina Health Care in North Carolina, with a hack affecting 110,304 individuals, to Erie Family Health Centers in Pennsylvania, with an incident affecting 570,000 patients, with an assortment of many other types of smaller organizations in-between. (HEALTHCAREINFOSECURITY.COM)
ICS/OT
Critical flaw in OT robot OS gives attackers control
A critical command injection vulnerability in the operating system (OS) for collaborative robots used across operational technology (OT) environments allows an unauthenticated attacker to execute commands on the system. Exploiting the flaw could threaten the integrity of the system and potentially the safety of those interacting with it. Danish company Universal Robots has patched the vulnerability, tracked as CVE-2026-8153 and found in the Dashboard Server interface of Universal Robots PolyScope 5. The flaw exists because the Dashboard Server accepts user-controlled input and passes it to the underlying OS without proper neutralization of special elements, according to a company security advisory. (DARKREADING.COM)
CrowdSec flags rising exploitation of Four-Faith industrial routers as botnet activity grows across critical sectors
Threat actors are actively exploiting a critical authentication bypass flaw in Four-Faith F3x36 industrial cellular routers, with security researchers warning that the attacks have escalated into large-scale botnet activity. According to new CrowdSec telemetry, exploitation attempts tied to CVE-2024-9643 surged in recent weeks, prompting the company to classify the activity as ‘mass exploitation’ on May 12. The vulnerability, which carries a CVSS severity score of 9.8, allows attackers to gain administrator access through hard-coded credentials embedded in the router’s web interface. The compromised routers are commonly deployed in industrial and remote environments, including utilities, warehouses, retail sites, and branch infrastructure, making them attractive footholds for cybercriminal operations. (INDUSTRIALCYBER.CO)
Malware
TamperedChef malware hides in signed apps to drop stealers and RATs
A large-scale malware campaign dubbed “TamperedChef” is leveraging trojanized productivity applications such as PDF editors, calendar tools, and file converters to silently deploy information stealers and remote access trojans (RATs), according to recent threat intelligence findings. Security researchers have identified multiple activity clusters linked to this evolving threat, including CL-CRI-1089, CL-UNK-1090, and CL-UNK-1110. While these campaigns share infrastructure and behavioral similarities, analysts caution that they are likely operated by different groups rather than a single threat actor. (GBHACKERS.COM)
Phishing
Researchers warn CypherLoc scareware has targeted millions of users
Security researchers have sounded the alarm over new scareware designed to lock users’ browsers and drive them to fraudulent tech support teams. Since the start of 2026, Barracuda researchers said they have observed around 2.8 million attacks which used the scareware dubbed CypherLoc. According to the cybersecurity firm, the CypherLoc campaign usually begins with a phishing email that directs the victim to a malicious web page through a link embedded in the email or in an attachment. (INFOSECURITY-MAGAZINE.COM)
Fake invitation phishing campaign steals credentials from U.S. organizations
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, which allows threat actors to rapidly generate event-themed lure pages at scale. These pages often begin with a CAPTCHA verification step, typically using Cloudflare, followed by a convincing invitation interface. (GBHACKERS.COM)
Supply chain
Supply chain security crisis: Too many vulnerabilities, too little visibility
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The global interconnectivity of business, and the systems and software it uses, has elevated the supply chain and supply chain threats to a preeminent cybersecurity concern. A particular issue is that many organizations are unaware of their position within a supply chain and can be victimized through no active fault of their own. The 2026 supply chain vulnerability report from Black Kite leads with the statement, ‘velocity without visibility is the new supply chain crisis’. Its analysis offers three primary takeaways. (SECURITYWEEK.COM)
Terrorism
Counterterrorism experts warn national security eroding 25 years after 9/11
The enhanced homeland defenses built in the aftermath of the Sept. 11, 2001, terror attacks are eroding, according to national security experts. With counterterrorism expertise diminishing, key intelligence authorities left in legal limbo, and the nation faces an environment full of threats, the witnesses described to the House Permanent Select Committee on Intelligence the fraying national security standards since the 9/11 Commission released its 2004 report and its 41 recommendations. Bruce Hoffman of the Council on Foreign Relations, who testified before the committee two weeks after 9/11, warned that “the superstructure of the security architecture that emerged is either diminishing, being dismantled or falling into disrepair.” (WASHINGTONTIMES.COM)
Vulnerabilities
Microsoft patches exploited UnDefend and RedSun Defender zero-days
Microsoft this week released patches for two vulnerabilities in Defender, warning they have been exploited in the wild as zero-days. The first, tracked as CVE-2026-41091 (CVSS score of 7.8), is described as a link-following issue that allows attackers to elevate their privileges to System. “Improper link resolution before file access (‘link following’) in Microsoft Defender allows an authorized attacker to elevate privileges locally,” Microsoft notes in its bare-bones advisory. (SECURITYWEEK.COM)

ADVERSARIES
China
China-linked webworm APT evolves tactics, expands to European targets
The China-aligned advanced persistent threat (APT) group Webworm has expanded its victim list beyond Asia, shifting focus to European governmental organizations as it evolves its tactics. Analysis of Webworm activity in 2025 by ESET researchers found it targeting government organizations in Belgium, Italy, Poland, Serbia and Spain. The group is known for its cyber espionage campaigns. Speaking during ESET World in Berlin on 19 May, Robert Lipovsky, principal threat researcher at ESET, said that there was not necessarily a correlation among the victim organizations and the operation seemed to be “semi-opportunistic.” (INFOSECURITY-MAGAZINE.COM)
Iran
The longest internet blackout in history is crippling Iran’s economy
Iranians are enduring the longest and most intense internet blackout in history, compounding an economic crisis that sparked nationwide protests in December. For nearly three months, businesses have been disconnected from clients and suppliers. Merchants have struggled to work with longstanding international business partners. Many businesses have closed, hurling more Iranians into unemployment. Iran was already experiencing economic turmoil before this year’s internet blackout and war. A compounding financial crisis sparked mass protests in the country in December 2025. Thousands of demonstrators were killed in the ensuing government crackdown, with the regime also choking off the internet to try to keep the world in the dark. (WSJ.COM)
Russia
Russia’s push for digital sovereignty yielding mixed results
Russia’s digital sovereignty push is multi-pronged, encompassing software, operating systems, hardware, and telecommunications. Kremlin directives have mandated that all critical infrastructure organizations (CIOs) replace foreign software and hardware with domestic alternatives by 2030, backed by billions in state investment. Domestic Linux operating system (OS) distributions, led by Astra, have expanded significantly following the Kremlin’s full-scale invasion of Ukraine. Astra now controls over 70 percent of the Russian-made operating system (OS) market, with ALT and Aurora filling gaps in state-enterprise and mobile technologies. The push to develop sovereign hardware has encountered serious setbacks. Baikal Elektroniks, a primary recipient of state support, faces persistent engineering shortages and high chip defect rates, prompting the Kremlin to consider forming a new state enterprise with up to one trillion rubles in subsidies. (JAMESTOWN.ORG)

GOVERNMENT AND INDUSTRY
Artificial intelligence
GAO: Privacy tech could be key to safer AI adoption
Companies and organizations are collecting more data than ever before, increasing potential security and privacy risks that privacy-enhancing technologies (PETs) could help reduce, according to the Government Accountability Office (GAO). PETs can modify, hide, or process data to make it difficult to access sensitive information, GAO explained in a report published Tuesday. They can also enable companies and organizations to work collaboratively on sensitive data that they otherwise wouldn’t share, such as financial or medical information, GAO added. The report comes as federal agencies’ use of artificial intelligence (AI) expands and industry integrates more AI services into business operations. (MERITALK.COM)
Defense
Special ops leader says Maduro mission set ‘new standard’
The wildly complex, surprise operation to capture then-Venezuelan leader Nicolas Maduro set a “new standard” for multi-layered joint operations – and provided a glimpse of the “future of special operations” for years to come, according to the leader of US Special Operations Command. “On the night of Jan. 3, the world watched as Operation Absolute Resolve unfolded. What I will posit today and suggested then, was that it has been, is, and will be the most sophisticated, integrated, interagency joint force raid that we have ever conducted,” Adm. Frank Bradley told the audience full of special operators, support staff and industry at SOF Week 2026 on Tuesday. (BREAKINGDEFENSE.COM)
Distributed combat power: How Ukraine is redefining fires, electronic warfare and air defense at the tactical level
OPINION: The war in Ukraine reveals a fundamental shift in how combat power is generated at the tactical level. The proliferation of cheap, rapidly adaptable systems has enabled a profound decentralization of leadership and responsibilities across fires, electronic warfare, and air defense. In contrast, U.S. Army formations, shaped by decades of operational dominance, retain a comparatively centralized model that may leave them ill-prepared for the demands of a persistently contested environment. This article examines Ukrainian adaptations — both technological and cultural — across three warfighting functions and draws lessons for the U.S. Army. (SMALLWARSJOURNAL.COM)
Energy
ISO New England sees marginal winter benefit from behind-the-meter batteries
For the first time, ISO New England is including small-scale behind-the-meter battery energy storage systems in its annual system forecast, the nonprofit grid operator said last week. ISO-NE said the decision reflects recent and expected growth in customer-sited energy storage systems of 1 MW or less paired with solar generation. The six-state system has about 111 MW of behind-the-meter energy storage today and could see 173 MW more come online over the next 10 years, ISO-NE said. By 2035, ISO-NE projects small-scale behind-the-meter energy storage will reduce the region’s summer peak by 124 MW. (UTILITYDIVE.COM)
IT modernization
Cyber leaders urge agencies to bring CISOs into modernization decisions
Federal cybersecurity leaders have a message: It’s time to bring chief information security officers (CISOs) to the decision-making table for government modernization projects. Speaking at the GovCIO Media and Research Federal Efficiency Summit in Reston, Va., officials from the Department of Transportation (DOT), Department of Labor (DOL), and Government Accountability Office (GAO) said many federal agencies are pursuing modernization efforts that rely on temporary integrations between decades-old systems and newer technologies. Justin Ubert, director of cyber protection at DOT, described the approach as a “Frankenstein approach to modernization” that creates operational and cybersecurity risks. (MERITALK.COM)
Space
DAF study finds new space launch site ‘probably’ required
A new Department of the Air Force study shows that the Space Force likely will require a new launch facility to get beyond the current crunch at at Vandenberg SFB in California and Cape Canaveral in Florida, Air Force Secretary Troy Meink said. “We’ve just finished up a study, and that’s working its way through the process to come down to the Hill. At a high level, what it says is we probably need another site that’s capable of heavy and super heavy launch capability,” he told the House Armed Services Committee (HASC). “It still shocks me a little bit that just launch bases, launch infrastructure seems to be the limitation right now on the nation’s ability to … at least for the next foreseeable future, grow our commercial launch infrastructure, which supports again both commercial and national [security launch.]” (BREAKINGDEFENSE.COM)
Germany touts pan-German space command amid European push to supplant U.S. tech
Germany’s defense minister used a rare four-nation gathering of German-speaking defense chiefs this week to push forward plans for a European military space command, calling on close partners including Austria, Switzerland and Luxembourg, to help shape the initiative rather than simply join it. Boris Pistorius, Germany’s defense minister, announced at a press conference in Berlin that Germany is developing a European Space Component Command alongside a Weltraumakademie − a multilateral space training academy − and insisted that partner nations will be “embedded in the design phase” rather than presented with finished structures. (DEFENSENEWS.COM)
LEGISLATIVE UPDATES
Tensions over prediction markets dominate Senate hearing
Senators at a Commerce Committee panel hearing aired concerns Wednesday about rapidly growing prediction markets, appearing largely unswayed by industry arguments that they are not a form of betting subject to state regulation. Members of the committee’s Consumer Protection, Technology and Data Privacy Subcommittee were in agreement at a hearing that sports “event contracts” on prediction markets bear a strong resemblance to traditional sports betting. They also shared worries about all forms of betting affecting the integrity of sports. The subcommittee heard from representatives of the sports betting and prediction market industries, as well as stakeholders focused on sports integrity, gambling regulation and gambling addiction. (ROLLCALL.COM)
COMMITTEE ACTIVITY
SLTT CYBER: The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a May 21 hearing on state and local cybersecurity in the context of escalating threats, federal partnership and the resilience of America’s communities.
WATER: The House Science, Space and Technology Environment Subcommittee will hold a May 21 hearing on applying science to secure U.S. water systems from cyber threats.
ALERTS AND ADVISORIES
CISA adds seven known exploited vulnerabilities to catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability, CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability, CVE-2009-3459 Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability, CVE-2010-0249 Microsoft Internet Explorer Use-After-Free Vulnerability, CVE-2010-0806 Microsoft Internet Explorer Use-After-Free Vulnerability, CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability, CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
INNOVATION: The National Cyber Innovation Forum convenes cybersecurity leaders from across the public and private sectors to push the boundaries of collective defense. Now in its fourth year, the forum assembles a trusted community on May 21 for important conversations to advance cyber strategy, policy readiness, and technology innovation.
AI AND HEALTHCARE: As AI rapidly transforms healthcare, the ability to responsibly access, share, and scale health data has become a defining factor in U.S. competitiveness and national security. How can the U.S. unlock the value of health data while protecting privacy? On May 21, the Atlantic Council’s Cyber Statecraft Initiative will host a panel discussion at the Capitol Visitors’ Center on the future of health data and artificial intelligence (AI).
SPACE: Join the Center for Strategic and International Studies (CSIS) Aerospace Security Project and Secure World Foundation (SWF) on May 22 for a discussion on the evolving space threat environment and the latest trends in global counterspace capabilities.
AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.
RUSSIA: For nearly two decades, U.S. strategy produced meaningful cooperation as Russia and the United States cooperated in outer space, counterterrorism and nuclear energy. While today is starkly different from the 1990s, what lessons can be learned from this period of cooperation? Once there is a fair peace in Ukraine and Russia atones for the damage it has done, will it be worth resuming cooperation? Join Rose Gottemoeller, a nonresident fellow in Carnegie’s Nuclear Policy Program and former deputy secretary general of NATO, for a May 27 conversation with Andrew S. Weiss, the James Family Chair and vice president for studies at the Carnegie Endowment, to explore how Gottemoeller tackles these questions in her new book “Security Through Cooperation.”
ELECTROTECH STACK: The most pressing danger may not be Chinese hardware but rather American policy paralysis: overcorrection that delays the technologies this buildout demands, or indecision that continues ceding strategic ground to Beijing. FDD and CMIST will host a May 28 discussion moderated by Harry Krejsa, director of studies at CMIST, featuring Phoebe Benich, non-resident fellow at CMIST; and Dr. Emma Stewart, non-resident fellow at CMIST and lead for Idaho National Laboratory’s Center for Securing Digital Energy Technology. RADM (Ret.) Mark Montgomery, senior director of FDD’s Center on Cyber and Technology Innovation (CCTI), will provide introductory remarks.
AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?
CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS