Cyber Briefing – May 26, 2026
TODAY’S TOP 5
POPE RELEASES ANTICIPATED AI ENCYCLICAL: Pope Leo XIV on Monday set out a sweeping vision for corporate executives, politicians and individuals who will shape and be shaped by the future of artificial intelligence, warning leaders to safeguard humanity from AI’s most disruptive effects, The New York Times reports. Leo’s declaration came in the form of a papal encyclical, an open letter to “all people of good will” that ran to roughly 42,300 words in its English version. It outlined his desire to protect human dignity and agency in an age in which technology threatens to replace humans in many professional and social roles. He presented it alongside Christopher Olah, a co-founder of Anthropic, in a symbolic gesture of dialogue between leaders of the spiritual and technological worlds. While emphasizing that “technology should not be considered, in itself, as a force antagonistic to humanity,” he wrote that “the pursuit of greater profits cannot justify choices that systematically sacrifice jobs.”
- Pope Leo said control of artificial intelligence must not remain in the hands “of a few” while warning that technology is fueling world conflicts, setting out his proposals in the first major theological document of his pontificate, CNN reports. These include protecting the distinctive “grandeur of humanity” amid rapidly changing technology and for the use of AI in warfare to be subject to “the most rigorous ethical constraints.”
- READ: “Magnifica Humanitas: On Safeguarding the Human Person in the Time of Artificial Intelligence”
WHAT’S NEXT FOR AN AI EXECUTIVE ORDER: White House officials and industry representatives sorting through the confusion of Thursday’s aborted artificial intelligence policy announcement still expect to see some policy emerge from the Trump administration on advanced AI models like Mythos. But President Donald Trump has “many” specific concerns about the draft executive order, he said in an interview Friday morning. And his decision to pull it after weeks in the making, even blindsiding some senior administration officials, underscores that a final call on this novel issue will not come easy, POLITICO reports.
- The U.S. government’s lead civilian cyber agency is heading into the AI era with shrinking resources and a diminished role as Washington scrambles to assemble a multi-agency response to emerging AI cyber threats, Axios reports. Former officials and industry leaders fear the Cybersecurity and Infrastructure Security Agency no longer has the capacity to help utilities, banks and other critical infrastructure operators prepare for a coming wave of AI-fueled cyberattacks. The agency is at its weakest just when it’s needed most, as the government braces for AI models like Anthropic’s Mythos to supercharge cyberattacks.
- Anthropic and OpenAI have spent the last month touting the hacking capabilities of their new artificial intelligence models. Researchers with access to these tools say they’re not exaggerating — and warn that the fallout could be even larger than imagined, as tools such as Anthropic’s Claude Mythos and OpenAI’s GPT-5.5 continue to develop, POLITICO reports. “It was very clear to me that this was going to be a game-changer,” Lee Klarich, chief product and technology officer at cybersecurity company Palo Alto Networks, said of testing Mythos when it was first unveiled. “I would actually say if you asked me today, it’s more [powerful] than I thought it was going to be then.”
- Last month, Anthropic launched Project Glasswing, a collaborative effort to secure the world’s most critical software before increasingly capable AI models can be turned against it. In a company update, Anthropic says they and 50 partners have used Claude Mythos Preview “to find more than ten thousand high- or critical-severity vulnerabilities across the most systemically important software in the world.”
- A mix of weapons inspectors, epidemiologists and code breakers, the AI Security Institute is one of the world’s largest and best-funded government efforts dedicated to probing the technology’s potentially catastrophic risks, The New York Times reports in a peek behind the curtain. The institute’s roughly 100 employees — drawn from British intelligence agencies, academia and tech companies — have found major safety gaps in every leading A.I. model they have tested, including Anthropic’s Claude and Google’s Gemini. Created nearly three years ago, the organization said it had co-opted A.I. systems into sharing instructions for making chemical and biological weapons, and planning and executing cyberattacks. It publishes its research and also works with Britain’s national security agencies to identify and prepare for emerging threats.
RUSSIAN SATELLITES MOVE WITHIN STRIKING DISTANCE: At least four Russian military satellites changed their orbits to match that of a Finnish-American radar surveillance satellite in the last week, raising questions about Russia’s intentions amid an ever-expanding standoff high above Earth, Ars Technica reports. The maneuvers were identified through open source orbital tracking data. Greg Gillinger, a retired Air Force space intelligence officer, revealed the orbit changes Friday in a special edition of his Integrity Flash newsletter, published by Integrity ISR, a private business that provides “combat-proven operational support and elite training that enhances mission success across ISR (Intelligence, Surveillance, and Reconnaissance), cyber, space, and targeting domains.” The Russian satellites in question, designated Kosmos 2610 through 2613, launched together on April 16 on a Soyuz-2.1b rocket from Plesetsk Cosmodrome in northern Russia. Over the last week or so, the four satellites adjusted their inclinations — the angles of their orbits to the equator — by less than a degree.
WHAT SPECIAL OPS NEEDS FROM AI NOW: U.S. special operators want AI tools that offer the power of giant data centers out on the disconnected front lines. SOF units already use generative AI “heavily” for things like resource allocation and force deployment, and are “delving” into its use for tactical operations, said Rob McClintock, the program manager for intelligence for the program executive office for digital applications. But today’s tools typically run in the cloud, connected to massive data centers. Operators need them to work in remote locations beyond reach of networks. Physical proximity to the “tactical edge” enables faster use of mission-critical data and faster decision-making, officials at the Global SOF Foundation’s SOF Week event said last week, Defense One reports.
- The Defense Department is requesting close to $30 billion in fiscal 2027 to purchase and enable next-generation AI supercomputers and modernize the military’s computing infrastructure to power them, DefenseScoop reports. According to recently published budget documents, the Pentagon aims to build out its portfolio of highly secure data centers, and ultimately centralize and scale supercomputing assets across the joint force through its new “AI Arsenal initiative.” The fiscal 2027 proposal comes with a $29.5 billion spending plan. This proposed funding increase is up for consideration as DoD is hustling to integrate commercial AI models into battle management and warfare operations, threat detection and analyses, supply chain logistics and more.
AI-FUELED ATTACKS THREATEN WATER: Artificial intelligence is making it easier for bad actors to initiate cyberattacks on water infrastructure, yet the water sector remains inadequately prepared, a panel of experts told lawmakers Thursday. Federal agencies are warning of an uptick in cyberattacks from foreign adversaries, including hackers with ties to Iran. Still, despite the need for continued federal support, the Trump administration is taking on a less central role in water infrastructure protection, according to the top cybersecurity expert at the Government Accountability Office, E&E News reports. “It has become less clear what leadership role the federal government plans to take,” said David Hinchman, director of information technology and cybersecurity at GAO. “The current administration has stated that it will increasingly defer to state and local governments to take the lead in infrastructure protection but has not yet provided details in this departure from the federal government’s historic role.”ial dominance, is concerning.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
In the latest episode of Cyber Focus, Frank Cilluffo speaks with Walter Haydock, founder of StackAware, about the accountability, governance and national security challenges emerging as organizations rush to deploy artificial intelligence. Haydock argues that AI does not erase familiar cybersecurity and risk-management problems but accelerates them. From non-human identities and AI agents to third-party risk, federal regulation and the environmental demands of AI infrastructure, the conversation centers on a core question: Who is accountable when AI systems act, fail or cause harm? Rather than treating AI governance as a compliance checklist, Haydock makes the case for assigning clear ownership, focusing policy on outcomes and giving business leaders — not risk advisors alone — responsibility for the risks their organizations accept.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Biothreats
Attacks from suspicious residents complicate the fight against a rare type of Ebola
Every time Vanny Birungi, a volunteer with the Red Cross in eastern Congo, goes out to raise awareness about the latest Ebola outbreak as suspected cases near 1,000, she faces a double threat. One is the rare Bundibugyo type of Ebola, with no vaccine or treatment. The other is the anger and suspicion of residents who have pelted her with stones and verbal abuse in Bunia, a city at the heart of the outbreak. “We continue to tell them that the disease is out there. Some accept, and others don’t,” Birungi told The Associated Press on Monday as she and colleagues spoke with groups of people in a working-class neighborhood under the scorching sun. Aid workers are especially at risk in this volatile region where residents, like Birungi, have long been under threat of armed groups that have killed thousands of people and displaced many more in recent years. (APNEWS.COM)
MORE: Hantavirus, Ebola highlight political division over disease (ROLLCALL.COM)
ALSO: Ebola and hantavirus outbreaks prompt raft of conspiracy theories in divided U.S. (THEGUARDIAN.COM)
Breaches
Ghost CMS vulnerability exploited to hack over 700 websites
A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging to major organizations, according to Chinese cybersecurity company Qianxin. The exploited vulnerability is tracked as CVE-2026-26980 and its existence came to light in February when it was patched. Ghost is a widely used open source CMS designed specifically for blogging, newsletters, and publishing, offering built-in tools for memberships, subscriptions, and audience monetization. According to its developer, Ghost is actively used by over 100,000 websites. (SECURITYWEEK.COM)
DocketWise data breach impacts 143,000
Immigration and legal case management platform DocketWise is notifying over 143,000 people that their personal, financial, and medical information was compromised in a data breach. The incident, the company says, involved third-party partner repositories that a threat actor cloned using valid credentials. DocketWise launched an investigation into the matter in October 2025, and this year determined that some of the cloned repositories were used as a data migration pipeline for the DocketWise application, which contains law firm records, including personally identifiable information (PII). (SECURITYWEEK.COM)
FBI chief Kash Patel’s clothing store hacked in ClickFix infostealer attack
An online clothing shop linked to FBI Director Kash Patel went offline on Friday after it was found distributing an Infostealer to visitors. The shop, called Based Apparel, was compromised by hackers to trick macOS users into downloading this specific type of malware that steals private data. The unknown hackers involved in this campaign used a deceptive technique known as a ClickFix attack. When a user visited BasedApparel.com, the website displayed a fake warning page designed to look exactly like Cloudflare, a website security company that runs anti-bot “Verify you are human” checks. (HACKREAD.COM)
Chemicals
Risk of devastating explosion has been ‘eliminated’ in California toxic chemical tank incident, officials say
Southern California officials said Monday the risk of a devastating vapor explosion has been avoided in an incident involving a storage tank containing methyl methacrylate, a toxic chemical used to manufacture resins and plastics. A crack in the tank has released pressure and the internal temperature is decreasing, the Orange County Fire Authority said Monday, circumventing the worst-case scenario. The tank started to heat up and bulge last week, prompting concerns that it would rupture and the chemical inside would explode or leak. (NBCNEWS.COM)
Cybercrime
Netherlands seizes 800 servers, arrests 2 for aiding cyberattacks
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia’s intelligence agencies. (KREBSONSECURITY.COM)
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. Unlike typical IPTV service providers that openly market themselves online and expose their operations, CINEMAGOAL’s approach was stealthier, as it used an app that customers installed on their devices. During the large-scale anti-piracy operation called “Tutto Chiaro” (All Clear), Italian law enforcement conducted 100 searches across the country and seized materials that could help investigators identify involved individuals, as well as determine the amount of illegal profits. (BLEEPINGCOMPUTER.COM)
Dark web
Hacker selling 340 million OnlyFans user records built from old breaches
A threat actor is advertising what they describe as a massive database containing information linked to hundreds of millions of OnlyFans users, including creators and subscribers. However, conversations with the seller and a review of sample data suggest that the collection did not result from a direct breach or scraping of OnlyFans systems. The listing appeared earlier this week on a well-known cybercrime forum, where a user operating under the alias “Euphoric_Reply_5727” offered what they described as “340 Million User Records” linked to OnlyFans users. The seller priced the database at 0.313 BTC, roughly $24,007 USD at the time of writing. (HACKREAD.COM)
Government
Chelan County, Wash., government shuts down networks after cyberattack
Chelan County officials shut down all government computers, networks and telephone systems on Memorial Day after detecting a malicious software hack that impacted every county department. The county’s IT department detected the malware attack at 10 a.m. on Monday. As a safety precaution, officials immediately turned off all network routing, computers and telephone lines across every government office. The widespread shutdown does not impact emergency services. (FOX13SEATTLE.COM)
Health care
Third-party cyberattack impacts patient information at The Oncology Institute
The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The healthcare network first disclosed the security breach in November 2025 while the vendor’s investigation was still ongoing. Although the provider has not been officially named, reports suggest Cognizant-owned TriZetto may be involved. The Oncology Institute, Inc. is a U.S.-based healthcare company that provides community-based cancer care services. It operates a network of oncology clinics focused on treating patients with cancer in outpatient settings, aiming to make care more accessible outside of large hospital systems. (SECURITYAFFAIRS.COM)
Radiology Associates of Richmond data breach affects 266K individuals
Radiology Associates of Richmond in Virginia, one of the oldest, continuously operating private radiology practices in the United States, has announced another major data breach. Two years ago, the protected health information of more than 1.4 million individuals was compromised in a cybersecurity incident. A little over one year later, another cybersecurity incident was experienced that exposed the personal and protected health information of more than 266,000 current and former patients. The most recent incident has recently been reported to the Maine Attorney General as involving unauthorized access to the electronic personal and protected health information of 266,183 individuals. (HIPAAJOURNAL.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Hackers use SEO poisoning to fake Gemini CLI and Claude code installers
Hackers are increasingly abusing search engine optimization (SEO) techniques to distribute malware by impersonating popular AI developer tools, including Gemini CLI and Claude Code. The activity, first observed in early March 2026, shows attackers creating malicious domains that rank above legitimate sources in search engine results. Developers searching for official installation guides are redirected to these fake websites, which closely mimic real documentation from trusted vendors. Once on the page, victims are instructed to copy and execute a PowerShell command to install the tool, unknowingly triggering a hidden malware infection. (GBHACKERS.COM)
Health care
Neural device implants: Emerging privacy, security risks
Implanted neural devices could transform treatment for patients with paralysis, stroke and other serious medical conditions. But the same technologies create major privacy, security and safety risks, especially if manufacturers prioritize convenience features, data collection and artificial intelligence-driven analytics over security, said Andrea Matwyshyn, professor of law and engineering policy at Penn State Dickinson Law. Privacy concerns will grow as developers combine neural devices with predictive AI systems and internet of things connectivity, Matwyshyn said. What’s to stop companies from repurposing sensitive neural data for marketing, surveillance or behavioral analysis? (HEALTHCAREINFOSECURITY.COM)
Ransomware
NightSpire ransomware abuses RDP for stealthy persistence
NightSpire has quickly emerged as a significant ransomware threat since its discovery in early 2025, combining classic double-extortion tactics with stealthy intrusion techniques. The malware not only encrypts victim data but also exfiltrates sensitive files, threatening to publish them on a Tor-based leak site if ransom demands are not met. In just a three-month window between March and June 2025, NightSpire operators compromised at least 64 organizations across 33 countries, with the United States reporting the highest number of victims, followed by Turkey, Hong Kong, Japan, Taiwan, Mexico, Spain, and Egypt. (GBHACKERS.COM)
Supply chain
Laravel-Lang PHP packages compromised to deliver cross-platform credential stealer
More than 700 versions associated with these packages have been identified, indicating automated mass tagging or republishing. It’s suspected that the attacker may have managed to obtain access to organization-level credentials, repository automation, or release infrastructure. What makes the attack stand apart from is that the actual project’s source code was not altered to include the malware. Instead, the attackers rewrote every existing git tag in each repository to point to a new malicious commit. (THEHACKERNEWS.COM)
Venues
Fake streams, counterfeit merch and other scams: How fraudsters target F1 Fans
Cybercriminals and fraudsters have dedicated entire ecosystems to scamming and stealing from Formula 1 fans, a new report has warned. According to the Bitdefender Cybersecurity Grand Prix Fan Threat Index, the growing global digital ecosystem around motorsport makes it an ideal target for scammers. Fans and Formula 1 teams alike now find themselves in attackers’ crosshairs. Scams targeting F1 fans range from being sold counterfeit merchandise and fake grand prix tickets, to illegal streaming services and social media scams. All designed to steal personal information, credit card details, generate illicit revenue and distribute malware. (INFOSECURITY-MAGAZINE.COM)
Vulnerabilities
CISA orders feds to patch actively exploited Drupal vulnerability
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. Drupal is typically used by large organizations managing massive data structures and multi-site installations, including government entities, educational organizations, major research universities, and high-profile enterprise and media organizations. Google/Mandiant researcher Michael Maturi discovered this vulnerability (now tracked as CVE-2026-9082) in Drupal’s database abstraction API. (BLEEPINGCOMPUTER.COM)
Apache CXF flaw exposes systems to LDAP injection attacks
Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, potentially allowing unauthorized access to sensitive certificate data. The issue, tracked as CVE-2026-44930, has been classified as “important” and affects the LDAP certificate repository within the XKMS (XML Key Management Specification) service of Apache CXF. The vulnerability exists in the cxf-services-xkms-x509-repo-ldap component, which manages X.509 certificates via LDAP directories. Due to improper input validation, attackers can manipulate LDAP queries by injecting malicious input. (GBHACKERS.COM)
KnowledgeDeliver LMS flaw exploited to deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to unauthenticated remote code execution via a ViewState deserialization attack. The abuse of publicly disclosed ASP.NET machine keys by threat actors was first documented by Microsoft in February 2025. (THEHACKERNEWS.COM)
‘Underminr’ vulnerability lets attackers hide malicious connections behind trusted domains
Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Dubbed Underminr, the issue is a variant of domain fronting, a now-mitigated type of attack that enabled threat actors to place an allowed domain in the SNI and TLS certificate validation fields of an HTTPS request, while embedding a different target domain in the TLS tunnel’s encrypted HTTP host header. Because CDNs routed requests internally based on the host headers, the request reached the hidden destination, while traffic would appear to be going to a reputable front domain. (SECURITYWEEK.COM)

ADVERSARIES
China
China and the U.S. agreed to ‘strategic stability’ in Beijing. They don’t define it the same way
OPINION: The Beijing summit between U.S. President Donald Trump and Chinese President Xi Jinping produced something rarer than a breakthrough: a mutually useful ambiguity. Washington came away advertising deals. Beijing came away advertising a doctrine. Both sides claimed stability. But a close comparison of the two readouts shows they did not mean the same thing. The White House framed the summit as a package of practical wins. Its fact sheet emphasized a “constructive relationship of strategic stability” based on “fairness and reciprocity,” a fall visit by Xi to Washington, and understandings on Iran, the Strait of Hormuz, and North Korea. It also packaged the summit’s commercial deliverables around rare earths and critical mineral supply chains concerns, Boeing aircraft purchases, agricultural purchases, beef market access, and poultry imports. (CFR.ORG)
Price fixing indictment of Chinese companies underlines U.S. vulnerability to China’s monopolization of maritime industries
OPINION: In the 1950s, the United States invented the shipping container, revolutionizing global trade. Today, China makes almost all of them — and just got caught fixing the price. On May 19, the U.S. Department of Justice (DOJ) indicted four of the world’s largest container manufacturing companies and seven executives — all Chinese — for a “global conspiracy” to fix prices and restrict output of nearly all the world’s standard dry shipping containers. The alleged cartel — which includes one wholly owned subsidiary of China’s state-owned shipping line COSCO — operated during COVID-19, when supply chains were already under severe strain, exploiting that window to double global shipping container prices and increase company profit margins one hundredfold. (FDD.ORG)
Iran
U.S. military says it carried out ‘self-defense’ strikes in Iran, including on missile launch sites
The U.S. military said Monday that it carried out “self-defense” strikes in southern Iran, including on missile launch sites and boats placing mines, even as President Donald Trump said on social media that negotiations with Tehran were “proceeding nicely.” The strikes were done “to protect our troops from threats posed by Iranian forces,” but the military was “using restraint during the ongoing ceasefire,” Capt. Tim Hawkins, the spokesman for the U.S. military’s Central Command, said in a statement. Further details were not immediately available, including more specifics on the threats from Iran and what this means for negotiations. There was no official response from Iran, which had sent its parliament speaker Mohammad Bagher Qalibaf to Qatar for negotiations over the possible deal with the U.S. (APNEWS.COM)
Iranian hackers deploy MiniFast and MiniJunk V2 via phishing and SEO poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides embracing previously undocumented techniques and enhanced capabilities, is characterized by the use of a new backdoor codenamed MiniFast (aka MiniUpdate) that appears to have been developed with assistance using artificial intelligence (AI), Check Point said in an analysis published last week. (THEHACKERNEWS.COM)
MORE: Tracking Iranian APT Screening Serpens’ 2026 espionage campaigns (UNIT42.PALOALTONETWORKS.COM)
North Korea
Lazarus Group targets financial and crypto firms with RemotePE memory-only RAT
The North Korea-linked Lazarus Group has escalated its offensive operations against financial and cryptocurrency organizations by deploying a highly sophisticated, memory-only Remote Access Trojan (RAT) known as RemotePE. This campaign is characterized by its use of advanced multi-stage loaders, in-memory execution, and anti-forensic techniques that enable persistent, stealthy access to high-value targets. The attack chain leverages social engineering, particularly via Telegram and fraudulent scheduling platforms, to compromise employees of trading and DeFi organizations. The technical sophistication of RemotePE, including its cross-platform capabilities and minimal forensic footprint, marks a significant evolution in the threat landscape for financial and crypto sector organizations. (RESCANA.COM)
Russia
Kremlin appoints cyber executive with alleged GRU ties to Security Council role
Andrei Kozlov, the former head of a cybersecurity center within Russia’s state-owned defense conglomerate Rostec, was named an aide to Security Council Secretary Sergei Shoigu on Friday. According to leaked data published by independent Russian outlet The Insider, Kozlov held a classified security clearance under Military Unit 26165 — also known as the 85th Main Special Service Center — which Western governments and cybersecurity firms have linked to the hacking group Fancy Bear. (THERECORD.MEDIA)
Russia tells U.S. to evacuate its diplomats and citizens from Kyiv
Russian Foreign Minister Sergei Lavrov called State Secretary Marco Rubio to advise him to evacuate U.S. citizens and diplomats from Kyiv, as the Kremlin plans to continue heavy strikes on the Ukrainian capital, according to a statement published by the Russian Foreign Ministry Monday. Lavrov called his US counterpart at the request of President Vladimir Putin to tell him that Russia is launching systematic and consistent strikes against facilities in Kyiv as well as against the relevant “decision-making centers,” according to the statement. (BLOOMBERG.COM)
Russian nukes threaten ‘almost all’ U.S. cities, Norway’s FM says, highlighting NATO’s value
Amid uncertainty surrounding U.S. military posture in Europe, Norway’s foreign minister used today’s NATO meeting to warn that Russian nuclear weapons pose a direct threat to all American cities, emphasizing that a unified partnership within the alliance is vital to prevent this. Espen Barth Eide spoke at the NATO Ministers of Foreign Affairs convention taking place today in Sweden, less than a day after President Donald Trump rebuked plans to reportedly scrap a planned deployment to Poland. “It is good that Europe is doing more, but there’s a need to remind our good friends on the other side of the Atlantic that NATO is also good for them,” the Nordic minister said during doorstep remarks. (BREAKINGDEFENSE.COM)
New law gives Kremlin expanded power to use force to defend Russians abroad
The Russian Duma passed a law giving the Kremlin the right to deploy military force abroad to “defend the rights of citizens of Russia” if they are arrested or charged, including by international courts in whose operation Russia does not participate. This measure is designed to intimidate other countries and international courts and cause them to avoid charging Russians, including possibly Russian President Vladimir Putin, lest such moves lead Moscow to use force to rescue its citizens and punish those who act against them. It is also aimed at undermining not only international law as such but also at enshrining the principle Putin operates on, that “might makes right.” (JAMESTOWN.ORG)

GOVERNMENT AND INDUSTRY
Artificial intelligence
Artificial intelligence floods court dockets with home-brewed lawsuits
The complaint Donald Sauve submitted in Minnesota last yearwas a familiar type in the nation’s federal courts. In legal parlance, Sauve filed “pro se,” Latin for “for oneself,” meaning he had no lawyer as he sued his ex-wife, her lawyer and a state judge who had rejected one of his earlier legal challenges as “frivolous.” In a handwritten scrawl, he previously filed a suit asking for $275,000 in damages, claiming he had been unlawfully deprived of his home. It took less than a monthfor Judge Jerry W. Blackwell to dismiss the case for lack of jurisdiction. Three months later, Sauve was back. This time he had help. (NYTIMES.COM)
Your chatbot has a long memory. That isn’t always a good thing
Brian Del Rosario, a software engineer and part-time city-council member in a small town in Utah, uses AI chatbots for everything from meal planning to managing his schedule. In some of those conversations, he revealed he had a spouse and three children. Then, after he and his wife separated, Del Rosario had to mention it to the chatbot so it wouldn’t include his wife when planning a future trip. But once he did, the chatbot latched onto the divorce. When he asked for help managing his schedule, it suggested he might be stretching himself thin because of the divorce. When he vented about a frustrating day at work, it tied his stress back to the divorce. (WSJ.COM)
Drones
U.S.-Saudi venture to build Shahed drone clones in Riyadh
A joint venture between a US defense startup and a Saudi firm is building a factory near Riyadh to manufacture combat drones modeled on Iran’s Shahed system, which has been used to pummel Gulf countries over the past few months. The facility is being developed by SR2Vector, a new partnership between Utah-based Vector Defense and Saudi-based startup SR2 Defense Systems. It will build a one-way attack drone developed by Vector, dubbed SKYWASP, that is capable of hitting targets up to 1,500 kilometers (930 miles) away — about the distance from the kingdom’s northeast coast to Tehran. “SKYWASP is a program that can level the playing field and boost Saudi Arabia’s deterrence capabilities,” Lucien Zeigler, SR2’s chief strategy officer and co-founder, told Semafor. (SEMAFOR.COM)
U.S. Marine Corps tests using helicopter as mobile drone command center
The U.S. Marine Corps is testing new ways to combine low-cost drones with traditional aircraft, having recently paired a UH-1Y Venom helicopter with an attack drone in a recent Southern California exercise. During the test, Marines launched a Neros Archer first-person-view, or FPV, drone from the ground before transferring control to operators aboard a helicopter orbiting miles away, the Corps announced in a statement last week, saying that the move was a step towards integrating inexpensive drones into aviation operations. (DEFENSENEWS.COM)
Ukrainian drone incursions into Baltic states, Russian electronic warfare countermeasures and international law
OPINION: On May 7, three uncrewed aerial vehicles (UAVs or drones) crossed into Latvia from Russia. One exploded at an oil storage facility 40 KM from the Russian border, damaging empty oil tanks and sparking a small fire. The second crashed into a field, and the third flew into and then out of Latvia’s airspace. Latvia issued UAV alerts along the Russian border and restricted flights in its airspace, while French military aircraft participating in NATO’s Baltic Air Policing mission responded to the area. The Latvian Ministry of Foreign Affairs summoned the Russian chargé d’affaires and delivered a formal protest. Three days later, the Ukrainian Foreign Minister announced that “[i]nvestigations proved that this was the result of Russian electronic warfare deliberately diverting Ukrainian drones from their targets in Russia.” (JUSTSECURITY.ORG)
Energy
U.S. summer generating capacity increases by 75 GW since 2025: FERC
U.S. generating capacity will increase by about 75 GW this summer compared to a year ago — mainly solar, wind and batteries — while power plant retirements will slow to about 8 GW, helping to improve the outlook for grid reliability for this summer, according to Federal Energy Regulatory Commission staff. “The pace of these changes is notable,” Alec Stirling, a FERC economist, said during the agency’s monthly open meeting on Thursday. “New capacity additions are accelerating to the largest year-over-year increase in gigawatts in over a decade, while the rate of plant retirements has slowed by more than 50% since last summer.” (UTILITYDIVE.COM)
Denver has a plan to heat and cool buildings without fossil fuels. It involves … sewage?
Like in many American cities, Denver’s largest source of climate pollution is its buildings. Powering, heating and cooling the city’s skyscrapers takes a lot of fossil fuels. Now, the city is trying a greener solution. It plans to heat and cool a cluster of large downtown buildings using a combination of water, the heat of the Earth — and sewage. The Cherokee Boiler House, near downtown Denver, sits at the center of this plan. Despite the mothballed plant’s handsome brick exterior, inside it’s filled with rattling pipes, hazard signs and cockroach carcasses. (CPR.ORG)
Leadership
Tulsi Gabbard out as DNI but Trump doesn’t tee up a confirmation fight
Former Democratic Rep. Tulsi Gabbard is resigning from her post as director of national intelligence because of her husband’s cancer battle, President Donald Trump announced Friday. The commander in chief said Principal Deputy DNI Aaron Lukas would take over after Gabbard departs on June 30. Trump described Lukas as “highly respected.” Trump made the personnel announcement on his social media platform a few minutes before Reuters reported that the White House forced her to step down. The White House slammed that report, which was attributed to “a source familiar with the matter.” (ROLLCALL.COM)
Ryan Donaghy returns to CISA as first chief operating officer
After departing the Cybersecurity and Infrastructure Security Agency last fall, Ryan Donaghy returned to the agency this week to serve as its first chief operating officer, according to a Thursday announcement. Donaghy, who held acting director roles in two of the cyberdefense agency’s divisions, had moved to the Transportation Security Administration in October of last year, Nextgov/FCW first reported. “As COO, Ryan will serve as the principal advisor to CISA’s Senior Leadership on agency operations, business functions, financial and acquisition management, policy development, and interagency efforts supporting our strategic goals,” the agency said in a LinkedIn post. (NEXTGOV.COM)
Regulations
OMB revamps cyber event logging requirements
Agency chief information security officers have to submit to the Cybersecurity and Infrastructure Security Agency and the Office of Management and Budget an updated logging plan that focuses on two specific areas: continuous event monitoring (CEM) and threat hunting, investigation, response and forensics (THIRF). A new memo from OMB Director Russ Vought rescinds previous logging requirements and establishes a new set of expectations that “minimizes red tape” and contains cost. (FEDERALNEWSNETWORK.COM)
New York regulator calls for additional cyber mitigation amid heightened threat environment
The New York State Department of Financial Services (DFS) sent a letter on Thursday urging regulated entities and people to take additional steps in light of what it calls a heightened threat environment, referencing the geopolitical landscape and the development of frontier AI models. DFS called on regulated entities, including banks and other financial services firms that do business in New York, to consider taking additional steps to protect their environments. The letter comes weeks after a preview of Anthropic’s Mythos AI tool raised significant concerns in the banking industry about the model’s unprecedented ability to uncover security vulnerabilities. (CYBERSECURITYDIVE.COM)
Space
Space Force accelerating work to operationalize on-orbit logistics tech
After years of considering how to leverage in-space refueling and servicing technologies, the Space Force is kicking off a number of near-term efforts to chart a path toward operationalizing the capability. The service is planning to host two demonstrations in 2027 for on-orbit logistics — one focused on refueling satellites in space and another on augmented maneuver, Col. Scott Carstette, Space System Command’s director of servicing, mobility and logistics (SML), told reporters Wednesday. Although the upcoming demos are meant to inform the Space Force’s future path to creating an in-space logistics enterprise, the capabilities also have near-term applicability, he said. (DEFENSESCOOP.COM)
Workforce
One job that is growing in the AI era? Cybersecurity experts
Austin Cowan had expected a quiet year. The headhunter, who helps Fortune 100 companies find and attract cybersecurity executives, knew that the markets were choppy and that corporate honchos were mulling how artificial intelligence might upend their businesses. But Heidrick & Struggles, the white glove executive talent firm where Mr. Cowan works, has been deluged in recent months with requests to find executives who have experience responding to security breaches and protecting data, along with the technical know-how to review code. (NYTIMES.COM)
LEGISLATIVE UPDATES
Surface transportation bill approved by House committee
The House Transportation and Infrastructure Committee advanced its sweeping five-year transportation reauthorization bill early Friday morning after adding on a White House-backed rail safety provision — a twist that could complicate the bill’s support on the floor. The vote to approve the measure was 62-2, overwhelmingly giving panel Chairman Sam Graves (R-Mo.) and ranking member Rick Larsen (D-Wash.) the bipartisan package they had intended. The committee considered roughly 160 amendments during a markup that lasted more than 15 hours. Reps. Scott Perry (R-Pa.) and Jerrold Nadler (D-N.Y.) voted against the bill. (ROLLCALL.COM)
House lawmakers seek more AI transparency from the SBA
The House Small Business Committee continued its push this week to make the agency it oversees embrace artificial intelligence in its work, advancing a new AI-focused bill aimed at more transparency around those efforts. In a Wednesday markup, the committee unanimously approved the SBA Artificial Intelligence Utilization Act (H.R. 8881) from Reps. Brad Finstad (R-Minn.) and George Latimer (D-N.Y.). The legislation would require the Small Business Administration to provide a yearly report to Congress on its use of AI and machine learning, detailing the benefits, risks and related issues. (FEDSCOOP.COM)
USDA would get more AI grants, research, farmer education under new Senate bill
The Department of Agriculture would receive more grant opportunities for artificial intelligence and educating farmers on the technology under a bipartisan Senate bill introduced Thursday. Sen. Ted Budd (R-N.C.) said current barriers to AI access can cause American producers to fall behind and be less competitive in the global market. “Precision technologies have the potential to enhance innovation and productivity in farming and ranching, but outdated USDA programs are holding this potential back from reaching our rural communities,” Budd, the bill’s lead sponsor, said in a statement. (FEDSCOOP.COM)
COMMITTEE ACTIVITY
NSS: The Senate Foreign Relations Subcommittee on Western Hemisphere, Transnational Crime, Civilian Security, Democracy, Human Rights, and Global Women’s Issues will hold a June 3 hearing to examine the national security strategy’s focus on the Western Hemisphere.
ALERTS AND ADVISORIES
CISA adds one known exploited vulnerability to catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-9082 Drupal Core SQL Injection Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
SPACE WAR: What would “war-winning” look like in space? How should the United States prepare for a future in which concepts such as space fires, orbital interceptors, and space weapons become central to military planning? And what are the implications for deterrence and strategic stability? To discuss these questions and more, please join the CSIS Defense and Security Department’s HTK Series for a May 26 conversation featuring Heather Williams, director of the CSIS Project on Nuclear Issues, Tom Karako, director of the CSIS Missile Defense Project, and Kari Bingen, director of the CSIS Aerospace Security Project.
AI: Join the Center for a New American Security (CNAS) on May 26 for a virtual discussion of the recently released paper “Who Will Make Money on AI? A Discussion Paper on Aligning Commercial Incentives with National Security Interests,” co-authored by Emily Kilcrease, senior fellow and director of the CNAS energy, economics, and security program, and Geoff Gertz, senior fellow with the CNAS energy, economics, and security program.
AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.
RUSSIA: For nearly two decades, U.S. strategy produced meaningful cooperation as Russia and the United States cooperated in outer space, counterterrorism and nuclear energy. While today is starkly different from the 1990s, what lessons can be learned from this period of cooperation? Once there is a fair peace in Ukraine and Russia atones for the damage it has done, will it be worth resuming cooperation? Join Rose Gottemoeller, a nonresident fellow in Carnegie’s Nuclear Policy Program and former deputy secretary general of NATO, for a May 27 conversation with Andrew S. Weiss, the James Family Chair and vice president for studies at the Carnegie Endowment, to explore how Gottemoeller tackles these questions in her new book “Security Through Cooperation.”
ELECTROTECH STACK: The most pressing danger may not be Chinese hardware but rather American policy paralysis: overcorrection that delays the technologies this buildout demands, or indecision that continues ceding strategic ground to Beijing. FDD and CMIST will host a May 28 discussion moderated by Harry Krejsa, director of studies at CMIST, featuring Phoebe Benich, non-resident fellow at CMIST; and Dr. Emma Stewart, non-resident fellow at CMIST and lead for Idaho National Laboratory’s Center for Securing Digital Energy Technology. RADM (Ret.) Mark Montgomery, senior director of FDD’s Center on Cyber and Technology Innovation (CCTI), will provide introductory remarks.
WINNING THE AI ERA: On June 1, the Atlantic Council will launch the flagship report of the Atlantic Council Commission on Artificial Intelligence and U.S. competitiveness, a GeoTech Center initiative. This event will unveil the commission’s findings and recommendations, bringing together government leaders, industry executives, and policy experts for a timely discussion on how the United States can secure its AI advantage.
SOCIAL MEDIA: On June 2, The Hamilton Project at the Brookings Institution will host a virtual event exploring the costs of social media, including overuse driven by addiction and “fear of missing out” (FOMO). The event will feature a fireside chat with Dr. Vivek Murthy (19th and 21st surgeon general of the United States) and Cecilia Kang (The New York Times). It will also include a panel discussion with Benjamin Handel (University of California, Berkeley) and Lena Song (University of Illinois Urbana-Champaign), moderated by Bradley Hardy (Georgetown University). In conjunction with the event, The Hamilton Project will release two publications discussing the findings and policy implications of recent economic research on product market traps in social media and on digital addiction.
AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?
CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.
DATA CENTERS: Join the CSIS Economic Security and Technology Department’s Matt Pearl, Aalok Mehta, Joseph Majkut, and Philip Luck on June 4 for a discussion on the rapid expansion of data centers and what it means for the future of AI, energy, and U.S. competitiveness. As artificial intelligence accelerates demand for compute power, data centers have emerged as a critical piece of strategic infrastructure shaping electricity demand, industrial policy, environmental debates, and global technology competition.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.
GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS