Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – May 27, 2026


Cyber Briefing

TODAY’S TOP 5

FACING ‘RADICAL UNCERTAINTY’ OF CHINA, RUSSIA INFRASTRUCTURE THREATS: Russia is relentlessly targeting Britain’s infrastructure and democracy while there is only a narrowing technological window to stay ahead of a fast-developing China, the head of the spy agency GCHQ will warn today, The Guardian reports. Anne Keast-Butler, giving an inaugural annual lecture, will say that the UK is caught in a “new era of radical uncertainty” and that “the risk of miscalculation” is as high as she has ever seen it as hacker attacks from the two states continue. The spy chief will particularly emphasize the wide-ranging threats posed by Russia, saying that Moscow is “relentlessly targeting critical infrastructure, democratic processes, supply chains and public trust” in the UK. She will also warn of the narrowing window to stay ahead of China in this “new era of radical uncertainty.”

  • The rise of China’s memory chip sector is creating a geopolitical dilemma for U.S. tech companies, Semafor reports. Chinese firms CXMT and YMTC are gaining ground because South Korean and American chip giants can’t keep pace with AI-fueled demand for memory chips, which is driving prices higher. But US firms eyeing new supply sources are wary of turning to China because of Washington’s restrictions on buying chips from the country, The Wire China reported. While one analyst noted “increasing interest in using CXMT memory,” experts fear the temptation could risk making the US “dependent on China for a vital product.”

VOLVO AVOIDS U.S. BAN ON CONNECTED CARS TIED TO CHINA: The Trump administration reached an agreement with Volvo Car AB that will allow the automaker to avoid a U.S. ban on connected vehicles tied to China, Bloomberg reports. Volvo, which is majority-owned by China’s Zhejiang Geely Holding Group, received a specific authorization from the U.S. Commerce Department allowing it to continue importing and selling connected passenger vehicles in the U.S., the automaker said Tuesday, confirming an earlier report by Bloomberg News. The agreement spares Volvo from one of the U.S. barriers that have effectively walled off the American market from Chinese cars over national and economic security concerns. Along with the Commerce Department’s ban on Chinese connected vehicle technology, Chinese cars also face punitive tariffs, including a 100% import tax on electric vehicles from the country.

SPACEX TUSSLE OVER SUICIDE DRONES: SpaceX and the Pentagon have been bickering about the price of using Starshield satellite service during the Iran war, according to a Reuters report. It appears that SpaceX asked the military for more money after it started using satellite terminals on “kamikaze” attack drones in Iran. SpaceX CEO Elon Musk claimed the Reuters report is wrong. But Musk also said the military drones initially used the commercial Starlink service instead of the government-specific network, in violation of Starlink’s terms of service, Ars Technica reports. Musk blamed the violation on the contractor that built the drones for the government. The Reuters report, based on Pentagon documents and interviews with sources familiar with the pricing talks, said that SpaceX recently asked the military to pay $25,000 for Starshield access on each kamikaze drone. The Pentagon, which previously paid $5,000 for each connection, objected to the price hike but ultimately agreed to pay it, according to Reuters.

  • Space Systems Command has awarded a massive $2.29 billion contract to SpaceX for the “backbone” of its new Space Data Network, a constellation of satellites in low-Earth orbit that will provide connectivity for the entire joint force, Air and Space Forces Magazine reports. SDN is the Space Force’s new program to transport data from sensors to shooters around the globe, combining both military and commercial satellites to manage both tactical and enterprise communication needs. The “SDN Backbone” was previously a joint Space Force-National Reconnaissance Office effort called MILNET.
  • For more than 2,000 years, fishermen in Israel’s Sea of Galilee were famous for using nets to catch St. Peter’s Fish, a form of tilapia with a biblical backstory. Now these anglers have gained new notoriety, helping keep some Israeli troops safe from Hezbollah first-person view kamikaze drones. The threat is so great and countermeasures so far limited that some IDF troops are resorting to obtaining nets on their own from fishermen for protection, a senior IDF official confirmed to The War Zone on Monday. The issue was first reported by Israel’s KAN public broadcasting network. This is in addition to netting the IDF itself is working to procure.

WHAT THE AI EPICENTER THINKS OF POPE LEO’S WARNINGS: When Pope Leo XIV presented a 42,300-word open letter to the world’s 1.4 billion Catholics on Monday, calling for protections against the rise of artificial intelligence, he was joined by Christopher Olah, a co-founder of Anthropic, which is one of the tech industry’s leading AI companies. As Leo urged corporate executives, government regulators and other citizens of the world to safeguard humanity from the dangers of AI, he included Olah as a symbol of the dialogue he hopes to foster between the leaders of the spiritual and technological worlds. But for Jeremy Nixon, Monday’s gathering at the Vatican showed that those two worlds are far from aligned, The New York Times reports. While the pope said that AI was fundamentally not human, Nixon, a well-connected figure in the Bay Area’s frenetic AI scene, argued that Olah’s remarks seemed to hint at the opposite.

  • AI is revolutionizing proliferation financing (PF) and sanctions evasion, particularly by states such as North Korea and Iran. A new report by Aaron Arnold at RUSI warns that a shift from AI-assisted to autonomous, ‘AI-enabled’ evasion tactics, including the mass production of fraudulent documents and optimized cryptocurrency laundering, threatens to overwhelm existing manual and rules-based detection systems. National authorities should explore ‘safe harbor’ provisions for AI-driven counter-proliferation models, establish ‘compute-KYC’ and cloud liability standards and create a National Security Data Enclave to pool pseudonymized transaction data, while financial institutions must upgrade KYC procedures to defend against deepfakes and deploy defensive AI to audit trade documentation for semantic inconsistencies, the report recommends.

THE ROAD TO SPACE RUNS THROUGH THE POLES: Why are there more antennas on Svalbard than anywhere else on Earth? Svalbard of all places, where cats and childbirth are banned and there are more polar bears than people? This cluster of islands in the Arctic, one thousand kilometers from Norway, is key to everything from your weather forecast to your car’s navigation. At 78 degrees north, Svalbard is the highest-latitude satellite ground station on Earth and is a crucial point in humanity’s growing dependence on space. In fact, the polar regions — the Arctic and Antarctic — are both crucial to space access, Rebecca Pincus and David Marsh write at War on the Rocks. The polar regions are the only place on Earth where American security, Russian survival, and Chinese ambition unambiguously overlap. They are also places at the bleeding edge of space exploration, development, and militarization. China, and to a lesser extent Russia, recognize the importance of the space-polar nexus and are building capabilities and presence in high latitudes. While polar allies are key to U.S. interests in space, U.S. strategy appears to neglect the poles at an especially important time.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

NEW: For Estonia, cyber resilience is not an abstract policy goal. It is a national survival issue shaped by history, geography and the reality of living next to Russia. In the latest episode of Cyber Focus, Ambassador Kristjan Prikk explains how Estonia turned a lack of legacy infrastructure into a digital advantage, why the 2007 cyberattacks became a strategic wake-up call for the West and what Ukraine’s defense against Russia reveals about preparation, public-private cooperation and the future of conflict. The conversation also looks ahead to AI in government and education, to Estonia’s support for Ukraine and to the cyber lessons NATO must operationalize before the next crisis. At the center is a clear argument from one of the world’s most digitally advanced democracies: cyber defense is not just about hardening systems, but building the relationships, institutions and resilience needed to keep a society functioning under pressure.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Artificial intelligence

Woman bilked out of thousands after scammers clone daughter’s voice with AI

An East Bay mother recently answered a call from an unknown number, which turned out to be scammers using AI and deepfake technology to sound like her daughter, whom they said had been kidnapped by a Mexican drug cartel — part of a growing trend of scams. As ABC 7 reports, Deborah Del Mastro, of Martinez, received a call in May from a man claiming her 37-year-old daughter had been kidnapped by a Mexican drug cartel after witnessing illegal activity. The caller then played what Del Mastro believed was her daughter screaming, crying, and pleading for help. (SFIST.COM)

Biothreats

Trump administration to send Americans exposed to Ebola to Kenya

The Trump administration plans to send to Kenya U.S. citizens exposed to the Ebola virus rather than bring them home for observation and treatment, according to three people with knowledge of the plans. The approach is a stark contrast to the way previous administrations responded to outbreaks, during which health care workers and other U.S. citizens exposed to the virus were brought home to be treated at specialized medical units. The administration this month flew an American doctor who developed symptoms to a hospital in Germany, and transported six other Americans for monitoring in Germany and the Czech Republic. (NYTIMES.COM)

ALSO: Doctor evacuated from Congo feels ‘helpless’ watching colleagues die of Ebola (WASHINGTONPOST.COM)

Breaches

Krispy Kreme customers could get $3,500 in payouts after data breach

Krispy Kreme customers whose personal data was exposed in a 2024 cyberattack could qualify for up to $3,500 in a class-action settlement over alleged security failures. Victims who can document fraud or financial loss may receive the largest payouts, while others with compromised data can claim up to $75 and a year of credit monitoring by June 22. Krispy Kreme denies wrongdoing but agreed to bolster cybersecurity as data breaches draw growing scrutiny, after similar multimillion-dollar settlements involving retailers such as Trader Joe’s and affecting shoppers across California. (LATIMES.COM)

Chemicals

Chemical tank implosion in Washington state kills 1 and leaves 9 missing

A massive chemical tank holding nearly a million gallons of a highly corrosive liquid imploded and collapsed Tuesday at a Washington paper mill, killing at least one worker and leaving nine others unaccounted for with no hope for rescue, authorities said. Another nine people were injured, some severely, in the spill at Nippon Dynawave Packaging Co. in Longview. The cause remained unclear. (APNEWS.COM)

MORE: All evacuation orders lifted, no threat of explosion, fire or leak at Garden Grove chemical tank (ABC7.COM)

Communications

Charter confirms data breach after ShinyHunters extortion threat

U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. Charter Communications is one of the largest broadband providers in the United States, serving tens of millions of residential and business customers through its Spectrum brand. In a statement shared this weekend, the company said it is alerting authorities about the incident and that no sensitive personal customer information was stolen. (BLEEPINGCOMPUTER.COM)

Cybercrime

Dutch police arrest suspect linked to Ajax football club hack

The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. The suspect was arrested in Buren and, according to a Tuesday press release, he is believed to have hacked into the football club’s systems multiple times. “On the morning of Tuesday, May 26, the police arrested a 35-year-old man from the municipality of Buren for computer trespassing at the Amsterdam football club Ajax. The man is suspected of deliberately unlawful intrusion into Ajax’s computer systems several times,” the police said. (BLEEPINGCOMPUTER.COM)

Government

Lithuania investigates theft of 600,000 state registry records by foreign actor

Lithuanian prosecutors are investigating a major data breach affecting the country’s state registry systems that potentially exposed sensitive personal and property records. The Lithuanian Prosecutor General’s Office said Friday that attackers gained unauthorized access to more than 600,000 records managed by the Centre of Registers, the state agency responsible for handling property and legal entity records. Prosecutors said the breach involved the misuse of login credentials assigned to institutions authorized to access the databases, and likely originated from an unnamed foreign country. (THERECORD.MEDIA)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft Defender Experts identified an active cryptojacking campaign in which malicious download sites are surfaced not only through traditional search engine poisoning, but also through AI chatbot interactions. This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations. The campaign impersonates trusted system utilities including CrystalDiskInfo, HWMonitor, Display Driver Uninstaller, FurMark, K-Lite Codec Pack, and PDFgear to target users likely to own high-performance GPUs. Rather than maximizing infection volume, the threat actor appears focused on compromising systems with higher mining value. (MICROSOFT.COM)

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts, a security researcher is warning. The vulnerability is present in Starlette, an open source framework that its developer says receives 325 million downloads per week. Thousands of other open source projects are also vulnerable because they require Starlette to work. The framework is an implementation of the ASGI (asynchronous server gateway interface), which allows large numbers of requests to be efficiently processed simultaneously. Starlette is the base of FastAPI and other widely used frameworks for building services in Python apps, as well as many others. (ARSTECHNICA.COM)

Malware

PureLogs variant steals data via purchase order lures

A variant of the PureLogs infostealer malware has been distributed through purchase-order-themed phishing emails that use a malicious JavaScript file to launch a multi-stage infection chain on Windows systems. According to new analysis from FortiGuard Labs, the campaign uses a fake purchase order message with an attached RAR archive. The archive contains a malicious JavaScript file used to begin the execution chain. (INFOSECURITY-MAGAZINE.COM)

Quasar RAT hits developers with fileless Linux attacks

Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high‑value beachheads for software supply‑chain attacks, using fileless execution, an eBPF rootkit, PAM backdoors, and a P2P C2 mesh to evade conventional defenses. Despite its name, it is unrelated to the Windows‑focused QuasarRAT family. It is purpose‑built for modern Linux developer environments. The malware has been observed primarily on Linux developer workstations and CI/CD build hosts running common distributions such as Debian, Ubuntu, RHEL, Fedora, and Arch, where access usually includes source repositories, build pipelines, package registries, and cloud accounts. (GBHACKERS.COM)

BTMOB Android RAT spreads through no-code builder tooling

An Android remote access trojan (RAT) that lets buyers build their own custom payloads without writing a line of code has been observed spreading through phishing campaigns across Brazil and beyond. According to new analysis from ESET, the malware, known as BTMOB, pairs phishing-based delivery with a packaged app-building tool and full device takeover. First documented in February 2025, BTMOB evolved from the earlier SpySolr family and extends beyond a typical banking trojan. Rather than only chasing financial credentials, it can exfiltrate data, capture screenshots, record on-device activity and hand operators remote control of the phone. (INFOSECURITY-MAGAZINE.COM)

Supply chain

Feeding frenzy: ‘Megalodon’ malware infects thousands of GitHub repos

Thousands of GitHub repositories were poisoned with credential-stealing malware in the latest threat campaign to rock the beleaguered software supply chain. In a May 21 blog post, cybersecurity startup SafeDep flagged an automated malware campaign, codenamed “Megalodon,” that unfolded on May 18 in a six-hour window. In that brief amount of time, Megalodon managed to push 5,718 malicious commits to 5,561 GitHub repositories. (DARKREADING.COM)

Vulnerabilities

CISA urges immediate patching of exploited LiteSpeed cPanel plugin zero-day

CISA on Tuesday urged federal agencies to immediately patch a critical-severity vulnerability in the LiteSpeed user-end plugin for cPanel that has been exploited in the wild. Tracked as CVE-2026-48172 (CVSS score of 9.8), the flaw is described as a privilege escalation issue that could allow attackers to execute arbitrary scripts with root privileges. LiteSpeed resolved the security defect last week in version 2.4.5 of the user-end plugin, noting that it had been exploited in the wild as a zero-day. LiteSpeed’s WHM plugin is not affected, it said. (SECURITYWEEK.COM)

Microsoft SharePoint server flaw enables remote code execution attacks

Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow attackers to execute arbitrary code remotely, raising significant concerns for enterprise environments that depend on on-premises collaboration platforms. The flaw, tracked as CVE-2026-45659, was initially published on May 21, 2026, and later updated on May 26, 2026, with additional technical details emphasizing its potential impact and risk exposure. The vulnerability is categorized under CWE-502, which refers to the deserialization of untrusted data. This type of weakness is widely known for enabling attackers to inject malicious payloads into trusted processes, often leading to full system compromise. (GBHACKERS.COM)

India’s CERT-in sets 12-hour patch deadline for exposed flaws

Organizations in India have been urged to patch actively exploited internet-facing vulnerabilities within 12 hours under new guidance that responds to the speed AI now brings to cyber-attacks. According to new guidance from the Indian Computer Emergency Response Team (CERT-In), attackers are using AI to compress the time between finding and exploiting a weakness, shrinking the window defenders have to respond. The document, published on May 25, maps how generative AI, large language models (LLMs) and autonomous agents are accelerating reconnaissance, vulnerability discovery, phishing and malware development. (INFOSECURITY-MAGAZINE.COM)

ADVERSARIES

China

2 PhaaS 2 Furious: The evolution of Chinese-language phishing services

While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group (GTIG) analyzed a dozen current PhaaS offerings in the Chinese underground, all of them mature services and many likely tied intricately to the broader criminal ecosystem in that region. These services not only lower the barrier to entry for Chinese cyber criminals, but reveal broader patterns on the evolution of social engineering and credential theft. Late last year, Google took legal action against one PhaaS provider and has worked since then to endorse legislation and enact technical safeguards against these types of scams. (CLOUD.GOOGLE.COM)

Iran

Iranian government, not hacktivist group, breached LA Metro system, security firm says

Iranian government-linked hackers sabotaged the computer infrastructure of Los Angeles’s transit system by using access to a virtual machine to delete critical operating-system data, the Israeli cybersecurity firm Gambit Security said in a report published on Tuesday. The same threat actor also conducted data-wiping attacks on the South Florida Regional Transportation Authority, the connected-vehicle technology firm Agnik and a Saudi Arabian construction company that handles critical infrastructure projects, according to the report. Gambit dismissed the hackers’ claims of being a new pro-Iranian hacktivist gang, instead attributing their operations to Black Shadow, a group that the Israeli government and private security firms have linked to Iran’s Ministry of Intelligence and Security. (CYBERSECURITYDIVE.COM)

MuddyWater uses DLL side-loading in espionage campaign targeting 9 countries

The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon Black. Among the victims is a major South Korean electronics manufacturer, with the attackers spending a week inside its network in February 2026. (THEHACKERNEWS.COM)

North Korea

North Korea tests new multi-purpose missile launch system: KCNA

North Korea said today it had tested a new lightweight multi-purpose missile launching system and a multiple tactical cruise missile weapon system the previous day. The tests, previously reported by South Korea’s military, were overseen by the North’s leader, Kim Jong Un, the state-run Korean Central News Agency (KCNA) said. South Korea said on Tuesday the North fired several projectiles, including a ballistic missile, off its west coast, the latest in a flurry of tests this year. Seoul said the missiles flew about 80 kilometers (50 miles). (THEDEFENSEPOST.COM)

Russia

Latvia sends mobile intercept units to Russian border in wake of drone incursions

Latvia will deploy mobile drone-interceptor units to its eastern border within a matter of days in response to a string of drone incursions from the direction of Russia, according to the head of the Baltic country’s Autonomous Systems Competence Center. The Latvian armed forces will deploy teams up to four soldiers in 4×4 vehicles, equipped with interceptor drones from Latvian manufacturers Origin Robotics and Eraser, to the eastern border with Russia, said Maj. Modris Kairišs, head of the center, in a briefing with reporters here on May 26. The goal is to have the units operational by early next month, he said. (DEFENSENEWS.COM)

Threat actors

The hackers behind Shai-Hulud: Lucky or skilled?

TeamPCP has made a name for itself as a scourge of the open source community following its particular waves of the Shai-Hulud attacks, but the group’s attack history is less “sophisticated threat actor” and more “right place, right time” luck. A financially motivated threat actor, TeamPCP formally emerged in late 2025, making a name exploiting the React2Shell vulnerability as well as targeting misconfigured Docker APIs and Next.js. As researchers from Flare recently noted, the group would historically use opportunistic compromises to conduct ransomware, steal data to turn around and sell, and mine cryptocurrency. (DARKREADING.COM)

Ghost hackers: the cybersecurity mystery that nobody has solved

In the long history of hacking, there have been numerous data breaches that, years or even decades later, remain unsolved. Countless hackers and hacking groups behind them have never been unmasked. But prolific hacking groups do get caught. This is true whether they’re cybercriminals such as LAPSUS$, a notorious extortion gang that compromised companies such as Microsoft and Nvidia and that have had multiple members arrested, or sophisticated government hacking groups from Russia and China, whose members have been named, indicted, and placed on most-wanted lists. Still, some of the most fascinating cases in cybersecurity history remain wide open — no culprits, no answers, and in some cases, not even a clear motive. (TECHCRUNCH.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

DHS seeks information on AI-powered biosurveillance

The Department of Homeland Security wants to explore how AI can improve its biosurveillance and anomaly detection efforts, per a request for information published last week. The agency is seeking insight on tools and approaches that can integrate multiple technologies, data sources and operational flows, according to the documents. Potential data sources of interest include indicators from transportation, the border, supply-chain and agriculture, among others. The RFI listed numerous capabilities that were top of mind, such as autonomous biological monitoring systems, machine-learning recognition systems and AI-powered anomaly analytics. (FEDSCOOP.COM)

Cloud

U.S. takeover of Dutch cloud ID provider blocked by government

The growing push for European technological sovereignty from the United States claimed a significant scalp in the Netherlands, where authorities blocked the American takeover of a crucial secure cloud company. Solvinity Group provides the infrastructure platform that underpins the DigiD identity verification system and the associated MijnOverheid portal, which Dutch residents use to access government services. Its proposed sale to Kyndryl – the New York-based IT infrastructure giant spin out of IBM five years ago – was announced in November. (GOVINFOSECURITY.COM)

Critical minerals

‘Dot-com boom’? Companies are lining up to mine the deep seas

The Trump administration’s quest to spur an offshore mineral boom rests on a largely untested collection of deep-sea mining companies. The U.S. is just years away from launching a deep-sea mining sector, administration officials insist. That’s after President Donald Trump directed agencies last year to “rapidly” expedite permitting for seabed mining both near the U.S. coasts and in international waters. But the eight ventures applying for U.S. permits — including some startups created in recent years — have yet to show they can operate on a commercial scale in some of the most difficult conditions on Earth. Outside observers say the nascent industry, overshadowed by past bankruptcies, faces big questions about financial viability and whether companies can avoid causing permanent damage to mysterious, deep-ocean habitats. (EENEWS.NET)

Defense

Why DARPA just renamed and reshaped 2 key technology offices

The Defense Advanced Research Projects Agency recently renamed and restructured two, well-established technical offices, in a move that officials said is meant to expand the defense innovation hub’s research scope to better confront contemporary technology challenges. The Microsystems Technology Office is transforming into the Multi X Office (MXO), while the Information Innovation Office is becoming the Information Processing Techniques Office (IPTO) in a nod to its historic roots. “The office changes reflect the continuous alignment of investment strategy to deliver on the agency’s mission,” a DARPA spokesperson told DefenseScoop on Tuesday. (DEFENSESCOOP.COM)

DARPA launches search for robot medics to treat battlefield casualties

In situations where battlefield medical care becomes overwhelmed during heavy combat, the U.S. Defense Advanced Research Projects Agency is looking toward a future in which robot medics tend to casualties. The agency envisions swarms of robots linking up to drag wounded personnel to safety. They would also inject lifesaving drugs and even shapeshift themselves to form splints around broken limbs, according to a DARPA Small Business Innovation Research solicitation. (DEFENSENEWS.COM)

Navy splits major information warfare post across three new directorates

The Navy has disestablished its information warfare (IW) directorate, realigning its functions across the office of the Chief of Naval Operations. Effective today, the Navy eliminated the roles and responsibilities of the Deputy Chief of Naval Operations for Information Warfare, also known as N2N6. “This realignment is only possible because of the fundamental mindset shift that resulted across the Navy in recognition of IW as a critical warfighting domain at all levels of warfare,” the Navy’s administrative note read. (BREAKINGDEFENSE.COM)

Emergency services

Cybersecurity gaps leave Israeli emergency agencies exposed, state comptroller warns

Widespread cybersecurity failures across Israeli emergency agencies and government ministries have left the country significantly exposed to Iranian cyber threats, Israel’s State Comptroller warned in a report released on Tuesday. “In light of the threats from Iran, the Israeli government must also be well prepared for cyberattacks. The reports revealed significant deficiencies and must be corrected immediately,” wrote State Comptroller Matanyahu Englman. The State Comptroller, Israel’s independent government oversight authority responsible for auditing public agencies and ministries, regularly reviews state preparedness and the effectiveness of policies. (JNS.ORG)

Energy

Net electricity generation jumped 4.5% in March as the West baked under record heat

Net U.S. electricity generation increased 4.5% year over year in March as a large swath of the West — from Texas to California and up to Idaho — saw its warmest March on record dating back to 1895, the Energy Information Administration said Friday. The region also received “much below average” rainfall heading into wildfire season. California experienced its hottest and driest March in 132 years. Nationwide, retail sales increased by 2.3% while retail prices climbed 7.2% across all sectors to 14.2 cents/kWh in March compared with March 2025. (UTILITYDIVE.COM)

Competitive transmission projects come online faster than incumbent projects in 4 regions: R Street

Competitive transmission line projects get planned and built more quickly in four major grid regions compared with similar projects built by incumbent utilities, according to analysis released Tuesday by the R Street Institute, a free market-oriented think tank. The faster construction was seen in the California Independent System Operator, ISO New England, Midcontinent Independent System Operator and Southwest Power Pool. In contrast, incumbent utilities in the PJM Interconnection planned and built transmission projects more quickly than independent transmission companies, the R Street analysis found. Competitive transmission projects are roughly 30% less expensive than similar incumbent projects, according to the report, “Need for Speed: An Analysis of Speed to Market and Cost Results of Competitive Transmission.” (UTILITYDIVE.COM)

Nuclear

Trump administration wants nuclear startups to use plutonium for their reactors

For decades, the U.S. has had a plutonium problem. Around 100 tons of the stuff was made during the Cold War to go into powerful atomic bombs. But as nuclear stockpiles were dismantled, the government had to store the radioactive material in high-security facilities. Now it wants startups to help get rid of some of it. The Department of Energy said Tuesday it has selected five nuclear startups to enter into negotiations with the government to receive a portion of the plutonium, which could potentially be used to power a new generation of nuclear reactors. The Department of Energy previously identified 34 tons of plutonium for disposal. (TECHCRUNCH.COM)

Quantum

Apple open-sources quantum-resistant encryption code

Apple has released quantum-resistant cryptographic code and the mathematical verification tools it developed to prove the code’s correctness, making them publicly available for independent review and broader use across the industry. The release includes implementations of two quantum-secure algorithms, ML-KEM and ML-DSA, along with the formal verification libraries and tools Apple created to validate their accuracy. The company also published detailed documentation of its verification methodology, which it describes as achieving the strongest known correctness results for any widely deployed production implementation of these algorithms. (CYBERSCOOP.COM)

Workforce

Trump administration proposes NDAs for all federal workers

The Trump administration is planning a government-wide nondisclosure agreement that would bar federal workers from sharing a wide array of “confidential government information,” according to a draft notice posted to the Federal Register on Tuesday by the U.S. Office of Personnel Management. The draft notice, which will be published Wednesday and stay open for a 30-day public comment period, uses an expansive definition of privileged information, beyond typical classified and unclassified designations. Under the terms of the draft, employees would be blocked from sharing “non-public, confidential, or proprietary information” or “any sensitive, pre-decisional or deliberative material that is not currently publicly available and should not be disclosed under applicable law.” (WASHINGTONPOST.COM)

LEGISLATIVE UPDATES

GOP senators press intelligence officials to assess China AI capabilities

Sens. Jim Banks (R-Ind.) and Tom Cotton (R-Ark.) are pressing top intelligence officials to focus their efforts on assessing China’s AI capabilities in the face of new advancements in the technology. In a letter shared first with The Hill, the pair wrote to Director of National Intelligence Tulsi Gabbard, CIA Director John Ratcliffe, National Cyber Director Sean Cairncross and National Security Agency Director Joshua Rudd on Thursday about “critical priorities in intelligence collection.” Gabbard announced Friday that she will be resigning from her role. (THEHILL.COM)

HASC $1.15T defense policy bill takes aim at industrial base challenges

The House Armed Services Committee has unveiled its $1.15 trillion defense policy bill for fiscal 2027, with lawmakers putting their legislative muscle into boosting weapons production for critical munitions, fighter jets and warships. The bill authorizes the amount requested in the president’s FY27 discretionary request but does not factor in the $350 billion in the Pentagon’s mandatory funding request, which would bring national security spending to $1.5 trillion in FY27. Whether the department gets that funding will depend on if Republicans can muster the political willpower to push through another reconciliation bill — a tall order as GOP lawmakers are still working to pass a separate reconciliation bill centered around immigration enforcement. (BREAKINGDEFENSE.COM)

COMMITTEE ACTIVITY

NSS: The Senate Foreign Relations Subcommittee on Western Hemisphere, Transnational Crime, Civilian Security, Democracy, Human Rights, and Global Women’s Issues will hold a June 3 hearing to examine the national security strategy’s focus on the Western Hemisphere.

ALERTS AND ADVISORIES

Silent Ransom Group impersonating IT personnel through social engineering

The Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, is targeting law firms using social engineering techniques. Through phone calls and phishing emails, SRG actors pose as IT support to establish access to victim computers and exfiltrate data, usually through legitimate remote access tools or by sending an individual in-person to the victim company’s location to gain physical access to computers. While SRG has victimized companies in many sectors including those in the insurance, finance, and healthcare industries, the group has consistently targeted U.S.-based law firms since Spring 2023. (IC3.GOV)

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-48172 LiteSpeed cPanel Plugin Privilege Escalation Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.

RUSSIA: For nearly two decades, U.S. strategy produced meaningful cooperation as Russia and the United States cooperated in outer space, counterterrorism and nuclear energy. While today is starkly different from the 1990s, what lessons can be learned from this period of cooperation? Once there is a fair peace in Ukraine and Russia atones for the damage it has done, will it be worth resuming cooperation? Join Rose Gottemoeller, a nonresident fellow in Carnegie’s Nuclear Policy Program and former deputy secretary general of NATO, for a May 27 conversation with Andrew S. Weiss, the James Family Chair and vice president for studies at the Carnegie Endowment, to explore how Gottemoeller tackles these questions in her new book “Security Through Cooperation.”

ELECTROTECH STACK: The most pressing danger may not be Chinese hardware but rather American policy paralysis: overcorrection that delays the technologies this buildout demands, or indecision that continues ceding strategic ground to Beijing. FDD and CMIST will host a May 28 discussion moderated by Harry Krejsa, director of studies at CMIST, featuring Phoebe Benich, non-resident fellow at CMIST; and Dr. Emma Stewart, non-resident fellow at CMIST and lead for Idaho National Laboratory’s Center for Securing Digital Energy Technology. RADM (Ret.) Mark Montgomery, senior director of FDD’s Center on Cyber and Technology Innovation (CCTI), will provide introductory remarks.

WINNING THE AI ERA: On June 1, the Atlantic Council will launch the flagship report of the Atlantic Council Commission on Artificial Intelligence and U.S. competitiveness, a GeoTech Center initiative. This event will unveil the commission’s findings and recommendations, bringing together government leaders, industry executives, and policy experts for a timely discussion on how the United States can secure its AI advantage.

SOCIAL MEDIA: On June 2, The Hamilton Project at the Brookings Institution will host a virtual event exploring the costs of social media, including overuse driven by addiction and “fear of missing out” (FOMO). The event will feature a fireside chat with Dr. Vivek Murthy (19th and 21st surgeon general of the United States) and Cecilia Kang (The New York Times). It will also include a panel discussion with Benjamin Handel (University of California, Berkeley) and Lena Song (University of Illinois Urbana-Champaign), moderated by Bradley Hardy (Georgetown University). In conjunction with the event, The Hamilton Project will release two publications discussing the findings and policy implications of recent economic research on product market traps in social media and on digital addiction.

AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?

CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.

DATA CENTERS: Join the CSIS Economic Security and Technology Department’s Matt Pearl, Aalok Mehta, Joseph Majkut, and Philip Luck on June 4 for a discussion on the rapid expansion of data centers and what it means for the future of AI, energy, and U.S. competitiveness. As artificial intelligence accelerates demand for compute power, data centers have emerged as a critical piece of strategic infrastructure shaping electricity demand, industrial policy, environmental debates, and global technology competition.

BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.

NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!