Cyber Briefing – May 28, 2026
TODAY’S TOP 5
INSIDE THE ATTACK SURFACE OF THE WORLD’S BIGGEST GAME: The 2026 FIFA World Cup will be the largest sporting event ever staged. Across 39 days, 16 host cities in three nations will host 104 matches, an expanded 48-team tournament and an estimated five-to-six million in-venue spectators alongside a global broadcast audience approaching half the planet. The tournament opens at Estadio Azteca in Mexico City on June 11 and concludes at MetLife Stadium in East Rutherford, New Jersey, on July 19. This is the first World Cup to be jointly hosted by three nations. Each match runs on a temporary, multi-ring tournament network grafted onto pre-existing NFL, MLS, CFL and Liga MX stadium environments. It depends on a network of municipal services, including public transit, signalized traffic, water and wastewater treatment, regional power, airport operations and emergency services. Each of those touchpoints is in scope for an adversary. Based on a review of cyber operations against prior mega-events from 2016 through the Milano-Cortina 2026 Winter Games, a new assessment from Palo Alto Networks’ Unit 42 finds that disruptive intrusions, criminal fraud at scale and politically motivated distributed denial-of-service (DDoS) and hack-and-leak operations are highly likely. The only meaningful questions are who, against which targets and at what severity.
ADMINISTRATION TO FUND DRONE FIRMS?: The Trump administration is pursuing funding deals with a group of drone companies as part of its effort to increase domestic production and lower the costs of the increasingly vital weapons, people familiar with the matter said, The Wall Street Journal reports. The potential deals follow months of discussions between a diverse set of private-sector drone companies and the Pentagon, the people said. The discussions have included the Office of Strategic Capital, a lending office set up by the Biden administration to fund companies deemed important to national security supply chains. The deal talks are still in a negotiation phase, the people cautioned, and Pentagon dealmakers are continuing to vet the companies before finalizing any terms. At least some deals, however, might comprise both debt and equity stakes through different funding mechanisms, giving the U.S. government a slice of ownership in the companies, some of the people said.
- U.S. Special Operations Command is looking to build a new testing ground for drones in Mississippi as the Pentagon grapples with ever-evolving autonomous technology that has come to define modern warfare, Defense News reports. The project would expand existing test ranges at NASA’s Stennis Space Center to facilitate air, sea and ground-based drones, according to a notice posted this month. The effort reflects how wars in Ukraine and the Middle East have forced the U.S. military to hone in on how emerging autonomous technology will shape future fights.
- Five years into an existential fight, Ukraine has become a global leader in ground drone technology. Kyiv is deploying these systems at a scale and pace that even the most advanced militaries can’t come close to keeping up with. In an exclusive hourlong interview earlier this month, Brave1 CEO Andrii Hrytseniuk spoke with The War Zone about how Ukraine is set to produce tens of thousands of UGVs this year, how they are being used, and the importance of artificial intelligence in increasing the efficiency of these robots in combat.
RUDD ORDERS CYBER COMMAND REVIEWS: The newly installed head of U.S. Cyber Command has commissioned a pair of studies, including one by a major outside research organization, to examine how the military’s digital warfare arm might better modernize, The Record reports. Army Gen. Joshua Rudd, who took the twin-leadership reins of Cyber Command and the NSA in March, recently tapped MITRE to conduct a potentially wide-ranging review into the organization, according to three people familiar with the matter. The evaluation, the parameters of which are undefined, will most likely scrutinize Cyber Command’s acquisition model and could examine the so-called “service like authorities” granted by Congress that allow it to manage and equip personnel without being an independent military branch, said a command official.
LEADING AI MODELS MORE VULNERABLE TO MALICIOUS PROMPTS THAN VENDORS CLAIM: Major AI developers’ model-safety claims rest on incorrect assumptions about how hackers behave, Cisco researchers said in a report published on Wednesday, Cybersecurity Dive reports. AI vendors assume that their models are safe from hijacking if they can fend off a single malicious prompt at a time, but hackers are increasingly using multistage prompts to evade model defenses, Cisco said, and most models aren’t prepared for those kinds of attacks. Cisco’s evaluation of 15 leading AI models from OpenAI, Anthropic, Google, Amazon and xAI “found that single-turn attack success rate (ASR) is not a reliable proxy for what happens when an attacker can adapt across turns,” researchers Nicholas Conley and Amy Chang wrote. Their tests revealed that AI models were much more susceptible to multi-turn malicious prompts — success rates ranged from 8% to 88%, compared with a range of 2% to 65% for single-turn prompts.
- House lawmakers want to establish a protected disclosure program for employees and contractors to ensure artificial intelligence doesn’t go off the rails at the Defense Department, Federal News Network reports. The House Armed Services Committee is considering legislation that would require the Defense Department to establish an incident and vulnerability reporting program for AI systems. The provision potentially sets up a landmark reporting mechanism at a time when DoD is rapidly expanding its use of AI to nearly every facet of its operations. The requirement for the AI reporting program is included in the House Armed Service’s Committee’s cyber, information technology and innovation subcommittee’s mark-up of the fiscal 2027 defense authorization bill.
IRAN’S HACKERS COORDINATING MORE CLOSELY: Tehran’s hackers have grown more organized, more coordinated and more willing to use artificial intelligence for influence operations in recent months — and they have demonstrated many of those capabilities since the war with Iran began, according to Israel’s top cyberdefense official, Nextgov/FCW reports. In a Tuesday interview, the director-general of Israel’s National Cyber Directorate, Yossi Karadi, said Iranian state-aligned groups are further sharing cyber tools among each other and using AI to polish disinformation and recruitment messages. At the same time, Karadi said he is pressing major AI labs for controlled access to powerful models like Anthropic’s Mythos, arguing that governments need the same tools attackers are seeking to adopt.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
For Estonia, cyber resilience is not an abstract policy goal. It is a national survival issue shaped by history, geography and the reality of living next to Russia. In the latest episode of Cyber Focus, Ambassador Kristjan Prikk explains how Estonia turned a lack of legacy infrastructure into a digital advantage, why the 2007 cyberattacks became a strategic wake-up call for the West and what Ukraine’s defense against Russia reveals about preparation, public-private cooperation and the future of conflict. The conversation also looks ahead to AI in government and education, to Estonia’s support for Ukraine and to the cyber lessons NATO must operationalize before the next crisis. At the center is a clear argument from one of the world’s most digitally advanced democracies: cyber defense is not just about hardening systems, but building the relationships, institutions and resilience needed to keep a society functioning under pressure.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Biothreats
Ebola crisis could become worst on record
A leading US public health expert who served in former President Joe Biden’s administration is warning that the Ebola outbreak in Democratic Republic of the Congo and Uganda could surpass the 2014 crisis to become the worst on record. “This is on track to potentially be as bad as the [2014] West African Ebola outbreak if not worse,” Stephanie Psaki, a senior fellow for global health at the Council on Foreign Relations and former US coordinator for global health security at the National Security Council, told Semafor. “We are on our back foot already, much more than the world was in the beginning of that outbreak.” (SEMAFOR.COM)
Breaches
Carnival data breach exposes names, addresses and government ID numbers after cybercriminals trick employee in social engineering attack
On Wednesday, Carnival said it detected unauthorized activity in April after cybercriminals used social engineering tactics to deceive an employee and gain access to certain data through the worker’s account. The company said the incident resulted in the exposure of some personal information belonging to affected individuals, including names, physical addresses and government-issued identification numbers. Carnival said it quickly blocked the unauthorized access and brought in third-party cybersecurity specialists to investigate the incident and assess its scope. (BENZINGA.COM)
Cybercrime
Google engineer charged with insider trading after making $1.2M on Polymarket
The U.S. Justice Department charged Google software engineer Michele Spagnuolo with insider trading, alleging the employee made $1.2 million trading on Polymarket based on confidential business information. Spagnuolo, who used the name “AlphaRaccoon” on Polymarket, has worked at Google for over 12 years, according to information on LinkedIn. “As alleged, Spagnuolo violated the duties he owed to his employer and used Google’s confidential business information to make more than $1.2 million in trading profits on Polymarket,” Jay Clayton, the United States Attorney for the Southern District of New York, said. (TECHCRUNCH.COM)
Hacker who sold access to Oregon state emergency network for Bitcoin gets prison
A Romanian citizen who sold stolen login credentials that provided access to Oregon’s emergency management computer network in 2021 was sentenced Tuesday to more than four years in federal prison. Catalin Dragomir, now 46, pleaded guilty to aggravated identity theft and obtaining information from a protected computer. “Our country takes these types of crimes very seriously because of the harms and risk of harms that they cause,” said U.S. District Judge Michael H. Simon. (OREGONLIVE.COM)
Government
Latin American cybercriminals hoover up government data
Cyber threat groups in Latin and South America have increasingly targeted government agencies and contractors, stealing and monetizing citizen data at a rate that has made the public-administration sector in the region the most-breached in the past year. In mid-May, a group known as La Pampa Leaks claimed to have compromised Uruguay’s government-sponsored identity service managed by telecommunications provider Antel, reportedly monetizing the information as a citizen-data lookup service. In February, a hacking collective known as the Chronus Group claimed to have stolen data from 25 different Mexican government agencies and groups. And, in Colombia, cyberattackers targeted the nation’s health ministry with more than 23 million attempted attacks during the month of March. (DARKREADING.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
AI-assisted exploit development outpaces scanner detection
Attackers have reduced the time to develop an exploit for a known vulnerability from 125 days to a mere half a day, thanks to the use of AI-assisted development, leaving vulnerability scanners struggling to keep pace, new research has found. Cogent Research analyzed 69,159 common vulnerabilities and exposures (CVEs) and found that in January 2025, attackers needed 125.3 days to develop a method for exploiting them, according to a report. By April 2026, threat actors reduced that time to just 0.5 days by using AI, thus creating significant visibility gaps for security teams during the highest-risk periods following vulnerability disclosure, according to Cogent. (DARKREADING.COM)
‘SymJack’ attack turns AI coding agents into supply chain attack delivery systems
Trust and automation are key to many attacks; and trust with automation is inherent in the use of AI coding agents. Malicious repositories are a frequent factor in many supply chain attacks, estimated at between 20% and 40%. Such repositories can be used to fool a developer using an AI coding agent into generating bad code that can silently slip into the CI pipeline. That is just one possibility of the SymJack attack described by Adversa AI. The attack requires three elements: attacker control of the coding agent repo, a ready-made malicious MCP server, and a developer’s use of an AI coding tool. (SECURITYWEEK.COM)
All major LLMs exposed to multi-turn manipulation, warn researchers
The safety guardrails of several prominent large language models (LLM) can be bypassed if a user tricks the LLM into having a multi-pronged, ongoing conversation, researchers at Cisco have warned. The researchers examined commonly used LLMs and frontier AI models including OpenAI’s ChatGPT, Anthropic’s Claude, Google Gemini, Amazon Nova, xAI’s Grok and others to test how their built-in safety guardrails held up against potential threats from real-world attackers. They found that many of the models could be tricked into performing actions they should not be able to. (INFOSECURITY-MAGAZINE.COM)
Cryptocurrency
JINX-0164 targets cryptocurrency firms with fake recruiter lures and macOS malware
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. “These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure,” Wiz researchers Shira Ayal, Eden Abergil, Andre Maccarone, Yuval Dan, and Benjamin Read said. “The used methods enabled the threat actor to move laterally from compromised employee laptops to code distribution systems and development infrastructure.” (THEHACKERNEWS.COM)
Health care
Agentic AI in health care is a risky proposition
Humans make mistakes. They fall for phishing scams and click on malicious links. Machines aren’t necessarily better: Delegating decisions to agentic artificial tools can significantly intensify cybersecurity risks, warns a healthcare sector association. Over-permissioned accounts, weak governance and credential misuse – all are amplified by AI-enabled workflows, said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center. The center published Tuesday a report from Living Security with advice on managing agentic artificial intelligence risk in healthcare settings. (HEALTHCAREINFOSECURITY.COM)
Malware
Disrupting Glassworm: Inside CrowdStrike’s takedown of a developer-targeting botnet
The CrowdStrike Counter Adversary Operations team executed a coordinated takedown of the Glassworm botnet, a global threat targeting software developers through the open-source supply chain. In collaboration with Google and the Shadowserver Foundation, they struck all four of Glassworm’s command-and-control (C2) channels simultaneously, severing the operators from their infected machines and their ability to deliver new malicious payloads. This takedown matters beyond the botnet. Glassworm marked a significant shift in the threat landscape that should serve as a wake-up call for every organization that ships or consumes software. Adversaries are no longer just targeting products, they’re targeting the developers who build them. (CROWDSTRIKE.COM)
ClearFake abuses BSC testnet contracts for resilient C2 operations
Threat actors behind the ClearFake campaign have adopted a novel and highly resilient command-and-control (C2) architecture by leveraging BNB Smart Chain (BSC) testnet smart contracts, creating an infrastructure that is effectively immune to traditional takedown efforts. Unlike conventional malware campaigns that depend on easily disruptable infrastructure such as hosting providers or registrars, this approach embeds malicious JavaScript and instructions within immutable blockchain storage. (GBHACKERS.COMM)
Hackers host JS malware on GHOSTYNETWORKS and OMEGATECH
Hackers are abusing two bulletproof hosting providers, GHOSTYNETWORKS and OMEGATECH, to run a global JavaScript (JS) malware infrastructure that powers large‑scale malspam and business email compromise activity. In March 2026, multiple malspam waves delivered a JavaScript backdoor via ZIP or RAR attachments to organizations across regions and sectors, including energy companies and finance ministries. The operators appear financially motivated, aiming to compromise email accounts (EAC) and engage in business email compromise (BEC) rather than espionage. (GBHACKERS.COM)
Supply chain
Malicious npm package stole files from Claude AI user directory via GitHub
Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named “mouse5212-super-formatter,” is designed to upload files from “/mnt/user-data,” a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The activity has been codenamed Malware-Slop. (THEHACKERNEWS.COM)
Vulnerabilities
Gitea vulnerability exposes private container images without authentication
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerability, tracked as CVE-2026-27771 (CVSS score: 8.2), affects all versions of Gitea prior to 1.26.2, which addresses the issue. According to Noscope, the security defect likely impacts more than 30,000 deployments across over 30 countries and went undetected for close to four years. (THEHACKERNEWS.COM)
Websites have a new way to spy on visitors: analyzing their SSD activity
Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and log keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all. Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices. (ARSTECHNICA.COM)
Critical Notepad++ flaw could enable remote code execution attacks
Notepad++ has released version 8.9.6.1 to address multiple security vulnerabilities, including critical flaws that could allow arbitrary code execution under specific conditions. The update, published on May 26, 2026, patches three vulnerabilities tracked as CVE-2026-48770, CVE-2026-48778, and CVE-2026-48800. These issues affect versions up to 8.9.6 and highlight risks tied to improper handling of configuration files. The most severe issue, CVE-2026-48778, stems from how Notepad++ processes the config.xml file, specifically the parameter. (GBHACKERS.COM)

ADVERSARIES
China
Control without ownership: How China’s party-business networks dominate Indonesia’s mineral supply chains
OPINION: In 2024, when Jiangsu Delong, the world’s second-largest stainless-steel producer, filed for bankruptcy, several Chinese firms and state-owned enterprises quietly absorbed its Indonesian assets. Among them was China First Heavy Industries, a state-owned enterprise founded in 1954 as one of China’s early Soviet-backed industrial projects. Today, China First Heavy Industries supplies military-grade metals to China’s military, including reactor vessels for nuclear submarines. For a manufacturer embedded deeply in China’s naval industrial base, securing nickel feedstock for specialty steels is crucial. The episode reveals China’s strategy for critical minerals: Incentivizing access to upstream assets for Chinese firms reduces the risk of supply disruptions and shapes the cost structure of downstream products in military equipment, semiconductors, and other strategic industries. (WARONTHEROCKS.COM)
North Korea
What everyone is missing about North Korea’s reunification strategy
OPINION: When news broke that North Korea had revised its constitution, analysts in the West and across the Korean Peninsula rushed to declare it the formal death of Korean reunification as a policy objective. The changes were hard to ignore. Pyongyang stripped all references to a unified Korean nation, codified a territorial clause treating the Republic of Korea as a separate foreign state, vested direct nuclear weapons authority in Kim Jong-un personally, and concentrated near-absolute executive power in the supreme leader alone. On the surface, it looked like the official burial of seven decades of unification ideology. That reading is seductive. It’s also almost certainly wrong — and dangerously so. (WARONTHEROCKS.COM)
Russia
High-level British spy warns of expanding Russia threat
As Russia fails to gain ground in the war in Ukraine and suffers staggering troop casualties, President Vladimir V. Putin appears to be pursuing a wider conflict in Europe, increasingly targeting critical infrastructure and supply chains, one of Britain’s highest-ranking intelligence officials warned on Wednesday. “Russia is scaling up its daily hybrid activity against the U.K. and Europe,” said the official, Anne Keast-Butler, who is director of GCHQ, the British electronic surveillance agency. GCHQ has been countering what Ms. Keast-Butler called the Kremlin’s “reckless sabotage and assassination attempts.” (NYTIMES.COM)
This tiny country on the edge of Russia is preparing for a wider war
Across Estonia, on NATO’s eastern border with Russia, preparing for potential war has become a part of everyday life. In Tartu, a large university city in the country’s east, city planners conducted drills on mass evacuations and sudden attacks on city hall. They are setting up short-term emergency shelters for 100,000 people by 2028. Heads of kindergartens are given specialized crisis training and emergency supplies with radios, first-aid kits and portable stoves. High schools across the country are teaching students how to operate drones. And in eastern Estonia and neighboring Latvia, thousands of soldiers from across the North Atlantic Treaty Organization conduct an annual large-scale military exercise with heavy military equipment — and hundreds of drones. (WSJ.COM)
Threat actors
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacks
A new threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacks and second only to the notorious Qilin. Despite only having emerged in July last year, The Gentlemen has quickly evolved into a highly operational RaaS group, according to the NTT, using advanced tooling and proxy infrastructure to accelerate attacks and improve stealth. With a level of technical maturity that would normally be associated with more established ransomware groups, the researchers believe that the group consists of experienced actors with potential ties to other ransomware ecosystems. (ITPRO.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
Argonne launches high-performance computing-backed AI research service
Argonne National Laboratory announced on Tuesday that it launched a new platform to offer researchers access to various artificial intelligence models, the latest move supporting the Department of Energy’s mission to spur advanced research and innovation in AI. The lab is deploying an AI inference service — a cloud-like offering that is designed to analyze data, make connections and supply predictions — to facilitate scientific access to leading AI models. The service will provide an array of large language models and scientific foundation models to users in the national lab apparatus. “Our inference service helps close the gap between developing AI models and putting them to work in scientific research,” Michael Papka, the director of the Argonne Leadership Computing Facility, said. (NEXTGOV.COM)
Defense
Rebuilding U.S. missile inventory: A multiyear project
The 39-day bombing and air defense campaign against Iran depleted inventories of key U.S. munitions stockpiles, as a previous CSIS analysis detailed. The United States has enough munitions for any plausible scenario in the Iran war, but the depleted inventories have created a window of vulnerability for a potential Western Pacific conflict. The time needed to rebuild those inventories has thus become a major concern. A new analysis shows replacement times for seven key munitions heavily used during the Iran War that would also be needed for a Western Pacific war. (CSIS.ORG)
Education
How the Canvas data breach further frayed families’ trust in ed tech
As criticism is mounting about too much ed tech in schools, the recent Canvas data breach further threatens the trust families have in classroom technology, a leading education cybersecurity expert said. When major cybersecurity incidents like the Canvas breach occur, they threaten the trust families have in schools to take care of their children and their data — not to mention the trust that schools give to vendors to help with their daily operations, said Michael Klein, senior director for preparedness and response at the Institute for Security and Technology. “One of my big concerns with this particular incident is that it seems to have endangered that trust in a way beyond what we had seen before,” said Klein, who previously worked in the U.S. Department of Education as the senior advisor for cybersecurity. (K12DIVE.COM)
Elections
OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms
OpenAI on Wednesday hailed its plans to safeguard information and aid cybersecurity defenders in the 2026 midterm elections, including work to combat deepfakes and other forms of artificial intelligence misuse. The announcement builds on commitments from major tech companies in 2024, including OpenAI, to protect elections from AI-infused election interference — efforts that some thought weren’t enough. Government agencies, non-governmental institutes and others have increasingly warned about AI’s ability to have a negative impact on elections even as they advertise its potential for good. (CYBERSCOOP.COM)
Emergency services
FEMA review signals shift to state-led disaster management
The Trump administration’s Federal Emergency Management Agency Review Council is proposing one of the most significant restructurings of federal disaster response in decades, a shift that could dramatically expand the responsibilities of state and local emergency management agencies. The council published its final report this month, calling for expanded interoperable communications systems, improved data-sharing networks and new resource-cataloging systems designed to track emergency assets across federal, state, local, tribal and territorial governments. It also highlights new technology-driven approaches to emergency management, including predictive disaster modeling, automated aid assessments based on objective climate or financial metrics and expanded resilience data platforms. (STATESCOOP.COM)
Regulations
CISA announces revised town hall schedule to engage with stakeholders on cyber incident reporting for critical infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) announced a revised schedule for a series of virtual town hall meetings to gather stakeholder input on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) rulemaking. CISA remains committed to affording stakeholders the opportunity to provide additional input on the CIRCIA rulemaking through a town hall series before the rule is finalized. The revised schedule is available in the Federal Register. Interested stakeholders may register for the town hall meetings at www.cisa.gov/circia. Any changes or updates to the town halls will be available on www.cisa.gov/circia. (CISA.GOV)
Social media
EU moderation watchdog says social media giants hate taking down hate speech
The EU’s moderation appeals watchdog says Facebook, Instagram, TikTok, and YouTube routinely leave hate speech online while stonewalling attempts to independently review suspended accounts. Appeals Centre Europe, an Ireland-certified dispute settlement body operating under the EU’s Digital Services Act, says it overturned platforms’ decisions not to remove reported hate speech 70 percent of the time between April 2025 and March 2026, including content targeting migrants, Roma communities, religious minorities, and LGBTQI+ people. TikTok fared worst, with the Appeals Centre overturning its decisions in 83 percent of reviewed hate speech disputes, followed by Instagram at 74 percent, Facebook at 61 percent, and YouTube at 58 percent. (THEREGISTER.COM)
Space
Mystery GPS jammer in Iran becomes test for NASA satellites’ capabilities
NASA satellites designed to observe cyclone wind speeds and collapsing ice sheets have also proven capable of identifying the approximate locations of GPS jammers. That could help monitor high-risk areas for aircraft and ships navigating the growing prevalence of GPS interference worldwide. Two different NASA satellite systems showed how they could locate a known but mysterious GPS jammer within several kilometers of its position in Iran, according to an experiment by Sean Gorman, CEO and cofounder of the location-based technology company Zephr.xyz that was detailed in the magazine GPS World. Such jammers use strong signals to overpower the weaker radio signals coming from US-operated GPS satellites and other global navigation satellite systems. (ARSTECHNICA.COM)
House panel proposes eliminating SDA, Space RCO
The House Armed Services Committee’s draft National Defense Authorization Act, released May 26, calls for repealing the laws that established the Space Development Agency and the Space Rapid Capabilities Office. The proposed change would pave the way for the Space Force to integrate those offices into its new acquisition structure, which consolidates existing program offices under the oversight of nine “portfolio acquisition executives” that will manage programs by mission area and eventually have the authority to shift funding and adjust requirements based on demand and changing threats. The reorganization, mandated by Defense Secretary Pete Hegseth to be implemented by all of the military services, is meant to empower acquisition leaders and position them to deliver defense capabilities faster. (AIRANDSPACEFORCES.COM)
Workforce
Tech Force director says roughly 200 have been hired through the program
Workers hired under the Trump administration’s Tech Force program are gradually making their way into the government. About 200 people have been hired so far, and onboarding began over the past couple of weeks, Tech Force Director Kevin Hennecken told an audience gathered in a meeting room within the U.S. Capitol Visitor’s Center on Wednesday. He estimated about 10 people have been onboarded and expects that to be over 100 next month. The goal, he said, is to have about 300 to 500 workers by the end of summer. (FEDSCOOP.COM)
LEGISLATIVE UPDATES
House draft of defense policy bill leaves some of Trump admin’s top priorities unfunded
An initial draft of the annual defense policy bill shows the House is still banking on billions of yet-to-be-approved funds for the Trump administration’s top military priorities. The HASC chairman’s mark of the 2027 National Defense Authorization Act released on Tuesday detailed $1.15 trillion in baseline defense spending. But the Pentagon has asked for $1.5 trillion. To fully fund administration efforts like Golden Dome, shipbuilding, and a crucial munitions build-up, Congress would have to approve an additional $350 billion. But one senior committee staffer said HASC Chairman Mike Rogers (R-Ala.) is confident Congress will approve those reconciliation funds. (DEFENSEONE.COM)
Warren proposes taxing AI companies so ‘winnings’ ‘benefit all Americans’
Sen. Elizabeth Warren (D-Mass.) is calling for an overhaul of the U.S. tax code to tax artificial intelligence companies, arguing the gains from AI should “benefit all Americans. “Building an economy that works for all of us will require multiple policy responses. But it starts by acknowledging: it’s time to tax AI and invest in people,” Warren wrote in an op-ed published Wednesday in Time magazine. “Taxing AI is one way we make sure the winnings from AI benefit all Americans, rather than channeling them only to the wealthy few,” she added. (THEHILL.COM)
MITRE moves to comply with lawmaker’s request for UAP records and assets dating back to 1930
The MITRE Corporation confirmed that insiders are reviewing its archives to comply with a recent production request from Rep. Eric Burlison (R-Mo.), who pressed the not-for-profit organization for dozens of assets that would reveal whether it currently has or previously possessed information on unidentified anomalous phenomena and associated unexplained technologies. Dated May 22 and obtained by DefenseScoop on Wednesday, the 10-page correspondence reflects concerns raised by whistleblowers alleging that the Pentagon and defense contractors are deliberately concealing sensitive UAP materials in private networks to bypass congressional and public oversight. (DEFENSESCOOP.COM)
COMMITTEE ACTIVITY
NSS: The Senate Foreign Relations Subcommittee on Western Hemisphere, Transnational Crime, Civilian Security, Democracy, Human Rights, and Global Women’s Issues will hold a June 3 hearing to examine the national security strategy’s focus on the Western Hemisphere.
ALERTS AND ADVISORIES
Threat actors spoofing FIFA websites in advance of the 2026 World Cup
The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement (PSA) to warn the public that cyber threat actors are conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA) website in advance of the 2026 FIFA World Cup. A spoofed website is designed to pose as a legitimate website, with branding, product listings, etc., and malicious actors use them to further illegal activity like personal information theft and facilitating monetary scams. (IC3.GOV)
CISA adds three known exploited vulnerabilities to catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability, CVE-2026-45321 TanStack Unspecified Vulnerability, CVE-2026-48027 Nx Console Embedded Malicious Code Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
ELECTROTECH STACK: The most pressing danger may not be Chinese hardware but rather American policy paralysis: overcorrection that delays the technologies this buildout demands, or indecision that continues ceding strategic ground to Beijing. FDD and CMIST will host a May 28 discussion moderated by Harry Krejsa, director of studies at CMIST, featuring Phoebe Benich, non-resident fellow at CMIST; and Dr. Emma Stewart, non-resident fellow at CMIST and lead for Idaho National Laboratory’s Center for Securing Digital Energy Technology. RADM (Ret.) Mark Montgomery, senior director of FDD’s Center on Cyber and Technology Innovation (CCTI), will provide introductory remarks.
WINNING THE AI ERA: On June 1, the Atlantic Council will launch the flagship report of the Atlantic Council Commission on Artificial Intelligence and U.S. competitiveness, a GeoTech Center initiative. This event will unveil the commission’s findings and recommendations, bringing together government leaders, industry executives, and policy experts for a timely discussion on how the United States can secure its AI advantage.
SOCIAL MEDIA: On June 2, The Hamilton Project at the Brookings Institution will host a virtual event exploring the costs of social media, including overuse driven by addiction and “fear of missing out” (FOMO). The event will feature a fireside chat with Dr. Vivek Murthy (19th and 21st surgeon general of the United States) and Cecilia Kang (The New York Times). It will also include a panel discussion with Benjamin Handel (University of California, Berkeley) and Lena Song (University of Illinois Urbana-Champaign), moderated by Bradley Hardy (Georgetown University). In conjunction with the event, The Hamilton Project will release two publications discussing the findings and policy implications of recent economic research on product market traps in social media and on digital addiction.
AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?
CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.
DATA CENTERS: Join the CSIS Economic Security and Technology Department’s Matt Pearl, Aalok Mehta, Joseph Majkut, and Philip Luck on June 4 for a discussion on the rapid expansion of data centers and what it means for the future of AI, energy, and U.S. competitiveness. As artificial intelligence accelerates demand for compute power, data centers have emerged as a critical piece of strategic infrastructure shaping electricity demand, industrial policy, environmental debates, and global technology competition.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.
GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS