Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – May 29, 2026


Cyber Briefing

TODAY’S TOP 5

DIRECTOR’S NOTE: Read here

CHINA’S THUMB ON THE SUPPLY CHAIN: The People’s Republic of China (PRC) is shaping global trade standards in data control and customs clearance. These standards give preference to Chinese platforms that provide Beijing with end-to-end visibility into global shipping, Jonah Reisboard writes at the Jamestown Foundation. No Western equivalent of this system exists, and the resulting data asymmetry could enable PRC actors to identify supply chain chokepoints, exploit dependencies in critical resources and circumvent tariffs, sanctions and export controls. Chinese trade platforms gain international power via bilateral adoption agreements, multilateral institutions like the World Customs Organization, and standards-setting bodies led by Alibaba and state-run LOGINK. This ecosystem embeds Chinese platforms and norms into global trade infrastructure, locking in adoption and displacing alternatives.

  • Hacking groups linked to China have exploited the war in the Middle East in attempts to compromise maritime and energy companies in the region, cybersecurity researchers at ESET have warned, Infosecurity Magazine reports. Published Thursday, the latest ESET APT Activity Report warned that nation-state backed APT groups are actively targeting geopolitical hotpots, especially the Gulf region, following U.S. military operations against Iran. Chinese espionage and hacking operations also continue to target organizations around the world, in line with Beijing’s interests. This included targeting of government organizations in Central America and an attempted espionage campaign against an AI and robotics company in South Korea.
  • The top member on the House Armed Services subcommittee focused on cyber had a stark warning about how America’s greatest geopolitical rival is positioning itself to overwhelm the U.S. military in cyberspace. “China has 10:1 people doing offensive cyber to us. I think we should be expanding our capabilities,” Rep. Don Bacon (R-Neb.) told Breaking Defense on the sidelines of the 4th Annual National Cyber Innovation Forum on Thursday. U.S. Cyber Command does a “great job with what they have,” he said, “but I think we’re underfunded and undermanned.”

WORLD CUP TERROR THREATS: The 2026 World Cup will be the largest sporting event ever held — and a magnet for terrorists of all stripes. Major sporting events have long attracted a range of foreign terrorist groups and domestic extremists looking to bring their grievances to the fore or simply sow death and destruction. The most likely danger to the 2026 World Cup comes from a domestic lone actor or small group striking soft targets around the matches: fan zones, transit corridors, hotel and restaurant districts, and the queues outside stadium gates. The threats facing the tournament are real and diffuse, but so are the countermeasures arrayed against them, Daniel Byman and Riley McCabe write in a CSIS brief.

  • Chinese-speaking fraudsters have built a near pixel-perfect clone of FIFA’s official website across more than 300 domains in an attempt to steal credentials and payment details from fans seeking tickets to the 2026 World Cup, The Record reports. The operation — one of four independent campaigns detailed Wednesday by cybersecurity firm Group-IB — could put billions of dollars at risk when accounting for credential theft, fake ticket sales, counterfeit merchandise, fraudulent streaming sites and unlicensed gambling platforms, said the Singapore-based company. The potential scale of the fraud mirrors the scale of the 2026 World Cup, which is set to be the largest edition of the tournament in history, with 48 teams competing across 104 matches in the United States, Canada and Mexico.

10 TECH FORCE NEW HIRES: Late last year, the Trump administration began an effort to recruit early-career software and data engineers after pushing almost 20,000 technology employees out of their government jobs under widespread downsizing imperatives. The goal of that new effort, called the U.S. Tech Force, was to hire a 1,000-strong cohort — potentially as soon as the end of March, Scott Kupor, the head of the Office of Personnel Management, said in December. So far, the program has onboarded only 10 new hires, Tech Force Director Kevin Hennecken said during a Thursday event held by the Alliance for Digital Innovation trade association, Nextgov/FCW reports. Overall, the program has made 180 to 200 hires.

  • Alexandra Seymour, a top policy official in the White House Office of the National Cyber Director, intends to leave her position soon, according to two people familiar with the matter, Nextgov/FCW reports. Seymour, who serves as principal deputy assistant national cyber director for policy, is expected to depart within the next week, said the people, who spoke on the condition of anonymity to provide details about the move. It’s not clear where she is headed next, or when she would start a new role.

HOW THE PENTAGON PLANS TO SPEND ITS DRONE BUCKS: A countdown began as a gaggle of defense officials, soldiers, drone makers, and reporters watched screens in a windowless operations center. Suddenly, a LUCAS drone appeared, moving at rocket speed and showing off a new low-level capability before it crashed through a cement structure on the test range. It was a vivid demonstration of just how quickly the FLM-136 drone is evolving — and of how swiftly Pentagon leaders want to spend the $50 billion they have requested this year for drone development and production, Defense One reports. The path to spend that money quickly and well is paved with steps that Pentagon leaders have already taken. They have expanded the list of drones that unit commanders can easily buy, Emil Michael, defense undersecretary for research and engineering, said at the SOF Week event in Tampa last week. 

  • Though the drone was designed to haul supplies across the battlefield, the Army recently tried adding a new capability to its body to see if it could do something else entirely: fire rockets. During an experiment at Fort Rucker, Alabama, defense industry partners successfully attached a three-shot weapon system on a Tactical Resupply Vehicle, or TRV 150 drone, in an attempt to fire 70 millimeter rockets, according to an Army release, Defense News reports. The move is aimed at bringing more capabilities to lower echelons of command. 
  • A U.S. warship used aerial and maritime drones to help sink a decommissioned frigate last fall, Fourth Fleet officials have confirmed, adding that the experience is now shaping how the Navy will go into future battles, Defense One reports. On or about Sept. 28, somewhere in the Fourth Fleet’s slice of the Atlantic Ocean, the littoral combat ship Cooperstown launched four unmanned aerial vehicles and one unmanned surface vessel against the former USS Simpson, a Perry-class guided missile frigate that was until recently the last modern U.S. Navy vessel to have sunk an enemy warship.

WHAT EPIC FURY TAUGHT THE SPACE FORCE: The loss of Space Force capabilities during Operation Epic Fury in Iran has highlighted the need for the service to invest in disaggregating its ground-based space operations centers and new “tactical” electronic warfare (EW) centers both at home and abroad, according to one of the service’s top budget planners, Breaking Defense reports. “We’ve seen in Operation Epic Fury, for the first time, that our space capabilities have been targeted and destroyed,” Brig. Gen. Christopher Fernengel, told the State of Space Industrial Base (SSIB) conference in New Mexico on Thursday. “We expect that to happen more, whether that be OCONUS [outside the continental US] or targeted kinetically or through cyberspace activity [inside] CONUS.” Fernengel, as the director of plans and programs in the Office of the Deputy Chief of Space Operations for Strategy, Plans, Programs and Requirements, is responsible for implementing service programs across the five-year Future Years Defense Program.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

For Estonia, cyber resilience is not an abstract policy goal. It is a national survival issue shaped by history, geography and the reality of living next to Russia. In the latest episode of Cyber Focus, Ambassador Kristjan Prikk explains how Estonia turned a lack of legacy infrastructure into a digital advantage, why the 2007 cyberattacks became a strategic wake-up call for the West and what Ukraine’s defense against Russia reveals about preparation, public-private cooperation and the future of conflict. The conversation also looks ahead to AI in government and education, to Estonia’s support for Ukraine and to the cyber lessons NATO must operationalize before the next crisis. At the center is a clear argument from one of the world’s most digitally advanced democracies: cyber defense is not just about hardening systems, but building the relationships, institutions and resilience needed to keep a society functioning under pressure.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Biothreats

Kenya court suspends U.S. plan for Ebola quarantine facility for Americans

A court in Kenya on Friday suspended a U.S. plan to establish a quarantine facility for Americans exposed to a rare type of Ebola virus spreading in northeastern Congo, following a backlash by medical workers and activists. A U.S. administration official said on Wednesday that the U.S. was planning to send Americans who are exposed to Ebola while abroad to a new facility in Kenya instead of flying them home. The official spoke on condition of anonymity to share the administration’s plans. It was unclear where in Kenya the new facility will be built or whether the Kenyan government has signed off on the plan. (APNEWS.COM)

MORE: Ebola science is moving fast. It might not be enough (BLOOMBERG.COM)

Hantavirus-exposed cruise passengers may soon be allowed to return home but must remain under 24/7 watch

The U.S. government is prepared to allow American passengers who were exposed to a unique strain of hantavirus to return home as early as Monday, provided their states post a monitoroutside their homes 24/7 for the remaining three weeks of their six-week quarantine. It could be a police officer or a public health worker, according to two of the passengers now in quarantine in Nebraska, who participated in a video call with government officials Thursday. The passengers, who asked not to be named for fear of retaliation, said the purpose of the call was to explain the logistics of how they could return home. (CNN.COM)

Why the Ebola and hantavirus outbreaks have confounded scientists

This month, a pair of viruses seized the headlines. First came a hantavirus outbreak aboard a cruise ship, which caused as many as 13 infections, three of which were fatal. Then an Ebola outbreak flared in Africa, so far leading to more than 900 infections and 220 deaths. In both cases, the news has been not only frightening but also confusing, even to scientists. The hantaviruses didn’t seem to be acting like hantaviruses, and the Ebola viruses weren’t behaving like Ebola viruses. (NYTIMES.COM)

Breaches

California sues former 23andMe over 2023 ancestry and genetic data breach

California is suing the consumer genetics company formerly known as 23andMe over its 2023 breach of ancestry and genetic data, one of the most consequential data breaches ever. Attorney General Rob Bonta announced the lawsuit on Thursday against San Francisco-based Chrome Holding Co. for failing to protect customers’ sensitive personal information, including heath data, genetic risk factors, biological relatives, ancestry, and ethnicity. In October 2023, 23andMe disclosed a security incident that the company originally said affected only about 14,000 accounts at the time. However, through the company’s opt-in DNA Relatives feature, hackers were able to scrape the profiles of nearly seven million people connected to the breached accounts, including about 855,000 Californians. (CBSNEWS.COM)

Drones

Hezbollah’s drones have become a top threat to Israel

Hezbollah militants are increasingly adept at using explosive drones, deploying night-vision gear and first-person viewers to inflict a deadly toll on Israeli ground troops. Within a matter of weeks, Hezbollah’s one-way drones have turned into Israel’s top concern on its northern flank, overtaking more-traditional threats such as antitank missiles, Israeli officials say. They are now the leading cause of battlefield deaths, responsible for seven out of the 11 Israeli soldiers killed since a shaky cease-fire between Israel and Lebanon went into effect in April, according to the military. Recent videos posted by the Lebanese militant group on social media show first-person-view drones, a weapon that dominates Ukrainian battlefields, targeting the fuel tanks of Israeli vehicles. (WSJ.COM)

Health care

Connecticut Medicaid portal hack affects thousands

A hack of a Connecticut Medicaid web portal used by healthcare providers affected thousands of patients. The attack was part of a thwarted scheme by cybercriminals to divert Medicaid payments. Hartford HealthCare on Thursday told ISMG that it identified unusual activity on March 25 involving accounts associated with a web portal that the Connecticut’s department of social services requires Medicaid providers to use for the submission and payment of claims. The portal is hosted and maintained by Gainwell Technologies, which provides administrative services supporting the state of Connecticut’s Medicaid program – Husky. (HEALTHCAREINFOSECURITY.COM)

Space

Blue Origin rocket explodes on the launch pad during an engine-firing test

A rocket belonging to Jeff Bezos’ Blue Origin exploded during a test at the launch pad Thursday night, shaking nearby homes and briefly painting the sky orange. Blue Origin said its New Glenn rocket exploded during an engine-firing test being conducted ahead of a satellite launch planned for next week. No one was hurt, according to officials at Cape Canaveral Space Force Station. “It’s too early to know the root cause but we’re already working to find it,” Bezos said via X. “Very rough day, but we’ll rebuild whatever needs rebuilding and get back to flying. It’s worth it.” (APNEWS.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

LLMs believe false statements even after explicit warnings that they’re false

Imagine a kid who grows up reading history books where every page is stamped “WARNING: THIS BOOK IS LYING.” You’d expect them to come away skeptical, or at least uncertain. New research on so-called “negation neglect” finds that LLMs in a roughly analogous situation don’t behave that way. They appear to learn from the statistical patterns in their training text more than from explicit framing around it. Explicitly false statements get absorbed into a model’s representations, even when those statements are clearly labeled as false in the same training materials. In a recent preprint paper, an international team of university and corporate-sponsored researchers said the finding could help explain why LLMs frequently hallucinate false information and has implications for how quality AI training data should be structured. (ARSTECHNICA.COM)

Agentic AI isn’t risky; the way orgs deploy it is

In the mad dash to deploy agentic artificial intelligence (AI) technology, developers aren’t taking enough time to understand how their programs work, and they’re inadvertently generating a whole lot of very old-fashioned vulnerabilities. The universe of AI agents in the advanced economies of today’s world is immeasurably large; literally, nobody has any clue how many of these things are out there. Some recent data suggests that somewhere around a third of organizations have either already adopted or will adopt, agentic AI tech soon, but even those measurements rest on self-reporting and generalized data, or loose predictions. (DARKREADING.COM)

Malware

Fake Adobe Document Cloud pages spread ScreenConnect malware

Hackers are actively exploiting trust in Adobe Document Cloud by using fake delivery pages to install remote access malware. The campaign leverages a sophisticated phishing kit named “RatPressto,” which abuses compromised WordPress sites and legitimate software to evade detection while targeting financial organizations. The attack begins with phishing emails that appear to be standard corporate document notifications. Victims receive a message claiming a secure file has been uploaded to Adobe Document Cloud due to size or confidentiality constraints. (GBHACKERS.COM)

Tactics

Attackers move past typosquatting to realistic package impersonation

Most malicious open source packages have moved beyond misspelling popular project names, instead disguising themselves as plausible plugins, configs and helpers that fit naturally into a developer’s workflow. That is the central finding of new analysis by Sonatype, which examined 4309 malicious packages and found that 91% used naming-variant tactics rather than classic typosquatting. Only 9% depended on the spelling slips that traditional defenses are built to catch. The shift matters because these packages are not harmless lookalikes. The most common behaviors were host and secrets exfiltration, followed by droppers and backdoors, turning a routine install into a route for credential theft and follow-on compromise. (INFOSECURITY-MAGAZINE.COM)

Vulnerabilities

Critical Gogs RCE vulnerability lets any authenticated user execute arbitrary code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. “The vulnerability allows any authenticated user to achieve remote code execution (RCE) on the server by creating a pull request with a malicious branch name that injects the –exec flag into git rebase during the ‘Rebase before merging’ merge operation,” security researcher Jonah Burgess said. (THEHACKERNEWS.COM)

Samba security flaw lets attackers execute code remotely

A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on affected servers. Tracked as CVE-2026-4480, the flaw carries a maximum CVSS score of 10.0, highlighting its severe impact on confidentiality, integrity, and availability. The issue affects Samba print servers configured with the “print command” and the %J substitution parameter. Samba, widely deployed across enterprise and Linux environments for file and print sharing, improperly handles user-supplied input in this parameter. (GBHACKERS.COM)

Threat actors exploit critical FortiClient EMS flaw to deploy credential stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,” Arctic Wolf said. “Threat actors disguised the credential stealer payload as a Fortinet endpoint update, silently executing the malicious executable through PowerShell.” The activity, observed by the cybersecurity company in May 2026, involves the exploitation of CVE-2026-35616 (CVSS score: 9.1), a critical pre-authentication API access bypass leading to privilege escalation. The issue was addressed by Fortinet in FortiClient EMS 7.4.7 and later. (THEHACKERNEWS.COM)

Zapocalypse attack lets threat actors hijack Zapier accounts

“Zapocalypse” is a newly disclosed attack chain that shows how attackers could have abused Zapier’s “Code by Zapier” feature to move from a single sandboxed Python step to a potential full-scale Zapier account takeover. The research, carried out by Token Security, is notable because it did not rely on any unknown zero‑days or exotic primitives. Instead, it chained together five well‑understood weaknesses: overly powerful cloud roles, unsafe credential handling in memory, secret leakage through container images, and overly broad NPM publish rights to a frontend package loaded into every authenticated Zapier session. (GBHACKERS.COM)

ADVERSARIES

North Korea

Kimsuky deploys HTTPSpy, expands arsenal with HelloDoor and VS Code tunnels

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. “Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged a legitimate meeting schedule,” ENKI said in an analysis published this week. The attacks have been found to deliver a variant of a known malware family dubbed HTTPSpy by disguising it as installers from South Korean security software, a tactic the threat actor has consistently adopted since 2023. (THEHACKERNEWS.COM)

Russia

EU says Russia has crossed ‘another line’ after drone hits Romanian apartment block

The EU hit out at Russia after a drone crashes into a Romanian apartment block, injuring two people. No deaths have been reported and the fire has been put out. Romania’s foreign ministry says it happened while Russia was carrying out attacks on Ukraine. European Commission President Ursula von der Leyen said “Russia’s war of aggression has crossed yet another line,” while Nato condemned “Russia’s reckless behavior.” (BBC.COM)

Russia-linked ‘GreyVibe’ attackers use AI to supercharge cyberattacks

GreyVibe, a previously undocumented threat actor, is described by WithSecure as a Russia-nexus group. The researchers are confident in their attribution of GreyVibe to Russian-speaking operators in the Moscow time zone, but are less certain whether the group is cybercriminal, nation-state – or a mix of the two. The primary focus of the group, targeting Ukrainian military, government, civilian, and business entities since August 2025, aligns closely with Russian state interests. At the same time, the researchers have detected numerous indications that at least some GreyVibe members may be socially less than optimum elite state operators – including, for example, their use of Internet slang-based naming conventions across early-stage development artefacts, such as ‘letsrollboyos’, ‘totallyunsus’, and ‘cuteuwu’. (SECURITYWEEK.COM)

New counter-drone optimized Pantsir air defense system being deployed atop skyscrapers In Moscow

A recent video out of Russia once again highlights the drastic efforts being taken to provide Moscow with additional air defense coverage against the threat of long-range Ukrainian drones. While we have seen examples of the Pantsir short-range air defense system installed on buildings in Moscow before, the footage shows the counter-drone-optimized SMD-E variant being lifted onto the top of a skyscraper by helicopter. The viral video appeared on social media this week and shows a Russian Aerospace Forces Mi-26 Halo heavy transport helicopter lowering a Pantsir-SMD-E system onto the top of a building in Moscow. The tower has been identified as the 42-story Nordstar Tower, an office building completed in 2009, with a roof height of 563 feet. The building is located in central Moscow, not far from the Kremlin. (TWZ.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

Corporate America is starting to ration AI as cost skyrockets

Use of artificial intelligence by big companies is exploding — and the soaring cost has some of them pumping the brakes in a way that could complicate AI’s triumphal march across the economy. Executives across industries this year have urged employees to integrate AI tools into their work, spending freely to encourage experimentation and seeking to send a message to Wall Street that their companies won’t be left behind in a coming wave of disruption. All that enthusiasm has resulted in skyrocketing costs for so-called tokens, the basic unit of measurement for AI computing, as AI model providers seek to balance supply and demand and manage their own costs. (WSJ.COM)

Critical infrastructure

ENISA report shows cybersecurity gains across EU critical sectors

Cybersecurity maturity is improving across Europe’s critical infrastructure sectors, according to the latest NIS360 report from the European Union Agency for Cybersecurity (ENISA). The annual assessment shows that sectors covered by the NIS2 Directive are becoming better prepared against cyber threats, although some high-risk areas continue to lag behind. The report also highlights that while cybersecurity maturity is progressing steadily, the criticality of key sectors remains largely unchanged due to their growing importance to society and the economy. For eeNews Europe readers working in infrastructure, telecoms, industrial systems, and embedded technologies, the findings provide a useful snapshot of where cybersecurity investments and regulatory pressure are having the biggest impact — and where vulnerabilities still remain. (EENEWSEUROPE.COM)

Agri-food systems as critical infrastructure: Rethinking national resilience and security

OPINION: National security is often framed in terms of military capabilities, technological competition, and geopolitical strategy. Yet recent global disruptions – from the COVID-19 pandemic to supply chain crises and geopolitical conflicts – have exposed a critical gap in this perspective. The stability of nations depends not only on defense systems, but on the resilience of the infrastructures that sustain everyday life by ensuring economic and social well-being. Among these critical infrastructures, agri-food systems stand out as foundational yet under-recognized. While they are typically viewed as economic sectors, agricultural and food systems are, in reality, complex infrastructures that connect production, processing, transportation, trade, and consumption across local and global scales. When these systems function effectively, they remain largely invisible; when they fail, the consequences are immediate and far-reaching, affecting economic stability, public health, and social cohesion. Recognizing agri-food systems as critical infrastructure is therefore essential to modern conceptions of national security. (SMALLWARSJOURNAL.COM)

Defense

Army’s data-merging cell needs a few years to untangle the mess

Much has been made of the new systems the Army is bringing online as part of its Continuous Transformation efforts, but getting old systems into shape is also part of the effort. In a small office space at Combat Capabilities Development Command, a group of 25 soldiers and civilian engineers, on loan from local units, is fielding requests from across the service to make its many data systems talk to each other. The pilot Army Data Operations Center, launched on April 3, is to run until the end of September, when the Army will decide whether and how it will continue. To date, the team has fielded 68 tickets—from next-generation command-and-control testing, to radios for a deploying unit, to behavioral health data for soldiers and families at home. (DEFENSEONE.COM)

How America lost its most important defense tech habit

OPINION: On April 15, technology podcaster Dwarkesh Patel published a two-hour interview with Nvidia CEO Jensen Huang. For roughly forty minutes, Patel asked one question six different ways. The question was this: If American-made compute trains AI models with the serious cyber-offensive capabilities Anthropic’s Mythos Preview demonstrated — and that compute is sold to a strategic adversary — what responsibility does the seller bear? Huang’s answers hovered a safe distance away from the question. AI is a “five-layer cake,” he told Patel, and ceding any layer to China would be industrial suicide. The Chinese, he argued, already have enough compute to do whatever they intend to do, so marginal sales do not change the strategic balance. By the end, Patel was visibly worn down. Huang accused him of arguing from extremes and of thinking in absolutes. (WARONTHEROCKS.COM)

Energy

New Mexico has the nation’s best DER interconnection policy: report

States can enable faster growth of distributed solar and energy storage by streamlining interconnection reviews, reducing fees and increasing transparency for interconnection applicants and utilities, according to the latest update to “Freeing the Grid,” a joint analysis and scorecard by Vote Solar and the Interstate Renewable Energy Council. New Mexico was the only state to earn the highest possible grade of “A,” signifying it had adopted a majority of the interconnection best practices identified by “Freeing the Grid.” It received high marks for its robust energy storage interconnection framework, frequent public reports on its interconnection queue and incorporating IEEE’s technical standard for DER interconnections. Eight other states earned “B” grades, meaning they have adopted many best practices but have some room for improvement. (UTILITYDIVE.COM)

Offense

Cyber offense: How far can private organizations go?

OPINION: A criminal hacking group is conducting phishing attacks, masquerading as an email company to steal user data and launch ransomware. The email company’s security team has mapped the hackers’ infrastructure. The hackers have identified the command-and-control servers and a flaw in the ransomware deployment tools that could send decryption keys to victims. The company wants to launch a technical attack and take down the threat actors’ network. But there is a problem: Doing so could land the company’s employees in federal prison. That tension—between what the private sector can technically achieve and what it is legally permitted to do—sits at the heart of a growing cybersecurity policy debate. (LAWFAREMEDIA.ORG)

Transportation

Electric aircraft: FAA is evaluating designs for certification and considering long-term regulatory approaches

Aircraft manufacturers are developing electric aircraft to transport cargo and carry passengers. This is part of a government and industry effort to change air transportation through new types of aircraft, technologies, and operating procedures. Electric aircraft could reduce noise and operating costs, and expand service at regional airports and other locations. FAA hasn’t yet certified an electric aircraft for commercial operations. But it’s currently evaluating electric aircraft and engine designs for certification on a case-by-case basis. It’s also considering regulatory changes that could standardize how it evaluates these products. (GAO.GOV)

Workforce

Security professionals want leaders who have already led their organization through a major cyber incident

Cybersecurity professionals are less likely to trust a boss who’s never been through the mill of managing a major security incident. Data from antivirus vendor Sophos suggests that CISOs have a one-in-four chance of losing their jobs after an attack. But new research from ISC2 shows that three-quarters of security professionals reckon leaders are more credible if they’ve already led their organization through a major cyber incident – regardless of how things turned out. Just 9% disagreed. (ITPRO.COM)

LEGISLATIVE UPDATES

Inside the Democratic resistance on AI

Progressive Democrats taking hardline positions against AI are getting louder. Five influential progressives are shaping a confrontational Democratic message on AI, distinguishing themselves from party centrists by openly challenging data centers and AI-linked political money. (AXIOS.COM)

Geothermal energy package coming to House floor

The legislation includes portions of six bills from Republicans and Democrats that the House Natural Resources Committee approved in March. The bills had bipartisan backing in committee, and their placement on the suspension calendar suggests leaders expect similar support on the floor. The bill being used as the base of the broader legislation was introduced by Rep. Jeff Hurd (R-Colo.). His original bill would require the Interior secretary to designate a geothermal ombudsman within the Bureau of Land Management. This ombudsman would act as a liaison between various BLM offices and officials, with the goal of facilitating the permitting process for geothermal projects on public lands. (ROLLCALL.COM)

COMMITTEE ACTIVITY

NSS: The Senate Foreign Relations Subcommittee on Western Hemisphere, Transnational Crime, Civilian Security, Democracy, Human Rights, and Global Women’s Issues will hold a June 3 hearing to examine the national security strategy’s focus on the Western Hemisphere.

ALERTS AND ADVISORIES

Supply chain compromises impact Nx Console and GitHub repositories

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and processes that support enterprise, cloud, and DevOps environments—specifically CI/CD pipelines, code extensions and workflows. (CISA.GOV)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

WINNING THE AI ERA: On June 1, the Atlantic Council will launch the flagship report of the Atlantic Council Commission on Artificial Intelligence and U.S. competitiveness, a GeoTech Center initiative. This event will unveil the commission’s findings and recommendations, bringing together government leaders, industry executives, and policy experts for a timely discussion on how the United States can secure its AI advantage.

SOCIAL MEDIA: On June 2, The Hamilton Project at the Brookings Institution will host a virtual event exploring the costs of social media, including overuse driven by addiction and “fear of missing out” (FOMO). The event will feature a fireside chat with Dr. Vivek Murthy (19th and 21st surgeon general of the United States) and Cecilia Kang (The New York Times). It will also include a panel discussion with Benjamin Handel (University of California, Berkeley) and Lena Song (University of Illinois Urbana-Champaign), moderated by Bradley Hardy (Georgetown University). In conjunction with the event, The Hamilton Project will release two publications discussing the findings and policy implications of recent economic research on product market traps in social media and on digital addiction.

AI AND ENTERPRISE: Join AEI on June 3 to examine how businesses are shaping AI and transforming American enterprise. Experts from academia and business will examine these questions: What industries are changing most rapidly? Which are changing the future for others? And how are we preparing business leaders for future challenges?

CYBER FORCE: Join CSIS on June 3 for a discussion on the forthcoming report from the Commission on U.S. Cyber Force Generation, which examines how the United States can better build, organize, and sustain the cyber workforce needed to meet evolving national security demands. As cyber threats grow in scale and sophistication, the report assesses key challenges across the current ecosystem, including persistent talent shortages, fragmented institutional structures, and barriers to effective coordination between government and the private sector.

DATA CENTERS: Join the CSIS Economic Security and Technology Department’s Matt Pearl, Aalok Mehta, Joseph Majkut, and Philip Luck on June 4 for a discussion on the rapid expansion of data centers and what it means for the future of AI, energy, and U.S. competitiveness. As artificial intelligence accelerates demand for compute power, data centers have emerged as a critical piece of strategic infrastructure shaping electricity demand, industrial policy, environmental debates, and global technology competition.

BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.

NUCLEAR: Why does the U.S. struggle while nuclear leaders such as China and France succeed? A combination of standardized designs, predictable regulation, and rapid regulatory approval all appear to play a role. And while bipartisan support for nuclear energy has grown due to its role in AI-driven energy demand and climate goals, political anxieties in the United States persist. Join AEI on June 18 to dissect the economic, regulatory, and political tensions that keep the U.S. lagging behind when it comes to nuclear energy.

GLOBAL SECURITY: Join the CSIS Defense and Security Department on June 30 for its annual Global Security Forum. This year’s conference will center on the theme “America at 250: A Defining Moment for American Statecraft and Military Power.: Through keynote addresses and expert panel discussions with government, industry, and finance experts, the Forum will examine how the tools of statecraft are being redefined and how the United States can harness innovation, rebuild industrial capacity, strengthen deterrence, and renew the foundations of leadership in a more dangerous world.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!