Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – May 5, 2026


Cyber Briefing

TODAY’S TOP 5

WHITE HOUSE VETTING OF AI MODELS?: President Trump, who promoted a hands-off approach to artificial intelligence and gave Silicon Valley free rein to roll out the technology, is considering the introduction of government oversight over new AI models, according to U.S. officials and people briefed on the deliberations, The New York Times reports. The administration is discussing an executive order to create an AI working group that would bring together tech executives and government officials to examine potential oversight procedures, according to U.S. officials, who declined to be identified in order to discuss deliberations over sensitive policies. Among the potential plans is a formal government review process for new AI models. In meetings last week, White House officials told executives from Anthropic, Google and OpenAI about some of those plans, people briefed on the conversations said.

  • Operational technology providers and their industry groups have been pressing for access to Anthropic’s cybersecurity-focused Mythos Preview model, arguing the initial rollout — which focused on major tech and finance firms under a global vulnerability patching effort — left out a widely exposed segment of critical infrastructure that’s often targeted by hackers, Nextgov/FCW reports. In recent weeks, OT industry representatives have expressed frustration during roundtables and listening sessions about their initial exclusion from Project Glasswing, Anthropic’s initiative with major companies designed to secure critical software across the globe using the Mythos model, according to four people familiar with the discussions. 

ITRON HACKERS ACCESSED CI OPERATORS: A major critical infrastructure technology vendor says hackers who broke into its systems last month also breached some of its water, gas and electric-utility customers, The Wall Street Journal reports. Itron, a Liberty Lake, Wash.-based company that makes energy and water sensor devices for infrastructure and smart-city operators, said a hack disclosed in April resulted in “limited unauthorized access to certain customer-hosted systems,” according to a Friday regulatory filing. The company, which has thousands of customers in the U.S. and abroad, didn’t identify the affected customers or the extent of the access. Itron said it hasn’t found any evidence that customer-facing systems were affected by the breach.

  • SANS Institute and SERC Reliability Corporation announced a partnership to expand advanced cybersecurity training for electric utilities nationwide, Industrial Cyber reports. Launching Aug. 3-7, SERC will host ICS456: NERC Critical Infrastructure Protection (CIP) at its facilities, creating a coordinated regional training opportunity designed to strengthen grid reliability, enhance compliance readiness and accelerate workforce development across the bulk electric system. 

GRID RELIABILITY ALERT: As the grid faces unprecedented challenges from a surge in large power consumers, NERC said it is taking significant steps to ensure the reliability of the bulk power system (BPS). NERC released a Level 3 Essential Action Alert, Computational Load Modeling, Studies, Instrumentation, Commissioning, Operations, Protection, and Control, outlining seven actions registered entities must implement to address immediate risks posed by computational loads interfacing with the BPS. The Level 3 Alert was issued as NERC observed customer-initiated large load reductions and significant oscillations that occur in seconds, leaving little or no room for real-time responses and threatening BPS reliability. In another move to address emerging large loads, NERC released new voluntary guidelines to safeguard grid reliability. The Reliability Guideline: Risk Mitigation for Emerging Large Loads recommends actions for traditional utilities and grid operators, and the companies behind these large loads including equipment manufacturers. 

IRAN’S MARITIME AND CYBER THREATS ESCALATE: During the Tanker War of the 1980s, Iran used missiles, mines and speed boats to assert its control over the Strait of Hormuz. Back then, it took an extensive naval operation, including the destruction of command posts on offshore oil platforms by U.S. Marines, to break Tehran’s hold. This time around, in addition to its earlier playbook, Iran has a legion of attack drones that are serving as a significant force multiplier, The Wall Street Journal reports. And the U.S. Navy has so far decided not to send warships to escort tankers and other vessels trapped in the Persian Gulf. After nearly a month of relative quiet around the strait amid a U.S.-Iran ceasefire, an initiative from President Trump to protect ships appeared to spark new Iranian attacks on vessels Monday.

  • As the U.S. unfurls a multi-layered plan to help commercial vessels safely transit the Strait of Hormuz, analysts tell Breaking Defense it will likely take time for commercial shipping companies to feel safe enough to move through the waters — with U.S. forces carrying a greater risk in the interim. The U.S. officially launched “Project Freedom” on Sunday, with the stated goal of helping commercial vessels transit safely through the strait. On a call with reporters Monday, U.S. Central Command head Adm. Brad Cooper described the effort as “inherently a defensive operation.”
  • Iranian hackers claimed that Monday’s strikes on Fujairah oil facilities were part of a coordinated cyber-physical offensive targeting the United Arab Emirates port city, Threat Beat reports. Handala claimed in a Telegram post that Fujairah was a “coordinated hybrid cyber and missile attack” with the Islamic Revolutionary Guard Corps and “a fully coordinated operation” that began with their breach of port systems and was followed by kinetic attacks “minutes later.”
  • The Abu Dhabi Emergency, Crisis and Disaster Management Centre has issued a warning, through its recently released “Cybersecurity Awareness Guide During Crises,” highlighting six cyber threats it describes as the most prevalent during emergencies, Gulf News reports. Dr. Mohammed Hamad Al Kuwaiti, chairman of the UAE Government Cybersecurity Council, revealed that Iran has recently utilized artificial intelligence tools, including ChatGPT and others, to engineer cyberattacks targeting the UAE. Addressing the scale of cyber threats, Al Kuwaiti revealed that the UAE is currently facing between 500,000 and 700,000 cyberattacks daily, particularly targeting strategic sectors during high-pressure periods.

OIL CRISIS FUELS CHINESE ELECTRIC VEHICLES: If oil disruptions persist due to the war in Iran, it may provide an additional, powerful tailwind for Chinese EV exports. Democracies around the world, however, face an uneasy and complicated dilemma when it comes to importing Chinese-made “connected vehicles,” or vehicles that are internet-connected and subject to potential cyber threats. Countries that refuse to import Chinese vehicles, especially electric vehicles, risk compounding economic damages from an extended oil crisis and stalling progress against other security threats, including climate change. On the other hand, large-scale imports could undermine domestic industries, lead to consolidation of yet another supply chain node in China, and expose cyber vulnerabilities to exploitation by a powerful adversary, Joseph Webster and Tony Jing write at the Atlantic Council.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

America is asking more from its critical infrastructure just as adversaries are finding more ways to target it. AI, data centers, electrification and next-generation energy systems all depend on operational technology — the control systems that keep power, water, transportation and industry moving. As that backbone grows more connected, the stakes of securing it grow even higher. In this episode of Cyber Focus, Frank Cilluffo speaks with Zach Tudor, Associate Laboratory Director at Idaho National Laboratory, about how INL tests and secures critical infrastructure at scale. Tudor explains why resilience must guide infrastructure defense, what Ukraine and China reveal about the risks facing critical infrastructure, and why cyber-informed engineering is essential as new technologies move into energy, nuclear, wireless and industrial systems. The conversation also covers AI’s role in control environments, the workforce needed to secure future infrastructure and the challenge of moving faster before a major event forces action.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Breaches

DigiCert revokes certificates after support portal hack

DigiCert last week announced that certificates fraudulently obtained from its internal support portal after a cyberattack were revoked. The attack, the company said in a detailed report, occurred on April 2, when a threat actor targeted DigiCert’s support team with a malicious payload delivered via a customer chat channel, disguised as a screenshot. The malware infected two endpoints, one of which was identified on April 3, and another on April 14. DigiCert blames the late discovery of the second infection on the malfunctioning security solutions running on the endpoint. (SECURITYWEEK.COM)

Australia’s ALS restores most services after cyber incident; data impact under review

Technical services provider ALS said ‌today that unauthorized third-party access to parts of its IT systems caused a ‘temporary disruption’ to some of its operations, but swift containment measures helped restore most services. ALS, which provides scientific testing services ⁠spanning commodities, food and pharmaceuticals, has informed the Australian Cyber Security Centre and is working with clients, authorities and regulators to assess any data impact. (REUTERS.COM)

Ransomware group claims breach of pro-Orbán Hungarian media firm

A cyber-extortion group said it was responsible for a recent ransomware attack on Hungarian media company Mediaworks that resulted in the publication of large volumes of stolen data online. The World Leaks group said they released nearly 8.5 terabytes of allegedly sensitive files on their dark web site last week. Local media outlets that reviewed the material said it included payroll records, contracts, financial statements and internal communications. (THERECORD.MEDIA)

Health care

Feds indict ex-hospital pharmacist for spying on co-workers

A former Maryland hospital pharmacist has been indicted by a federal grand jury in a case alleging he “weaponized” technology — including keylogging and cookie managers — to steal credentials and spy on nearly 200 co-workers and other individuals over an eight-year period. The U.S. Department of Justice said Friday that Matthew Bathula has been charged with two counts of unauthorized access to a protected computer, and one count of aggravated identity theft while working as a pharmacy clinical specialist for “a medical system” located in the district of Maryland. (HEALTHCAREINFOSECURITY.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

AI agents can bypass guardrails and put credentials at risk, Okta study finds

An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn’t supposed to do so after a reset. It’s no secret that AI agents have huge potential, balanced by equally big risks. What’s becoming apparent, however, is how quickly agentic systems can veer wildly off course and start exposing critical information under real-world conditions. A look at just how easily this can happen emerges from “Phishing the agent: Why AI guardrails aren’t enough,” a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more. (CSOONLINE.COM)

Why data centers now belong on the critical infrastructure list

OPINION: Missile and drone attacks that took out cloud data centers in the Middle East underscored a critical vulnerability in the modern economy: reliance on digital infrastructure that sustains competitive advantage and operational continuity for corporations, nations, and militaries. The outages and downstream disruption were a preview of a new form of strategic and operational risk. Data centers have long been the backbone of the digital economy. What is changing is the scale of dependence as AI workloads dramatically increase the compute power required to run businesses, supply chains, and national security systems. (CYBERSCOOP.COM)

Malware

Fake ‘Notepad++ for Mac’ site may pose malware risk for Mac users

A deceptive website is circulating online that claims to offer an official “Notepad++ for Mac” download, and it has already misled some users and even tech media outlets into believing that Notepad++ has finally launched a native macOS version. The site operates under the domain notepad-plus-plus-mac[.]org. It is branded to look like an official extension of the real Notepad++ project. It copies the familiar Notepad++ name, logo, and green color scheme, and prominently advertises “Notepad++ for Mac” as a full native port for Apple Silicon and Intel Macs. (GBHACKERS.COM)

Phishing

Amazon SES increasingly abused in phishing to evade detection

The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the current spike may be due to a large number of AWS Identity and Access Management access keys exposed in public assets. Because it is a legitimate, trusted resource, phishing operations can leverage Amazon SES to send out malicious emails that pass authentication checks. (BLEEPINGCOMPUTER.COM)

Phishing campaign hits 80-plus orgs using SimpleHelp and ScreenConnect RMM tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps with clusters previously tracked by Red Canary and Sophos, the latter of which has given it the moniker STAC6405. While it’s not clear who is behind the campaign, the cybersecurity company said it aligns with a financially motivated Initial Access Broker (IAB) or a ransomware precursor operation. (THEHACKERNEWS.COM)

Vulnerabilities

New MOVEit vulnerabilities prompt urgent patch warning

Exploitation of the two flaws — an authentication-bypass vulnerability tracked as CVE-2026-4670 and a privilege-escalation vulnerability tracked as CVE-2026-5174 — could “lead to unauthorized access, administrative control, and data exposure,” according to Progress Software’s advisory. The newly patched flaws represent serious security weaknesses in a widely used managed-file-transfer program that helps organizations transfer data between self-hosted servers, cloud platforms and third-party vendors. (CYBERSECURITYDIVE.COM)

CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. Tracked as CVE-2026-31431, this security flaw was found in the Linux kernel’s algif_aead cryptographic algorithm interface and enables unprivileged local users to gain root privileges on unpatched Linux systems by writing four controlled bytes to the page cache of any readable file. Theori researchers disclosed it on Thursday and shared what they described as a “100% reliable” Python-based exploit that can be used to root Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16 devices. (BLEEPINGCOMPUTER.COM)

Weaver E-cology RCE flaw CVE-2026-22679 actively exploited via debug API

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/dubboApi/debug/method” endpoint that allows an attacker to execute arbitrary commands by invoking exposed debug functionality. (THEHACKERNEWS.COM)

Qualcomm chipset vulnerabilities raise alarm over remote code execution risk

Qualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industrial Internet of Things devices without requiring user interaction. The semiconductor giant is strongly urging original equipment manufacturers to deploy the actively shared patches to launched devices as soon as possible to mitigate potential exploitation risks. (GBHACKERS.COM)

Wiz ZeroDay.Cloud event reveals 20-year-old PostgreSQL vulnerabilities

Cybersecurity researchers participating in Wiz’s ZeroDay.Cloud hacking event in London, England, exploited two critical vulnerabilities in PostgreSQL, the database that runs behind countless enterprise applications. The event took place in December 2025, but details were only released on May 4, 2026. ZeroDay.Cloud is a security research event created by Google-owned Wiz, Inc. It is a cloud and AI hacking competition where researchers uncover zero-day vulnerabilities in widely used open-source software. Targets include systems like PostgreSQL, Redis, Kubernetes, the Linux kernel, and web servers. (HACKREAD.COM)

ADVERSARIES

China

Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses

In late April 2026, the Italian cybersecurity landscape was shaken by a significant breach targeting Sistemi Informativi, a company wholly owned by IBM Italy that provides IT infrastructure management for key public and private institutions. The incident, first reported by La Repubblica, has raised fresh concerns about the growing reach of Chinese-linked cyber operations in Europe. Sistemi Informativi is central to Italy’s digital infrastructure, managing systems for public agencies and key industries. Its outage quickly raised alarms among cybersecurity authorities and critical infrastructure operators. (SECURITYAFFAIRS.COM)

Silver Fox deploys ABCDoor malware via tax-themed phishing in India and Russia

The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities in January 2026. “Both waves followed a nearly identical structure: phishing emails were styled as official notices regarding tax audits or prompted users to download an archive containing a ‘list of tax violations,'” Kaspersky said. (THEHACKERNEWS.COM)

Europe cuts off funding for Chinese solar inverters

The European Commission froze funding for solar energy projects that use crucial components from Chinese companies such as Huawei, due to cybersecurity fears. The European Union’s executive body said Monday it will limit Chinese inverters, the devices that convert solar panels’ direct current output into alternating current for long-distance transmission. The decision affects projects being funded by the European Investment Bank and other partner banks, at a time of significant new investment in alternative energy, sparked by a growing energy crisis driven by the U.S. and Israeli war against Iran. (GOVINFOSECURITY.COM)

Why Xi’s search for loyalty is strangling the PLA’s effectiveness

OPINION: The most recent wave of purges that have roiled the People’s Liberation Army (PLA) demonstrate the seriousness with which Xi takes his push to reform the country’s military leadership with the aim of improving command and eliminating the corruption that has long plagued the PLA. While these efforts may yield benefits in the long-term, they will likely result in the degradation of military effectiveness due to the reform’s emphasis on loyalty over the professional autonomy needed for effective command on a modern battlefield. (SMALLWARSJOURNAL.COM)

Iran

Tapping into America’s distaste for forever wars: The spread of Iranian narratives on Bluesky

Analysis by the Futures Lab of more than 9,000 Bluesky Social posts finds that messages seemingly designed to exacerbate public divisions, which compose 23 percent of posts in the dataset, are the highest performing, averaging 150 reposts, 470 likes, and 28 replies per post. These same posts have been viewed by an estimated 293,666 users and are statistically significantly associated with a higher sharing volume, with an estimated 41 percent increase compared to other posts. In addition, network and association analysis identifies 19 core accounts spreading Iranian war narratives and finds them to be active in 15 communities, with 11 communities estimated to be relying heavily on a singular account and 3 communities interacting with more than a single account. (CSIS.ORG)

North Korea

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China

A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that sits along the North Korean border and includes many refugees and defectors. ESET researchers tied the operation to ScarCruft, a North Korea-aligned espionage group also tracked as APT37 and Reaper, which has been active since at least 2012. (HELPNETSECURITY.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

Artificial intelligence uses and risks for small business contracting and innovation research

This Q&A report looks at how the Small Business Administration, agencies’ small business contracting offices, and federal innovation research programs might use AI. For example, agencies could use AI to analyze data, do market research, draft mandated reports, and help prevent fraud. But these potential uses also carry risks, e.g., inaccurate outputs, data security concerns, or biased outcomes. SBA is required to publicly report on specific scenarios in which it has used AI — including how it was designed, developed, and procured — which it hasn’t consistently done. GAO recommended establishing policies to ensure SBA reports on its AI use as required. (GAO.GOV)

After Maine data center moratorium veto, one project expected to move forward

A first-in-the-nation data center law in Maine, vetoed by Gov. Janet Mills on April 24, wasn’t saved by the state legislature, marking the end — for now — of a major regulatory push to institute a moratorium on large data center projects. Mills vetoed the legislation, which would have applied to projects 20 megawatts and over, due to her concerns over a lack of carve-out for a planned $550 million project in the town of Jay. During the bill’s journey through the legislature, lawmakers introduced an amendment allowing for an exception to existing and planned projects like the one in Jay, but it was soundly defeated in the State House. Lawmakers on April 29, also known as “Veto Day,” when the legislature can override such decisions by the governor, did not achieve the two-thirds majority needed to overturn it. (ITBREW.COM)

OpenAI explains why ChatGPT suddenly loved goblins

OpenAI CEO Sam Altman is currently embroiled in some courtroom drama, but the engineers back at the OpenAI lab just solved a minor drama (really a comedy) with ChatGPT. OpenAI published a lengthy, detailed report on its website about goblins. No, really. Since the release of GPT 5.1, ChatGPT models have developed a weird fixation on goblins and gremlins, regularly bringing up both in contexts where it doesn’t make sense. Users took note of this and OpenAI noticed it, too, prompting an investigation. You can read the full report if you want all the juicy details, but basically, it all goes back to an arguably poor understanding of what nerds are like. (MASHABLE.COM)

How the executive branch is reshaping AI federalism

OPINION: In December 2025, President Trump issued an executive order that signaled a decisive shift not only in artificial intelligence (AI) policy but also in how regulatory authority is to be governed in complex, fast-moving domains — a dramatic shift whose significance grew in light of the administration’s March 20 follow-up AI framework. While applying to AI, the mechanisms the order employed — executive coordination, conditional funding, and strategic signaling — are not technology-specific. The method employs an emerging model of top-down Federal governance capable of extending beyond AI — one that shapes the allocation of authority not through conventional legislative or preemptive mechanisms, but through executive coordination operating in advance of them. (LAWFAREMEDIA.ORG)

Drones

Pentagon seeks smarter, self-organizing drones as autonomous-warfare budget is poised to skyrocket

Two requests to industry may help the Pentagon address one of the emerging challenges of warfare: enabling a relatively small number of human operators to direct a far larger number of robots. The Materials for Physical Compute in Untethered Robotics effort seeks to make autonomous systems more intelligent, while Decentralized Artificial Intelligence through Controlled Emergence aims to help robots form teams and carry out missions. These DARPA projects may feed ideas to the Defense Autonomous Working Group, the lead Pentagon office for drone warfare, whose budget would soar from $226 million this year to $54 billion under the new 2027 spending proposal. (DEFENSEONE.COM)

The Army wants a new drone to close ‘reconnaissance and security gaps’ for its battalions

The Army is on the hunt for a readily available, rapidly deployable drone that service officials hope will address “reconnaissance and security gaps” that “severely limit” a battalion’s ability to assess the battlefield, according to a recent call for solutions notice. Amid an ongoing effort to push longer-range, quick-launch drones to tactical units, the service wants battalion commanders to have an unmanned aerial system organic to their unit that can take-off vertically and fly over 40 kilometers. Multiple services are trading fixed-wing drones for vertical take-off and landing UAS, an attempt to shed systems that are too reliant on vulnerable infrastructure should large-scale combat break out, require open space to launch, or aren’t as maneuverable and advanced. (DEFENSESCOOP.COM)

Energy

The AI electric grid calls for a mixed‑fleet transmission strategy

OPINION: The electric industry is entering a planning cycle unlike any it has faced in decades. Utilities are being asked to serve hyperscale artificial intelligence data centers with load requirements ranging from hundreds of megawatts to well above a gigawatt, often on aggressive timelines and in places where the grid is already constrained. At the same time, much of the new generation needed to serve that demand is renewable and remote from load centers. The result is a transmission planning challenge that is larger, faster and more stability-sensitive than the frameworks many utilities have relied on in the past. (UTILITYDIVE.COM)

ISO New England trims 10-year forecast based on electrification outlook

Electricity consumption in New England will grow about 9% over the next decade, driven by electrification of buildings and vehicles, the region’s independent system operator said in an annual report published Friday. While significant, the rise in consumption is lower than its forecast in the two previous reports, reflecting changes in “government policy,” ISO New England said. The “2026-2035 Forecast Report of Capacity, Energy, Loads, and Transmission,” or CELT report, estimates annual consumption will rise from 116,679 GWh this year to 127,660 GWh in 2035, an increase of about 0.9% annually. In 2024, the ISO said it anticipated a 17% rise in annual energy use by 2033. In 2025, it reduced its 10-year outlook to an 11% rise by 2034. (UTILITYDIVE.COM)

California’s power grid looks good heading into summer but risks remain

Despite a dry winter and forecasts of another hot summer on the horizon, California energy officials said Monday that they are cautiously optimistic the state’s electric grid can handle whatever comes its way. “As we enter summer 2026, the reliability outlook is generally positive and compared to previous years, the state is better positioned to meet peak demand,” California Energy Commission vice chair Siva Gunda said. Utility customers across the Golden State experienced rotating power outages in mid-August 2020 — and narrowly avoided repeats in 2021 and 2022. The 2020 outages saw some areas of the state blacked out up to 2 1/2 hours. (SANDIEGOUNIONTRIBUNE.COM)

Nuclear

Top U.S. nuclear regulator is rewriting its rules for new era of reactors

The United States has taken one of its biggest steps yet to encourage the construction of commercial microreactors — the latest move in its broader push to overhaul the country’s nuclear regulatory processes. In late April, the U.S. Nuclear Regulatory Commission released its draft rule for a proposed new licensing pathway for commercial reactors. Known as Part 57, the regulation tailors the application process to account for the fundamental differences between a so-called microreactor, designed to generate 20 megawatts of electricity or less, and a behemoth traditional reactor such as a Westinghouse AP1000, which pumps out 60 times as much power. The rule, which would allow eligible projects to obtain dual permits to both construct and operate a reactor, is meant to encourage fleet-scale deployment of the technology. (CANARYMEDIA.COM)

Social media

SEC settles with Elon Musk over Twitter dispute

The Securities and Exchange Commission (SEC) has reached a settlement with Elon Musk over the delayed disclosure of his stake in Twitter, the platform now known as X, according to court documents. Musk, who purchased the social platform for $44 billion in late 2022, will pay a $1.5 million civil penalty. The settlement resolves a lawsuit filed by the agency in January 2025, shortly before President Trump retook office. The SEC accused the tech mogul of failing to properly disclose when his stake in then-Twitter surpassed 5 percent, as he increased his shares in the company in early 2022. (THEHILL.COM)

Kids say they can beat age checks by drawing on a fake mustache

Like keeping booze away from teenagers or nudie mags out of the hands of young lads, slapping a big “restricted, 18+” label on parts of the internet hasn’t stopped kids testing the limits. Those limits, according to UK online safety group Internet Matters, are easy to sidestep. The group surveyed over 1,000 UK children and their parents, and while it did report some positive effects from changes made under the OSA, many children saw age verification as an easy-to-bypass hurdle rather than something that kept them genuinely safe. (THEREGISTER.COM)

Space

Space Force eyes operations ‘hub’ for expansive data transport constellation

The Space Force plans to stand up a Mission Operations Center to manage the backbone of its hybrid commercial-government data transport constellation, the Space Data Network. The center will be owned by the service but supported by contractors, serving as “the centralized hub that ‘brokers’ user services, mission plans, and resources,” the service said in an April 30 notice. “It will deliver enterprise-wide situational awareness and a common operational picture of all SDN ground and space assets.” The Space Force’s vision for the SDN is to bring together commercial and military satellites that reside in multiple orbits to manage both tactical and enterprise communication needs, enabling faster decision-making for key missions like missile defense. (AIRANDSPACEFORCES.COM)

It’s a wrap: Space-BACN satellite laser link program shifts from DARPA to DIU

The Defense Advanced Research Projects Agency (DARPA) is winding down its Space-BACN project, which was developing a key underpinning technology for the sprawling Golden Dome missile defense initiative, Breaking Defense has learned. However, the program will effectively continue under new ownership, as company officials involved say it is being transitioned away from DARPA and over to the Defense Innovation Unit (DIU). The idea is for DIU to open up a bid process for on-orbit demonstration of the Space-BACN terminal configuration, they explained. (BREAKINGDEFENSE.COM)

Workforce

Mullin: 1.1K CISA staff left DHS amid partial shutdown

Department of Homeland Security (DHS) Secretary Markwayne Mullin on Sunday said the Cybersecurity and Infrastructure Security Agency (CISA) lost about 1,100 employees over the course of the partial government shutdown this year. DHS was closed for 76 days over a Democratic-led push for federal immigration reform after the killings of two U.S. citizens in Minnesota by federal immigration officers. The record-breaking shuttering began Feb. 14 and ended Thursday. (THEHILL.COM)

OPM announces AI-powered hiring tool ‘USA Class’

The Office of Personnel Management (OPM) announced on Monday the launch of a new artificial intelligence (AI)-enabled tool, USA Class, which is designed to automate the creation of federal job descriptions. OPM said the tool will be available to all federal agencies through USA Staffing at no additional cost. “Hiring great talent starts with clearly defining the job, but too often that step takes longer than it should,” OPM Director Scott Kupor said in a press release. “By bringing USA Class to USA Staffing users government-wide, we’re using AI to cut unnecessary delays, reduce administrative burden, and help agencies move faster to hire the people they need to deliver for the American public.” (MERITALK.COM)

ALERTS AND ADVISORIES

Careful adoption of agentic AI services

The authoring agencies developed this guidance to support government, critical infrastructure and industry stakeholders in understanding the key security challenges and risks posed by agentic AI. It provides practical guidance to help organizations that design, develop, deploy and operate agentic AI systems, to make informed risk assessments and mitigations. The guidance concludes with actionable recommendations to help organizations prepare for and defend against emerging and future agentic AI threats. (MEDIA.DEFENSE.GOV)

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-31431 Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

TRANSPORTATION: With new technology comes questions about data privacy, security and accountability with high stakes for businesses and consumers. On May 5, as part of the seventeenth annual A. Alfred Taubman Forum on Public Policy, Governance Studies at Brookings will host a webinar to discuss the benefits and implications of connected cars.

AI AND IRAN: The conflict in Iran reveals urgent lessons about AI as a weapon of war and statecraft. Led by one of Washington’s top experts on Iranian strategy, military doctrine, and the IRGC, this May 6 FDD panel provides an assessment of how the Iranian regime has used autonomous systems and machine learning to expand its reach; how AI tools have supercharged propaganda campaigns and cyber-enabled information warfare; and in the financial realm, how emerging technologies have enabled large-scale fraud and illicit funding of Tehran’s proxies.

NUCLEAR: To explore Chernobyl’s enduring legacy, the Carnegie Endowment for International Peace invites you for a May 7 panel discussion with Adam Higginbotham, journalist and author of the New York Times bestseller Midnight in Chernobyl; Mariana Budjeryn, senior researcher at MIT’s Center for Nuclear Security Policy and author of Inheriting the Bomb; and Corey Hinderstein, vice president for studies at Carnegie and former principal deputy administrator for the National Nuclear Security Administration. Ukraine’s ambassador to the United States, Olga Stefanishyna, will deliver opening remarks. 

RUSSIA: On May 8, the Atlantic Council’s Eurasia Center and the New Eurasian Strategies Centre will co-host an expert discussion on Russia’s economic, military, and domestic pressures and their implications for Moscow’s war against Ukraine.

CHINA: In Defending Taiwan, Eyck Freymann offers a comprehensive strategy to deter war and sustain peace. With Jason Hsu, Freymann will discuss in a May 11 Hudson event how the United States and its partners can adapt to China’s evolving strategy and develop a coherent plan to prevent conflict while safeguarding Taiwan’s future.

EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”

BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!