Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyber Briefing – May 8, 2026


Cyber Briefing

TODAY’S TOP 5

DIRECTOR’S NOTE: Read here

HOW MYTHOS THREW WHITE HOUSE AI STRATEGY INTO CHAOS: On a recent call with the heads of the biggest artificial-intelligence companies, Vice President JD Vance was alarmed. New AI models such as Anthropic’s Mythos, which are capable of finding software vulnerabilities on their own, threatened to disrupt small-town banks, hospitals and water plants by starting cyberattacks that local governments weren’t equipped to handle, Vance said. “We all need to work together on this,” Vance told chief executive officers including OpenAI’s Sam Altman, Dario Amodei of Anthropic, Elon Musk of SpaceX, Sundar Pichai of Alphabet’s Google and Satya Nadella of Microsoft, according to people familiar with the matter, The Wall Street Journal reports. The April call, which followed a White House briefing that played a role in sparking Vance’s concern over the latest AI model capabilities, set in motion a chaotic administration response to Mythos that threatens to increase government oversight of AI and overhaul the administration’s tech agenda.

  • OpenAI on Thursday unveiled a new advanced artificial intelligence model designed to scale up efforts to discover and patch vulnerabilities in critical systems, POLITICO reports. The new tool — labeled GPT-5.5-Cyber — comes just two weeks after the release of ChatGPT 5.5, which has been touted as a competitor to Anthropic’s recently released Claude Mythos model. Only a small group of threat researchers and tech companies has been allowed to test Mythos because of its advanced hacking capabilities. The GPT-5.5-Cyber model is being rolled out in what OpenAI described in a blog post as a “limited preview to defenders responsible for securing critical infrastructure to support specialized cybersecurity workflows that help protect the broader ecosystem.”
  • The disbelief was palpable when Mozilla’s CTO last month declared that AI-assisted vulnerability detection meant “zero-days are numbered” and “defenders finally have a chance to win, decisively.” After all, it looked like part of an all-too-familiar pattern: Cherry-pick a handful of impressive AI-achieved results, leave out any of the fine print that might paint a more nuanced picture, and let the hype train roll on, Ars Technica reports. Mindful of the skepticism, Mozilla on Thursday provided a behind-the-scenes look into its use of Anthropic Mythos — an AI model for identifying software vulnerabilities — to ferret out 271 Firefox security flaws over two months. In a post, Mozilla engineers said the finally ready-for-prime-time breakthrough they achieved was primarily the result of two things: (1) improvement in the models themselves and (2) Mozilla’s development of a custom “harness” that supported Mythos as it analyzed Firefox source code.
  • Australia’s corporate regulator has urged the country’s financial sector to take urgent ‌action on tackling potential cyber risks from frontier AI systems such as Mythos, Reuters reports. The Australian Securities and Investments Commission on Friday published a letter sent to the financial services industry saying greater action needed to be taken to ensure cybersecurity practices were as strong as possible. ASIC Commissioner Simone Constant said the regulator had realized preparedness of Australian financial services organizations varied widely, but more work needed to be done to keep pace with frontier AI changes.
  • AI tools like Mythos suggest a possible alternative: What if finding every vulnerability in a piece of software were just as fast and easy as finding a few of them, thanks to automation? What if those vulnerabilities could be comprehensively catalogued and patched prior to the release of software? What if attackers and defenders were so reliant on the same tools that neither had any advantage over the other when it came to finding vulnerabilities? It would be one of the most radical — and promising — paradigm shifts in cybersecurity since the advent of public key cryptography, Josephine Wolff writes at The San Francisco Standard. The fact that it’s possible to envision a path to a world where cyber defense has the upper hand is nothing short of remarkable. 

PENTAGON CTO RULES OUT RESOLUTION WITH ANTHROPIC: One of the Pentagon’s top technology leaders ruled out any reconciliation with Anthropic, despite the White House softening its own tone on the AI company. “Never again will we be single-threaded with any one model,” Emil Michael, under secretary of Defense for research and engineering, said Thursday in a fireside chat at the AI+ Expo in Washington. “We were singled-threaded with Anthropic,” he added. The comment came after David Sanger, the chief Washington correspondent for The New York Times, asked Michael whether the Department of Defense’s (DOD) conflict with Anthropic could eventually be resolved and if the AI firm would be able to sign a deal for its models to be deployed in classified networks, The Hill reports.

  • Amidst anxiety about Anthropic’s as yet unreleased Mythos model, whose much-hyped hacking ability has raised fears of a looming “bugmageddon,” two top Pentagon tech leaders said they were optimistic that Mythos — and future models like it — could help cyber defenders even more, Breaking Defense reports. “I hear a lot of people talking about challenges and threats when they talk about Mythos,” said Katherine Sutton, Assistant Secretary for Cyber Policy, told the SCSP AI+Expo. “[But] there’s huge opportunity in these models. One of the foundational things that they’re going to enable is the development of secure code.”
  • The Trump administration sees greater incorporation of artificial intelligence capabilities into the scientific research space as critical for continued U.S. technology leadership, a White House official said on Thursday, Nextgov/FCW reports. Speaking at the Special Competitive Studies Project’s AI+ Expo, U.S. Chief Technology Officer Ethan Klein said a major focus of this administration “is having better integration and tie-in across the scientific development piece, all the way through tech development, testing, prototyping and scale up.” Klein said greater adoption of emerging capabilities like agentic AI — autonomous systems capable of executing specific tasks with minimal human oversight — will have a profound impact on scientific research. A Market Connections survey of more than 200 technology executives across government that was released on Tuesday found that 53% of respondents said their agencies were already exploring uses of agentic AI or were planning pilots of the technology. 

WATER TREATMENT FACILITIES TARGETED: Poland’s domestic intelligence service said attackers breached water treatment facilities in five towns in 2025, in some cases gaining access to industrial control systems that could have disrupted water supplies, The Record reports. In a new public report, the Internal Security Agency (Agencja Bezpieczeństwa Wewnętrznego, or ABW) said water treatment stations in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko and Sierakowo were targeted. “Attackers, gaining access in some cases to industrial control systems, had the ability to alter technical parameters of devices,” the report said, creating “a direct risk” to the continuity of water supply operations. The ABW did not publicly attribute the incidents to a specific group or country. But it said Poland faced intensified hostile cyber activity in 2024 and 2025, “with particular emphasis on the special services of the Russian Federation.”

AI ‘EXPLAINABILITY’ IS A ‘MAJOR CONCERN’ FOR NRO: The National Reconnaissance Office (NRO) is expanding its research and experimentation projects designed to allow analysts to track back how artificial intelligence (AI) algorithms come to conclusions when used to analyze data, according to the spy satellite agency’s outgoing director, Breaking Defense reports. “We must understand how we got to the product,” Chris Scolese told the U.S. Geospatial Intelligence Foundation’s annual GEOINT Symposium in Denver on Wednesday. “AI ‘explainability’ is a major concern for us. It’s still an open area of research.” NRO is already using and intends to expand use of AI for a number of different mission sets, Scolese explained. First, it is applying AI and machine learning to increase the autonomy of its spy satellite fleet, and to “orchestrate” the fleet as it expands from handfuls of satellites to include a “proliferated” constellation of satellites in low Earth orbit (LEO) being operated by SpaceX.

  • The National Geospatial-Intelligence Agency (NGA) is “working to finalize” a new framework for its use of artificial intelligence (AI) and “will make it available very soon,” NGA Director Army Lt. Gen. Michelle Bredenkamp said. The document will be NGA’s “blueprint for becoming an AI first organization,” she told the GEOINT Symposium in her first major address since taking up the NGA reins in November, Breaking Defense reports. “The framework will align to the department’s AI strategy, reflecting its pace, setting projects, lines of effort and goals.”

ABOUT THAT CISA 2015 EXTENSION: The White House is pressing Congress to extend a key cybersecurity authority that is poised to expire later this year unless renewed, a top official said Thursday, Nextgov/FCW reports. The Cybersecurity Information Sharing Act of 2015 temporarily expired during the 43-day government shutdown that occurred late last year, but lawmakers ultimately extended it as part of the stopgap funding bill that ended that lapse. The government funding package signed into law in early February included a provision that prolonged the statute through September 2026. Speaking at the Special Competitive Studies Project’s AI+ Expo event in Washington, D.C., National Cyber Director Sean Cairncross said the Trump administration is “pushing for a long-term reauthorization” of the law. 

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE
WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

CYBER FOCUS PODCAST

(Watch on YouTube or click the player above)

Most people think secure messaging begins and ends with encryption. Signal CTO Ehren Kret says that is only part of the picture. On the latest episode of Cyber Focus, host Frank Cilluffo sits down with Kret to discuss what private communication really requires, from protecting message content to limiting what platforms can learn from metadata, identity, group membership and social graphs. Kret explains how Signal’s nonprofit model shapes its privacy-first design choices, why endpoint security remains a major challenge and how AI built into operating systems could create new risks for private communication. The conversation also explores post-quantum encryption, lawful access debates, phishing threats against messaging accounts and why the future of secure communication depends not only on better technology but on helping users understand what is and is not truly private.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Artificial intelligence

Hackers use Morse code to trick Grok and Bankrbot, steal $200K in crypto tokens

Threat actors have successfully executed a novel prompt injection attack against artificial intelligence agents, draining approximately $200,000 in cryptocurrency. By using Morse code to bypass standard AI safety filters, an attacker tricked the Grok AI model and an autonomous wallet agent, Bankrbot, into authorizing a massive unauthorized transfer on the Base network. This incident exposes critical vulnerabilities in granting AI agents independent control over Web3 transactions. (GBHACKERS.COM)

Biothreats

From U.S. to Singapore, countries race to track hantavirus

Health authorities across several countries are racing to trace and contain an outbreak of the hantavirus after the World Health Organization (WHO) said Thursday that five confirmed infections had been identified among people connected to the cruise ship MV Hondius. Three people – a Dutch couple and a German national – have died since the vessel departed Argentina last month. The first suspected case was a 70-year-old Dutchman, who suddenly fell ill on the ship with a fever, headache, abdominal pain and diarrhea, South Africa’s Health Department told CNN. He died on board on April 11. Meanwhile, a total of 146 people from 23 different countries – including 17 Americans – are still aboard the vessel under “strict precautionary measures,” operator Oceanwide Expeditions said Thursday. (CNN.COM)

Cybercrime

Alexandria man convicted of deleting 96 federal databases

A federal jury on Thursday convicted an Alexandria man of conspiring with his twin brother to delete approximately 96 federal government databases after the pair were fired from a contractor that served more than 45 federal agencies. Sohaib Akhter, 34, was found guilty of conspiracy to commit computer fraud, password trafficking and possession of a firearm by a prohibited person, the U.S. Attorney’s Office for the Eastern District of Virginia announced. He is scheduled to be sentenced Sept. 9 and faces a maximum penalty of 21 years in prison. (ALEXANDRIABRIEF.COM)

Americans sentenced for running ‘laptop farms’ for North Korea

Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. Matthew Isaac Knoot and Erick Ntekereze Prince are the seventh and eighth U.S.-based “laptop farmers” sent to prison since the start of the year as part of a federal initiative targeting North Korea’s illicit revenue generation schemes. (BLEEPINGCOMPUTER.COM)

Education

Canvas breach disrupts schools and colleges nationwide

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions. Canvas parent firm Instructure responded to today’s defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students. (KREBSONSECURITY.COM)

Ransomware

Ransomware group takes credit for Trellix hack

The RansomHouse ransomware group has taken credit for the recent attack on the cybersecurity firm Trellix. The Trellix hack came to light this week when the company announced on its website that part of its source code repository had been breached. “Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited,” the company stated. (SECURITYWEEK.COM)

Businesses hide vast majority of ransomware attacks, report finds

Companies around the world have been keeping the vast majority of ransomware attacks secret, according to a new report from the security firm BlackFog. The number of undisclosed attacks in the first quarter of 2026 was almost 10 times as large as the number of disclosed attacks, according to the report published Wednesday. BlackFog’s report, based on information from dark-web leak sites, also includes data on the most targeted sectors and new tools that have emerged in the cybercrime ecosystem. (CYBERSECURITYDIVE.COM)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

THREATS

Artificial intelligence

‘TrustFall’ convention exposes Claude code execution risk

Developers using the latest versions of AI coding tools like Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI could inadvertently execute malicious code on their systems with a single keypress, or no keypress at all in continuous integration environments. That, according to researchers at Adversa AI, is because none adequately warn users of how a malicious repo can auto-approve and spawn a Model Context Protocol (MCP) server without their explicit approval or knowledge. All four coding tools show some form of a trust dialog prompting the user to indicate whether they trust a particular repo, but they do not offer full details on what that consent might actually entail. (DARKREADING.COM)

Cline Kanban flaw lets websites hijack AI coding agents

A critical vulnerability in the Cline Kanban server has been disclosed that allows any website a developer visits to silently exfiltrate workspace data, inject commands into the AI agent’s terminal or kill active agent sessions. The flaw, given a CVSS score of 9.7, was identified in a security assessment by researchers at Oasis Security, who published a technical analysis of the issue on May 7. It affects version 0.1.59 of the Kanban npm package and stems from missing origin validation and authentication on three WebSocket endpoints exposed by the local server. (INFOSECURITY-MAGAZINE.COM)

Data

Legacy security tools are failing data protection, Capital One software report finds

Traditional network security tools are inhibiting firms from adequate data security as a majority of IT leaders report that data security has never been more critical. A new report, commissioned by Capital One Software with research conducted by Forrester, found that 72% of security professionals agreed that data security is more critical than ever, but investments in traditional network and perimeter security tools impede adequate data protection. Without rethinking data protection, AI adoption is “impossible” argued the research. As AI agents act autonomously and bypass human oversight, the risk of unintended data exposure is heightened. (INFOSECURITY-MAGAZINE.COM)

Financial

New TCLBanker malware self-spreads over WhatsApp and Outlook

A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. Additionally, the malware includes self-spreading worm modules for WhatsApp and Outlook that automatically infect new victims. The new banking trojan was discovered by Elastic Security Labs, whose researchers believe it’s a major evolution of the older Maverick/Sorvepotel malware family. (BLEEPINGCOMPUTER.COM)

Malware

New Linux PamDOORa backdoor uses PAM modules to steal SSH credentials

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.” The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination. It’s also capable of harvesting credentials from all legitimate users who authenticate through the compromised system. (THEHACKERNEWS.COM)

‘PCPJack’ worm removes TeamPCP infections, steals credentials

A threat actor has launched a campaign to clean up environments infected by the infamous TeamPCP hacking group and deploy its own malicious tools, SentinelOne reports. Active since late April, the campaign relies on a malware framework targeting credentials across multiple cloud environments and capable of propagating itself. SentinelOne has named the framework PCPJack, due to its focus on removing from the infected systems any tools and artifacts associated with TeamPCP, the hacking group behind a recent flurry of supply chain attacks targeting multiple open source software ecosystems. (SECURITYWEEK.COM)

PyPI packages deliver ZiChatBot malware via Zulip APIs on Windows and Linux

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. “While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky said. “Unlike traditional malware, ZiChatBot does not communicate with a dedicated command-and-control (C2) server, but instead uses a series of REST APIs from the public team chat app Zulip as its C2 infrastructure.” (THEHACKERNEWS.COM)

Vulnerabilities

Ivanti EPMM CVE-2026-6973 RCE under active exploitation grants admin-level access

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows “a remotely authenticated user with administrative access to achieve remote code execution,” Ivanti said in an advisory. (THEHACKERNEWS.COM)

Critical vulnerability in Rancher Fleet enables full cluster-admin privileges

The SUSE Rancher Security team disclosed a critical vulnerability tracked as CVE-2026-41050. This severe flaw affects Rancher Fleet, a popular GitOps tool for managing Kubernetes clusters at scale. The vulnerability completely breaks the platform’s core multi-tenant isolation mechanism, allowing malicious users to bypass security boundaries and steal sensitive data. According to an analysis by Lyrie Threat Intelligence, the flaw effectively turns the Helm deployer into a secret-harvesting machine, putting shared environments at immediate risk of privilege escalation. (GBHACKERS.COM)

ADVERSARIES

China

U.S. said to suspect Nvidia chips smuggled to Alibaba via Thailand

A key company behind Thailand’s national AI effort is suspected of helping to smuggle billions of dollars worth of Super Micro Computer Inc. servers containing advanced Nvidia Corp. chips to China, with Alibaba Group Holding Ltd. one of multiple end customers, according to people familiar with the matter. U.S. prosecutors this year outlined a scheme in which Super Micro’s co-founder allegedly worked with an unnamed Southeast Asian company and a “rotating cast” of third-party brokers to divert the AI semiconductors in violation of US trade rules. The Southeast Asian firm the prosecutors didn’t name, identified only as Company-1, is Bangkok-based OBON Corp., the people said. (BLOOMBERG.COM)

Iran

Iran turns to China rail link to try to bypass U.S. blockade

Iran is ramping up trade with China via rail in a bid to blunt the impact of a US blockade of its ports and adapt to pressure designed to strangle its economy. The number of cargo trains going from Xi’an in central China to the Iranian capital Tehran has risen from around one per week before the conflict to one every three or four days since the start of blockade on April 13, according to people with knowledge of the shipments. Freight costs have surged, with quotes for shipping a standard 40-foot container along the route as high as $7,000 this week, roughly 40% more than typical levels, the people said, speaking on condition of anonymity as they aren’t authorized to speak with the media. (BLOOMBERG.COM)

Russia

Meet Rassvet, Russia’s answer to Starlink

In late March, Russian company Bureau 1440 brought into low orbit the first 16 broadband internet satellites of the new Rassvet constellation, already dubbed by observers and local media the Russian answer to SpaceX’s Starlink. It’s an ambitious global internet project that experts say could conceal much broader strategic goals, with functions including military and communications control. (WIRED.COM)

Could Russia follow the ‘Hormuz playbook’ in the Baltic and Black seas?

OPINION: Moscow has used energy as a tool of coercion against Europe since 2006 and has further escalated its use since 2014. Since the full-scale invasion of Ukraine, Russia has been running a continuous hybrid warfare campaign with the West, from targeting energy infrastructure to damaging undersea telecommunications cables. Russia does not need to blockade the Danish Straits or mine the western Black Sea to sever the continent’s liquefied natural gas supply lines and disrupt its grain trade — it only needs to make those waters uninsurable. (WARONTHEROCKS.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

AI is distorting practically everything about the economy

Until recently, artificial intelligence was a welcome tailwind for U.S. growth. We’re beyond that now. AI is more like a hurricane-strength weather system making itself felt across the entire economy. It is distorting the stock market, profits, the speed and composition of economic growth, trade and even our moods — especially about the job market. AI’s pervasive presence makes it almost impossible to discern what is actually going on. It is swamping the effects of tariffs and the war with Iran, events that would ordinarily be Category 5 storms in their own right. (WSJ.COM)

Anthropic adding computing capacity from Musk’s SpaceX

Elon Musk’s SpaceX has signed a deal to provide computing capability for Anthropic as the demand ramps up for the artificial intelligence firm’s products. In an announcement Wednesday, the companies said Musk’s firm will allow Anthropic to use all of the compute power through its Colossus 1 data center, which houses more than 220,000 Nvidia GPUs. The computing resources will improve capacity for users of Anthropic’s Claude Pro and Claude Max, both of which saw a spike in downloads over the past year. (THEHILL.COM)

Trump officials are steering a cybersecurity scholarship program toward AI

The Trump administration is redirecting a cybersecurity scholarship program that requires recipients to work in government service toward artificial intelligence, leaving some current program scholars dismayed and bewildered. In an email to participating school program coordinators obtained by CyberScoop, the Office of Personnel Management and National Science Foundation said the CyberCorps Scholarship For Service program would now be known as CyberAI SFS. “The SFS students we enroll today will not be employable when they graduate in 2-3 years without significant AI background,” the email reads. (CYBERSCOOP.COM)

Collaboration

Building a robust U.S.-ROK cyber alliance

This report, “Building a Robust U.S.-ROK Cyber Alliance: A Joint Cyber Resilience Strategy,” examines how the United States and South Korea can strengthen bilateral cyber cooperation in response to an increasingly complex and transnational threat environment. As cyber operations from North Korea, China, and Russia grow in scale and sophistication, the report argues that existing approaches are insufficient to ensure resilience or deterrence. The report proposes a more integrated framework for cyber defense, centered on shared situational awareness, improved attribution capabilities, and a shift toward proactive and active cyber defense strategies. It introduces a Cyberattack Severity Classification Framework (CSCF) to support consistent decisionmaking and highlights the need to align cyber policy with broader law enforcement, financial, and diplomatic tools. (CSIS.ORG)

Defense

DoD planning to address compute ‘bottleneck’ that could hinder AI proliferation

The Pentagon is preparing to take additional steps to address a major bottleneck that could limit the military’s ability to proliferate artificial intelligence capabilities throughout the force: compute. Defense Secretary Pete Hegseth, Pentagon CTO Emil Michael and other senior officials are pushing the department to accelerate AI adoption, touting its benefits for warfighting and back-office functions. Chief Digital and AI Officer Cameron Stanley noted that the technology has demonstrated its utility during the Iran war. (DEFENSESCOOP.COM)

Leadership

Education IT chief Thomas Flagg hired for deputy federal CIO role

Federal CIO Greg Barbaccia has tapped the Department of Education’s chief information officer as the government’s new No. 2 IT official. Thomas Flagg will take over as deputy federal CIO after spending more than 11 years at the Department of Labor and leading Education’s IT shop since October 2024. In an email sent Thursday to agency CIOs and shared with FedScoop, Barbaccia said there was “an overwhelming amount of interest” in the deputy role “from an exceptionally strong field of candidates.” (FEDSCOOP.COM)

Nuclear

GAO: Action needed to approve advanced test reactor spent fuel plan

Testing the fuel needed for nuclear-powered naval fleets is crucial for national security. The Department of Energy’s Advanced Test Reactor is the only reactor that can test nuclear fuel. But the reactor is aging and testing can be delayed for repairs and maintenance. Also, the facility that stores the reactor’s spent fuel is expected to reach capacity by 2030. DOE hasn’t approved a plan on how to store the spent fuel after 2030. Without a plan, testing will stop and the Navy’s nuclear-powered fleets won’t have vital test data to support its missions. GAO recommended DOE complete a plan to ensure testing capabilities continue. (GAO.GOV)

Regulations

Europe moves to delay and dilute AI regulations

Lawmakers from Europe’s political institutions agreed to water down the continent’s landmark artificial intelligence regulation at a moment when the 2024 AI Act has barely started to be implemented. As part of the European Union push to simplify its heaving collection of digital rulebooks in it, it is now highly likely that the law’s tough requirements for high-risk AI use-cases will only be enforced starting in December 2027, rather than August, as was originally envisaged. Among the obligations are ensuring high levels of cybersecurity and accuracy, thoroughly documenting information on the systems and implementing appropriate human oversight measures. (GOVINFOSECURITY.COM)

Resilience

State cyber organizations provide good ROI, UC Berkeley researchers find

When attempting to pry funding from state coffers for new cybersecurity programs, officials most frequently resort to advertising a (perhaps well-justified) fear of being associated with the next big disruptive and expensive cyberattack. But one underappreciated strategy, said Grace Menna, a senior fellow at UC Berkeley’s Center for Long-Term Cybersecurity, is selling the financial upside to spending on cyber. A guidebook published Tuesday catalogs Menna’s thoroughgoing project to compare the various state-led and community-led cybersecurity efforts that have grown more common in recent years, particularly under an administration that’s encouraged states to wean themselves off of federal support. One of the guidebook’s key findings is that cybersecurity programs are frequently sound investments. (STATESCOOP.COM)

Space

With launches slated to grow a hundredfold, Space Force seeks more sites, money, people, and AI

The guardians manning screens in the mission-ops center here oversaw the launch of five types of rockets in April, a new record that involved NASA’s Artemis II, the first reused New Glenn booster, and a Falcon 9 lofting the final GPS III satellite. But tomorrow’s Space Force may have no time to mark even epochal missions. Within a decade, service leaders say, Cape Canaveral Space Force Station will be launching hundreds of rockets a year. To facilitate the Pentagon’s fast-growing demand for orbital capability, the Space Force is looking for more launch sites, more money, more troops, and more AI. (DEFENSEONE.COM)

LEGISLATIVE UPDATES

One House Democrat is pressing Commerce on the government’s spyware use

A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to brief Capitol Hill amid apprehension that the Trump administration might further embrace the technology. Rep. Summer Lee (D-Pa.) sent a letter to the department Thursday seeking a briefing on several developments stemming from Immigration and Customs Enforcement acknowledging its use of Paragon’s Graphite spyware, as well as an American company purchasing a controlling stake in Israel’s NSO Group. The Commerce Department sanctioned NSO Group under former President Joe Biden after widespread abuse allegations, including eavesdropping on government officials, activists and journalists. (CYBERSCOOP.COM)

ALERTS AND ADVISORIES

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-6973 Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

ClickFix distributing Vidar Stealer via WordPress targeting Australian infrastructure

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed ClickFix associated activity leveraging WordPress hosted infrastructure to distribute the Vidar Stealer malware. This activity is targeting Australian infrastructure and organisations across multiple sectors. The campaign uses compromised WordPress websites to redirect victims to malware delivery mechanisms. This advisory provides an overview of the activity, an assessment of the threat, observed indicators, detections and recommended mitigations. (CYBER.GOV.AU)

Events

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

RUSSIA: On May 8, the Atlantic Council’s Eurasia Center and the New Eurasian Strategies Centre will co-host an expert discussion on Russia’s economic, military, and domestic pressures and their implications for Moscow’s war against Ukraine.

CHINA: In Defending Taiwan, Eyck Freymann offers a comprehensive strategy to deter war and sustain peace. With Jason Hsu, Freymann will discuss in a May 11 Hudson event how the United States and its partners can adapt to China’s evolving strategy and develop a coherent plan to prevent conflict while safeguarding Taiwan’s future.

EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”

BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.


FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP

Click to listen highlighted text!