<?xml version="1.0" encoding="utf-8"?>
<rss xmlns:nb="https://www.newsbreak.com/" xmlns:media="http://search.yahoo.com/mrss/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Nextgov/FCW - Cybersecurity</title><link>https://www.nextgov.com/cybersecurity/</link><description></description><atom:link href="https://www.nextgov.com/rss/cybersecurity/" rel="self"></atom:link><language>en-us</language><lastBuildDate>Mon, 13 Jul 2026 21:00:00 -0400</lastBuildDate><item><title>AI, once relegated to helping hackers with certain tasks, can now power every stage of a cyberattack</title><link>https://www.nextgov.com/cybersecurity/2026/07/ai-once-relegated-helping-hackers-certain-tasks-can-now-power-every-stage-cyberattack/414744/</link><description>Researchers determined that AI was used in steps across entire cyber operations to identify security flaws, generate commands and carry out parts of intrusions, sometimes with little human oversight. Both U.S. and Chinese AI models have been involved.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Mon, 13 Jul 2026 21:00:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/07/ai-once-relegated-helping-hackers-certain-tasks-can-now-power-every-stage-cyberattack/414744/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Just two years ago, hackers were &lt;a href="https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/"&gt;tapping into generative artificial intelligence&lt;/a&gt; to probe targets, translate technical material and troubleshoot malicious code. The technology sped up some key parts of a cyber operation, but other stages remained solely in human hands.&lt;/p&gt;

&lt;p&gt;That line is now beginning to blur. In a range of cyberattacks observed over the past year, AI systems generated commands, tested vulnerabilities and helped hackers move through victim networks, sometimes carrying out thousands of commands with less human direction than researchers had previously seen, according to &lt;a href="https://engage.checkpoint.com/ai-security-report-2026"&gt;research&lt;/a&gt; released Monday night by cybersecurity firm Check Point.&lt;/p&gt;

&lt;p&gt;It means AI has now been used in some form at every stage of a cyberattack, from identifying targets to exploiting vulnerabilities to stealing data, to help hackers achieve their goals.&lt;/p&gt;

&lt;p&gt;The shift does not yet amount to fully autonomous hacking, a top company executive told &lt;em&gt;Nextgov/FCW&lt;/em&gt;, but it shows that AI is moving from an occasional aid to an extra set of hands throughout the entirety of an intrusion process. The findings also highlight how rapidly the global cyber ecosystem has adopted AI, with the technology now embedded across every part of an offensive operation rather than confined to isolated tasks.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;We watched criminal groups breach government agencies at scale, using AI as the primary operator rather than a background assistant,&amp;rdquo; the Check Point report says. In most cases, the AI model&amp;rsquo;s role was revealed by the attacker&amp;rsquo;s own mistakes or &lt;a href="https://www.nextgov.com/cybersecurity/2024/02/microsoft-and-openai-swept-ai-chat-logs-find-hackers-expect-become-norm/394205/"&gt;monitoring&lt;/a&gt; by the AI provider, rather than tools or safeguards deployed by the victim organization.&lt;/p&gt;

&lt;p&gt;For these AI-enabled pursuits, hackers have used open-source models and purpose-built malicious AI tools &lt;a href="https://www.infosecurity-magazine.com/news/dark-web-mentions-malicious-ai/"&gt;sold on the dark web&lt;/a&gt;, but major commercial providers remain their primary choice, company threat intelligence lead Sergey Shykevich said in an interview.&lt;/p&gt;

&lt;p&gt;The research points to the &lt;a href="https://unit42.paloaltonetworks.com/the-gentlemen-ransomware/"&gt;Gentlemen ransomware group&lt;/a&gt; as one instance of how AI is being folded into routine criminal operations. Members compared mainstream commercial models based largely on which imposed the fewest restrictions and used AI to help build internal tools, including a management platform developed in three days.&lt;/p&gt;

&lt;p&gt;The findings also highlight VoidLink &amp;mdash; a sophisticated toolkit for remotely controlling infected computers &amp;mdash; that researchers initially believed had taken a team several months to build. Check Point later found that a single developer produced roughly 88,000 lines of working code in under a week using a commercial AI coding tool.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Hackers tend to first choose U.S. AI models like ChatGPT or Claude because their responses are generally considered higher-quality, but they have a tougher time exploiting those families of models because of stronger guardrails designed to prevent malicious use of the tools, Shykevich said. When those attempts fail, they then pivot to Chinese-made AI platforms that have lower guardrails.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;They are trying to jailbreak those [Western] models, but when they are not successful, they just go to DeepSeek, Qwen and Trae,&amp;rdquo; he said, referring to a trio of AI models and platforms originating in China. Qwen is a suite of AI and large language models developed by Alibaba, while Trae is an AI-backed code editor and programming platform built by ByteDance. Ransomware gangs have been heavily leaning on those Chinese models to help generate code for their exploits, he noted.&lt;/p&gt;

&lt;p&gt;Chinese AI models have recently grown more capable and widely used for coding tasks. Beijing has discussed &lt;a href="https://www.reuters.com/world/beijing-is-looking-curbing-overseas-access-chinas-top-ai-models-sources-say-2026-07-07/"&gt;restricting overseas access&lt;/a&gt; to some advanced models, underscoring their growing national security value and their appeal to cybercriminals seeking tools to help with their exploits.&lt;/p&gt;

&lt;p&gt;When asked how these new dynamics involve targeting U.S. government and critical infrastructure organizations, Shykevich said there are certainly higher and faster levels of exploitation attempts, though he assessed that&amp;rsquo;s due to a combination of AI-enabled speed and geopolitical tensions.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;He said that, in an ideal world, security flaws should now be patched within several hours of discovery, though he immediately acknowledged that would be next to impossible. The Cybersecurity and Infrastructure Security Agency recently &lt;a href="https://www.nextgov.com/cybersecurity/2026/06/cisa-directive-revamps-how-agencies-prioritize-vulnerable-systems/414096/"&gt;revamped&lt;/a&gt; its remediation timeline guidance, ranging from three days for the highest-risk flaws to 60 days for lower-priority issues.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The move is part of CISA&amp;rsquo;s response &amp;ldquo;to the current threat landscape where AI software services can assist threat actors to find and exploit vulnerabilities,&amp;rdquo; the agency said last month.&lt;/p&gt;

&lt;p&gt;The findings come as the latest tranche of frontier AI models is showing sharp gains in their ability to perform&amp;nbsp;cybersecurity tasks. OpenAI last week &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/07/openais-advanced-gpt-56-models-be-available-public/414651/"&gt;released&lt;/a&gt; GPT-5.6, which it called its strongest cybersecurity model yet, reporting substantial gains over its predecessor on benchmarks testing exploit development and proof-of-concept generation.&lt;/p&gt;

&lt;p&gt;The Trump administration, meanwhile, has given the National Security Agency, CISA and other federal officials until Aug. 1 to develop a classified process for benchmarking the advanced cyber capabilities of frontier AI models and determining which systems need additional government scrutiny.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The most significant shift this report documents is not a new technique. It is pace,&amp;rdquo; the Check Point report says. &amp;ldquo;A vulnerability now becomes a working exploit within hours of disclosure. Phishing campaigns run at a quality and volume no human team could match. Intrusions span dozens of targets simultaneously, with AI handling the operational work between check-ins. Security teams working at human speed cannot match that cadence.&amp;rdquo;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/07/13/GettyImages_1599973349/large.jpg" width="618" height="284"><media:credit>Yuichiro Chino/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/07/13/GettyImages_1599973349/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Russian hackers exploit weak router security to breach critical infrastructure, Western allies warn</title><link>https://www.nextgov.com/cybersecurity/2026/07/russian-hackers-exploit-weak-router-security-breach-critical-infrastructure-western-allies-warn/414735/</link><description>The guidance comes as the United Kingdom and European Union blamed a major Russian intelligence unit for an attempted attack on Poland’s power grid last year.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Mon, 13 Jul 2026 15:34:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/07/russian-hackers-exploit-weak-router-security-breach-critical-infrastructure-western-allies-warn/414735/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Russian state-backed hackers tied to Moscow&amp;rsquo;s FSB Federal Security Service are continuing to breach critical infrastructure networks around the world by exploiting routers and other networking devices protected by weak credentials or running outdated technology, the United States and 12 partner nations warned Monday.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://www.ic3.gov/CSA/2026/260713.pdf"&gt;joint advisory&lt;/a&gt; said operators from FSB&amp;rsquo;s Center 16 signals intelligence unit have been working to opportunistically compromise infrastructure organizations across the communications, defense industrial base, energy, financial services, government facilities and health care sectors using the poor router configurations.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The advisory was issued by the NSA, Cybersecurity and Infrastructure Security Agency, FBI and Defense Department Cyber Crime Center, alongside agencies from Australia, Canada, New Zealand and others.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;This is an ongoing issue that has impacted various U.S. and foreign networks across multiple sectors,&amp;rdquo; the National Security Agency &lt;a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4541059/nsa-and-partners-release-guidance-on-improving-router-hygiene-to-protect-agains/"&gt;said in a statement&lt;/a&gt; accompanying the advisory.&lt;/p&gt;

&lt;p&gt;Center 16 operators have also exploited Cisco&amp;rsquo;s Smart Install feature, web portals used to manage network devices and at least two Cisco vulnerabilities. One of the flaws was &lt;a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-4128&amp;amp;ref=darkwebinformer.com#:~:text=CVE%2D2008%2D4128,configure/http%20URI."&gt;logged Monday&lt;/a&gt; in CISA&amp;rsquo;s Known Exploited Vulnerabilities catalog, which tabulates cyber vulnerabilities that have been leveraged by hacker groups.&lt;/p&gt;

&lt;p&gt;The guidance comes the same day the United Kingdom and European Union &lt;a href="https://therecord.media/russia-blamed-for-poland-grid-cyberattack-in-joint-uk-eu-sanctions-package"&gt;formally blamed&lt;/a&gt; Center 16 for a &lt;a href="https://www.reuters.com/sustainability/climate-energy/massive-cyberattack-polish-power-system-december-failed-minister-says-2026-01-13/"&gt;failed&lt;/a&gt; December 2025 cyberattack against Poland&amp;rsquo;s energy grid. UK officials said the operation &lt;a href="https://www.gov.uk/government/news/uk-and-eu-strike-russian-cyber-networks-with-new-sanctions#:~:text=This%20reckless%C2%A0attack%20failed%20but%20could%20have%20caused%20500%2C000%20citizens%20to%20lose%20electricity%C2%A0in%20the%20depths%20of%C2%A0winter.%20It%C2%A0is%20another%20example%20of%20the%C2%A0Russian%20state%E2%80%99s%C2%A0irresponsible%20attempts%C2%A0to%20sow%20chaos%20across%20Europe.%C2%A0"&gt;could have cut electricity to roughly 500,000 people&lt;/a&gt; during the winter.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;We strongly condemn Russia&amp;rsquo;s behaviour and misuse of this cyber ecosystem, targeting public services and critical infrastructure, causing disruptions and financial losses,&amp;rdquo; EU foreign policy chief Kaja Kallas said.&lt;/p&gt;

&lt;p&gt;Former U.S. officials urged organizations to shore up their routers&amp;rsquo; cyberdefenses.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Organizations should treat internet-facing network infrastructure as a priority attack surface by eliminating default credentials, restricting management interfaces, and ensuring that routers receive the same level of monitoring and patching as other critical systems,&amp;rdquo; said Matt Hartman, the chief strategy officer at Merlin Group who has held several senior roles at the Cybersecurity and Infrastructure Security Agency.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Organizations should assume that a router or other perimeter device will eventually be compromised. The objective is not simply to prevent the initial intrusion, but to ensure that the compromise cannot spread and create operational consequences,&amp;rdquo; said Lou Eichenbaum, the former chief information officer at the U.S. Department of the Interior and current federal chief technology officer at ColorTokens.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/07/13/071326routerNG/large.jpg" width="618" height="284"><media:credit>Alena Butusava/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/07/13/071326routerNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>DHS network intrusion was twice ruled a false positive before breach confirmed</title><link>https://www.nextgov.com/cybersecurity/2026/07/dhs-network-intrusion-was-twice-ruled-false-positive-breach-confirmed/414724/</link><description>Suspicious activity on the Homeland Security Information Network, which is being used to support World Cup games around the U.S., was first detected around mid-to-late May.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Mon, 13 Jul 2026 11:24:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/07/dhs-network-intrusion-was-twice-ruled-false-positive-breach-confirmed/414724/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Department of Homeland Security personnel twice dismissed signs of cyber intruders inside the agency&amp;rsquo;s Homeland Security Information Network as harmless activity, allowing hackers to remain undetected inside for weeks and eventually steal credential files, according to an internal incident readout viewed by &lt;em&gt;Nextgov/FCW&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;HSIN was breached about two months ago, &lt;em&gt;Nextgov/FCW&lt;/em&gt; &lt;a href="https://www.nextgov.com/cybersecurity/2026/06/hackers-breached-dhs-information-sharing-network-people-familiar-say/414534/"&gt;first reported&lt;/a&gt; in late June. The network houses sensitive, unclassified data that&amp;rsquo;s shared between federal, state, local, industry and overseas partner organizations.&lt;/p&gt;

&lt;p&gt;Department investigators have still not determined the affiliation of the hackers, according to two people with knowledge of an ongoing probe into the incident. DHS may send staff to brief Congress on the hack in a classified setting in the coming weeks, added the people, who spoke on the condition of anonymity to communicate the department&amp;rsquo;s thinking.&lt;/p&gt;

&lt;p&gt;Between May 15 and May 24, the infiltration was detected by analysts inside FEMA, where they observed the hackers had altered files on testing and live servers, used a legitimate web-server program to run malicious code and deleted activity logs that could have exposed their movements, according to the readout. The activity was ruled a false positive.&lt;/p&gt;

&lt;p&gt;Between May 25 and June 3, the hackers used similar methods aiming to leave scant trace of their activity, setting off more alerts that were again dismissed as benign. On June 4, they installed hidden backdoors and stole credential data &amp;mdash; typically employed to verify users&amp;rsquo; identities and grant access to accounts or systems &amp;mdash; where personnel then declared a breach was active.&lt;/p&gt;

&lt;p&gt;It&amp;rsquo;s not clear why the intrusion was deemed benign two times over such a wide timeframe, but the incident highlights how a mistaken assessment can give hackers significantly more time to deepen their access into a target&amp;rsquo;s environment. The hack involved techniques meant to mask activity as normal, which, generally speaking, can make it very difficult for analysts to determine what is legitimate or not, one of the people said.&lt;/p&gt;

&lt;p&gt;It&amp;rsquo;s also unclear what materials, if any, were copied from HSIN systems, though the fact that hackers targeted credential files indicates they sought out access to accounts or systems beyond what they could initially reach.&lt;/p&gt;

&lt;p&gt;&amp;quot;The Department of Homeland Security is aware of a recent cyber incident involving a specific, unclassified legacy information sharing environment,&amp;quot; a DHS spokesperson wrote in the same statement&amp;nbsp;it provided earlier this month&amp;nbsp;that confirmed the hack.&amp;nbsp;&amp;quot;We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation. There is no indication that classified networks were impacted, and the system remains operational for our partners. As this is an ongoing investigation, we cannot provide further operational details at this time.&amp;quot;&lt;/p&gt;

&lt;p&gt;Approved users lean on the network to securely access data, exchange requests with partner agencies, coordinate safety and security for planned events, respond to incidents and share information needed to protect their communities, &lt;a href="https://www.dhs.gov/homeland-security-information-network-hsin"&gt;per its website&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;HSIN has been used to support ongoing World Cup games and recent America250 events, Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., said in a statement after the breach was reported.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The information in HSIN, while not classified, is highly sensitive, and its exposure risks national security,&amp;rdquo; he said at the time.&lt;/p&gt;

&lt;p&gt;As the United States hosts World Cup matches nationwide, the hack could raise questions about whether the intruders gained access to security plans, interagency communications or emergency response plans for one of the world&amp;rsquo;s most visible sporting events. It&amp;rsquo;s also possible that World Cup data was not a target.&lt;/p&gt;

&lt;p&gt;Nation-state and criminal hackers routinely target U.S. systems to gather intelligence, steal sensitive information and maintain access to government networks. In February, a suspected China-linked breach of an FBI surveillance system likely &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/suspected-chinese-breach-fbi-system-exposed-surveillance-targets-phone-numbers/412612/"&gt;exposed&lt;/a&gt; the phone numbers of people the bureau was monitoring. Last fall, a &lt;a href="https://www.nextgov.com/cybersecurity/2025/09/widespread-breach-let-hackers-steal-employee-data-fema-and-cbp/408456/"&gt;widespread breach&lt;/a&gt; at FEMA let hackers make off with employee data from both the disaster management office and U.S. Customs and Border Protection.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Editor&amp;#39;s note: This article has been updated to include a statement from DHS.&lt;/em&gt;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/07/13/071326DHSNG/large.jpg" width="618" height="284"><media:credit>Win McNamee/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/07/13/071326DHSNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Pentagon opens applications for cyber apprenticeship program</title><link>https://www.nextgov.com/cybersecurity/2026/07/pentagon-opens-applications-cyber-apprenticeship-program/414662/</link><description>DOD Chief Information Officer Kirsten Davies said last month that the apprenticeship had “already generated more than 70,000 inquiries” since it was first announced in late April.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Edward Graham</dc:creator><pubDate>Wed, 08 Jul 2026 17:36:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/07/pentagon-opens-applications-cyber-apprenticeship-program/414662/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The Department of Defense announced this week that it officially opened the application window for its Cyber Registered Apprenticeship Program, a new initiative to onboard more skilled cybersecurity professionals into its workforce.&lt;/p&gt;

&lt;p&gt;DOD&amp;rsquo;s Office of the Chief Information Officer, which is directing the program, said on Monday that the job posting is &lt;a href="https://www.usajobs.gov/job/875318000"&gt;now open through July 17&lt;/a&gt; on the government&amp;rsquo;s USAJobs hiring site. The annual salary for the apprenticeship is listed as $22,584.&lt;/p&gt;

&lt;p&gt;Cyber RAP, as the pilot is being called, was first &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/pentagon-launches-cyber-apprenticeship-program/413187/"&gt;announced&lt;/a&gt; in late April by the Pentagon. The 12-month apprenticeship is designed, in large part, to prioritize skills-based hiring over academic experience &amp;mdash; part of a broader Trump administration push to place greater emphasis on experience over educational requirements in the federal hiring process.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;This program bypasses traditional academic gatekeeping to value what truly matters: raw aptitude, patriotic drive, and hands-on capability over traditional academic credentials,&amp;rdquo; DOD Chief Information Officer Kirsten Davies said in a statement. &amp;ldquo;By unlocking this untapped potential, we are actively forging America&amp;#39;s elite cyber workforce of the future from the ground up.&amp;quot;&lt;/p&gt;

&lt;p&gt;In &lt;a href="https://www.nextgov.com/defense/2026/07/seizing-digital-advantage-dod/414648/"&gt;a recent interview&lt;/a&gt; with &lt;em&gt;Nextgov/FCW&lt;/em&gt;, Davies said President Donald Trump and Defense Secretary Pete Hegseth &amp;ldquo;have given us a mandate to really get after skills-based training,&amp;rdquo; and added that she has also worked to eliminate degree requirements &amp;ldquo;because if threat actors can be script kiddies and teenagers, then we need to be employing great skills where the skills are and figuring out how to incorporate them.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The Cyber RAP posting only requires that candidates be over 18 years of age, are U.S. citizens and have the ability to obtain and maintain a government security clearance. The pilot trains apprentices for entry-level DOD positions, including as cyber defense analysts, cyber defense infrastructure support specialists and cyber defense incident responders.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The program includes two developmental tracks with different academic requirements, which the department said are designed &amp;ldquo;to accommodate different agency missions and standards.&amp;rdquo;&amp;nbsp;&lt;/p&gt;

&lt;p&gt;DOD says &amp;ldquo;the core Technical Specialist Pathway focuses on rapid, hands-on technical skill acquisition for general [Pentagon] civilian cyber roles and explicitly does not require a college degree,&amp;rdquo; while &amp;ldquo;the Defense Manpower Data Center (DMDC) Agency Pathway is tailored for specialized placements within the DMDC and requires candidates to hold an accredited degree to meet that specific agency&amp;#39;s qualification standards.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;Speaking at the SAP NOW summit in Washington, D.C., last month, Davies said that the apprenticeship had &amp;ldquo;already generated &lt;a href="https://www.nextgov.com/defense/2026/06/dod-quantum-strategy-first-step-preparing-future-cio-says/414408/"&gt;more than 70,000 inquiries&lt;/a&gt;,&amp;rdquo; even though it had not yet been officially launched.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/07/08/GettyImages_2242866769/large.jpg" width="618" height="284"><media:credit>Bill Clark/CQ-Roll Call, Inc via Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/07/08/GettyImages_2242866769/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>House Homeland committee seeks briefing on DHS network hack</title><link>https://www.nextgov.com/cybersecurity/2026/07/house-homeland-committee-seeks-briefing-dhs-network-hack/414633/</link><description>Cyber intruders accessed the unclassified network being used to help support World Cup games around the U.S., a senator said last week.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Tue, 07 Jul 2026 17:53:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/07/house-homeland-committee-seeks-briefing-dhs-network-hack/414633/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;House Homeland Security Committee staff are requesting a briefing from the Department of Homeland Security on the breach of the agency&amp;rsquo;s Homeland Security Information Network, according to a committee aide with knowledge of the matter.&lt;/p&gt;

&lt;p&gt;Staffers are hoping to be briefed on the intrusion &amp;mdash; &lt;a href="https://www.nextgov.com/cybersecurity/2026/06/hackers-breached-dhs-information-sharing-network-people-familiar-say/414534/"&gt;first reported&lt;/a&gt; by &lt;em&gt;Nextgov/FCW&lt;/em&gt; last week &amp;mdash; by Friday, said the aide, who spoke on the condition of anonymity because the matter is sensitive.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Hackers are believed to have penetrated HSIN sometime between late May and early June, though their affiliation and whether any contents were pilfered from the platform is unclear, a person familiar with the matter previously said.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Approved users lean on the network to securely access data, exchange requests with partner agencies, manage operations, coordinate safety and security for planned events, respond to incidents and share mission-critical information needed to protect their communities, according to its &lt;a href="https://www.dhs.gov/homeland-security-information-network-hsin"&gt;website&lt;/a&gt;. HSIN carries unclassified but sensitive information shared among federal, state, local, territorial, tribal, international and private-sector partners.&lt;/p&gt;

&lt;p&gt;The intrusion comes as the U.S. oversees security for World Cup games across the country, placing added scrutiny on the systems federal, state and local officials use to coordinate major events. A breach of the platform may raise concerns about whether hackers gained insight into security planning, interagency coordination or response procedures surrounding one of the most visible international events hosted predominately in the United States.&lt;/p&gt;

&lt;p&gt;Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., said last week that the network is being used to support the World Cup and America250 events. He added that it played a key role for emergency responders during last year&amp;rsquo;s mid-air collision between an American Airlines flight and an Army Black Hawk helicopter outside Washington, D.C.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The information in HSIN, while not classified, is highly sensitive, and its exposure risks national security,&amp;rdquo; Warner said. &amp;ldquo;DHS and DOJ must thoroughly investigate who breached HSIN, what the attackers accessed, and ensure all DHS partners are provided with timely information and the tools necessary to mitigate any associated risks from the breach.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;When asked by &lt;em&gt;Nextgov/FCW&lt;/em&gt; about the committee briefing request, a department spokesperson sent the same statement it provided last week that confirmed the hack.&lt;/p&gt;

&lt;p&gt;The statement said staff &amp;ldquo;immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation,&amp;rdquo; and&amp;nbsp;added&amp;nbsp;that an investigation is ongoing and more details can&amp;rsquo;t be provided.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/07/07/070726capitolNG/large.jpg" width="618" height="284"><media:credit>Kevin Dietsch/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/07/07/070726capitolNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>CISA expects to finalize key cyber reporting rule by September</title><link>https://www.nextgov.com/cybersecurity/2026/07/cisa-expects-finalize-key-cyber-reporting-rule-september/414607/</link><description>Last month, CISA held additional stakeholder town halls on the forthcoming CIRCIA final rule after a now-resolved DHS funding lapse this spring delayed the meetings.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Mon, 06 Jul 2026 17:13:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/07/cisa-expects-finalize-key-cyber-reporting-rule-september/414607/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The Cybersecurity and Infrastructure Security Agency expects to finalize a bedrock cybersecurity incident reporting rule in September, requiring critical infrastructure providers to report major hacks directly to the cyberdefense agency, according to a &lt;a href="https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202510&amp;amp;RIN=1670-AA04"&gt;regulation document&lt;/a&gt; published last week.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The Cyber Incident Reporting for Critical Infrastructure Act requires critical infrastructure entities to report substantial incidents to CISA within 72 hours and ransomware payments within 24 hours.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;CIRCIA&amp;rsquo;s underlying measure in Congress &lt;a href="https://www.nextgov.com/cybersecurity/2022/03/cyber-incident-reporting-legislation-clears-house-bipartisan-spending-bill/363022/"&gt;first passed&lt;/a&gt; in 2022, though the final rule has been delayed for some time. CISA published the first procedural notice for the rule in April 2024 and missed the statutory October 2025 final-rule deadline. Last month, the agency held additional stakeholder town halls to further discuss the directive after a now-resolved shutdown of the Department of Homeland Security&amp;nbsp;in the spring delayed scheduling of those meetings.&lt;/p&gt;

&lt;p&gt;CIRCIA is significant because CISA has historically relied on voluntary cooperation from critical infrastructure operators, and the law would move a major piece of that relationship into a mandatory reporting regime.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The directive grew out of post-SolarWinds and Colonial Pipeline concerns that voluntary reporting left the government blind to major cyber incidents. Russia&amp;rsquo;s invasion of Ukraine added urgency by raising fears that geopolitical conflict could spill into attacks on U.S. critical infrastructure.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/07/06/070626cyberNG/large.jpg" width="618" height="284"><media:credit>Yuichiro Chino/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/07/06/070626cyberNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Hackers breached DHS information-sharing network, people familiar say</title><link>https://www.nextgov.com/cybersecurity/2026/06/hackers-breached-dhs-information-sharing-network-people-familiar-say/414534/</link><description>The Homeland Security Information Network is used by government, international and private sector partners to share sensitive but unclassified information.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Tue, 30 Jun 2026 11:11:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/hackers-breached-dhs-information-sharing-network-people-familiar-say/414534/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter.&lt;/p&gt;

&lt;p&gt;DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on the condition of anonymity because the incident is sensitive. The hackers&amp;rsquo; affiliation and whether any documentation was pilfered from the system are both unclear.&lt;/p&gt;

&lt;p&gt;The department&amp;rsquo;s Office of Intelligence and Analysis has conducted a damage assessment of the intrusion, which is believed to have occurred sometime between late May and early June, said one of the people. The hackers targeted HSIN servers and a SharePoint system used for collaboration efforts, the person added.&lt;/p&gt;

&lt;p&gt;Approved users lean on the network to securely access data, exchange requests with partner agencies, manage operations, coordinate safety and security for planned events, respond to incidents and share mission-critical information needed to protect their communities, according to its &lt;a href="https://www.dhs.gov/homeland-security-information-network-hsin"&gt;website&lt;/a&gt;. HSIN carries unclassified but sensitive information shared among federal, state, local, territorial, tribal, international and private-sector partners.&lt;/p&gt;

&lt;p&gt;The intrusion comes as the U.S. is overseeing security for World Cup games across the country, placing added scrutiny on the systems federal, state and local officials use to coordinate major events. A breach of the platform could raise concerns about whether hackers gained insight into security planning, interagency coordination or response procedures surrounding one of the most visible international events hosted predominately in the United States.&lt;/p&gt;

&lt;p&gt;The platform supports real-time communication, document sharing, alerts, web conferencing and incident management. It&amp;rsquo;s also used to exchange information about persons of interest and potential threats to help agencies maintain situational awareness during emergencies and events.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The Department of Homeland Security is aware of a recent cyber incident involving a specific, unclassified legacy information sharing environment. We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation,&amp;rdquo; a department spokesperson said after this story published. &amp;ldquo;There is no indication that classified networks were impacted, and the system remains operational for our partners. As this is an ongoing investigation, we cannot provide further operational details at this time.&amp;quot;&lt;/p&gt;

&lt;p&gt;The development would not be the first time HSIN has faced security problems. In 2023, an access misconfiguration linked to a contractor&amp;rsquo;s coding error caused restricted HSIN data to be exposed to unapproved users inside the platform, according to a memo obtained by &lt;em&gt;Nextgov/FCW&lt;/em&gt;.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The error let information intended for a limited set of authorized users be made available more broadly across HSIN, including sensitive U.S. person data and other personally identifying information. The full consequences of that misconfiguration are still unclear, according to a third person. Wired &lt;a href="https://www.wired.com/story/a-dhs-data-hub-exposed-sensitive-intel-to-thousands-of-unauthorized-users/"&gt;previously reported&lt;/a&gt; that incident.&lt;/p&gt;

&lt;p&gt;Nation-state groups and criminal hackers routinely target U.S. systems to collect intelligence, steal sensitive information, disrupt operations or gain footholds inside government networks. In February, a suspected China-linked breach of an FBI surveillance system likely revealed phone numbers of targets being monitored by the bureau, &lt;em&gt;Nextgov/FCW&lt;/em&gt; previously &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/suspected-chinese-breach-fbi-system-exposed-surveillance-targets-phone-numbers/412612/"&gt;reported&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Editor&amp;#39;s note: This article has been updated to include comment from DHS.&lt;/em&gt;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/30/063026DHSNG/large.jpg" width="618" height="284"><media:credit>Win McNamee/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/30/063026DHSNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Secret Service phone security lapses put US officials at risk, watchdog says</title><link>https://www.nextgov.com/cybersecurity/2026/06/secret-service-phone-security-lapses-put-us-officials-risk-watchdog-says/414459/</link><description>The DHS inspector general found that agents routinely used personal phones for official work, including during protective operations, because government-issued devices lacked key capabilities.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Fri, 26 Jun 2026 12:13:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/secret-service-phone-security-lapses-put-us-officials-risk-watchdog-says/414459/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The Secret Service failed to effectively secure and manage mobile devices used for official business, including during protective operations, creating risks that adversaries could intercept sensitive communications and use them to target U.S. leaders and other protectees, according to a watchdog report issued Thursday.&lt;/p&gt;

&lt;p&gt;The Department of Homeland Security&amp;rsquo;s inspector general &lt;a href="https://www.oig.dhs.gov/sites/default/files/assets/2026-06/OIG-26-09-Jun26.pdf"&gt;determined&lt;/a&gt; Secret Service employees routinely relied on personal phones for official work, including during domestic and overseas protective assignments, because government-issued devices lacked key tools needed to communicate with law enforcement, foreign partners and other officials.&lt;/p&gt;

&lt;p&gt;Those personal devices were not managed or secured by the government, creating vulnerabilities that could expose operational details, employee information, contacts, location data, photos and other sensitive material, the report said.&lt;/p&gt;

&lt;p&gt;Adversaries &amp;ldquo;could have intercepted and exploited Secret Service information, placing at risk our Nation&amp;rsquo;s leaders, other protectees, and employees &amp;mdash; especially when unsecured devices were used overseas,&amp;rdquo; the inspector general wrote.&lt;/p&gt;

&lt;p&gt;The audit grew out of broader reviews of the Secret Service following the July 13, 2024 attempted assassination of then-former President Donald Trump at a campaign rally in Butler, Pennsylvania. During those reviews, the watchdog said it learned that Secret Service personnel frequently used personal cellphones for official business, raising security and federal records concerns.&lt;/p&gt;

&lt;p&gt;One episode described in the report connects the issue directly to the Butler security breakdown. Shortly before the attempted assassination, a Secret Service employee used a personal device to receive a picture message from local law enforcement of the would-be assassin because of reliability concerns with the employee&amp;rsquo;s government-issued phone. The employee told investigators that prior issues had prevented them from sending text messages with images using government equipment.&lt;/p&gt;

&lt;p&gt;The watchdog also found that, after the attack, another employee had to take extra steps to email a photo of the would-be assassin to colleagues because a known issue prevented them from simply forwarding the image by text on a government-issued device.&lt;/p&gt;

&lt;p&gt;The report points much of the blame at the Secret Service&amp;rsquo;s Office of the Chief Information Officer, which is responsible for setting mobile device security standards, managing government-issued devices and ensuring compliance with agency policies.&lt;/p&gt;

&lt;p&gt;Secret Service employees told investigators that government-issued devices often lacked commercial messaging apps commonly used by foreign police, military officials, embassy drivers, State Department personnel and other partners overseas. Some also said they needed personal devices to access websites blocked on government phones, including sites used to research restaurants where a protectee was scheduled to dine.&lt;/p&gt;

&lt;p&gt;Employees also cited reliability problems. According to the report, government-issued devices frequently disconnected from the Secret Service virtual private network, and about 12% of wireless help desk tickets involving mobile devices were related to VPN issues.&lt;/p&gt;

&lt;p&gt;The watchdog found that the use of personal devices had become routine and expected during foreign assignments. Of 24 employees and supervisors interviewed about international travel reimbursement records, 23 said they relied on personal devices, with most saying they needed them during nearly every foreign assignment.&lt;/p&gt;

&lt;p&gt;The inspector general also reviewed call and text records and found more than 15,000 instances in which employees sent or received calls from colleagues&amp;rsquo; personal phones while working protective events. It found about 24,000 text messages between personal devices and government-issued phones, though its analysis did not include communications made solely between personal devices or through messaging apps.&lt;/p&gt;

&lt;p&gt;The report also found that Secret Service mobile devices used overseas lacked required mobile threat defense software designed to provide real-time protection from malware, cyberattacks and other threats. The Secret Service did not begin installing that software on any government-issued mobile devices until August 2025, despite DHS policy requiring it for devices used outside the United States.&lt;/p&gt;

&lt;p&gt;The watchdog also found that the Secret Service did not consistently wipe data from government phones after employees returned from international missions, even though agency policy required employees to wipe devices within 24 hours of returning to the United States. One employee told investigators their phone had never been wiped over the course of eight years and 20 international trips, including travel to high-risk countries. Another employee reported 15 trips over eight years and estimated their phone had been wiped only four times.&lt;/p&gt;

&lt;p&gt;The Secret Service concurred with all five watchdog recommendations, including recommendations to improve its process for identifying mobile device needs, strengthen cybersecurity training, communicate that personal devices are not allowed for official business and update app vulnerability testing policies.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/26/062626secretserviceNG/large.jpg" width="618" height="284"><media:credit>Kevin Carter/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/26/062626secretserviceNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>The hidden market turning home internet connections into cover for hackers</title><link>https://www.nextgov.com/cybersecurity/2026/06/hidden-market-turning-home-internet-connections-cover-hackers/414413/</link><description>Researchers traced millions of household IP addresses through residential proxy networks, calling the illicit use of those connections the “blood diamonds of the digital age.”</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Thu, 25 Jun 2026 06:00:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/hidden-market-turning-home-internet-connections-cover-hackers/414413/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Swaths of consumer streaming devices and passive-income services are quietly turning Americans&amp;rsquo; home internet connections into cover for cybercrime, fraud and foreign-linked hackers, according to a new investigation that found suspicious behavior from devices and apps sold through major online marketplaces.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://resproxy.digitalcitizensalliance.org/hubfs/resproxy/DCA_Cybercrime-by-Doorbell-Report.pdf"&gt;report&lt;/a&gt; from the Digital Citizens Alliance and cyber compliance firm risk3sixty focuses on residential proxy networks, which let users route their web traffic through real household internet connections.&lt;/p&gt;

&lt;p&gt;That disguise is what makes the market valuable for cyberspies: Many threat detection tools treat home internet connections as more trustworthy than traffic from known malicious networks. When cybercriminals or state-backed hackers piggyback on those home platforms, they gain a powerful way to hide their activity, and the digital breadcrumbs trace back to an unsuspecting household.&lt;/p&gt;

&lt;p&gt;In a hypothetical attack on a federal agency, a hacker could route their activity through ordinary home internet connections instead of foreign servers. That could make suspicious login attempts or other traffic appear to come from real U.S. homes, causing investigators to initially trace them back to unsuspecting users whose connections were used as cover.&lt;/p&gt;

&lt;p&gt;That arrangement poses unsuspecting risks for ordinary people, DCA Executive Director Tom Galvin told &lt;em&gt;Nextgov/FCW&lt;/em&gt;. &amp;ldquo;Because someone has gained access to your IP connection &amp;hellip; if you&amp;rsquo;re a criminal engaging in financial fraud or distribution of [child sexual abuse material] over a residential IP connection, and you get caught, law enforcement isn&amp;rsquo;t going to the criminal, they&amp;rsquo;re going to the home.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;You basically run the risk of having everything in your house turn into a potential exit node, and &amp;hellip; in addition to the privacy or the IP reputation concerns, there are potential legal repercussions,&amp;rdquo; Steven Guris, risk3sixty&amp;rsquo;s threat intelligence lead, said in the same interview.&lt;/p&gt;

&lt;p&gt;In one case, the report cited a VSeeBox V5 Pro &amp;mdash; a TV streaming product &amp;mdash; purchased through Walmart that connected to a server based in China when powered on. It sent detailed device information and received commands that included the ability to install or uninstall apps, reboot the device and perform a factory reset. Walmart told the researchers that the product was no longer available on its site and that the company removes listings when violations are detected.&lt;/p&gt;

&lt;p&gt;In another, the investigators signed up for Honeygain, a service marketed to students and other users as a way to earn extra money from unused bandwidth, and monitored how the connection was used. They observed traffic involving entities in China and Russia, including traffic tied to a U.S. Treasury Department-sanctioned bank, though the researchers said they found no indication that Honeygain knew how those connections were being used. Honeygain did not provide a statement for the report.&lt;/p&gt;

&lt;p&gt;Residential proxies are sold through websites that openly advertise proxy access, by companies that bundle home internet connections from apps or devices and resell them and, in some cases, on dark web markets with guides for using them in fraud.&lt;/p&gt;

&lt;p&gt;The findings call the illicit use of home internet connections the &amp;ldquo;blood diamonds&amp;rdquo; of the digital age, arguing that the market lets companies profit from connections that may have been gathered deceptively.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;By the time a blood diamond reaches a jewelry store it is several layers from the forced labor that mined the gem and funded civil wars. The jewelers that sold blood diamonds could perhaps claim ignorance, but major players had knowledge,&amp;rdquo; the report says. &amp;ldquo;The same is true for residential proxies. The retailers who ultimately sell IP connections to businesses, state actors and cybercriminals may not have sourced the connections, but they are part of an ecosystem built on deception and crimes.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The FBI has previously &lt;a href="https://www.fbi.gov/investigate/cyber/alerts/2026/evading-residential-proxy-networks-protecting-your-devices-from-becoming-a-tool-for-criminals"&gt;warned&lt;/a&gt; that residential proxies can be cobbled together through free virtual private networks, compromised internet-connected devices, malware and passive-income apps that route other people&amp;rsquo;s traffic through users&amp;rsquo; home connections. The bureau has taken steps to &lt;a href="https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-dns-hijacking-network-controlled"&gt;disrupt&lt;/a&gt; hackers that rely on proxy networks to hide their pursuits and plans to &lt;a href="https://threatbeat.com/video/fbi-eyes-more-court-authorized-operations-inside-compromised-private-infrastructure/"&gt;conduct more related takedowns&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;But the report suggests the problem extends far beyond individual law enforcement activity. It estimates more than 20 million U.S. IP connections are collected each year for residential proxy services. Researchers also tracked roughly 26 million unique residential IP addresses over 30 days and found that nearly half appeared across multiple proxy providers, suggesting that once a home connection enters the market, it can be resold or reused across several platforms.&lt;/p&gt;

&lt;p&gt;The DCA is launching a public awareness campaign around the issue, Galvin said. The alliance has also been engaging with U.S. officials to discuss the matter, though he declined to name specific agencies and individuals involved.&lt;/p&gt;

&lt;p&gt;The campaign will include public service announcements and social media videos warning about risks from free apps, unauthorized streaming devices and aging home routers, along with guidance on filing complaints with the FBI&amp;rsquo;s Internet Crime Complaint Center. The group also plans to develop a free app that would let consumers check whether their IP connection has been hijacked, he said.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;We&amp;rsquo;re not moralists, but it is our job, we think, to tell people what are the risks, so they can make intelligent decisions,&amp;rdquo; Galvin said. &amp;ldquo;We just want them to know what they&amp;rsquo;re doing and when they&amp;rsquo;re doing it.&amp;rdquo;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/24/GettyImages_1370233320/large.jpg" width="618" height="284"><media:credit>Techa Tungateja/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/24/GettyImages_1370233320/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Planned NDAA amendment would codify CISA’s role in cyber vulnerability program</title><link>https://www.nextgov.com/cybersecurity/2026/06/planned-ndaa-amendment-would-codify-cisas-role-cyber-vulnerability-program/414286/</link><description>The measure, expected as a proposed add-on to the government’s 2027 defense package, targets a bedrock cybersecurity vulnerability-tracking system after a contracting fiasco last year.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Thu, 18 Jun 2026 15:52:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/planned-ndaa-amendment-would-codify-cisas-role-cyber-vulnerability-program/414286/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;A contracting scare that briefly cast uncertainty over a key cyber vulnerability-tracking program is prompting lawmakers to add a measure to the annual defense authorization bill that would establish the program within the Cybersecurity and Infrastructure Security Agency.&lt;/p&gt;

&lt;p&gt;The proposal would formally house the Common Vulnerabilities and Exposures program under CISA, require a joint modernization plan with the National Institute of Standards and Technology and push officials to improve the public vulnerability data used by agencies, companies and security researchers to assess cyber risk, according to the text of the planned amendment viewed by &lt;em&gt;Nextgov/FCW&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;CVE provides a standardized methodology for logging publicly known security vulnerabilities. Each flaw is assigned a unique identifier, designed to help researchers, vendors and officials more effectively communicate about the same issue. It first launched in 1999, and is used today by organizations across the private sector and the national intelligence enterprise.&lt;/p&gt;

&lt;p&gt;The program faced a contracting debacle last spring when MITRE, the non-profit research giant that funds much of CVE&amp;rsquo;s functions, warned of an imminent end to federal backing for the project during an efficiency-driven purge of several contracts at CISA.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The matter was &lt;a href="https://www.nextgov.com/cybersecurity/2025/04/cisa-extends-mitre-backed-cve-contract-hours-its-lapse/404601/"&gt;addressed&lt;/a&gt; within hours amid outcry from the cybersecurity community, but it ignited discussions over the long-term stability of a system that much of the cybersecurity community deems critical for day-to-day work.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The proposed NDAA measure is significant because, if passed, it would give CISA a formal, legal role in managing the premier global catalog used across the cybersecurity world to identify, track and prioritize software flaws.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The amendment text reviewed by &lt;em&gt;Nextgov/FCW&lt;/em&gt; does not name a sponsoring lawmaker. CISA declined to comment on the proposed measure.&lt;/p&gt;

&lt;p&gt;The proposal would also create a 15-member CVE Board to set the program&amp;rsquo;s policies and priorities, with permanent seats for CISA, NIST and top-level CVE authorities. Rotating members would come from industry, academia, the research community and foreign governments.&lt;/p&gt;

&lt;p&gt;It would also put greater weight behind vulnerability enrichment &amp;mdash; the process of adding context about a flaw&amp;rsquo;s severity and how hackers may exploit it &amp;mdash; by making it part of CVE&amp;rsquo;s formal mission and directing the program&amp;rsquo;s board to set policies for what information CVE records should include.&lt;/p&gt;

&lt;p&gt;Earlier this year, EU cybersecurity chief Hans de Vries told an audience at the RSAC Conference in San Francisco that Europe wants to &lt;a href="https://www.nextgov.com/cybersecurity/2026/03/eu-wants-support-bedrock-cyber-vulnerability-program-top-official-says/412429/"&gt;assist with and help modernize&lt;/a&gt; the program.&lt;/p&gt;

&lt;p&gt;In the same discussion, a top House Homeland Security Committee staffer &lt;a href="https://www.nextgov.com/cybersecurity/2026/03/eu-wants-support-bedrock-cyber-vulnerability-program-top-official-says/412429/#:~:text=Congressional%20staffers%20have,it%20accountable%20for.%E2%80%9D"&gt;previewed&lt;/a&gt; the measure.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;While CISA is certainly authorized to execute this program, it&amp;rsquo;s not specifically tasked with doing it, which, as an oversight committee, makes it harder for us to hold an agency accountable for executing a task,&amp;rdquo; said Moira Bergen, who leads cyber policy work for the Democratic side of the panel.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The House Armed Services Committee approved its version of the fiscal 2027 defense bill earlier this month, sending it to the Rules Committee ahead of expected floor consideration. The Rules panel has told members to submit proposed amendments by 5 p.m. Thursday.&lt;/p&gt;

&lt;p&gt;The Senate Armed Services Committee also advanced its own version of the bill last week. Once both chambers pass their versions, negotiators from both chambers will have to reconcile differences between the two before a final defense policy package can reach the president.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Editor&amp;#39;s note: This article has been updated to note that CISA declined comment.&lt;/em&gt;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/18/GettyImages_2280265259/large.jpg" width="618" height="284"><media:credit>Sanu biswas/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/18/GettyImages_2280265259/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>CISA now has full Mythos Preview access, people familiar say</title><link>https://www.nextgov.com/cybersecurity/2026/06/cisa-now-has-full-mythos-preview-access-people-familiar-say/414260/</link><description>The cyberdefense agency received access around a week ago, but the White House has not yet set clear parameters for how the agency should use the model.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Wed, 17 Jun 2026 17:21:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/cisa-now-has-full-mythos-preview-access-people-familiar-say/414260/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The Cybersecurity and Infrastructure Security Agency now has full access to Anthropic&amp;rsquo;s flagship Mythos Preview model, according to a U.S. official and a second person familiar with the matter.&lt;/p&gt;

&lt;p&gt;The cyberdefense agency received access around a week ago, the official said. Both sources spoke on the condition of anonymity to discuss internal deliberations.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The White House Office of the National Cyber Director has not yet set clear parameters for how the agency should use the model, the official added.&lt;/p&gt;

&lt;p&gt;The lack of parameters echoes earlier &lt;em&gt;Nextgov/FCW&lt;/em&gt; &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/06/lack-white-house-guidance-has-complicated-agency-mythos-adoption-people-familiar-say/414093/?oref=ng-home-top-story"&gt;reporting&lt;/a&gt; showing federal tech leaders have privately complained that ONCD has not adequately briefed them on implementing or using the model for vulnerability scanning.&lt;/p&gt;

&lt;p&gt;CISA did not respond to a request for comment.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Over the last few months, Anthropic surgically rolled out Mythos Preview to select organizations&amp;nbsp;and recently expanded this effort &amp;mdash; dubbed Project Glasswing &amp;mdash; to partners in industry and other nations. The model has been distributed through a non-public process on grounds that, in the wrong hands, it can significantly boost adversaries&amp;rsquo; hacking capabilities.&lt;/p&gt;

&lt;p&gt;CISA was not included in an initial Mythos rollout, Axios &lt;a href="https://www.axios.com/2026/04/21/cisa-anthropic-mythos-ai-security"&gt;reported&lt;/a&gt; in April. Last week, &lt;em&gt;Nextgov/FCW&lt;/em&gt; &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/06/white-house-discussions-are-weighing-giving-cisa-mythos-access/414121/"&gt;reported&lt;/a&gt; that agency access to the model was imminent.&lt;/p&gt;

&lt;p&gt;Mythos Preview is different from Anthropic&amp;rsquo;s similar-sounding Mythos 5 successor model, which the U.S. effectively &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/06/anthropic-suspends-top-ai-models-after-us-export-control-order/414173/"&gt;banned&lt;/a&gt; over the weekend via an export control mechanism&amp;nbsp;alongside the AI company&amp;rsquo;s Fable 5 model. The move has caused &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/06/industry-and-academia-call-administration-free-anthropics-ai-model/414194/?oref=ng-author-river"&gt;uproar&lt;/a&gt; across the cyber and AI community.&lt;/p&gt;

&lt;p&gt;Both Mythos 5 and Mythos Preview have only been made available to vetted providers via Project Glasswing.&lt;/p&gt;

&lt;p&gt;The Trump administration&amp;rsquo;s approach to AI has shifted in recent months as officials confront an emerging class of models that can rapidly identify vulnerabilities across computer networks, becoming a major driver of discussions over how AI systems could reshape the future of cybersecurity.&lt;/p&gt;

&lt;p&gt;Models like Mythos can help federal agencies identify vulnerabilities faster by analyzing large amounts of software and system data, then surfacing weaknesses and possible attack paths for human defenders to review. Conversely, cyber operators in the intelligence community and Defense Department can also use such models to accelerate their offensive hacking operations.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/17/061726MythosNG/large.jpg" width="618" height="284"><media:credit>Samuel Boivin/NurPhoto via Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/17/061726MythosNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>US officials see Iran cyber threat persisting despite preliminary deal</title><link>https://www.nextgov.com/cybersecurity/2026/06/us-officials-see-iran-cyber-threat-persisting-despite-preliminary-deal/414243/</link><description>Officials’ views reflect a recurring concern that cyber operations would continue regardless of conflict status, even as the Trump administration pursues a diplomatic off-ramp with Tehran.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Wed, 17 Jun 2026 10:44:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/us-officials-see-iran-cyber-threat-persisting-despite-preliminary-deal/414243/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The preliminary U.S.-Iran agreement reached over the weekend likely won&amp;rsquo;t stop cyber operations launched by Tehran and Iran-aligned hacking groups at American systems, five current and two former U.S. officials told &lt;em&gt;Nextgov/FCW&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;Most of them were granted anonymity because they were not authorized to publicly discuss forward-looking perspectives of Iranian cyber activity after the agreement.&lt;/p&gt;

&lt;p&gt;Cyber conflict is &amp;ldquo;definitely part of warfare that keeps going&amp;rdquo; and is pretty &amp;ldquo;accepted&amp;rdquo; as an &amp;ldquo;ongoing normal course of business,&amp;rdquo; one of the officials said, adding that cyber activity may decelerate, but that it &amp;ldquo;definitely won&amp;rsquo;t stop.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;There is &amp;ldquo;no chance&amp;rdquo; Iran and any affiliated parties would cease or slow down in cyberspace, a second official opined.&lt;/p&gt;

&lt;p&gt;Hacking activity could decrease temporarily, said one of the former officials, but if pro-Iran hacking collectives don&amp;rsquo;t like any finalized resolution, they may conduct cyberattacks to express their issues, as Iran&amp;rsquo;s central government doesn&amp;rsquo;t always have the best control of these groups.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;There has always been anti-U.S. activity&amp;rdquo; from such &amp;ldquo;hacktivist&amp;rdquo; groups that align with Iran but aren&amp;rsquo;t backed by the regime directly, this former official added.&lt;/p&gt;

&lt;p&gt;Their outlook aligns with past conclusions that cyber operations continue regardless of the status of a given conflict and that U.S. cyber teams have remained on alert for Iranian-linked activity against American networks as Washington pursues a diplomatic solution with Tehran.&lt;/p&gt;

&lt;p&gt;Since the war broke out Feb. 28, experts expected the conflict would greatly &lt;a href="https://www.defenseone.com/threats/2026/02/strikes-iran-will-test-us-cyber-strategy-abroad-and-defenses-home/411782/"&gt;test U.S. cyber defenses&lt;/a&gt;. What followed was a series of apparent Iran-linked cyber incidents, including an attack on &lt;a href="https://www.nextgov.com/cybersecurity/2026/03/cisa-launches-investigation-stryker-cyberattack/412079/"&gt;medical technology giant Stryker&lt;/a&gt;, the targeting of FBI Director Kash Patel&amp;rsquo;s &lt;a href="https://www.nextgov.com/cybersecurity/2026/03/pro-iran-hackers-claim-breach-fbi-directors-email/412440/"&gt;personal email account&lt;/a&gt; and various &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/pro-iran-hackers-are-targeting-us-industrial-control-systems-advisory-says/412679/"&gt;warnings&lt;/a&gt; from federal agencies about cyber intrusions on U.S. critical infrastructure.&lt;/p&gt;

&lt;p&gt;On June 11, the California Water Service said it was investigating claims that Iranian hackers breached its systems. An &lt;a href="https://www.dataminr.com/resources/intel-brief/cyber-intel-brief-handala-claims-breach-of-california-water-service/"&gt;assessment&lt;/a&gt; from Dataminr concluded that the group may have reached a customer billing database belonging to the utility. &lt;em&gt;Nextgov/FCW&lt;/em&gt; also obtained a screenshot that appeared to show a customer billing account receipt accessed by the hackers.&lt;/p&gt;

&lt;p&gt;A spokesperson said Tuesday that there are &amp;ldquo;no known operational disruptions&amp;rdquo; to water, wastewater and billing systems, and that it was working with state and federal government officials in its investigation.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The preliminary U.S.-Iran memorandum reached Sunday aims to halt nearly four months of fighting and set up a formal signing in Geneva later this week. But the agreement leaves major disputes unresolved, including regional flashpoints involving Israel and Hezbollah. It also appears to leave out mentions of cyber.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The Iranians have targeted U.S. assets with malicious cyber activity for the last 15 years with espionage and some prepositioning for disruptive attacks,&amp;rdquo; said Meredith Burkart, the FBI&amp;rsquo;s former chief of cyber policy. &amp;ldquo;Unless there has been a material change in their cyber workforce, or a cyber specific component of the deal was reached, I would expect such targeting to continue.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;I don&amp;rsquo;t know if these deals really ever include minimizing cyber activity,&amp;rdquo; another one of the current officials told &lt;em&gt;Nextgov/FCW&lt;/em&gt;. Certain targets may be deemed off limits, &amp;ldquo;but we&amp;rsquo;ve always seen activity&amp;rdquo; continue in the digital space, added the official.&lt;/p&gt;

&lt;p&gt;The deal also remains fragile, even on its central nuclear terms. CIA Director John Ratcliffe and others raised concerns about Iran&amp;rsquo;s willingness to make the nuclear concessions Washington wants in a final agreement, Axios &lt;a href="https://www.axios.com/2026/06/15/us-iran-deal-cia-director-ratcliffe"&gt;reported&lt;/a&gt; Tuesday.&lt;/p&gt;

&lt;p&gt;Tehran&amp;rsquo;s hackers have grown more organized, more coordinated and more willing to use artificial intelligence for influence operations in recent months &amp;mdash; and have demonstrated many of those capabilities since the war with Iran began, Israel&amp;rsquo;s top cyberdefense official &lt;a href="https://www.nextgov.com/cybersecurity/2026/05/irans-hackers-are-coordinating-more-closely-israels-top-cyberdefense-official-says/413792/"&gt;told &lt;em&gt;Nextgov/FCW&lt;/em&gt; last month&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The U.S. intelligence community &lt;a href="https://www.dni.gov/files/ODNI/documents/assessments/ATA-2026-Unclassified-Report.pdf"&gt;assessed&lt;/a&gt; this year that Iran and affiliated proxy groups remain a persistent cyber threat to American networks and critical infrastructure, and they intend to target the U.S. and its allies.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/17/061726TrumpNG/large.jpg" width="618" height="284"><media:description>U.S. President Donald Trump looks on during a bilateral meeting with Indian Prime Minister Narendra Modi during the G7 Summit on June 17, 2026 in Evian-les-Bains, France.</media:description><media:credit>Anna Moneymaker/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/17/061726TrumpNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Warner presses CISA on whether staff cuts weakened regional cyber support</title><link>https://www.nextgov.com/cybersecurity/2026/06/warner-presses-cisa-whether-staff-cuts-weakened-regional-cyber-support/414204/</link><description>The Senate Intelligence Committee’s top Democrat is asking the cyber agency for workforce charts, vacancy details and service data as state and local support comes under strain.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Tue, 16 Jun 2026 09:00:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/warner-presses-cisa-whether-staff-cuts-weakened-regional-cyber-support/414204/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Sen. Mark Warner, D-Va., is pressing the Cybersecurity and Infrastructure Security Agency for records on staffing levels and vacancies across its regional offices, warning that workforce cuts over the last year may have weakened the agency&amp;rsquo;s ability to support state and local governments facing cyber threats.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;In a Tuesday letter to acting CISA Director Nick Andersen that was first shared with &lt;em&gt;Nextgov/FCW&lt;/em&gt;, the vice chairman of the Senate Intelligence Committee asked the agency to provide both headquarters and regional organizational charts from January 2025, October 2025 and the present day, along with details on vacancies and explanations as to why employees left their posts.&lt;/p&gt;

&lt;p&gt;The letter also asks CISA for data going back to January 2023 on services provided to state and local governments, including how many requests the agency received and fulfilled, as well as how quickly it responded.&lt;/p&gt;

&lt;p&gt;The request comes after Warner introduced the Guaranteeing Universal Access to Cybersecurity Act &amp;mdash; legislation &lt;a href="https://www.nextgov.com/cybersecurity/2026/06/warner-unveils-bill-restore-cyber-information-sharing-program-funding/414010/"&gt;first reported&lt;/a&gt; by &lt;em&gt;Nextgov/FCW &lt;/em&gt;&amp;mdash; that would restore funding for the Multi-State Information Sharing and Analysis Center, or &lt;a href="https://www.cybersecuritydive.com/news/ms-isac-membership-loss-states-federal-funding-cut/821984/"&gt;MS-ISAC&lt;/a&gt;, a key cyber intelligence-sharing hub used by many state and local governments.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The Trump administration&amp;rsquo;s dramatic reduction of Cybersecurity &amp;amp; Infrastructure Security Agency (CISA) staff, defunding of the MS-ISAC, and cutting over $700 million in CISA&amp;rsquo;s proposed fiscal year 2027 budget demonstrates a dangerous underestimation of the threats facing our nation from adversaries and criminals who seek to destabilize our national security, economy, public health, and safety,&amp;rdquo; the senator wrote.&lt;/p&gt;

&lt;p&gt;CISA is working to hire around 330 employees in the coming months, Andersen said last week. The agency has lost a significant share of its workforce over the past year after the Trump administration moved to reduce and restructure the cyber shop through a mix of layoffs, early retirement offers, &lt;a href="https://www.nextgov.com/people/2025/10/hundreds-dhs-staff-face-reassignments-border-security-immigration/408707/"&gt;transfers&lt;/a&gt; and program cuts. Some 180 job offers are expected by the end of June.&lt;/p&gt;

&lt;p&gt;Warner said efforts to boost staffing are &amp;ldquo;welcome&amp;rdquo; but &amp;ldquo;they appear insufficient given the scale of threats facing our nation&amp;rsquo;s cybersecurity and critical infrastructure, particularly at the state level.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;His letter asks CISA to respond by June 26.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;CISA does not reply to congressional correspondence in the press and works directly with Congress to address their questions,&amp;rdquo; an agency spokesperson said.&amp;nbsp;&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The letter flags concerns from governors, mayors, state chief information officers and others about CISA&amp;rsquo;s ability to provide services. State and local officials, cybersecurity groups and former officials have &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/federal-drawdown-election-support-destroyed-ongoing-relationships-experts-say/413181/"&gt;repeatedly warned&lt;/a&gt; that reductions in federal support leave smaller governments more vulnerable to cyberattacks, especially with &lt;a href="https://www.nextgov.com/cybersecurity/2026/06/hackers-are-already-laying-groundwork-disrupt-2026-midterms-research-says/413874/"&gt;midterm elections&lt;/a&gt; coming in November.&lt;/p&gt;

&lt;p&gt;CISA has encouraged state and local governments to seek help from its regional teams, though half of the agency&amp;rsquo;s ten regional directors are serving in an acting capacity, the letter adds. One CISA regional website also &lt;a href="https://web.archive.org/web/20260615215905/https://www.cisa.gov/about/regions/region-2"&gt;appears to misspell&lt;/a&gt; the name of its acting director, Warner wrote, referring to the spelling of Region 2 Director Mohamed Telab, whose first name is written as &amp;ldquo;Mohammed.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;Cybersecurity has long drawn bipartisan support in Washington, but CISA has become a recurring target of GOP scrutiny over its past work countering election-related disinformation. Since last year, Trump administration officials have sought to &amp;ldquo;refocus&amp;rdquo; the agency&amp;rsquo;s mission, arguing that CISA had strayed too far from its core tasks.&lt;/p&gt;

&lt;p&gt;Last week, the House Appropriations Committee &lt;a href="https://appropriations.house.gov/sites/evo-subsites/republicans-appropriations.house.gov/files/evo-media-document/fy27-homeland-security-full-committee-bill-summary.pdf"&gt;approved&lt;/a&gt; some $2.35 billion for CISA in the coming 2027 fiscal year &amp;mdash; around $253 million below its fiscal 2026 level and about $135 million below the Trump administration&amp;rsquo;s &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/trump-proposes-cutting-cisa-election-security-program-fy27-budget/412672/"&gt;initial FY27 budget request&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Editor&amp;rsquo;s note: This story was updated to include a comment from CISA.&lt;/em&gt;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/15/GettyImages_2280418373/large.jpg" width="618" height="284"><media:description>Sen. Mark Warner, D-Va., talks with reporters on "the narrow passage of Republicans' $70 billion immigration enforcement bill signed into law by President Trump," in the U.S. Capitol on Thursday, June 11, 2026.</media:description><media:credit>Tom Williams/CQ-Roll Call, Inc via Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/15/GettyImages_2280418373/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>US seizes alleged China-linked sites targeting security clearance holders</title><link>https://www.nextgov.com/cybersecurity/2026/06/us-seizes-alleged-china-linked-sites-targeting-security-clearance-holders/414098/</link><description>Prosecutors said the domains posed as legitimate consulting companies to recruit current and former U.S. officials into sharing sensitive government information for payment.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Wed, 10 Jun 2026 15:15:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/us-seizes-alleged-china-linked-sites-targeting-security-clearance-holders/414098/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The FBI and Justice Department seized 13 websites allegedly used by Chinese intelligence operatives to target current and former U.S. officials and military personnel with access to classified government information.&lt;/p&gt;

&lt;p&gt;In a &lt;a href="https://www.justice.gov/opa/pr/justice-department-fbi-disable-13-websites-backed-suspected-chinese-agents-sought-sensitive"&gt;press release&lt;/a&gt;, the DOJ said the domains were designed to look like legitimate consulting firms and were used to advertise vague, well-paid consulting roles aimed at security clearance holders. The campaign, which allegedly began in November 2023, sought to entice Americans into producing research reports or sharing insider information on topics of interest to the Chinese government, according to court documents.&lt;/p&gt;

&lt;p&gt;The seized domains included sites associated with firm names like Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, SafeSec Group and others.&lt;/p&gt;

&lt;p&gt;The campaign relied on familiar job-market platforms and freelance sites to advertise positions such as &amp;ldquo;Senior Analyst&amp;rdquo; and &amp;ldquo;International Affairs Consultant.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The Justice Department said the operators used aliases, fake personas, stolen identities and artificial intelligence-generated photographs to make the companies appear credible. The alleged scheme also involved encrypted messaging apps, including Telegram, overseas payments, cryptocurrency and online payment accounts registered under false names, according to an affidavit filed in support of the seizure warrants.&lt;/p&gt;

&lt;p&gt;The takedowns mark the latest U.S. government effort to disrupt foreign intelligence schemes that blend online recruiting and financial incentives to reach Americans with access to sensitive national security information.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Waves of federal layoffs over the past year have pushed thousands of government employees and contractors into an uncertain job market. That disruption has &lt;a href="https://www.nextgov.com/people/2026/02/now-accepting-applications-classified-intel/411255/"&gt;created renewed collection opportunities&lt;/a&gt; for foreign intelligence services.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Nextgov/FCW&lt;/em&gt; &lt;a href="https://www.nextgov.com/people/2026/01/suspected-chinese-spies-targeted-former-state-official-venezuela-research/410943/"&gt;reported&lt;/a&gt; in January that a suspected Chinese intelligence outfit contacted a former senior State Department official late last year and offered payment for an assessment of U.S. policy priorities in Venezuela. The person who contacted the former official claimed to be affiliated with a sham consulting firm that had previously surfaced in research &lt;a href="https://www.nextgov.com/people/2026/02/now-accepting-applications-classified-intel/411255/"&gt;first reported&lt;/a&gt; by &lt;em&gt;Nextgov/FCW&lt;/em&gt; last September, that assessed the firm was part of a broader network of fake companies tied to China.&lt;/p&gt;

&lt;p&gt;The U.S. has sought to further publicize targeting efforts. In a rare public disclosure, Army Deputy Chief of Staff for Intelligence Lt. Gen. Anthony R. Hale &lt;a href="https://www.nextgov.com/defense/2025/11/foreign-spies-are-targeting-army-soldiers-civilians-and-families-official-warns/409751/?oref=ng-author-river"&gt;issued a memo&lt;/a&gt; in November warning that foreign adversaries are targeting soldiers, civilians and their families through fake companies and phony recruiters. The advisory was sent to more than a million personnel across the Army, and later to members of the media, marking an unusually direct acknowledgment of the threat.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/10/061026chinaNG/large.jpg" width="618" height="284"><media:credit>mathisworks/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/10/061026chinaNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>CISA directive revamps how agencies prioritize vulnerable systems</title><link>https://www.nextgov.com/cybersecurity/2026/06/cisa-directive-revamps-how-agencies-prioritize-vulnerable-systems/414096/</link><description>The move is part of CISA’s response “to the current threat landscape where AI software services can assist threat actors to find and exploit vulnerabilities,” the agency says.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Wed, 10 Jun 2026 14:28:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/cisa-directive-revamps-how-agencies-prioritize-vulnerable-systems/414096/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The Cybersecurity and Infrastructure Security Agency released a binding directive Wednesday requiring federal agencies to rethink how they prioritize vulnerability fixes across government networks.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk"&gt;directive&lt;/a&gt; sets remediation deadlines based on several factors, including whether a flaw is publicly exposed, already known to be exploited, automatable by attackers or capable of giving hackers control of an affected system.&lt;/p&gt;

&lt;p&gt;It establishes new timelines to patch security flaws, from three days for the highest-risk vulnerabilities to 60 days for lower-priority items. Some vulnerabilities that are not publicly exposed, not known to be exploited and not automatable by adversaries can be deferred until the affected system receives a scheduled major upgrade.&lt;/p&gt;

&lt;p&gt;The policy marks a significant shift in federal cyber management by pushing agencies to focus remediation resources on flaws that could be the most impactful if leveraged by hackers, rather than treating all vulnerabilities as equally urgent.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The move is also part of CISA&amp;rsquo;s response &amp;ldquo;to the current threat landscape where AI software services can assist threat actors to find and exploit vulnerabilities,&amp;rdquo; the agency says.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;CISA is leading and collaborating with federal civilian agencies to stay ahead of our adversaries as tactics, technologies and vulnerabilities change,&amp;rdquo; agency acting director Nick Andersen said in a statement. &amp;ldquo;While this directive is a mandate for federal agencies, CISA strongly encourages all partners to adopt similar actions in their vulnerability management policy.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The directive is an acknowledgment that agencies cannot protect every system equally through &lt;a href="https://www.nextgov.com/cybersecurity/2026/02/cisa-orders-agencies-patch-and-replace-end-life-devices-citing-active-exploitation/411227/"&gt;patch mandates&lt;/a&gt; and must instead focus their often limited resources on the vulnerabilities and networks whose compromise could cause the greatest damage. Federal agencies are a constant target for hackers because of the sensitive data often stored on their networks.&lt;/p&gt;

&lt;p&gt;In an initial analysis at one large civilian agency, CISA found that &amp;ldquo;only 1% of vulnerability instances fall into the three-day category,&amp;rdquo; while more than 60% could be deferred until the next system upgrade, according to a &lt;a href="https://www.cisa.gov/news-events/news/patch-smarter-not-harder"&gt;blog post&lt;/a&gt; by Chris Butera, the agency&amp;rsquo;s acting executive assistant director for cybersecurity, and Jonathan Spring, a senior technical adviser.&lt;/p&gt;

&lt;p&gt;In a call with reporters, Butera said that CISA has engaged with others in the government and that officials hope the move &amp;ldquo;will not require additional work&amp;rdquo; for agencies but help them better prioritize patching.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;We do believe the agencies should be able to meet the three-day deadline,&amp;rdquo; he said when asked whether the directive&amp;rsquo;s patching mandates are realistic. &amp;ldquo;Why we didn&amp;rsquo;t choose, for example, a 24-hour deadline, is because we think three days is a deadline that is both fast and agencies will be able to meet it.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The administration&amp;rsquo;s AI posture has evolved in recent months as officials grapple with cyber-focused models that can quickly surface weaknesses across computer networks.&lt;/p&gt;

&lt;p&gt;President Donald Trump recently signed an AI security executive order encouraging developers to submit powerful new models for a 30-day government review before public release. He also signed a separate memorandum aimed at accelerating the government&amp;rsquo;s use of advanced AI across the military and intelligence community.&lt;/p&gt;

&lt;p&gt;On Wednesday, Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., &lt;a href="https://www.nextgov.com/cybersecurity/2026/06/warner-proposes-overhaul-critical-infrastructure-cyber-plans-ai-threats-rise/414078/?oref=ng-homepage-river"&gt;introduced legislation&lt;/a&gt; requiring the CISA to update cybersecurity plans for each of the nation&amp;rsquo;s 16 critical infrastructure sectors, citing concerns that fast-evolving AI tools will accelerate threats to essential services, &lt;em&gt;Nextgov/FCW&lt;/em&gt; first reported.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/10/061026cyberNG/large.jpg" width="618" height="284"><media:credit>traffic_analyzer/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/10/061026cyberNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Warner proposes overhaul of critical infrastructure cyber plans as AI threats rise</title><link>https://www.nextgov.com/cybersecurity/2026/06/warner-proposes-overhaul-critical-infrastructure-cyber-plans-ai-threats-rise/414078/</link><description>The measure would require CISA to refresh long-outdated sector cybersecurity plans as lawmakers warn that advanced AI tools could accelerate the discovery and exploitation of software flaws.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Wed, 10 Jun 2026 09:00:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/warner-proposes-overhaul-critical-infrastructure-cyber-plans-ai-threats-rise/414078/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., is introducing legislation Wednesday requiring the Cybersecurity and Infrastructure Security Agency to update cybersecurity plans for each of the nation&amp;rsquo;s 16 &lt;a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors"&gt;critical infrastructure sectors&lt;/a&gt;, citing concerns that fast-evolving artificial intelligence tools will accelerate threats to essential services.&lt;/p&gt;

&lt;p&gt;The Combat Emerging Threats to Critical Infrastructure Act, first shared with &lt;em&gt;Nextgov/FCW&lt;/em&gt;, would direct CISA to work with federal sector risk management agencies to update sector-specific plans within one year of enactment. It would also require CISA to reassess those plans every two years, issue revised versions and send copies to Congress after completion.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;As AI continues to rapidly evolve, we must ensure our cybersecurity defenses keep up with the threats of the moment,&amp;rdquo; Warner said in a prepared statement. &amp;ldquo;It&amp;rsquo;s critical that government works closely with industry, regulators and cybersecurity experts to develop and regularly update the plans we need to protect our critical infrastructure from increasingly sophisticated malicious actors, including those enabled by AI.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The sector plans serve as the government&amp;rsquo;s basic playbook for managing cyber and physical risks across major parts of the economy.&lt;/p&gt;

&lt;p&gt;In 2024, &lt;a href="https://www.congress.gov/crs-product/IF12716"&gt;National Security Memorandum 22&lt;/a&gt; reaffirmed CISA&amp;rsquo;s role as the national coordinator for critical infrastructure security and resilience, and it called for sector-specific plans to be updated on a biennial basis. But that cadence hasn&amp;rsquo;t been consistently maintained, and some sector cybersecurity plans have not been updated in more than a decade, Warner&amp;rsquo;s office said.&lt;/p&gt;

&lt;p&gt;CISA did not immediately respond to a request for comment about the legislation.&lt;/p&gt;

&lt;p&gt;The measure comes as officials grapple with how advanced AI systems could reshape cyber defense and offense. Anthropic&amp;rsquo;s Claude Mythos, a powerful cybersecurity-focused AI model, has become a leading example in Washington of how such tools could change the threat landscape.&lt;/p&gt;

&lt;p&gt;The bill would also require the updated plans to account for threats like AI-enabled hacking and deepfakes. Another provision focused on financial services would require CISA to work with the Treasury Department on a process for assessing whether future quantum computers could undermine encryption used to protect digital assets.&lt;/p&gt;

&lt;p&gt;The legislation covers key sectors like energy, communications, transportation and the defense industrial base. CISA would have to send the updated plans to relevant congressional committees within 30 days of completing them.&lt;/p&gt;

&lt;p&gt;The measure is backed by the National Electrical Manufacturers Association.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Manufacturing is a critical pillar of America&amp;rsquo;s economy, and the electroindustry provides the essential technologies that every other critical infrastructure sector is built upon,&amp;rdquo; said Brian Papp, managing director of government relations at NEMA. &amp;ldquo;As cyber and supply chain threats continue to evolve, the Combat Emerging Threats to Critical Infrastructure Act will help ensure security plans remain current, strengthen operational resilience, and equip manufacturers to address emerging risks, protect critical operations, and bolster American competitiveness.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;CISA is expected to release a &lt;a href="https://www.nextgov.com/cybersecurity/2026/06/new-cisa-directive-would-reshape-how-agencies-prioritize-cyber-risk-official-says/414056/?oref=ng-author-river"&gt;binding operational directive&lt;/a&gt; Wednesday that would task agencies with rethinking how they manage risks to federal networks by prioritizing vulnerabilities that demand the most urgent attention, a shift informed in part by AI-enabled cyber threats.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/09/GettyImages_2267258486/large.jpg" width="618" height="284"><media:description>Vice Chairman of the Senate Intelligence Committee Sen. Mark Warner (D-VA) speaks to members of the media after participating in a hearing on worldwide threats in the Hart Senate Office Building on March 18, 2026 in Washington, DC. </media:description><media:credit>Kevin Dietsch/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/09/GettyImages_2267258486/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>New CISA directive would reshape how agencies prioritize cyber risk, official says</title><link>https://www.nextgov.com/cybersecurity/2026/06/new-cisa-directive-would-reshape-how-agencies-prioritize-cyber-risk-official-says/414056/</link><description>The forthcoming mandate aims to triage vulnerabilities by real-world consequences of a successful cyberattack, marking a major shift in how the government decides which cyber risks demand attention first.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Tue, 09 Jun 2026 12:51:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/new-cisa-directive-would-reshape-how-agencies-prioritize-cyber-risk-official-says/414056/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The Cybersecurity and Infrastructure Security Agency plans to release a binding directive on Wednesday that tasks the federal government with rethinking how it manages risks to its networks and prioritizing cyber vulnerabilities that demand the most urgency, agency acting director Nick Andersen said.&lt;/p&gt;

&lt;p&gt;The goal is to push agencies to focus less on the sheer number of known cyber vulnerabilities and more on the risks those flaws pose if they&amp;rsquo;re exploited by hackers, said Andersen, who added that the cyber community needs to &amp;ldquo;be okay with saying there are some systems that are less important than others.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;If we try to say that everything is equally as important, then absolutely nothing&amp;rsquo;s going to be important,&amp;rdquo; he told an audience of industry professionals at a Tuesday event held by cybersecurity firm Axonius.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;It&amp;rsquo;s going to be really hard for us, if one day we have to have those hard conversations with people about how we knew better and how we didn&amp;rsquo;t prioritize risk appropriately, how we didn&amp;rsquo;t make the hard choices,&amp;rdquo; he added.&lt;/p&gt;

&lt;p&gt;The remarks are an acknowledgment that agencies cannot protect every system equally through &lt;a href="https://www.nextgov.com/cybersecurity/2026/02/cisa-orders-agencies-patch-and-replace-end-life-devices-citing-active-exploitation/411227/"&gt;patch mandates&lt;/a&gt;, and must instead focus their often limited resources on the vulnerabilities and networks whose compromise could cause the greatest damage.&lt;/p&gt;

&lt;p&gt;Federal agencies are a &lt;a href="https://media.armis.com/rp-state-of-cyberwarfare-2026-us-federal-issue-en.pdf"&gt;constant target&lt;/a&gt; for hackers. For years, adversaries have compromised government systems for access to &lt;a href="https://www.nextgov.com/cybersecurity/2023/09/microsoft-links-outlook-hack-engineers-corporate-account/390068/"&gt;emails&lt;/a&gt;, &lt;a href="https://www.nextgov.com/cybersecurity/2025/09/widespread-breach-let-hackers-steal-employee-data-fema-and-cbp/408456/"&gt;employee records&lt;/a&gt; and other &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/suspected-chinese-breach-fbi-system-exposed-surveillance-targets-phone-numbers/412612/"&gt;sensitive data&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Government agencies also oversee industry sectors such as energy, healthcare, telecommunications and water, meaning their cyber staff must also weigh how disruptions could ripple across critical services.&lt;/p&gt;

&lt;p&gt;On the sidelines of the event, Andersen told reporters that artificial intelligence-backed cyber threats are one factor informing discussions around the directive, but he said CISA&amp;rsquo;s work on the AI ecosystem still predates the release of powerful systems such as Anthropic&amp;rsquo;s Mythos.&lt;/p&gt;

&lt;p&gt;The administration&amp;rsquo;s approach to AI has shifted in recent months as officials confront a new class of cyber-focused models that can rapidly identify vulnerabilities across computer networks, becoming a major driver of discussions over how advanced AI systems could reshape both defensive and offensive cyber operations.&lt;/p&gt;

&lt;p&gt;President Donald Trump recently signed an AI security &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/06/trump-signs-ai-executive-order-after-postponement-last-month/413912/"&gt;executive order&lt;/a&gt; that encourages developers to submit powerful new models to a 30-day government review before public release. On Friday, he &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/06/trump-memo-pushes-national-security-agencies-move-faster-ai/414031/?oref=ng-home-top-story"&gt;signed&lt;/a&gt; a memorandum aimed at speeding up government use of advanced AI across the military and intelligence community.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Is the [directive] a recognition that we&amp;rsquo;re in a different dynamic environment with a shorter timeline to weaponization and exploitation? Yeah, that&amp;rsquo;s certainly a part of it,&amp;rdquo; Andersen said. &amp;ldquo;But well before these last couple of months, this is a conversation that we were having about this ever-shrinking window we have for addressing vulnerabilities today.&amp;rdquo;&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;It&amp;rsquo;s too exceedingly easy for malicious cyber actors to be able to exploit [vulnerabilities] as soon as they&amp;rsquo;re published and be able to take advantage of the fact that a lot of people are just not as well-resourced as we would like, and they&amp;rsquo;re not as able to quickly have a continuous patch cycle to be able to address some of these devices,&amp;rdquo; he added.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/09/060926andersenNG/large.jpg" width="618" height="284"><media:credit>Roberto Schmidt/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/09/060926andersenNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>CISA unveils President’s Cup Cybersecurity Competition winners</title><link>https://www.nextgov.com/cybersecurity/2026/06/cisa-unveils-presidents-cup-cybersecurity-competition-winners/414055/</link><description>This year’s President’s Cup winners featured contestants from across the U.S. military branches.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Alexandra Kelley</dc:creator><pubDate>Tue, 09 Jun 2026 12:03:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/cisa-unveils-presidents-cup-cybersecurity-competition-winners/414055/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The Cybersecurity and Infrastructure Security Agency on Tuesday announced the winners of its 7th annual cybersecurity contest that brings federal employees together to test digital security strategies and responses.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The winners of the President&amp;rsquo;s Cup Cybersecurity Competition competed across three categories. For the Defense Track Champion, the &amp;ldquo;sheriffsparks&amp;rdquo; team from the U.S. Navy won, and the Offensive Track Champion winner was team &amp;ldquo;bdubya&amp;rdquo; from the U.S. Army.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The final winner&amp;nbsp;of the Teams Champion category is the U.S. Army and U.S. Marine Corps&amp;rsquo; &amp;ldquo;ENOENTHUSIASM&amp;rdquo; team.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The President&amp;rsquo;s Cup, &lt;a href="https://www.nextgov.com/cybersecurity/2020/08/presidents-cup-cybersecurity-competition-underway/167904/"&gt;an initiative established by President Donald Trump&lt;/a&gt; in an executive order during his first term in office, aims to test and harness the cybersecurity knowledge of federal workers across the government. Tasks in the challenge feature simulations of &amp;ldquo;high-stakes cyber operations requiring precision, resilience, and deep technical knowledge,&amp;rdquo; per the press release. Examples of scenarios include incident response, analyzing digital forensics, reverse engineering and threat hunting.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The President&amp;rsquo;s Cup features the best cybersecurity talent the U.S. government has to offer,&amp;rdquo; said CISA Acting Director Nick Andersen in the press release. &amp;ldquo;These champions rose above an elite field, securing victory through sharp analysis, decisive action, and advanced cyber tradecraft. We congratulate this year&amp;rsquo;s winners and thank everyone who participated in the seventh annual President&amp;rsquo;s Cup.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The President&amp;rsquo;s Cup began in January, with finalists competing to the end of May. CISA said that over 800 individuals and 200 teams entered to compete in the 2026 Cup.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;While the competition aims to reward and highlight cybersecurity talent and promote cybersecurity education within the federal workforce, it also aims to bring levity and fun to digital defense and government work.&lt;/p&gt;

&lt;p&gt;Michael Harpin, the cyber training branch chief at CISA, &lt;a href="https://www.nextgov.com/cybersecurity/2024/01/feds-compete-cyber-glory-fifth-annual-presidents-cup/393490/"&gt;told &lt;em&gt;Nextgov/FCW&lt;/em&gt; in 2024&lt;/a&gt; that the President&amp;rsquo;s Cup isn&amp;rsquo;t meant to simply be an extension of daily work.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;We do want to have some fun with the participants and not to make it too regimented,&amp;rdquo; Harpin said. &amp;ldquo;But we do also want to focus that these are real-life skills and tasks that they would have to do within a cybersecurity workforce.&amp;rdquo;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/09/060926cyberNG/large.jpg" width="618" height="284"><media:credit>atakan/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/09/060926cyberNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Warner unveils bill to restore cyber information-sharing program funding</title><link>https://www.nextgov.com/cybersecurity/2026/06/warner-unveils-bill-restore-cyber-information-sharing-program-funding/414010/</link><description>The top Democrat on the Senate Intelligence Committee also sent letters to DHS Secretary Markwayne Mullin and to every governor urging them to support state and local cyberdefense.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Fri, 05 Jun 2026 16:02:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/warner-unveils-bill-restore-cyber-information-sharing-program-funding/414010/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Sen. Mark Warner, D-Va., is introducing legislation to permanently fund a cybersecurity information-sharing program used by thousands of state, local, tribal and territorial governments, after the Trump administration ended federal support for the effort last year.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://www.warner.senate.gov/wp-content/uploads/2026/06/MRW_Guaranteeing-Universal-Access-to-Cybersecurity-Act_06-04-26.pdf"&gt;measure&lt;/a&gt; would require the Cybersecurity and Infrastructure Security Agency to provide funding for the Multi-State Information Sharing and Analysis Center, or MS-ISAC, a nonprofit-run program that offers services like threat intelligence and incident response assistance to roughly 19,000 government entities nationwide.&lt;/p&gt;

&lt;p&gt;Under former Homeland Security Secretary Kristi Noem, DHS &lt;a href="https://www.route-fifty.com/cybersecurity/2025/10/federal-funding-runs-out-cyber-info-sharing-center/408612/"&gt;terminated CISA&amp;rsquo;s funding agreement&lt;/a&gt; with the Center for Internet Security, which operates MS-ISAC, and barred certain federal grant funds from being used for membership fees. Critics argued the move weakened a key mechanism for sharing cyber threat information with smaller governments that often lack dedicated cybersecurity resources.&lt;/p&gt;

&lt;p&gt;Warner&amp;rsquo;s legislation would direct CISA to enter into a new agreement with the Center for Internet Security to provide cybersecurity services and threat intelligence at no cost to state, local, tribal and territorial entities. It would also authorize $50 million annually beginning in fiscal year 2027 and require the cyberdefense agency to report to Congress on its efforts to restore and expand participation.&lt;/p&gt;

&lt;p&gt;In a letter sent Thursday to Homeland Security Secretary Markwayne Mullin, Warner urged the department to restore support for the program and reverse broader cuts to CISA. The senator argued that eliminating MS-ISAC funding left communities with fewer resources to detect and respond to cyber threats and more vulnerable to attacks.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;This is too important to let politics get in the way. I will stand alongside anyone committed to ensuring that when our adversaries test our critical infrastructure, it holds fast,&amp;rdquo; Warner wrote to Mullin. &amp;ldquo;I want to work with you to achieve that end and ask that you reach out to me directly to coordinate &amp;mdash; because the question is not whether our critical infrastructure will be targeted, but whether we will be ready when it is.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;John Gilligan, president and CEO of the Center for Internet Security, did not directly address the bill but told &lt;em&gt;Nextgov/FCW&lt;/em&gt; in a statement that MS-ISAC has supported cyber stakeholders for more than two decades and has received congressional funding for at least 20 years.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;In fiscal year 2025, the appropriated funding was $27 million,&amp;rdquo; he said.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The Cybersecurity and Infrastructure Security Agency (CISA) communicates with our state and local partners regularly and provides them with timely threat intelligence, expertise, no-cost tools and resources these partners need to defend against risks. This includes working with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to share cybersecurity information and guidance. State and local governments seeking assistance are encouraged to contact our CISA regional teams who can help assess risk, strengthen defenses, enhance resilience, and respond immediately to incidents,&amp;quot; said&amp;nbsp;CISA Chief External Affairs Officer Christine Serrano Glassner in a statement.&lt;/p&gt;

&lt;p&gt;DHS did not immediately respond to a request for comment.&lt;/p&gt;

&lt;p&gt;Warner also sent separate letters to governors nationwide warning that states may need to take a more active role in defending critical infrastructure as cyber threats grow and federal cybersecurity programs face continued uncertainty. He encouraged them to conduct infrastructure audits, expand participation in regional threat-sharing organizations and identify under-resourced operators that need cyber assistance.&lt;/p&gt;

&lt;p&gt;The effort comes as some lawmakers continue to scrutinize staffing reductions, budget cuts and program eliminations at CISA. State and local officials, cybersecurity groups and former officials have &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/federal-drawdown-election-support-destroyed-ongoing-relationships-experts-say/413181/"&gt;repeatedly warned&lt;/a&gt; that reducing federal support leaves smaller governments more vulnerable to ransomware and other cyberattacks, especially with &lt;a href="https://www.nextgov.com/cybersecurity/2026/06/hackers-are-already-laying-groundwork-disrupt-2026-midterms-research-says/413874/"&gt;midterm elections&lt;/a&gt; coming in November.&lt;/p&gt;

&lt;p&gt;MS-ISAC was established in 2003 and has long served as one of the core hubs for cyber threat information sharing between federal agencies and state and local governments. Smaller jurisdictions often lean on the center for services they can&amp;rsquo;t afford to finance on their own.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Editor&amp;#39;s note: This article has been updated to include comment from CISA.&lt;/em&gt;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/05/060526WarnerNG/large.jpg" width="618" height="284"><media:description>Sen. Mark Warner (D-VA) questions U.S. Treasury Secretary Scott Bessent as he testifies during a Senate Committee on Finance hearing in the Dirksen Senate Office Building on Capitol Hill on June 03, 2026.</media:description><media:credit>Chip Somodevilla/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/05/060526WarnerNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>New coalition will enter legal debate over industry’s role in government cyber missions</title><link>https://www.nextgov.com/cybersecurity/2026/06/new-coalition-will-enter-legal-debate-over-industrys-role-government-cyber-missions/413985/</link><description>Its formation occurs amid a broader discussion over whether existing laws are suited for cyber activities that increasingly depend on cooperation between the government and private sector.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Thu, 04 Jun 2026 17:45:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/new-coalition-will-enter-legal-debate-over-industrys-role-government-cyber-missions/413985/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;A new Washington initiative seeks to shape policy debates over how the government and private sector collaborate on cyber operations, a conversation that will inevitably raise complex questions about the legal authorities governing industry&amp;rsquo;s role, participants say.&lt;/p&gt;

&lt;p&gt;Venable&amp;rsquo;s Center for Cybersecurity Policy and Law launched the Cyber Operations Policy Coalition this week, seeking to be a &amp;ldquo;trusted forum for collaboration among industry, government, legal experts, academia, and civil society to help develop policy frameworks for collective cyber defense,&amp;rdquo; according to its &lt;a href="https://www.centerforcybersecuritypolicy.org/initiatives/cyber-operations-policy-coalition"&gt;mission statement&lt;/a&gt;.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;At a launch event Wednesday, current and former officials concurred that stakeholders will need to confront unresolved questions about legal authorities, liability and the rules of the road for companies before deeper public‑private cyber operations can truly scale.&lt;/p&gt;

&lt;p&gt;Legal expertise will be &amp;ldquo;key to the success&amp;rdquo; of integrating industry and government more closely, Katie Sutton, assistant secretary of defense for cyber policy and the principal cyber advisor to the defense secretary,&amp;nbsp;said in a discussion held at the event.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;We talk about authorities &amp;mdash; everything is under what authorities do I have, what authorities does Cyber Command have, under what authorities is this operation happening? [There are] a lot of well-defined authorities from a government perspective. Industry actually has quite a few authorities that they can bring to bear too, because they run this domain,&amp;rdquo; Sutton added.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;We can&amp;rsquo;t be in a model &amp;hellip; asking permission every time a certain step is going to be taken. That&amp;rsquo;s going to require a lot of the unsexy work we heard about the legal and policy foundations, the understanding of liability and everything that surrounds that,&amp;rdquo; said Tonya Ugoretz, who heads PwC&amp;rsquo;s Cyber &amp;amp; Risk Innovation Institute and previously served in senior roles at the FBI and the Office of the Director of National Intelligence.&lt;/p&gt;

&lt;p&gt;Unlike traditional military domains, cyber conflict often runs through privately owned networks, forcing the government to rely on companies that may be both targets of foreign activity and essential partners in &lt;a href="https://www.nextgov.com/cybersecurity/2026/03/google-launches-threat-disruption-unit-stops-short-calling-it-offensive/412321/"&gt;responding&lt;/a&gt; to it.&lt;/p&gt;

&lt;p&gt;The U.S. has sought to integrate cyber activity into military operations, lending the debate urgency as the White House more openly discusses offensive cyber operations and as private companies are &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/us-push-counter-hackers-draws-industry-deeper-offensive-cyber-debate/412770/"&gt;drawn deeper&lt;/a&gt; into the market for cyber tools. The advent of advanced &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/06/trump-signs-ai-executive-order-after-postponement-last-month/413912/"&gt;cyber-focused frontier AI models&lt;/a&gt; has also contributed to the discussions.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;As part of its emerging counter-advanced persistent threat&amp;nbsp;planning with major providers, the Joint Cyber Defense Collaborative &amp;mdash; a Cybersecurity and Infrastructure Security Agency-led body for coordinating public and private sector cyberdefense &amp;mdash; is beginning to explicitly map out both defensive playbooks and potential offensive-leaning moves that might be on the table in a geopolitical crisis, according to Matt Springer, the JCDC deputy assistant director.&lt;/p&gt;

&lt;p&gt;That would also raise fresh questions about legal risk and authorities for companies that own and operate infrastructure. &amp;ldquo;We have some potential cyber offensive options that could be taken theoretically by partners in those scenarios,&amp;rdquo; he said at the launch event. &amp;ldquo;This will get into some of the policy questions I know we wanted to touch on. That&amp;rsquo;s a dicey area.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The discussions highlight how cybersecurity is becoming a more central arena for national security law, as officials and industry leaders examine whether existing legal frameworks are sufficient for operations that frequently require closer coordination between the government and private firms.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;In the last year, top national officials have &lt;a href="https://www.nextgov.com/cybersecurity/2026/03/how-cyber-command-contributed-operation-epic-fury-against-iran/411818/"&gt;sought to highlight&lt;/a&gt; the role of cyber operations in their recent military achievements. A new &lt;a href="https://www.nextgov.com/cybersecurity/2026/05/cyber-force-service-branch-proposal/413867/?oref=ng-category-lander-featured-river"&gt;cyber service branch&lt;/a&gt; is also being weighed in the must-pass annual defense bill.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/04/060426cybercoalitionNG/large.jpg" width="618" height="284"><media:credit>Issarawat Tattong/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/04/060426cybercoalitionNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>NSA taps three officials for top cybersecurity positions</title><link>https://www.nextgov.com/cybersecurity/2026/06/nsa-taps-three-officials-top-cybersecurity-positions/413899/</link><description>David Imbordino and Holly Baroody will take leadership roles in the agency’s Cybersecurity Directorate, while Bruce Jones will head its Cybersecurity Collaboration Center.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Mon, 01 Jun 2026 18:22:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/nsa-taps-three-officials-top-cybersecurity-positions/413899/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;The National Security Agency has internally named a trio of appointments focused on the spy agency&amp;rsquo;s cyber operations.&lt;/p&gt;

&lt;p&gt;David Imbordino, who has overseen the NSA&amp;rsquo;s Cybersecurity Directorate in an acting capacity in recent months, has been tapped to lead the office permanently, according to two former senior national security officials familiar with the selections.&lt;/p&gt;

&lt;p&gt;Holly Baroody &amp;mdash; a senior United Kingdom-based NSA official and a former civilian lead in U.S. Cyber Command &amp;mdash; will serve as Imbordino&amp;rsquo;s deputy, the second former official said. Imbordino and Baroody have served as acting officials in their respective roles since around January.&lt;/p&gt;

&lt;p&gt;Created in 2019, the cyber directorate combines the agency&amp;rsquo;s intelligence-gathering and digital defense expertise to help protect U.S. government networks, military systems and contractors from hacking threats.&lt;/p&gt;

&lt;p&gt;The second former official also said that Bruce Jones, a longtime agency leader with experience in both technical and operational roles, will head the NSA&amp;rsquo;s Cybersecurity Collaboration Center, a hub used to share cyber threat intelligence between the government and the private sector.&lt;/p&gt;

&lt;p&gt;Both former officials requested anonymity to communicate their knowledge of the positions.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Nextgov/FCW&lt;/em&gt; has asked the NSA for comment. The Record &lt;a href="https://therecord.media/nsa-selects-new-leads-for-cyber-posts"&gt;first reported&lt;/a&gt; the selections.&lt;/p&gt;

&lt;p&gt;For the last year, the signals intelligence and foreign eavesdropping giant has grappled with leadership vacuums and significant &lt;a href="https://www.nextgov.com/people/2025/11/leadership-vacuum-and-staff-cuts-threaten-nsa-morale-operational-strength/409285/"&gt;morale decline&lt;/a&gt; as the Trump administration has sought to &lt;a href="https://www.nextgov.com/people/2025/12/nsa-has-met-2000-person-workforce-reduction-goal-people-familiar-say/409868/"&gt;taper its workforce&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Gen. Josh Rudd was &lt;a href="https://www.nextgov.com/people/2026/03/senate-confirms-josh-rudd-lead-nsa-and-cyber-command/412015/"&gt;confirmed&lt;/a&gt; in March to lead Cyber Command and the NSA in a dual-hatted manner, with Tim Kosiba joining the spy agency&amp;nbsp;soon after to serve as its deputy director.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The NSA has sought to &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/05/anticipated-executive-order-could-give-nsa-role-voluntary-ai-model-testing/413663/"&gt;take a role&lt;/a&gt; in artificial intelligence policy developments, amid the recent emergence of advanced cyber-focused AI models that, in the wrong hands, could help foreign adversaries and criminal hackers more easily penetrate U.S. computer networks.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;The New York Times&lt;/em&gt; &lt;a href="https://www.nytimes.com/2026/05/22/us/politics/spy-agencies-ai-chips-shortage.html"&gt;reported&lt;/a&gt; last month that the White House approved some $9 billion for spy agencies like NSA to accelerate AI adoption, though shortages of advanced computing chips have constrained the use of state-of-the-art AI models on their classified systems.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/06/01/GettyImages_918218262/large.jpg" width="618" height="284"><media:description>A sign for the National Security Agency (NSA), US Cyber Command and Central Security Service, is seen near the visitor's entrance to the headquarters of the National Security Agency (NSA) in Fort Meade, Maryland, February 14, 2018. </media:description><media:credit>SAUL LOEB/AFP via Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/06/01/GettyImages_918218262/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Hackers are already laying groundwork to disrupt the 2026 midterms, research says</title><link>https://www.nextgov.com/cybersecurity/2026/06/hackers-are-already-laying-groundwork-disrupt-2026-midterms-research-says/413874/</link><description>The report from cybersecurity firm Check Point lands as the Trump administration pushes new voting rules and intelligence officials face questions about how they are handling foreign election threats.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Mon, 01 Jun 2026 06:00:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/06/hackers-are-already-laying-groundwork-disrupt-2026-midterms-research-says/413874/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Hackers are already preparing for the 2026 midterms, with a new report warning that campaigns, fundraising platforms, public websites and local governments could face a wave of phishing, credential theft, artificial intelligence-generated deception and foreign influence activity.&lt;/p&gt;

&lt;p&gt;The findings, produced by cybersecurity firm Check Point, do not point to voting machines as the most likely near-term target, but instead warn that attackers are more likely to exploit infrastructure around elections &amp;mdash; like campaign accounts and fundraising platforms &amp;mdash; to steal credentials, impersonate trusted organizations, disrupt public information or fuel doubts about the nation&amp;rsquo;s electoral process.&lt;/p&gt;

&lt;p&gt;The conclusions come as the Trump administration has pursued a more aggressive role in election administration, including through a March &lt;a href="https://www.nextgov.com/digital-government/2026/03/trump-signs-executive-order-setting-rules-mail-voting-and-eligibility-lists/412539/"&gt;executive order&lt;/a&gt; aimed at tightening rules around mail-in voting and voter eligibility. The U.S. Postal Service has also &lt;a href="https://www.reuters.com/world/us-postal-service-seeks-require-states-submit-lists-voters-2026-05-29/"&gt;proposed a rule&lt;/a&gt; that would require states to submit lists of voters receiving mail ballots.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The report also comes amid &lt;a href="https://www.nextgov.com/people/2026/02/gabbards-expanded-role-election-security-draws-scrutiny/411295/"&gt;scrutiny&lt;/a&gt; of the intelligence community&amp;rsquo;s posture toward election threats under &lt;a href="https://www.nextgov.com/people/2026/05/gabbard-resign-director-national-intelligence-citing-husbands-health/413731/"&gt;outgoing&lt;/a&gt; Director of National Intelligence Tulsi Gabbard. ODNI recently &lt;a href="https://www.nextgov.com/defense/2026/05/odni-assigns-two-officials-lead-intelligence-coordination-election-threats/413567/"&gt;named two officials&lt;/a&gt; to coordinate the intelligence community&amp;rsquo;s election-threat mission for the 2026 cycle.&lt;/p&gt;

&lt;p&gt;The firm does not address the administration directly. The assessment is notable, however, because it points to AI and digital threats as more immediate election security concerns, rather than the voting-procedure issues that have dominated talking points from the White House.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Overall, the most significant 2026 risks center on the trusted accounts, platforms, services, and information channels that election-related organizations rely on to operate and maintain public trust, with election-adjacent systems presenting the more immediate source of operational exposure,&amp;rdquo; the report says.&lt;/p&gt;

&lt;p&gt;Check Point also said it observed sustained election-related infrastructure creation in early 2026, including new websites containing terms such as &amp;ldquo;election&amp;rdquo; and &amp;ldquo;vote.&amp;rdquo;&amp;nbsp;&lt;/p&gt;

&lt;p&gt;In January, the firm identified roughly 1,300 newly registered domains containing the keyword &amp;ldquo;election&amp;rdquo; and nearly 3,000 containing &amp;ldquo;vote.&amp;rdquo; Between April 13 and May 14, it identified about 1,140 newly registered domains containing &amp;ldquo;election&amp;rdquo; and roughly 4,000 containing &amp;ldquo;vote.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The company cautioned that those registrations do not prove malicious activity on their own, but they expand the pool of web infrastructure that could later be used for phishing, fake donation pages, impersonation or misinformation campaigns.&lt;/p&gt;

&lt;p&gt;Check Point also found exposed credentials tied to some of the most widely used political and government platforms, including roughly 9,500 linked to ActBlue, the Democratic fundraising platform, and 6,500 linked to WinRed, its Republican counterpart.&amp;nbsp;The exposed credentials are not part of a breach of these platforms, but were exposed from compromises of user data through other means.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The firm also observed smaller volumes tied to gop.com and democrats.org, the national party websites, as well as usa.gov, the federal government&amp;rsquo;s public services portal.&lt;/p&gt;

&lt;p&gt;The company identified Russia, Iran and China as the principal state actors to monitor. AI is expected to make their &lt;a href="https://www.nextgov.com/digital-government/2024/09/russias-influence-operations-aim-tip-us-election-favor-donald-trump-intel-official-says/399350/"&gt;influence operations&lt;/a&gt; easier to scale, and could be used to create more convincing phishing lures, cloned audio, manipulated images and deepfake videos.&lt;/p&gt;

&lt;p&gt;Local governments may be especially exposed because they often operate with fewer resources, older technology and smaller security teams. Check Point cited recent ransomware incidents affecting &lt;a href="https://www.winonapost.com/news/winona-county-restores-systems-following-2nd-cyberattack/article_bac4f182-e39c-4019-85cf-f67dd6db36e1.html"&gt;Winona County, Minnesota&lt;/a&gt;, and &lt;a href="https://abc7news.com/post/foster-city-ransomware-attack-raises-big-questions-rsac-conference-addresses/18766639/"&gt;Foster City, California&lt;/a&gt;, as examples of how municipal cyberattacks can disrupt public services and erode trust in government systems.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Even when election operations are not directly affected, disruption at the local government level can still create confusion, delay public communications, and undermine confidence during politically sensitive periods,&amp;rdquo; the report says.&lt;/p&gt;

&lt;p&gt;The findings also come as the Cybersecurity and Infrastructure Security Agency&amp;rsquo;s election security role faces new uncertainty. The Trump administration&amp;rsquo;s fiscal 2027 budget proposal would &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/trump-proposes-cutting-cisa-election-security-program-fy27-budget/412672/"&gt;eliminate&lt;/a&gt; the agency&amp;rsquo;s election security program, including funds for information-sharing support to state and local officials and dedicated election security advisors.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Efforts under the Trump administration to scale back CISA and its election resources have strained relationships with state and local officials and have raised concerns that jurisdictions may be far less prepared to counter threats in November, officials in Michigan and Georgia &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/federal-drawdown-election-support-destroyed-ongoing-relationships-experts-say/413181/"&gt;said late last month&lt;/a&gt;. Sen. Mark Warner, D-Va., the vice chairman of the Senate Intelligence Committee, has also &lt;a href="https://www.nextgov.com/cybersecurity/2026/05/senator-warns-cisa-election-security-pullback-could-leave-midterms-vulnerable/413378/"&gt;pressed DHS&lt;/a&gt; over reports that CISA is no longer providing the same election security training and resources it offered in prior years.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Editor&amp;#39;s note: This article has been updated to better clarify how the ActBlue credentials were exposed.&lt;/em&gt;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/05/31/GettyImages_2182438565/large.jpg" width="618" height="284"><media:description> Detroit voters at the polls inside Central United Methodist Church on November 5, 2024 in downtown Detroit, Michigan.</media:description><media:credit>Sarah Rice/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/05/31/GettyImages_2182438565/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Cyber Force? Senator pushes to create service branch under the Army</title><link>https://www.nextgov.com/cybersecurity/2026/05/cyber-force-service-branch-proposal/413867/</link><description>Ideas for a cyber service have been floated before. Some experts argue now is the right time.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Thomas Novelly</dc:creator><pubDate>Fri, 29 May 2026 16:59:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/05/cyber-force-service-branch-proposal/413867/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;A new cyber-focused military service branch would sit under the Army if one senator&amp;rsquo;s proposal comes to fruition.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Sen. Kirsten Gillibrand, D-N.Y., is spearheading a &lt;a href="https://www.congress.gov/crs-product/IF10515"&gt;markup amendment&lt;/a&gt; to the Senate&amp;rsquo;s 2027 National Defense Authorization Act that would create a &amp;ldquo;Cyber Force&amp;rdquo; as the next armed service branch. The senator&amp;rsquo;s office confirmed that the amendment proposes to establish the branch under the Army, just as the Space Force and Marine Corps sit under the Air Force and Navy.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Similar provisions are reportedly being floated in the House, according to two people familiar with policy discussions. Earlier this year,&amp;nbsp; Rep. Pat Fallon, R-Texas, told the Center For Strategic and International Studies that a &amp;ldquo;Cyber Force is inevitable&amp;rdquo; and &amp;ldquo;we&amp;rsquo;re going to get this done.&amp;rdquo; A Fallon spokesperson did not respond to multiple requests for comment on Friday asking about a potential amendment.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;New and escalating cyber threats on the battlefield demand a change to our current approach. The status quo and years of incremental changes are not meeting the current threat and are insufficient as that threat grows,&amp;rdquo; Gillibrand told &lt;em&gt;Defense One&lt;/em&gt; in an emailed statement.&amp;nbsp; &amp;ldquo;I believe, and many experts agree, that the creation of a dedicated Cyber Force will ensure the United States is ready to fight and win on the modern battlefield and protect our national security.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The proposed amendment marks the latest push in a years-long effort. Gillibrand and House lawmakers have &lt;a href="https://luttrell.house.gov/media/press-releases/icymi-luttrell-discusses-cyber-force-measure"&gt;backed&lt;/a&gt; the idea &lt;a href="https://www.armed-services.senate.gov/imo/media/doc/fy24_ndaa_conference_report.pdf"&gt;before&lt;/a&gt;. In the 2025 National Defense Authorization Act, lawmakers &lt;a href="https://www.nationalacademies.org/projects/DEPS-CSTB-25-02"&gt;commissioned&lt;/a&gt; the National Academies of Sciences, Engineering, and Medicine to study &amp;ldquo;alternative organizational models for the cyber forces of the Armed Forces.&amp;rdquo; Those findings have not been released. Details from the amendments showing what a Cyber Force might look like are not yet public, but think tanks and national security experts have already been pitching their own force designs.&lt;/p&gt;

&lt;p&gt;A 2024 Foundation for Defense of Democracies &lt;a href="https://www.fdd.org/analysis/2024/03/25/united-states-cyber-force/"&gt;report&lt;/a&gt; concluded that a Cyber Force could sit under the Army, muster about 10,000 personnel, and need a budget of around $16.5 billion. In August 2025, the FDD and the Center for Strategic and International Studies announced a &lt;a href="https://www.csis.org/news/csis-launches-commission-cyber-force-generation"&gt;commission&lt;/a&gt; on Cyber Force Generation. A report from those think tanks is &lt;a href="https://www.csis.org/events/building-americas-cyber-force-findings-commission-cyber-force-generation"&gt;scheduled&lt;/a&gt; to be released next month.&lt;/p&gt;

&lt;p&gt;One former military official said there would be strengths to a cyber-focused service, but putting it under the Army is a bad idea. They argued that cyber would remain a secondary priority amid the branch&amp;rsquo;s many missions.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The Army is the largest service by far,&amp;rdquo; the former official said. &amp;ldquo;Manpower-wise, it&amp;#39;s like half the department, and it&amp;#39;s like, &amp;lsquo;we&amp;#39;ll put it under because it&amp;#39;ll be easy for the Army to just put in another force.&amp;rsquo; It&amp;#39;s already hard enough to run the Army as it is.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;Mark Montgomery, a retired Navy rear admiral and an FDD senior fellow who advocates for a Cyber Force, argued that this year is an ideal time to create a new service.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Timing-wise, you need to do this in the beginning or middle of an administration, not at the end of an administration,&amp;rdquo; Montgomery said.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The proposed amendment would need to survive multiple Senate and House edits to make the final compromise NDAA.&lt;/p&gt;

&lt;p&gt;It&amp;rsquo;s not clear if the Trump administration would support the latest bipartisan push. Last year, the Pentagon rolled out &lt;a href="https://www.war.gov/News/Releases/Release/Article/4330204/department-of-war-establishes-cybercom-20-revised-cyber-force-generation-model/"&gt;CYBERCOM 2.0&lt;/a&gt;, a series of policy changes aimed at beefing up the recruiting, training, and missions of the existing U.S. Cyber Command.&lt;/p&gt;

&lt;p&gt;Katie Sutton, the assistant defense secretary for cyber policy and principal cyber advisor to Defense Secretary Pete Hegseth, defended the Cyber Command reforms during a January Senate hearing, and said a renewed command and a new service could co-exist.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;I think this is a really important debate for us all to be having about the future of the cyber warfighting domain,&amp;rdquo; Sutton &lt;a href="https://www.armed-services.senate.gov/imo/media/doc/1282026cybersecuritysubcommitteetranscript.pdf"&gt;told&lt;/a&gt; the Senate Armed Services Committee in January. &amp;ldquo;I do think one of the most common misconceptions about Cyber Command is that it is a debate between Cyber Command 2.0 and a cyber force, and they are actually separate debates that I believe both need to be had, and we need to look closely at the pros and cons of both.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;Advocates for a separate and independent cyber-focused service branch say it aligns with the Trump administration&amp;rsquo;s calls for &amp;ldquo;offensive cyber operations against those planning to kill Americans,&amp;rdquo; the White House&amp;rsquo;s new &lt;a href="https://www.whitehouse.gov/wp-content/uploads/2026/05/2026-USCT-Strategy-1.pdf"&gt;counterterrorism strategy&lt;/a&gt; said. It also comes as President Donald Trump and Gen. Dan Caine, the Joint Chiefs chairman, acknowledged the growing role of cyber effects in U.S. military operations in &lt;a href="https://www.nextgov.com/cybersecurity/2026/03/how-cyber-command-contributed-operation-epic-fury-against-iran/411818/"&gt;Iran&lt;/a&gt; and &lt;a href="https://www.defenseone.com/threats/2026/01/us-spy-agencies-contributed-operation-captured-maduro/410437/"&gt;Venezuela&lt;/a&gt;, &lt;em&gt;Defense One&lt;/em&gt; and sister publication &lt;em&gt;NextGov/FCW&lt;/em&gt; have previously reported.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;The president says, &amp;lsquo;We&amp;#39;ve got to be more offensive&amp;rsquo; but then you got to better generate forces to be offensive, and we don&amp;#39;t generate enough forces to do both offensive cyber and defensive cyber operations,&amp;rdquo; Montgomery said. &amp;ldquo;A cyber force is clearly necessary.&amp;rdquo;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/05/29/gillibrand_GettyImages_2273284357-2/large.jpg" width="618" height="284"><media:description>Sen. Kirsten Gillibrand, D-NY, during a Senate Armed Services Committee hearing on April 30, 2026 in the Dirksen Senate Office Building in Washington, D.C. </media:description><media:credit> Graeme Sloan/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/05/29/gillibrand_GettyImages_2273284357-2/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Commercial location data is being used to target US servicemembers, lawmakers warn</title><link>https://www.nextgov.com/cybersecurity/2026/05/commercial-location-data-being-used-target-us-servicemembers-lawmakers-warn/413851/</link><description>U.S. Central Command said it “has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.”</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Edward Graham</dc:creator><pubDate>Fri, 29 May 2026 13:10:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/05/commercial-location-data-being-used-target-us-servicemembers-lawmakers-warn/413851/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Foreign adversaries have used commercially available data from U.S. servicemembers to target their locations in active war zones, a bipartisan group of lawmakers revealed Thursday.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;In a &lt;a href="https://www.wyden.senate.gov/imo/media/doc/wyden_led_letter_to_dod_cio_kirsten_adavies.pdf"&gt;letter&lt;/a&gt; to Department of Defense Chief Information Officer Kirsten Davies, fourteen members of Congress &amp;mdash; led by Sen. Ron Wyden, D-Ore., and Rep. Pat Harrigan, R-N.C. &amp;mdash; warned that the Pentagon &amp;ldquo;has not taken basic steps to protect U.S. military personnel from the serious counterintelligence and force protection threat posed by the collection and sale of personal information, including cell phone location data, by data brokers.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;Reuters first &lt;a href="https://www.reuters.com/business/media-telecom/pentagon-says-us-military-personnel-are-reportedly-being-targeted-using-location-2026-05-28/"&gt;reported&lt;/a&gt; the news.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;According to unclassified written responses that the lawmakers shared with their letter, U.S. Central Command revealed last month that it &amp;ldquo;has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;This type of data can be acquired from legitimate data brokers for a nominal fee and then used to track the locations of groups of individuals, particularly those who follow set routines or are based in remote areas.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;That foreign adversaries are still able to buy location data collected from the phones of U.S. personnel serving in military hotspots is a direct result of DOD leadership&amp;rsquo;s failure to prioritize this threat and implement common sense cyber defenses recommended by federal cybersecurity experts,&amp;rdquo; the lawmakers wrote.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The Pentagon has been aware for some time now of the security vulnerabilities posed by publicly available location data from smartphones or other wearable electronic devices.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;When mobile fitness app Strava released a Global Heat Map of its users&amp;rsquo; activities in late 2017, it &lt;a href="https://www.defenseone.com/technology/2018/01/stravas-just-start-us-militarys-losing-war-against-data-leakage/145632/"&gt;inadvertently gave away&lt;/a&gt; the locations of some U.S. military sites in the Middle East and provided precise details on the routes personnel took when they jogged. Similar location data from running app Polar also revealed the locations of military personnel, and could be used in some cases to track them to their homes.&lt;/p&gt;

&lt;p&gt;DOD subsequently issued a directive in August 2018 that &lt;a href="https://www.defenseone.com/ideas/2018/08/internet-things-national-security-problem/150301/"&gt;banned&lt;/a&gt; uses of apps and devices that share geolocation data &amp;ldquo;while in locations designated as operational areas.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;In their letter, however, the lawmakers said CENTCOM shared that it &amp;ldquo;only rolled out the capability to administratively disable location sharing on smartphones&amp;rdquo; this month. The combatant command also revealed that the Pentagon has not yet taken steps to deactivate the tracking numbers on smartphones that are used by advertisers and data brokers.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Both iOS and Android also include an opt-in privacy setting to disable this unique advertising ID, which the National Security Agency and the Cybersecurity and Infrastructure Security Agency recommend,&amp;rdquo; the letter said. &amp;ldquo;Unfortunately, USCENTCOM confirmed that the advertising ID is still not disabled on government-issued smartphones, but stated that the Defense Information Systems Agency is currently testing a capability to do so.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;The lawmakers urged DOD to disable the advertising ID on all agency-issued smartphones and to issue guidance requiring personnel to do the same on their personal devices brought overseas or onto military facilities. They also called for the agency to remove web browsers &amp;ldquo;designed to facilitate data collection by Google and other advertising companies&amp;rdquo; from Pentagon-issued devices.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;Instead, DoD should pre-install on DoD devices and require the use by DoD personnel of privacy-focused web browsers that protect users with anti-tracking cyber defenses, such as ad blocking and the Global Privacy Control (GPC), which is already enforced by law in 12 states,&amp;rdquo; the letter said.&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/05/29/052926locationNG/large.jpg" width="618" height="284"><media:credit>Catherine Ledner/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/05/29/052926locationNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item><item><title>Iran’s hackers are coordinating more closely, Israel’s top cyberdefense official says</title><link>https://www.nextgov.com/cybersecurity/2026/05/irans-hackers-are-coordinating-more-closely-israels-top-cyberdefense-official-says/413792/</link><description>Yossi Karadi also said he is pressing major AI labs for access to advanced models like Anthropic’s Mythos to help defend Israeli government networks.</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">David DiMolfetta</dc:creator><pubDate>Wed, 27 May 2026 15:42:00 -0400</pubDate><guid>https://www.nextgov.com/cybersecurity/2026/05/irans-hackers-are-coordinating-more-closely-israels-top-cyberdefense-official-says/413792/</guid><category>Cybersecurity</category><content:encoded>&lt;![CDATA[&lt;p&gt;Tehran&amp;rsquo;s hackers have grown more organized, more coordinated and more willing to use artificial intelligence for influence operations in recent months &amp;mdash; and they have demonstrated many of those capabilities since the war with Iran began, according to Israel&amp;rsquo;s top cyberdefense official.&lt;/p&gt;

&lt;p&gt;In a Tuesday interview, the director-general of Israel&amp;rsquo;s National Cyber Directorate, Yossi Karadi, said Iranian state-aligned groups are further sharing cyber tools among each other and using AI to polish disinformation and recruitment messages.&lt;/p&gt;

&lt;p&gt;At the same time, Karadi said he is pressing major AI labs for controlled access to powerful models like Anthropic&amp;rsquo;s Mythos, arguing that governments need the same tools attackers are seeking to adopt.&lt;/p&gt;

&lt;p&gt;In the last year, Iran&amp;rsquo;s state-backed hacking units have increasingly &amp;ldquo;begun to talk to each other, and then collaborate with each other, and then even sometimes exchange information&amp;rdquo; among themselves, he said. &amp;ldquo;Of course, when they work together, they can work more efficiently and better.&amp;rdquo;&lt;/p&gt;

&lt;p&gt;During the recent war, Iran has sent hundreds of thousands of text messages to Israelis as part of a deception and influence campaign, he said.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;In some cases, they&amp;rsquo;d send messages like, &amp;lsquo;don&amp;rsquo;t go to the bomb shelters because they are closed,&amp;rsquo;&amp;rdquo; Karadi said, adding that other messages sought to recruit Israelis for intelligence-sharing.&lt;/p&gt;

&lt;p&gt;For a while, those messaging campaigns were in &amp;ldquo;very bad Hebrew, so you understand, &amp;lsquo;okay, it&amp;rsquo;s nonsense,&amp;rsquo;&amp;rdquo; Karadi said. But more recently, AI has helped Tehran improve message quality.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;In March, Israel said it &lt;a href="https://www.politico.com/news/2026/03/04/israel-iran-cyber-headquarters-00813364"&gt;bombed&lt;/a&gt; a key Iranian cyberwarfare operation center. Asked about how that attack and similar efforts affected Tehran&amp;rsquo;s hacking prowess, Karadi said only that the nation&amp;rsquo;s cyberactivity largely fluctuated, depending on the intensity of the conflict.&lt;/p&gt;

&lt;p&gt;When bombing campaigns against Iran intensified, hacking activity tended to decrease because it was harder for state operatives to access physical assets like computers and other equipment needed for cyberattacks, he said. Conversely, when strikes slowed, state hacking groups would have more room to reorganize and collaborate again.&lt;/p&gt;

&lt;p&gt;As the U.S. and Iran work to implement a peace agreement to end the war, Karadi said there is little expectation that cyber activity from either side will stop, arguing that any party can deny involvement in a cyberattack, compared to a physical strike using missiles or bombs.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;&amp;ldquo;There is no ceasefire in cyber,&amp;rdquo; he said. &amp;ldquo;You cannot force any agreement on cyber.&amp;rdquo;&amp;nbsp;&lt;/p&gt;

&lt;p&gt;Over the last few months, Iran has compromised a swath of smaller Israeli organizations and a handful of American targets. Pro-Iran hackers have targeted various U.S. industrial control systems, federal &lt;a href="https://www.nextgov.com/cybersecurity/2026/04/pro-iran-hackers-are-targeting-us-industrial-control-systems-advisory-says/412679/"&gt;officials said&lt;/a&gt; early last month. One group, likely state-affiliated, also claimed to have &lt;a href="https://www.nextgov.com/cybersecurity/2026/03/cisa-launches-investigation-stryker-cyberattack/412079/"&gt;compromised&lt;/a&gt; medical technology giant Stryker. And just last week, &lt;a href="https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/"&gt;researchers said&lt;/a&gt; Iran-linked hackers deployed a slew of cyberespionage techniques that targeted the U.S., Israel, the UAE and other Middle Eastern nations.&lt;/p&gt;

&lt;p&gt;Asked if the cybersecurity community underestimated the strength of Iran&amp;rsquo;s hacking ecosystem, Karadi said he would only speak for Israel, and asserted they &amp;ldquo;obviously did not underestimate&amp;rdquo; Tehran. Since the &lt;a href="https://www.nextgov.com/cybersecurity/2025/08/new-research-shows-irans-expansive-cyber-offensive-during-12-day-war-israel/407207/"&gt;12-Day War&lt;/a&gt; last year, &amp;ldquo;we were in an 100% alert situation, and we have been preparing ourselves for high-scale cyber war,&amp;rdquo; he said.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The remarks provide a window into how Israeli officials believe Iran&amp;rsquo;s cyber apparatus has adapted under wartime pressure and amid negotiations now underway between the U.S. and Tehran that could end the war, which began in late February.&lt;/p&gt;

&lt;p&gt;Karadi conducted the interview as part of a visit to Washington this week, where he said he has planned meetings with the FBI, the Cybersecurity and Infrastructure Security Agency, U.S. Cyber Command and representatives from industry.&lt;/p&gt;

&lt;p&gt;In those meetings, he said officials have been discussing advanced cyber-focused AI models like Anthropic&amp;rsquo;s Mythos, which have quickly become central to global cyber policy talks. Asked whether Israeli institutions have been given access to those systems, he said the effort is a work in progress.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;I haven&amp;rsquo;t succeeded in it now, but hopefully I will,&amp;rdquo; he said, adding that he is trying to access such models to scan Israeli government organizations for vulnerabilities. He declined to name specific AI companies he is engaging with.&lt;/p&gt;

&lt;p&gt;In early April, Anthropic launched Project Glasswing, an initiative with major companies designed to secure critical software across the globe using its Mythos model. It&amp;rsquo;s been withheld from public release amid concerns over its highly skilled hacking capabilities. About a month later, OpenAI unveiled GPT-5.5-Cyber, a similarly advanced model that was also reserved for verified organizations to prevent the acceleration of offensive cyber tools.&lt;/p&gt;

&lt;p&gt;The White House and the federal government swiftly responded and worked to craft an executive order focused on AI and cybersecurity, but its signing was &lt;a href="https://www.nextgov.com/artificial-intelligence/2026/05/white-house-postpones-signing-ai-executive-order/413697/"&gt;postponed&lt;/a&gt; last week amid overregulation concerns from industry.&lt;/p&gt;

&lt;p&gt;Representing a government cyberdefense organization, Karadi said such models worry him.&lt;/p&gt;

&lt;p&gt;&amp;nbsp;&amp;ldquo;When you give [an attacker] a new tool, he needs to only use it at one time and one place. But I need to implement this tool at all the places and all the time,&amp;rdquo; he said.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;He expects more of these models to proliferate in the coming months, and he considers them to now be the &amp;ldquo;main threat&amp;rdquo; in the cybersecurity world.&lt;/p&gt;

&lt;p&gt;&amp;ldquo;I think that our world is getting more and more digital, AI-based and cloud-based,&amp;rdquo; he said. &amp;ldquo;It will take us to a permanent state of cyber warfare, some of the time against enemies that you know. But most of the time &amp;mdash; against ghosts.&amp;rdquo;&lt;/p&gt;
]]&gt;</content:encoded><media:content url="https://cdn.nextgov.com/media/img/cd/2026/05/27/052726IranNG/large.jpg" width="618" height="284"><media:credit>Alex Sholom/Getty Images</media:credit><media:thumbnail url="https://cdn.nextgov.com/media/img/cd/2026/05/27/052726IranNG/thumb.jpg" width="138" height="83"></media:thumbnail></media:content></item></channel></rss>