ClearSignal — Apr 22, 2026

The defense industrial base is executing major procurements across air, sea, and autonomous systems—with a $55 billion drone initiative and accelerated B-21 production—while simultaneously confronting an escalating cyber threat environment. Nation-state actors now dominate the threat landscape, as the UK reports four nationally significant cyber incidents weekly and DoD develops a more aggressive cyber strategy. Critical vulnerabilities in widely-used enterprise tools and development platforms are under active exploitation, creating immediate risks to both government and contractor networks.

Top 3

Pentagon officials broadly detail $55 billion drone plan under DAWG — Pentagon’s $55 billion drone acquisition plan under DAWG represents a fundamental shift in defense priorities toward autonomous warfare capabilities. The scale of investment and use of budget reconciliation mechanisms signals this is a strategic priority that will reshape procurement landscapes and create significant opportunities for contractors with autonomous systems expertise. — breaking-defense
UK cyber agency handling four major incidents a week as nation-state attacks surge — The UK’s cybersecurity agency handling four nationally significant cyber incidents weekly—predominantly from nation-states rather than criminals—signals a fundamental escalation in state-sponsored cyber aggression. This shift demands immediate attention from cleared contractors and agencies, as the threat profile has moved from financially-motivated crime to strategic targeting of national security infrastructure. — the-record
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk — Active exploitation of a critical RCE vulnerability in Bomgar remote monitoring tools for ransomware deployment creates immediate supply chain risk across the defense industrial base. Given Bomgar’s widespread use for remote IT management in contractor environments, this represents an urgent patching priority to prevent potential compromise of sensitive networks and data. — dark-reading

Policy & Regulatory

New Defense Department cyber strategy imminent, official says — The US Defense Department is developing a new cyber strategy aligned with the Trump administration’s approach to more aggressively counter digital adversaries. The strategy was discussed by a senior official during House Armed Services Committee testimony. — the-record
EU targets two Russian propaganda networks with new sanctions — The EU imposed sanctions on two Russian propaganda networks: Euromore media outlet and Pravfond foundation, both accused of amplifying Kremlin narratives and promoting Moscow-aligned foreign policy messaging. These measures target Russian information operations infrastructure. — the-record
Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks — House Homeland Security Committee is considering terrorism designations and homicide charges for ransomware attacks targeting hospitals, as healthcare sector attacks increase. — cyberscoop

Agency & Mission Activity

The sights of Sea Air Space Day 2 — Photo gallery from Day 2 of the Sea Air Space conference showcasing exhibits and activities on the show floor. — breaking-defense

Technology Trends

New npm supply-chain attack self-spreads to steal auth tokens — A new supply chain attack targeting npm is stealing developer credentials and self-propagating through compromised package accounts. The attack represents an escalating threat to the Node Package Manager ecosystem and software development infrastructure. — bleeping-computer
Microsoft releases emergency patches for critical ASP.NET flaw — Microsoft issued emergency out-of-band security patches to address a critical privilege escalation vulnerability in ASP.NET Core. The urgent nature of the release indicates active exploitation or high-severity risk requiring immediate patching. — bleeping-computer
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — Over 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing vulnerability previously exploited as a zero-day and still under active attack. The widespread exposure indicates poor patch management across organizations. — bleeping-computer
French govt agency confirms breach as hacker offers to sell data — France Titres, a French government agency responsible for administrative documents, confirmed a data breach after threat actors claimed to have stolen citizen data and offered it for sale. The breach affects a government entity managing sensitive identity and administrative information. — bleeping-computer
New Lotus data wiper used against Venezuelan energy, utility firms — A newly discovered data-wiping malware called Lotus was deployed in targeted attacks against Venezuelan energy and utilities organizations. The malware represents an emerging destructive threat to critical infrastructure sectors. — bleeping-computer
UK cyber agency handling four major incidents a week as nation-state attacks surge — The UK’s cybersecurity agency is responding to four nationally significant cyber incidents weekly, with most attacks now attributed to hostile nation-states rather than criminal groups. This represents a significant shift in the threat landscape toward state-sponsored cyber aggression. — the-record
Cloud platform Vercel says company breached through third-party AI tool — Cloud platform provider Vercel disclosed a security breach through a compromised third-party AI tool, resulting in exposed credentials for a limited subset of customers. The incident highlights supply chain security risks in AI-integrated development platforms. — the-record
In a first, Ukraine’s drone force launches interceptor drone from USV to destroy Shahed — Ukraine’s drone force successfully launched an interceptor drone from an unmanned surface vessel (USV) to destroy a Russian Shahed kamikaze drone, marking the first sea-air integration of this type. Experts note this capability will create additional challenges for Russian drone operations. — breaking-defense
The AI era demands a different kind of CISO — CISOs must evolve from static, audit-based security approaches to real-time awareness and response capabilities in the AI era, as attackers can now discover and exploit vulnerabilities in minutes. This shift represents a fundamental change in cybersecurity strategy and operational tempo. — cyberscoop
Former DigitalMint ransomware negotiator pleads guilty to extortion scheme — Angelo Martino, a former DigitalMint ransomware negotiator, pleaded guilty to participating in an extortion scheme that helped accomplices extract $75.3 million in ransom payments from five victim companies. The case highlights insider threats within the cryptocurrency and ransomware negotiation ecosystem. — cyberscoop
Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety — Tyler Robert Buchanan, a Scottish national described as ‘the glue that held this gang together,’ pleaded guilty to charges related to the Scattered Spider cybercrime group’s attack spree that created the group’s notoriety, facing up to 22 years in federal prison. Scattered Spider is known for sophisticated social engineering attacks targeting major corporations. — cyberscoop
Ransomware Negotiator Pleads Guilty to BlackCat Scheme — A ransomware negotiator has pleaded guilty to involvement in a BlackCat ransomware scheme, highlighting risks when negotiators participate in ransom payment processes. — dark-reading
Exploits Turn Windows Defender Into Attacker Tool — Three proof-of-concept exploits are being used in active attacks to weaponize Windows Defender, with two vulnerabilities remaining unpatched. — dark-reading
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk — Critical remote code execution vulnerability (CVE-2026-1731) in Bomgar remote monitoring and management tool is being exploited to spread ransomware and compromise supply chains. — dark-reading
Google Fixes Critical RCE Flaw in AI-Based ‘Antigravity’ Tool — Google patched a critical prompt-injection vulnerability in its Antigravity AI tool that allowed sandbox escape and arbitrary code execution due to improper sanitization. — dark-reading
The wrong enemy in the war on fraud — Former PRAC deputy executive director Linda Miller advocates for using algorithmic and AI-driven approaches to combat government fraud at scale. The piece emphasizes the need to modernize fraud detection beyond traditional manual methods. — federal-news-network
Risky Business #834 — Vercel gets owned, Mozilla dumps hundreds of Mythos bugs — Risky Business podcast covers major cybersecurity incidents including Vercel breach linked to infostealer compromises, Mozilla’s discovery of 271 bugs using Mythos AI, and NSA’s use of Mythos despite government restrictions on Anthropic. The episode also discusses NIST’s challenges with vulnerability enrichment and DDoS attacks on social media platforms. — risky-business

Procurement & Opportunities

Battleship costs and sub timelines at Sea Air Space — Navy League’s Sea Air Space conference featured discussions on battleship costs and submarine production timelines. Coverage includes highlights from the second day of the annual naval industry conference. — breaking-defense
Navy expects construction on first Trump-class battleship to start in FY28 — The Navy plans to begin construction on the first Trump-class battleship in FY28, with Secretary John Phelan stating the service is in discussions with two vendors for the program. — breaking-defense
Air Force eyes massive boost for F-15EX fleet — The Air Force’s FY2027 budget proposal includes a significant increase for the F-15EX fleet, along with boosts for F-35 Joint Strike Fighter procurement and slower retirements of A-10 Warthog aircraft. — breaking-defense
Pentagon officials broadly detail $55 billion drone plan under DAWG — Pentagon officials outlined a $55 billion drone acquisition plan under the Defense Autonomous Warfare Group (DAWG), with the majority of funding coming through budget reconciliation similar to the proposed increase for the Office of Strategic Capital loan program. — breaking-defense
Northrop to invest $2.5B to hasten B-21 production — Northrop Grumman announced a $2.5 billion investment to accelerate B-21 bomber production, with CEO Kathy Warden stating the company will spend $200 million in 2026 as part of this effort. — breaking-defense
Delivering first Columbia-class sub in 2028 will prove ‘wicked heavy lift’: Sub czar — Vice Adm. Robert Gaucher, the Navy’s submarine program executive, acknowledged that delivering the first Columbia-class ballistic missile submarine by 2028 will be a ‘wicked heavy lift’ due to first-of-class challenges and learning curves. The Navy anticipates operational hiccups as they work through issues on systems never before operated. — breaking-defense
Future Program: Decentralized Artificial Intelligence through Controlled Emergence (DICE) — DARPA issued a special notice for the future Decentralized Artificial Intelligence through Controlled Emergence (DICE) program with responses due May 29, 2026. The program appears focused on developing distributed AI systems and architectures. — sam-gov
Navy Mission Support IDIQ — US Army Corps of Engineers Philadelphia District issued a presolicitation for a Navy Mission Support IDIQ contract with responses due April 24, 2026. The contract falls under administrative management and general management consulting services. — sam-gov

← Archive