ClearSignal — Apr 23, 2026

Federal leadership instability is accelerating across critical defense and cybersecurity agencies, with CISA's failed nomination and the Navy Secretary's abrupt departure creating uncertainty during heightened threat activity. Major procurement initiatives are advancing rapidly—including the Army's largest modernization in 40 years and Space Force's $1.6B proliferated LEO SATCOM pivot—while adversaries demonstrate increasingly sophisticated cyber capabilities from AI-powered attacks to quantum-resistant ransomware. These parallel developments underscore the urgency of stable leadership to execute ambitious modernization plans amid an evolving threat landscape.

Top 3

CISA director pick Sean Plankey withdraws his nomination — Sean Plankey’s withdrawal as CISA director nominee after 13 months leaves the nation’s lead cybersecurity agency without confirmed leadership amid active exploitation campaigns and sophisticated state-sponsored threats. This leadership vacuum occurs precisely when federal agencies face binding directives to patch critical vulnerabilities and defend against evolving adversary tactics, creating operational risk at a critical infrastructure protection agency. — cyberscoop
Space Force shifts from SDA transport layer to new Space Data Network ‘backbone’ — Space Force’s $1.6 billion request to establish a ‘proliferated LEO SATCOM’ network represents a strategic pivot away from SDA’s transport layer model, signaling major architectural decisions for military space communications. This rebranding and funding push will shape which contractors compete for the backbone of future military satellite communications and data transport capabilities. — breaking-defense
‘Zealot’ Shows What AI’s Capable of in Staged Cloud Attack — The ‘Zealot’ proof-of-concept demonstrates AI-powered cyber attacks can now execute faster than human defenders can respond, with autonomous capabilities exceeding original design parameters. This represents a fundamental shift in the offense-defense balance that will require new defensive architectures and automated response systems across government networks. — dark-reading

Competitive Landscape

Italy lists Ukraine among top buyers for arms, while eyeing drone deal — Ukraine became Italy’s 4th largest military equipment buyer in 2025 with €349 million in exports, up from outside the top 10 the previous year, as Italy eyes potential drone deals. — breaking-defense
Turkish firms boost defense ties with Malaysia in missiles, comms and AI — Turkish defense firms are expanding partnerships with Malaysia in missiles, communications, and AI, offering combat-proven capabilities combined with affordability, rapid delivery, and industrial partnership models rather than pure product sales. — breaking-defense

Policy & Regulatory

CISA orders feds to patch BlueHammer flaw exploited as zero-day — CISA has issued a binding operational directive ordering federal agencies to patch the BlueHammer privilege escalation vulnerability in Microsoft Defender that has been actively exploited as a zero-day. This represents urgent compliance action required across federal civilian agencies. — bleeping-computer
FY27 budget request negates need for INDOPACOM spending wishlist: Commander — INDOPACOM Commander Adm. Samuel Paparo states FY27 budget request eliminates need for unfunded priorities list, as DoD details plans for $12 billion Pacific Deterrence Initiative spending. — breaking-defense

Agency & Mission Activity

CISA director pick Sean Plankey withdraws his nomination — Sean Plankey has withdrawn his nomination to lead CISA after waiting more than a year for confirmation, leaving the agency in further leadership uncertainty. The withdrawal comes amid ongoing upheaval at the cybersecurity agency. — cyberscoop
OMB director launches broadside at shipbuilders to close Sea Air Space 2026 — OMB Director criticized shipbuilders in closing remarks at Sea Air Space 2026 conference, signaling potential policy pressure on naval shipbuilding industry. — breaking-defense
Navy Secretary Phelan leaving post immediately, Pentagon says — Navy Secretary John Phelan is departing his position effective immediately in a surprise move announced by Pentagon spokesperson Sean Parnell. — breaking-defense
The sights of Sea Air Space Day 3 — Photo gallery from the third day of the Navy League’s Sea Air Space conference in April 2026. — breaking-defense
Trump taps defense firm execs to lead space acquisition, NRO — Trump administration has selected Erich Hernandez-Baquero as Space Force’s next acquisition chief and nominated Roger Mason as the next NRO director, both coming from defense industry executive positions. — breaking-defense
Plankey withdraws as CISA nominee — Plankey withdrew his nomination to be CISA director after 13 months, stating it became clear the Senate would not confirm him. — federal-news-network

Technology Trends

New GopherWhisper APT group abuses Outlook, Slack, Discord for comms — A newly identified state-backed APT group called GopherWhisper is targeting government entities using a custom Go-based toolkit and abusing legitimate services like Microsoft 365 Outlook, Slack, and Discord for command-and-control communications. This represents an evolving threat vector leveraging trusted enterprise platforms. — bleeping-computer
Apple fixes bug that let the FBI recover deleted Signal messages — Apple has released emergency security updates for iPhone and iPad to fix a Notification Services vulnerability that allowed deleted notifications, including Signal messages, to remain stored on devices and be recovered by law enforcement. The flaw has forensic and security implications for government users. — bleeping-computer
New Mirai campaign exploits RCE flaw in EoL D-Link routers — A new Mirai-based botnet campaign is actively exploiting a high-severity command injection vulnerability (CVE-2025-29635) in end-of-life D-Link DIR-823X routers to recruit devices. This highlights ongoing risks from unsupported network equipment. — bleeping-computer
Kyber ransomware gang toys with post-quantum encryption on Windows — A new Kyber ransomware operation is targeting Windows and VMware ESXi systems, with variants implementing post-quantum Kyber1024 encryption. This represents an emerging threat as cybercriminals begin adopting quantum-resistant cryptographic methods. — bleeping-computer
Spain dismantles major $4.7M manga piracy platform, arrests four — Spanish police dismantled the largest Spanish-language manga piracy platform operating since 2014, arresting four individuals and shutting down a $4.7M operation with millions of monthly users. This represents a significant law enforcement action against digital piracy infrastructure. — bleeping-computer
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process — Cybercriminal fraud operations now operate with corporate-style structures including hiring, training, and performance tracking, with researchers exposing the professionalization of ‘Caller-as-a-Service’ scam operations. This represents the evolution of fraud-as-a-service business models in the cybercrime economy. — bleeping-computer
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign — North Korean hackers stole over $12 million in cryptocurrency during the first three months of 2026 through malware attacks targeting personal devices. This continues the pattern of DPRK cyber operations funding regime activities through cryptocurrency theft. — the-record
Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector — Hackers deployed previously unknown wiper malware in destructive attacks against Venezuela’s energy and utilities sector, designed to permanently destroy systems. This represents a significant escalation in cyber attacks targeting critical infrastructure. — the-record
‘Zealot’ Shows What AI’s Capable of in Staged Cloud Attack — Proof-of-concept ‘Zealot’ attack demonstrates AI-powered cyber threats can execute faster than human defenders can respond, with AI showing unexpected autonomous capabilities in cloud environments. — dark-reading
‘The Gentlemen’ Rapidly Rises to Ransomware Prominence — Ransomware group ‘The Gentlemen’ has rapidly scaled operations and demonstrated sophisticated capabilities, impressing cybersecurity researchers with speed of growth. — dark-reading
Not one-drone-fits-all: Admirals stress unmanned systems tailored to the mission — Navy Rear Adm. Douglas Sasse emphasized at the Sea-Air-Space conference that unmanned systems capabilities must be tailored to specific operational theaters, noting that systems effective in EUCOM or CENTCOM may not work in the Pacific due to vastly greater distances. — breaking-defense

Procurement & Opportunities

Space Force shifts from SDA transport layer to new Space Data Network ‘backbone’ — Space Force is rebranding its MILNET project as ‘proliferated LEO SATCOM’ and seeking $1.6 billion in reconciliation funding to establish a new Space Data Network backbone, shifting away from the SDA transport layer approach. — breaking-defense
Army unveils sweeping XM30 push, $4B bet on NGC2 in newly released budget materials — Army is accelerating its XM30 infantry fighting vehicle program and committing $4 billion to NGC2 (Next Generation Command and Control) as part of what officials describe as the most significant modernization effort in over 40 years. — breaking-defense
Northrop slated to deliver surface EW system to carriers in 2028 — Northrop Grumman is scheduled to deliver its surface electronic warfare system (SEWIP) to aircraft carriers in 2028, with separate configurations developed for destroyers and carriers. — breaking-defense
The Navy’s plan for pilot training could add the first clean-sheet trainer aircraft since the 1950s — The Navy’s pilot training modernization plan could result in the first clean-sheet trainer aircraft design since the 1950s, with Sierra Nevada Corporation’s Freedom trainer engineered specifically for the hard landings required in naval operations. — breaking-defense
RFI for Cybersecurity Support Services — The United States Senate Sergeant at Arms has issued an RFI (solicitation 2026-S-063) seeking cybersecurity support services, with responses due May 5, 2026. — sam-gov

← Archive