ClearSignal — May 22, 2026

Critical cybersecurity vulnerabilities and budget constraints converge as CISA faces funding cuts while launching new vulnerability reporting mechanisms amid a surge of nation-state threats and infrastructure exploits. Operational capacity challenges extend beyond cyber to kinetic domains, with the Navy declaring Strait of Hormuz escorts unfeasible and the Army seeking to reverse aviation cuts. Major procurement activity signals continued federal investment in network operations and cyber infrastructure, even as lawmakers warn of weakened defensive posture against Chinese espionage campaigns.

Top 3

Lawmakers from both parties say CISA cuts have gone too far — Bipartisan congressional concern over CISA budget cuts directly threatens civilian network defense at a critical moment when Chinese cyber operations are intensifying. This funding gap creates immediate risk for contractors supporting federal civilian agencies and suggests potential supplemental appropriations or reprogramming actions. The political consensus signals likely remediation, but timing remains uncertain. — cyberscoop
Strait of Hormuz escort missions would ‘exceed’ Navy’s capacity, CNO says — The CNO’s public acknowledgment that the Navy lacks capacity for Strait of Hormuz escort missions reveals significant force structure constraints with immediate implications for maritime security contractors and Middle East logistics. This gap between political expectations and operational reality may drive urgent investments in unmanned systems, allied partnerships, or commercial vessel protection capabilities. Contractors with relevant capabilities should anticipate accelerated requirements development. — breaking-defense
DHS Network Operations Security Center (NOSC) Network, Cloud, and Cyber Services (NCCS) 2.0 Industry Day — DHS’s NOSC NCCS 2.0 Industry Day represents a major recompete for critical network and cybersecurity operations supporting the entire department. With responses due May 2026, this procurement will shape DHS’s cyber infrastructure posture for the next contract period and likely involves significant contract value given its enterprise scope. Incumbent and challenger firms should prioritize participation given DHS’s central role in civilian federal cybersecurity. — sam-gov

Policy & Regulatory

Lawmakers from both parties say CISA cuts have gone too far — Bipartisan lawmakers including Reps. Don Bacon (R-Neb.) and James Walkinshaw (D-Va.) voiced concern that CISA budget cuts have weakened the agency’s ability to defend civilian networks amid growing threats from China. — cyberscoop
Trump postpones executive order focused on AI security — Trump postponed an executive order that would require the NSA, Treasury Department, and other federal agencies to test new AI models for cybersecurity and national security concerns within 90 days. — cyberscoop
Restoring CISA is one issue many lawmakers can agree on — Bipartisan lawmakers Reps. Don Bacon (R-NE) and James Walkinshaw (D-Va.) identified restoring and extending CISA’s capabilities as a top congressional priority. — federal-news-network
Sovereignty can’t be vibecoded: Why Europe must physically build to ensure resilience — European defense analysts argue that Europe must prioritize building physical infrastructure to sustain technological and defense capabilities at scale, rather than focusing solely on policy debates. The commentary emphasizes that sovereignty requires tangible manufacturing and production capacity. — breaking-defense
Boots on the moon needed to beat ‘belligerent’ China: Mitchell Institute — The Mitchell Institute warns that US space security is at risk as China’s military-led human spaceflight program positions the PLA to achieve strategic advantage in lunar access, infrastructure, and resources. The report advocates for American boots on the moon to counter Chinese ambitions. — breaking-defense
Pentagon considers restoring Army aviation cuts — The Pentagon is considering reversing Army aviation cuts that were announced just last year. This potential restoration signals shifting priorities in military aviation force structure. — breaking-defense

Agency & Mission Activity

CISA to allow researchers to report vulnerabilities to exploited bugs catalog — CISA launched a new nomination form enabling researchers, vendors, and industry partners to report vulnerabilities for inclusion in the Known Exploited Vulnerabilities catalog. — the-record
RIAT CANCELLED: Middle East ‘situation’ forces collapse of major UK air show — The Royal International Air Tattoo, a major UK air show, has been cancelled due to Middle East tensions after extensive discussions with the RAF and US Air Force. Organizers acknowledged the difficult decision driven by the regional security situation. — breaking-defense
Strait of Hormuz escort missions would ‘exceed’ Navy’s capacity, CNO says — Chief of Naval Operations Adm. Daryl Caudle stated that providing naval escorts through the Strait of Hormuz would exceed the Navy’s capacity and be a very challenging mission. This response follows President Trump’s earlier suggestion to provide such escorts amid Middle East tensions. — breaking-defense
To train for contested environments, SOCOM and SOUTHCOM want more ranges, authority — SOCOM and SOUTHCOM are requesting additional training ranges and authorities to rehearse sophisticated force projections for contested environments, according to Adm. Frank Bradley. — breaking-defense
Hurst nominated as full Pentagon comptroller — Jules Hurst has been nominated as full Pentagon comptroller after serving in an acting capacity since August 2025, where he oversaw the $1.5 billion defense budget request for FY2027. — breaking-defense
First Defense Critical Infrastructure summit aims to develop repeatable playbook — The Army conducted its first Defense Critical Infrastructure summit with 14 external partners, using tabletop exercises to develop response playbooks for coordinated attacks on installations during deployment operations. — breaking-defense

Technology Trends

Ubiquiti patches three max severity UniFi OS vulnerabilities — Ubiquiti released security patches for three critical vulnerabilities in UniFi OS that could allow remote attackers to exploit systems without requiring privileges or authentication. — bleeping-computer
Google accidentally exposed details of unfixed Chromium flaw — Google inadvertently disclosed details of an unpatched Chromium vulnerability that allows JavaScript to continue executing after browser closure, creating a remote code execution risk. — bleeping-computer
Apple blocked over $11 billion in App Store fraud in 6 years — Apple reported blocking over $11 billion in fraudulent App Store transactions over six years, including more than $2.2 billion in potentially fraudulent transactions during 2025 alone. — bleeping-computer
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet — Analysis of the Lucifer DaaS platform reveals how modern crypto drainers use phishing and automation to trick users into approving malicious wallet transactions rather than directly hacking wallets. — bleeping-computer
Chinese hackers target telcos with new Linux, Windows malware — Chinese cyber-espionage actors are targeting telecommunications providers using newly identified Linux and Windows malware named Showboat and JFMBackdoor in coordinated campaigns. — bleeping-computer
Max severity Cisco Secure Workload flaw gives Site Admin privileges — Cisco released security updates for a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. — bleeping-computer
Police seize “First VPN” service used in ransomware, data theft attacks — International law enforcement seized ‘First VPN,’ a virtual private network service used by threat actors to conduct ransomware and data theft attacks. — bleeping-computer
Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada — Jacob Butler, a 23-year-old from Ottawa, was arrested as the alleged leader of the Kimwolf botnet and awaits extradition to the United States, facing up to 10 years in prison. — cyberscoop
CISA chief frets about open-source vulnerabilities, delayed security improvements — CISA Acting Director Nick Andersen expressed concerns about open-source software vulnerabilities and delayed security improvements amid a wave of malware attacks targeting publicly available collaborative technology. — cyberscoop
European authorities take down prolific cybercrime VPN service — European authorities arrested the alleged administrator of First VPN and seized its infrastructure, with Europol noting the service appeared in nearly every major recent cybercrime investigation. — cyberscoop
Belarus-linked hackers use fake training certificates to target Ukrainian officials — Belarus-linked hacking group GhostWriter launched an espionage campaign against Ukrainian government officials using fake training certificate emails from a popular online learning platform to deliver malware. — the-record
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada — Canadian authorities arrested a 23-year-old Ottawa man accused of operating the Kimwolf IoT botnet that enslaved millions of devices for massive DDoS attacks over the past six months, facing charges in both Canada and the U.S. — krebs-on-security
How CISOs Should Prep for Agentic-Ready AI BOMs — CISOs need to develop methods for documenting both component and execution attributes for AI bill of materials (AI BOM) as AI systems become more agentic and complex. — dark-reading
Google API Keys Remain Active After Deletion — A security researcher discovered that Google API keys remain active for up to 23 minutes after deletion despite the cloud provider claiming immediate deletion, creating a potential security vulnerability window. — dark-reading
AI Agents Are Shifting Identity Security Budget Dynamics — New Omdia research indicates that AI agent proliferation throughout enterprises is creating different identity and access management budget dynamics, as AI agent identities require distinct management, security, and governance approaches compared to traditional IAM projects. — dark-reading
Content Delivery Exploit Opens Websites to Brand Hijacking — The Underminr domain-fronting attack enables threat actors to modify web requests and leverage trusted websites to cloak malicious activity through content delivery exploits, opening websites to brand hijacking. — dark-reading

Procurement & Opportunities

Netherlands eyes more JASSM weapons for F-35, discloses ASW frigate delivery delay — The Netherlands is pursuing additional JASSM weapons for its F-35 fleet following a 2024 Letter of Offer and Acceptance, while also announcing delivery delays for its ASW frigate program. — breaking-defense
SCINET NOC SOC — USDA Department of Administration awarded a contract for SCINET NOC SOC (Network Operations Center/Security Operations Center) services under NAICS code 541512 (Computer Systems Design Services). — sam-gov
DHS Network Operations Security Center (NOSC) Network, Cloud, and Cyber Services (NCCS) 2.0 Industry Day — DHS is hosting an Industry Day for the Network Operations Security Center (NOSC) Network, Cloud, and Cyber Services (NCCS) 2.0 contract opportunity through its Information Technology Acquisition Center. Responses are due May 14, 2026. — sam-gov
Assured Compliance Assessment Solution (ACAS) for the Program Acquisition Executive (PAE) Cyber Sensing Portfolio Management Office — DISA is conducting a Sources Sought for Assured Compliance Assessment Solution (ACAS) supporting the Program Acquisition Executive (PAE) Cyber Sensing Portfolio Management Office. Responses are due June 4, 2026. — sam-gov
Justification for an Exception to Fair Opportunity for Comprehensive Engineering, Sustainment, and Cybersecurity Support for the Tactical Airspace Integration System (TAIS). — Army Contracting Command is issuing a Justification for Exception to Fair Opportunity for comprehensive engineering, sustainment, and cybersecurity support for the Tactical Airspace Integration System (TAIS). This indicates a sole-source or limited competition award under an existing contract vehicle. — sam-gov
A—Cybersecurity of Novel Technology Implementations — Nuclear Regulatory Commission is soliciting for cybersecurity services related to novel technology implementations. Responses are due June 2, 2026. — sam-gov

← Archive