1010.cx

  • The D Brief: NDAA deets; Boat-strike tug-of-war; DOD’s AI plans; GD’s collaborative lab; And a bit more.

    ·

    Five days after President Trump said he was ok with releasing video of the U.S. military’s first attack on alleged drug trafficking boats off the Latin American coast, he backed away from that pledge Monday, telling reporters he’d let his embattled Pentagon chief Pete Hegseth decide. 

    Dec. 3: “I don’t know what they have, but whatever they have, we’d certainly release. No problem,” Trump told reporters (read a transcript via Roll Call, here). 

    Dec. 8: On Monday, a reporter asked the president if he still felt that way. “Mr. President, you said you would have no problem with releasing the full video of that strike on Sept. 2 off the coast of Venezuela. Secretary Hegseth now says—” the reporter said before the president interrupted her. 

    “I didn’t say that. You said that. I didn’t say that,” Trump responded. “This is ABC fake news. I said, whatever Hegseth wants to do is OK with me.”

    SecDef Hegseth’s latest position: “Whatever we were to decide to release, we’d have to be very responsible” about it, he said Saturday on the sidelines of the annual Reagan National Defense Forum in California. 

    Why it matters: The strike in question reportedly killed two survivors aboard the boat on Sept. 2, according to the Washington Post, which noted the operation was carried out on Hegseth’s orders. “I watched it live,” the secretary told Fox the following day. But he changed his account after details of the operation became public. Last week, the Pentagon chief told reporters that he “watched that first strike live” but “didn’t stick around” for subsequent strikes. In the days since, several lawmakers have called for the release of surveillance footage of the attacks, which the Post reports involved four strikes in total: “twice to kill the crew and twice more to sink it.” 

    Killing survivors of a strike at sea could be a violation of the laws of war, multiple legal experts have argued since the Post published its report just after Thanksgiving.

    Lawmakers of both parties want the public to see the videos, and are planning to withhold one-quarter of Hegseth’s travel budget until he releases them, Politico reported Monday after House and Senate negotiators agreed on a compromise version of the 2026 defense policy bill (PDF). House lawmakers are expected to approve the final draft this week, with Senate approval expected shortly afterward. 

    Also included in the pending NDAA: 

    • $400 billion for Ukraine through a provision to pay U.S. companies for the sale of weapons to Kyiv; 
    • $175 million to help boost Latvia, Lithuania and Estonia's defense against Russian aggression; 
    • $200 million for Israeli missile defense as well as $80 million for anti-tunneling operations and $70 million for joint counter-drone programs;
    • $1 billion intended for Taiwan's military to help defend against a possible Chinese attack or invasion; 
    • $1.5 billion in support for the Philippines; 
    • And 4% pay raise for U.S. troops. 

    Notably, the NDAA does not fund Trump’s plan to rename the Defense Department to the “Department of War,” which NBC News reported last month is estimated to cost $2 billion. (Hat tip to Reuters.)

    Additional reading: 

    Coverage continues below…

    Welcome to this Tuesday edition of The D Brief, a newsletter dedicated to developments affecting the future of U.S. national security, brought to you by Ben Watson and Bradley Peniston. It’s more important than ever to stay informed, so thank you for reading. Share your tips and feedback here. And if you’re not already subscribed, you can do that here. On this day in 1938, the first operational shipboard radar was installed aboard the battleship USS New York.

    Developing: The Pentagon will widely deploy new AI tools for logistics, intelligence analysis, and combat planning in mere days or weeks, its research-and-engineering chief said Monday, adding that wide deployment of artificial intelligence now tops his list of “critical technologies,” Defense One’s Patrick Tucker reports

    The department has chosen Gemini for Government as the platform that will support DOD’s first department-wide rollout of AI tools, Google and defense officials announced Tuesday morning. The moves come after the Defense Innovation Unit, the Chief Digital and Artificial Intelligence Office, or CDAO, and others were combined under Emil Michael, defense undersecretary for research and engineering, in a bid to accelerate deployment of AI and other technologies. He said that he will likely reduce the number of technology areas that DIU is working on as well.

    The advent of large-language-model tools such as ChatGPT, Claude, and Gemini have made it possible—and necessary—to develop AI tools faster, Michael told reporters at the Defense Writers Group on Monday. “The explosion of capabilities has been enormous, and we're just catching up to that,” he said. “Now we can take CDAO and actually try to use it to push the capability into the Department for actual use cases.” Read more, here

    Big-picture analysis: The U.S. military needs to reinvent itself to deter future wars, the New York Times editorial board argues in a new roundup of many national security dynamics Defense One readers will be probably familiar with. A few of the more salient points include the following reminders: 

    • The Pentagon has an “overreliance on expensive, vulnerable weapons as adversaries field cheap, technologically advanced ones.”
    • “An entrenched oligopoly of five large defense contractors, down from 51 in the early 1990s, has an interest in selling the Pentagon ever-costlier evolutions of the same ships, planes and missiles.”
    • The “Ford [carrier], which is currently deployed in the Caribbean, is fatally vulnerable to new forms of attack. China in recent years has amassed an arsenal of around 600 hypersonic weapons, which can travel at five times the speed of sound and are difficult to intercept. Other countries possess quiet diesel-electric submarines capable of sinking American carriers.”
    • And as the latest NDAA makes its way through congress, the Times editorial board notes “The Trump administration wants to increase defense spending in 2026 to more than $1 trillion. Much of that money will be squandered on capabilities that do more to magnify our weaknesses than to sharpen our strengths.”

    “This is the first of a series of editorials examining what’s gone wrong with the U.S. military—technologically, bureaucratically, culturally, politically and strategically,” the Times writes. Read the rest, here

    Additional reading: 

    • Tom Wright of Brookings argues the White House’s new strategy “Ignores the Real Threats” facing the U.S., including “silen[ce] on Beijing’s ambition to displace Washington as the world’s leading power,” and “nothing about the Russian threat to U.S. interests.” Read his Monday response in The Atlantic, here.
    • See also “The Origin of Hegseth’s Anti-Beard Obsession,” via former Pentagon official Alex Wagner, writing Saturday in The Atlantic;
    • And “General Dynamics wants to turn competitors into teammates,” Defense One’s Lauren C. Williams reported Monday. 

    Trump 2.0

    “Worst of the Worst” site skips evidence. A new Department of Homeland Security website purports to list the worst “criminal aliens” arrested by ICE. The website names more than 9,800 of the “hundreds of thousands” of people taken into custody by Immigration and Customs Enforcement in the past 11 months. Each name is presented, information-card style, with their countries of origin and one or more alleged crimes. Most include a formal or informal mug shot; some, oddly, do not.

    For the vast majority of people, no corroboration is given of their purported criminality. Among the first 1,200 names, just 4% link to DHS press releases; no other kind of documentation is offered. (The site is “all about transparency,” a DHS spokesperson said in a press release.)

    Best of the worst of the worst? Many of the names are listed with one or more awful crimes: homicide, sexual assault, human trafficking, and more. But the sample also includes more than a handful of people whose only listed crimes were far more minor: shoplifting, marijuana possession, traffic offenses. Nearly 5% were accused solely of (felony) illegal re-entry.

    Finally, more than two dozen names have quietly been removed from the site since it went up on Monday, according to a Defense One analysis of the site. No explanation is given. 

    Most people arrested by ICE this year had no criminal record at all, Axios reported last week off a new tranche of data released by the agency. That wasn’t the case until May, when the White House reportedly ordered ICE to triple its daily quota of arrests from 1,000 to 3,000. “Now, agents have a broader mandate and have been encouraged to make more ‘collateral arrests,’ apprehending undocumented people who happen to be with someone on a target list, such as people in the same household,” Axios wrote.

    That’s especially true in Washington, D.C., the first city to see an unprecedented deployment of federal troops under Trump. “More than 80 percent of the immigrants arrested in D.C. during the surge in federal law enforcement this year had no prior criminal record,” the Washington Post reported on Thursday. 

    “The new data confirms that the Trump administration isn't focused on legitimate public safety risks, but rather on hitting politically motivated arrest targets,” Aaron Reichlin-Melnick, senior fellow at the American Immigration Council, told Axios last week.

    Related reading: 

    Additional reading:  

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

    ·

    Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model. The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150. The

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

    ·

    The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. “These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Global Costs of Software Supply Chain Attacks On The Rise

    ·

    This week in cybersecurity from the editors at Cybercrime Magazine

    Sausalito, Calif. – Dec. 9, 2025

    Read the full story from Wiz

    Due to their cascading effect, supply chain attacks are costlier than most, with vendors and customers both bearing the brunt. Global costs of software supply chain attacks alone are estimated at $60 billion in 2025, and they’re expected to reach a whopping $138 billion by 2031, according to Cybersecurity Ventures.

    Wiz breaks down three types of supply chain attacks:

    Software supply chain attacks infiltrate software vendor systems to deliver compromised software to thousands of customers;

    Hardware supply chain attacks involve adversaries introducing counterfeit devices into the global supply chain;

    Third-party service attacks target customers of cloud service providers (CSPs), managed service providers (MSPs), SaaS platforms, and AI vendors by compromising software updates, API keys, or service integrations.

    Comprehensive supply chain security requires visibility across the entire code-to-cloud lifecycle, and Wiz breaks that down for CISOs and security leaders in a blog post that includes a handy cheat sheet with best practices.

    Read the Full Story

    Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:

    • SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
    • NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
    • HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
    • VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
    • M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
    • BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
    • PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
    • PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
    • RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.

    Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.

    The post Global Costs of Software Supply Chain Attacks On The Rise appeared first on Cybercrime Magazine.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • How to Streamline Zero Trust Using the Shared Signals Framework

    ·

    Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down. The

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

    ·

    Google on Monday announced a set of new security features in Chrome, following the company’s addition of agentic artificial intelligence (AI) capabilities to the web browser. To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of exposure to untrusted web content and inflict harm. Chief

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

    ·

    Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known as Gold Blade, which is also

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

    ·

    Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, take

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • More AI tools coming in days or weeks, Pentagon R&D chief says

    ·

    Updated Dec. 9, 10 a.m. ET:

    The Pentagon will widely deploy new AI tools for logistics, intelligence analysis, and combat planning in days or weeks, its research-and-engineering chief said Monday, adding that wide deployment of artificial intelligence now tops his list of “critical technologies.”

    The department has chosen Gemini for Government as the platform that will support DOD’s first department-wide rollout of AI tools, Google and defense officials announced Tuesday morning.

    The moves come after the Defense Innovation Unit, the Chief Digital and Artificial Intelligence Office, or CDAO, and others were combined under Emil Michael, defense undersecretary for research and engineering, in a bid to accelerate deployment of AI and other technologies. He said that he will likely reduce the number of technology areas that DIU is working on as well. 

    The advent of large-language-model tools such as ChatGPT, Claude, and Gemini have made it possible—and necessary—to develop AI tools faster, Michael told reporters at the Defense Writers Group on Monday.

    “The explosion of capabilities has been enormous, and we're just catching up to that,” he said. “Now we can take CDAO and actually try to use it to push the capability into the Department for actual use cases.”

    He said that expands the usefulness of CDAO, which was largely managing in-house analytic tools like Advana and exploring data assets within the military.

    The explosion of ChatGPT and other consumer tools makes that necessary, Michael said Saturday during the Reagan Defense Forum in California.

    “For a department of 3 million people, we're vastly under-utilizing AI relative to the general population,” he said.

    On Monday, Michael said Russia’s war on Ukraine and Ukraine’s response serves as a key lens on future conflict.

     “You have a robot on robot frontline now, which we've never seen before,” he said.

    And China’s military buildup of the past 10 to 15 years—“the most significant” in world history, he said— also “requires a kind of a different mindset.” 

    Michael said China is working to reverse-engineer advanced chips and to develop its own.

    “China is absolutely trying to indigenize their own TSMC. If you look at the supply chain of the ASML, TSMC, and Nvidia, [China is] trying to replicate that capability with their own domestic sources,” he said.

    Michael said he is seeking help from foreign countries such as Australia and South Korea, searching for more sources for chips, access to test ranges for hypersonic weapons, and more.

    Last month, he pared the list of critical technology areas that his office would pursue from 14 to six. (“14 priorities, in truth, means no priorities at all,” he said in a Nov. 17 video.) On Monday, he said that wide AI deployment would be his top priority. 

    “I'm going to put the capability in front of you so you can start learning, using it. We'll have training. We'll have support for deployed engineers, all that. And then you'll see innovations come from there.” 

    He said his office would soon announce acquisition changes along the lines of the Pentagon’s broader November announcement.

    Michael made his remarks days after the White House released a National Security Strategy that declared an intention to refocus the U.S. security and strategy toward the Western Hemisphere. He deferred policy questions to people “abiove his pay-grade’ but said that he was still “focused much more on other parts of the world”—particularly China, the potential adversary whose capabilities are closest to the Pentagon’s.

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • General Dynamics wants to turn competitors into teammates

    ·

    Two divisions of General Dynamics are looking to coworking spaces and brainstorming events to bring companies together to build, showcase, and ultimately deliver new technology faster.

    This week, General Dynamics Information Technology opened a new 5,200 square-foot digital lab called the Mission Emerge Center outside of Fort Belvoir, Va. The goal for the facility is to develop military technology alongside other companies, including cloud providers—and to show the Pentagon what works.

    It’s not always possible to show defense officials what new tech can actually do in their offices, so having a separate space could help show the Pentagon what’s possible. 

    “I've spent a lot of time in my life in uniform—and not in uniform—in the Pentagon, and there isn't the opportunity in the Pentagon to showcase this…to demonstrably show how it works,” Amy Gilliland, GDIT’s president, told reporters Dec. 2. “We can create solutions that we showcase here that are attached to a sandbox environment that we’re building where the customer can actually see things.”

    The project took more than a year, and the company’s strategy of  building a space for government customers to engage with developing technology and provide input, dovetails with the Pentagon’s call for defense contractors to take on more risk

    “If we are going to prevent and avoid war, which is what we all want, we must prepare now. Our adversaries are not sitting idly by. They're moving fast. They're developing and delivering new capabilities at a rate that should be sobering to every American,” Defense Secretary Pete Hegseth said during a Nov. 7 speech. “And frankly, at times, we've been too damn slow to respond.”

    “What the customer is telling us now is, you understand the mission, and you understand technology, and you need to anticipate what is coming next. So help us. Help us help ourselves. So that anticipatory piece is part of the investment, because if you don't invest ahead of time, by definition, you'll be late,” Gilliland said. 

    GDIT has pivoted in recent years from primarily a “very good executor of enterprise IT” to building products. That shift also marked a change from “one-off partnerships with commercial companies”  to those with “strategic collaboration agreements,” Gilliland said. 

    Earlier this year, GDIT gave new leaders in its emerging tech business a clear directive: understand what the Defense Department needs and find new companies with “promising” tech to work with that could potentially fulfill those needs. 

    “Those partnerships can ultimately end up being a teaming arrangement. They could be an acquisition in the future. They could be any number of things,” Gilliland said. “Part of the value proposition of an IT services company to a corporation like General Dynamics is very low invested capital. What I am leveraging is the R&D budgets of commercial companies, together with the mission understanding and expertise of this workforce and my technologists to bring forward the best that commercial tech has.” 

    And while each arrangement is different, the new facility was designed to encourage co-development. 

    “Companies are typically voluntarily contributing their R&D efforts alongside GDIT. We build these relationships to maximize impact, and facility access is part of that,”  Dale Hogan, GDIT’s information systems senior director, said via email. GDIT said it doesn’t charge companies for access to the lab. 

    Putting defense companies in close proximity isn’t new, but the idea could become more popular as the Pentagon courts business from smaller, non-traditional companies, which are often backed by private investors. 

    Instead of creating a new facility, General Dynamics Land Systems, which builds combat vehicles, plans to join a co-working space that caters to startups and investors in downtown Detroit

    “We actually just recently signed to become a full member of Newlab,” and start placing employees in the coworking space in the New Year, said Scott Taylor, who leads business development for General Dynamics Land Systems. “Because what we're realizing is—as much as we don't want it to be—the security protocols of the defense company compound that we're in [in Sterling Heights, Mich.] can be daunting at times…It can slow that ability to share emerging capabilities from the commercial sector back into the defense sector.”

    General Dynamics Land Systems tested Newlab's potential last week when it hosted an event for military leaders, investors, and drone companies to talk through challenges for ground troops, like battery life and resupply, and how to solve them.

    “Senior leaders in the Army—from the secretary to the chief—have been encouraging industry to start self organizing and bring a team of teams together to solve the Army and the Marine Corps’, land forces’, biggest problems, or present solutions” so the military can know what’s doable, Taylor said.

    The inaugural event, called the Maneuver Warfighter Industry Symposium, hosted  defense tech companies, such as Anduril, Palantir, Autonodyne, Primordial Labs, investors, and other representatives from General Dynamics entities. The plan is to do more next year, Taylor said.  

    “We all have a very similar common goal: We want to support the U.S. military, and our allies' needs,” Taylor said. “How we achieve that collaboration requires a little bit more thought and mature effort.” 

    Plus, the sheer competition and potential for billions of contract dollars can mean that working together may be riskier than it sounds—even if there’s a common goal. 

    “You fill a room with 24 companies, and some of [them] are competitors with each other. They're not always forthright in being very open…we recognize that that's a part of the risk. But what we thought was valuable is the opportunity to just figure out who had the most promising [proposals] to pursue some of these,” Taylor said. “Frankly, I think there's an opportunity for us to pull in several of our ‘competimates’.” 

    But while there seems to be demand, it will take time to find the right mix of companies to create something the Pentagon wants to buy. 

    “Do we have the right team put together? Not yet,” he said. “It's still in development right now. How we formalize that consortium remains to be seen.”

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶