Point(s) of Contact
Pamela Hamilton / FSO
843.327.3273
pamela@appliedsecurityknowledge.com
Dr. Sadia Husain / ITPSO
sadia.husain@garudtechnology.com
DoD Hotline
dodig.mil/hotline / 800.424.9098
SOURCE: GovInfo Security by Chris Riotta – February 10, 2026
Image: Ramunas Bruzas/Shutterstock
Cyberthreats targeting the defense industrial base are expanding beyond traditional espionage into supply-chain attacks, workforce infiltration and battlefield-adjacent cyber operations, according to a new threat intelligence report published Tuesday by Google.
Google's Threat Intelligence Group describes a "relentless barrage" of cyber operations against defense contractors, aerospace firms and manufacturing suppliers supporting military capabilities, driven in large part by Chinese, Russian, Iranian and North Korean threat actors. The expanded operations targeting the U.S. defense industrial base come as geopolitical conflicts have increasingly featured campaigns targeting commercial supply chains and contractor networks.
Google warns in the report that Russian espionage groups and hacktivists are continuing attempts to compromise organizations involved in aiding Ukraine push back Russian invaders, targeting firms involved in building drones and developing battlefield communications systems and surveillance technologies. Recent campaigns have included phishing operations against Ukrainian military personnel, malware targeting mobile battlefield-management applications and attempts to access encrypted messaging platforms used by troops, the report said.
SOURCE: nextgov.com by David DiMolfetta – February 6, 2026
Foreign adversaries are using fake jobs and consulting gigs to coax secrets from former U.S. officials. It's had results, and the efforts don't appear to be slowing.
Over the past year, waves of federal layoffs have left thousands of government employees and contractor clients suddenly out of work. For foreign intelligence services, that disruption has opened new opportunities. With more former U.S. officials seeking employment or freelance work — often in specialized national security fields — adversaries, namely China, have stepped in, posing as consulting firms, research groups and recruiters.
The efforts aren't tied to traditional signals intelligence or hacking. They've instead relied on human contact: conversations that begin over email or job platforms and evolve into targeted efforts to extract sensitive information. It's a form of classic human intelligence — or HUMINT, in spy terms — adapted to the everyday churn of online job hunting that's become all too familiar to thousands of Washingtonians and others swept up in the wave of federal layoffs.
SOURCE: National DEFENSE by Tyler R. Bridegan, Luke Cass and Joshua A. Mullen – January 10, 2026
Over the past year, the new administration has strongly signaled that it has every intention of continuing to scrutinize federal contractors' cybersecurity practices and to continue the fight against new and emerging cyber threats to the security of sensitive government information and critical systems.
On the rulemaking front, the Pentagon recently amended the Defense Federal Acquisition Regulation Supplement to incorporate the standards of the Cybersecurity Maturity Model Certification program. The final rule took effect on Nov. 10 but has a phased implementation over the next few years and mandates that contractors achieve a specific CMMC level before contract award.
The final rule also introduces a framework for assessing contractor compliance with cybersecurity requirements, including self-assessments and third-party assessments. After contract award, contractors must maintain their CMMC status throughout the contract's duration and provide affirmations of continuous compliance.
On the enforcement front, the government's Civil Cyber-Fraud Initiative has continued to ramp up its cybersecurity enforcement efforts over the past year. Since the initiative was first launched in 2021, the Justice Department has announced approximately 15 settlements against federal contractors. However, in a clear sign that cybersecurity enforcement is continuing to heat up, six of these settlements have come since June.
SOURCE: ExecutiveGov by Jane Edwards – February 2, 2026
The General Services Administration has issued an updated IT security procedural guide outlining processes to ensure that nonfederal systems and organizations protect controlled unclassified information, or CUI, in accordance with the requirements of GSA and the National Institute of Standards and Technology.
As federal agencies continue to update guidance on how contractors protect sensitive information, events like the Potomac Officers Club's 2026 Cyber Summit offer an opportunity to stay informed about the broader federal cyber environment. Register early to save your seat at this May 21 event!
Issued on Jan. 5, the document, Protecting CUI in Nonfederal Systems and Organizations Process CIO-IT Security-21-112, Revision 1, requires compliance with specific security requirements outlined in NIST Special Publication 800-171r3 and NIST SP 800-172r3 (draft).
SOURCE: CDSE
SOURCE: ClearanceJobs by John Davis - January 31, 2026
Our world has become stranger by the day. Recently, China declared "dangerous" those small souvenir trinkets their travelers might pick up at conferences overseas or at international university events. You know the gifts they mean. These are the ubiquitous bracelets, backpack pins, keychains, free USBs, and any other types of inexpensive handouts a conference booth attendant may offer. The Chinese Counter-espionage Services warn that these small items could be used to spy on China.
How they would work is as follows. First, the unsuspecting Chinese scholar goes to a conference. He wanders past all the booths, collecting swag at each one, meeting colleagues at the coffee gatherings during breaks, and attending presentations. At each step of the way, he is subject to nefarious spies. These spies seek to 'force a gift,' a small memento, on our unwary Chinese traveler. Said traveler goes home, or, more usefully for the mysterious purposes of China's adversaries, to his workplace. There, at his work desk, the insidious device is activated once attached to his computer. He is utterly unwitting of any of this. Could it be that all conversations, electronic messages, and communications via phone or computer are compromised using some free gift? And all of this happens because our traveler accepted an almost forgettable USB or similar handout from a booth at a scholarly gathering?
SOURCE: US Army
The Department of the Army Criminal Investigation Division Cyber Field Office has resources such as Cyber Crime Prevention Flyers and Army CID Lookout articles to help Soldiers and their Families stay safe on social media.
If you have been, or you know someone who has been, the victim of an online or social media scam, visit www.cid.army.mil/tips for information, or submit an anonymous tip to Army CID at "Submit a Tip - Report a Crime".
Operations Security is the process of protecting sensitive and critical unclassified information that can be used against us. Its purpose is to prevent potential adversaries from discovering critical DOD information. OPSEC protects U.S. operations - planned, in progress and completed. Success depends on secrecy and surprise, so the military can accomplish the mission more quickly and with less risk. Our enemies want this information, and they are not just after military members to get it.
Soldier and Family Readiness Groups, Army spouses and Army family members need to know that posting sensitive information can be detrimental to Soldier safety.
SOURCE: FBI.gov
"Hello, Ed," the note began. "Please, read this letter very attentively. Today, as I have already noticed we have a lot of work to do: 1) Receive your material. 2) Make our first payment to you."
"Ed" was actually Art Lindberg—a lieutenant commander in the Navy and a double agent recruited by the Naval Investigative Service and the FBI in the spring of 1977. At the time, we suspected the Soviets were using their U.N. office as a front for espionage—specifically, to spy on U.S. Navy operations in New York and New Jersey. Lindberg's modest income, impending retirement, and information access made him a perfect candidate to fool the Soviets into believing he would sell secrets for cash.
It worked. The letter was one of many communications sent by the Soviets to Lindberg, often in stilted English, after they took the bait in August 1977 until the following spring when we arrested two Soviet officials.
At the outset, FBI Headquarters dubbed the spy case "Operation Lemon-Aid." The name had no meaning, but as the case developed, it seemed to fit more and more.
SOURCE: CDSE
Randomized for every game so it's not the same for everyone.
SOURCE: IBM by Rina Diane Caballar
Artificial intelligence (AI) has enormous value but capturing the full benefits of AI means facing and handling its potential pitfalls. The same sophisticated systems used to discover novel drugs, screen diseases, tackle climate change, conserve wildlife and protect biodiversity can also yield risks. These risks can range from biased algorithms that cause harm to even technologies that threaten security, privacy and even human existence.
Here's a closer look at 10 dangers of AI and actionable risk management strategies. Many of the AI risks listed here can be mitigated, but AI experts, developers, enterprises and governments must still grapple with them.