Top stories.
- President Trump signs the 2026 National Defense Authorization Act.
- Denmark attributes destructive cyberattacks to Russia.
- US Justice Department charges 54 in ATM malware scheme.
President Trump signs the 2026 National Defense Authorization Act.
President Trump last night signed the $901 billion 2026 National Defense Authorization Act (NDAA), which authorizes record spending for national security programs, the Record reports. The bill passed with bipartisan support and contains major cybersecurity provisions. Notably, the bill preserves the long-debated dual-hat leadership of US Cyber Command and the National Security Agency by barring Pentagon funds from weakening the Cyber Command commander’s authority. Trump also nominated Army Lt. Gen. Joshua Rudd to lead both organizations.
The NDAA allocates approximately $417 million to Cyber Command: $73 million for digital operations, $30 million for unspecified activities, and $314 million for operations and maintenance at its Fort Meade headquarters. The Act also mandates secure, encrypted mobile devices for senior Defense Department leaders, following criticism by the Pentagon’s inspector general regarding insecure communications.
Denmark attributes destructive cyberattacks to Russia.
The Danish Defence Intelligence Service (DDIS) has blamed Moscow for destructive cyberattacks against critical infrastructure in Denmark, BleepingComputer reports. The DDIS attributed a destructive attack on a Danish water utility in 2024 to the pro-Russian group Z-Pentest, and says the NoName057(16) group launched DDoS attacks against election infrastructure in November 2025.
The agency stated, "The Russian state uses both groups as instruments of its hybrid war against the West. The aim is to create insecurity in the targeted countries and to punish those that support Ukraine....The DDIS assesses that the Danish elections were used as a platform to attract public attention – a pattern that has been observed in several other European elections."
US Justice Department charges 54 in ATM malware scheme.
The US Justice Department has charged 54 individuals for their alleged roles in a major ATM jackpotting scheme, Infosecurity Magazine reports. The defendants are accused of belonging to the Venezuelan crime syndicate Tren de Aragua (TdA), which has been targeting ATMs as an additional revenue stream.
The Justice Department explains, "The alleged conspiracy developed and deployed a variant of malware known as Ploutus, which was used to hack into ATMs and force ATMs to dispense cash. The conspiracy relied on the recruitment of a number of individuals to deploy Ploutus malware nationwide. Members of the conspiracy and TdA would travel in groups, using multiple vehicles, to the locations of targeted banks and credit unions. These groups would conduct initial reconnaissance and take note of external security features at the ATMs."
Justice continues, "Following this reconnaissance, the groups would open the hood or door of ATMs and then wait nearby to see whether they had triggered an alarm or a law enforcement response. The groups would then take steps to install malware on the ATMs, by removing the hard drive and installing the malware directly, by replacing the hard drive with one that had been pre-loaded with the Ploutus malware, or by connecting an external device such as a thumb drive that would deploy the malware. The Ploutus malware’s primary purpose was to issue unauthorized commands associated with the Cash Dispensing Module of the ATM in order to force withdrawals of currency."
