By the N2K CyberWire staff
Top stories.
- President Trump signs an executive order on AI oversight.
- Anthropic is reportedly helping the NSA deploy Mythos.
- Acer warns of two maximum-severity zero-days.
- Critical Netlogon flaw is under active exploitation.
- Spanish National Police arrest suspect in government doxxing case.
- Five Eyes allies issue advisory on Chinese intelligence operations.
President Trump signs an executive order on AI oversight.
President Trump this week signed an executive order focused on AI oversight and innovation, calling for a voluntary review process through which the Federal government will have access to frontier AI models for thirty days before they are released to other trusted partners. This process will be organized by the "Secretary of the Treasury, the Secretary of War, through the Director of NSA, and the Secretary of Homeland Security, through the Director of CISA, in consultation with the White House Chief of Staff, through the National Cyber Director, the Assistant to the President for Science and Technology (APST), and the Secretary of Commerce, through the Director of the National Institute of Standards and Technology, and in coordination with other agencies."
The Treasury Secretary will also form an AI cybersecurity clearinghouse "in voluntary collaboration with the AI industry and operators of critical infrastructure, that coordinates and deconflicts scanning for software vulnerabilities, discovers and validates such vulnerabilities, and coordinates and prioritizes remediation and distribution of vulnerability patches."
Major technology firms, including Microsoft, OpenAI, Google, and Anthropic, publicly supported the revised order, calling it a reasonable balance between safety and innovation, according to the New York Times. However, some industry leaders remain concerned that government oversight could slow development in the rapidly evolving industry.
Former CISA director Jen Easterly said in a New York Times op-ed that the order serves as a good "first step to building a stronger federal strategy for safeguarding Americans from threats posed by AI," though she notes that "[a] voluntary framework cannot guarantee that government technical experts will be able to evaluate the most consequential capabilities of frontier models before those models are released, precisely when competitive pressure is greatest and a company has the strongest incentive to move quickly."
AI Security Brief: Intelligence for the AI-driven threat landscape.
AI Security Brief from TrendAI explores how AI is reshaping cybersecurity, from emerging attack techniques to zero-day research and real-world adversary activity. Join hosts Johnny Hand and Dustin Childs as they sit down with security leaders, practitioners, researchers, and policy experts to discuss the AI trends, risks, and decisions organizations cannot afford to ignore. Listen to AI Security Brief to get ahead of the threats and governance challenges shaping the future of security.
Anthropic is reportedly helping the NSA deploy Mythos.
Anthropic is helping the US National Security Agency (NSA) deploy its Mythos AI model for cybersecurity purposes, including potential offensive cyber operations, the Financial Times reports. Sources told the Times that Anthropic has around six "forward-deployed engineers" within the agency to help customize the model for specific applications. It's unclear if these workers are actively involved in operations. One source told the Times that Mythos would be useful for infiltrating the networks of adversary nations.
Anthropic announced earlier this week that it would distribute Mythos to 150 organizations across 15 countries, having previously limited its rollout to a few dozen US-based industry and government partners. The company is expanding access to critical infrastructure operators in the power, water, healthcare, communications, and hardware sectors. Anthropic noted, "What each partner has in common is that a successful attack on their codebase could be catastrophic. For most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security."
Acer warns of two maximum-severity zero-days.
Acer is working to fix two maximum-severity zero-days in its Wave 7 mesh routers, BleepingComputer reports. One of the flaws (CVE-2026-49200) is a broken access control vulnerability that can allow unauthenticated, remote attackers to access cleartext credentials stored in logs. The other (CVE-2026-49201) is a hard-coded credential issue that can "allow an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection."
Acer says the two vulnerabilities are scheduled to be fixed in upcoming firmware updates by the end of the month. In the meantime, the company advises customers to disable remote management.
Critical Netlogon flaw is under active exploitation.
Belgium's Centre for Cybersecurity (CCB) warns that threat actors are exploiting a critical Netlogon vulnerability that was patched in Microsoft's May 2026 Patch Tuesday updates, BleepingComputer reports. The vulnerability (CVE-2026-41089) is a stack-based buffer overflow that can allow an unauthorized attacker to execute code over a network.
The CCB stated, "To exploit this CVE, an attacker must send a specially crafted network request to a Windows server that is acting as a domain controller. If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system with SYSTEM privileges. It is now actively exploited in the wild. Exploitation does not require any prior privileges or user interaction and can be executed remotely. Patches are available for all versions of Windows Server from 2012 onward."
Spanish National Police arrest suspect in government doxxing case.
The Spanish National Police has arrested a suspect accused of stealing and leaking information on government employees, BleepingComputer reports. The individual allegedly leaked a massive amount of personal data belonging to workers at the State Attorney General's Office, the National Cybersecurity Institute, the National Police, the Civil Guard, and the National Security Council. The police noted that the nature of the leak carried national security risks.
The police stated, "The investigation, overseen by Madrid Investigative Court No. 22, began after authorities detected the mass dissemination of this data, which created an immediate risk to the security and integrity of both the affected individuals and the institutions themselves. Given the seriousness of the situation, an urgent operation to locate and arrest the perpetrator was launched, culminating last Wednesday, May 27, with the arrest of the perpetrator and a search of his home."
Five Eyes allies issue advisory on Chinese intelligence operations.
The Five Eyes allies issued a joint warning this week outlining Chinese intelligence campaigns that are using LinkedIn and other professional networking sites to target government and military personnel and people with peripheral access to privileged information.
The advisory states, "These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks, or human resources (HR) firms, and place online job advertisements for foreign policy and defence analysts (or similar). Successful candidates are pressured to provide 'non-public' information for unspecified clients who are associated with the Chinese government." The goal of the operation is "to acquire privileged military, political, and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes."
The alert was issued by the US FBI, the UK's MI5, and their counterparts in Australia, Canada, and New Zealand. The Washington Post notes that such joint warnings are rare, and this is the first time the agencies have combined to address threats spreading on job platforms.
