
The court draws a privacy line.
The Supreme Court limits geofence warrants. DHS moves to expand CISA. The State Department offers $10 million for Russian hackers. A legal theory could reshape EU-U.S. data sharing. Plus, cyberattacks hit D.C. housing, Oracle and SimpleHelp flaws face active exploitation, malware lingers on Japanese military networks, and stolen Apple supplier data surfaces online. John Cannava, CIO at Ping Identity, discusses how identity threats don't go on holiday. The Secret Service dial down the risk on BYOD.
Today is Tuesday June 30th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
The Supreme Court makes a landmark decision on geofence warrants.
In a landmark 6–3 decision, the U.S. Supreme Court ruled that police generally must obtain a warrant before accessing a person’s detailed Google Location History, strengthening constitutional protections for digital privacy. Writing for the majority, Justice Elena Kagan said people have a reasonable expectation of privacy in the location data generated by their smartphones, even when that information is stored by a third-party company like Google. The Court stopped short of deciding whether geofence warrants—which identify everyone present in a specific place at a specific time—are themselves constitutional, sending that question back to a lower court. The case stemmed from a 2019 Virginia bank robbery investigation in which police used a geofence warrant to identify suspect Okello Chatrie. Technology companies and privacy advocates praised the ruling, arguing that broad location requests can sweep up innocent people, while law enforcement maintained the data is an essential investigative tool.
DHS looks to staff up CISA.
Homeland Security Secretary Markwayne Mullin told Congress that the Cybersecurity and Infrastructure Security Agency’s biggest challenge is not funding but staffing. He said CISA is operating at roughly half strength and needs to hire about 600 experienced cybersecurity professionals to restore its role as the nation’s primary cyber defense agency. Mullin said President Trump has already met with a candidate to lead CISA and estimated it will take about a year to rebuild the agency once new leadership is in place. The agency has experienced significant turnover, with roughly one-third of its workforce departing during Trump’s second term and its election security efforts largely dismantled. Mullin warned that growing cyber threats from China, North Korea, Russia, and Iran require stronger public-private partnerships, arguing that CISA is essential to coordinating national cyber defense and cannot rely on private industry alone.
The State Department offers $10 million for info on notorious Russian hackers.
The U.S. State Department is offering up to $10 million for information leading to members of two Russia-linked hacking groups accused of targeting Signal and WhatsApp accounts belonging to government officials, journalists, and other high-profile individuals. According to the FBI, the groups use social engineering to steal verification codes, PINs, and backup recovery keys, allowing them to access encrypted message histories and even regain account access after victims create new accounts. The campaign is tied to Russian intelligence services and has targeted victims across Ukraine, Europe, and the United States.
The Unitary Executive theory could upend EU-U.S. data sharing.
A recent U.S. Supreme Court ruling embracing the “unitary executive” theory could upend the legal foundation of EU-U.S. data transfers. In Trump v. Wilcox (referred to by privacy advocates as the “Slaughter” decision), the Court held that the President generally has the authority to remove leaders of independent executive agencies, calling into question the independence of the Federal Trade Commission. Privacy group noyb argues this undermines the EU-U.S. Data Privacy Framework, which relies heavily on the FTC as an independent privacy regulator. The group says the ruling also weakens other transfer mechanisms, such as Standard Contractual Clauses, that depend on independent U.S. oversight. While the current framework remains in force unless the European Commission repeals it or European courts invalidate it, noyb has urged the Commission to withdraw the agreement and plans to challenge it before the EU’s highest court.
The D.C. Housing Authority suffers a cyberattack.
The D.C. Housing Authority has confirmed it was hit by a cyberattack that compromised its systems, leaving staff unable to access files and knocking its website offline. The incident has also disrupted constituent services, with officials unable to process requests while recovery efforts continue. It is not yet known whether any personal information was exposed. The District’s Office of the Chief Technology Officer said it is providing technical guidance to DCHA, which operates its own technology infrastructure, as the agency and its incident response team investigate the breach.
A critical Oracle E-Business Suite vulnerability is under active exploitation.
Threat actors have begun actively exploiting a critical Oracle E-Business Suite vulnerability, tracked as CVE-2026-46817, just weeks after Oracle released a patch. The flaw, which carries a CVSS score of 9.8, allows unauthenticated attackers to remotely take over Oracle Payments. Threat intelligence firm Defused detected the first exploitation attempts against its EBS honeypots over the weekend, despite no public proof-of-concept exploit being available. Organizations are urged to apply Oracle’s May security update immediately, as Oracle enterprise products remain frequent targets for cybercriminals and ransomware groups.
Malware-infected USB drives sat on sensitive Japanese military networks for nearly a year.
Leaked documents reveal that Japan’s Ground Self-Defense Force unknowingly used counterfeit, malware-infected USB drives on sensitive military networks for nearly a year. The drives, reportedly introduced during 2024 earthquake relief efforts outside normal procurement channels, were connected to more than 50 computers, including systems handling classified troop movement data. Investigators linked the malware to a previously identified Chinese hacking operation, although Japan’s Defense Ministry said the malware only self-replicated and showed no signs of data theft. The incident raises concerns about supply chain security and the risks of bypassing standard procurement procedures during emergencies, particularly as similar counterfeit USB drives remain widely available through online retailers.
A critical authentication bypass flaw in SimpleHelp remote-support software is under active exploitation.
A critical authentication bypass flaw in SimpleHelp remote-support software, tracked as CVE-2026-48558, is being actively exploited to compromise managed service providers and their customers. The vulnerability, which carries a maximum CVSS score of 10.0, allows attackers to impersonate privileged technicians without authentication by exploiting improper validation of OpenID Connect login tokens. Researchers observed attackers using the flaw to deploy a new cross-platform malware called Djinn Stealer, which targets cloud credentials, developer secrets, GitHub and SSH keys, cryptocurrency wallets, and AI coding assistant tokens. CISA has added the bug to its Known Exploited Vulnerabilities catalog, urging organizations to immediately patch affected SimpleHelp servers, investigate for signs of compromise, and rotate any potentially exposed credentials.
Sensitive files stolen from Apple’s Indian supplier are shared online.
Sensitive files stolen from Apple’s Indian supplier, Tata Electronics, have reportedly been published by a ransomware group, exposing supplier lists, component information, and photos of unreleased iPhone 18 Pro models. The leak could reveal closely guarded details about Apple’s global manufacturing network, potentially benefiting competitors, counterfeiters, and other suppliers. Tata has become one of Apple’s most important manufacturing partners outside China as the company expands production in India. The incident comes as Apple faces rising hardware costs and is expected to increase iPhone prices.
Separately, Apple announced it will release security updates more quickly rather than waiting for major iOS releases, saying advances in AI-assisted hacking have shortened the window between vulnerability disclosure and active exploitation.
The Secret Service dials down the risk on BYOD.
The U.S. Secret Service has discovered a truth familiar to office workers everywhere: nobody wants to carry two phones. Unfortunately, according to a Department of Homeland Security inspector general report, that convenience came at a steep security cost. Agents routinely relied on personal smartphones during protective missions because government-issued devices lacked the tools they needed, even though agency policy prohibited it. Investigators found more than 15,000 work-related calls involving personal phones during protective operations and identified employees who regularly used personal devices on overseas assignments, sometimes even as hotspots for government laptops. The report also found government-issued phones lacked modern mobile threat protections until 2025 and were not consistently wiped after foreign travel, leaving opportunities for foreign adversaries to intercept communications or track sensitive movements. The watchdog recommended five improvements, including better-equipped government devices, stronger security controls, mandatory training, and stricter enforcement. The Secret Service agreed with all of the recommendations—proof that sometimes the easiest call is admitting your phones need an upgrade.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry. Learn how at n2k.com.
N2K’s lead producer is Liz Stokes. We’re mixed by Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.
