A recent incident saw the official Bitwarden CLI npm package briefly compromised, distributing a malicious version designed to steal developer credentials by exploiting a GitHub Action in the company's CI/CD pipeline. While Bitwarden quickly removed the rogue package and confirmed no end-user vault data was at risk, the attack successfully targeted crucial developer access keys over a 1.5-hour window. This event, linked to a prior supply chain incident by Checkmarx, highlights a persistent vulnerability within the software distribution ecosystem.

A newly identified threat activity cluster, UNC6692, is leveraging sophisticated IT helpdesk impersonation via Microsoft Teams to deploy a custom modular malware suite known as SNOW. This elaborate attack chain first involves an email bombing campaign to overwhelm targets, followed by the threat actors offering fake support to senior-level employees through external Teams chats, ultimately leading to the execution of SNOW malware via a phishing link and AutoHotkey script.

The U.S. Marine Corps and Navy are intensifying their collaboration to address a critical shortfall in the nation's amphibious fleet, which currently stands at an inadequate 31 ships and faces a projected readiness rate of a mere 41% by 2025. This joint effort, highlighted by Marine Corps Commandant Gen. Eric Smith, signals a unified commitment to enhance both the size and availability of these vital vessels, deemed insufficient for current global operational demands. The services aim to achieve this through a multifaceted strategy encompassing maintenance optimization, service life extensions for existing ships, and the procurement of new platforms such as the Damen LST-100 design.

Ukraine has reportedly achieved a world-first in drone warfare, with its 412th Brigade Nemesis successfully using an unmanned surface vessel (USV) to deploy a Sting interceptor drone against a Russian Shahed. This innovative method signifies a major advancement in Ukraine's air defense capabilities, particularly over the Black Sea, offering a new layer of protection against persistent Shahed attacks that have plagued its cities and strained its air force. The development underscores the rapid evolution of drone tactics in the ongoing four-year conflict, where cheap, domestically manufactured UAVs have become critical tools for both sides.

The U.S. Navy has commenced a comprehensive audit of the cost and design efficacy for its upcoming Gerald R. Ford-class aircraft carriers, the USS William J. Clinton and USS George W. Bush. This significant review, initiated by former Navy Secretary John Phelan just before his recent ouster, aims to align carrier expenditures with the Navy's budget while scrutinizing the value proposition of systems like EMALS and projected sortie rates compared to the Nimitz-class. Phelan emphasized the necessity of examining both build and long-term sustainment costs in light of the carriers' substantial budgetary impact.

The Department of the Air Force (DoAF) has selected Antares, Radiant, and Westinghouse to develop strategic nuclear microreactors, with initial deployment slated for Joint Base San Antonio, Buckley Space Force Base, and Malmstrom Air Force Base. This move signifies a major step toward enhancing energy resilience and operational independence for key U.S. military installations, aiming for at least one operational microreactor by 2030. The selections stem from the Advanced Nuclear Power for Installations (ANPI) program, a joint effort with the Defense Innovation Unit.

The Pentagon's ambitious Golden Dome project, a $185 billion endeavor to revolutionize missile defense, has unveiled its first public component: the Army's ALPS radar system. This debut, featuring the advanced Long-Range Persistent Surveillance radar, marks a significant step for a program previously considered theoretical, as program manager Gen. Michael Guetlein emphasized the need to demonstrate tangible progress to justify its massive budget. Alongside hardware showcases, new initiatives like the "Ecosystem Hub" and "Apex Arc" data lake with AI sandboxes are designed to foster deeper integration across industry, academia, and allied partners.

Joint Chiefs Chairman Gen. Dan Caine has declared autonomous weapons an "essential part" of future U.S. military operations, signaling a clear strategic pivot towards AI integration across the Department of Defense. This assertion, made during a Vanderbilt University summit, underscores the military's intent to normalize early adoption of evolving technologies, including large language models. The move reflects an aggressive push to automate national security decisions, aiming to mirror widespread civilian AI usage within the Pentagon.

The Department of Defense has finalized a $1 billion investment in L3Harris Technologies' missile production unit, largely comprised of the former Aerojet Rocketdyne, ahead of its anticipated initial public offering later this year. This significant capital infusion, structured as a convertible preferred security with warrants, aims to dramatically boost rocket motor factory capacity amidst surging global demand for munitions. The move is designed to expand the unit's manufacturing capabilities to address critical shortages and enhance the U.S. industrial base.

The U.S. Army is creatively adapting its long-serving AH-64 Apache helicopters to counter the growing threat of sophisticated enemy drones, leveraging them for cost-effective operations against Group 3-5 Unmanned Aerial Systems (UAS). This strategic pivot, informed by critical lessons from conflicts in Ukraine and Iran, aims to integrate existing attack aviation assets directly into theater air defense architectures using specialized proximity-fuzed munitions. By equipping Apaches with 30mm proximity-fuzed shells and guided rockets, the Army intends to preserve its more expensive, high-end interceptors for other critical roles.

Cosmetics giant Rituals has confirmed a data breach affecting its 'My Rituals' loyalty program, potentially exposing the personal identifiable information (PII) of over 41 million members. The stolen data includes names, email addresses, phone numbers, dates of birth, genders, and home addresses, though the company assures that no passwords or payment information were compromised. This incident, discovered earlier this month after alerts of unauthorized downloads, has prompted Rituals to notify authorities and launch a forensic investigation.

Vercel has revealed a significant expansion of its security breach investigation, identifying additional compromised customer accounts beyond its initial disclosure. The incident, traced to a supply chain attack originating from Context.ai via the Lumma Stealer malware on an employee's system, underscores the persistent and evolving threat landscape facing cloud infrastructure providers and their users.