The US Navy has successfully completed inaugural flight tests of a turbojet-modified Joint Direct Attack Munition (JDAM), a significant leap that extends the weapon's strike range to over 300 nautical miles. This new GBU-75 variant represents a five-fold increase in reach compared to previous versions, offering a substantial enhancement to standoff capabilities. Conducted off the coast of California, the tests validated safe separation, aircraft interface compatibility, and controlled powered flight.

The Pentagon's inaugural submarine czar, Vice Adm. Robert Gaucher, has candidly described the 2028 delivery target for the USS District of Columbia, the first Columbia-class submarine, as a "wicked heavy lift." This critical assessment highlights the immense challenges facing the program, even as Gaucher affirms that the tight deadline will not compromise the program's long-term integrity or its vital one-per-year production cadence. Currently, the lead vessel is approximately 65% complete, with full-rate construction not expected until the early 2030s.

Ukraine has achieved a groundbreaking first in modern warfare, successfully deploying an interceptor drone from an Unmanned Surface Vessel (USV) to shoot down a Russian Shahed kamikaze UAV at sea. This unprecedented demonstration, documented by the Ukrainian Defense Ministry's elite 412th Brigade Nemesis, introduces a sophisticated new layer of defense in the evolving landscape of drone-on-drone combat and maritime security.

As adversaries increasingly prioritize disrupting GPS, the vulnerability of autonomous drones in critical defense and logistics missions is growing. A new generation of 3D vision-based navigation systems offers a robust solution, enabling drones to maintain precise absolute positioning even when the Global Positioning System is denied or unreliable. This technology combines onboard cameras with high-resolution map data, fundamentally enhancing autonomous capabilities in contested environments.

In a significant move poised to accelerate the US Navy's unmanned ambitions, Anduril Industries has announced a strategic partnership with Scotland's Kraken Technology Group to co-produce small unmanned surface vessels (USVs). This collaboration will see Anduril integrating its advanced Lattice autonomy software and various payloads onto Kraken's K5 KRAKEN and K7 SABRE platforms, with Anduril leading US-based manufacturing and sustainment. The initiative directly supports the Navy's aggressive target of fielding a surface force comprised 45% of unmanned systems by 2045, marking a crucial step in modernizing maritime capabilities.

Amidst a string of concerning domestic incidents, the U.S. remains without a comprehensive national counterterrorism strategy, a critical document repeatedly delayed by White House counterterrorism adviser Sebastian Gorka. This ongoing void comes as national security officials express alarm over degraded U.S. capabilities, warning that resource cuts and political redirection under the Trump administration have left the nation vulnerable to escalating threats both at home and abroad.

Google has significantly bolstered web security for Windows users with the general availability of Device Bound Session Credentials (DBSC) in Chrome 146, a move aimed squarely at neutralizing the persistent threat of session theft. This crucial update cryptographically ties authentication sessions to a user's device, leveraging hardware-backed security to render stolen cookies useless to attackers. Months after its beta rollout, DBSC's broader release marks a major step in Google's fight against prevalent info-stealer malware families that routinely compromise user sessions.

A new report reveals that AI browser extensions are creating a critical, ungoverned AI consumption layer within enterprises, operating unseen and bypassing traditional security controls like DLP and SaaS logs. With one in six users employing these tools, which are 60% more vulnerable than average extensions, they present an unprecedented risk of sensitive data leaks. These extensions gain direct access to enterprise data, user inputs, and session tokens, posing a hidden but pervasive threat that has largely escaped security radars.

The GlassWorm campaign has taken another dangerous leap, now employing a novel Zig-compiled Node.js native addon to covertly compromise developer Integrated Development Environments (IDEs). This sophisticated new dropper, disguised within seemingly innocuous Open VSX extensions, targets not just VS Code but also VSCodium and various AI coding environments, marking a significant escalation in its stealth and reach across a developer's machine.

Adobe has issued urgent emergency patches for a critical Acrobat Reader flaw, CVE-2026-34621, which has been actively exploited as a zero-day vulnerability in the wild since late 2025. This prototype pollution issue allows for arbitrary code execution and has garnered a CVSS score of 8.6, prompting CISA to add it to its KEV catalog and mandate federal agencies apply fixes by April 27, 2026.

OpenAI has revoked its macOS app certificates following a supply chain compromise involving a malicious version of the Axios library, downloaded through a GitHub Actions workflow used for app signing. Attributed to the North Korean group UNC1069, this incident deployed the WAVESHAPER.V2 backdoor, prompting the AI giant to act with an "abundance of caution" despite no evidence of user data exfiltration or system compromise. The move underscores the pervasive threat of supply chain attacks, even for leading technology firms.

North Korea's advanced persistent threat group, APT37 (also known as ScarCruft), is behind a new multi-stage spear-phishing campaign that leverages Facebook social engineering to compromise military targets. The sophisticated operation involves building trust with victims via friend requests and Messenger conversations before luring them into installing a trojanized PDF viewer to deliver the RokRAT remote access trojan, under the guise of accessing encrypted military documents. This method highlights an evolving threat landscape where social media platforms are exploited as primary attack vectors.