The Trump administration wants your voter data.

Since President Donald Trump took office in January, the Department of Justice has made an ambitious effort to collect sensitive voter data from all 50 states, including information that one election expert described as “the holy trinity” of identity theft: Social Security numbers, driver’s license numbers and dates of birth.

In states where Trump’s party or allies control the levers of government, this information is handed over willingly. In states where they do not, the DOJ has formally asked, then threatened and then sued states that refuse. The department has also claimed many of these reluctant states are failing to properly maintain their voter registration rolls, and has pushed states to more aggressively remove potentially ineligible voters.

This week, Democrats in the House and Senate introduced new legislation that seeks to defang those efforts by raising the legal bar for states to purge voters based on several factors, such as inactivity or changing residency within the same state.

The Voter Purge Protection Act, introduced by Sen. Alex Padilla, D-Calif., and Rep. Joyce Beatty, D-Ohio, would amend the National Voter Registration Act to make it more difficult for states to kick large numbers of voters off their rolls for actions that Democrats — and many election officials — say are common, overwhelmingly benign and not indicative of voter fraud.

Padilla told reporters that the legislation would help ensure “that Americans cannot be stripped of their right to vote without proof that a voter has either passed away or has permanently moved out of their state.”

Voters targeted for removal must also be notified by election officials “so that there’s no surprise when they show up to vote on election day that their name is not on the list and it’s too late to address whatever the issue may or may not be,” Padilla said.

Beatty pointed to her home state, where Republican Secretary of State Frank LaRose removed more than 155,000 voters from active voter rolls in 2024, as an example where federal protections are needed. The primary factor for purging those voters were records showing they had not cast a ballot in an election for the past four years.

She claimed more than half of the voters who stand to be affected by similar purges in 2025 and 2026 are registered in counties where demographic minorities make up a majority of voters.

“Let me be clear: voting is not use-it-or-lose the right, because too often these so-called voter purges have silenced voices, people of color, people of low income communities, and even our seniors who have waited and fought for the right to vote,” Beatty said.

Meanwhile, a comprehensive post-election audit conducted by LaRose’s office in 2024 identified and referred 597 “apparent noncitizens” on state voter rolls to the state Attorney General for further review, out of 8 million state voters. Critically, 459 of those registered voters never cast an actual ballot, and similar audits performed by LaRose in 2019, 2021 and 2022 found that such people made up similarly miniscule percentages of all active registered voters in the state. Last month, his office put out a press release touting an additional 78 “apparent noncitizens” registered, 69 of whom had no evidence of voting.

“States have the responsibility to keep accurate voter rolls and ensure election integrity,” LaRose added. “In order to meet that responsibility, we need more access to data from the federal government. I will continue to push until we have the resources we need to do our jobs to the standard Ohioans deserve.”

As any state election official will tell you, voter registration lists are never static — every day, people die, get married (or divorced), take on different names, become naturalized citizens or experience a range of other life events that can impact their registration status or result in outdated information. Further, it’s not typically viewed as unusual or a sign of fraud when voters sparingly make use of their registration to vote, though most election experts endorse some level of database maintenance to remove inactive voters.  

But it is often these discrepancies that get highlighted by Trump and state allies as evidence of unacceptably messy voter rolls that justify stricter removal policies.

And there are election officials — mostly in Republican-controlled states — who have embraced the philosophy that even small numbers of questionable registrations or voter fraud must be aggressively stamped out or it will lead to American voters losing faith in their democracy. LaRose and Georgia Republican Secretary of State Brad Raffensperger have long championed a similar approach to voter maintenance, and have called for Congress to pass laws making it easier for states to remove voters during election years.

“List maintenance is about election security and voter confidence,” Raffensperger said last month while announcing that approximately 146,000 Georgia voters would be moved to inactive voter rolls, including 80,754 voters who had moved to another county within the state. “We want every Georgian to have full faith in the system, knowing that our elections are free, fair — and fast.”

Critics have pointed out that states already have numerous, effective means for preventing mass voter registration or fraud that have been borne out by post-election audits finding very low instances of fraud, and that overly harsh policies around list maintenance can and do end up disenfranchising far more eligible voters than bad actors. Further, they argue against removing large numbers of voters without a robust follow-up process from states to give affected voters an opportunity to appeal or address any discrepancies that may affect their registration.

The bill has 22 Democratic co-sponsors in the Senate and 24 in the House but is unlikely to gain serious consideration under a Republican-controlled Congress, where most GOP members have long believed voter fraud is rampant and are broadly supportive of state and federal efforts to remove voters based on those same factors.

Asked by CyberScoop how Democrats would navigate that reality, Padilla said the legislation was part of a broader overall effort to push back on these efforts at all levels of constitutional governance. That includes states fighting to protect their constitutional role as administrators of elections when denying data requests from the federal government, within the court system as states and voting rights groups fight in court to block the administration’s use of the SAVE database as a pretext for voter removal, and through public awareness and politics.

Teeing up legislation to prevent states from potentially disenfranchising voters from spurious purges, he said, is part of asserting Congress’ constitutional role in a much broader fight about the way elections are run.

“We’re pushing back on it at every turn and calling attention to it, so that voters understand what they may be facing and make all the necessary preparations so that their right to vote is not denied, whether it’s in next year’s midterm elections or even other regular or special elections before then,” Padilla said.

The post Dems introduce bill to halt mass voter roll purges  appeared first on CyberScoop.

A coordinated Israeli-backed network of social media accounts pushed anti-government propaganda — including deepfakes and other AI-generated content — to Iranians as real-world kinetic attacks were happening, with the goal of fomenting revolt among the country’s people, according to researchers at Citizen Lab.

In research released this week, the nonprofit — along with Clemson University disinformation researcher Darren Linvill — said the so-called PRISONBREAK campaign was primarily carried out by a network of 50-some accounts on X created in 2023, but was largely dormant until this year.

The group “routinely used” AI-generated imagery and video in their operations to try to stoke unrest among Iran’s population, mimic real news outlets to spread false content and encourage overthrow of the Iranian government.

Israel’s military campaign in Gaza, launched following a coordinated attack by Hamas in October 2023, eventually expanded to include air strikes in Lebanon and Yemen.

In June, Israel Defense Forces launched an attack against Iranian nuclear facilities while also targeting senior Iranian military leaders and nuclear scientists for assassination. Those strikes expanded to other Iranian targets, like oil facilities, national broadcasters and a strike on Evin Prison in Tehran.

In the early days of the conflict, the networks shared images and videos — of uncertain authenticity — claiming to show Iran in a state of chaos and instability.

One widely circulated video, likely altered with AI, depicted people standing in line at an ATM before breaking into a riot, accompanied by messages like “The Islamic Republic has failed!” and “This regime is the enemy of us, the people!”

But the bulk of Citizen Lab’s research focused on the period between June 13-24, 2023, during the “12 Day War” between Israel and Iran and social media activity during and after a real June 24 Israeli airstrike on Evin Prison. The facility is known for housing thousands of political prisoners and dissidents of the Iranian regime, and organizations like Human Rights Watch have tracked incidents of mistreatment, torture and executions.

The strike happened between 11:17 a.m. and 12:18 p.m. Iranian local time. By 11:52 a.m., accounts associated with the network began posting about the attack, and at 12:05 p.m., one posted an AI-generated video purporting to show footage of the attack, tricking several news outlets into sharing the content as genuine.

“The exact timing of the video’s posting, while the bombing on the Evin Prison was allegedly still happening, points towards the conclusion that it was part of a premeditated and well-synchronized influence operation,” wrote researchers Alberto Fittarelli, Maia Scott, Ron Deibert, Marcus Michaelsen, and Linvill.

Other accounts from the network began quickly piling on, spreading word of the explosions, and by 12:36 p.m., accounts were explicitly calling for Iranian citizens to march on the prison and free the prisoners.

Most of the posts failed to gain traction with online audiences except for one. A message calling on “kids” to storm Evin Prison to free their “loved ones” also contained a video with AI-generated imagery spliced with real footage of Iranian citizen repression.   It managed to rack up more than 46,000 views and 3,500 likes.

“This second video about the Evin Prison, which shows the hallmarks of professional editing and was posted within one hour from the end of the bombings further strongly suggests that the PRISONBREAK network’s operators had prior knowledge of the Israeli military action, and were prepared to coordinate with it,” researchers wrote.

Those posts and others by PRISONBREAK operators led researchers to believe the campaign — still active as of today — is being carried out by either an Israeli government agency or a sub-contractor working on behalf of the Israeli government. 

The press office for the Israeli embassy in Washington D.C., did not immediately respond to a request for comment from CyberScoop.

Despots — and democracies — fuel disinformation ecosystem

It’s not the first time the Israeli government has been tied to an online influence campaign related to the Gaza conflict, nor would it be the first time the country has reportedly tapped private industry to wage information warfare.

Last year, researchers at Meta, OpenAI, Digital Forensic Research Lab and independent disinformation researcher Marc Owen Jones all tracked activity from a similar network on Facebook, X and Instagram that targeted Canadian and U.S. users with posts calling for the release of Israeli hostages kidnapped by Hamas, criticism of U.S. campus protests against Israeli military operations and attacks against the United Nations Relief and Works Agency.

Meta and OpenAI both flagged STOIC, a firm based in Tel Aviv that is believed to be working on behalf of the Israeli government, as behind much of the activity.

Citizen Lab’s report identified two other Israeli firms, Team Jorge and Archimedes Group, that sell disinformation-for-hire services to government clients.

“Both companies offered their services to a wide array of clients globally, used advanced technologies to build and conduct their covert campaigns, and advertised existing or prior connections to the Israeli intelligence community,” Citizen Lab researchers wrote.

While Western threat intelligence companies and media outlets can present disinformation campaigns as mostly a tool of autocratic or authoritarian countries, researchers have warned that democratic governments and private industry are increasingly playing key roles in information warfare.

David Agranovich, Meta’s senior policy director for threat disruption, told CyberScoop last year that commercial marketing firms provide governments an additional layer of obfuscation when attempting to manipulate public opinion without leaving direct digital fingerprints.

“These services essentially democratize access to sophisticated influence or surveillance capabilities, while hiding the client who’s behind them,” Agranovich said.

The post Researchers say Israeli government likely behind AI-generated disinfo campaign in Iran appeared first on CyberScoop.

Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant’s E-Business Suite, according to researchers who spoke with CyberScoop. 

Researchers haven’t confirmed the veracity of Clop’s claimed data theft, but multiple investigations into Oracle environments belonging to organizations that received the emails are underway.

“We are currently observing a high-volume email campaign being launched from hundreds of compromised accounts,” Mandiant Consulting CTO Charles Carmakal told CyberScoop. “The malicious emails contain contact information, and we’ve verified that the two specific contact addresses provided are also publicly listed on the Clop data leak site,” he added.

Clop hasn’t made the claims public through its leak sites.

Oracle on Thursday confirmed it’s aware some Oracle E-Business Suite customers have received extortion emails.

“Our ongoing investigation has found the potential use of previously identified vulnerabilities that are addressed in the July 2025 critical patch update,” Rob Duhart, chief security officer at Oracle Security, said in a blog post.

Oracle did not say which vulnerabilities are under active exploitation, nor did it confirm if its customers’ data was stolen. The July security update included 309 patches, including nine that addressed defects in Oracle E-Business Suite. 

The vendor, at the time, said three of the Oracle E-Business Suite vulnerabilities, all of which it designated as medium-severity, can be remotely exploited without authentication. Three additional Oracle E-Business Suite vulnerabilities addressed in July were designated high severity. 

The company has not responded to multiple requests for comment. 

The extortion activity involves targeted emails sent to company executives from hundreds of compromised third-party accounts beginning on or before Sept. 29, according to Genevieve Stark, head of cybercrime and information operations intelligence analysis at Google Threat Intelligence Group.

“It is not yet clear whether the threat actor’s claims are credible, and if so, how they obtained access,” Stark told CyberScoop.

While the tactics and contact email addresses align with Clop, researchers have yet to verify if the financially-motivated group is behind the attacks.

Clop is a highly prolific and notorious ransomware group that has successfully intruded multiple technology vendors’ systems, allowing it to steal data on many downstream customers. 

The financially motivated threat group specializes in exploiting vulnerabilities in file-transfer services to conduct large-scale attacks. Clop achieved mass exploitation as it infiltrated MOVEit environments in 2023, ultimately exposing data from more than 2,300 organizations, making it the largest and most significant cyberattack that year.

The extortion emails originate from hundreds of compromised third-party accounts at various legitimate websites, and not from one specific vendor, said Austin Larsen, principal analyst at GTIG. “The claim within those emails is that they have stolen data from the Oracle E-Business Suite of the targeted organizations,” he added. 

The emails observed by researchers don’t contain a specific demand, but pressure victims to contact the threat group to start negotiations.  

“The primary indicators of this new campaign are the extortion emails themselves and the use of email addresses associated with the Clop data leak site,” Stark said. “At this time, we do not have evidence of a successful data breach or a specific malware family associated with this particular campaign.”

Investigators are working through the night to confirm if and how attackers gained access to Oracle’s E-Business Suite and the extent to which Oracle customers may be impacted.

Update: 10/02/25, 5:30 p.m.: This story has been updated with information about Oracle’s security alert.

The post Oracle customers being bombarded with emails claiming widespread data theft appeared first on CyberScoop.

The Trump administration is signaling to industry and allies that it is considering a broader set of actions related to quantum computing, both to improve the nation’s capacity to defend against future quantum-enabled hacks and ensure the United States promotes and maintains global dominance around a key national security technology.

The discussions include potentially taking significant executive action, such as one or more executive orders, a national plan similar to the AI Action Plan issued earlier this year, and a possible mandate for federal agencies to move up their timelines for migrating to post-quantum protections, multiple sources told CyberScoop.

None of the sources CyberScoop spoke with could provide a definitive timeline for an official rollout, but multiple executives in the quantum computing industry and former national security officials said the White House has signaled serious interest in taking bolder action to promote and shape the development of the technology. Some felt official announcements could come as soon as this week, while others cautioned the process could stretch into the coming months.

While quantum computers capable of breaking through classical encryption currently remain a theoretical threat, both government and industry have spent years planning for the day when the threats become real.

A major element of that plan has been slowly switching out older encryption algorithms in IT infrastructure for newer “post quantum” algorithms over the span of more than a decade.

One quantum executive, citing direct conversations with the government, said “everyone in the quantum industry from a policy standpoint” has been told some variation of the message “that the White House wants to do for quantum what they did for AI in July.”

A key component of one or perhaps multiple executive orders is language that would accelerate the deadline for federal agencies’ post-quantum migrations from 2035 to 2030.

The executive, speaking on condition of anonymity to avoid jeopardizing their relationship with the government, said the effort is being led by the White House’s Office of Science and Technology Policy (OSTP) and the Department of Commerce.

Commerce Deputy Secretary Paul Dabbar, a former Department of Energy official during President Donald Trump’s first term who co-founded and led his own quantum networking technology company during the Biden years, is “driving a lot of this,” the source said.

It’s not just industry that has received the message. A former official at the Department of Homeland Security who works with the Trump administration confirmed they had also been advised of upcoming action, and that officials at OSTP and the Office of Management and Budget have been particularly aggressive about moving forward.

“I did hear there was some forthcoming guidance for agencies, given the push with AI, but more specifically the need for government departments to be much more aggressive about what they’re doing, since the codebreaking capability of quantum is pretty significant for federal agencies,” said the official, who requested anonymity to discuss sensitive conversations with the federal government.

Multiple other former government officials and administration allies told CyberScoop that they have heard that the administration was preparing to take some kind of action around quantum computing in the near future.

An OMB official declined a request for comment from CyberScoop this week on the administration’s plans. The Department of Commerce did not respond to a similar request.

But White House officials have already teased bold action on quantum is in the works. In July, after the administration released its AI Action Plan, OSTP Director Michael Kratsios told an audience at a conference that “the president wrote me a letter the first week or two that I was in office that essentially gave me a charge for what I was supposed to do for the next three years.”

“He named three technologies in that letter: It was AI, quantum, and nuclear,” Kratsios said. “We had our big nuclear day a month-and-a-half ago. We had AI yesterday, so you can only assume — stay tuned.”

Pranav Gokhale, chief technology officer at Infleqtion, another quantum computing company, told CyberScoop he has heard similar rumors about an impending executive order focused at least in part on speeding up post-quantum migration efforts by federal agencies.

Part of the urgency reflects a desire to be aggressive in the face of uncertainty: no one knows quite when we will develop quantum computers capable of breaking encryption. There’s a running joke among experts and observers that quantum codebreaking is perpetually “five to 10 years away” from becoming reality.

Most experts — including cryptologists at the National Institute of Standards and Technology and the National Security Agency, which set encryption standards for the federal government and intelligence community — believe it is only a matter of time before such a breakthrough occurs. If that happens sooner than anticipated, the U.S. could be left unprepared.

Some national security officials pointed out that if governments in China, Russia or another country were to make a significant breakthrough on quantum codebreaking, there would be a powerful incentive to keep it secret for as long as possible to maintain an intelligence advantage.

Gokhale also said from the conversations he’s had, some in government and industry are pushing to make the safe and secure transition of cryptocurrencies to newer quantum-resistant encryption a priority, an issue that could be addressed by an executive order.

Discussions around prioritizing the migration of cryptocurrencies were confirmed by the first quantum executive that spoke with CyberScoop, though they said it’s less clear whether those ideas will ultimately make it into any White House executive order or formal plan. 

Bitcoin in particular may need a bespoke strategy to safely migrate, Gokhale said, citing a research study put out last year by the U.K.’s University of Kent that looked at the technical costs of upgrading Bitcoin assets to newer quantum-resistant encryption.

Given that cryptocurrencies are already lucrative targets for cybercriminals and foreign hackers from countries like North Korea, the industry is likely to be among the early targets of a quantum-enabled hack, and left more vulnerable by a slower rollout.

“The conclusion is that the Bitcoin upgrade to quantum-safe protocols needs to be started as soon as possible in order to guarantee its ongoing operations,” the Kent authors wrote.

Madison Alder contributed reporting to this story.

The post Trump administration planning expansion of U.S. quantum strategy appeared first on CyberScoop.

Researchers exploited K2 Think’s built-in explainability to dismantle its safety guardrails, raising new questions about whether transparency and security in AI can truly coexist.

The post UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features appeared first on SecurityWeek.

The post Acting federal cyber chief outlines his three priorities for the next year appeared first on CyberScoop.

Apple has unveiled a comprehensive security system called Memory Integrity Enforcement (MIE) that represents a five-year engineering effort to combat sophisticated cyberattacks targeting individual users through memory corruption vulnerabilities.

The technology is built into Apple’s new iPhone 17 and iPhone Air devices, as well as the A19 and A19 Pro chips. It combines custom-designed hardware with changes to the operating system to deliver what Apple describes as “industry-first, always-on” memory safety protection. According to Apple’s security researchers, the system is primarily designed to defend against sophisticated attacks from so-called “mercenary spyware,” rather than from typical consumer malware.

“Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products,” the company wrote in a blog posted Tuesday. “Because of how dramatically it reduces an attacker’s ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.”

Memory corruption vulnerabilities have long accounted for some of the most pervasive threats to operating system security. These flaws happen when software doesn’t properly control how it reads from or writes to memory, allowing attackers to change, overwrite, or access parts of a computer’s memory they shouldn’t be able to.

Exploits targeting these flaws — in particular buffer overflows and use-after-free errors — have underpinned the sophisticated, multi-million-dollar exploit chain that powers spyware. Attackers exploit these flaws, often in “zero-click” (no user interaction required) scenarios, to run harmful code, steal data, or crash systems. For example, NSO Group’s Pegasus spyware was powered by three memory corruption vulnerabilities that were chained together. 

Recognizing this, Apple expanded efforts over the past five years to address memory safety “at scale.” The company worked closely with the chip designer Arm to improve a memory protection system where memory checks happen immediately, every single time memory is used, instead of sometimes waiting, which could leave a small window open for attackers. This led to the creation of Enhanced Memory Tagging Extension (EMTE), a key part of Apple’s new system.

EMTE works by giving each piece of memory a special secret tag. Whenever the device tries to use a particular section of memory, the hardware checks the tag to make sure it is correct. If the tag doesn’t match what is expected, the device will immediately stop the program and record the incident. By ensuring every block of memory has its own unique tag, and by changing these tags whenever memory is reused, Apple’s system blocks unauthorized access efforts before they can cause damage.

“Apple has a deep understanding of this problem space, and because they control both the hardware (Apple Silicon) and the software (iOS), they have the unique ability to engineer a tightly integrated and very effective security mechanism,” said Patrick Wardle, co-founder and CEO of DoubleYou, a company that specializes in Apple security. “This kind of approach, which depends on tight coupling between the chip and the operating system, is something most other vendors cannot replicate as easily since they do not own both sides of the stack.”

The company acknowledges in a blog post that the system does not entirely eliminate spyware’s ability to be executed on an Apple device, but makes it extremely difficult for attacks to successfully run spyware or maintain access if a device has been compromised. 

“While there’s no such thing as perfect security, MIE is designed to dramatically constrain attackers and their degrees of freedom during exploitation,” the blog post reads. 

The efforts mirror similar systems put in place by Microsoft, which has a memory integrity feature in Windows 11, and Google, which has a similar system in its Pixel devices.

Natalia Krapiva, senior tech-legal counsel at Access Now, told CyberScoop she thought it was “great” that Apple was taking effective measures since it’s “always a cat-and-mouse” game when large tech companies create ways to thwart spyware developers.

“These spyware developers like finding new ways of targeting people, evading detection and so on,” Krapiva told CyberScoop. “This is great to see Apple coming up with new ways to protect high-risk users.

The one drawback Krapiva did highlight is that this system is only available on new devices. AccessNow works internationally with groups that are often targeted by spyware on devices that are several generations older than what most consumers use. 

“For our communities, oftentimes these are grassroots, independent media. It’s very hard to afford new devices, especially Apple devices,” she told CyberScoop. “It could be a nice thing for Apple to have some kind of a program to allow for these types of groups to be able to access this.”

MIE can also be taken advantage of by third-party applications, including social media and messaging applications. Additionally, EMTE is available to all Apple developers in Xcode, its developer toolkit, as part of the Enhanced Security feature it rolled out earlier this year. 

The post Apple’s new Memory Integrity Enforcement system deals a huge blow to spyware developers appeared first on CyberScoop.

Varonis has acquired SlashNext, an AI-driven email security company, for up to $150 million in a move that reflects the rising role of artificial intelligence in both attack and defense.

The acquisition, announced Tuesday, brings together Varonis’ focus on data-centric security and threat detection with SlashNext’s technology for blocking phishing and social engineering attacks across email and collaboration platforms. The companies cited a rapidly evolving threat environment, as cybercriminals increasingly use AI to target victims on channels reaching beyond traditional email, including Slack, Microsoft Teams, WhatsApp, and Zoom.

Founded by Atif Mushtaq, who worked on FireEye’s malware detection systems, SlashNext deploys predictive AI models to identify, remove and block socially engineered threats. Its technology leverages computer vision, natural language processing, and virtual browsers to pinpoint signs of compromise.

Independent testing has placed SlashNext’s detection rates near the top of the industry. The Tolly Group, which evaluates cybersecurity tools, found SlashNext delivering 99% overall detection accuracy and a 100% detection rate for business email compromise (BEC) and QR code attacks.

Varonis has focused on real-time data threat detection since 2013. Its security portfolio has since expanded to include user and entity behavior analytics, incident response, and managed data detection and response (MDDR) services with a 30-minute service-level agreement for ransomware cases. The company claims to have prevented an average of five cyberattacks daily for its customers.

CEO Yaki Faitelson, who co-founded Varonis, described the acquisition as “a natural evolution” of the company’s platform. “By connecting the dots between email, identity, and data, we will dramatically increase the value of our MDDR service and help customers stop threats in their inbox, where many data breaches begin,” he said in a press release. 

The SlashNext acquisition is the second one for Varonis this year. In March, it acquired Cyral, a company that specialized in database activity monitoring. 

The post Varonis buys AI email security firm SlashNext appeared first on CyberScoop.

Election officials should brace for direct attacks from the Trump administration and its state GOP allies on the integrity of U.S. elections — and plan for the possibility that federal agencies once charged with protecting elections will leverage their authorities to interfere in the process, a voting rights nonprofit warned.

In a report released Wednesday, researchers at the Brennan Center for Justice say the Trump administration’s actions suggest that the White House is preparing for an unprecedented federal intervention in the way elections are administered ahead of 2026 and 2028.

Those interventions include attempts to enact state-level bans or restrictions on mail-in voting, the use of lawsuits or criminal charges against election officials who don’t follow President Donald Trump’s orders, pushing mass state voter roll purges based on potentially inaccurate citizenship data, the deployment of the military in American cities and towns to  intimidate voters and state officials, and the potential decertification or seizure of voting machines.

The scenarios are all based on actions the administration has already taken this year or in its first term, statements made by Trump and his aides, lawsuits filed by the Department of Justice and supporting efforts from Republican-led state legislatures.

Lawrence Norden, vice president for the elections and government program at the Brennan Center and one of the report’s authors, told CyberScoop that the document is targeted at three audiences who will be on the front lines in Trump’s war for control over elections: state election officials, policymakers and the public at large.

In 2020, the public was subjected to a deluge of false and unproven claims around election fraud, dead voters and hacked voting machines. While those claims had limited effect influencing voters outside of Trump’s orbit, many federal officials — including Chris Krebs, his own nominee for cybersecurity and election security chief — contradicted his claims of mass fraud. This April, Trump ordered the Justice Department to investigate Krebs for his statements about the 2020 election.

This year, the Department of Homeland Security hired Marci McCarthy and Heather Honey, who both actively tried to overturn the results of the 2020 election. McCarthy is now the top public affairs official at CISA, while Honey was recently named to a position overseeing election security efforts at DHS. Other agencies, like the FBI and the DOJ, have shifted from supporting state elections to investigating and suing election offices over their voter registration practices.

Whatever the administration ends up doing, Norden said it would be wise to plan ahead for different possibilities.

“One of the most effective ways to defeat misleading or false information is to call it out ahead of time, so when it comes to [dubious] reports we might see from government agencies, better to call it out now and say that this is part of a concerted effort and there are reasons not to trust it,” Norden said.

Meanwhile, he said policymakers at the state level “need to be planning and preparing for the next steps” to protect their constitutional rights while running upcoming elections.

“So being ready to have the backs of their election officials, being ready for politicized investigations that may come, being ready for efforts to interfere in the ability of election officials to run their elections according to state law, they need to be preparing for that now,” Norden said.

Trump uses public doubt and skepticism as policy fuel

One possibility floated in the report is the administration moving to decertify voting machines used in some or most states through the Election Assistance Commission. Last week, Trump argued against mail-in ballots and “voting machines,” claiming an executive order that limited their use would soon be issued. The EAC is responsible for overseeing the labs that test and certify voting machines nationwide to ensure they are secure and meet the necessary standards.

While the White House later walked back the possibility of an executive order, the administration has already attempted to compel the EAC to alter voter registration forms to require proof of citizenship and withhold federal funding to states that do not cooperate with federal agencies on election-related matters. A federal judge has nullified parts of that order. 

Such certifications are technically voluntary on the part of voting machine manufacturers, but states and localities have overwhelmingly treated them as industry standard when purchasing their machines. Depending on the timing, the mass decertification of certain systems ahead of an election could inject chaos among states, which cannot easily or quickly buy, replace, and test new voting equipment.

For states that do count votes using decertified machines, it could lead the public and political leaders to question the legitimacy of future results. This may give the Trump administration more support to sow doubt and challenge how states run their elections, the type of ballots they accept and how they process vote counts.

The perception of voting impropriety in any future messaging from the Trump administration, even if it is false, is a key issue states will also have to contend with. All politicians use repetition in their political messaging, but for Trump, it is especially crucial to how he communicates, regardless of the actual facts.

Stacy Rosenberg, an associate teaching professor at Carnegie Mellon’s public policy school, told CyberScoop that Trump’s rhetorical style requires aggressive repetition around simple themes — like mass noncitizen voting and poorly maintained voter rolls —, because they help create the political will for the administration and its allies to take more extreme actions that couldn’t otherwise be justified based on law or precedent.

“The attempt to have federalized voting is not something we typically see in the United States, so when elections are questioned, there may be people who say, ‘well, it’s justified for the federal government to come in and make changes,’” Rosenberg said. “We’ll have to see how the courts handle that. It doesn’t really fall into the domain of an executive order, so I think the question is: what can they do that the courts will allow?” 

Norden said that while it’s clear the president doesn’t have the kind of direct authority over state-run elections he’s claiming, he does have the power to “both mislead and to intimidate people, whether it’s election officials or voters.”

“The good news is that if we see them for what they are, those are limited powers,” Norden said. “As long as the states step up and defend their elections, as long as voters come out and vote, that’s not enough to undermine elections. But we have to see what’s happening for [that defense] to be effective.”

In terms of counter messaging on the part of states, Rosenberg said much will rest on how courts respond to federal challenges, but from a strategy perspective “the number one thing [election officials] have to know is, you’re going to be called fake news.”

The Trump White House has “continued that line of attack through his first term to his present day. The way they want to control the message by saying everyone else’s message is false is a persistent strategy,” she said.

Pointing to the administration’s previous efforts to strong-arm universities and law firms, Rosenberg noted that while no one was left unscathed, those who fared best tended to confront Trump head-on rather than try to accommodate him.

“I think all you can do is stand your ground, file your lawsuits or counter lawsuits as you need to, but I think you need to continue to do the ethical hard work that you’ve done prior to the administration,” she said.

The post Trump administration setting the stage for elections power grab, voting rights group warns appeared first on CyberScoop.

The State Department has demonstrated it does not understand that cyber power is critical to geopolitical power. In the course of reorganizing offices and reducing staff over the past three weeks, the department’s political appointees have gutted President Trump’s ability to work with partners and allies on cybersecurity and technology resilience. Congress will need to intervene to defend its bipartisan effort to bolster cyber diplomacy. 

For years, Washington’s efforts to hold China, Russia, and Iran accountable for malicious cyber activity were hamstrung by an inability to effectively work with allies to quickly identify and punish perpetrators. America’s allies were failing to prevent cyberattacks on critical systems that the U.S. military needed to operate securely overseas. Instead, these attacks cascaded across continents and hit the U.S. homeland. And U.S. adversaries were running circles around the West’s principled stance on privacy and security in cyberspace, instead reshaping telecommunications infrastructure and the internet in their image. 

After watching successive administrations dither, Congress took a stand, passing the Cyber Diplomacy Act in 2022. The law tasked a new State Department Bureau of Cyberspace and Digital Policy (CDP) with promoting reliable and secure internet infrastructure, building the cyber capacity of U.S. partners, and advancing technology and cybersecurity policies globally that bolster U.S. economic and national security interests. 

To accomplish this mission, CDP pulled together existing, disparate economic and international security functions related to cyber and technology into a single, more efficient operation. By all accounts, this consolidation made CDP successful.

When Congress tasked the bureau with managing a unique cyber assistance fund to rapidly respond to incidents overseas, CDP created a mechanism to airdrop expertise into partner countries in as little as two days.

Likewise, when Congress tasked the bureau with securing communications technology, semiconductor supply chains, and other emerging technology, the bureau paired U.S. seed funding with investments from allies and technology companies to box out Chinese firms attempting to dominate telecommunications in the Indo-Pacific. 

On July 1, however, the State Department stepped backwards. Despite its stated goal of creating a “more agile Department” and reducing duplicative offices, Foggy Bottom pulled CDP apart into multiple offices, each of which now holds a piece of the cyber mission. CDP lost its division responsible for responding to cyberattacks to a new bureau on emerging threats. Its strategy team moved to the personal staff of the undersecretary of economic growth. And its internet freedom team went to the undersecretary for public diplomacy. 

CDP will now consist of two slimmed down teams. One will focus on internet governance and technical standards, the other on using U.S. foreign aid to bolster allied cybersecurity. However, after the trifecta of the dissolution of the U.S. Agency for International Development, the foreign aid freezes earlier this year, and Congress’ acquiescence to billions of dollars in cuts to previously allocated foreign aid, it is not clear what funds CDP will have to help U.S. allies. 

Unfortunately, the crippling of State’s cyber diplomacy capabilities is not just the result of the restructuring, but also a significant loss of subject matter expertise. In the course of reducing its overall workforce in mid-July, State fired at least a half dozen people from CDP. The bureau lost two strategists and five of only eight experts working on bilateral and regional affairs. 

CDP had expected to bring in staff from other technology-focused offices as they were dissolved. Instead, quantum, artificial intelligence, and other technology experts were fired. Over the past few months, other CDP staff have accepted the department’s offers of deferred resignation and early retirement. And State reassigned CDP’s acting head, leaving the bureau without a leader. 

At an April hearing about CDP, the House Foreign Affairs Committee’s Europe Subcommittee Chairman Keith Self, R-Texas, affirmed the importance of State’s cyber capabilities. “The U.S. is not facing these real and growing threats alone,” he noted. “Through cooperation with our allies and partners, the U.S. will continue to work to combat malign cyber activities from the PRC, Iran, North Korea and Russia.” 

After a bipartisan show of support for the bureau, the subcommittee staff are drafting components of a State reauthorization bill from Foreign Affairs Committee Chairman Brian Mast, R-Fla., that would bolster CDP’s mandate. If Foggy Bottom keeps undercutting CDP, however, there may be little left to reauthorize. 

Chairman Mast indicated he plans to bring the reauthorization bill to the floor at the end of September. Lawmakers need to weigh in with State Department leadership sooner rather than later, however, to remind Secretary of State Marco Rubio that he himself voted for the Cyber Diplomacy Act when he served in the Senate. He knew then what members know now: Without strong cyber capabilities within the State Department, America’s partners will turn to unreliable associates in China for infrastructure investment and succumb to cyberattacks that place U.S. forces overseas at risk.

It will take years to rebuild State’s capabilities. While Congress should move quickly to re-integrate CDP’s component pieces, reauthorize cyber foreign assistance, and restart secure technology projects, the loss of subject matter experts will take longer to fix. The cyber experts with sought-after skills that State let go are not waiting by the phone to get their old jobs back. They will move on to higher-paying private sector jobs. Only after the department re-commits to its cyber mission and places a Senate-confirmed ambassador at the helm of the bureau will the department have a hope of reconstituting all that it lost over a few weeks in July.

The post By gutting its cyber staff, State Department ignores congressional directives appeared first on CyberScoop.

During a Senate Homeland Security and Governmental Affairs Committee hearing earlier this month in which lawmakers considered if Sean Plankey is fit to become director of the Cybersecurity and Infrastructure Security Agency, ranking member Gary Peters asked the CISA nominee how he would ensure the agency meets all of its statutory requirements, including those in the Cyber Incident Reporting for Critical Infrastructure Act of 2022. 

The problem is, it can’t. To meet the statutory deadline established by Congress, CISA will need to publish a final rule by October. That means CISA has two months left. 

Ever since CIRCIA was signed into law in March 2022, CISA has had every intention of meeting this deadline. I know that because I ran the program while at CISA, from the day it was signed into law through when I left government in January. 

You don’t have to take my word for it. CISA was shouting its commitment to this timeline from the rooftops. You can check the Unified Agenda — the government’s official record of planned regulatory action — from both fall 2024 and spring 2024, both of which state that CISA was targeting an Oct. 4 final rule due date. These commitments are additionally reinforced by the updates provided in the National Cybersecurity Strategy Implementation Plan published by the Office of the National Cyber Director. The formal publications mirror the consistent public statements made by senior officials from CISA and the Department of Homeland Security over multiple years. 

However, since January there has been silence from the agency regarding CIRCIA. Despite receiving hundreds of public comments on the CIRCIA Notice of Proposed Rulemaking, which necessitates an internal policy process to decide how to respond to those comments and adjust the rule, the agency has made no public statements about its progress.  

There is no way for CISA to address hundreds of policy decisions, revise a 450-page piece of regulation, coordinate those revisions with all relevant agencies, and gain the necessary White House approval in two months. This work could have been accomplished had it been prioritized by the current administration on Day One. However, without a CISA director, that work does not appear to have occurred.

In response to Sen. Peters’ question, Plankey responded that he is “going to empower those operators to operate.” I know the operators who worked nights and weekends analyzing the public comments, modernizing existing technology systems, building new tools using CIRCIA funds appropriated by Congress, and expanding the agency’s capacity to support victims ahead of CIRCIA’s launch. I know those people are prepared to present critical policy matters to the next CISA director and to move quickly to draft a final rule. 

Peters also asked Plankey how he would achieve those goals amid budget cuts and the hundreds of personnel leaving the agency. While the CIRCIA program has faced personnel changes, its core staff remain committed to the cause. 

Congress has provided substantial funding for CIRCIA, but without a centralized division or subdivision dedicated to this work within the agency, it’s hard for the program to protect and target these funds exclusively for CIRCIA’s new requirements. Although not fully funded, the program has strong support, and the new director should ensure all resources and people appropriated by Congress for CIRCIA implementation are focused on preparing CISA to serve as the nation’s central cyber incident repository. 

Now that Plankey is poised to become the CISA director, I hope he will prioritize these statutory requirements from Congress and act immediately to advance the CIRCIA final rule for our national security. Plankey said that if confirmed he would like to “get in, provide them the direction, tell them the hill we are going to take, and protect the American public from cybersecurity attacks on critical infrastructure.” 

I hope that in partnership with the CIRCIA team, he does just that.

Lauren Boas Hayes is a cybersecurity and tech trust & safety expert with experience working at CISA, Meta, and Deloitte. She is a founding fellow of the Integrity Institute and an adjunct professor at Georgetown University & John Hopkins SAIS.

The post CISA is facing a tight CIRCIA deadline. Here’s how Sean Plankey can attempt to meet it appeared first on CyberScoop.

The post Minnesota governor activates National Guard amid St. Paul cyberattack appeared first on CyberScoop.

The British government announced plans to prohibit public sector organizations and critical infrastructure operators from paying ransoms to cybercriminals, marking a significant shift in the nation’s approach to combating ransomware attacks that have disrupted essential services and cost the economy millions of pounds annually.

The proposed measures would prevent the National Health Service, local councils, schools and other public bodies from making payments to criminal groups, while requiring private businesses to notify authorities before paying any ransom demands. The government said the restrictions aim to undermine the business model that drives ransomware operations.

The measures also include plans for mandatory reporting requirements designed to provide law enforcement with intelligence to track perpetrators and disrupt their activities.

Ransomware attacks have affected a broad range of British institutions, from major retailers like Marks & Spencer to NHS hospitals and cultural institutions including the British Library, which suffered a devastating attack in October 2023 that destroyed its technology infrastructure. 

The library continues to experience operational impacts more than a year after the initial breach. As a public body, it chose not to engage with attackers or pay the demanded ransom. The health service has faced particular scrutiny over ransomware incidents, with one NHS organization recently identifying such an attack as a contributing factor in a patient’s death. 

UK Security Minister Dan Jarvis characterized ransomware as “a predatory crime that puts the public at risk,” while emphasizing the government’s intention to “smash the cyber criminal business model.” 

“By working in partnership with industry to advance these measures, we are sending a clear signal that the UK is united in the fight against ransomware,” he said in a release.

The country’s National Cyber Security Centre emphasized that the new measures complement rather than replace the need for robust defensive practices. Organizations are still expected to maintain offline backups, develop continuity plans and strengthen their overall cybersecurity posture using established frameworks.

Implementation details and enforcement mechanisms for the proposed measures have not been fully detailed. The government indicated the new rules form part of a broader “Plan for Change” addressing cyber threats, suggesting additional announcements may follow as the policy framework develops.

The effectiveness of payment restrictions in deterring ransomware attacks remains a subject of debate among cybersecurity experts. Some argue that removing the profit motive will reduce criminal interest in targets, while others caution that attackers may simply shift tactics toward data theft and extortion rather than system encryption.

The post UK moves to ban public sector organizations from making ransom payments appeared first on CyberScoop.

As the Department of Homeland Security seeks to transform a federal database for immigrant benefits into a supercharged database to search for noncitizen voters, a trio of Democratic senators are pressing the department for more information.

Sens. Gary Peters, D-Mich., Alex Padilla, D-Calif., and Jeff Merkley, D-Ore., wrote to Homeland Security Secretary Kristi Noem on Tuesday posing a series of questions around the department’s overhaul of the Systemic Alien Verification for Entitlements (SAVE) database.

“States and nonpartisan voter advocacy organizations have expressed concerns with using the SAVE program as a standalone tool to determine voter eligibility without adequate safeguards,” the senators wrote. “In particular, there are concerns that data quality issues may cause state and local officials who rely on the program to receive false positives or incomplete results.”

The lawmakers’ comments echo many of the same concerns around SAVE that election officials and experts expressed to CyberScoop last month. For a variety of reasons — including SAVE’s clunky history, the fluid nature of immigration status and differing state data streams — the potential is high for the system to return false positives.

Further, the Trump administration has already attempted to force states to adopt White House policies around “proof of citizenship” requirements before sending them federal voter registration files. A federal judge ruled parts of that order were unconstitutional, and the administration is appealing. 

One concerning scenario is that if the administration pushes states to use SAVE to update and maintain their voter rolls, many registered voters could be removed for lacking documentary proof of citizenship.

While a number of post-election audits and investigations have determined that noncitizen registration and voting is rare to nonexistent, it has also found that millions of eligible voters lack the kind of identification that the Trump administration is pushing.

The administration has been filing lawsuits and sending letters to states alleging that their voter registration policies are out of step with the Help America Vote Act, which provide funding to states for election security investments.

If successful, it could force millions of voters to obtain these credentials or lose their voting rights, all without the administration ever actually showing evidence that noncitizen voting is happening en masse.

The Democratic senators note that DHS and U.S. Citizenship and Immigration Service have not briefed Congress or state and local election officials about the changes, but they have held meetings with prominent election denier groups like the Election Integrity Network, according to reporting from Democracy Docket.

Much of the work on SAVE is happening outside of public view, with little transparency.. USCIS has declined or not responded to interview requests from reporters seeking additional details about the SAVE overhaul or how it will ensure accurate results.

“Public transparency and assurances that the Department is appropriately protecting citizens’ rights, including privacy, is extremely important,” the lawmakers wrote. “Unfortunately, DHS has not issued any of the routine and required documentation about the program’s operations and safeguards or issued any public notice or notice to Congress.”

The senators are requesting a briefing for the Senate Homeland Security and Governmental Affairs and Rules and Administration committees, while turning over any materials shared with groups like the Election Integrity Network.

The post Senate Democrats seek answers on Trump overhaul of immigrant database to find noncitizen voters appeared first on CyberScoop.