Welcome back. The Trump administration’s counterterrorism plan, released Thursday, includes the use of offensive cybersecurity capabilities against cartels, terrorists and states who sponsor them. The 16-page document doesn’t provide specific tactics, beyond saying offensive cyber operations would be deployed “against those planning to kill Americans or who support those plotting to do so.”

The plan singles out pro-Iran hackers, saying the U.S. government will “continue to focus our kinetic, intelligence, and cyber operations against Iranian-backed terror proxies who plot against Americans.” 

The White House in March outlined a similarly aggressive approach in its national cyber strategy.  Also short on details, the cyber plan aims to protect water supplies, hospitals, energy and communications grids and other systems in part by deploying “all instruments of national power” to impose costs on cyber adversaries, according to the five-page policy brief.

Going on offense raises a number of legal issues, especially when private-sector firms get involved by sharing attack intelligence. Under current laws, private-sector firms, including infrastructure operators, lack the legal authority to conduct offensive cyber operations on their own. They also face antitrust and liability risks in sharing attack information with the government. 

Also today:

• White House presses for CISA extension.
• Most ransomware attacks go unreported.
• Fortinet posts strong Q1 results. 

Shares of national-security contractor HawkEye 360 jumped in their public-market debut, a sign of investor demand for defense-related companies ahead of SpaceX’s blockbuster offering. HawkEye’s stock opened 30% above its $26 initial public offering price at $33.80. Herndon, Va.-based HawkEye operates a fleet of more than 30 satellites that collect radio frequencies back on Earth, tracking ships, providing information about hard-to-patrol regions and pinpointing sources of global-positioning system jamming. (WSJ)

Also, U.S. Treasury Assistant Secretary Jonathan Burke talks to us about Iran, sanctions, money laundering, and more. Perry Cleveland-Peck hosts. 

You can listen to new episodes every Friday on Apple Podcasts, Spotify and Amazon​.

Most ransomware hacks aren't being disclosed, with companies preferring to keep the attacks to themselves, according to BlackFog. In a new report, the cybersecurity firm said its threat intelligence team identified 264 publicly disclosed ransomware attacks in the first three months of 2026, along with 2,160 undisclosed attacks. U.S. organizations accounted for roughly half of all undisclosed attacks, researchers found. (CybersecurityDive)

Canada’s federal privacy watchdog identified more than 42,000 breaches at the Canada Revenue Agency since 2020, with hackers gaining access to taxpayer information, according to a report Thursday. Privacy Commissioner Philippe Dufresne cited gaps in the revenue agency's prevention, monitoring, detection and handling of breaches, including a failure to implement multi-factor authentication. (CBC)

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.