The indicators on the ground and online are converging into a sustained, elevated threat environment that meets the threshold for an NTAS-style bulletin. The Department of Homeland Security’s own 2025 Homeland Threat Assessment already flagged a high and dynamic terrorism threat to the homeland driven by both domestic lone offenders and foreign terrorist organizations.

Two recent, lethal incidents show how that threat is manifesting in the streets. On May 21 an attacker killed two Israeli embassy staff outside a Jewish museum event in Washington, D.C., an act that authorities say was accompanied by pro-Palestinian chants and appears motivated by the conflict overseas. A second attack targeting a Jewish gathering in Boulder on June 1 injured multiple people and is under FBI investigation as a potential terrorism and hate crime. These are not isolated anomalies. They fit the pattern DHS described: individuals radicalized by foreign events or grievance narratives who act alone or in small, decentralised cells.

The cyber front is echoing the same trend lines. Hacktivist activity shifted markedly in early 2025, with the United States becoming a prominent target for distributed denial of service and other disruptive operations. Q1 2025 reporting shows a notable uptick in ideologically motivated cyber activity directed at U.S. networks. That matters because adversaries and sympathetic hacktivists will use low-cost, scalable tools to amplify physical attacks, to harass communities, and to disrupt critical services. The playbook is well established: defacement, DDoS, credential theft and targeted leaks designed to intimidate and sow confusion while heavier-weight nation state capabilities remain a latent threat.

The recent pattern of antisemitic and anti-Israel violence worldwide underscores a transnational vector for domestic targeting. Reporting compiled since October 7, 2023 shows a global spike in attacks and incidents tied to the Gaza war, and the United States has not been spared. That global environment drives local violence and creates opportunities for opportunistic actors to strike soft targets here at home.

Assessment in plain terms: over the next 90 days the U.S. faces elevated risk of three related threat types. First, low-probability but high-consequence attacks by lone offenders inspired by foreign conflict narratives. Second, a steady stream of low-to-mid severity cyber intrusions and disruptive operations by hacktivists or proxies sympathetic to foreign causes. Third, targeted hate crimes and mass casualty attempts directed at Jewish, Israeli, Muslim, and other communities perceived to be aligned with either side of the overseas conflict. The combination raises the probability of cascading effects when cyber disruption and physical attacks occur in parallel.

For public and private sector defenders the prescription is straightforward and immediate. Do not wait for an official, public-facing bulletin to act. Harden first, communicate second, and escalate third.

Operational priorities for the next 30 to 90 days:

  • Hardening soft targets: Increase visible security at houses of worship, community centers, cultural institutions and diplomatic events. Enforce bag checks, credentialing, and controlled access at gatherings. Coordinate pre-event threat briefings with local law enforcement and on-site security teams. (No single measure prevents every attack, but layered defenses raise attacker cost and reduce success probability.)

  • Rapid information sharing: Local fusion centers, police, and campus security need immediate, actionable intelligence on threats, indicators and suspicious activity. If you are a private-sector asset holder, subscribe to sector-specific ISAC alerts and share anomalies with state fusion centers and the FBI. DHS and federal assessments already stress the value of broad information sharing across levels of government.

  • Cyber basics, executed now: Patch internet-facing systems, enforce multifactor authentication, restrict RDP access, segment OT and IT networks, and rehearse incident response with trusted vendors. The spike in hacktivist activity in Q1 2025 shows cheap disruption techniques are effective against unpatched targets.

  • Protect critical infrastructure: Utilities and service providers must validate business continuity plans and pre-position response contracts for DDoS mitigation and forensic support. Operators should assume nuisance-level cyber incidents will increase and plan accordingly.

  • Community engagement and de-escalation: Local law enforcement and community leaders must push clear, consistent messaging that condemns violence while protecting civil liberties. That reduces community isolation and the risk of radicalization in the information vacuum. It also reduces the likelihood of retaliatory violence.

  • Resource triage: Prioritize protective measures for crowded events, diplomatic facilities, and critical nodes in the energy and water sectors. Grants and federal assistance programs exist for targeted security upgrades; jurisdictions should apply quickly and triage investments based on risk exposure.

Policy note for decision makers: issuing a public NTAS bulletin has operational benefits beyond alerting the public. It refocuses law enforcement resources, legitimizes accelerated information sharing, and triggers private sector protective actions. Given the recent lethal attacks and the documented rise in hacktivist activity, an NTAS-style bulletin would be an appropriate tool to align national-level posture with the on-the-ground reality. The bulletin should be accompanied by targeted, sector-specific guidance so that operators can implement concrete mitigations without delay.

Bottom line: the threat environment is elevated and dynamic. Expect more harassment, more cyber nuisance and the continued risk of violent lone actors. The right response is blunt and practical: harden soft targets, implement cyber basics now, share intelligence quickly, and use every legal and administrative lever to get protective resources where they are needed. That approach shrinks windows of opportunity for attackers and buys the country time until the underlying international drivers cool down.