This is your Tech Shield: US vs China Updates podcast.

No fluff, straight to the pulse: This week in the wild world of US cyber defense versus China, the plot thickened faster than a zero-day exploit. I’m Ting—cyber sleuth, China watcher, and your virtual caffeine shot for all things hacking. So, let’s dive right into the digital trenches.

After last week’s global fireworks, US agencies cranked up awareness on Chinese state-sponsored groups like Salt Typhoon, Operator Panda, GhostEmperor, and RedMike. According to the new joint advisory from the National Security Agency and its international partners, these threat actors aren’t just fancy names—they’re actively tunneling through telecom, transportation, government, and even lodging systems. Most notably, the Salt Typhoon campaign got the spotlight, for being the most ambitious to date: China’s hackers reportedly compromised telecom networks, aiming to surveil pretty much everyone, not just the headliners like President Donald Trump and Vice President JD Vance, but also millions of regular folks. The FBI sent out warnings, but honestly, they admitted they couldn’t even alert all the affected parties. It’s the cyber equivalent of yelling into a hurricane.

For those who like a firewall with their coffee, new government advisories urged immediate patching of known vulnerabilities and stricter edge-device controls. The Cybersecurity and Infrastructure Security Agency (CISA) rolled out an OT asset visibility playbook, pushing critical infrastructure operators to map out everything—because you can’t defend what you don’t even know exists. Tenable’s snapshot emphasized bolstering OT, ICS, and IoT protections, radical log centralization, and not treating old bugs like vintage wine—patch ‘em now.

Meanwhile, the US government dropped some spicy news via a House report: Over $2.5 billion in Pentagon grants funded joint research with Chinese universities blacklisted for links to China’s defense industry. More than 1,400 papers birthed from these collabs between June 2023 and June 2025 raised eyebrows, especially when many topics involved AI, hypersonics, and semiconductors. The congressional committee’s fix? Ban defense grants to any project tangled up with China’s defense sector. As Under Secretary of Education Nicholas Kent put it, these findings reveal huge gaps in the way federally funded research is protected on US campuses.

Industry isn’t letting government have all the fun. Some US universities are rapidly shutting down joint programs with Chinese peers, especially where military relevance is sniffed out. Businesses too are being told, “You’re all in this DSP now”—that’s the Data Security Program, fresh from the DOJ. If you’re handling any data with even a whiff of international traffic, you better have your compliance game sharp, audits ready, and reporting systems tight. The grace period ended July 8, and the penalty hammer drops October 6.

As for emerging defensive tech, drone-mothership spect

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

If you crave a drama with as much code as cloak-and-dagger, then this week’s Tech Shield: US vs. China saga is your main event. Ting here, your favorite witty cyber sleuth with a dashboard full of zero-days and spicy Beijing intel. Buckle up, listeners, because the cyber chessboard has been on fire.

First up: fresh off the wire, the Cybersecurity and Infrastructure Security Agency—call ’em CISA if you want to sound like a pro—just issued urgent advisories after adding new vulnerabilities to their Known Exploited Vulnerabilities catalog. This is their digital ‘who’s most wanted’ for hackers, and this week’s roster includes a WhatsApp flaw and a TP-Link router bug. It’s not just government agencies on high alert; CISA’s pleading with everyone from university sysadmins in California to energy grid managers in Houston to patch up, stat. Think the federal Binding Operational Directive 22-01 is dry government jargon? Think of it as DEFCON for digital hygiene.

But meanwhile, China’s own cyber operators aren’t playing checkers—they’re running deep-learning chess. China’s 14th Five-Year Plan just wrapped, and it wasn’t all talk. According to NuHarbor Security’s chief, Justin Fimlaid, China’s AI investments are now supercharging both their offense and defense. We’re seeing synthetic spear-phishing campaigns with deepfake voicemails, and adaptive malware that learns and morphs as it invades. The People’s Liberation Army’s Information Support Force—yes, that’s a thing—is crunching terabytes of stolen US data faster than you can say ‘TikTok ban.’

On the U.S. side, countermeasures are scaling fast. The classic fortress of firewalls is getting an upgrade, with anomaly detection powered by—you guessed it—AI. Glue hands on behavioral analytics are nipping suspicious logins before they become boardroom crisis fodder. But it’s not just software—industry and academia are mobilizing. In Texas, lawmakers fast-tracked House Bill 127, setting new standards for research partnership vetting and trade secret protection, all to block Chinese talent-spotting programs from siphoning off the next generation of cancer or AI breakthroughs.

Big news for the tinfoil hat crowd, too: the feds dropped a bombshell advisory with global partners, revealing that China-backed APTs—think Salt Typhoon, UNC5807, and other Bond-villain code names—have spent years quietly rewriting router firmware in US telcos, creating secret backdoors and staging points for future mischief. Their favorite playgrounds? Telecom, aviation, and yes, your hotel Wi-Fi in Omaha.

My take as Ting, cyber whisperer: coordination is up, joint advisories help, and AI-powered defense is more than buzz. But we’re still patching after the barn doors have swung wide too many times. US defenses are getting sharper, but resilience and relentless vigilance are what keeps the scoreboard tight. The coming months? Expect espionage to get weirder and faster, and for defen

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

You all know the drill—Ting here, your go-to voice for decoding the latest in US vs China cyber chess. Forget the slow build-up; this past week’s been like DEFCON Red Alert for US cyber defenders facing Beijing’s digital battering ram, especially with that notorious Salt Typhoon group still flooding newsfeeds. The US Cybersecurity and Infrastructure Security Agency, working with international allies from the UK, Germany, Japan, and more, unleashed an advisory ranking Salt Typhoon’s cyber hits as a bona fide national defense crisis. Why? These hackers aren't just trolling government websites—they’ve reportedly infiltrated at least 200 companies in 80-plus countries, tapping into everything from AT&T and T-Mobile to government, military, and transportation networks. Imagine the digital equivalent of a pipeline spill… but instead of oil, it’s call records and geolocation data leaking everywhere. Brett Leatherman at the FBI called this a wake-up for “stronger collaboration” with allies to defend American lives and infrastructure right at the core.

The FBI’s counterstrike? They issued an updated playbook for security pros: Hunt for the telltale signs of Salt Typhoon, deploy mitigations, tighten configurations, and never trust that mysterious ping from outside the firewall. There’s even a $10 million bounty for info on the culprits—now that’s putting some spice in “cyber defense budget.”

Meanwhile, the NSA dropped a bombshell of their own—Salt Typhoon’s gone beyond the big telecom fish, breaking into state agencies and even, get this, targeting communications from US presidential candidates. Add in the latest advisory—hot off the press September 1st, 2025—and you’ve got a stew of technical guidance on stopping Chinese hackers from planting backdoors and stealing the crown jewels of American research. Speaking of jewels, academia isn’t spared; the National Counterintelligence and Security Center warns China’s intelligence networks are harvesting intellectual property from labs to launch the next gen of AI, nuclear, and quantum tech. Many universities have become digital battlegrounds, not just lecture halls.

Industry seems to be waking up—take the Federal Communications Commission finally overhauling submarine cable licensing rules to close old security gaps, or CISA’s emergency directive on patching fresh vulnerabilities in hybrid cloud setups. Big tech, telecoms, and water utilities are rolling out new encryption, anomaly detection, and multi-channel verification to block AI-driven phishing that can clone your CEO’s voice. Bob at Bob’s Guide even says, “This threat fundamentally breaks single-channel verification”—so now, that desperate call from ‘the boss’ demanding a wire transfer gets a second look, or at least a Teams message.

Are these measures working? The consensus among cyber hawks like Sean Cairncross, America’s new national cyber director, is: “We’re making progress,” but the pace o

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

Hey listeners, it’s Ting, your not-so-humble guru on all things China, Cyber, and Code—coming at you with this week’s latest from the great cyber chessboard: Tech Shield, US versus China edition. Buckle up, because if you thought August was sleepy, think again. The cyber world’s been pinging louder than my VPN on a slow Starbucks Wi-Fi.

Let’s start with the fresh-from-the-fire headlines. US officials are busier than ever, with the FBI revealing the Salt Typhoon attacks against telecoms were way bigger than anyone thought. This isn’t just script kiddie nonsense—this is industrial-scale snooping with serious national security teeth. Chinese advanced persistent threat groups, aka APTs, are at the heart of multiple new espionage campaigns. Western governments—including our own—have gone almost public in shaming Beijing, pressing for better intelligence-sharing between agencies and with private players. If cybersecurity is a cat-and-mouse game, the mice just got fancier traps.

Speaking of traps, CISA just dropped two brand-new industrial control system advisories. That’s right, they’re patching up software in everything from power plants to your local water utility, and let’s be honest, nobody wants the lights or the tap water controlled by someone in Shenzhen. The real kicker? A joint threat hunt from CISA and the US Coast Guard at a critical infrastructure site found plenty of cyber hygiene bugs—think expired certificates, legacy passwords, and more hidden holes than a Swiss cheese router. The message from CISA: patch fast or get pwned.

On top of those reactive moves, the US is getting proactive, too. CISA, teaming up with Sandia National Labs, has rolled out Thorium—a shiny new automation platform to turbocharge analysis of incoming malware. It’s like caffeine for cyber defenders, letting small teams handle seas of suspicious files. Microsoft’s bounty programs keep growing—a staggering $17 million paid out to volunteer bug-hunters worldwide. These white hats are now a core part of our cyber immune system, patching thousands of vulnerabilities before Beijing’s best even wake up.

Industry isn’t sitting idle, either. Def Con projects are spinning up free open-source tools for smaller, underfunded water utilities—a sector that, by the way, has been especially exposed after recent attacks on Europe’s water systems. Meanwhile, the Federal Aviation Administration is demanding stronger cyber standards for drones and unmanned aircraft, since no one wants UAVs doing Beijing’s bidding by remote.

Here’s the million-renminbi question: Is all this enough? Listen, cyber-defense isn’t about flipping a switch; it’s about whack-a-mole, but with smarter moles every month. Cross-functional teamwork is still a hot mess—IT guys over here, OT engineers over there, everyone pointing at each other when things pop off. Asset maps look good on PowerPoint, but attackers are moving faster, especially with AI in the m

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

Hey listeners, it’s Ting here—your favorite cyber sleuth and semi-professional dumpling enthusiast. Settle in, because the last few days have been wild on the US–China cyber defense front. The NSA, CISA, FBI, and a league of international cyber avengers dropped what’s basically a giant, glowing advisory warning about Chinese state-backed actors. The latest alert is titled “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System.” (Say that five times fast and you get an honorary badge from the Ministry of Acronyms.) According to NSA and friends, threat groups like Salt Typhoon, UNC5807, and RedMike have been tunneling into telecom, government, and military networks worldwide—the full buffet of critical infrastructure, right down to hotel WiFi for your sketchy conference calls.

CISA’s guidance isn’t shy: they want telecom and infrastructure defenders to patch up vulnerabilities (nerd translation: CVE-2024-21887, CVE-2024-3400, CVE-2023-20198, and more), centralize log collection, lock down routers, and hunt for malicious activity like your job depends on it—because it does. FBI cyber-division’s Michael Machtinger put it bluntly: nearly every American is likely affected, not just the ones working with classified stuff. So yes, grandma’s Sudoku scores might now be state secrets.

The campaign, dubbed Salt Typhoon, didn’t start yesterday. This operation dates back at least six years but only got blown open last fall. What’s jaw-dropping is scale: over 200 American organizations compromised, info scooped from millions domestically and in over 80 countries. Victims? Not just regular folks, but headliners like Donald Trump and JD Vance, per The Register. Beijing’s strategy involves using companies like Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology—contractors with serious ties to China’s Ministry of State Security.

Let’s talk industry and government response. The National Cyber Security Centre in the UK and agencies from Japan, Australia, and others have joined the US in urging organizations to review logs, hunt threats proactively, and fix what’s broken. This isn’t just about reacting—Richard Horne of NCSC says we need to be actively looking for trouble, because these attackers don’t telegraph their punches.

One big bombshell: The Pentagon revealed they’ve terminated a Microsoft-serviced program that let Chinese engineers touch Defense Department cloud systems. Secretary Pete Hegseth was not amused, calling the practice “mind-blowing” in his video address. Microsoft is now banned from letting foreign nationals anywhere near DoD networks, and all vendors have been told to exorcise their codebases of anything remotely made-in-China.

Expert take? The coordination between agencies is stronger than ever, and published vulnerability lists make life much harder for Ch

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

Hey listeners, Ting here—your resident black belt in Chinese cyber intrigue and digital fortification. The past week in US cyber defense against Chinese threats has been, in a word: electrifying. Let’s cut right past the small talk and dive into the code soup of updates—because wow, has Beijing kept our cyber ops dancing.

The star villain of this week’s episode: the **Salt Typhoon** hackers. The FBI’s Brett Leatherman and teams from CISA, NSA, and an unprecedented alliance of 13 countries just dropped an advisory that could make a sysadmin sweat through his shirt. These China-linked crews are not just trolling the usual suspects—telecom, transportation, and lodging—but actual US military infrastructure networks. Last year, Salt Typhoon cracked telecoms globally; this week’s newly released technical guidance is the most robust yet, packed with actionable threat hunting tips and fresh indicators of compromise. We’re talking everything from router exploits on backbone networks to wiretap records snatched from lawful intercept systems. That’s the gold mine for any spy agency, folks.

If you were in the crosshairs, you’re not alone—at least 600 US organizations got notified by the FBI that Salt Typhoon had their systems marked for a visit. And those vulnerabilities? Some of them date back to 2018; patches were released years ago but lots of telecoms still haven’t installed them. It’s the digital equivalent of leaving your front door wide open because the lock seemed tricky.

Washington has responded by supercharging mitigation. CISA published step-by-step recommendations: patch every known exploited vulnerability, move to centralized logging, secure edge infrastructure—because the old “ignore it and hope for the best” strategy does not fly when you’re staring down the collective coding might of Sichuan Juxinhe, Beijing Huanyu Tianqiong, and Sichuan Zhixin Ruijie—all called out publicly by a coalition ranging from Germany and Italy to the UK and Japan. Madhu Gottumukkala at CISA and Richard Horne of the UK National Cyber Security Centre gave political cover and technical muscle, hammering home a global call to arms.

Now, the expert lowdown? Marc Rogers, a heavy-hitter in telecom cybersecurity, finally sees these new advisories as “leveling the playing field for networks struggling to evict threat actors.” That’s a polite way of saying US responses have typically lagged, not least because those pesky router vulnerabilities linger like bad bugs. Google’s John Hultquist flagged the growing risk—Salt Typhoon and friends aren’t just after corporate files, they want the full picture of who’s talking to whom and where they’re going. This is espionage as a service, not smash-and-grab ransomware.

Industry reaction is decisive but not exactly synchronized—some critical infrastructure operators are running drills and patch parties, while others remain in what I call “perpetual panic mode.” The government’

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

Hey listeners, Ting here—your cyber sensei, favorite China-watcher, and eternal nemesis of dull tech talk. Buckle those seatbelts: the past week in US cyber defenses has been turbocharged thanks to Beijing’s relentless digital prowling and Washington’s full-throttle countermeasures.

First, let’s talk about cranes. Yes, cranes—the ones unloading ships at major American ports. Booz Allen Hamilton dropped a jaw-dropping stat recently: 80 percent of all cranes in US ports hail from China, which basically means if the lights flicker in Shanghai, half the containers in L.A. sneeze. According to execs Brad Medairy and David Forbes, this isn’t just about box-hauling—it's “one connected battlespace.” Ports aren’t just economic arteries; they’re strategic chokepoints for moving military gear and, you guessed it, targets for cyber sabotage. Their expert take is clear: our adversaries, especially Chinese threat actors like Volt Typhoon, aren’t aiming for petty theft—they’re embedding capabilities for the big cat-and-mouse game.

Now, onto those cats and mice. CrowdStrike and other threat analysts spent the last week outfoxing Murky Panda (also known as Silk Typhoon), a Chinese hacking crew targeting US government, tech, legal, and academic sectors since 2023. Murky Panda loves to party with zero-day exploits—like that infamous Citrix NetScaler vulnerability. Their latest trick? Hijacking cloud connections by exploiting trusted software relationships, which makes them the Houdinis of evasion and persistence. The group’s signature move uses web shells, like Neo-reGeorg, and the CloudedHope malware—little bundles of chaos designed for Linux systems. If your org’s main data squeeze is in the cloud, pay very close attention.

The Department of Justice isn’t just watching headlines—it’s acting. As of April 8, their Data Security Program is live, turbocharging data protections and compliance rules for companies storing sensitive data that might end up in adversaries' databanks. Industry news has been abuzz about new advisory bulletins mandating tighter encryption, faster vulnerability patch rollouts, and mandatory multifactor authentication (MFA). Speaking of MFA, Senator Ron Wyden came in swinging with a spicy letter to Chief Justice John Roberts, calling out federal courts for dragging their feet on cyber best practices. Wyden’s beef? Courts adopted MFA late and opted for a “less secure version”—not exactly confidence inspiring.

On Capitol Hill, the brand-spanking-new Critical Infrastructure Security Bill, H.R. 2659, ordered up an interagency cyber task force to get granular on how Chinese state hackers—especially the Volt Typhoon troop—target critical US infrastructure. The bill also demands classified reports on US defensive gaps, the impact of disruption across things like rail and aviation, and what fresh countermeasures we need to deploy. No doubt, the folks at the Homeland Security Enterprise are sha

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

Listeners, it’s Ting here with your Tech Shield update, and whoa, this week in the U.S. cyber trenches has been pure adrenaline. Now, throw out any fantasies about lazy August: this one’s been a non-stop cyber chess match with Beijing. Let’s dive right into the cat-and-mouse, because waiting to patch gets you bitten!

The Department of Homeland Security, spurred by fresh advisories from CISA, rolled out two aggressive new cybersecurity initiatives aimed squarely at the threat landscape from advanced Chinese actors. Among the week's big reveals: a brand new mandatory vulnerability reporting protocol for federal agencies, with rapid 72-hour patch deadlines—finally, some SLA teeth! The focus is squarely on shoring up legacy communication infrastructure, especially after last year’s Chinese breach of U.S. court wiretap systems—yes, Salt Typhoon is still sending shockwaves through intelligence committees, with folks like Rick Crawford and Tulsi Gabbard calling for full reviews of any intelligence-sharing with European partners cozying up to Huawei hardware.

Over in the private sector, Michael Kratsios from the White House Office of Science and Technology Policy sent an unequivocal message to U.S. tech: align with the “U.S. AI technology stack” or risk letting China’s DeepSeek eat your lunch. That’s not just saber-rattling. DeepSeek, the new Chinese open-source rival to GPT-5, is optimized for Chinese chips and intentionally priced to undercut OpenAI. U.S. agencies are quietly tracking AI chip exports—and the private sector is finally, belatedly, getting serious about securing supply chains and source code.

Now, this week’s Microsoft patch (KB5063709) arrived—and, classic, it nuked reset and recovery tools on thousands of Windows devices. If you heard a groan from IT teams coast-to-coast, that was it. But cybercriminals don’t hit pause: threat actors have unleashed new malware, like PipeMagic, disguised as ChatGPT—leveraging zero-days and sidestepping Microsoft Defender. Even more alarming, botnets bred in Chinese threat actor labs, like Gayfemboy, jumped on fresh device vulnerabilities, from DrayTek routers to Realtek modules. FortiGuard Labs notes how operators this year evolved tactics to bypass DNS filtering and used time-based sandbox evasion. Scary stuff, and a nightmare for enterprise defenders still fighting on fragmented, hasty-patched networks.

Industry’s response? Some impressive moves: Google’s Threat Analysis Group cranked up attack surface reduction, and AWS rolled out default Zero Trust segmentation on cloud accounts most at risk from foreign infiltration. CISO circles buzzed about AI-powered threat intelligence tools and behavioral anomaly detection—these promise real-time pinning of malicious pivots, but the gap between marketing and deployed protection, especially in smaller entities, remains enormous.

Here’s the expert angle: We’re getting better, but, honestly, this is more

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

If you’re tuning in from home, work, or a suspicious café flooded with free Wi-Fi, hey there, I’m Ting – your specialist in China, cyber, and staying one byte ahead of international threat intel.

No fluffy intros today – let’s jump straight into the week’s biggest flashpoints from Tech Shield: US vs China. First up, the continuing fallout from China’s admission to U.S. officials about Volt Typhoon. According to the Defense Counterintelligence and Security Agency’s David Cattler, China isn’t just investing in tanks and jets, they’re running a global espionage campaign that targets our supply chains, intellectual property, and even our workforce. For listeners marking their calendar, add Salt Typhoon to your threat bingo: another Chinese operation blitzing our telecommunications giants. And for the drama addicts, remember that Treasury Department vendor breach from December last year? Over 3,000 files, some connected to Janet Yellen herself. All courtesy of Chinese hackers, who probably didn’t even break a sweat.

Now, defensive moves. The Cybersecurity and Infrastructure Security Agency, or CISA if you’re into acronyms, dropped an emergency directive for federal agencies to scrub a fresh Microsoft Exchange vulnerability. Federal IT pros spent this week knee-deep in patching hybrid configurations and plugging every conceivable data leak. Industry was quick to follow: Fortune 100 defense contractors are clocking around 65,000 phishing attempts a month – imagine playing whack-a-mole with malware, but the moles never get tired.

Meanwhile, the Trump Administration’s AI Action Plan is in full swing. Released July 23, the plan is all about winning the artificial intelligence race. It calls for AI to be secure-by-design, with systems able to sniff out suspicious performance shifts and automatically signal when someone’s trying to poison the data well. They also launched the AI Information Sharing and Analysis Center (AI-ISAC), aiming to connect critical infrastructure players so they’re not flying solo when the next zero-day pops up.

Expert commentary? CrowdStrike says Murky Panda – also known as Silk Typhoon and formerly Hafnium – is pushing the boundaries by exploiting internet-facing appliances and cloud trust relationships. There’s a new strain called CloudedHope, delivered via web shells, and the initial infection often comes through well-known vulnerabilities like Citrix NetScaler or Commvault. These groups are fast, inventive, and not afraid to target mom-and-pop office routers sitting quietly on U.S. soil.

Government advisories are coming thick and fast. The FBI and international partners publicly tied the Salt Typhoon campaign to Chinese hackers, catalyzing a huge surge in investment: cybersecurity spending is on track to top $212 billion in 2025. The insurance sector is nervy too – premiums will double by 2027, because nobody wants to hold the bag on a national-scale ransomware attack.

This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Tech Shield: US vs China Updates podcast.

Hey listeners, Ting here with Tech Shield: US vs China Updates for August 20, 2025. Strap in, because this week in cyber defense feels like a race where the finish line keeps moving – and sometimes it’s on fire.

First, the Microsoft saga refuses to die quietly. Remember how the Pentagon relied on Azure Government cloud services? Well, a bombshell surfaced when Microsoft was caught leaving out one tiny detail in its security plans: China-based engineers, yes, actual employees in China, supporting Defense Department systems. Everyone from John Sherman (former DoD CIO) to policy wonks lit up about this “digital escort” system, where US-cleared staff would babysit foreign engineers poking around classified clouds. “We can’t be exposed like this,” Sherman snarked online. Microsoft claims they’ve now stopped using China-based personnel for these systems, but honestly, it’s like putting band-aids on a server rack after the alarm’s gone off.

Meanwhile, Microsoft’s Active Protections Program, which used to give vulnerability info to partners around the world, just blocked Chinese companies from receiving early notifications. Why? Too many leaks! That’s after state-sponsored hackers from China used those vulnerabilities, especially in SharePoint and Exchange, to breach hundreds of critical US agencies, including the National Nuclear Security Administration. Microsoft stopped sharing “proof of concept” code with these partners – now, they only get a bland written description, delivered at the same time as patches go live. Dakota Cary from SentinelOne cheered this decision as a "fantastic change,” noting that these companies were just feeding the dragon.

On the public front, CISA dropped an emergency advisory this week after a fresh vulnerability surfaced in Microsoft Exchange’s hybrid configurations. They’ve ordered agencies to lock down their setups, scan for breaches, and report by yesterday or else. In parallel, federal boards are hammering out new guidelines for submarine cable licensing and unmanned aircraft systems—all aiming to bake cyber hygiene right into the hardware. You could say the new rules are like two-factor authentication for North American data pipes.

Industry isn't just watching from the sidelines. Water utility companies are testing free resilience tools thanks to a collaborative Def Con project. As recent federal requirements fall short, New York’s proposed cyber rules for the water sector are getting shoutouts from the Foundation for Defense of Democracies, with hopes that other states will follow suit.

Let’s talk gaps. While these measures plug holes, experts argue the US response is reactive, always scrambling after the next breach—thanks, InfoSec hamster wheel. Regulatory bodies like CFIUS have gotten sharper at screening Chinese investments, especially in tech and critical infrastructure, but as Cyberscoop points out, their risk framework is still mostly smoke and mirror

This content was created in partnership and with the help of Artificial Intelligence AI.