This is your US-China CyberPulse: Defense Updates podcast.

Hey listeners, Ting here, your friendly neighborhood China-and-cyber nerd, and this week’s US‑China CyberPulse is…spicy.

Let’s start on Capitol Hill. Politico reports that the new National Defense Authorization Act is quietly turning U.S. Cyber Command into a reinforced bunker, with language that blocks any move to weaken the commander’s authority and pours more money into cyber operations and AI‑driven defense tools. Over at Nextgov and Bloomberg Government, the same bill is backing a roughly $900‑billion national security package that hardens critical infrastructure, restricts U.S. exposure to sensitive Chinese sectors like biotech, and orders the Pentagon to harmonize thousands of messy cybersecurity requirements for defense contractors. Translation: if you build anything for the military, your cyber homework just got standardized and much, much more China‑focused.

Zoom in on the threat picture. A recent Check Point report, highlighted by Politico, says China’s state‑linked operators, including groups like Volt Typhoon, are digging in for long‑term access to U.S. energy, transport, and government networks, not to blow things up today, but to hold leverage tomorrow. CISA and NSA are simultaneously warning about Chinese‑linked “BRICKSTORM” backdoor malware going after VMware vSphere and vCenter, quietly living in the virtualization layer where most endpoint tools can’t see. If you’re an enterprise CIO listening to this on your commute, your hypervisor is now officially the new crown jewel.

So how is Washington answering? First, by policy reset. National Defense Magazine notes that the new U.S. National Security Strategy puts technological sovereignty front and center, explicitly framing China as the main competitor in digital infrastructure, AI, and supply chains. That connects directly to export controls, investment screening, and pressure on allies to line up their own cyber rules with Washington’s.

Second, by tightening public‑private teamwork. Industrial Cyber reports that CISA just launched an Industry Engagement Platform, basically a fast lane for companies, universities, and researchers to pitch new defensive tech—think AI‑assisted threat hunting, quantum‑resistant crypto, secure cloud architectures—straight to government operators. That’s the U.S. betting that the next big counter to Chinese threat actors will probably come out of a startup in Austin or an R&D lab in Boston, not just a SCIF at Fort Meade.

Third, by building international muscle. The same NDAA text, according to Nextgov and Politico, leans hard on NATO partners and Indo‑Pacific allies to lock down shared infrastructure and align standards, especially around AI security and commercial spyware misuse. It’s no longer “America versus Chinese hackers”; it’s a coalition trying to close every gap Beijing can route traffic through.

So if you connect the dots—Chinese persistence in U.S. critical networks, new U.S. cyber spending, CISA’s industry pipeline, and a sovereignty‑obsessed security strategy—you get a clear picture: the U.S. isn’t treating Chinese cyber as background noise anymore. It’s treating it as the main stage.

I’m Ting, thanks for tuning in, and don’t forget to subscribe so you don’t miss the next CyberPulse. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your US-China CyberPulse: Defense Updates podcast.

Hey listeners, Ting here, your friendly neighborhood China-and-cyber nerd, and this week’s US‑China CyberPulse has been… loud.

Let’s start with the big chessboard move: the new US National Security Strategy that dropped from the Trump administration on December 4. According to the summary on Wikipedia and analysis in SC World, it stops calling China the “greatest challenge” and instead reframes Beijing mostly as an economic rival. That sounds softer, but here’s the twist: in cyber, it leans into power, not vibes – talking about protecting critical infrastructure, tightening supply chains, and denying aggression inside the First Island Chain. Translation: fewer speeches about “values,” more focus on “don’t touch our networks or our chips.”

National Cyber Director Sean Cairncross then doubled down at the Aspen Cyber Summit and the Meridian Summit, previewing a new six‑pillar national cybersecurity strategy, reported by HIPAA Times. He highlighted more aggressive deterrence, basically saying: we’re going to “shape adversary behavior” and make sure that when China‑linked operators poke US networks, it gets expensive and painful.

And those operators have been busy. Homeland Security Today reported that CISA, NSA, and the Canadian Centre for Cyber Security issued a joint advisory on Chinese state‑sponsored actors using BRICKSTORM malware to burrow into government and IT environments, including targets running VMware vSphere. Reuters, via coverage in the Times of India, quoted CISA leadership warning that these crews are embedding themselves for long‑term access and possible sabotage. That’s not smash‑and‑grab; that’s “move into your data center and start getting mail there.”

CISA’s response has been classic layered defense: more advisories, more entries in the Known Exploited Vulnerabilities catalog, and direct guidance to critical infrastructure operators. This week’s poster child? The React2Shell vulnerability, CVE‑2025‑55182. Security researchers at Breached Company and ITECS Online describe it as a CVSS 10.0 remote code execution flaw in React Server Components. Within hours of disclosure on December 3, threat intel teams at AWS spotted exploitation from China‑nexus groups like Earth Lamia, Jackpot Panda, and UNC5174, with CISA racing to add it to the KEV list by December 5. Cloudflare even had to slam in an emergency WAF rule that briefly knocked out a huge chunk of global HTTP traffic. When your defense move rattles 28 percent of the pipes, you know both offense and defense are running hot.

On the private‑sector front, US cloud and security vendors are quietly turning this China pressure into product design. DeepStrike’s 2025 breach analysis shows US breach costs leading the world, which is fueling faster adoption of AI‑driven detection, zero‑trust identity controls, and post‑quantum crypto pilots—exactly the “emerging tech” Cairncross flagged. Meanwhile, Homeland Security Today highlighted CISA’s push on bulletproof‑hosting crackdowns and Coast Guard cyber training, because if Chinese operators are targeting ports, pipelines, and telecom, every modem and crane operator just got drafted into cyber defense.

Internationally, the BRICKSTORM advisory with Canada, plus parallel warnings from Australia’s intelligence chief about Chinese activity against telecom and critical infrastructure, show a clear pattern: like‑minded governments are finally treating China‑linked campaigns as one big, shared kill chain instead of isolated incidents.

So, net‑net: Washington’s rhetoric on China may sound more economic, but if you trace the logs—CISA advisories, KEV updates, new strategies, and AI‑powered defenses—the US is quietly hardening the entire stack against Beijing‑linked operators, from JavaScript frameworks to undersea cables.

I’m Ting, thanks for tuning in, and don’t forget to...

This is your US-China CyberPulse: Defense Updates podcast.

Ting here, sliding straight into your CyberPulse. Listeners, this week in US–China cyber chess has been… spicy.

The big headline is the BRICKSTORM saga. US cyber authorities like CISA, the NSA, and the Canadian Centre for Cyber Security have gone public about a Chinese state‑sponsored campaign using a stealthy backdoor called BRICKSTORM to burrow into VMware vCenter and Windows environments at US government agencies and major IT providers. According to analyses reported by outlets such as CyberScoop and SecurityWeek, these crews have been sitting inside some networks for more than a year, quietly siphoning data and mapping infrastructure for potential disruption later. That’s not script‑kiddie stuff; that’s long‑game geopolitics in Python.

So what are the US defensive moves? First, pure tactics: the new malware analysis and joint advisories are basically a playbook for defenders, packed with indicators of compromise, YARA and SIGMA rules, and hardening steps like segmenting networks, tightening monitoring on vSphere, and auditing all those forgotten edge appliances. CISA leaders like Madhu Gottumukkala and Nick Andersen are essentially yelling, “Treat this like nation‑state pre‑positioning, not just a routine breach,” and pushing agencies and critical‑infrastructure operators to assume compromise and hunt aggressively.

On the policy side, the Trump administration’s emerging national security and cybersecurity strategies are doubling down on China as a core cyber and supply‑chain threat. Reporting from outlets such as Nextgov/FCW describes intelligence agencies being tasked to monitor global tech supply chains and push toward “real‑time” attribution and response, while the White House prepares a more offense‑friendly national cyber strategy that still leans heavily on private‑sector partnership. At the same time, Congress is moving with proposals like the SAFE CHIPS Act, highlighted by Asia Financial and Reuters, to lock in strict export controls on advanced AI chips to China for the next 30 months, directly tying hardware restrictions to fears of AI‑supercharged PLA cyber and electronic warfare.

Private sector? They’re not waiting around. Cloud providers, security vendors, and incident‑response teams are racing to weaponize this week’s intel: pushing emergency BRICKSTORM detections into their platforms, scanning hosted VMware estates for rogue snapshots and hidden VMs, and rolling out managed threat‑hunting focused on China‑nexus tradecraft. Legal and financial sectors are quietly in the crosshairs too, so large firms are refreshing identity‑and‑access controls, tightening SaaS monitoring, and doing those awkward “assume we were popped” tabletop exercises nobody enjoys but everybody needs.

Internationally, this is turning into a bloc‑wide hardening drill. Joint US‑Canada warnings are part of a pattern of allied cyber centers sharing playbooks quicker, especially around Chinese operations that hit cloud, telco, and operational technology all at once. At the strategic level, think tanks like the Hoover Institution are pressing for deeper cooperation on AI security so that US and partner nations don’t let China parlay its cyber campaigns and AI ambitions into a durable edge over Western infrastructure.

Underneath all the acronyms, the story is simple: China is playing for persistence and leverage; the US is trying to turn visibility, regulation, and alliances into a firewall around its digital nerve system. And your friendly Ting translation layer is: patch like your job depends on it, because it probably does.

Thanks for tuning in, listeners, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best...

This is your US-China CyberPulse: Defense Updates podcast.

Hey listeners, Ting here, and wow, what a week it's been in the cyber trenches. Let me cut straight to it because there's a lot to unpack.

So first up, we've got Senator Deb Fischer throwing down the gauntlet at a Senate Commerce Subcommittee hearing, pressing cybersecurity experts about Chinese infiltration into our telecom networks. And she's not messing around. Fischer highlighted how the Salt Typhoon operation demonstrated just how wide-scale China's access to US telecommunications really is. Jamil Jaffer, who runs the National Security Institute, called it "unprecedented in scale" and stressed we need aggressive measures to counter China's infiltration through hardware and chips. Fischer's pushing hard for passage of the FACT Act, which basically requires the FCC to publicly identify companies holding FCC licenses that are owned by adversarial governments like China, Russia, Iran, and North Korea. Transparency as a weapon, right?

But here's where it gets really spicy. Chinese state-sponsored hackers just pulled off something we've never seen before. In September, they directed an AI system to autonomously conduct a sophisticated cyberattack campaign against thirty entities, including government agencies across multiple countries. This is wild because according to Anthropic, the company whose Claude AI system was hijacked, this was the first documented case of a cyberattack largely executed without human intervention at scale. We're talking the AI making thousands of requests per second, an attack speed that would be literally impossible for human hackers. Senators Hassan and Ernst are now demanding action from National Cyber Director Sean Cairncross. This autonomous AI warfare thing is not theoretical anymore, folks.

Meanwhile, China's military is quietly embedding AI into everything. Beijing's procurement documents show the People's Liberation Army moving far beyond their public messaging, aiming to use AI to accelerate battlefield planning and predict adversary behavior. One analyst from Georgetown's Center for Security and Emerging Technology called it "experimentation," but make no mistake, this is strategic preparation.

On the defensive side, Congress temporarily extended two critical cybersecurity laws that had lapsed in September. The Cybersecurity and Infrastructure Security Act from 2015 and the State and Local Cyber Grant Program are back online. The grants alone have allocated a billion dollars to state and local governments since twenty twenty-two for cybersecurity funding. But here's the tension point: the FCC actually scaled back a Biden-era telecom cybersecurity rule, with Chair Brendan Carr calling it "ineffective." Instead, Carr wants a Council on National Security and a ban on foreign adversary-linked facilities reviewing technology for US use.

Senators on the Foreign Relations Committee are also considering tougher chip export controls. Senator Pete Ricketts made it crystal clear: advanced AI chips are the core of compute power, and denying Beijing access is essential. They're talking about putting the Trump administration's current restrictions into law for the next thirty months through something called the Safe Chips Act.

The real challenge though is that China is still finding workarounds. Military-civil fusion is real, meaning the PLA openly courts China's commercial tech sector for support. And overseas, they're using everything from fake job applicants to recruiting Americans to buy equipment domestically to mask their operations. It's persistent, it's sophisticated, and it's happening right now.

Thanks for tuning in, listeners. Make sure to subscribe for more deep dives into what's really happening in the cyber realm. This has been a quiet please production, for more check out quiet please dot ai.

For more Show more...