This is your US-China CyberPulse: Defense Updates podcast.

Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and digital showdowns. Picture this: it's the final countdown to 2026, and the US-China CyberPulse is firing on all cylinders with fresh defenses against Beijing's sneaky probes. Kicking off with a blockbuster—President Trump just inked a $900 billion defense bill that slams the door on China-based engineers accessing Pentagon cloud systems. ProPublica exposed how Microsoft had these whiz kids from the mainland servicing DoD gear for a decade, with so-called "digital escorts" from the US who couldn't keep up. Defense Secretary Pete Hegseth blasted it on X, saying foreign engineers, especially from China, should never touch DoD systems. Rep. Elise Stefanik called it closing contractor loopholes exploited by Big Tech, while Sen. Tom Cotton hailed it as shielding critical infrastructure from Communist China threats. The law bans access from China, Russia, Iran, and North Korea, codifying Hegseth's September contractor rules, and mandates briefings to Congress starting June 1, 2026. Microsoft's already pledged to tweak protocols, but the Pentagon's probing if any data got swiped.

Shifting gears to threats in the wild—CISA dropped an update on BRICKSTORM, that slick backdoor from PRC state-sponsored crews targeting VMware vSphere and Windows in critical infrastructure like water utilities. WaterISAC warns it's built for long-term lurking, with stealth comms, lateral movement, and auto-reinstalls. Patch now, folks, or watch your networks get tunneled.

Then there's MongoBleed, CVE-2025-14847, a nasty memory-leaker hitting unpatched MongoDB servers with zlib compression—US, China, and EU topside for exploits. CISA slapped it on the Known Exploited Vulnerabilities catalog, giving feds till January 19 to fix. Resecurity's telemetry shows cloud misconfigs galore; attackers are scanning internet-wide for easy wins.

Private sector's stepping up too—NIST unleashed a preliminary Cybersecurity Framework Profile for AI on December 16, layering Secure, Detect, and Thwart focus areas on CSF 2.0. Think AI-specific risks like deepfake phishing, unique creds for AI systems, and resilience against adversarial AI. High-priority tweaks for governance, inventories of AI models and APIs, and incident response with AI-driven analytics.

No big international collabs popped this week, but these moves scream unilateral hardening. China's tweaking its own Cybersecurity Law for AI focus, but that's their sandbox.

Whew, the pulse is strong—stay vigilant, patch those MongoDBs, and audit your vendors. Thanks for tuning in, listeners—subscribe for more cyber scoops! This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI