.png)
Board Risk
Acquisition Agreements Get Signed on Cyber Reps Nobody Verified. That Becomes the GC's Problem.
Acquisition agreements get signed on cyber reps no one independently verified. When the deal closes, the gap between what was repped and what's true becomes the buyer's liability and the GC's problem. What deal counsel should require first.
What CISA's CI Fortify Guidance Actually Means, and Why It Reads Like a Confession
CISA's CI Fortify guidance tells critical infrastructure to plan for months running cut off from its own networks, on the assumption the adversary is already inside. Why that reads like a confession.
Still Inside: Why the Senate Says Salt Typhoon Was Never Fully Evicted
Salt Typhoon breached at least nine US carriers and the wiretap systems built for law enforcement. The Senate now says China's hackers were never fully evicted.
Seven Years Inside: What Volt Typhoon Is Actually Doing in the US Power Grid
China's Volt Typhoon has held access inside US critical infrastructure for roughly seven years, using no malware. The goal isn't espionage. It's pre-positioning for disruption.
Nine Days After CISA Told America to Lock Down, Its Own Keys Were Sitting on GitHub
Days after CISA told America to lock down, a CISA contractor's public GitHub repo exposed federal cloud keys and the agency's software build credentials for six months.
AT&T Holds the Keys to Federal Surveillance. A Whistleblower Says It Hid the Break-Ins.
A whistleblower suit alleges IBM and AT&T hid repeated Chinese intrusions into a federal cloud system and made false security assurances to keep their government contracts.