.png)
Vendor Transparency
What CISA's CI Fortify Guidance Actually Means, and Why It Reads Like a Confession
CISA's CI Fortify guidance tells critical infrastructure to plan for months running cut off from its own networks, on the assumption the adversary is already inside. Why that reads like a confession.
Still Inside: Why the Senate Says Salt Typhoon Was Never Fully Evicted
Salt Typhoon breached at least nine US carriers and the wiretap systems built for law enforcement. The Senate now says China's hackers were never fully evicted.
Seven Years Inside: What Volt Typhoon Is Actually Doing in the US Power Grid
China's Volt Typhoon has held access inside US critical infrastructure for roughly seven years, using no malware. The goal isn't espionage. It's pre-positioning for disruption.
Nine Days After CISA Told America to Lock Down, Its Own Keys Were Sitting on GitHub
Days after CISA told America to lock down, a CISA contractor's public GitHub repo exposed federal cloud keys and the agency's software build credentials for six months.
AT&T Holds the Keys to Federal Surveillance. A Whistleblower Says It Hid the Break-Ins.
A whistleblower suit alleges IBM and AT&T hid repeated Chinese intrusions into a federal cloud system and made false security assurances to keep their government contracts.
Five Warnings in Sixty Days: The Keys to America's Infrastructure Are Not Being Held
Five infrastructure-security stories broke in sixty days, each reported alone. Read together, they say the keys to America's critical systems are not being held.