Risky Bulletin: China Bans Israeli and US Cybersecurity Products

Podcast: Risky Bulletin by risky.biz
Date: January 15, 2026
Host: Amberly Jack
Prepared by: Catalyn Campanu

Episode Overview

This episode delivers the latest updates in global cybersecurity, with a dramatic focus on China’s move to ban US and Israeli cybersecurity products from Chinese enterprises. The episode covers regulatory moves, major data breaches, evolving cyber threats, and significant industry policy changes worldwide. Amberly Jack presents rapid-fire news, fortifying listeners with context and direct implications for the infosec community.

Key Discussion Points & Insights

1. China Bans US and Israeli Cybersecurity Products

[00:15] “China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors, according to Reuters. VMware, Fortinet, Palo Alto Networks and Check Point are included in the list of banned companies. Officials cited national security concerns for the restrictions.”
- Chinese authorities mandate companies refrain from employing several major US and Israeli security solutions.
- The official rationale: "national security concerns."
- Major impacted firms: VMware, Fortinet, Palo Alto Networks, Check Point.

2. International Regulatory Actions

[01:10] Russia doubles fines for unauthorized SIM sales.
- Fine increases to 1 million rubles (~$13,000).
- “Russian telcos began collecting SIM card owner data to counter their use in Ukrainian drones.”
[01:31] US launches ANCOR, a new infrastructure security initiative.
- The National Councils for Homeland Operational Resilience replaces the previous advisory body.
- Expected to enhance public-private communication for threat defense.

3. Leadership and Legislative Developments

[02:00] CISA Director role in flux.
- “The Trump administration has re-nominated Sean Planki for the role of CISA Director ... Both Democratic and Republican senators blocked the previous appointment.”
[02:23] US Senate passes the Defiance Act unanimously.
- Gives victims of non-consensual deepfake pornography power to sue creators and distributors.

4. Marketplace Impact: RAM Price Hikes and Firewalls

[02:40] “A recent spike in RAM prices is expected to impact the firewall industry. Firewall prices are predicted to increase this year due to doubling memory costs.”
- Wedbush advisory group predicts thinner margins for firewall vendors in 2026.

5. Major Data Breaches & Privacy Violations

[03:12] French telco Free Mobile fined 42 million euros for a breach exposing over 5 million customers’ details. Data included names, addresses, and bank account numbers.
[03:42] Hackers stole info on 750,000 Canadian investors after a phishing attack at the Canadian Investment Regulatory Organisation.
[04:03] Breach at Victoria, Australia: school student data (names, emails, passwords) compromised.
[04:23] Names and contacts of over 4,500 ICE agents leaked after Minneapolis shooting; site hosting the leak immediately faces DDoS retaliation.

6. Threat Group & Malware Developments

[04:53] Oleg Nevadov named head of Blk Buster ransomware.
- Previously arrested in Armenia (June 2024), quickly released, then fled to Russia.
- “In leaked chats ... Nevadov bragged about calling Russian officials to request passage home.”
[05:38] Lumen sinkholes 550+ Kinwolf botnet servers, cutting off malware from ~250,000 devices.
- Botnet rapidly reorganizes, albeit at reduced scale.

7. Criminal Marketplaces & Operator Identified

[06:13] Microsoft and law enforcement shut down Red VDS, a major criminal marketplace for RDP access.
[06:34] Cyberark identifies operator of Steel Sea Info Stealer via malware infrastructure bugs.
- Operator is a Russian speaker based in Eastern Europe.

8. Security Vulnerability Roundup

[07:10] Node.js memory exhaustion bug patched; affects major frameworks and performance tools.
[07:29] BlueSpark Global patches vulnerabilities in logistics service BlueVoy X.
- Vulnerabilities enabled unauthenticated API access and admin account creation.
[07:56] Mandiant releases net NTLM v1 rainbow tables—dramatic boost for researchers to break NTLM keys.
[08:09] Whisper Pair attack exposes Bluetooth accessories using Google Fast Pair protocol.
- Allows device hijacking and tracking via Google Find Hub.
- Google awards $15,000 to researchers, notifies device vendors.

9. Industry Contributions

[08:29] Anthropic donates $1.5M to Python Software Foundation to harden CPython/PyPy security.

Notable Quotes & Memorable Moments

On China’s ban:
“China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors … Officials cited national security concerns for the restrictions.” [00:15]
On data breaches:
“Email Hackers have stolen data about more than 750,000 Canadian stock market investors. The incident was a result of a phishing attack in August last year.” [03:42]
On SIM regulation:
“Russia is doubling fines for selling unregistered SIM cards ... collecting SIM card owner data to counter their use in Ukrainian drones.” [01:10]
On cybercriminal bravado:
“In leaked chats from the ransomware group, Nevadov bragged about calling Russian officials to request passage home.” [05:31]
On market impact:
“Firewall prices are predicted to increase this year due to doubling memory costs.” [02:40]

Timestamps for Key Segments

| Timestamp | Segment |-----------|--------------------------------------------- | 00:15 | China bans US/Israeli cybersecurity products | 01:10 | Russia increases unauthorised SIM card sales penalties | 01:31 | US launches new infrastructure cyber alliance (ANCOR) | 02:00 | Sean Planki re-nominated for CISA | 02:23 | Defiance Act: deepfake revenge porn victim protections | 02:40 | RAM price spikes, firewall industry impact | 03:12 | Free Mobile fined after privacy breach | 03:42 | Phishing breach at Canadian regulator | 04:03 | Australian student records breach | 04:23 | ICE agent details leaked and repercussions | 04:53 | Oleg Nevadov and Blk Buster ransomware group | 05:38 | Kinwolf botnet C2 servers sinkholed by Lumen | 06:13 | Microsoft shuts down Red VDS criminal marketplace | 06:34 | Steel Sea Info Stealer operator attributed | 07:10 | Node.js memory exhaustion bug patched | 07:29 | BlueSpark/BlueVoy X vulnerabilities, | 07:56 | Mandiant net NTLM v1 rainbow tables for key recovery | 08:09 | Whisper Pair Bluetooth vulnerability and Google response | 08:29 | Anthropic’s $1.5M grant to Python | --------------------------------------------| | | | | | | | | | | | | | | | potential platform takeover | | | Software Foundation for ecosystem security |

Tone & Style

The delivery is factual, brisk, and concise, maintaining a neutral journalistic tone. Amberly Jack focuses on clear reporting and efficient information transfer, suitable for industry professionals seeking quick but detailed updates.

This episode of Risky Bulletin delivers a snapshot of urgent issues—from geopolitics shaping security policy to new vulnerabilities and privacy threats—valuable for technologists and security pros who need to keep pulse with the rapidly shifting cyber landscape.

Risky Bulletin: China Bans Israeli and US Cybersecurity Products

Podcast: Risky Bulletin by risky.biz
Date: January 15, 2026
Host: Amberly Jack
Prepared by: Catalyn Campanu

Episode Overview

Key Discussion Points & Insights

1. China Bans US and Israeli Cybersecurity Products

[00:15] “China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors, according to Reuters. VMware, Fortinet, Palo Alto Networks and Check Point are included in the list of banned companies. Officials cited national security concerns for the restrictions.”
- Chinese authorities mandate companies refrain from employing several major US and Israeli security solutions.
- The official rationale: "national security concerns."
- Major impacted firms: VMware, Fortinet, Palo Alto Networks, Check Point.

2. International Regulatory Actions

[01:10] Russia doubles fines for unauthorized SIM sales.
- Fine increases to 1 million rubles (~$13,000).
- “Russian telcos began collecting SIM card owner data to counter their use in Ukrainian drones.”
[01:31] US launches ANCOR, a new infrastructure security initiative.
- The National Councils for Homeland Operational Resilience replaces the previous advisory body.
- Expected to enhance public-private communication for threat defense.

3. Leadership and Legislative Developments

[02:00] CISA Director role in flux.
- “The Trump administration has re-nominated Sean Planki for the role of CISA Director ... Both Democratic and Republican senators blocked the previous appointment.”
[02:23] US Senate passes the Defiance Act unanimously.
- Gives victims of non-consensual deepfake pornography power to sue creators and distributors.

4. Marketplace Impact: RAM Price Hikes and Firewalls

[02:40] “A recent spike in RAM prices is expected to impact the firewall industry. Firewall prices are predicted to increase this year due to doubling memory costs.”
- Wedbush advisory group predicts thinner margins for firewall vendors in 2026.

5. Major Data Breaches & Privacy Violations

[03:12] French telco Free Mobile fined 42 million euros for a breach exposing over 5 million customers’ details. Data included names, addresses, and bank account numbers.
[03:42] Hackers stole info on 750,000 Canadian investors after a phishing attack at the Canadian Investment Regulatory Organisation.
[04:03] Breach at Victoria, Australia: school student data (names, emails, passwords) compromised.
[04:23] Names and contacts of over 4,500 ICE agents leaked after Minneapolis shooting; site hosting the leak immediately faces DDoS retaliation.

6. Threat Group & Malware Developments

[04:53] Oleg Nevadov named head of Blk Buster ransomware.
- Previously arrested in Armenia (June 2024), quickly released, then fled to Russia.
- “In leaked chats ... Nevadov bragged about calling Russian officials to request passage home.”
[05:38] Lumen sinkholes 550+ Kinwolf botnet servers, cutting off malware from ~250,000 devices.
- Botnet rapidly reorganizes, albeit at reduced scale.

7. Criminal Marketplaces & Operator Identified

[06:13] Microsoft and law enforcement shut down Red VDS, a major criminal marketplace for RDP access.
[06:34] Cyberark identifies operator of Steel Sea Info Stealer via malware infrastructure bugs.
- Operator is a Russian speaker based in Eastern Europe.

8. Security Vulnerability Roundup

[07:10] Node.js memory exhaustion bug patched; affects major frameworks and performance tools.
[07:29] BlueSpark Global patches vulnerabilities in logistics service BlueVoy X.
- Vulnerabilities enabled unauthenticated API access and admin account creation.
[07:56] Mandiant releases net NTLM v1 rainbow tables—dramatic boost for researchers to break NTLM keys.
[08:09] Whisper Pair attack exposes Bluetooth accessories using Google Fast Pair protocol.
- Allows device hijacking and tracking via Google Find Hub.
- Google awards $15,000 to researchers, notifies device vendors.

9. Industry Contributions

[08:29] Anthropic donates $1.5M to Python Software Foundation to harden CPython/PyPy security.

Notable Quotes & Memorable Moments

On China’s ban:
“China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors … Officials cited national security concerns for the restrictions.” [00:15]
On data breaches:
“Email Hackers have stolen data about more than 750,000 Canadian stock market investors. The incident was a result of a phishing attack in August last year.” [03:42]
On SIM regulation:
“Russia is doubling fines for selling unregistered SIM cards ... collecting SIM card owner data to counter their use in Ukrainian drones.” [01:10]
On cybercriminal bravado:
“In leaked chats from the ransomware group, Nevadov bragged about calling Russian officials to request passage home.” [05:31]
On market impact:
“Firewall prices are predicted to increase this year due to doubling memory costs.” [02:40]

Timestamps for Key Segments

| Timestamp | Segment | |-----------|-----------------------------------------------------------------------------------------| | 00:15 | China bans US/Israeli cybersecurity products | | 01:10 | Russia increases unauthorised SIM card sales penalties | | 01:31 | US launches new infrastructure cyber alliance (ANCOR) | | 02:00 | Sean Planki re-nominated for CISA | | 02:23 | Defiance Act: deepfake revenge porn victim protections | | 02:40 | RAM price spikes, firewall industry impact | | 03:12 | Free Mobile fined after privacy breach | | 03:42 | Phishing breach at Canadian regulator | | 04:03 | Australian student records breach | | 04:23 | ICE agent details leaked and repercussions | | 04:53 | Oleg Nevadov and Blk Buster ransomware group | | 05:38 | Kinwolf botnet C2 servers sinkholed by Lumen | | 06:13 | Microsoft shuts down Red VDS criminal marketplace | | 06:34 | Steel Sea Info Stealer operator attributed | | 07:10 | Node.js memory exhaustion bug patched | | 07:29 | BlueSpark/BlueVoy X vulnerabilities, potential platform takeover | | 07:56 | Mandiant net NTLM v1 rainbow tables for key recovery | | 08:09 | Whisper Pair Bluetooth vulnerability and Google response | | 08:29 | Anthropic’s $1.5M grant to Python Software Foundation for ecosystem security |

wavePod

Risky Bulletin: China bans Israeli and US cybersecurity products

Powered by Wave AI

Summary

Risky Bulletin: China Bans Israeli and US Cybersecurity Products

Episode Overview

Key Discussion Points & Insights

1. China Bans US and Israeli Cybersecurity Products

2. International Regulatory Actions

3. Leadership and Legislative Developments

4. Marketplace Impact: RAM Price Hikes and Firewalls

5. Major Data Breaches & Privacy Violations

6. Threat Group & Malware Developments

7. Criminal Marketplaces & Operator Identified

8. Security Vulnerability Roundup

9. Industry Contributions

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Tone & Style

Summary

Risky Bulletin: China Bans Israeli and US Cybersecurity Products

Episode Overview

Key Discussion Points & Insights

1. China Bans US and Israeli Cybersecurity Products

2. International Regulatory Actions

3. Leadership and Legislative Developments

4. Marketplace Impact: RAM Price Hikes and Firewalls

5. Major Data Breaches & Privacy Violations

6. Threat Group & Malware Developments

7. Criminal Marketplaces & Operator Identified

8. Security Vulnerability Roundup

9. Industry Contributions

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Tone & Style