Summary5 min read

Risky Bulletin: China Bans Israeli and US Cybersecurity Products

Podcast: Risky Bulletin by risky.biz
Date: January 15, 2026
Host: Amberly Jack
Prepared by: Catalyn Campanu

Episode Overview

This episode delivers the latest updates in global cybersecurity, with a dramatic focus on China’s move to ban US and Israeli cybersecurity products from Chinese enterprises. The episode covers regulatory moves, major data breaches, evolving cyber threats, and significant industry policy changes worldwide. Amberly Jack presents rapid-fire news, fortifying listeners with context and direct implications for the infosec community.

Key Discussion Points & Insights

1. China Bans US and Israeli Cybersecurity Products

[00:15] “China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors, according to Reuters. VMware, Fortinet, Palo Alto Networks and Check Point are included in the list of banned companies. Officials cited national security concerns for the restrictions.”
- Chinese authorities mandate companies refrain from employing several major US and Israeli security solutions.
- The official rationale: "national security concerns."
- Major impacted firms: VMware, Fortinet, Palo Alto Networks, Check Point.

2. International Regulatory Actions

[01:10] Russia doubles fines for unauthorized SIM sales.
- Fine increases to 1 million rubles (~$13,000).
- “Russian telcos began collecting SIM card owner data to counter their use in Ukrainian drones.”
[01:31] US launches ANCOR, a new infrastructure security initiative.
- The National Councils for Homeland Operational Resilience replaces the previous advisory body.
- Expected to enhance public-private communication for threat defense.

3. Leadership and Legislative Developments

[02:00] CISA Director role in flux.
- “The Trump administration has re-nominated Sean Planki for the role of CISA Director ... Both Democratic and Republican senators blocked the previous appointment.”
[02:23] US Senate passes the Defiance Act unanimously.
- Gives victims of non-consensual deepfake pornography power to sue creators and distributors.

4. Marketplace Impact: RAM Price Hikes and Firewalls

[02:40] “A recent spike in RAM prices is expected to impact the firewall industry. Firewall prices are predicted to increase this year due to doubling memory costs.”
- Wedbush advisory group predicts thinner margins for firewall vendors in 2026.

5. Major Data Breaches & Privacy Violations

[03:12] French telco Free Mobile fined 42 million euros for a breach exposing over 5 million customers’ details. Data included names, addresses, and bank account numbers.
[03:42] Hackers stole info on 750,000 Canadian investors after a phishing attack at the Canadian Investment Regulatory Organisation.
[04:03] Breach at Victoria, Australia: school student data (names, emails, passwords) compromised.
[04:23] Names and contacts of over 4,500 ICE agents leaked after Minneapolis shooting; site hosting the leak immediately faces DDoS retaliation.

6. Threat Group & Malware Developments

[04:53] Oleg Nevadov named head of Blk Buster ransomware.
- Previously arrested in Armenia (June 2024), quickly released, then fled to Russia.
- “In leaked chats ... Nevadov bragged about calling Russian officials to request passage home.”
[05:38] Lumen sinkholes 550+ Kinwolf botnet servers, cutting off malware from ~250,000 devices.
- Botnet rapidly reorganizes, albeit at reduced scale.

7. Criminal Marketplaces & Operator Identified

[06:13] Microsoft and law enforcement shut down Red VDS, a major criminal marketplace for RDP access.
[06:34] Cyberark identifies operator of Steel Sea Info Stealer via malware infrastructure bugs.
- Operator is a Russian speaker based in Eastern Europe.

8. Security Vulnerability Roundup

[07:10] Node.js memory exhaustion bug patched; affects major frameworks and performance tools.
[07:29] BlueSpark Global patches vulnerabilities in logistics service BlueVoy X.
- Vulnerabilities enabled unauthenticated API access and admin account creation.
[07:56] Mandiant releases net NTLM v1 rainbow tables—dramatic boost for researchers to break NTLM keys.
[08:09] Whisper Pair attack exposes Bluetooth accessories using Google Fast Pair protocol.
- Allows device hijacking and tracking via Google Find Hub.
- Google awards $15,000 to researchers, notifies device vendors.

9. Industry Contributions

[08:29] Anthropic donates $1.5M to Python Software Foundation to harden CPython/PyPy security.

Notable Quotes & Memorable Moments

On China’s ban:
“China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors … Officials cited national security concerns for the restrictions.” [00:15]
On data breaches:
“Email Hackers have stolen data about more than 750,000 Canadian stock market investors. The incident was a result of a phishing attack in August last year.” [03:42]
On SIM regulation:
“Russia is doubling fines for selling unregistered SIM cards ... collecting SIM card owner data to counter their use in Ukrainian drones.” [01:10]
On cybercriminal bravado:
“In leaked chats from the ransomware group, Nevadov bragged about calling Russian officials to request passage home.” [05:31]
On market impact:
“Firewall prices are predicted to increase this year due to doubling memory costs.” [02:40]

Timestamps for Key Segments

| Timestamp | Segment |-----------|--------------------------------------------- | 00:15 | China bans US/Israeli cybersecurity products | 01:10 | Russia increases unauthorised SIM card sales penalties | 01:31 | US launches new infrastructure cyber alliance (ANCOR) | 02:00 | Sean Planki re-nominated for CISA | 02:23 | Defiance Act: deepfake revenge porn victim protections | 02:40 | RAM price spikes, firewall industry impact | 03:12 | Free Mobile fined after privacy breach | 03:42 | Phishing breach at Canadian regulator | 04:03 | Australian student records breach | 04:23 | ICE agent details leaked and repercussions | 04:53 | Oleg Nevadov and Blk Buster ransomware group | 05:38 | Kinwolf botnet C2 servers sinkholed by Lumen | 06:13 | Microsoft shuts down Red VDS criminal marketplace | 06:34 | Steel Sea Info Stealer operator attributed | 07:10 | Node.js memory exhaustion bug patched | 07:29 | BlueSpark/BlueVoy X vulnerabilities, | 07:56 | Mandiant net NTLM v1 rainbow tables for key recovery | 08:09 | Whisper Pair Bluetooth vulnerability and Google response | 08:29 | Anthropic’s $1.5M grant to Python | --------------------------------------------| | | | | | | | | | | | | | | | potential platform takeover | | | Software Foundation for ecosystem security |

Tone & Style

The delivery is factual, brisk, and concise, maintaining a neutral journalistic tone. Amberly Jack focuses on clear reporting and efficient information transfer, suitable for industry professionals seeking quick but detailed updates.

This episode of Risky Bulletin delivers a snapshot of urgent issues—from geopolitics shaping security policy to new vulnerabilities and privacy threats—valuable for technologists and security pros who need to keep pulse with the rapidly shifting cyber landscape.

Loading summary

Transcript1 lines

[00:04]
A
China bans Israeli and US cybersecurity products Sean Planky is renominated for CISA Director Ram Price hikes are likely to impact the cost of firewalls and lumen sinkholes. The Kim Wolf DDOS Botnet this is the Risky bulletin prepared by Catalyn Campanu and read by me, Amberly Jack Today is January 16th and this podcast episode is brought to you by cloud security company Prowler. In today's top story, China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors, according to Reuters. VMware, Fortinet, Palo Alto Networks and Check Point are included in the list of banned companies. Officials cited national security concerns for the restrictions. Russia is doubling fines for selling unregistered SIM cards. A new bill will increase the penalty to 1 million rubles, or $13,000. Last year, Russian telcos began collecting SIM card owner data to counter their use in Ukrainian drones. The US Department of Homeland Security will launch a new program to help secure critical infrastructure. The alliance of National Councils for Homeland Operational Resilience, or anca, is set to replace the former Critical Infrastructure Partnership Advisory Council, or cpac. The DHS shut down CPAC last year. Anchor will serve as a communications hub between the public and private sectors and will help operators defend against threats. The Trump administration has re nominated Sean Planke for the role of CISA director. Planki was nominated for the position last year but did not complete the confirmation process in the Senate. Both Democratic and Republican senators blocked the previous appointment. The U.S. senate has passed a bill allowing victims of non consensual deepfake pornography to sue those who produced or distributed the material. The Defiance act passed unanimously. The bill has also been introduced in the US House with multiple sponsors from both parties. A recent spike in RAM prices is expected to impact the firewall industry. Firewall prices are predicted to increase this year due to doubling memory costs. Investment advisory firm Wedbush says firewall companies will see thinner margins in 2026. French telco Free Mobile has been fined 42 million euros over a 2024 data breach. The details of more than 5 million customers were exposed, including names, addresses and bank account numbers. The French privacy watchdog Sunil said the company failed to implement basic security measures and misled customers in its notification. Email Hackers have stolen data about more than 750,000 Canadian stock market investors. The incident was a result of a phishing attack in August last year. The Canadian Investment Regulatory Organisation is currently notifying affected individuals. A hacker has stolen data about school students in the Australian state of Victoria. The breach affects all current and former state school students. Stolen data includes names, email addresses and encrypted passwords. The names and personal details of more than 4,500 ICE agents have reportedly been leaked by an insider. The list includes names, work emails, phone numbers and positions. The data was released after the shooting of Renee Goode in Minneapolis last week. The leaked site was immediately targeted with DDoS attacks. Russian man Oleg Nevadov has been confirmed as the leader of the Blk Buster ransomware group. He was added to the EU's most wanted list by German authorities last week. Nevadov was arrested in Armenia in June 2024 but was released three days later. He then fled to Russia. In leaked chats from the ransomware group, Nevadov bragged about calling Russian officials to request passage home. Internet infrastructure company Lumen has Sinkholed more than 550 command and control servers for the Kinwolf DDoS botnet malware on almost 250,000 devices was cut off. Kimwulf reorganized after the takedown. At a fraction of its original size, the botnet is known for large scale DDoS attacks and the use of residential proxy infrastructure. Microsoft, together with law enforcement agencies, has shut down the Red VDS criminal marketplace. The site sold access to compromised RDP servers. The servers were then used to carry out phishing, BEC scams, account takeovers and other crimes. Police raids have taken place in Germany, but no arrests have been announced. The operator of the Steel Sea Info stealer has been identified as a Russian speaker living in an Eastern European country. Security firm Cyberark traced the operator after finding and exploiting vulnerabilities in the malware's infrastructure. The company's researchers found the bugs after analyzing the malware's source code, which was leaked early last year. The Node JS team has patched a memory exhaustion bug. The flaw allowed attackers to crash servers using large nested data structures. It was discovered by Vercel and impacts most Node JS applications, including Next js, Node JS frameworks and many performance monitoring tools. Shipping platform BlueSpark Global has patched several vulnerabilities in its BlueVoy X logistics service. The bugs could have allowed threat actors to access customer accounts and track freight shipments. The vulnerabilities allowed full access to the platform's API without the need to authenticate, which could then be used to create admin accounts. Mandiant has released a set of net NTLM V1 rainbow tables. They will help security researchers recover NTLM keys in less than 12 hours using consumer hardware. More than a dozen models of headphones and speakers are vulnerable to a flaw in the Google Fast Pair protocol. The Whisper Pair attack allows threat actors to hijack users Bluetooth accessories in certain scenarios. The attackers can also track the devices via the Google Find Hub. Google awarded the researchers $15,000 and notified device manufacturers. And finally, AI company Anthropic has donated $1.5 million to the Python Software Foundation. The funds will be used to improve the security of the Python ecosystem for projects like CPython and PYPY. That's all for this podcast edition. Today's show was brought to you by our sponsor, Prowler. Find them at prowler. Com. Thanks for your company.

Risky Bulletin: China Bans Israeli and US Cybersecurity Products

Podcast: Risky Bulletin by risky.biz
Date: January 15, 2026
Host: Amberly Jack
Prepared by: Catalyn Campanu

Episode Overview

Key Discussion Points & Insights

1. China Bans US and Israeli Cybersecurity Products

[00:15] “China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors, according to Reuters. VMware, Fortinet, Palo Alto Networks and Check Point are included in the list of banned companies. Officials cited national security concerns for the restrictions.”
- Chinese authorities mandate companies refrain from employing several major US and Israeli security solutions.
- The official rationale: "national security concerns."
- Major impacted firms: VMware, Fortinet, Palo Alto Networks, Check Point.

2. International Regulatory Actions

[01:10] Russia doubles fines for unauthorized SIM sales.
- Fine increases to 1 million rubles (~$13,000).
- “Russian telcos began collecting SIM card owner data to counter their use in Ukrainian drones.”
[01:31] US launches ANCOR, a new infrastructure security initiative.
- The National Councils for Homeland Operational Resilience replaces the previous advisory body.
- Expected to enhance public-private communication for threat defense.

3. Leadership and Legislative Developments

[02:00] CISA Director role in flux.
- “The Trump administration has re-nominated Sean Planki for the role of CISA Director ... Both Democratic and Republican senators blocked the previous appointment.”
[02:23] US Senate passes the Defiance Act unanimously.
- Gives victims of non-consensual deepfake pornography power to sue creators and distributors.

4. Marketplace Impact: RAM Price Hikes and Firewalls

[02:40] “A recent spike in RAM prices is expected to impact the firewall industry. Firewall prices are predicted to increase this year due to doubling memory costs.”
- Wedbush advisory group predicts thinner margins for firewall vendors in 2026.

5. Major Data Breaches & Privacy Violations

[03:12] French telco Free Mobile fined 42 million euros for a breach exposing over 5 million customers’ details. Data included names, addresses, and bank account numbers.
[03:42] Hackers stole info on 750,000 Canadian investors after a phishing attack at the Canadian Investment Regulatory Organisation.
[04:03] Breach at Victoria, Australia: school student data (names, emails, passwords) compromised.
[04:23] Names and contacts of over 4,500 ICE agents leaked after Minneapolis shooting; site hosting the leak immediately faces DDoS retaliation.

6. Threat Group & Malware Developments

[04:53] Oleg Nevadov named head of Blk Buster ransomware.
- Previously arrested in Armenia (June 2024), quickly released, then fled to Russia.
- “In leaked chats ... Nevadov bragged about calling Russian officials to request passage home.”
[05:38] Lumen sinkholes 550+ Kinwolf botnet servers, cutting off malware from ~250,000 devices.
- Botnet rapidly reorganizes, albeit at reduced scale.

7. Criminal Marketplaces & Operator Identified

[06:13] Microsoft and law enforcement shut down Red VDS, a major criminal marketplace for RDP access.
[06:34] Cyberark identifies operator of Steel Sea Info Stealer via malware infrastructure bugs.
- Operator is a Russian speaker based in Eastern Europe.

8. Security Vulnerability Roundup

[07:10] Node.js memory exhaustion bug patched; affects major frameworks and performance tools.
[07:29] BlueSpark Global patches vulnerabilities in logistics service BlueVoy X.
- Vulnerabilities enabled unauthenticated API access and admin account creation.
[07:56] Mandiant releases net NTLM v1 rainbow tables—dramatic boost for researchers to break NTLM keys.
[08:09] Whisper Pair attack exposes Bluetooth accessories using Google Fast Pair protocol.
- Allows device hijacking and tracking via Google Find Hub.
- Google awards $15,000 to researchers, notifies device vendors.

9. Industry Contributions

[08:29] Anthropic donates $1.5M to Python Software Foundation to harden CPython/PyPy security.

Notable Quotes & Memorable Moments

On China’s ban:
“China has instructed local companies to stop using cybersecurity products from some American and Israeli vendors … Officials cited national security concerns for the restrictions.” [00:15]
On data breaches:
“Email Hackers have stolen data about more than 750,000 Canadian stock market investors. The incident was a result of a phishing attack in August last year.” [03:42]
On SIM regulation:
“Russia is doubling fines for selling unregistered SIM cards ... collecting SIM card owner data to counter their use in Ukrainian drones.” [01:10]
On cybercriminal bravado:
“In leaked chats from the ransomware group, Nevadov bragged about calling Russian officials to request passage home.” [05:31]
On market impact:
“Firewall prices are predicted to increase this year due to doubling memory costs.” [02:40]

Timestamps for Key Segments

| Timestamp | Segment | |-----------|-----------------------------------------------------------------------------------------| | 00:15 | China bans US/Israeli cybersecurity products | | 01:10 | Russia increases unauthorised SIM card sales penalties | | 01:31 | US launches new infrastructure cyber alliance (ANCOR) | | 02:00 | Sean Planki re-nominated for CISA | | 02:23 | Defiance Act: deepfake revenge porn victim protections | | 02:40 | RAM price spikes, firewall industry impact | | 03:12 | Free Mobile fined after privacy breach | | 03:42 | Phishing breach at Canadian regulator | | 04:03 | Australian student records breach | | 04:23 | ICE agent details leaked and repercussions | | 04:53 | Oleg Nevadov and Blk Buster ransomware group | | 05:38 | Kinwolf botnet C2 servers sinkholed by Lumen | | 06:13 | Microsoft shuts down Red VDS criminal marketplace | | 06:34 | Steel Sea Info Stealer operator attributed | | 07:10 | Node.js memory exhaustion bug patched | | 07:29 | BlueSpark/BlueVoy X vulnerabilities, potential platform takeover | | 07:56 | Mandiant net NTLM v1 rainbow tables for key recovery | | 08:09 | Whisper Pair Bluetooth vulnerability and Google response | | 08:29 | Anthropic’s $1.5M grant to Python Software Foundation for ecosystem security |