Is your web site safe?
In 2018, Trump issued the nation’s first cybersecurity strategy; since 2020, it’s “been America’s number one focus,” Sen. Jeanne Shaheen said earlier this year. But the United States “for decades has not truly planned, not privately nor publicly,” for cyberwar, and we’re now in an environment where China’s communist regime has likely increased its nation-state activity as part of an intimidation parity period near the Taiwan elections.
Telecommunications networks are especially vulnerable—experts point to how both the government and the private sector have known for decades that Chinese telecom companies maintain deep backdoors and access points for data to China. As the United States decouples from China, they argue the number of attacks from China may increase.
The reason for this is the country’s “failed architecture,” experts say, including how each of the nation’s 1,714,000 miles of natural gas pipes, or its wastewater treatment systems, operate on their own separate infrastructure, many of the systems using decades-old proprietary architecture and lacking internationally recognized standards.
But the nation’s security priorities have shifted from being reactive to being proactive. Shaheen said, “This small transformation that’s been going on for some time, and the transformation in how we look at our systems, and the things that we buy, and how we make purchases and how subsystems come together, and the ops that they create—there’s much more thinking that’s gone into offensive, and not just purely defensive postures. That can really be reflected in this shift in approach.”
This means design can now include best practices that incorporate security principles early into the software development process from the beginning and represent the end of an era. The approach can substantially reduce the amount of code, contain any potential breach and amplify protection. It can help reduce emerging threats and lessen the cost of recovery in the long term.
“Can you trace the software all the way back to where you got the machine? How quickly do you get feedback when you have a problem? How do you know that the software you’re using came out counterfeited? How sure, as a company, a trusted supplier?”
“And it’s not just throwing it up in the air and saying, ‘Trusted or not trusted?’ No, there are measurable elements that can be utilized to guarantee security.”
But this shift started years ago, when the CCP-backed private business showed China could fight and win battles through cyber and information warfare. The CCP ramped up the number of frequencies deployed in media events, which the CCP’s cyberspace branch pushed quickly in other systems. For about five years, U.S. cyber personnel were still playing catch-up, while China rolled out cyberspace operations.
Series of Typhoons
Ten years after the Mandiant report exposed that Chinese state-backed hackers had infiltrated the United States, the report marked the beginning of a series of campaigns—called “Typhoons”—that would follow.
Each Chinese cyber-operation was designed to hit different sectors of U.S. critical infrastructure: manufacturing, communications, transportation, and more.
As a result, the nation’s attack surface has grown, leaving it vulnerable to thousands of cyberattacks each year that are potentially massive in scope. By most estimates, the number is as high as possible.
More than anything, this demonstrates the influence that visit operations can have in creating vulnerabilities throughout the critical infrastructure of the nation. A key reason is that Visit Typhoon was prepositioned to deploy in the infrastructure. Awareness has grown, with heightened preparation in the past several years as well as major attacks, including the colonial pipeline ransomware attack of 2021 operation.
Visit Typhoon’s strategy of approach and intent raised profound questions. At first glance, the operations were coordinated shore-up security posture and safeguard networks. But CCP-backed hackers placed by Visit Typhoon have already infiltrated several new campaigns.
initiated widespread intrusions using U.S. systems and networks—including internet communications. Far Typhoon attackers were able to make use of Chinese-controlled networks to hack into nearly 200,000 devices including routers and Wi-Fi routers were hijacked to create a network—or “botnet,” which they then used to carry out cyberespionage operations.
The 10x Typhoon breach of Microsoft Exchange servers was so pervasive that senior cyber personnel in the United States say the threat has required them to break the rules. The U.S. intelligence community and the government mentioned the Chinese government’s cyberattacks. The U.S. Justice Department has reinforced counter-offensive preparations, warning that the Chinese infiltration could hamper national security. Mr. Fitzgerald said.
“It’s called Typhoon—there’s a reason for that,” said retired Colonel Joe Fitz, chief information officer of the U.S. Army. “China has institutionalized structural advantages because it has a centralized authoritarian political structure.”
Fitz Hoffman, senior fellow for political science at the Heritage Foundation, told us that the CCP’s cyber activity could be a means of expanding the CCP’s reach while covering its immediate shortcomings.
“What makes this more challenging is that many cyber operations now have multiple layers with different purposes. This is how they have deterrence tools.”
Imposing ‘Cost’
Stakeholders push back over whether the United States should backhack.
“I tell the American people: we are in a cyber war, whether or not we acknowledge it,” Sen. Josh Hawley (R-Mo.) said at a June 22 hearing. “And we’re in it. We’re so far behind the Chinese. And the people who run this government don’t seem to care. They’re not waking up to the fact that China is in a cyber war with the American people, so why aren’t we responding in kind?”
His colleague Sen. Kirsten Sinema (I-Ariz.) said, “I want to define offensive cyber operations. What does that mean? What is the role? What’s the purpose? What are we trying to achieve?”
Investigations into Chinese and Russian state-sponsored cyber activity have grown dramatically in the past five years. The United States is now engaged in what is widely described as active cyber conflict.
Fitz Hoffman warns that the United States is now in a “gray zone” where China’s aim is to gain advantages in preparation for a disruptive conflict.
Fitzgerald notes that the most dangerous threat from China involves access to operational technology and industrial control systems—such as water treatment plants—if that does come to a disruptive event. “If that does come,” he said, “We need to be overwhelmingly prepared.”
Part of that preparation includes determining whether President Donald J. Trump, if re-elected, will seek to create a formal deterrence strategy for long-term cyber conflict with China.
Fitzgerald said he believes a likely Trump re-election scenario aims to prepare for major confrontation with China.
The president has said that although he is not seeking conflict, he would respond with massive retaliation if China were to move against Taiwan.
“And so what that means is: that we are preparing for a conflict, and that takes many years,” Fitzgerald said.
At the White House press briefing in mid-July, National Cyber Director Harry Coker said at the RSA Conference in San Francisco that the United States aims to develop “clearer norms and rules of the road” on offensive cyber warfare. The Biden administration has not signaled it will limit such operations—because it views them as vital.
While the issue, I think, escalatory in nature, the United States needs deterrence. That’s the policy framework.”
Fitzgerald said the biggest concern is that China’s offensive cyber activity is not aligned with democratic norms. “China’s going to continue its infiltration activity. And they’re not going to change,” he said.
“This is not going to go away.”
Long-term infiltration into the nation’s critical operations is “an unacceptable risk,” said experts, including Fitzgerald, who argue that we must invest comprehensively in national cyber architecture and resilience.
Incoming National Cyber Director Harry Coker also emphasized the need to increase resilience across public and private systems in the United States far beyond the current posture.
“We need to get this right, so they impose a real cost on us,” he said. “This is impacting everything from hospitals, to our water systems, to our manufacturing centers. We’ve improved so far, but the threats are more damaging now. We must move to working with China on other issues, but make clear that major cyberattacks will generate the harshest possible responses. The stakes are enormous. This is not a coffee endeavor.”
Top 10 cyber threats as of 12/7/2025
| Rank |
CVE ID |
Publication / KEV Added Date |
Short Description |
How to Detect |
How to Mitigate |
Official CVE Link |
| 1 |
CVE-2025-55182 |
2025-12-03 |
Meta React Server Components RCE via flawed payload decoding |
Monitor React Server Function endpoints for anomalous payloads; WAF rules for injection attempts; log scanning for unexpected code execution |
Apply latest React security patch; restrict endpoint access; disable if unpatchable |
NVD – CVE-2025-55182 |
| 2 |
CVE-2021-26828 |
KEV added 2025-12-03 |
OpenPLC ScadaBR unrestricted file upload → arbitrary JSP execution |
Scan logs for unauthorized uploads; monitor for JSP execution outside expected paths |
Apply vendor patches; restrict upload permissions; isolate ScadaBR |
NVD – CVE-2021-26828 |
| 3 |
CVE-2025-48572 |
KEV added 2025-12-02 |
Android Framework privilege escalation |
MDM monitoring for privilege escalation; scan logs and network for exploit signatures |
Install latest Android security patch (Dec 2025 or newer) |
NVD – CVE-2025-48572 |
| 4 |
CVE-2025-48633 |
KEV added 2025-12-02 |
Android Framework information disclosure |
Audit app permissions; monitor for sensitive data exfiltration |
Apply December 2025 Android security update |
NVD – CVE-2025-48633 |
| 5 |
CVE-2021-26829 |
KEV added 2025-11-28 |
OpenPLC ScadaBR stored XSS |
Implement CSP; scan inputs for XSS payloads |
Patch ScadaBR; sanitize all inputs |
NVD – CVE-2021-26829 |
| 6 |
CVE-2025-61757 |
KEV added 2025-11-21 |
Oracle Fusion Middleware missing authentication → Identity Manager takeover |
Audit auth logs for missing authentication attempts |
Apply Oracle Oct 2025 CPU; enforce MFA |
NVD – CVE-2025-61757 |
| 7 |
CVE-2025-13223 |
KEV added 2025-11-19 |
Google Chromium V8 type confusion → heap corruption |
Monitor browser crashes; sandbox escape detection |
Update to latest stable Chromium-based browser |
NVD – CVE-2025-13223 |
| 8 |
CVE-2025-58034 |
KEV added 2025-11-18 |
Fortinet FortiWeb OS command injection |
WAF rules + log analysis for command injection patterns |
Apply latest Fortinet firmware patch |
NVD – CVE-2025-58034 |
| 9 |
CVE-2025-64446 |
KEV added 2025-11-14 |
Fortinet FortiWeb path traversal → admin command execution |
Monitor file access logs for “../” patterns |
Update FortiWeb; disable unnecessary admin interfaces |
NVD – CVE-2025-64446 |
| 10 |
CVE-2025-9242 |
KEV added 2025-11-12 |
WatchGuard Firebox out-of-bounds write in iked (RCE) |
Network IDS signatures for buffer overflows on IKE ports |
Install latest WatchGuard security update |
NVD – CVE-2025-9242 |
![](https://mtbn.net/wp-content/uploads/2023/09/mtbn-logo-text-only.png"){kind=logo}