Lightnews — Scholar-powered news

Reposted by Dakota

Eugenio Benincasa @euben.bsky.social · Jul 31

Microsoft is probing whether a MAPP leak let Chinese hackers exploit a SharePoint vuln pre-patch.

In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose

1 4 11

Reposted by Dakota

Greg @jamyang.net · Jul 16

American officials say new economic model for offence has fuelled spying attacks by PRC government agencies that have more than doubled.

"We are in China’s golden age of hacking,” said @dakotaindc.bsky.social :

Joseph Menn @joemenn.bsky.social · Jul 16

New from me: Chinese government-backed hackers have become even more aggressive in breaking into U.S. government networks and companies, powered by a private industry liberated to choose targets themselves. Free link with email etc. wapo.st/4kFltKM

China’s cyber sector amplifies Beijing’s hacking of U.S. targets

Chinese-government hacking attacks against US targets are more serious than ever before, current and former officials said in interviews.

wapo.st

4 6

Dakota @dakotaindc.bsky.social · Jun 27

Should we proactively make human-imitation robotic appearances illegal?

1 3

Dakota @dakotaindc.bsky.social · Jun 25

I’m logging on from vacation in Tokyo to share this banger of a report comparing the cyber offensive acquisition strategies of China and the US.

www.atlanticcouncil.org/in-depth-res...

Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace

If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.

www.atlanticcouncil.org

2 7

Dakota @dakotaindc.bsky.social · Jun 22

50+ hours without power. Highs in the 90s. 😭

Dakota @dakotaindc.bsky.social · Jun 20

I learned the true meaning of a zephyr as I lie awake last night waiting for one to sneak in through my window. We’re at 28 hours without power and approaching tomorrow’s high of 95 with dread.

Reposted by Dakota

NPR @npr.org · Jun 12

June 12th is Loving Day, a holiday that commemorates the Loving v. Virginia case, which allowed interracial marriage in all parts of the U.S. NPR readers share how the case changed their lives.

NPR readers share stories of love and adversity in honor of Loving Day

June 12th is Loving Day, a holiday that commemorates the Loving v. Virginia case, which allowed interracial marriage in all parts of the U.S. NPR readers share how the case changed their lives.

n.pr

23 380 1.2K

Reposted by Dakota

Shashank Joshi @shashj.bsky.social · Jun 11

"China is conducting polygraphs on its agents [from Russia] as soon as they return home, tightening scrutiny of the 20,000 Russian students in China and trying to recruit Russians with Chinese spouses as potential spies, the document says." www.nytimes.com/2025/06/07/w...

Secret Russian Intelligence Document Shows Deep Suspicion of China

Russia’s spy hunters are increasingly worried about China’s espionage, even as the two countries grow closer.

www.nytimes.com

3 20 120

Reposted by Dakota

Tom Hegel @hegel.bsky.social · Jun 9

Hefty new drop w/ @milenkowski.bsky.social

China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

www.sentinelone.com/labs/follow-...

3 6

Dakota @dakotaindc.bsky.social · Jun 5

The threat actor taxonomy unification announcement is a joke on anyone tracking the actual entities behind APT designations. Not only do many separate entities often constitute a single APT, but these entities change their TTPs overtime in ways that may align them to other, already established APTs

1 5

Dakota @dakotaindc.bsky.social · May 30

Can't blame you!

1

Dakota @dakotaindc.bsky.social · May 30

What time was breaskfast?

1 1

Dakota @dakotaindc.bsky.social · May 28

Their emphasis on hands-on experience and practice is evident in the country’s large CTF ecosystem, which incorporates 100s of universities. — Great work by @nattothoughts.bsky.social on this university turned CNNVD TSU.

2

Dakota @dakotaindc.bsky.social · May 28

The “live-fire capabilities” competencies define how the MOE and World-Class Cybersecurity Schools aim to educate students in cybersecurity and information security degrees.

1

Dakota @dakotaindc.bsky.social · May 28

Either way, if a university is getting political points for their contributions to the CNNVD, many others are likely to follow suit. 2) Natto Thoughts highlights Shutd0wn’s use of “live-fire capabilities” which is elaborated upon in detail in the same 2022 survey, for those who are interested.

1

Dakota @dakotaindc.bsky.social · May 28

If the CNITSEC survey is to be believed, it begs questions about to whom these people are identifying vulns. The survey/observed TSUs gap may also suggest that the university professors are too generous with their self-described vuln discovery talents. cset.georgetown.edu/publication/...

2022 White Paper on the Live-Fire Capabilities of Cybersecurity Talents: Attack and Defense Live-Fire Capability Edition | Center for Security and Emerging Technology

Read our translation of a white paper that details China’s system for cultivating homegrown “live-fire” cybersecurity talent.

cset.georgetown.edu

1

Dakota @dakotaindc.bsky.social · May 28

This report has me thinking a couple of things. 1) We should anticipate more universities joining Qingyuan Polytechnic in supporting the CNNVD. As the chart below from the 2022 CNITSEC report (former MSS 13th Bureau) makes clear, the plurality of Chinese vuln talent is employed by higher-ed.

1 6

Dakota @dakotaindc.bsky.social · May 28

曙光信息产业股份有限公司
国家超级计算昆山中心
中国科学院安徽光学精密机械研究所
中国科学院上海植物逆境生物学研究中心
北京中科创嘉人力资源咨询有限公司
中国科学院核能安全技术研究所
陕西省微生物研究所
中国科学院计算机网络信息中心
青岛智能产业技术研究院
中国科学院计算机网络信息中心
中国科学院广州地球化学研究所

Dakota @dakotaindc.bsky.social · May 28

房管所
北龙中网(北京)科技有限责任公司
北京北龙云海网络数据科技有限责任公司
上海新创制药
中国科学院遗传与发育生物学研究所农业资源研究中心
中科北龙
中国科学院上海生命科学院
中国医学科学院药物研究所
《中国激光》杂志社有限公司
中国科学院科技服务有限公司
东方科学仪器进出口集团有限公司
中科软科技股份有限公司
资源与环境信息系统国家重点实验室

1

Dakota @dakotaindc.bsky.social · May 28

中科三方网络技术有限公司
中国长城工业有限公司
中国科学院地质与地球物理研究所兰州油气资源研究中心
中国高技术中心
上海中科网络信息技术有限公司
上海超级计算中心
联合信源数字音频技术有限公司
国家气象信息中心
国家蛋白质科学中心（上海）

1

Dakota @dakotaindc.bsky.social · May 28

中国科学院计算机网络信息中心
中国科学院文献情报中心
中国科学院行政管理局
中国科学院科技创新发展中心
中国科学院人才交流开发中心
中国互联网络信息中心
中国科学院上海临床研究中心
中国科学院武汉物理与数学研究所
中国科学院测量与地球物理研究所
中国科学院高能所羊八井宇宙线观测站
中国科学院资源环境科学信息中心
中国科学院寒区旱区环境与工程研究所
中国科学院南京中科天文仪器有限公司

1

Dakota @dakotaindc.bsky.social · May 28

中国科学院离退休干部工作局
中国科学院人事局
中国科学院条件保障与财务局
中国科学院北京纳米能源与系统研究所
中国科学院强磁场科学中心
中国科学院长春应用化学研究所
中国科学院国家天文台长春人造卫星观测站
中国科学院长春光学精密机械与物理研究所
中国科学院东北地理与农业生态研究所农业技术中心
中国科学院东北地理与农业生态研究所

1

Dakota @dakotaindc.bsky.social · May 28

中国科学院水利部水土保持研究所
中国科学院山西煤炭化学研究所
中国科学院西安光学精密机械研究所
中国科学院国家授时中心
中国科学院地球环境研究所
陕西省西安植物园
陕西省动物研究所
中国科学院新疆生态与地理研究所
中国科学院新疆理化技术研究所
中国科学院新疆天文台
中国科学报社

1

Dakota @dakotaindc.bsky.social · May 28

中国科学院海洋研究所
中国科学院大连化学物理研究所
中国科学院沈阳计算技术研究所有限公司
北京中国科学院软件中心有限公司
联想控股股份有限公司
北京中科资源有限公司
北京中科科仪股份有限公司
中国科技出版传媒股份有限公司
中国科学院建筑设计研究院有限公司
中科实业集团(控股)有限公司
国科科仪控股有限公司
喀斯玛控股有限公司
中国科学院控股有限公司
中国科学院武汉植物园
中国科学院武汉岩土力学研究所
中国科学院武汉文献情报中心
中国科学院武汉病毒研究所
中国科学院水生生物研究所
中国科学院水工程生态研究所
中国科学院精密测量科学与技术创新研究院

1

Dakota @dakotaindc.bsky.social · May 28

中国科学院上海营养与健康研究所
中国科学院上海免疫与感染研究所
中国科学院分子细胞科学卓越创新中心
中国科学院脑科学与智能技术卓越创新中心
中国科学院分子植物科学卓越创新中心
中国科学院微小卫星创新研究院
中国科学院杭州医学研究所
中国科学院烟台海岸带研究所
中国科学院沈阳自动化研究所
中国科学院沈阳应用生态研究所
中国科学院青岛生物能源与过程研究所
中国科学院金属研究所

1