America’s Critical Systems Are Weaker Than Your Phone

Do You Know?

In 2021, a hacker gained access to a Florida water treatment plant’s control system and tried to raise the sodium hydroxide levels in the drinking water by a factor of 100. The attack was caught just in time by an alert operator. The scariest part? The entry point was a remote desktop login with no firewall. If one small city was nearly poisoned, what does that say about national systems?

 🚨 Daily Cyber + AI Watch:  What You Need to Know

• 📱 Smartphones whisper a brutal truth about the systems we trust most.

• 🏢 Salesloft’s shadowed doorway reveals how far attackers can really reach.

• 🏛️ A Capitol vote decides who gets to share and who gets left in the dark.

• 🤖 CISA’s new ally doesn’t sleep, but it learns faster than we ever could.

• ⚖️ Attorneys General draw a line where OpenAI never expected to see one.

📱 White House Cyber Official: Infrastructure Security Trails Smartphones

At a recent cybersecurity event, Alexei Bulazel, the White House’s deputy national cyber director, argued that the U.S. still protects critical infrastructure with weaker security than the devices in our pockets. From power grids to water plants, many systems run on outdated, vulnerable tech. Bulazel called for urgent investment and coordination, warning that the gap between consumer tech security and national infrastructure is only growing wider.

🔑 Why It Matters: This isn’t just a metaphor. If smartphones are better defended than the energy grid, attackers know where the softer targets lie. The warning spotlights how modernization gaps in public systems could become national security risks.

Source: CyberScoop – Critical infrastructure security Weaker than Smartphones

🏢 Salesloft Breach Traced to Stolen GitHub OAuth Tokens

The recent Salesloft–Drift breach that rippled across multiple SaaS providers has been traced back to a compromise of GitHub OAuth tokens. Hackers used these stolen tokens to quietly gain access to company systems, later exploiting trust relationships to spread. Security researchers now warn that OAuth tokens, often overlooked in incident response, can provide long-lasting access if not properly revoked.

🔑 Why It Matters: SaaS platforms are deeply interconnected, so a breach at one vendor can ripple through thousands of businesses. The incident highlights how authentication tokens invisible to most users—are becoming one of the most dangerous targets for attackers.

Source: CyberScoop – Salesloft Drift security incident, Github.

🏛️ Congress Moves to Extend Cyber Information Sharing Grants

A House panel has approved legislation to reauthorize grants that support cyber threat information sharing between companies and government agencies. The original program, set to expire soon, has been key in funding how states and private businesses exchange intel on ransomware, phishing campaigns, and other threats. The reauthorization still needs full congressional approval before the deadline.

🔑 Why It Matters: Cyber defenses often fail when companies work in silos. Renewing this program could decide whether states and industries stay coordinated against fast-moving threats or go it alone.

Source: CyberScoop – House panel approves cyber information sharing grant 

🤖 CISA Looks to AI to Track Exploding Vulnerabilities

CISA officials say artificial intelligence could help defenders manage the overwhelming number of software vulnerabilities that surface each year. In 2024 alone, more than 30,000 new flaws were reported—too many for human teams to triage quickly. AI-driven analysis could prioritize which bugs pose the greatest risks, giving security teams a fighting chance.

🔑 Why It Matters: Vulnerability management has become a numbers game that humans can’t win alone. If AI can reliably flag the riskiest flaws, it may change how defenders allocate scarce resources in the face of constant new threats.

Source: CyberScoop – AI can help track an ever-growing body of vulnerabilities

⚖️ Attorneys General Warn OpenAI Over Child Safety Risks

A bipartisan group of state attorneys general has sent a stern warning to OpenAI: protect children from harmful AI content or face legal consequences. The letter cites concerns about kids accessing violent, explicit, or manipulative chatbot outputs. Officials said they’re prepared to escalate with lawsuits if OpenAI doesn’t adopt stricter safeguards.

🔑 Why It Matters: This marks one of the strongest state-level challenges yet to an AI company’s responsibility for user safety. It also raises the stakes for how platforms balance innovation with protecting vulnerable users.

Source: TechCrunch – Attorneys General Warn OpenAI