Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.

Operationally this week has been taken up with further fall out of MOVEit (including new vulnerabilities) and Fortinet vulnerabilities in their VPN devices that were exploited in the wild. The speed with which the Fortinet vulnerabilities were patch diffed by researchers and exploits developed whilst the industry worked in a vacuum was likely sub optimal over the weekend.

In the high-level this week:

• The Axe Files: with Jen Easterly - If China decided to invade Taiwan, they would pair it with significant attacks against our critical infrastructure.

• New bill would give CISA greater cyber outreach responsibilities - The Cybersecurity Awareness Act would direct the agency to launch a new public-private campaign promoting cyber best practices across small businesses and underserved communities. 

• US (CISA) Binding Operational Directive 23-02 - requ…