As the Biden administration comes to an end, the White House on Thursday released a 40-page executive order aimed at strengthening federal cybersecurity protections and putting rails on the US government’s use of AI. WIRED also spoke with outgoing US Ambassador for Cyberspace and Digital Policy Nathaniel Fick about the urgency of the Trump administration not going after Russia and China in the global race for tech dominance. Outgoing FCC Chair Jessica Rosenworcel provided WIRED with the threats facing U.S. telecommunications companies, at least nine of which were recently breached by China’s Saltyphone hackers. Meanwhile, U.S. officials continue to scramble to get their hands on multiple spying campaigns and other data breaches, with new revelations this week that an AT&T breach disclosed last summer compromised FBI call and text logs that identify from anonymous sources can reveal.

Huione Guarantee, the massive online marketplace that researchers say offers a variety of services to online scammers, is expanding its offerings to include a messaging app, stablecoin and crypto exchange and has facilitated a whopping $24 billion worth of transactions, according to new research. New findings suggest that GitHub’s efforts to crack down on the use of counterfeit pornographic software are falling short. And WIRED took a deep dive into the opaque world of predictive travel surveillance and the companies and governments that pump data about international travelers into AI tools meant to track down people who might be a “threat.”

But wait, there’s more! Each week we collect the security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

China spies, USA spies, all spies. Mutual espionage is a geopolitical game played by virtually every nation in the world. So when the US government singles out a single hacker for espionage-focused intrusions, names him, and targets him with sanctions, he must have spied aggressively—or effectively—enough to make powerful people very angry.

The US Treasury on Friday imposed sanctions on Yin Kecheng, a 39-year-old Chinese man accused of being involved in both the breach of nine US telecommunications companies carried out by the Chinese hacker group known as Salt Typhoon, as well as another recent breach of the US Treasury. In a statement on the news, the Treasury alleges that Yin is affiliated with China’s Ministry of State Security and has been a “cyber actor” for more than a decade. It also imposed sanctions on Sichuan Juxinhe Network Technology, a company the Treasury says is also associated with Salt Typhoon.

Salt Typhoon’s breach of US telecommunications services gave Chinese hackers enormous access to the real-time texts and phone calls of Americans, and was reportedly used to spy on President-elect Donald Trump and Vice President-elect JD Vance, among others. FBI Director Christopher Wray called the telecommunications violations China’s “most significant cyber espionage campaign in history.”

While the Treasury is cracking down on China’s espionage operations, it is also still working to determine the extent of the hack that some of those same hackers carried out inside its network. An internal Treasury report obtained by Bloomberg found that hackers penetrated at least 400 of the agency’s computers and stole more than 3,000 files in a recent breach. The espionage-focused hack appeared to be after sanctions and law enforcement-related information, the report found, as well as other intelligence material. Despite that extensive access, the intruders did not gain access to Treasury emails or classified portions of its network, the report said, nor did they leave behind malware that would suggest an attempt to maintain long-term access .

The Justice Department revealed this week that the FBI conducted an operation to wipe a sample of malware known as PlugX from 4,200 computers around the world. The malware, typically transferred to computers via infected USB drives, persisted for at least a decade and was sometimes used by Chinese state-sponsored hacker groups to target Chinese dissidents. In July last year, cybersecurity firm Sekoia and French law enforcement took over the command-and-control server behind the malware. This week, the FBI obtained a court order that allowed the bureau to send a self-destruct command to the software on infected machines.

Following news earlier this week of a December cyberattack that breached U.S. education technology platform PowerSchool, school districts targeted in the hack told TechCrunch on Thursday that attackers gained access to “all” student and teacher data stored in their accounts. PowerSchool is used by more than 60 million K-12 students in the US. Hackers gained access to the information by stealing login credentials that gave them access to the company’s customer service portal. The attack has not yet been publicly linked to a specific perpetrator. PowerSchool has not yet disclosed the exact number of victim schools, nor whether all of its customers have been affected.