Welcome back. As the Trump administration’s trade talks with China were set to begin in Sweden last July, staffers on the House committee focused on U.S. competition with China began to get puzzling inquiries, according to people familiar with the matter.

Several trade groups, law firms and U.S. government agencies had received an email appearing to be from the committee’s chairman, Rep. John Moolenaar (R., Mich.), asking for input on proposed Beijing sanctions.

Cyber analysts traced malware embedded in the email to a hacker group known as APT41—believed to be a contractor for China's Ministry of State Security. Read more from WSJ.

Also: The clock is ticking on core federal cybersecurity legislation set to expire Sept. 30, as a divided Congress and a looming government shutdown threaten progress on a new bill that seeks to extend provisions encouraging cooperation in fighting hackers. Read our full story. 

More news below.

Lab-grown AI malware: New York University researchers created malware that manipulates large language models such as OpenAI’s ChatGPT into launching ransomware. The malware, called PromptLock, was discovered in August by cyber company ESET, which found it on the suspicious-file analysis site VirusTotal. 

• The NYU researchers said they developed PromptLock to prove that hackers can ply LLMs for activities that AI companies say they guard against. (CyberScoop)

Canadian investment company Wealthsimple said the personal data of about 1% of its customer base was exposed in August when software written by a third-party was compromised. Wealthsimple didn't disclose how many people were affected or specify the software at issue. 

WSJ Tech Live is The Wall Street Journal’s premier technology event series. Over three days, our journalists will sit down with top executives, founders and policymakers to explore the most pressing topics of today. It all takes place across two global destinations for innovation and investment: California and Qatar.

Register your interest to be part of this unique live journalism experience and receive access to exclusive discounted rates on your pass.

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.