News Analysis Foreign firms in China are now required to report network vulnerabilities to authorities under a new data security law. Analysts say this will help hackers working for the Chinese Communist Party’s (CCP) with conducting cyber attacks for the regime. The law was officially put into practice on Sept. 1, aimed at data surveillance in major sectors. According to Article 29 of the law, international companies within China must report their data security incidents immediately to both authorities and users once they are identified. On the same day, a Chinese bylaw took effect on the management of network product security vulnerabilities. The rules require service providers to report details to authorities within two days, while foreign organizations and individuals are banned from access. Analysts said this is a way for the CCP to effectively weaponize cyber vulnerabilities. Weaponizing Zero-Day Vulnerabilities System flaws that developers are unaware of are called …