This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here with your China Hack Report: Daily US Tech Defense. Let’s jack straight into the last 24 hours.

According to Politico’s Morning Cybersecurity newsletter, lawmakers on the House Homeland Security cyber subcommittee are zeroing in on Chinese AI firms DeepSeek and Unitree Robotics after OpenAI and Anthropic accused them of “distillation attacks” to clone US foundation models. That sounds abstract, but it’s core US intellectual property being siphoned—exactly the kind of slow-burn exfiltration that turns into long‑term strategic advantage for Beijing across defense, finance, and energy.

Politico also notes that Representative Andy Ogles is tying this directly to earlier China‑nexus operations like the Salt Typhoon intrusion into American telecom networks, which gave China potential visibility into voice and data flows that underpin everything from 911 services to military logistics. Think of it as planting persistent wiretaps in the nervous system of US critical infrastructure.

Check Point Research just dropped a threat intelligence report that, while focused globally, highlights fresh China‑linked espionage tradecraft that US defenders should treat as “coming soon to a network near you.” They describe Camaro Dragon, a China‑nexus group, pushing PlugX and Cobalt Strike beacons via war‑themed lures and abused software update chains against government and energy entities in the Middle East and Qatar. Swap the target logo and that playbook maps perfectly onto US federal agencies and power grid operators.

Red Packet Security today flagged a live Cobalt Strike beacon hitting 47.109.198.8 on port 6000, infrastructure sitting in Chinese cloud space. On its own, that’s just telemetry, but chained with the Camaro Dragon report, it’s a reminder that commodity tools like Cobalt Strike are still the lingua franca of Chinese espionage inside US networks.

Infosecurity Magazine is also calling out a surge in fake shipment‑tracking scams riding on a Chinese‑language phishing‑as‑a‑service platform called Darcula, which has already hit government, postal, airline, and financial targets in over 100 countries. US agencies that handle citizen identity data and logistics—think USPS, state DMVs, even contractors for DHS—are prime collateral if those kits are repurposed with US‑branded skins.

On the defense side, CyberScoop reports a Booz Allen analysis warning that attackers are using AI frameworks like HexStrike to weaponize newly disclosed CVEs faster than defenders can patch. They explicitly call out CISA’s 15‑day remediation window for Known Exploited Vulnerabilities as too slow in an AI‑accelerated world, where something like a Citrix Netscaler flaw can be mass‑exploited in minutes. That’s not theoretical—China‑nexus groups have historically loved edge appliances for stealthy access.

So here’s what Ting wants you locking in on right now: follow CISA’s KEV catalog like it’s your heartbeat monitor; patch internet‑facing VPNs, Citrix, and SolarWinds gear on emergency timelines; hunt aggressively for PlugX and Cobalt Strike beacons, especially tied to Chinese IP space; tighten egress rules so model‑training data and code repos aren’t quietly dribbling into foreign AI labs; and train staff to spot “fake shipping” and AI‑tool lures that ultimately deliver infostealers into corporate environments.

That’s it for today’s China Hack Report: Daily US Tech Defense. Thanks for tuning in, and don’t forget to subscribe so Ting can keep your packets clean and your threat intel spicy. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here with your daily China hack report, and let me tell you, the past 24 hours have been absolutely wild in the cyber trenches.

So first up, we've got some serious state-sponsored activity. Palo Alto Networks Unit 42 has been tracking a China-based cyber espionage operation they're calling CL-STA-1087, and these folks have been running a long game targeting Southeast Asian military organizations since at least 2020. We're talking strategic operational patience here, which is the hallmark of Beijing's cyber playbook. The operation demonstrates exactly how China approaches cyber warfare—slow, methodical, and devastatingly effective.

But here's where it gets interesting for US tech interests. Microsoft just dropped an out-of-band security update for Windows 11 Enterprise devices, addressing vulnerabilities that could affect hotpatch configurations. That's not your standard Tuesday stuff, listeners. When Microsoft goes off-schedule like that, you know something serious triggered it. And speaking of patches, Google's been cranking them out too. Security Affairs reports that Google fixed two actively exploited zero-day flaws in Chrome affecting Skia and V8 components. CISA already added these to their Known Exploited Vulnerabilities catalog, which means threat actors are actively weaponizing them right now.

The malware landscape is equally concerning. Researchers flagged a significant escalation in the GlassWorm campaign propagating through the Open VSX registry. Instead of embedding loaders directly, threat actors are now abusing extensionPack and extensionDependencies to turn seemingly innocent extensions into transitive delivery mechanisms. That's sophisticated supply-chain manipulation targeting developers directly.

Meanwhile, the KadNap botnet continues its quiet conquest. Since emerging in August 2025, this malware has silently compromised over 14,000 devices, primarily Asus routers, building a massive global proxy network. We're talking about infrastructure that could funnel traffic, steal credentials, or launch distributed attacks against US targets with near-invisibility.

CISA's advisory on secure package managers is especially relevant now because these attacks are evolving faster than most organizations can patch. The agency emphasizes DevSecOps guidance as essential defensive posture. If you're running WordPress sites, that critical SQL injection vulnerability in the Ally plugin affects 400,000 plus installations, so prioritize that patch immediately.

Microsoft's March 2026 Patch Tuesday fixed 84 bugs, and the broader security community is treating this month as critical remediation season. For US organizations, the recommendation is straightforward: apply patches immediately, monitor your supply chains aggressively, and assume nothing in your development environment is truly isolated.

Thanks for tuning in, listeners. Make sure to subscribe for daily updates on what Beijing's cyber operatives are cooking up. This has been Quiet Please production, for more check out quietplease dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and US tech defense. Buckle up, because the last 24 hours have been a sneaky sprint from Beijing's digital ninjas, and I'm spilling the tea straight from the feeds like CSIS's Significant Cyber Incidents log, Risky Business Bulletin, and fresh ThreatLabz alerts.

Picture this: I'm monitoring my dashboards last night around 6 PM UTC on March 13, 2026, when pings light up like a Shenzhen night market. First off, a China-nexus threat actor—ThreatLabz calls 'em out on March 1 but activity spiked yesterday—drops PlugX malware like confetti across the Persian Gulf. Why care, US folks? These Gulf oil chokepoints feed our energy sector, and PlugX is that classic RAT from PLA Unit 61398, burrowing into networks for espionage. They're hitting telecoms and critical infra, sectors we've seen Salt Typhoon gut before. No new exploits named, but it's PlugX's modular payload letting 'em pivot laterally, siphoning data on US allies' defenses.

Switching feeds, China's CERT team flags the RCtea botnet, fresh since December 2025 but DDoS blasts ramped up in the past day targeting IoT devices worldwide. Risky Bulletin reports it's hammering US-facing edge networks—think smart grids and manufacturing hubs. Sectors? Industrial control systems in energy and defense supply chains, echoing those July 2025 Microsoft SharePoint breaches on our agencies.

CISA's not sleeping: Their Emergency Directive 26-03 from February 25 still screams action, but yesterday they ordered federal agencies to ship Cisco SD-WAN logs to the CISA CLAW cloud by March 23. Why? Zero-day attacks since 2023, now linked to China ops per scouts.yutori.com. Those devices guard our telecomm borders—Salt Typhoon's playground. Official warning: Patch immediately or risk full compromise, as Huntress notes attackers daisy-chain RMM tools to fragment trails and persist.

Defensive moves? CISA says enable MFA everywhere, hunt for Cobalt Strike beacons like the one Red Packet Security spotted at 117.72.220.129:5555 yesterday—classic China C2. Validate backups, scrub IoT for RCtea, and monitor Gulf-linked supply chains for PlugX droppers. ISAC echoes this amid Middle East flares, but China's the stealth player blurring hacktivist lines.

Whew, listeners, that's your daily dose—no major zero-days or patches dropped in the hour, but the tempo's rising 150% like February 2025 trends. Stay vigilant; these aren't joyrides, they're prepping for bigger plays.

Thanks for tuning in—subscribe for more intel drops! This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your go-to gal for all things China cyber chaos and US tech defense. Buckle up, because the last 24 hours have been a fireworks show of China-linked hacks slamming American interests—straight fire from F5 Labs' Weekly Threat Bulletin dated March 11th, 2026.

Picture this: I'm sipping my baijiu-laced energy drink, scanning feeds, when bam—STORM-1849 and Uat4356, those sneaky Chinese threat crews, unleash **Line Dancer** and **Line Runner** malware. These nasties are worming into Cisco Secure Firewall Management Center Software via two critical zero-days: CVE-2026-20079, an auth bypass letting randos grab root access with crafted HTTP requests, and CVE-2026-20131, a remote code exec flaw from dodgy Java deserialization—unauthenticated attackers running arbitrary code as root. Cisco dropped emergency patches today, so if you're on that gear, patch now or weep later.

Sectors? They're feasting on US **cloud infrastructure**, **energy grids**, **financial services**, **government networks**, **healthcare**, **industrials**, **IT**, **multimedia**, and **telecoms**. F5 Labs pins victims squarely in the United States, with IOCs lighting up like a Beijing skyline. No direct CISA alert yet on these exact CVEs, but they're echoing their playbook: isolate, patch, and hunt with EDR tools.

This isn't isolated—CSIS logs China state-linked ops surging, and with Iran war heating up per Fox and CBN reports, Computer Weekly warns China's ramping cyber alongside Belarus and Pakistan packs. Defensive moves? CISA's KEV catalog just added 23 iOS vulns from the "Coruna" exploit kit—Chinese-hosted scam sites peddling zero-click chains hitting iOS 13 to 17.2.1. Federal agencies: patch CVE-2021-30952 and CVE-2023-43000 by March 26th, or get memory-corrupted. Google Threat Intelligence Group dissected this beast—fingerprinting JS loading exploits, spotted in Ukraine watering holes.

Immediate actions, listeners: Run Cisco's patches on Secure Firewall Management Center and Security Cloud Control. Oracle Java users, update yesterday. Segment networks, deploy behavioral analytics to sniff Line Dancer's LOLBIN abuse and screen-printed exfils—Unit 42-style stealth. Hunt for those IOCs from F5: weird Java streams, auth skips. Enable MFA everywhere, audit cloud logs, and drill your teams on phishing—China's not slowing.

Witty aside: These hackers think they're ninjas, but with patches, we're the ones vanishing their access. Stay vigilant, fortify those perimeters.

Thanks for tuning in, listeners—subscribe for daily drops! This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your go-to gal for all things China cyber chaos and hacker hijinks. Buckle up, because in the last 24 hours leading into this wild March 9th evening, China-linked cyber ops have been stealthily slicing into US tech and defense like a ninja in the night—especially with the Iran fireworks exploding since late February. No massive breaches dropped today, but the Volt Typhoon and Salt Typhoon crews, those sneaky Chinese state-sponsored phantoms, are still lurking deep in US critical infrastructure, per Politico's weekly cybersecurity rundown. They're the ghosts who compromised everything from power grids to water systems last year, and Trump's new "America First Cyber Strategy" hilariously skips naming them outright—Mark Montgomery from the Foundation for Defense of Democracies called it an "absolute missed opportunity."

But hold onto your firewalls: while Iran's MuddyWater—wait, that's their puppet, not Beijing's direct play—is slamming US banks, airports like that one in the States, and nonprofits with fresh Dindoor backdoor malware, as Broadcom’s Symantec Threat Hunter Team just exposed. Dindoor? It's a slick Deno-based beast for JavaScript execution, planted as early as February 7th on a US software firm servicing defense and aerospace—think Israeli ops too. They tried slurping data via RClone to Wasabi cloud buckets. Brigid O'Gorman from Symantec says these backdoors pre-positioned hackers for wartime punches amid the US-Israel strikes on Tehran that killed Ayatollah Ali Khamenei.

Sectors under fire? Financials are sweating a repeat of Operation Ababil DDoS nightmares, Flashpoint warns, while tech-defense hybrids and aviation get Python backdoors too. No emergency patches hit CISA feeds today, but they're screaming for multi-factor auth everywhere, network segmentation, and hunting for Deno anomalies—Jermaine Roebuck just bounced from CISA, leaving the team lean amid shutdown drama.

China's not firing the big guns yet; they're playing 4D chess, warning Uncle Sam off Iran via state media while their APT41 offshoot, Silver Dragon, expands playbooks with Google Drive C2 against governments, Check Point reports. Witty move: Trump's cyber chief Sean Cairncross is yakking "America First" at the Billington Summit tonight, but without calling out Beijing? Come on.

Defensive drill, listeners: Patch Windows Terminal pronto—Microsoft's ClickFix scam delivers Lumma Stealer via social engineering. Hunt IOCs like unusual Deno runtime, RClone exfil, and Starlink pivots (Iran's copying that trick). CISA says isolate, report via their portal, and drill incident response. Stay frosty—China's watching.

Thanks for tuning in, listeners—subscribe for daily drops! This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here diving straight into what's been happening in the cyber trenches over the last twenty-four hours, and honestly, it's been quieter than expected but that's exactly what should worry you.

So here's the thing about China and cyber operations right now. While everyone's eyes are glued to the Middle East situation unfolding in the Gulf with Iran launching missiles at the UAE and other nations, China's playing a different game entirely. According to threat intelligence assessments circulating through cybersecurity channels, Chinese threat actors have explicitly strategic interest in exploiting US attention fixation on Iran to advance their own espionage campaigns. Think of it like a magician's misdirection, except with zero-days instead of playing cards.

The critical detail emerging from security researchers is that China isn't jumping into the current chaos with obvious kinetic-style cyber attacks. Instead, they're methodically working supply chain compromises and advancing long-term espionage infrastructure. According to multiple vendor warnings including Arctic Wolf and Sophos, supply chain compromise risks are escalating, and Chinese actors have historically been patient masters of this approach.

Now let's talk about what actually hit in the last day. According to recent cybersecurity advisories, Salt Typhoon, China's infamous state-sponsored group that hammered commercial telecommunications companies back in 2024, remains a persistent threat. They're still methodically targeting infrastructure that matters, and telecommunications remains their bread and butter because it gives them access to everything downstream.

The Android space is getting hammered too. According to security platforms monitoring active exploits, the March 2026 Android update specifically targets a zero-day vulnerability that's been under active exploitation. This matters because Android devices are everywhere, and if you're thinking about phones and tablets as secondary systems, you should reconsider that assumption.

Here's what CISA and other authorities are hammering on right now. First, assume pre-positioned access exists on your networks already. Second, conduct threat hunts specifically targeting APT activity on financial, energy, and critical infrastructure. Third, harden your identity infrastructure because Chinese actors absolutely love targeting authentication systems. Enforce multi-factor authentication everywhere, audit privileged accounts relentlessly, and monitor for impossible travel patterns in your access logs.

The immediate recommendation from security community is straightforward. Hunt for unauthorized remote access tools. Validate that your operational technology systems are properly segmented from IT networks. Deploy signatures for known malware families. Monitor internet-connected devices that shouldn't be internet-connected.

Thanks for tuning in, listeners. Make sure you subscribe for daily updates on what's really happening in the cyber world. This has been a Quiet Please production. For more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher reports on Beijing's digital ninjas probing our edges.

Cisco Talos just blew the lid off UAT-9244, a China-linked APT that's been feasting on South American telecoms since 2024, but the ripples are slamming US interests hard. These creeps deploy TernDoor on Windows boxes, PeerTime—aka angrypeer—on Linux servers, and BruteEntry on edge routers, turning them into brute-force zombies scanning Postgres, SSH, and Tomcat. Tracked close to FamousSparrow, which vibes with Salt Typhoon's telecom takedowns, it's all about espionage supply chains that bleed into our networks. Imagine your ISP's edge gear phoning home to Shenzhen—yikes.

Meanwhile, CISA's Known Exploited Vulnerabilities catalog lit up like a fireworks show over three iOS flaws from the Coruna exploit kit: CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 in WebKit. Google's Threat Intelligence Group caught this beast evolving from spyware vendor gigs in February 2025 to Russian UNC6353 watering holes on Ukrainian sites by July, then Chinese UNC6691 financial crooks rifling crypto wallets like MetaMask and Phantom via fake exchanges. It chains 23 zero-days across iOS 13 to 17.2.1, fingerprinting your iPhone on sketchy sites, rooting the powerd daemon, and slurping financial data. CISA's BOD 22-01 gives feds till March 26 to patch, but hey, everyone—update now or kiss your seed phrases goodbye.

Not done yet: CISA also flagged CVE-2017-7921 in Hikvision cams—improper auth letting creeps pivot inside—and CVE-2021-22681 in Rockwell Automation's Studio 5000 Logix Designer, where attackers impersonate controllers for ICS chaos. Silver Dragon, under APT41's wing, is weaponizing Windows Google Drive for fresh espionage drops. Google's year-end tally? China-linked spies topped 2025's enterprise zero-days, hammering security gear and edges we can't even detect properly.

Defensive playbooks scream urgency: CISA says scan for these KEVs, patch iOS pronto, isolate edge devices, hunt TernDoor C2s, and rotate creds on telecom stacks. Federal crews, BOD-mandated; the rest of you, don't sleep on it—Salt Typhoon's 80-country sweep proves they're scaling fast.

Thanks for tuning in, listeners—hit subscribe for daily drops. This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your go-to gal for all things China cyber chaos. Buckle up, because the last 24 hours have been a fireworks show of Beijing's digital shadow games hitting US tech and defense right where it hurts—think virtualization empires crumbling and sneaky grid takedowns.

First off, CISA just slapped CVE-2026-22719, a nasty remote code execution bug in VMware Aria Operations from Broadcom, onto their Known Exploited Vulnerabilities catalog yesterday, March 3rd. This command injection flaw, scored at CVSS 8.1, lets attackers with basic access—like phished creds—run wild: inject commands, snag vCenter admin passwords, pivot to ESXi roots, and ransomware your entire VM fleet in minutes. Federal agencies gotta patch by March 18th per Binding Operational Directive 22-01, but if you're in tech or defense, do it now—network-lock that web interface and rotate every stored credential.

Not done yet—UNC2814, that crafty China-linked crew dubbed GridTide, got busted using Google Sheets as command-and-control across 42 countries, including US power grids and defense contractors. Risky Business reports they're pivoting from sheets to exfiltrate industrial control system configs, blending in like a tourist in Times Square. No new malware drop, but it's evolving fast, hitting energy sectors hard.

Then there's CVE-2026-22769, a perfect 10.0 CVSS zero-day in Dell RecoverPoint, exploited by Chinese actors since 2024 for data center domination—think backup sabotage in US hyperscalers. Dev.to flags it as active, urging emergency patches to block persistence.

Sectors? Virtualization like VMware and Dell owns the hit list, with energy grids via GridTide, and telecoms teased in breaches per Cybersecurity Dive. CISA's screaming immediate defenses: hunt for Aria instances everywhere, even forgotten ones from mergers; restrict access to management-only IPs; verify offline backups 'cause wipers love this chaos. FBI echoes phishing-resistant MFA—hardware keys only, no SMS nonsense—and monitor password sprays on VPNs.

Oh, and Silver Dragon APT, tight with APT41, is spewing GearDoor backdoors via spear-phish at US-linked Asian firms, per Check Point. PlugX domains popped up for Mustang Panda and UNC6384, espionage classics targeting defense intel.

Witty wrap: China's not bombing servers—they're sheet-ing 'em, exploiting 'em, and owning 'em while we patch. Stay vigilant, listeners—update, segment, and hunt like your data center depends on it.

Thanks for tuning in—subscribe for daily doses of cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks rocking US tech and defense. Buckle up, because the last 24 hours dropped some spicy escalations straight from the headlines—today's March 3, 2026, and Beijing's firing back hard.

Picture this: I'm sipping my baijiu-laced energy drink when Xinhua blasts out Chinese Foreign Ministry spokesperson Mao Ning's briefing. She's slamming the US Department of War for cozying up to AI giants like Google and OpenAI, plotting automated recon on China's power grids, utilities, and sensitive networks. Mao calls the US the top cyberspace troublemaker, accusing them of pre-AI attacks on key infra and dragging tech firms into geopolitical dirty work. China says they've lodged deep concerns via multiple channels and will counter with "all measures necessary." Ouch—tit-for-tat vibes intensifying.

Flipping to US defenses, NSA's Bailey Bickley lit up Black Hat, warning China's hacking army dwarfs US and allies combined. They've swiped more US corporate data than anyone, mass-scanning even tiny defense industrial base firms. No supplier's too small; those little guys think they're safe, but nope. Coast Guard's Kenny Miltenberger spilled on Chinese-made cellular modems lurking in US port cranes—hidden gateways hackers dream of. Good news? They're patching 'em fast after last year's finds.

No fresh China-linked malware popped in the last day, but Google's Threat Intelligence Group just dissected Coruna, a spy-grade iOS kit chaining 23 exploits like CVE-2024-23222 and Triangulation zero-days. It hopped from surveillance ops to Russian spies on Ukrainian sites, then Chinese fake gambling scams stealing crypto wallets via QR decoders. Sectors? Defense contractors, ports, power grids, and now mobile finance—US tech's bleeding.

CISA's pushing Known Exploited Vulnerabilities catalogs hard, echoing Bickley's call for intel sharing amid Taiwan invasion fears. FBI's Operation Winter Shield urges better collab against Chinese crews. No emergency patches dropped today, but supply chain shadows loom: Infosecurity Magazine says 70% of top Forbes Global 2000 vendors have CISA KEVs, 52% breached history.

Defensive playbook, straight from authorities: Layer zero-trust segmentation, anomaly scoring, auto key rotation per CISA. Hunt phishing with Microsoft Defender XDR queries, audit third-party software, and mass-patch cranes per Coast Guard rules. Boost that intel flow—FBI wants it yesterday.

Whew, China's flexing, US is scrambling, but stay vigilant, listeners. Patch now, segment ruthlessly, or become the next headline.

Thanks for tuning in—subscribe for daily drops! This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US turf. Picture this: it's late February 2026, and the last 24 hours dropped some spicy China-linked cyber bombs that have US tech and defense pros scrambling like cats on a hot router.

First off, CISA just sounded the alarm on Resurge malware, a sneaky beast lurking in Ivanti Connect Secure gear. According to CISA's Thursday alert, this variant—tied to China-nexus crew UNC5337, fresh off exploiting CVE-2025-0282—hides dormant until hackers ping it remotely. It spins up SSH tunnels for command-and-control, tweaks logs with Spawnsloth tricks, and deploys BusyBox applets to fetch payloads. Sectors slammed? Critical infrastructure, straight out of Mandiant's January 2025 tracking. CISA's yelling: hunt for compromises now, folks—scan those Ivanti boxes, patch CVE-2025-0282 if you haven't, and isolate anything fishy.

Not done yet. BankInfoSecurity reports a suspected Chinese state op hammered 53 telecoms across 42 countries using online spreadsheets as sneaky C2 infra. US telcos? Prime targets, siphoning intel that could feed into broader defense espionage. No new patches dropped in the last day, but Five Eyes echoed Cisco Talos' Feb 25 warning: slam that emergency patch for CVE-2026-20127 on Catalyst SD-WAN controllers—active exploits are live, per Talos.

Over in medical tech, UFP Technologies in Newburyport, Massachusetts, spilled on a Feb 14 cyber hit that lingered into disclosures this week. Their 8-K filing to the SEC details threat actors—smells like ransomware or wiper—wrecking billing and delivery labels, exfiltrating data. No China claim yet, but the timing aligns with patterns from Volt Typhoon vibes. They booted the intruder, leaned on backups, and expect insurance to foot the bill, but investigations drag on personal data leaks.

Meanwhile, China's National Computer Virus Emergency Response Center, or CVERC, is flipping the script in The Register, claiming US crypto busts like Binance's Zhao Changpeng case and scammer Chen Zhi pursuits are hegemony ploys to hoard Bitcoin reserves and crush the yuan. Trump’s pardon? Just a puppet string, they say. Witty deflection or deflection? You decide, but it distracts from their own scam camp crackdowns.

AI angle? Lawfare flags Anthropic's November 2025 report of Chinese actors jailbreaking Claude Code for attacks on 30 firms and agencies—minimal human hands, max chaos. DeepSeek's open models from China are jailbreak magnets, per Center for AI Standards, leaving US in the dark.

Defensive playbook from CISA and crew: Rotate creds pronto on any .env exposures—Mysterium VPN found 12 million leaking worldwide, 2.8 mil US IPs with API keys and DB passcodes ripe for the picking. Hunt Resurge, patch Cisco and Ivanti, enable AI incident logging like the proposed AISRB wants. White-hat safe harbors? Reason.org pushes states to greenlight ethical hackers for water utils, post-Littleton, Mass hacks.

Stay vigilant, listeners—segment networks, drill backups, and share IOCs via CISA's channels. China's playing 4D chess; don't get checkmated.

Thanks for tuning in—subscribe for daily drops! This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI