This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here! You want the sizzle and the code—so let’s not waste a microsecond. This is China Hack Report: Daily US Tech Defense, bringing you the most critical action from the past 24 hours. Buckle up!

The headline you can’t miss is Microsoft’s SharePoint zero-day meltdown, freshly confirmed by their July 22 update. Chinese state-sponsored groups—specifically **Linen Typhoon** and **Violet Typhoon**, with guest star Storm-2603—have been on a SharePoint rampage all month, but hit peak madness this week. These groups have been exploiting a chain of vulnerabilities—CVEs 2025-49704, 49706, 53770, and 53771—using everything from malicious POST requests to the infamous `ToolPane.aspx` attack vector. And this is strictly an on-premises SharePoint party; SharePoint Online folks, you can exhale for now.

Who’s in the blast zone? High-value targets like the **U.S. National Nuclear Security Administration**, the **National Institutes of Health**, the **Education Department**, Florida’s Department of Revenue, and the always festive Rhode Island General Assembly. Even the Department of Homeland Security got caught in this cyber dragnet, leading to SharePoint outages that locked out entire teams at Defense Intelligence for hours. Eye Security estimates over **400 organizations** compromised in just the last week. If you run SharePoint Server Subscription Edition, 2019, or 2016, you are officially on the front lines.

Here’s the malware kicker: **Storm-2603 didn’t just steal keys—they dropped Warlock ransomware** directly onto government servers. If you thought ransomware was passé, Storm-2603 just updated the playbook. And it’s not just about data snatching. These threat actors are gunning for long-term persistence, laying down webshells, siphoning credentials, and pivoting through networks wide open thanks to unpatched boxes.

How did we get here? This all traces back to a wild revelation: According to a joint probe by ProPublica and Jack Burnham of FDD, Microsoft had been letting China-based engineers push code into DOD systems for years—under “digital escort” supervision that, frankly, couldn’t spot a buffer overflow if it showed up wearing a neon sign. Secretary Pete Hegseth just put a hard stop to this, ending all China involvement in Pentagon cloud services and forcing a two-week review of every other system with foreign developer fingerprints.

Now, what’s CISA saying? In classic superhero mode, CISA fired off emergency directives: **patch all affected SharePoint servers now**, isolate them from the public internet, turn on Antimalware Scan Interface in full mode, load up ToolShell-specific indicators into SIEM tools, and lock down every possible admin credential. Failure to do so is basically inviting Linen Typhoon to your next board meeting.

If you’re running SysAid, don’t relax—two actively exploited flaws (CVE-2025-2775 and 2776) are being hammered too, so patch those now, or risk easier lateral movement by attackers.

So, listeners: patch, isolate, harden, repeat. If your infosec team’s not sweating in a war room right now, maybe check to make sure they’re not part of the Typhoon.

Thanks for tuning in to my data-drenched dispatch. Don’t forget to subscribe and spread the word. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

It’s Ting here, your favorite cyber whisperer, reporting in: it’s July 23, 2025, and today’s China Hack Report is so packed, you might want to lock your digital doors and put a fresh pot of coffee on. The past 24 hours have been—let’s call it—eventful, thanks to a sweeping campaign tied to at least three elite Chinese state-backed hacking groups: Linen Typhoon, Violet Typhoon, and Storm-2603. Microsoft dropped the bombshell last night: these groups exploited not one, not two, but four zero-day vulnerabilities in Microsoft’s on-premise SharePoint servers, the backbone for everything from the National Nuclear Security Administration to state and local governments running their day-to-day on Redmond’s legacy. The two flagship vulnerabilities—CVE-2025-49706 and CVE-2025-49704, collectively known as “ToolShell”—allow attackers to bypass authentication and execute their payloads as if they had the keys to the SharePoint kingdom.

Over 400 government agencies and corporations are confirmed compromised, with the tally climbing each hour. Bloomberg and Shadowserver estimate more than 10,700 SharePoint servers are still exposed, and 1,100 of those are on U.S. state and federal networks. Microsoft scrambled out emergency patches on July 19, but the wolf’s already in the henhouse: according to Mandiant, at least one attacker is “China-nexus.” What’s worse, Chinese groups are using post-exploitation techniques, burrowing further into networks—think data theft, credential harvesting, and maybe persistence for future mischief.

Critical sectors under fire? Energy, including our nuclear design brain trust, government agencies at every level, even state legislatures and tax departments. Security researchers at Eye Security and Censys confirmed the first attacks began July 17, with follow-ups targeting known vulnerable installations. SentinelOne and CISA are calling it a prototype playbook for supply-chain style government compromise.

CISA isn’t sitting idle: their emergency directive requires federal agencies patch by midnight tonight or yank exposed SharePoint servers off the public internet. They’re urging everyone—including our lovely financial outfits and healthcare vendors—to install security updates, rotate your ASP.NET machine keys, fully enable AMSI (that’s the Antimalware Scan Interface), and until you’ve done all that, disconnect your SharePoint from the internet entirely. Monitor your logs for suspicious POST requests and watch for the Chinese actor-linked IP addresses—yeah, I see you 107.191.58.76!

And don’t think the cloud is safe just yet—though this zero-day didn't hit Microsoft 365, the fallout shows adversaries love riding on American software monoculture. Fox Business highlighted the risk of relying on China-based engineers for DOD systems. The Pentagon has launched its own review, and the FBI is coordinating internationally.

To sum it up: Patch fast. Audit everything. Get those defense playbooks ready, because as Microsoft put it, there’s “high confidence” these vulnerabilities will fuel more attacks if left unfixed. I’m Ting—thanks for tuning in. Subscribe if you want your digital life to outlast the next zero-day, and remember, this has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

Big cyber hello from Ting, your resident whisperer of all things China and hacking! Listeners, the last 24 hours have been a rollercoaster for US tech defense—I’m talking urgent DoD shakeups, a nasty SharePoint zero-day, and CISA ringing every alarm bell in DC and beyond.

Let’s jump straight to the day’s showstopper: a critical Microsoft SharePoint zero-day vulnerability, tagged as CVE-2025-53770, that’s shaking up both government and business sectors. This flaw lets attackers execute code remotely, so it’s like they can waltz right into your server and start changing the furniture—without even needing a key. The vulnerability’s roots? Deserialization of untrusted data. Say that three times fast, then say a little prayer for your on-prem SharePoint servers. The exploit chain is called ToolShell, and if your network still hasn’t gotten the memo, you’re already a step behind.

Eye Security spotted the first mass exploitation Friday evening, then unfolded a second wave Saturday morning with fresh IPs jumping in. By Sunday night, Microsoft publicly acknowledged what security pros were already scrambling over, and CISA issued an emergency alert demanding immediate defensive measures by today—July 21. Their advice: if you can, activate AMSI integration and Microsoft Defender Antivirus on every SharePoint box you have. If you can’t? Disconnect those servers from internet access right now, unless you want to be the next cautionary tale at a DEFCON talk. CISA’s urgency isn’t hype: at least two US federal agencies and over a thousand state and local government servers are in the crosshairs. Schools, higher ed, state websites—if it says .gov or .edu, assume it’s at risk. The Multi-State ISAC has been frantically notifying hundreds of organizations. All that, just as they’re facing federal funding cuts. Timing, right?

But the drama doesn’t stop with software holes. Pete Hegseth, the new Secretary of Defense, just dropped the hammer, ordering an immediate end to all China-based labor in Pentagon cloud services—yes, that includes Microsoft. This follows a ProPublica investigation that found Microsoft was letting Chinese engineers help patch sensitive DoD systems via US “digital escorts.” The catch? Those escorts sometimes lacked the technical chops to vet what they were entering, which raised fears they might unwittingly introduce vulnerabilities or even malicious code. It’s like letting someone assemble a jet engine while you read the manual in the next room—risky at best.

Microsoft, for their part, says no more China-based engineers on any Pentagon projects starting now. Hegseth has launched a lightning review to ensure no similar models lurk elsewhere in DoD or the cloud contractor ecosystem. This is a strong message and it’s pretty clear: if your supply chain touches China, clean it up or get out of the US defense business.

And in the wild cyber skies, China’s government isn’t dialing things down. State-sponsored campaigns are still scarfing up secrets, from the US to Taiwan, hitting everything from chipmakers to universities and beyond. The pattern is clear—blended tactics, living-off-the-land attacks, and a relentless hunger for industrial and military intel. Remember APT41? They’re expanding campaigns with new malware payloads and even abusing compromised SharePoint servers to act as command-and-control channels, making detection tough even for seasoned blue teams.

So, listeners, patch now, consult your supply chain like it’s a Tinder profile, and follow every CISA bulletin like gospel. Don’t get caught with your zero-days down.

Thanks for tuning in! Subscribe now for tomorrow’s scoop, because in cyber, if you’re not first—you’re probably breached. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here with your Daily US Tech Defense — and over the past 24 hours, it’s felt like the cyber equivalent of DEFCON 2. State-backed Chinese hacking crews are on a tear, targeting American interests from energy grids to government SharePoint servers, and even undersea internet cables. Buckle up — let’s break this blizzard of cyber action down.

Front and center: the big, bad **Microsoft SharePoint zero-day** — CVE-2025-53770. First mass exploitation wave? July 18. Then on July 19, Microsoft finally blew the whistle, and by July 20, CISA was waving red flags and issuing emergency alerts. This bug is a deserialization of untrusted data flaw that lets attackers run code — remotely — on any on-premises SharePoint Server, no password required. Basically, hackers can hijack a server and rummage through files, configurations, the works. According to CISOPlatform and HelpNetSecurity, over 85 organizations across the US and Europe got hit — including energy, education, and government agencies. Dutch firm Eye Security spotted at least 50 successful breaches, and US federal and state agencies got nailed. At least one eastern state government’s SharePoint was completely compromised.

Immediate action? CISA is not messing around. July 21 was the official drop-everything-and-patch deadline. Agencies are told to update to the latest SharePoint patches, crank up Anti-Malware Scan Interface integration, and deploy Microsoft Defender — those steps help block malicious code execution. This alert is in the Known Exploited Vulnerabilities Catalog, which is government code for “deal with this yesterday.”

Meanwhile, Kaspersky’s researchers just traced new malware from the infamous Chinese group **APT41** — these folks are practically cyber royalty. Their campaign in Africa used hacked SharePoint servers as covert communications nodes. The malware, written in C#, runs command-and-control from compromised SharePoint web shells like CommandHandler.aspx and spreads trojans through files like agents.exe. The payloads meticulously avoid Chinese and several East Asian computer languages, probably to dodge local scrutiny.

Now, get this: Microsoft announced they’re ending all use of China-based engineers to patch DOD systems. This after a ProPublica scoop revealed that US “escorts” (think: cyber chaperones) were relaying commands from China-based techs to apply patches to Pentagon clouds — potentially allowing Chinese engineers indirect access to America’s bleeding-edge secrets. Defense Secretary Pete Hegseth called it “obviously unacceptable” and ordered a sweep of every similar supply chain process. Expect other cloud providers like AWS and Oracle to come under new scrutiny.

As if that wasn’t spicy enough, the House Homeland Security and Foreign Affairs Committees are demanding Big Tech explain how Chinese state-backed companies are embedding themselves in the subsea cable supply chain. The FCC is on the verge of banning PRC tech from all undersea cable builds. This is about Beijing’s dual strategy — legally investing in cable projects while allegedly running sabotage operations at sea.

CISA keeps pounding the table: patch, monitor, and segment any exposed system, and expect phishing attacks leveraging the SharePoint bug. The Multi-State ISAC, which warns local governments, reported over 1,100 at-risk servers at US city halls and schools. And remember, MS-ISAC just took budget cuts, so local governments are more exposed than ever.

That wraps your whirlwind sprint through the latest China-linked cyber assaults. Ting signing off — thanks for tuning in! Be sure to subscribe for more and protect your data like you protect your dignity on a Zoom call. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

Welcome, tech warriors and cyber-enthusiasts! Ting here, your daily source for all things China and cyber, slicing through the digital fog with just the right mix of expertise and caffeine. Let’s not waste a byte—here’s what’s shaking in the past 24 hours on the China Hack Report: Daily US Tech Defense.

First up, we’re deep within what Dakota Cary of SentinelOne dramatically calls China’s “golden age of hacking.” According to security firm CrowdStrike, incidents attributed to Chinese government actors targeting US agencies and infrastructure have absolutely exploded—more than doubling from 2023, and still climbing. These ops aren’t just the typical smash-and-grab. Chinese cyber teams, including the notorious Silk Typhoon and Salt Typhoon crews, have gotten craftier, burrowing into systems and embedding themselves like particularly troublesome software ticks. What’s changed? Beijing has unleashed private industry to join the offensive, meaning hackers aren’t just government employees anymore—they come from a fast-expanding cyber sector intent on scoring big against US interests.

Yesterday brought another wake-up call: CISA hit the red button over CitrixBleed 2, tracked as CVE-2025-5777. This vulnerability in NetScaler gateway devices lets attackers swipe sensitive data, and CISA did not mince words; they gave federal civilian agencies just *one day* to patch, an almost unheard-of move. If you’re listening from any org using Citrix, check your status and scan for indicators of compromise—waiting is not an option. And, as bad as that sounds, it pairs nicely with CISA’s concurrent warning about a critical, still-unpatched train brake vulnerability (CVE-2025-1727), which, if exploited, could hand an attacker train-stopping powers over ICS environments.

It gets wilder: Salt Typhoon just got caught camping in a US Army National Guard unit’s network for nine months starting March 2024. According to Department of Defense reports, these intruders stole network configs, admin credentials, and intercepted communications—a potential windfall for Chinese planners tracking US Guard deployments and cyber defense posture. Elsewhere, Salt Typhoon’s ongoing campaign targeting edge devices at major telecoms—including Comcast—remains a serious risk, with attackers worming through routers and switches to use them as launchpads for broader intrusions.

Chip geeks, don’t tune out—Proofpoint researchers have detailed a fresh surge in China-linked spear-phishing and malware attacks aiming at Taiwan’s semiconductor giants and US investment analysts with a focus on advanced chipmaking. At least three new groups—UNK_FistBump, UNK_DropPitch, UNK_SparkyCarp—plus the persistent UNK_ColtCentury, are dropping custom malware and remote access trojans, often hidden in what look like job-seeker emails from legit university addresses. Analysts at a major US-headquartered international bank were even swept up in the campaign, all as part of Beijing’s grand ambitions to catch up—and maybe leapfrog—on chip tech.

For immediate action, CISA and the FBI stress: patch now, especially Citrix and any ICS devices, monitor for unusual account activity (think new “legit” collaboration accounts suddenly sprouting), and double down on endpoint detection. If your org has any connections to telecom, semiconductor supply chains, or defense, escalate your threat monitoring—these campaigns are highly targeted and patient.

That’s it for today’s digital drama from the frontlines. Thanks for tuning in. Don’t forget to subscribe so you never miss a byte, and stay one step ahead of the hackers targeting America’s most vital systems. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, and it is July 16, 2025. You’re tuned in to your daily China Hack Report: US Tech Defense. Let’s cut through the noise and drop right into today’s cyber battleground—because wow, it’s been a wild 24 hours.

First, the headline hit: Chinese state-backed hacking collective Salt Typhoon just notched its boldest strike yet, compromising a US Army National Guard network for nine whole months. According to a Department of Defense leak, these folks didn’t just peek around—they made off with network configurations, admin credentials, and communications spanning every state and at least four US territories. Imagine a locksmith swiping the master blueprint and all the keys—that’s what Salt Typhoon achieved, potentially setting up a daisy-chain of follow-on attacks against more US government and critical infrastructure orgs. And get this: the stolen haul included the personal info and work locations of state security personnel, literally painting a target on our frontline cyber defenders. With National Guard cyber teams plugging directly into critical threat intelligence centers in 14 states, this breach isn’t just a bad day at the office. The risk is US infrastructure defense going soft precisely when the alarms are blaring hardest—from water and power to transport and comms systems.

How’d they pull off this heist? Salt Typhoon hammered old vulnerabilities in Cisco and Palo Alto Networks edge devices. We’re talking CVEs as ancient as 2018—so if you still haven’t patched CVE-2018-0171, CVE-2023-20198, CVE-2024-3400, or cousins, it is DEFCON 1 patch time, folks. Salt Typhoon’s been rotating IPs and targeting both US and Canadian telecoms to hijack data and map out backdoors into wiretap systems. Chasing credentials and network diagrams, these hackers are basically buying the hacking equivalent of GPS, maps, and local guides—just with your admin roots instead of hiking boots.

While Salt Typhoon’s got the spotlight, let’s not ignore China’s Volt Typhoon, who made a failed play at US critical infrastructure, particularly aiming at Guam. NSA’s Kristin Walter says their party got busted early, so call one for blue team, but it’s a grim reminder of Beijing’s “pre-position and wait” cyberwar playbook. Coupled with the ongoing spike in DDoS attacks—2025’s first half has already outstripped 2024, says CyberHub Podcast—security teams should brace for more high-volume, multi-pronged headaches.

In the malware alert lane, this week’s standout is HazyBeacon—this little stinger uses DLL side-loading and AWS Lambda URLs to blend into cloud traffic, evade detection, and exfiltrate sensitive policy docs. While its main targets so far are Southeast Asian governments, the techniques are so cloud-resilient, US orgs should absolutely be on their toes.

Now, what’s the response cycle? CISA and partners have a crisp punch list: Patch Chrome immediately for CVE-2025-6554, segment those edge devices, audit all remote access, and double-check developer and supply chain dependencies. Telecom shops—log review is your new bedtime ritual, in case Salt Typhoon left something funky behind. And seriously, test those DDoS defenses, even on a lazy Sunday.

That’s your China-linked cyber threat rundown for July 16. Patch up, stay sharp, and keep the popcorn handy—because this show is nowhere near intermission. Thanks for tuning in, be sure to subscribe, and we’ll be back with your daily cyber sitcom tomorrow. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your friendly cyber sentry with the China Hack Report: Daily US Tech Defense for July 14, 2025. Buckle up, because the past 24 hours in cyberland were anything but dull.

Let’s dive right into the breach—literally. The most explosive headline of the day: Italian authorities just nabbed a key Chinese hacker in Milan, directly linked to the Silk Typhoon campaign. This isn’t your everyday keyboard cowboy; US officials say this individual orchestrated advanced cyber espionage targeting critical US infrastructure and financial networks. According to CPOMagazine and China Hack Report, the Silk Typhoon group has specialized in ultra-stealthy network infiltration—think backdoors buried two code layers deep and credential theft so slick you’d swear your own shadow wrote the script.

Speaking of sneaky, CISA and the FBI together unleashed a fresh advisory this morning after Salt Typhoon and PurpleHaze, two notorious China-linked APT groups, ramped up attacks on US telecom backbones and state government servers. Emergency patches for major switching equipment and domain controllers were dropped overnight; CISA’s top two recommendations: patch fast, segment your networks, and lock down any exposed RDP endpoints. CISA analysts stress, “If you’re not patched by midnight, you’re a sitting duck—period.”

On the malware front, the RedPacket Security threat feed lit up last night with fresh Cobalt Strike beacon activity from a Tencent-owned cloud server out of Nanjing. This beacon infrastructure is now being actively blocked by US ISPs, but not before reports of lateral movement in the networks of at least two Fortune 500s. CISOs, now is not the time for desk yoga—hunt for persistence, sweep for beacons, and kill any unrecognized lateral traffic.

Let’s not forget that the US Senate is pressing the Defense Department to draft a hardline response to Volt Typhoon and Salt Typhoon. In a session yesterday, Katie Sutton, nominated as DoD’s top cyber policy official, stated her mission is “deterrence with teeth”—meaning more budget for offense but with criticism that cuts to CISA might leave hospitals and small towns dangerously exposed, as noted by Senator Wyden and TechCrunch.

Also worth noting: a deepfake incident involving Secretary Marco Rubio triggered a global security alert this week, as AI-generated voice and video attacks are now firmly part of China’s cyber playbook. The State Department is rushing to deploy authentication protocols, but the warning is clear—trust, but verify, then verify again.

Wrap up: Top action items—apply those patches, hunt for Cobalt Strike, watch for AI voice phishing, and segment your networks now. Thanks for tuning in to China Hack Report: Daily US Tech Defense. Don’t forget to subscribe, keep your systems tight, and your coffee stronger. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here with your China Hack Report: Daily US Tech Defense for July 13th, 2025. No time for banter—let’s plug straight into the matrix because the cyber wires have been electric in the last 24 hours.

First, the big headline: Italian police nabbed Zewei Xu, a 33-year-old Chinese national, at Milan’s Malpensa Airport on a US warrant. Xu’s not your average tourist, unless you count silk and typhoons as travel bags. He’s tied to the Silk Typhoon hacking group, also known as Hafnium, which the FBI suspects of targeting everything from COVID-19 vaccine research at the University of Texas to thousands of email accounts in a mass phishing blitz. His group reportedly vacuumed up sensitive US government and intellectual property data. US officials say Xu could spend decades behind bars if extradited. The arrest flashes a giant warning sign to international and state-backed hackers: you can run global, but you can’t hide forever thanks to international teamwork.

Now, malware watch. The last day saw researchers spot infostealers hitching a ride on the leaked Shellter red teaming tool. Elastic Security Labs highlighted several malware campaigns capitalizing on this leak—so if your pen-testing kit is acting funny, check for unwanted stowaways. On the supply chain front, evidence emerged of malware sneaking into a popular GravityForms plugin, raising red flags for anyone running business forms or customer portals. Stay sharp—these aren’t theoretical threats.

In terms of sector targeting, the legal field took a direct hit: suspected Chinese hackers broke into email accounts at a powerful DC law firm, targeting attorneys and advisers. Law firms hold goldmines of sensitive data, so every incident like this is a reminder to double—and triple—lock your digital front door.

Critical infrastructure, always a cyber bullseye, just dodged—or maybe stepped on—a decades-old bullet. CISA released a public advisory after a 13-year-old vulnerability in the End-of-Train (EoT) modules used in US trains finally got attention. Turns out, with less than $500 in hardware, anyone could have manipulated braking systems on freight trains coast-to-coast. US rail operators have dragged their feet for over a decade, but with CISA’s spotlight, fixes are inching forward—safety can’t be an afterthought.

And if you run any of the following: Citrix NetScaler ADC/Gateway, Multi-Router Looking Glass, PHPMailer, Ruby on Rails, Synacor Zimbra, or Google Chromium, CISA just shoved these flaws into its Known Exploited Vulnerabilities catalog. The marching orders: patch now, don’t procrastinate, especially for CitrixBleed 2 and Google Chromium’s V8 flaw. Microsoft’s July Patch Tuesday also squashed 130 bugs, including an SQL Server zero-day. If your IT team’s still sipping their matcha, tell them to hit update.

CISA’s latest advisory on cloud systems reminds us: the attack surface is exploding. More connections, more vulnerabilities, and, yes, more opportunities for Chinese-linked APTs to sneak in via cloud misconfigurations or outdated dependencies. Don’t assume your vendor’s got your back—verify, audit, and patch.

That’s a wrap for this charged-up edition. Thanks for tuning in to China Hack Report. Don’t forget to subscribe for daily defenses—this has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

Welcome back, cyber sleuths, it’s Ting with your China Hack Report: Daily US Tech Defense, coming to you with everything you need to know about the last 24 hours in the Sino-cyber showdown. Let’s plug right in—no reboot required.

If you thought the *Volt Typhoon* saga was old news, think again. According to the Senate Armed Services Committee, China’s not just peeking into US defense and port networks anymore—they’re embedding themselves, especially in maritime environments like Guam. Their goal? To poke holes in American military mobilization if tensions over Taiwan escalate. Officials say this is "one of the largest cyber espionage campaigns against America" and what really has everyone’s hair on fire is China’s shift from just stealing secrets to putting US critical infrastructure at risk. The new twist? Salt Typhoon—yes, the names sound like rejected Pokémon—has also slithered into telecom and other sectors for good old-fashioned espionage, showing Beijing’s appetite for both sabotage and industrial secrets. And don’t forget, the big brains at DoD are being pushed to finally develop a real deterrence strategy, since China’s hacking crews apparently don’t fear the US in cyberspace.

Speaking of telecom, the National Security Agency is investigating fresh China-linked cyberattacks against AT&T, Lumen, and Verizon. NSA Director Timothy Haugh warns that these probes threaten to compromise US wiretap systems themselves, meaning if China cracks this, they’d have a front-row seat to national security communications. He calls it “the greatest challenge of our time”—not just because of scale, but because China’s cyber workforce is, get this, fifty times bigger than the FBI’s. General Haugh is rallying for a “whole of nation response”—translation: government, industry, and academia need to team up now, or say goodbye to data privacy.

Let’s talk shiny new vulnerabilities. CISA just added the Citrix NetScaler CVE-2025-5777 to its Known Exploited Vulnerabilities catalog. This bad boy, dubbed “Citrix Bleed 2,” lets attackers sidestep authentication on Citrix appliances used for VPNs and remote access. Attacks have already kicked off, with IP addresses traced to China, Bulgaria, and the US, targeting crucial American infrastructure and enterprises. If you’re running Citrix NetScaler, CISA’s emergency guidance is to patch immediately—by the end of today. Don’t wait to be the next headline.

Now for the supply chain: Ingram Micro, the global IT distribution giant, is back online after a ransomware attack earlier this week. Fast containment, offline systems, law enforcement notified—the whole playbook. Operations are restored, but the probe into what was accessed or stolen is still ongoing. The event underlines how Chinese or China-backed actors aren’t just zeroing in on defense—they’re after the arteries of commerce and tech supply.

The feds aren’t ignoring agriculture either. The USDA unveiled a new National Farm Security Action Plan to block China from hacking, or even buying, US farmland. The plan strengthens land purchase regulation and boosts cybersecurity across the food supply chain, linking arms with private industry and universities to build what they’re calling an “agro defense workforce.” Because let’s face it, nobody wants Beijing holding the keys to America’s breadbasket.

Alright listeners, that’s the top China hacking drama from the last 24 hours—new exploits, new sectors targeted, and new urgency from the Pentagon and CISA to defend US interests. Update, patch, and partner up, because the dragon in cyberspace isn’t slowing down. Thanks for tuning in to China Hack Report: Daily US Tech Defense. Remember to subscribe, keep those patches up to date, and stay one step ahead of the cyber storm.

This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here with your China Hack Report: Daily US Tech Defense for July 9, 2025, and if you were hoping for a quiet cyber day, well, buckle up. Let's jump right in—no preamble, just pure cyber action.

The headline everyone’s buzzing about is the international arrest of Xu Zewei, the 33-year-old Chinese national grabbed by Italian police at Milan’s Malpensa Airport on July 3. According to the Justice Department, Xu is no script kiddie—he’s accused of being a key operator for the Silk Typhoon group, a state-sponsored hacking crew also tracked as Hafnium and UNC5221. The allegations? Everything from spearheading the infamous COVID-19 research heists at American universities like the University of Texas Medical Branch, to kicking off the massive global Microsoft Exchange Server exploit spree back in 2021, targeting over 60,000 entities worldwide. The FBI says Xu and his partner in cybercrime, Zhang Yu (still at large), worked under direct orders from China’s Ministry of State Security, specifically the Shanghai State Security Bureau. Xu’s day job was supposedly IT manager at Shanghai Powerock Network Co. Ltd.—for Beijing, that translates as “please hack the world”[1][3][5][6][8][9].

But wait, there’s more—last night, CISA fired off an emergency directive after a batch of vulnerabilities popped up in Chinese-made solar inverters installed all across the U.S. Midwest. Turns out, these aren’t just converting sunlight—they’re embedded with rogue communication devices that could let Beijing punch straight through American firewalls. CISA didn’t mince words: segment your networks immediately if you’re using anything from flagged OEMs like Hangzhou Digital, deploy every hotfix, and lock down your logs[4].

Meanwhile, the FBI is tag-teaming with CISA on a joint warning urging the whole country—from energy and telecom to financial giants—to audit for compromise indicators. If you’ve got Hangzhou Digital hardware or anything remotely linked to suspicious supply chains, now’s the time to update, isolate, and threat hunt. The joint directive’s mantra: “Patch, isolate, monitor.” It’s not just about stopping cyber spies; it’s about keeping the lights on and the markets running[4].

Capitol Hill isn’t just watching—they’re acting. Chairman John Moolenaar is reviving bills to fortify cyber resilience against state-sponsored threats. Congressional hearings this week highlighted Chinese APTs leaning into AI-driven spear phishing and deepfake lures that would make a catfish blush. The goal: not just surveillance, but infiltration and eventual control of critical U.S. systems, especially in defense and infrastructure.

So here’s your Ting-approved action checklist for the next 24 hours: patch all critical vulnerabilities, hunt for strange lateral movement, update every threat feed, and for the love of packets, audit your supply chains for sneaky backdoors. The Silk Typhoon and its APT siblings are getting brazen—don’t let your network be their next trophy.

Thanks for tuning in to China Hack Report. Don’t forget to subscribe, and stay one step ahead of those cyber typhoons. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta