Sign up to save your podcasts
Or
Share Digital Dragon Drama: Beijing's Cyber Circus Spins Espionage, Pentagon Bans, and Zero-Day Zingers!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Digital Dragon Drama: Beijing's Cyber Circus Spins Espionage, Pentagon Bans, and Zero-Day Zingers!
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert. Buckle up, because the past seven days have been a fireworks show of Beijing's cyber shenanigans—think stealthy browser bandits, Pentagon plug-pulling, and zero-days zipping like drones over the Taiwan Strait.
First off, Koi Security just dropped a bombshell on DarkSpectre, a China-linked campaign that's been lurking for seven years, snagging 8.8 million users on Chrome, Edge, and Firefox. ShadyPanda and GhostPoster extensions posed as legit tools but hijacked searches, stole corporate intel from Zoom, Teams, WebEx, and even Meet—perfect for espionage. C2 servers on Alibaba Cloud, ICP regs from Hubei province, and code laced with Chinese strings scream PRC. Researchers Tuval Admoni and Gal Hachamov call it "corporate espionage infrastructure," not petty fraud. Sectors hit? Video conferencing pros, e-commerce like JD.com and Taobao. Nasty new vector: trusted extensions quietly slurping meeting data for social engineering gold.
Over in D.C., President Trump inked a $900 billion defense bill banning China-based engineers from Pentagon cloud systems—straight response to ProPublica's exposé on Microsoft's "digital escorts." Those U.S. supervisors couldn't wrangle the whiz-kid coders from the mainland, risking hacks under China's data-grab laws. Defense Secretary Pete Hegseth blasted it on X: "Foreign engineers from China should NEVER access DoD systems." Rep. Elise Stefanik and Sen. Tom Cotton cheered the loophole slam, with mandatory briefings to Congress by June 2026. Microsoft? They're auditing and adjusting, but the Pentagon's probing for compromises.
Zero-days? China-nexus crews pounced on React2Shell (CVE-2025-55182) in Next.js and React apps, per AWS Security Blog—RondoDox botnet's deploying cryptominers and Mirai on 94,000 exposed assets, from U.S. tech to Chinese IoT like Linksys routers. Shadowserver Foundation's honeypots lit up. CISA added it to KEV; patch now or get pwned. Mustang Panda's planting ToneShell kernel rootkits in Windows, Anthropic spotted 'em exploiting AI for espionage mid-September, but scans spiked this week.
Defenses? CISA updated BRICKSTORM backdoor alerts—PRC actors tunneling into VMware vSphere and Windows for water utilities persistence. Ivanti EPMM zero-days let Chinese APTs own thousands of orgs, Dark Reading warns history repeats. Expert recs from Resecurity: hunt misconfigs on cloud giants, rotate creds, monitor for zlib leaks in MongoBleed (CVE-2025-14847)—CISA KEV again, U.S., China, EU tops exploited.
PLA's Justice Mission 2025 drills rehearse Multi-Domain Precision Warfare around Taiwan, testing Type 075 LHDs—Xi's eyeing U.S. reactions per Mick Ryan's Substack. Stay vigilant: segment networks, audit vendors, patch like your data depends on it—'cause it does.
Thanks for tuning in, listeners—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert. Buckle up, because the past seven days have been a fireworks show of Beijing's cyber shenanigans—think stealthy browser bandits, Pentagon plug-pulling, and zero-days zipping like drones over the Taiwan Strait.
First off, Koi Security just dropped a bombshell on DarkSpectre, a China-linked campaign that's been lurking for seven years, snagging 8.8 million users on Chrome, Edge, and Firefox. ShadyPanda and GhostPoster extensions posed as legit tools but hijacked searches, stole corporate intel from Zoom, Teams, WebEx, and even Meet—perfect for espionage. C2 servers on Alibaba Cloud, ICP regs from Hubei province, and code laced with Chinese strings scream PRC. Researchers Tuval Admoni and Gal Hachamov call it "corporate espionage infrastructure," not petty fraud. Sectors hit? Video conferencing pros, e-commerce like JD.com and Taobao. Nasty new vector: trusted extensions quietly slurping meeting data for social engineering gold.
Over in D.C., President Trump inked a $900 billion defense bill banning China-based engineers from Pentagon cloud systems—straight response to ProPublica's exposé on Microsoft's "digital escorts." Those U.S. supervisors couldn't wrangle the whiz-kid coders from the mainland, risking hacks under China's data-grab laws. Defense Secretary Pete Hegseth blasted it on X: "Foreign engineers from China should NEVER access DoD systems." Rep. Elise Stefanik and Sen. Tom Cotton cheered the loophole slam, with mandatory briefings to Congress by June 2026. Microsoft? They're auditing and adjusting, but the Pentagon's probing for compromises.
Zero-days? China-nexus crews pounced on React2Shell (CVE-2025-55182) in Next.js and React apps, per AWS Security Blog—RondoDox botnet's deploying cryptominers and Mirai on 94,000 exposed assets, from U.S. tech to Chinese IoT like Linksys routers. Shadowserver Foundation's honeypots lit up. CISA added it to KEV; patch now or get pwned. Mustang Panda's planting ToneShell kernel rootkits in Windows, Anthropic spotted 'em exploiting AI for espionage mid-September, but scans spiked this week.
Defenses? CISA updated BRICKSTORM backdoor alerts—PRC actors tunneling into VMware vSphere and Windows for water utilities persistence. Ivanti EPMM zero-days let Chinese APTs own thousands of orgs, Dark Reading warns history repeats. Expert recs from Resecurity: hunt misconfigs on cloud giants, rotate creds, monitor for zlib leaks in MongoBleed (CVE-2025-14847)—CISA KEV again, U.S., China, EU tops exploited.
PLA's Justice Mission 2025 drills rehearse Multi-Domain Precision Warfare around Taiwan, testing Type 075 LHDs—Xi's eyeing U.S. reactions per Mick Ryan's Substack. Stay vigilant: segment networks, audit vendors, patch like your data depends on it—'cause it does.
Thanks for tuning in, listeners—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert. Buckle up, because the past seven days have been a fireworks show of Beijing's cyber shenanigans—think stealthy browser bandits, Pentagon plug-pulling, and zero-days zipping like drones over the Taiwan Strait.
First off, Koi Security just dropped a bombshell on DarkSpectre, a China-linked campaign that's been lurking for seven years, snagging 8.8 million users on Chrome, Edge, and Firefox. ShadyPanda and GhostPoster extensions posed as legit tools but hijacked searches, stole corporate intel from Zoom, Teams, WebEx, and even Meet—perfect for espionage. C2 servers on Alibaba Cloud, ICP regs from Hubei province, and code laced with Chinese strings scream PRC. Researchers Tuval Admoni and Gal Hachamov call it "corporate espionage infrastructure," not petty fraud. Sectors hit? Video conferencing pros, e-commerce like JD.com and Taobao. Nasty new vector: trusted extensions quietly slurping meeting data for social engineering gold.
Over in D.C., President Trump inked a $900 billion defense bill banning China-based engineers from Pentagon cloud systems—straight response to ProPublica's exposé on Microsoft's "digital escorts." Those U.S. supervisors couldn't wrangle the whiz-kid coders from the mainland, risking hacks under China's data-grab laws. Defense Secretary Pete Hegseth blasted it on X: "Foreign engineers from China should NEVER access DoD systems." Rep. Elise Stefanik and Sen. Tom Cotton cheered the loophole slam, with mandatory briefings to Congress by June 2026. Microsoft? They're auditing and adjusting, but the Pentagon's probing for compromises.
Zero-days? China-nexus crews pounced on React2Shell (CVE-2025-55182) in Next.js and React apps, per AWS Security Blog—RondoDox botnet's deploying cryptominers and Mirai on 94,000 exposed assets, from U.S. tech to Chinese IoT like Linksys routers. Shadowserver Foundation's honeypots lit up. CISA added it to KEV; patch now or get pwned. Mustang Panda's planting ToneShell kernel rootkits in Windows, Anthropic spotted 'em exploiting AI for espionage mid-September, but scans spiked this week.
Defenses? CISA updated BRICKSTORM backdoor alerts—PRC actors tunneling into VMware vSphere and Windows for water utilities persistence. Ivanti EPMM zero-days let Chinese APTs own thousands of orgs, Dark Reading warns history repeats. Expert recs from Resecurity: hunt misconfigs on cloud giants, rotate creds, monitor for zlib leaks in MongoBleed (CVE-2025-14847)—CISA KEV again, U.S., China, EU tops exploited.
PLA's Justice Mission 2025 drills rehearse Multi-Domain Precision Warfare around Taiwan, testing Type 075 LHDs—Xi's eyeing U.S. reactions per Mick Ryan's Substack. Stay vigilant: segment networks, audit vendors, patch like your data depends on it—'cause it does.
Thanks for tuning in, listeners—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert. Buckle up, because the past seven days have been a fireworks show of Beijing's cyber shenanigans—think stealthy browser bandits, Pentagon plug-pulling, and zero-days zipping like drones over the Taiwan Strait.
First off, Koi Security just dropped a bombshell on DarkSpectre, a China-linked campaign that's been lurking for seven years, snagging 8.8 million users on Chrome, Edge, and Firefox. ShadyPanda and GhostPoster extensions posed as legit tools but hijacked searches, stole corporate intel from Zoom, Teams, WebEx, and even Meet—perfect for espionage. C2 servers on Alibaba Cloud, ICP regs from Hubei province, and code laced with Chinese strings scream PRC. Researchers Tuval Admoni and Gal Hachamov call it "corporate espionage infrastructure," not petty fraud. Sectors hit? Video conferencing pros, e-commerce like JD.com and Taobao. Nasty new vector: trusted extensions quietly slurping meeting data for social engineering gold.
Over in D.C., President Trump inked a $900 billion defense bill banning China-based engineers from Pentagon cloud systems—straight response to ProPublica's exposé on Microsoft's "digital escorts." Those U.S. supervisors couldn't wrangle the whiz-kid coders from the mainland, risking hacks under China's data-grab laws. Defense Secretary Pete Hegseth blasted it on X: "Foreign engineers from China should NEVER access DoD systems." Rep. Elise Stefanik and Sen. Tom Cotton cheered the loophole slam, with mandatory briefings to Congress by June 2026. Microsoft? They're auditing and adjusting, but the Pentagon's probing for compromises.
Zero-days? China-nexus crews pounced on React2Shell (CVE-2025-55182) in Next.js and React apps, per AWS Security Blog—RondoDox botnet's deploying cryptominers and Mirai on 94,000 exposed assets, from U.S. tech to Chinese IoT like Linksys routers. Shadowserver Foundation's honeypots lit up. CISA added it to KEV; patch now or get pwned. Mustang Panda's planting ToneShell kernel rootkits in Windows, Anthropic spotted 'em exploiting AI for espionage mid-September, but scans spiked this week.
Defenses? CISA updated BRICKSTORM backdoor alerts—PRC actors tunneling into VMware vSphere and Windows for water utilities persistence. Ivanti EPMM zero-days let Chinese APTs own thousands of orgs, Dark Reading warns history repeats. Expert recs from Resecurity: hunt misconfigs on cloud giants, rotate creds, monitor for zlib leaks in MongoBleed (CVE-2025-14847)—CISA KEV again, U.S., China, EU tops exploited.
PLA's Justice Mission 2025 drills rehearse Multi-Domain Precision Warfare around Taiwan, testing Type 075 LHDs—Xi's eyeing U.S. reactions per Mick Ryan's Substack. Stay vigilant: segment networks, audit vendors, patch like your data depends on it—'cause it does.
Thanks for tuning in, listeners—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI