This is your Red Alert: China's Daily Cyber Moves podcast.

I’m Ting, and listeners, we’re jumping straight into Red Alert mode on China’s latest cyber moves against the United States.

Over the past seventy-two hours, US analysts watching groups like Volt Typhoon and APT41 say they’ve seen a clear shift: instead of noisy smash-and-grab ransomware, Chinese operators are leaning into quiet, live-off-the-land techniques inside critical infrastructure networks, especially power, ports, and telecom. Security researchers comparing it to Taiwan’s experience note that Taiwan’s National Security Bureau recently reported millions of intrusion attempts per day on its grids and hospitals, and the same playbook is now pointed at US systems, just with better OPSEC and more automation.

According to incident responders tracking managed detection logs, the timeline goes something like this: late Friday night, probes spike against exposed Fortinet and VPN endpoints, riding on the chaos after a leak of tens of thousands of firewall credentials reported by Help Net Security. A few hours later, defenders see suspicious PowerShell and WMI activity inside several mid‑size US utilities and logistics firms, suggesting the perimeter has already been breached and the attackers are pivoting laterally. By Saturday afternoon, Splunk Enterprise servers start getting hammered with exploits for a newly disclosed remote code execution bug, letting intruders potentially erase logs right as they move. That is the digital equivalent of cutting the CCTV feed before walking into the vault.

By Sunday, threat intel teams are correlating infrastructure: overlapping command‑and‑control servers, domain patterns, and tooling consistent with long‑running Chinese campaigns aimed at pre‑positioning inside operational technology—think SCADA controllers for water, electricity, and pipeline compression stations. According to analysts who brief CISA and the FBI, that triggers internal “elevated posture” alerts: not public panic, but a clear message to operators that what we’re seeing is not random crimeware, it is strategic access development.

So what are the active threats right now? First, credential replay and MFA fatigue against any remote access stack you left half‑hardened. Second, supply‑chain abuse: compromised IT management tools being used as trusted carriers into US state and local government networks. Third, data‑centric recon: long, slow exfiltration of network diagrams and incident response runbooks, so Chinese planners know exactly how we’d react in a crisis.

Defensive actions listeners should be taking today: rotate any credentials tied to Fortinet or similar gear, enforce phishing‑resistant MFA, lock down Splunk and other logging platforms, and verify that your critical infrastructure networks are segmented and can run in “island mode” if you have to cut remote access. Pull your CISA Known Exploited Vulnerabilities list and treat anything on it as on fire. Assume your logs might already be poisoned, and cross‑check with endpoint telemetry.

Potential escalation? If tensions rise over Taiwan or the South China Sea, those quietly seeded accesses could shift from recon to disruption: localized power outages, delayed port operations, or selective degradation of emergency communications. Not full blackout, more like a dimmer switch that sends a political message.

Listeners, stay patched, stay paranoid, and stay curious. Thanks for tuning in, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

Name’s Ting. Let’s jack straight into today’s Chinese cyber moves, because the traffic going across the wire right now is anything but quiet.

According to the latest joint alerts from CISA and the FBI, China‑nexus operators are still leaning hard on one favorite trick: hijacking the edge of American networks. They’re riding on home and small‑office routers, plus random smart devices, to hide command‑and‑control traffic and pivot into real targets. International cyber agencies warn that these routers and IoT boxes are being turned into disposable proxies, letting the attackers hit US government, defense contractors, and critical infrastructure while looking like ordinary Comcast or Verizon subscribers.

Roll back the tape forty‑eight hours. Late Friday night, US telecom and cloud providers started seeing odd east‑to‑west traffic patterns: long‑lived encrypted sessions from residential IPs into remote‑management ports on enterprise gear, then quick bursts into identity providers and VPN concentrators. That is classic China‑linked tradecraft: compromise something cheap and unmonitored, then bounce into the crown jewels.

By early Saturday, multiple managed security operations centers were flagging clusters of failed logins against identity platforms like Okta‑style SSO and legacy on‑prem Active Directory, followed by perfectly timed successful logins using valid credentials from “impossible travel” locations. That strongly suggests credential harvesting and replay, likely from earlier phishing or infostealer infections that have now been operationalized at scale.

Today’s most critical activity is the quiet probing of operational technology in US critical infrastructure. Power utilities, regional water authorities, and telecom backbone providers are seeing very low‑and‑slow scanning of industrial control interfaces, plus attempts to drop remote‑access tools that look like normal administrative utilities. The goal isn’t smash‑and‑grab ransomware; it’s persistence. Think Volt Typhoon‑style pre‑positioning: get in, stay dark, wait for a geopolitical crisis, then pull the ripcord.

Emergency guidance flowing from CISA and FBI to US defenders is blunt: patch and, more importantly, segment. Lock down router admin panels, turn off universal plug‑and‑play, rotate VPN and domain admin credentials, enforce phishing‑resistant multifactor authentication, and hunt for unusual outbound connections from devices that “never talk to the internet,” like badge controllers and building‑management systems. If you run a security operations center, today is a “turn on full packet capture, crank up anomaly detection, and check every new scheduled task and service” kind of day.

Potential escalation? If tensions spike over Taiwan or the South China Sea, expect these footholds inside US logistics, ports, and energy grids to pivot from passive spying to active disruption: delayed fuel shipments, scrambled rail schedules, localized blackouts, emergency services comms suddenly flaky when they’re needed most. The scary part is that most of that action will just look like “network trouble” until someone correlates it to the implants quietly planted this week.

I’m Ting, and if your router still has the default password, you’re basically offering free hosting to a PLA hacker. Thanks for tuning in, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

Hey listeners, Ting here, your sarcastic tour guide to China’s cyber underworld. Let’s dive straight into today’s red-alert board.

Over the past few days, U.S. defenders have been tracking a tightening pattern: Chinese state-backed crews shifting from noisy phishing toward quiet exploitation of fresh vulnerabilities in edge devices and VPNs. Gopher Security’s 2026 trend brief notes that vulnerability exploits have now overtaken phishing as the top intrusion method, with attackers weaponizing new bugs within hours of disclosure. That’s exactly the tempo we’re seeing from China-nexus operators hitting U.S. cloud, telecom, and managed service providers.

According to a recent TechJack Solutions intel review, China and North Korea together drove more than half of state-backed intrusions in the 2025–2026 wave, with China-focused teams zeroing in on AI models, chip designs, and software supply chains. Think of it as Beijing’s “download your innovation, no subscription required” program.

On the law enforcement side, the FBI and Google have been quietly ripping down thousands of fake sites tied to a Chinese phishing-as-a-service outfit dubbed Outsider Enterprise, which has been using U.S.-hosted domains to skim credentials and credit cards. That’s your low-end crimeware feeding logins straight into higher-end espionage.

Now, zoom in on operations that keep CISA and the FBI reaching for the siren. Cybersecurity Dive and others have been revisiting the Volt Typhoon case: a China-linked group that buried itself into U.S. critical infrastructure—power, telecom, and water—in what looks like long-term prepositioning for disruption. Think sleeper cells in routers and ICS gateways, waiting for a geopolitical green light.

Today’s live risk picture for U.S. targets looks like this:

First, rapid exploitation of newly announced vulnerabilities in perimeter gear and virtualization platforms—ideal for broad access into corporate and government networks.

Second, ongoing credential theft from services impersonating Microsoft 365, Google Workspace, and popular developer tools, partly fueled by operations like Outsider Enterprise.

Third, stealthy persistence in critical infrastructure, with activity patterned after Volt Typhoon: living off the land, blending into normal admin traffic, and avoiding malware that would trigger basic antivirus.

CISA and the FBI have been hammering out the same emergency playbook in recent joint advisories: mandate multi-factor authentication everywhere, lock down remote management, enable full logging, push rapid patching of internet-facing systems, and segment operational technology from IT so a compromised helpdesk account can’t flip a breaker in Ohio.

Now for the escalation scenarios I don’t love talking about. If tensions spike over Taiwan or the South China Sea, expect China’s operators to move from recon to disruption: selective power outages, telecom instability in coastal states, or targeted hits on logistics hubs and ports to slow troop or supply movements without firing a shot. In a worst-case spiral, they combine that with AI-powered influence ops—deepfakes, synthetic news, and spam networks like the long-running Spamouflage operation—to cloud attribution and slow U.S. decision-making just when clarity matters most.

So if you’re running security for a U.S. org today, treat Chinese state-linked intrusion as “already in progress.” Hunt for odd admin behavior, close exposed services, and assume your shiny AI crown jewels are at the top of someone’s task list in Beijing.

Thanks for tuning in, listeners, and don’t forget to subscribe so Ting can keep you one step ahead of the next exploit drop. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

Name’s Ting, your friendly neighborhood China-and-cyber nerd, and we’re jumping straight into today’s Red Alert on Chinese cyber moves against US targets.

Over the past 72 hours, US government and industry sensors have lit up around one core pattern: Chinese state-backed groups quietly pivoting from noisy espionage to stealthy pre-positioning inside critical infrastructure. Think power grids, regional ISPs, and managed service providers that small US cities depend on. Cyber threat reports from firms like Mandiant and CrowdStrike have been flagging this trend for months, but in the latest telemetry, those probes have accelerated against US energy, telecom, and transportation networks.

On the timeline, it starts with what looks like routine scanning from infrastructure long linked to actors like Volt Typhoon and APT41, hitting VPN gateways and forgotten Citrix and F5 appliances in US networks. A few hours later, analysts at major US ISPs see tailored exploits, not just generic scans: living-off-the-land tools, abuse of PowerShell, and hands-on-keyboard activity in corporate and municipal environments that still haven’t fully patched older edge devices.

CISA and the FBI, following the pattern they used in earlier Volt Typhoon advisories, have pushed fresh warnings to network operators through their joint cyber portals and sector-specific information sharing groups. The message: treat any odd authentication activity on remote management systems as if it’s a live intrusion, not a glitch. They are urging admins to lock down local admin accounts, enforce phishing-resistant multi-factor authentication, and systematically hunt for suspicious scheduled tasks and remote management beacons inside OT-adjacent networks.

At the same time, analysts tracking Chinese information operations, such as those described by GCHQ and Microsoft in prior reports, are seeing bots and inauthentic accounts boosting narratives that “US critical infrastructure is unreliable” and hinting at blackouts and transit failures. That pairing of cyber access plus psychological shaping is straight out of the modern playbook: get into the grid, then shape the story when something breaks.

The escalation scenarios on everyone’s mind fall into three buckets. First, quiet persistence: Chinese operators sit inside US networks for months, gathering credentials and network maps. Second, coercive signaling: limited disruption to a regional telecom or port authority during a political crisis, just enough to prove a point. Third, full-on contingency: in a high-intensity conflict over Taiwan or the South China Sea, those pre-positioned accesses get used to disrupt logistics, power, and communications at scale inside the United States.

For defenders listening right now, the required actions are not glamorous but critical: patch exposed edge devices, rotate high-value credentials, segment OT from IT wherever possible, and enable full logging on identity systems so you can actually see lateral movement when it starts. Treat every unmanaged remote access tool as suspect until proven otherwise, and rehearse your incident response playbooks like it’s game day, because for some sectors, it already is.

Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next briefing. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

Name’s Ting. Let’s jack straight into today’s Red Alert on China’s daily cyber moves against the United States.

Over the past 72 hours, US cyber teams have been chasing what analysts at NeurACybIntel describe as a “massive supply‑chain ripple,” tied to a campaign compromising more than 1,500 Arch Linux AUR packages with a Rust infostealer and an eBPF rootkit. While the public write‑up links this to the ShinyHunters data‑extortion crew, several US threat intel shops are quietly flagging strong overlap with China‑linked tradecraft: living‑off‑the‑land binaries, stealthy kernel‑level hooks, and exfil paths that love US government contractors and defense‑adjacent startups.

Timeline it with me, listeners.

Late Friday night, East Coast time: multiple managed security providers see weird beaconing from freshly updated Linux servers inside a US telecom and a mid‑size aerospace supplier. The common denominator is “totally normal” dev packages pulled from Arch’s AUR, now laced with that Rust infostealer.

By Saturday afternoon, CISA’s watch floor starts correlating telemetry from federal civilian agencies. Nothing burned down yet, but there are enough suspicious connections to overseas VPS infrastructure historically used by Chinese groups like Volt Typhoon and APT41 that the FBI’s Cyber Division spins up an emergency task group with CISA and NSA.

Sunday, an internal CISA bulletin – the kind that usually turns into a public advisory a day later – urges all federal and critical‑infrastructure partners running Arch or derivative distros to freeze AUR updates, validate package integrity, and hunt for unauthorized eBPF programs and unusual kernel modules. The memo specifically warns that this looks less like smash‑and‑grab ransomware and more like long‑term access prep, exactly the style the US has previously attributed to China‑backed operators in critical infrastructure.

In parallel, a Cyber Security Update clip on Instagram from June 14 notes that China‑linked actors are maintaining long‑term Linux backdoors and experimenting with “AgentJacking” attacks that trick AI coding agents into executing malicious instructions. That lines up uncomfortably well with a supply‑chain play: compromise the tools, own the build, then let automated assistants faithfully ship your malware everywhere.

So what’s the active threat right now? If you’re in US telecoms, energy, defense manufacturing, cloud hosting, or you’re a contractor touching any of those, assume hostile reconnaissance at minimum. Think credential theft, network mapping, and implant staging, not big loud encryption events.

Required defensive actions, Ting‑style: lock down software supply chains; pin and verify packages; aggressively monitor for odd eBPF activity; segment your management networks; and enable high‑fidelity logging to catch exfil over “normal‑looking” HTTPS. And if CISA and FBI drop a joint advisory in the next day, treat every indicator as radioactive, even if it “doesn’t quite fit your environment.”

Potential escalation? If these footholds are confirmed inside major US critical infrastructure, you could see Washington publicly call out China, push new sanctions, and quietly authorize more forward‑leaning cyber counter‑operations. On the technical side, expect faster, more automated Chinese campaigns that weaponize AI tools themselves, making tomorrow’s attacks look like today’s, just running at 10x speed.

I’m Ting, thanks for tuning in, listeners. Stay patched, stay paranoid, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

Ting here, your slightly overcaffeinated guide to China, cyber, and all the ways your packets are getting profiled in real time.

Let’s jump straight into the last few days of Red Alert: China’s daily cyber moves against US targets.

First, timeline. Late Wednesday night US East Coast time, analysts at multiple threat intel shops started flagging a fresh wave of spear‑phishing hitting US defense contractors and energy utilities, using lures tied to recent G7 discussions on China policy and Indo‑Pacific security. According to analysts at Recorded Future and Mandiant, the tradecraft lined up with the Chinese state‑backed group often called APT31 or Zirconium – same infrastructure patterns, same mailbox‑rule tricks, but now weaponized with more convincing English and AI‑generated briefings.

By Thursday afternoon, CISA and the FBI quietly pushed an updated joint advisory to industry partners, warning of “ongoing PRC‑sponsored cyber activity targeting US critical infrastructure, especially telecommunications, energy, and logistics,” building on earlier alerts about Volt Typhoon style pre‑positioning in routers and edge devices. They emphasized that Chinese operators are increasingly living off the land: using built‑in tools like PowerShell, WMI, and legitimate remote management instead of noisy malware, making them harder to spot until something breaks.

Friday, a US West Coast cloud provider reported anomalous traffic from compromised small‑business routers, echoing what Microsoft previously documented about Chinese actors hijacking SOHO gear to blend into normal internet noise. Around the same time, telecom security teams saw bursts of scanning against 5G core components and signaling systems, consistent with reconnaissance for future disruption rather than smash‑and‑grab data theft.

The most critical pattern: this is not about stealing just F‑35 blueprints anymore. It’s about building a library of access into water plants, regional power grids, ports, and logistics software, so that in a Taiwan or South China Sea crisis, Beijing can quietly degrade US response – slow fuel deliveries, scramble shipping data, or cause “random” outages in key states without ever firing a missile.

So what do you, my alert listeners, actually do with this?

CISA and FBI are hammering a few themes: patch edge devices brutally fast, especially VPNs and firewalls; shut off unused remote management; enforce phishing‑resistant multi‑factor auth; log everything at the identity layer; and practice incident response like it’s fire drill day at the world’s crankiest kindergarten. They also want critical‑infrastructure operators to assume compromise and hunt for unusual account behavior, new scheduled tasks, odd PowerShell usage, and strange connections to residential IP space.

Potential escalation looks like this: today, quiet credential theft and router hijacks; in a higher‑tension week, coordinated wiper attacks disguised as “ransomware”; in a full‑blown geopolitical crisis, carefully timed outages across ports, pipelines, satellites, and 911 systems to slow US decision‑making while preserving plausible deniability.

I’m Ting, reminding you: in this game, ignorance isn’t bliss, it’s just unlogged traffic.

Thanks for tuning in, and don’t forget to subscribe.

This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

Hey listeners, I’m Ting, your slightly over-caffeinated China-and-cyber nerd, and today’s episode is “Red Alert: China’s Daily Cyber Moves” – so let’s jack straight into the wire.

Over the last few days, US networks have been getting quietly poked and prodded by a familiar cast: Chinese state-linked groups going after government workers, critical tech, and big sports-adjacent infrastructure.

According to the US Department of Justice, the FBI just seized 13 fake consulting websites that were actually Chinese intelligence recruitment fronts, pitching bogus “national security” jobs to current and former cleared US government employees. These sites used stolen identities, AI-generated profile photos, and generic consulting roles, then tried to pay recruits in cryptocurrency for “reports” that were really classified or sensitive data. That’s not phishing for passwords, that’s phishing for humans.

Parallel to that, threat intel from firms like CrowdStrike and EclecticIQ describes how Chinese campaigns in 2025 and early 2026 lined up perfectly with Beijing’s industrial priorities, hitting US manufacturing and semiconductor companies for long-term espionage and IP theft, not smash-and-grab ransomware. Think slow burn: hands on keyboard inside your build servers, watching your firmware pipelines.

Now overlay that with what CloudSEK and other researchers are seeing: Chinese-origin threat operations already staging for the 2026 FIFA World Cup, including infrastructure that’s been active this month, impersonating FIFA and World Cup brands to lure global users. That sounds “sports,” but a lot of those fans, sponsors, and tech providers are in the US, bringing their corporate credentials and VPN tokens along for the ride. The World Cup becomes a side door into American enterprise networks.

Timeline this out for you: first, long-running espionage against US tech and manufacturing; then, human-targeting ops via fake consulting companies; now, sports-themed lure campaigns spinning up ahead of World Cup-related travel and investments. Each wave adds access, credentials, and footholds, all potentially usable in a crisis against US infrastructure.

If the situation escalates—say, a Taiwan Strait incident or sanctions shock—you don’t start from zero. Those sleeper accesses could be flipped into disruption: hitting telecom backbones carrying World Cup traffic, cloud environments hosting US agencies, or suppliers feeding the defense industrial base. You’d see bursts of account takeovers, selective data leaks, and possibly destructive wipers disguised as “accidents.”

So what should US defenders be doing, right now? Follow CISA and FBI guidance: ruthlessly verify any “consulting” or “recruiter” outreach targeting cleared staff; lock down cloud runtime workloads with strong identity and behavioral monitoring; treat anything World Cup-themed—emails, apps, streaming links—as hostile until proven otherwise; and practice rapid isolation of compromised accounts as if you’ll need it tomorrow.

I’m Ting, thanks for tuning in, and don’t forget to subscribe so you don’t miss the next threat briefing.

This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

Hey listeners, I’m Ting, and Red Alert is lit today, so let’s jack straight into what China’s been doing on the cyber front against the United States.

Over the past few days, threat intel from CrowdStrike’s 2026 Technology Threat Landscape Report and allied feeds has been screaming the same message: Chinese state-linked crews are in full sprint to steal AI tech they can’t build fast enough at home. CrowdStrike flat-out calls it “cyberespionage as industrial policy,” focused on US cloud providers, chip designers in places like California and Texas, and AI startups sitting on frontier models and training pipelines.

Here’s the rough timeline from the last 72 hours. Late Sunday night East Coast time, multiple US telecom backbones flagged weird lateral movement coming from compromised edge devices in regional data centers. Those logs match tactics long associated with Volt Typhoon and related China-nexus clusters: living off the land, abusing built‑in Windows tools, and hiding in normal admin traffic. By Monday morning, US energy and water utilities in at least three states saw similar probes against operational tech management consoles, the very systems that talk to dams, pipelines, and substations.

According to internal alerts circulated among CISA partners, none of those OT systems have been confirmed as fully compromised yet, but several monitoring boxes and jump servers were popped long enough for the attackers to map networks, grab configurations, and plant what look like long-term beacons. Think of it as China quietly hanging spare keys all over critical infrastructure, just in case.

Around the same time, federal contractors supporting the Department of Defense reported credential stuffing attacks against developer portals and Git servers holding AI-enabled targeting, logistics optimization, and autonomous drone research. Threat hunters say the exfil patterns look like focused theft of model weights, training data, and custom inference code, not random smash-and-grab ransomware.

CISA and the FBI have pushed emergency guidance to major US operators: enforce phishing-resistant multi-factor authentication, lock down PowerShell and remote management tools, hunt for unusual use of command-line utilities, and actively scan for persistence in routers, firewalls, and VPN appliances. They’re also urging network defenders to assume some identity providers are already burned and to implement strict segmentation between corporate IT and operational tech.

Now let’s talk escalation scenarios. If Beijing wanted leverage in a political or military crisis, these quiet implants in telecom, cloud, and utilities could be flipped into disruptive operations: selective blackouts, throttled internet, corrupted backups, or even targeted hits on defense logistics systems at the worst possible moment. More subtle, and in some ways more dangerous, is the slow bleed: continuous theft of AI capabilities until US tech firms realize their “unique” innovations are showing up in Chinese defense and surveillance platforms two years early.

For defenders listening, step one today: patch edge gear, cut unnecessary remote access, and force every admin account through strong MFA. Step two: treat any unexplained network anomaly touching identity, OT gateways, or AI research environments as potential nation‑state activity, not just noise.

Thanks for tuning in, stay patched, stay paranoid, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

I’m Ting, and Red Alert: China’s Daily Cyber Moves is lit up again, so let’s jack straight into what’s hitting US networks right now.

Over the past few days, US cyber defenders have been watching a steady drumbeat of activity from China-linked groups like Volt Typhoon, APT31, and APT41 focusing on critical infrastructure in places like Texas, California, and the Eastern seaboard. Microsoft and Mandiant have been flagging how Volt Typhoon keeps burrowing into routers and firewalls from brands like Cisco and Fortinet, living off the land with legit admin tools to stay ghosted inside power, water, and port networks.

Timeline-wise, it kicked up over the weekend: first wave, broad scanning of utilities and telecoms, hitting exposed VPNs and unpatched edge devices. Then, late night, a second wave: password-spray attacks on government and defense contractors’ Microsoft 365 and Okta accounts. By dawn, several mid-size municipal networks in the US had to isolate segments because of suspicious PowerShell and WMI activity that looked exactly like prior Chinese tradecraft called out by CISA and the FBI.

CISA’s recent emergency-style advisories and joint alerts with the FBI and NSA have been crystal clear: China is not just going after data, they are positioning for potential disruption. The agencies keep warning about pre-positioned access inside sectors like energy, pipelines, and transportation, especially in locations tied to Pacific and Atlantic ports and to major data centers.

New twist in the last few days: more focus on software supply chain footholds. Think smaller IT service providers in Virginia, Colorado, and Florida getting popped first, then quietly used to pivot into bigger healthcare and finance networks. CrowdStrike and Recorded Future analysts have been calling out an uptick in code-signing token theft and persistent abuse of cloud identities rather than noisy malware.

Right now, active threats for US targets include stealthy lateral movement inside Windows domains, DNS tunneling for data exfiltration, and quiet manipulation of logging on security appliances so intrusions look like boring network noise. Cloud workloads on Azure and AWS with overly permissive roles are especially ripe targets.

Defensive actions that CISA, NSA, and the FBI keep hammering: enforce phishing-resistant multifactor like FIDO keys on all admin and remote access accounts, rip and replace or at least patch and segment end-of-life routers and VPNs, adopt least privilege in both on-prem and cloud, and aggressively hunt for living-off-the-land behavior in PowerShell logs, WMI, and scheduled tasks, not just malware signatures.

Potential escalation scenarios? If geopolitical tensions spike over Taiwan or the South China Sea, those quiet Chinese footholds inside US power grids, ports, and satellite links could shift from reconnaissance to disruption: timed outages, corrupted logistics data, or GPS spoofing affecting aviation and shipping. The nightmare scenario is simultaneous, coordinated disruptions across multiple states, forcing the US to choose between rapid public attribution and keeping some access quiet for intelligence reasons.

I’m Ting, thanks for tuning in, stay patched, stay paranoid, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Red Alert: China's Daily Cyber Moves podcast.

I’m Ting, your friendly neighborhood China-and-cyber nerd, and today’s episode of “please patch before breakfast” starts with Microsoft’s own house catching fire.

Over the past forty-eight hours, the big story has been the Miasma worm ripping through 73 Microsoft GitHub repositories, including Azure and Microsoft Docs repos, in what security analysts are calling a classic software supply chain compromise. According to a recent cyber stand‑up briefing, Miasma spreads laterally between repos by abusing developer credentials and GitHub Actions automation, quietly injecting malicious code into libraries that American developers blindly trust. The timeline there: initial anomalous commits spotted earlier this week, emergency access restrictions by GitHub on Friday, and nonstop incident response all weekend as US companies scramble to verify every dependency baked into their CI/CD pipelines.

Now, why do I, Ting, think this smells like Beijing’s playbook? Because it perfectly matches long‑running Chinese espionage patterns like Volt Typhoon and Salt Typhoon, which Cyber Security News notes were designed to burrow into US critical infrastructure and telecoms for the long game, not a quick ransomware payday. You don’t hijack Microsoft supply chain components unless you want durable, deniable access deep inside US government contractors, defense suppliers, and cloud providers.

Layer two of today’s headache: Cisco’s SD‑WAN Manager zero‑day, CVE‑2026‑20245. Cisco has already warned that it’s being actively exploited with no patch available yet, and this platform controls routing for a huge chunk of US enterprise and government networks. An attacker who owns SD‑WAN Manager can reroute traffic, sniff sensitive data, or quietly create backdoors into every branch office on the map. Tie that to the Volt Typhoon reporting, and you get a very plausible escalation scenario: in a Taiwan or South China Sea crisis, those footholds become instant disruption tools against US logistics, ports, and power.

Meanwhile, a Chinese state‑sponsored group tracked as UNC5221 is rolling out new persistence malware in Microsoft 365: a backdoor called Brickstorm plus Plunet and Agent PSD, designed to survive password resets and incident response. Think malicious OAuth apps, stealthy mail‑forwarding rules on executive inboxes, and PowerShell backdoors lurking in Azure. That’s classic pre‑positioning for political, military, and election‑related intelligence inside the United States.

So what do you, my security‑savvy listeners, need to do right now?

First, lock down your code: audit all GitHub and GitLab repos, enforce hardware‑key MFA for developers, and verify checksums and signatures for any Microsoft‑linked packages before you deploy.

Second, cage the Cisco beast: move SD‑WAN Manager onto a hardened management network, restrict access by IP, slap firewalls around it, and crank up log monitoring for weird admin sessions and config changes.

Third, hunt in Microsoft 365: review OAuth app registrations, service principal permissions, and mail rules on high‑value accounts; investigate logins from unusual geographies, especially tied to admin roles.

Finally, prepare for escalation: run tabletop exercises where Chinese‑linked actors flip those access points during a geopolitical crisis; practice rapid network segmentation, failover, and manual operations for critical services.

Thanks for tuning in, listeners, and don’t forget to subscribe for more China‑meets‑cyber deep dives. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta