Sign up to save your podcasts
Or
Share SharePoint Zero-Day Sparks Cyber Chaos as Pentagon Purges China Ties
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SharePoint Zero-Day Sparks Cyber Chaos as Pentagon Purges China Ties
This is your China Hack Report: Daily US Tech Defense podcast.
Big cyber hello from Ting, your resident whisperer of all things China and hacking! Listeners, the last 24 hours have been a rollercoaster for US tech defense—I’m talking urgent DoD shakeups, a nasty SharePoint zero-day, and CISA ringing every alarm bell in DC and beyond.
Let’s jump straight to the day’s showstopper: a critical Microsoft SharePoint zero-day vulnerability, tagged as CVE-2025-53770, that’s shaking up both government and business sectors. This flaw lets attackers execute code remotely, so it’s like they can waltz right into your server and start changing the furniture—without even needing a key. The vulnerability’s roots? Deserialization of untrusted data. Say that three times fast, then say a little prayer for your on-prem SharePoint servers. The exploit chain is called ToolShell, and if your network still hasn’t gotten the memo, you’re already a step behind.
Eye Security spotted the first mass exploitation Friday evening, then unfolded a second wave Saturday morning with fresh IPs jumping in. By Sunday night, Microsoft publicly acknowledged what security pros were already scrambling over, and CISA issued an emergency alert demanding immediate defensive measures by today—July 21. Their advice: if you can, activate AMSI integration and Microsoft Defender Antivirus on every SharePoint box you have. If you can’t? Disconnect those servers from internet access right now, unless you want to be the next cautionary tale at a DEFCON talk. CISA’s urgency isn’t hype: at least two US federal agencies and over a thousand state and local government servers are in the crosshairs. Schools, higher ed, state websites—if it says .gov or .edu, assume it’s at risk. The Multi-State ISAC has been frantically notifying hundreds of organizations. All that, just as they’re facing federal funding cuts. Timing, right?
But the drama doesn’t stop with software holes. Pete Hegseth, the new Secretary of Defense, just dropped the hammer, ordering an immediate end to all China-based labor in Pentagon cloud services—yes, that includes Microsoft. This follows a ProPublica investigation that found Microsoft was letting Chinese engineers help patch sensitive DoD systems via US “digital escorts.” The catch? Those escorts sometimes lacked the technical chops to vet what they were entering, which raised fears they might unwittingly introduce vulnerabilities or even malicious code. It’s like letting someone assemble a jet engine while you read the manual in the next room—risky at best.
Microsoft, for their part, says no more China-based engineers on any Pentagon projects starting now. Hegseth has launched a lightning review to ensure no similar models lurk elsewhere in DoD or the cloud contractor ecosystem. This is a strong message and it’s pretty clear: if your supply chain touches China, clean it up or get out of the US defense business.
And in the wild cyber skies, China’s government isn’t dialing things down. State-sponsored campaigns are still scarfing up secrets, from the US to Taiwan, hitting everything from chipmakers to universities and beyond. The pattern is clear—blended tactics, living-off-the-land attacks, and a relentless hunger for industrial and military intel. Remember APT41? They’re expanding campaigns with new malware payloads and even abusing compromised SharePoint servers to act as command-and-control channels, making detection tough even for seasoned blue teams.
So, listeners, patch now, consult your supply chain like it’s a Tinder profile, and follow every CISA bulletin like gospel. Don’t get caught with your zero-days down.
Thanks for tuning in! Subscribe now for tomorrow’s scoop, because in cyber, if you’re not first—you’re probably breached. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Big cyber hello from Ting, your resident whisperer of all things China and hacking! Listeners, the last 24 hours have been a rollercoaster for US tech defense—I’m talking urgent DoD shakeups, a nasty SharePoint zero-day, and CISA ringing every alarm bell in DC and beyond.
Let’s jump straight to the day’s showstopper: a critical Microsoft SharePoint zero-day vulnerability, tagged as CVE-2025-53770, that’s shaking up both government and business sectors. This flaw lets attackers execute code remotely, so it’s like they can waltz right into your server and start changing the furniture—without even needing a key. The vulnerability’s roots? Deserialization of untrusted data. Say that three times fast, then say a little prayer for your on-prem SharePoint servers. The exploit chain is called ToolShell, and if your network still hasn’t gotten the memo, you’re already a step behind.
Eye Security spotted the first mass exploitation Friday evening, then unfolded a second wave Saturday morning with fresh IPs jumping in. By Sunday night, Microsoft publicly acknowledged what security pros were already scrambling over, and CISA issued an emergency alert demanding immediate defensive measures by today—July 21. Their advice: if you can, activate AMSI integration and Microsoft Defender Antivirus on every SharePoint box you have. If you can’t? Disconnect those servers from internet access right now, unless you want to be the next cautionary tale at a DEFCON talk. CISA’s urgency isn’t hype: at least two US federal agencies and over a thousand state and local government servers are in the crosshairs. Schools, higher ed, state websites—if it says .gov or .edu, assume it’s at risk. The Multi-State ISAC has been frantically notifying hundreds of organizations. All that, just as they’re facing federal funding cuts. Timing, right?
But the drama doesn’t stop with software holes. Pete Hegseth, the new Secretary of Defense, just dropped the hammer, ordering an immediate end to all China-based labor in Pentagon cloud services—yes, that includes Microsoft. This follows a ProPublica investigation that found Microsoft was letting Chinese engineers help patch sensitive DoD systems via US “digital escorts.” The catch? Those escorts sometimes lacked the technical chops to vet what they were entering, which raised fears they might unwittingly introduce vulnerabilities or even malicious code. It’s like letting someone assemble a jet engine while you read the manual in the next room—risky at best.
Microsoft, for their part, says no more China-based engineers on any Pentagon projects starting now. Hegseth has launched a lightning review to ensure no similar models lurk elsewhere in DoD or the cloud contractor ecosystem. This is a strong message and it’s pretty clear: if your supply chain touches China, clean it up or get out of the US defense business.
And in the wild cyber skies, China’s government isn’t dialing things down. State-sponsored campaigns are still scarfing up secrets, from the US to Taiwan, hitting everything from chipmakers to universities and beyond. The pattern is clear—blended tactics, living-off-the-land attacks, and a relentless hunger for industrial and military intel. Remember APT41? They’re expanding campaigns with new malware payloads and even abusing compromised SharePoint servers to act as command-and-control channels, making detection tough even for seasoned blue teams.
So, listeners, patch now, consult your supply chain like it’s a Tinder profile, and follow every CISA bulletin like gospel. Don’t get caught with your zero-days down.
Thanks for tuning in! Subscribe now for tomorrow’s scoop, because in cyber, if you’re not first—you’re probably breached. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your China Hack Report: Daily US Tech Defense podcast.
Big cyber hello from Ting, your resident whisperer of all things China and hacking! Listeners, the last 24 hours have been a rollercoaster for US tech defense—I’m talking urgent DoD shakeups, a nasty SharePoint zero-day, and CISA ringing every alarm bell in DC and beyond.
Let’s jump straight to the day’s showstopper: a critical Microsoft SharePoint zero-day vulnerability, tagged as CVE-2025-53770, that’s shaking up both government and business sectors. This flaw lets attackers execute code remotely, so it’s like they can waltz right into your server and start changing the furniture—without even needing a key. The vulnerability’s roots? Deserialization of untrusted data. Say that three times fast, then say a little prayer for your on-prem SharePoint servers. The exploit chain is called ToolShell, and if your network still hasn’t gotten the memo, you’re already a step behind.
Eye Security spotted the first mass exploitation Friday evening, then unfolded a second wave Saturday morning with fresh IPs jumping in. By Sunday night, Microsoft publicly acknowledged what security pros were already scrambling over, and CISA issued an emergency alert demanding immediate defensive measures by today—July 21. Their advice: if you can, activate AMSI integration and Microsoft Defender Antivirus on every SharePoint box you have. If you can’t? Disconnect those servers from internet access right now, unless you want to be the next cautionary tale at a DEFCON talk. CISA’s urgency isn’t hype: at least two US federal agencies and over a thousand state and local government servers are in the crosshairs. Schools, higher ed, state websites—if it says .gov or .edu, assume it’s at risk. The Multi-State ISAC has been frantically notifying hundreds of organizations. All that, just as they’re facing federal funding cuts. Timing, right?
But the drama doesn’t stop with software holes. Pete Hegseth, the new Secretary of Defense, just dropped the hammer, ordering an immediate end to all China-based labor in Pentagon cloud services—yes, that includes Microsoft. This follows a ProPublica investigation that found Microsoft was letting Chinese engineers help patch sensitive DoD systems via US “digital escorts.” The catch? Those escorts sometimes lacked the technical chops to vet what they were entering, which raised fears they might unwittingly introduce vulnerabilities or even malicious code. It’s like letting someone assemble a jet engine while you read the manual in the next room—risky at best.
Microsoft, for their part, says no more China-based engineers on any Pentagon projects starting now. Hegseth has launched a lightning review to ensure no similar models lurk elsewhere in DoD or the cloud contractor ecosystem. This is a strong message and it’s pretty clear: if your supply chain touches China, clean it up or get out of the US defense business.
And in the wild cyber skies, China’s government isn’t dialing things down. State-sponsored campaigns are still scarfing up secrets, from the US to Taiwan, hitting everything from chipmakers to universities and beyond. The pattern is clear—blended tactics, living-off-the-land attacks, and a relentless hunger for industrial and military intel. Remember APT41? They’re expanding campaigns with new malware payloads and even abusing compromised SharePoint servers to act as command-and-control channels, making detection tough even for seasoned blue teams.
So, listeners, patch now, consult your supply chain like it’s a Tinder profile, and follow every CISA bulletin like gospel. Don’t get caught with your zero-days down.
Thanks for tuning in! Subscribe now for tomorrow’s scoop, because in cyber, if you’re not first—you’re probably breached. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Big cyber hello from Ting, your resident whisperer of all things China and hacking! Listeners, the last 24 hours have been a rollercoaster for US tech defense—I’m talking urgent DoD shakeups, a nasty SharePoint zero-day, and CISA ringing every alarm bell in DC and beyond.
Let’s jump straight to the day’s showstopper: a critical Microsoft SharePoint zero-day vulnerability, tagged as CVE-2025-53770, that’s shaking up both government and business sectors. This flaw lets attackers execute code remotely, so it’s like they can waltz right into your server and start changing the furniture—without even needing a key. The vulnerability’s roots? Deserialization of untrusted data. Say that three times fast, then say a little prayer for your on-prem SharePoint servers. The exploit chain is called ToolShell, and if your network still hasn’t gotten the memo, you’re already a step behind.
Eye Security spotted the first mass exploitation Friday evening, then unfolded a second wave Saturday morning with fresh IPs jumping in. By Sunday night, Microsoft publicly acknowledged what security pros were already scrambling over, and CISA issued an emergency alert demanding immediate defensive measures by today—July 21. Their advice: if you can, activate AMSI integration and Microsoft Defender Antivirus on every SharePoint box you have. If you can’t? Disconnect those servers from internet access right now, unless you want to be the next cautionary tale at a DEFCON talk. CISA’s urgency isn’t hype: at least two US federal agencies and over a thousand state and local government servers are in the crosshairs. Schools, higher ed, state websites—if it says .gov or .edu, assume it’s at risk. The Multi-State ISAC has been frantically notifying hundreds of organizations. All that, just as they’re facing federal funding cuts. Timing, right?
But the drama doesn’t stop with software holes. Pete Hegseth, the new Secretary of Defense, just dropped the hammer, ordering an immediate end to all China-based labor in Pentagon cloud services—yes, that includes Microsoft. This follows a ProPublica investigation that found Microsoft was letting Chinese engineers help patch sensitive DoD systems via US “digital escorts.” The catch? Those escorts sometimes lacked the technical chops to vet what they were entering, which raised fears they might unwittingly introduce vulnerabilities or even malicious code. It’s like letting someone assemble a jet engine while you read the manual in the next room—risky at best.
Microsoft, for their part, says no more China-based engineers on any Pentagon projects starting now. Hegseth has launched a lightning review to ensure no similar models lurk elsewhere in DoD or the cloud contractor ecosystem. This is a strong message and it’s pretty clear: if your supply chain touches China, clean it up or get out of the US defense business.
And in the wild cyber skies, China’s government isn’t dialing things down. State-sponsored campaigns are still scarfing up secrets, from the US to Taiwan, hitting everything from chipmakers to universities and beyond. The pattern is clear—blended tactics, living-off-the-land attacks, and a relentless hunger for industrial and military intel. Remember APT41? They’re expanding campaigns with new malware payloads and even abusing compromised SharePoint servers to act as command-and-control channels, making detection tough even for seasoned blue teams.
So, listeners, patch now, consult your supply chain like it’s a Tinder profile, and follow every CISA bulletin like gospel. Don’t get caught with your zero-days down.
Thanks for tuning in! Subscribe now for tomorrow’s scoop, because in cyber, if you’re not first—you’re probably breached. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta