This is your China Hack Report: Daily US Tech Defense podcast.Ting here, your daily byte of cyber-wit and frontline defense—by now, if you haven’t checked your patch levels, go do it on a second screen. China-linked threat activity isn’t just about data theft—today it’s like a buffet: file-sharing platforms, critical infrastructure, web servers, even our election machines, all under siege.Let’s fire up today’s dashboard. Top of the leaderboard: CISA has ordered emergency patching across the federal enterprise as two critical vulnerabilities made the “pwned in the wild” list. First up, Gladinet CentreStack and Triofox, those enterprise file-sharing apps you think are locked-down—wrong. Huntress just flagged a nasty Local File Inclusion bug, tracked as CVE-2025-11371, letting attackers slurp up sensitive config files. Why does it matter? From there, the attackers yank your machineKey, chain it with a ViewState deserialization exploit, and—bada-bing, remote code execution. The patch is out, and CISA’s asking every FCEB agency to patch yesterday.Not to be outdone, the Control Web Panel (formerly CentOS Web Panel) has a shell-metacharacter fiesta in its file manager (CVE-2025-48703). Flaw lets threat actors cut right past authentication—think: direct shell command execution as a non-root user, which is usually enough to set up reverse shells or start siphoning off your company’s secrets. Patch v0.9.8.1205 dropped in June—if you’ve ignored it, CISA wants a word.Meanwhile, the F5 “nation-state level compromise” remains a headache worthy of aspirin rations. Security officials have confirmed Chinese espionage actors got into F5’s source code—so now, expect crafted exploits targeting very specific, high-value F5 appliances. If your org uses BIG-IP boxes (that covers just about every enterprise, bank, and hospital), it’s a must to apply F5’s October patch, audit for weird traffic, and segment management interfaces. CISA’s emergency directive here is clear: patch or perish.Now to routers and switches—ever heard of BadCandy? This implant hijacks Cisco IOS XE devices via CVE-2023-20198, and there’s a fresh wave of exploitation. Australian and U.S. advisors both warn it could mean persistence for China-backed teams like Salt Typhoon. A simple reboot only nixes the infection temporarily; if attackers already pillaged credentials, they could be lurking unseen.Turning to critical infrastructure, today’s CISA advisories hit the manufacturing and aviation sectors. Radiometrics VizAir weather gear had a flaw that let remote attackers tweak flight weather parameters, manipulate runway settings, and trigger hazardous conditions—all via an unauthenticated admin panel. Airports, get those updates installed, and don’t ever expose these devices to the open internet!Other headlines: CrowdStrike and Proofpoint highlight hacking crews targeting U.S. logistics—the trucking and freight sectors—using phishing and remote access tools to win and reroute freight contracts. If you noticed sudden “too-good-to-be-true” offers from unknown logistics firms, doublecheck for remote tools operating inside your network.Patch fatigue is real, especially with CISA facing over a thousand job cuts and a shaky federal shutdown stretching thin the folks who keep agencies patched, guided, and resilient. It could hardly be a worse time to be slow on the defensive trigger—especially with deepfakes and election risks surging.So, techies, here’s your action checklist for the next 24 hours: patch any listed CISA vulnerabilities—Gladinet, CWP, Cisco IOS XE, F5—today. Tighten access controls, monitor for odd logins and exports, and stay off suspicious emails and links. If you’re critical infrastructure, you know what to do—segmentation, patching, and absolutely don’t let sensitive endpoints chat on the internet unsupervised.That’s the pulse as of November 5th, 2025. Thanks for tuning in to China Hack Report: Daily US Tech Defense. Make sure you subscribe so you don’t miss tomorrow’s breach. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

Ver todos los episodios