This is your China Hack Report: Daily US Tech Defense podcast.If you missed the latest sizzle from the cyber trenches, strap in—this is Ting with your China Hack Report: Daily US Tech Defense, and yes, the digital fireworks are already in full blaze. Let’s dive straight into what’s shaking up security desks across the country as of September 22, 2025.First, let’s talk headline-grabber: the Salt Typhoon attack. This isn’t your average skirmish—this Chinese state-backed operation barrelled right through major US telecoms, slurping up the data of over eight million Americans, from average Joe to political heavyweights. Salt Typhoon pulled off its heist by exploiting crusty, outdated software and laughably weak authentication—think virtual skeleton keys. Calls intercepted, locations tracked, private chatter all scooped up. Even scarier for policymakers: National Guard systems got breached, with deployment data and personnel records in the crosshairs. That’s a migraine for defense, since it could mess with military readiness. Telecom giants are now scrambling to roll out multi-factor authentication and bring in AI-based defense routines, but experts are already side-eyeing if patching will outrun the attackers’ next trick, according to reporting by MSN and CM Alliance.Flip over to software exploits and the word ‘Ivanti’ is sending shivers down IT spines, thanks to warnings from CISA. In real-time—yes, the past 24 hours—two fresh vulnerabilities, CVE-2025-4427 and CVE-2025-4428, found in Ivanti’s Endpoint Manager Mobile, were weaponized. Attackers chained these flaws, allowing authentication bypass and remote code execution—imagine bypassing bouncers and then hosting a party in the server room. The malware dropped can inject listeners straight into Apache Tomcat, letting the attackers interpret, intercept, and execute Java code on demand. CISA’s ringing the bell: patch now or play Russian roulette with your enterprise data. The hackers snuck their payloads in using Java EL injection and clever Base64 encoding, which meant most security tools didn’t even blink. The Register and Pantera Security both report that attribution isn’t official, but the code style points right back to a familiar cast—China-linked APTs.Google and Fortinet are also sounding the alarm on the AI-powered pen testing tool "Villager," traced to a China-based dev, which exploded in downloads on PyPI. What’s it do? Ostensibly security research, but in the wild, it’s being bent into something darker—a ready-made kit for cybercriminals to probe and break networks. Same playbook, new toys.CISA, the FBI, and key agencies are running hot, issuing emergency patch advisories, daily bulletins, and even urging Congress to renew core cyber authorities like the Cybersecurity Information Sharing Act of 2015. And while defenders are wiring up quantum-resistant cryptography and next-gen AI monitors, Congress is also being told to keep cyber threat intelligence honest and out of the political spin-cycle—thank you, Liana Keesing at Issue One, for putting words to what many of us mutter at the screen daily.Critical infrastructure, supply chains, even Salesforce data are under the microscope as cloud and SaaS attacks ramp up. The message from all corners—update, fortify, audit, and if you haven’t already, start exercising those incident response muscles.Stay tuned, don’t let your firewall nap, and keep it exciting by subscribing! This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

Ver todos los episodios