This is your China Hack Report: Daily US Tech Defense podcast.

Ting here—your favorite cyber sleuth, always caffeinated and running on pure world-class paranoia. Buckle up, listeners, because the past 24 hours have been a joyride through digital chaos, Chinese intrigue, and high-stakes defense drama.

First, let’s talk Manhattan, where the Secret Service just nuked a massive Chinese-linked plot to disrupt New York City’s mobile networks during the UN General Assembly. Investigators say over 100,000 SIM cards were stealthily stashed around the city, hooked up to hundreds of SIM servers designed to assault cell towers, jam 911 calls, and let cyber-criminals chat anonymously. The SIM farm scheme was so big—more than 300 servers could pump out millions of anonymous texts per minute, basically turning emergency comms into dial-up purgatory. The fact that this happened right before world leaders landed in NYC tells you it wasn’t petty crime—it was infrastructure sabotage with a geopolitical flavor. The Secret Service insists no arrests are made yet, but timing? Downright suspicious, and supply chains for SIM hardware are under review. Also, telecom firms everywhere, please stop treating anomaly detection like a gym membership and actually use it.

On the digital front, Palo Alto Networks is the day’s punching bag. GreyNoise detected a blaring 500 percent surge in scans hitting Palo Alto login portals. More than 1,200 unique IPs were probing for weaknesses, with a chunk clustering in the Netherlands. What’s wild is that the scanning patterns are eerily similar to recent Cisco ASA activity—the fingerprints match, the tools sync up, and the timing is textbook pre-vulnerability-disclosure behavior. Translation, some very methodical folks are casing major U.S. network doors looking for cracks, and GreyNoise’s enhanced blocklists can’t get here fast enough.

Malware watch—the infamous Phantom Taurus, a newly identified Chinese state-aligned advanced persistent threat, just deployed the Net-Star suite across Africa, the Middle East, Asia, and, worryingly, it’s poking U.S. telecom and government targets now. Net-Star is like malware Swiss Army knives—modular, fileless, and designed to muck up IIS web servers while ghosts through standard detection. Palo Alto’s Unit 42 says Phantom Taurus is switching from basic email theft to snatching up raw database records and hiding deep in infrastructure. The lesson? Database admins, get your patch on and up your anomaly logging—yesterday.

CISA is still running emergency alerts despite a government furlough, and they’ve tagged new vulnerabilities in D-Link routers and a gnarly sudo utility flaw. The word from CyberWire and Security Affairs is clear: patch D-Link devices, update sudo, and don’t wait for FedEx to deliver the “urgent” sticker. Our good friends at Oracle and RedHat are still reeling from extortion campaigns and supply chain hits. If you’re running Jenkins, Juniper, or Samsung smart home devices, double-check CISA’s Known Exploited Vulnerabilities catalog for mandatory patches.

One more hot tip: Apple and Google both issued new rounds of security updates after malware attacks exploited weird font bugs and encrypted messaging platforms. If your company still doesn’t automate patching for mobile endpoints—this is your moment. Don’t make me come over.

All told, the past 24 hours have been about scale—whether it's SIM farms, unrelenting login scans, or malware operations feeding off neglected update schedules. Cyber defense right now means watching supply chains, rigging rapid response blocklists, and patching like your Starbucks depends on it.

Thanks for tuning in. Subscribe or risk missing tomorrow’s cyber soap opera—plenty more hacks where these came from. This has been a quiet please production, for more check out quiet please dot ai.

For more Back to Episodes