This is your China Hack Report: Daily US Tech Defense podcast.
Hello listeners, Ting here, your go-to for China Hack Report: Daily US Tech Defense—diving headfirst into the past 24 hours where digits met drama and national security had another sleepless night.
Let’s cut straight to what set keyboards clacking: Microsoft’s emergency patch. If you work with Windows Server Update Services, listen up! Microsoft just confirmed active exploitation of a devastating remote code execution flaw—CVSS 9.8, brutal even by hacker standards. This is CVE-2025-59287, and it lets attackers turn legitimate Windows updates into sneaky malware delivery—think “trusted system update” morphing into stealthy sabotage. Microsoft pushed a fix on October 23, 2025, and the Cybersecurity and Infrastructure Security Agency (CISA) shouted an all-out alert for every U.S. agency and company running WSUS: patch now, reboot, and validate every system. CISA was explicit—servers without the new patch could let attackers poison entire enterprise networks. If you haven’t patched yet, stop multitasking and do it. Seriously.
But the drama doesn’t end there. Over the last day, Trend Research dropped a bombshell about new “Premier Pass-as-a-Service” tactics among China-aligned advanced persistent threat groups, chiefly Earth Estries and Earth Naga—also known in the cool kids’ club as Flax Typhoon or RedJuliett. These groups are not just hacking separately anymore. Instead, they’re sharing compromised network access—like one group breaking in, then handing over the virtual keys to another, who moves in for the data loot. It’s next-level coordination, and it’s been seen across government and telecom sectors, even hitting major retail organizations. Earth Estries deployed its CrowDoor backdoor for stealth, then Earth Naga swept in with the notorious ShadowPad malware. Both toolkits have been part of real, confirmed attacks from late 2024 through mid-2025, but the ramifications for U.S. critical infrastructure and supply chains are only piling up.
Now, phishing is an old game, but the massive “Smishing Triad” campaign reported by Palo Alto Networks’ Unit 42 takes it global. Attackers ran over 194,000 malicious domains, many with traces back to Chinese infrastructure, distributing SMS phishing messages imitating everything from government agencies to parcel carriers. The domains reset and respawn so rapidly, security teams struggle to blacklist them before your HR gets that fateful “urgent tax notice” text.
Ransomware didn’t take the weekend off: On October 26, the Play ransomware crew hit Metal Pros, a big U.S. manufacturing player, and threatened a leak unless paid. The list of recommendations from response pros is a must-do—incident reviews, encrypted backups, threat intel integration, and your best friend: multi-factor authentication.
Big picture: national strategy and CISA's work are being stretched to the limit, as covered in the latest FDD cyber report. Ongoing call-outs urge Congress to stabilize cybersecurity funding and staff, noting without it, adversaries won’t feel the pain, while U.S. companies bear the brunt. Tech diplomacy, too, is now squarely on the table—clear as day that Chinese state-linked hackers are raising their game globally.
Thanks for tuning in—remember to subscribe so no cyber shadow can catch you napping. This has been a quiet please production, for more check out quiet please dot ai.
For more
http://www.quietplease.aiGet the best deals
https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI
