This is your Red Alert: China's Daily Cyber Moves podcast.

Okay, buckle up, this is Ting reporting live from the digital front lines. The past few days have felt like someone left the cyber backdoor wide open and now we’re watching the alarm lights strobe across every SOC from D.C. to Silicon Valley. Let’s cut straight to it—China? Yeah, they’ve been, let’s say, exceptionally busy.

First, let’s talk timeline because context is king. Just this week, Cisco Talos outed a China-based group they call Storm-2603, who’ve now weaponized the Velociraptor IR tool—not Jurassic, but just as dangerous—for ransomware campaigns. Velociraptor is supposed to be a legit incident response tool, but of course, Storm-2603 figured out how to flip it, deploying it for reconnaissance, lateral movement, and, because why not, data exfiltration. Bad guys love efficiency.

Then, if you were sipping coffee and scrolling through The New York Times, you might have seen the scoop about Chinese hackers targeting U.S. law firms—real cloak-and-dagger stuff. One unnamed but prominent D.C. law firm, according to BankInfoSecurity, had to send out mass “sorry, you’re pwned” emails after a zero-day attack that almost certainly had Beijing’s fingerprints. If you’re a law firm, your inbox is not your friend right now. Details are fuzzy, but here’s what’s crystal clear—this isn’t just your grandpa’s cyber espionage. According to Dark Reading, China-nexus crews are even using open source tools like Nezha, repurposing them to slip past defenses with the subtlety of a ninja. Meanwhile, Critical Start’s Cyber Threat Intelligence unit, who I read like the cyber-weather forecast, says Chinese APTs are dialing up both frequency and sophistication, throwing everything from backdoors to “exploit shotguns” like the RondoDox botnet, which packs a buffet of over 50 exploits for routers, servers, and even those sketchy office security cameras. Nothing’s safe when RondoDox is in the house.

Now, what’s triggering the emergency klaxons? It’s not just the technical chicanery—it’s the speed, scale, and targeting. The American Security Project describes a nightmare scenario: agentic AI cyberweapons, smart enough to autonomously probe, adapt, and hammer your infrastructure without needing a human at the keyboard. Imagine a swarm of digital termites that learn as they chew, and you’re getting warmer. We’re talking about systems that can reconnoiter, modify settings, and escalate privileges before your average sysadmin has finished their latte. If you’re not sweating yet, you might want to check your thermostat.

And here’s where it gets spicy: the incident reports are stacking up. CISA isn’t exactly whispering “don’t panic,” but they’re definitely nudging everyone to patch every last hole, disable unnecessary ports, and get rid of anything that screams “end-of-life.” The FBI’s cyber squad, despite those rumored hiring headaches, is in full scramble mode, warning about everything from Akira ransomware picking at Cisco’s ASA/FTD gear to Rhysida, a new double-tapping ransomware-as-a-service crew that just hit the Port of Seattle. Oh, and did I mention phishing’s gone next-gen? ChatGPT’s own Deep Research agent got tricked into spilling secrets via a “ShadowLeak” flaw, so no, your chatbot’s not your therapist, it’s your new vulnerability.

Right now, the U.S. agri-food sector is taking punches—up 38% year-on-year, according to Check Point via Kansas Public Radio—with smaller farms often flying under the radar until the milk money’s gone. But folks, as Doug Jacobson at Iowa State likes to remind everyone, the malware tide lifts all boats—or in this case, drowns all crops.

So, what do you do? First, patch like your job depends on it, because it does. Centralize your patch management. Ditch legacy junk. Invest in AI-powered defensive tools, but don’t expect them to be magic. Train your staff—vishing (voice phishing) and...