Cyber Circus Unleashed: China's APT31 & APT24 Run Wild, Oracle & Grafana Flaws Exposed!

This is your China Hack Report: Daily US Tech Defense podcast.If you thought last week was wild, buckle up, because the last 24 hours have been a full-on cyber circus, and China-linked threat actors are definitely the ringmasters. According to Western Illinois University’s Cybersecurity Center, the notorious APT31 group has been quietly infiltrating Russian IT companies using cloud services, but here’s the kicker—this is the same crew that’s been eyeing US interests for years. Symantec and Positive Technologies both confirm APT31’s stealthy moves, and if they’re targeting Russia, you know they’re not far from knocking on our door.Now, let’s talk about the new malware on the block: BADAUDIO. APT24, another China-linked group, has been deploying this nasty downloader in a long-running espionage campaign that’s hit over a thousand domains, including some in Taiwan and the US. The malware’s designed for persistence, and it’s been flying under the radar for nearly three years. Google Threat Intelligence Group says they’ve seen APT24 shift from broad web compromises to more targeted, sophisticated attacks. If you’re in tech or government, you should be sweating right now.On the patch front, CISA just dropped an emergency alert about a critical Oracle Identity Manager zero-day, CVE-2025-61757. This flaw lets attackers bypass authentication and could lead to full system compromise. CISA’s urging everyone to patch immediately, and Purple Ops is echoing that warning. If you haven’t updated your Oracle systems yet, do it now—this is not a drill.Meanwhile, Grafana patched a maximum severity flaw, CVE-2025-41115, in their SCIM component. This one could let attackers impersonate users or escalate privileges, so if you’re using Grafana, get those updates rolling.CISA’s also warning about a new phishing campaign using browser notifications—Matrix Push C2 is the culprit, and it’s fileless, cross-platform, and sneaky. Blackfog researchers say it’s leveraging fake alerts and redirects, so keep an eye on your browser notifications and don’t click anything suspicious.For immediate defensive actions, CISA recommends patching Oracle and Grafana systems, monitoring for unusual browser notifications, and staying vigilant for any signs of BADAUDIO or similar malware. If you’re in critical infrastructure, be extra careful—CISA’s drone warning is a reminder that physical and cyber threats are converging.Thanks for tuning in, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.