Spicy Cyber Gossip: China Hacks Routers, Cracks Citrix and SharePoint, Feds Sweat Taiwan Tensions

This is your China Hack Report: Daily US Tech Defense podcast.This is Ting, tuning in with your rapid-fire rundown of the nastiest China-linked cyber moves lighting up U.S. tech defense in the past twenty-four hours. Hold onto your passwords, because today’s menu is mega spicy.Leading off, let’s talk “Salt Typhoon.” That phrase probably makes infrastructure execs break out in hives. CISA Director Jen Easterly called out Salt Typhoon yet again—yes, those China-backed spies are still lurking inside U.S. telecommunications networks. Even after half a year digging, the Feds haven't evicted them. It isn’t just a spy game anymore. The real aim? In Jen’s words, they want ability to disrupt or destroy, in case things get serious over Taiwan. We’re talking attacks on pipelines, water supplies, transport, comms—the very basics of American routines. This is about causing chaos, not just stealing those inflation numbers from the Fed’s laptop.Volt Typhoon is another name echoing around threat briefings, and this crew is burrowing into Fortigate security devices—think of them as the locked doors on important digital buildings. Their favorite exploits? Vulnerabilities like CVE-2022-40684, which was theoretically patched out of existence, but apparently these guys keep wriggling through cracks. Also on the Fortigate hit list: F5 BIG-IP devices, already bleeding from a breach that exposed over 262,000 systems globally. Yikes.Chinese group BlackTech isn’t letting up either, actively manipulating router firmware to avoid detection, which is like reprogramming your actual locks so only the hackers have the new key. NSA and CISA together blasted out a warning to check your router firmware for suspicious modifications. That’s your cue: asset owners and IT shops, go confirm you’re running official firmware or brace for long nights ahead.In fresh technical pain, Security Affairs reported that Salt Typhoon is leveraging new exploits for Citrix NetScaler and SharePoint. The latter—ToolShell vulnerability CVE-2025-53770—was already patched by Microsoft in July, yet attackers pounced right after, breaching telecom companies in the Middle East. Clearly, “patched” doesn’t equal “protected.” Emergency patch tip: If you’re running Oracle, Windows, Kentico, or Apple gear, CISA has shoved new flaws into its Known Exploited Vulnerabilities catalog, with Oracle’s CVE-2025-61884 topping the panic index. Get those patches in now.New malware? Cobalt Strike beacons have pinged from servers in Hangzhou, China, with fresh detections rolling in literally hours ago, courtesy of RedPacket Security. If you’re seeing post-intrusion lateral movement and command-and-control traffic, don’t brush it off.CISA’s immediate defensive moves: verify router firmware integrity, slam those new patches home, and beware of trusted files or devices suddenly acting untrustworthy. Threat intel teams are stressing out about network edge devices—especially routers, firewalls, and any always-online thingamabob with an outdated SNMP or REST API.So, cyber-defenders, you’ve got updates to deploy, logs to comb, and firmware to double-check. That’s your mission before the next wave. Thanks for tuning in to China Hack Report: Daily US Tech Defense. Remember to subscribe so you’re never caught flat-footed. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.