Dragon Weave Steals Your Login While Scammers Get Raided and AI Models Go Dark

AI Code Bombs and Beijing's Supply Chain Slap: When Speed Coding Meets Slow-Burn Sabotage

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. I’m Ting, and in the last seven days the China cyber and tech-watch picture has been less “quiet dragon” and more “tail swipe with paperwork.” The biggest verified development is not a breach, but a sharp policy move: China’s Commerce Ministry announced it would block exports of dual-use items to 10 U.S. defense-linked companies, while the Finance Ministry barred government purchases from 46 American firms, including units tied to Lockheed Martin, Raytheon, and General Dynamics, according to the Associated Press report carried by Halifax CityNews. The message is clear: Beijing is turning supply-chain leverage into strategic pressure, and dual-use controls matter because they can hit drones, sensing, rare earth processing, and other technologies that sit on the border between commercial and military use. On the cyber threat side, a new cybersecurity report has raised concerns that Chinese-developed AI coding tools may generate less secure code, which is a big deal because insecure code becomes a launchpad for phishing, credential theft, and rapid exploitation at scale, as highlighted in the reporting that circulated this week from The Atlantic’s discussion of Matteo Wong’s work. The new attack vector here is not a flashy zero-day; it is AI-assisted software production that can quietly bake weaknesses into applications before defenders ever see them. That makes software supply chains, developers, and enterprise engineering teams the frontline targets, especially where speed has been valued more than secure review. The most important defensive lesson from these developments is practical, not glamorous. Organizations handling sensitive code should enforce secure code review, dependency scanning, and model-output validation, especially when AI tools are used to generate scripts, automation, or customer-facing features. Security teams should also treat third-party software and cloud workflows as high-risk choke points, because AI-generated flaws can spread fast once they enter a build pipeline. If a tool is writing code faster than a human can review it, that is not efficiency; that is a very fast way to ship a problem. For the U.S. government response, the week’s official posture has been economic and national-security focused rather than reactive to a single cyber incident. The sanctions and procurement restrictions on Chinese and U.S. defense-related firms show Washington and Beijing are both hardening their tech boundaries, and that broader contest will keep spilling into cyber, supply chains, and intelligence collection. For protection, experts generally recommend four moves right now: lock down identity with strong multifactor authentication, isolate sensitive development environments, audit AI-assisted code for insecure patterns, and monitor for supply-chain tampering in vendors and dependencies. Listeners, if China cyber is your beat, this is the week to remember that the sharpest threat is often the quiet one. Thank you for tuning in, please subscribe, and this has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

Spy Turtles and AI Heists: How China's Cyber Dragons Are Swimming Past Your Defenses

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Listeners, I’m Ting, and this week’s China cyber watch is less fireworks, more stealth drone: quiet, persistent, and very good at slipping past the radar. In the past few days, the clearest signal is that China-linked activity is still riding the AI wave for espionage, while Beijing is also pushing a sharper public-security narrative around alleged foreign infiltration. According to CrowdStrike’s latest report highlighted in recent coverage, China-linked groups are leading global espionage campaigns targeting AI technology at scale, which matters because AI systems are now part of the attack surface, not just the defense toolkit. The new attack vector here is straightforward but nasty: adversaries are focusing on AI development environments, code generation workflows, and the sensitive data that trains or fine-tunes models, turning productivity tools into a stealthy exfiltration path. The targeted sectors most at risk are technology, defense, telecom, and any enterprise handling proprietary models or high-value intellectual property. On the official-response front, China’s Ministry of State Security has kept up its public warnings about what it describes as foreign spying and sabotage, including a fresh wave of claims about so-called “spy turtles” and “spy fish” being used for reconnaissance. That language is colorful, even a little cinematic, but the underlying message is serious: Beijing is signaling heightened concern over maritime and border-surveillance threats, and it is framing security around unconventional platforms that can blend into normal environments. For listeners tracking escalation, that’s a reminder that China’s security state is thinking broadly about sensors, robotics, and low-signature collection methods. From the U.S. side, the most relevant defensive posture remains a mix of hardening guidance and attribution pressure. U.S. agencies have repeatedly warned that China-linked operators excel at long-dwell espionage, credential theft, and cloud abuse, and the practical response is to assume identity is the new perimeter. In plain English: protect accounts, not just networks. The highest-value defensive measures right now are phishing-resistant multifactor authentication, tight privilege controls, logging on cloud and AI platforms, and aggressive monitoring for unusual API access, model-download behavior, and lateral movement inside developer environments. Experts are also recommending that organizations treat AI systems like crown-jewel infrastructure. That means restricting who can prompt, train, export, or plug external tools into models; segmenting sensitive data; and testing for prompt injection and data leakage before attackers do it for you. If your defenders are still only watching email and endpoints, the dragon has already flown into the server room. The big takeaway is this: China-related cyber risk this week is not one dramatic smash-and-grab, but a convergence of espionage, AI abuse, and strategic messaging. The threat is patient, the tooling is evolving, and the defense has to be just as disciplined. Thanks for tuning in, listeners, and please subscribe. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

China's Data Lockdown Gets Real While Scam Centers Level Up: Your Boring But Brilliant Defense Playbook

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Ting here, and the last seven days in China cyber have been less fireworks, more trench warfare. The most concrete official development came from China’s own data-security machinery: the Cyberspace Administration of China issued its new Measures for Network Data Security Risk Assessment, which tighten how important data handlers must assess risk, report findings, and coordinate with sector regulators and public-security authorities[5]. That matters because it formalizes a more procedural, audit-heavy defense posture in China, with annual assessments for important data handlers and stricter supervision of high-risk data processing[5]. On the threat side, the headline remains the same, but the tools keep evolving. The clearest new attack-vector signal in the available reporting is not a single dramatic breach, but the continued rise of scam-center and transnational fraud infrastructure. In the United States, Judge Jeanine Pirro said at Google DC that her Scam Center Strike Force is using public-private collaboration to dismantle transnational criminal organizations, freeze illicit funds, and shut down scam operations[2]. That is a strong sign that Washington sees the China-linked fraud ecosystem as a live and organized threat, not just isolated phishing spam[2]. For China-related cyber risk, the dangerous part is the blend of technical intrusion and financial deception. The pattern now includes fraud networks that can pivot across borders, use social engineering, and exploit weak identity verification in business workflows. Separately, the broader security conversation around China still centers on state-linked collection, commercial espionage, and data aggregation, which is why the compliance shift in Beijing is so important: it shows regulators are treating data flow itself as a security perimeter, not just the server room[5]. Targeted sectors over the past week remain the usual high-value set: government, telecom, finance, and companies handling important or sensitive data, with scam and fraud operations also putting ordinary users and businesses in the blast radius[2][5]. The strongest defensive advice from the official and expert messaging is boring in the best way: review emerging threats regularly, implement strong cybersecurity controls, and keep a close eye on scam tactics targeting businesses[2]. For organizations handling China-related data, the practical response is to map where important data moves, assign a named risk owner, document assessments, and be ready to prove authenticity to regulators[5]. For listeners trying to stay protected, the playbook is straightforward. Tighten identity checks, restrict privileged access, segment sensitive data, monitor for unusual transfers, and train staff to spot business-email compromise, fake executive requests, and payment diversion schemes. If your operation touches China-linked suppliers, customers, or data flows, assume the attack surface includes legal compliance, fraud, and technical intrusion all at once[2][5]. Thanks for tuning in, subscribe for more, and this has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

PeopleSoft's Forgotten Back Door: How Chinese Hackers Are Raiding HR Data While IT Sleeps

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, I’m Ting, your slightly overcaffeinated Digital Dragon watcher, and the China cyber scene this week has been…busy. Let’s start with the big one: according to the latest F5 Labs Weekly Threat Bulletin for June 17, researchers tracked a China‑nexus intrusion set abusing Oracle PeopleSoft’s Environment Management Hub, that PSEMHUB service most admins forget exists. Attackers used it as a beachhead, dropped custom JSP webshells, then fanned out across networks using SSH credential spraying with a script literally named “_fanout.sh” tied to hard‑coded IPs like 142.11.200.186 and the domain azurenetfiles dot net. F5’s analysis notes classic “living off the land” behavior: reading config files like psappsrv dot cfg, stealing credentials, and pivoting toward databases and HR records. Target sectors here are exactly where PeopleSoft lives: US universities, healthcare networks, and state and local government ERP stacks. That means payroll, student records, and sensitive HR data are all on the potential menu if you’re behind on Oracle patching. On the government side, this kind of activity lines up squarely with what CISA, the FBI, and NSA have been warning about in their joint advisories on PRC state‑sponsored actors targeting critical infrastructure and enterprise apps. Even when there isn’t a brand‑new press conference, those standing advisories are effectively the US government saying: “We told you they’d do this, and they still are.” Now defenses, because I don’t like leaving you in doom mode. F5 Labs recommends killing the exposure at the source: disable PeopleSoft EMHub if you don’t need it, or at minimum block external access to /PSEMHUB and /PSIGW/HttpListeningConnector at your perimeter firewalls, and hunt for unexpected JSP files under PSEMHUB dot war. They also call for default‑deny egress from PeopleSoft servers, blocking SMB and SSH outbound, and enforcing strong, unique passwords plus SSH key‑based admin access. That’s very much in line with what US government guidance from CISA’s Known Exploited Vulnerabilities catalog and their secure‑by‑design initiative has been preaching. Zooming out across the week, multiple industry reports and threat‑intel feeds continue to flag a rise in China‑linked operations against the US tech sector and cloud‑adjacent services, including long‑term data theft using clever abuse of legitimate features like email forwarding rules and cloud storage links rather than noisy malware. Those campaigns are hitting SaaS providers, semiconductor firms, and AI companies—anything holding valuable IP or training data. So what should you, my loyal cyber dragons, do? Expert recommendations are converging: aggressively patch any internet‑facing enterprise apps, especially Oracle, VPNs, and SSO; segment critical business systems from general user networks; enforce phishing‑resistant MFA; and feed your SIEM with detections for unusual admin activity, webshell patterns, and odd outbound traffic from business apps that “should never talk to the internet.” That’s your Digital Dragon Watch for this week. Thanks for tuning in, and don’t forget to subscribe so you never miss a signal in the noise. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

Splunk Gets Pwned, Linux Goes Rogue, and China's Decade-Long SSH Backdoor Finally Exposed

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. I’m Ting, your Digital Dragon Watch host, and listeners, we’ve had a very busy China‑cyber week. Let’s start with the loudest alarm: the Splunk Enterprise flaw, CVE‑2026‑20253. Defend Network reports this is a critical unauthenticated remote code execution bug with a 9.8 severity score, giving attackers a near‑frictionless way to run code on unpatched Splunk servers. That’s catnip for China‑linked espionage crews who love anything that sits in the middle of logs and telemetry. Splunk has already pushed patches, and U.S. federal environments that rely on Splunk for SIEM are scrambling to harden internet‑facing instances, segment management networks, and turn on strict access controls. Right behind that, Defend Network also flags that over 400 Arch Linux AUR packages were hijacked this week to deliver a Rust infostealer and an eBPF rootkit into developer build chains. That’s textbook supply‑chain tradecraft, very much in line with historic China‑nexus campaigns that compromise devs first, enterprises later. Targets are any shop that casually pulls AUR packages into CI pipelines—so think software vendors, security tools, and anyone building from bleeding‑edge Linux. The most worrying long‑game detail is Velvet Ant. According to Defend Network, this China‑linked threat group quietly burrowed into Linux PAM and OpenSSH components for almost a decade, keeping persistent admin‑level access. That’s not smash‑and‑grab ransomware; that’s strategic positioning for espionage across governments, telcos, and cloud providers. It also explains why U.S. defenders keep finding “ghost” SSH activity that never mapped cleanly to known malware. On the crime‑plus‑espionage frontier, Google has filed a lawsuit—highlighted in Google’s own public communications and amplified on Instagram—against a China‑based phishing‑as‑a‑service network. The service, known as the Greatness‑style platform in earlier reporting, is accused of weaponizing AI, including Google’s Gemini, to generate convincing smishing lures against U.S. users. That lines up with the broader U.S. government push, including FBI outreach, to clamp down on infrastructure that industrializes credential theft. So what should you actually do about all this? Experts at Defend Network and U.S. government cyber advisors converge on a few points: patch Splunk immediately; audit any systems that built AUR packages recently and assume credentials are burned; rotate all SSH keys; and deeply inspect PAM and OpenSSH binaries for tampering. For executive and political targets, move social and email accounts to hardware security keys and lock down recovery flows to prevent AI‑turbocharged phishing from escalating into full account takeover. I’m Ting, and that’s your Digital Dragon Watch for this week. Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next alert. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta