This is your Red Alert: China's Daily Cyber Moves podcast.

I'm Ting—cyber threat watcher, China whisperer, and your digital canary in the coal mine. Straight to it, listeners: the last seventy-two hours have been a blur of keyboards clacking from Guangdong to D.C. The headline? China’s cyber campaigns have dropped subtlety for brute force, poking holes in the U.S. digital armor that keep policymakers and power grids humming.

Friday kicked off with a bang when the Congressional Budget Office, yes, the agency that quietly powers every U.S. spending debate, revealed a breach traced to their ancient Cisco ASA firewall. Multiple sources, including TechCrunch and Federal News Network, confirmed Chinese state-sponsored APTs fingered every soft spot left by unpatched 2024 and 2025 Cisco vulnerabilities. Post-breach, the firewall went dark—classic containment move. Kevin Beaumont, a well-known independent researcher, flagged the weak firewall on Bluesky last month, suggesting the hack may have started back when the CBO was slow-rolling its patch cycle. The real danger? Hackers accessed the chat logs and messages between Congress and policy analysts, potentially giving Beijing a view into pending legislative and economic strategies.

Here’s where the plot thickens: Senate security chiefs quickly warned congressional teams about the heightened risk of incoming spear-phishing, since the attackers could whip up convincing emails using authentic congressional comms. The CBO scrambled to new controls, and the House Budget and Homeland Security Committees got involved—but no one’s confirming exactly what got stolen. Attribution? All arrows point to Chinese APTs, but there’s no public technical proof yet, just the usual nation-state patterns and Congressional finger-pointing.

This isn’t a solo episode for China—meet Salt Typhoon, the state-sponsored group flagged by international intelligence back in July and now officially labeled a national security crisis by the U.S. CISA. Salt Typhoon hit hundreds of companies, drilled through U.S. telecoms like AT&T, T-Mobile, and Verizon in a 2024 blitz, and forced the feds to broadcast emergency mitigation steps: hunt for malicious artifacts, rotate keys, and watch for weird SharePoint POST requests. FBI’s Brett Leatherman couldn’t have put it plainer: China’s hunting for private communications, and the public needs to get its patch game together, fast.

Not to be outdone, July’s Microsoft SharePoint hack reeled in over 400 confirmed organizations, including the National Nuclear Security Administration, when three Chinese groups—Linen Typhoon, Violet Typhoon, and Storm-2603—exploited zero-days just as Microsoft briefed global security partners. The breach started the same day as final notifications to China-based partners. Microsoft responded by kicking Chinese firms out of the advanced vulnerability alert club, stripping them of early security details and proof-of-concept code. The fallout? Proof that international cyber collaboration, without geo-risk controls, is a fire hazard in a dynamite factory.

CISA, as of today, is still firing off urgent alerts about five actively exploited vulnerabilities, urging all critical U.S. infrastructure and government agencies to patch Microsoft, Cisco, and Oracle systems—immediately. The DHS is waving red flags: network defenders should assume compromise and go hunting for subtle signs of persistence by nation-state actors.

Escalation scenarios? If these harvested policy insights or comms logs surface in strategic leaks, or if ransomware pivots to infrastructure disruption, we’re talking DEFCON-level shivers across federal and private sectors. Defensive priorities now: isolate any system stuck on last year’s patch, implement multi-factor authentication, and hound every anomalous login with forensic scrutiny.

That’s your red alert rundown—with Chinese cyber activity against the...