August 24, 2025 • 4 mins
This is your Tech Shield: US vs China Updates podcast.
Listeners, it’s Ting here with your Tech Shield update, and whoa, this week in the U.S. cyber trenches has been pure adrenaline. Now, throw out any fantasies about lazy August: this one’s been a non-stop cyber chess match with Beijing. Let’s dive right into the cat-and-mouse, because waiting to patch gets you bitten!
The Department of Homeland Security, spurred by fresh advisories from CISA, rolled out two aggressive new cybersecurity initiatives aimed squarely at the threat landscape from advanced Chinese actors. Among the week's big reveals: a brand new mandatory vulnerability reporting protocol for federal agencies, with rapid 72-hour patch deadlines—finally, some SLA teeth! The focus is squarely on shoring up legacy communication infrastructure, especially after last year’s Chinese breach of U.S. court wiretap systems—yes, Salt Typhoon is still sending shockwaves through intelligence committees, with folks like Rick Crawford and Tulsi Gabbard calling for full reviews of any intelligence-sharing with European partners cozying up to Huawei hardware.
Over in the private sector, Michael Kratsios from the White House Office of Science and Technology Policy sent an unequivocal message to U.S. tech: align with the “U.S. AI technology stack” or risk letting China’s DeepSeek eat your lunch. That’s not just saber-rattling. DeepSeek, the new Chinese open-source rival to GPT-5, is optimized for Chinese chips and intentionally priced to undercut OpenAI. U.S. agencies are quietly tracking AI chip exports—and the private sector is finally, belatedly, getting serious about securing supply chains and source code.
Now, this week’s Microsoft patch (KB5063709) arrived—and, classic, it nuked reset and recovery tools on thousands of Windows devices. If you heard a groan from IT teams coast-to-coast, that was it. But cybercriminals don’t hit pause: threat actors have unleashed new malware, like PipeMagic, disguised as ChatGPT—leveraging zero-days and sidestepping Microsoft Defender. Even more alarming, botnets bred in Chinese threat actor labs, like Gayfemboy, jumped on fresh device vulnerabilities, from DrayTek routers to Realtek modules. FortiGuard Labs notes how operators this year evolved tactics to bypass DNS filtering and used time-based sandbox evasion. Scary stuff, and a nightmare for enterprise defenders still fighting on fragmented, hasty-patched networks.
Industry’s response? Some impressive moves: Google’s Threat Analysis Group cranked up attack surface reduction, and AWS rolled out default Zero Trust segmentation on cloud accounts most at risk from foreign infiltration. CISO circles buzzed about AI-powered threat intelligence tools and behavioral anomaly detection—these promise real-time pinning of malicious pivots, but the gap between marketing and deployed protection, especially in smaller entities, remains enormous.
Here’s the expert angle: We’re getting better, but, honestly, this is more Red Queen’s Race than Mission Accomplished. We’re seeing historic investments and smarter playbooks, but the pace of new zero-days and China’s state-supported innovation still outstrips American patch cycles and information sharing. According to Palo Alto’s retiring Nir Zuk, “You can’t win with patch-and-pray.” He’s right. We need not just faster patching, but also a deeper culture of cyber resilience, relentless red-teaming, and a modernized digital identity backbone.
Thanks for tuning in—don’t forget to subscribe for more unfiltered Tech Shield analysis from Ting. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Listeners, it’s Ting here with your Tech Shield update, and whoa, this week in the U.S. cyber trenches has been pure adrenaline. Now, throw out any fantasies about lazy August: this one’s been a non-stop cyber chess match with Beijing. Let’s dive right into the cat-and-mouse, because waiting to patch gets you bitten!
The Department of Homeland Security, spurred by fresh advisories from CISA, rolled out two aggressive new cybersecurity initiatives aimed squarely at the threat landscape from advanced Chinese actors. Among the week's big reveals: a brand new mandatory vulnerability reporting protocol for federal agencies, with rapid 72-hour patch deadlines—finally, some SLA teeth! The focus is squarely on shoring up legacy communication infrastructure, especially after last year’s Chinese breach of U.S. court wiretap systems—yes, Salt Typhoon is still sending shockwaves through intelligence committees, with folks like Rick Crawford and Tulsi Gabbard calling for full reviews of any intelligence-sharing with European partners cozying up to Huawei hardware.
Over in the private sector, Michael Kratsios from the White House Office of Science and Technology Policy sent an unequivocal message to U.S. tech: align with the “U.S. AI technology stack” or risk letting China’s DeepSeek eat your lunch. That’s not just saber-rattling. DeepSeek, the new Chinese open-source rival to GPT-5, is optimized for Chinese chips and intentionally priced to undercut OpenAI. U.S. agencies are quietly tracking AI chip exports—and the private sector is finally, belatedly, getting serious about securing supply chains and source code.
Now, this week’s Microsoft patch (KB5063709) arrived—and, classic, it nuked reset and recovery tools on thousands of Windows devices. If you heard a groan from IT teams coast-to-coast, that was it. But cybercriminals don’t hit pause: threat actors have unleashed new malware, like PipeMagic, disguised as ChatGPT—leveraging zero-days and sidestepping Microsoft Defender. Even more alarming, botnets bred in Chinese threat actor labs, like Gayfemboy, jumped on fresh device vulnerabilities, from DrayTek routers to Realtek modules. FortiGuard Labs notes how operators this year evolved tactics to bypass DNS filtering and used time-based sandbox evasion. Scary stuff, and a nightmare for enterprise defenders still fighting on fragmented, hasty-patched networks.
Industry’s response? Some impressive moves: Google’s Threat Analysis Group cranked up attack surface reduction, and AWS rolled out default Zero Trust segmentation on cloud accounts most at risk from foreign infiltration. CISO circles buzzed about AI-powered threat intelligence tools and behavioral anomaly detection—these promise real-time pinning of malicious pivots, but the gap between marketing and deployed protection, especially in smaller entities, remains enormous.
Here’s the expert angle: We’re getting better, but, honestly, this is more Red Queen’s Race than Mission Accomplished. We’re seeing historic investments and smarter playbooks, but the pace of new zero-days and China’s state-supported innovation still outstrips American patch cycles and information sharing. According to Palo Alto’s retiring Nir Zuk, “You can’t win with patch-and-pray.” He’s right. We need not just faster patching, but also a deeper culture of cyber resilience, relentless red-teaming, and a modernized digital identity backbone.
Thanks for tuning in—don’t forget to subscribe for more unfiltered Tech Shield analysis from Ting. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Listeners, it's ting here with your tech shield update and whoa.
This week in the US cyber trenches has been pure adrenaline.
Now throw out any fantasies about lazy August. This one's
been a non stop cyber chess match with Beijing. Let's
dive right into the cat and mouse, because waiting to
patch gets you bitten. The Department of Homeland Security, spurred
(00:24):
by fresh advisories from CESA, rolled out two aggressive new
cybersecurity initiatives aim squarely at the threat landscape from advanced
Chinese actors. Among the week's big reveals a brand new
mandatory vulnerability reporting protocol for federal agencies with rapid seventy
two hour patch deadlines. Finally, some slat. The focus is
(00:47):
squarely on shoring out legacy communication infrastructure, especially after last
year's Chinese breach of US court wire tap systems. Yes,
salt Typhoon is still sending shock waves through AN intelligence committees,
with folks like Rick Crawford and Toulsy Gabbard calling for
full reviews of any intelligence sharing with European partners cozying
(01:09):
up to Huawei hardware Over in the private sector, Michael
Kratzius from the White House Office of Science and Technology
Policy sent an unequivocal message to US tech align with
the US AI technology stack or risk letting China's deep
Seek eat your lunch. That's not just saber rattling deep Seek,
(01:31):
The new Chinese open source rival to GPT five is
optimized for Chinese chips and intentionally priced to undercut open AI.
US agencies are quietly tracking AI chip exports, and the
private sector is finally relatedly getting serious about securing supply
chains and source code now. This week's Microsoft patch KB
(01:54):
five zero six, three seven zero nine arrived and classic
mute reset and recovery tools on thousands of Windows devices.
If you heard a groan from it teams coast to coast,
that was it. But cybercriminals don't hit pause. Threat actors
have unleashed new malware like pipe Magic disguised as chat GPT,
(02:18):
leveraging zero day and sidestepping Microsoft Defender. I think I
wanted to run any more and fine even more alarming
botnet's bred in Chinese threat actor labs like gay Fenboy
jumped on fresh device vulnerabilities from dray tech routers to
real tech modules. Forty Guard labs notes how operators this
(02:41):
year evolved tactics to bypass DNS filtering and used time
based sandbox evasion. Scary stuff and a nightmare for enterprise
defenders still fighting on fragmented, hasty patched networks. Industries response
some impressive moves. Google's Threat analysis group cranked up attack
(03:02):
surface reduction and AWS rolled out default zero trust segmentation
on cloud accounts most at risk from foreign infiltration SISSO
circles buzzed about AI powered threat intelligence tools and behavioral
anomaly detection. These promise real time pinning of malicious pidots,
(03:22):
but the gap between marketing and deployed protection, especially in
smaller entities, remains enormous. Here's the expert angle. We're getting better,
but honestly this is more red Queen's race than mission accomplished.
We seeing historic investments and smarter playbooks, but the pace
of new zero days and China's state supported innovation still
(03:46):
outstrips American patch cycles and information sharing. According to Palo
Alto's retiring near Zuk, you can't win with patch and prey.
He's right. We need not just faster patching, but also
a deeper culture cyber resilience. Relentless red teeming, and a
modernized digital identity backbone. Thanks for tuning in, don't forget
(04:08):
to subscribe for more unfeltered tex shield analysis from Ting.
This has been a quiet please production. For more check
out Quiet Please dot ai
Listeners, it's ting here with your tech shield update and whoa.
This week in the US cyber trenches has been pure adrenaline.
Now throw out any fantasies about lazy August. This one's
been a non stop cyber chess match with Beijing. Let's
dive right into the cat and mouse, because waiting to
patch gets you bitten. The Department of Homeland Security, spurred
(00:24):
by fresh advisories from CESA, rolled out two aggressive new
cybersecurity initiatives aim squarely at the threat landscape from advanced
Chinese actors. Among the week's big reveals a brand new
mandatory vulnerability reporting protocol for federal agencies with rapid seventy
two hour patch deadlines. Finally, some slat. The focus is
(00:47):
squarely on shoring out legacy communication infrastructure, especially after last
year's Chinese breach of US court wire tap systems. Yes,
salt Typhoon is still sending shock waves through AN intelligence committees,
with folks like Rick Crawford and Toulsy Gabbard calling for
full reviews of any intelligence sharing with European partners cozying
(01:09):
up to Huawei hardware Over in the private sector, Michael
Kratzius from the White House Office of Science and Technology
Policy sent an unequivocal message to US tech align with
the US AI technology stack or risk letting China's deep
Seek eat your lunch. That's not just saber rattling deep Seek,
(01:31):
The new Chinese open source rival to GPT five is
optimized for Chinese chips and intentionally priced to undercut open AI.
US agencies are quietly tracking AI chip exports, and the
private sector is finally relatedly getting serious about securing supply
chains and source code now. This week's Microsoft patch KB
(01:54):
five zero six, three seven zero nine arrived and classic
mute reset and recovery tools on thousands of Windows devices.
If you heard a groan from it teams coast to coast,
that was it. But cybercriminals don't hit pause. Threat actors
have unleashed new malware like pipe Magic disguised as chat GPT,
(02:18):
leveraging zero day and sidestepping Microsoft Defender. I think I
wanted to run any more and fine even more alarming
botnet's bred in Chinese threat actor labs like gay Fenboy
jumped on fresh device vulnerabilities from dray tech routers to
real tech modules. Forty Guard labs notes how operators this
(02:41):
year evolved tactics to bypass DNS filtering and used time
based sandbox evasion. Scary stuff and a nightmare for enterprise
defenders still fighting on fragmented, hasty patched networks. Industries response
some impressive moves. Google's Threat analysis group cranked up attack
(03:02):
surface reduction and AWS rolled out default zero trust segmentation
on cloud accounts most at risk from foreign infiltration SISSO
circles buzzed about AI powered threat intelligence tools and behavioral
anomaly detection. These promise real time pinning of malicious pidots,
(03:22):
but the gap between marketing and deployed protection, especially in
smaller entities, remains enormous. Here's the expert angle. We're getting better,
but honestly this is more red Queen's race than mission accomplished.
We seeing historic investments and smarter playbooks, but the pace
of new zero days and China's state supported innovation still
(03:46):
outstrips American patch cycles and information sharing. According to Palo
Alto's retiring near Zuk, you can't win with patch and prey.
He's right. We need not just faster patching, but also
a deeper culture cyber resilience. Relentless red teeming, and a
modernized digital identity backbone. Thanks for tuning in, don't forget
(04:08):
to subscribe for more unfeltered tex shield analysis from Ting.
This has been a quiet please production. For more check
out Quiet Please dot ai
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.