Noodlophiles Phish, Ghost-Taps Swipe, and SAP Gets Pwned: China Hacks the US Biz

This is your China Hack Report: Daily US Tech Defense podcast.

Hey, it’s Ting, back with your essential China Hack Report: Daily US Tech Defense. If your SOC is buzzing louder than cicadas in August, you’ll want to pay close attention—this week has been a cyber roller coaster, and today we have some particularly spicy headlines from the US–China cyber front.

The last 24 hours saw some brazen moves by Chinese-speaking threat groups, especially with their use of ghost-tapping NFC relay fraud. According to reports from GBHackers and Cyware Social, these threat actors are selling burner phones preloaded with stolen payment card data and flashy custom software, making it dangerously easy to execute fraudulent Apple Pay and Google Pay transactions. The targets? US financial institutions and payment processors are getting clocked, and some retail chains are reporting spike anomalies in mobile wallet fraud. If you’re in FinTech or run a payment backend, you’re on the front line. Patch your mobile platforms, monitor anomalous NFC requests, and instruct staff to look for traces of ghost-tapping—think repeating payment attempts in rapid succession.

Meanwhile, the SAP NetWeaver AS Visual Composer vulnerability—CVE-2025-31324—has gone from scary to DEFCON 1. According to Infosecurity Magazine, exploit code is now public, and ransomware groups with a China connection aren’t wasting any time. Unpatched US organizations in manufacturing, logistics, and even some hospital chains are seeing signs of data exfiltration and lateral movement. US CISA formally added this flaw to the Known Exploited Vulnerabilities catalog and issued an urgent advisory to patch immediately. The score? 10 out of 10 severity, so if your SAP patch cycle is stuck waiting for ‘change control,’ it’s time to become friends with after-hours maintenance.

Not to be outdone, those notorious Noodlophile Stealer actors have been targeting key US employees with weaponized copyright notices—the emails look legit, but one phishy click and your Facebook-connected enterprise is toast. Some campaigns use AI-crafted lures in multiple languages, so even your polyglot intern isn’t safe. Cyware Social and GBHackers stress this is a rapidly evolving threat, and if your org has a major Facebook presence, initiate a high-priority phishing simulation, update blocklists, and reinforce incident response playbooks.

Oh, and Cisco’s Safe Links platform saw abuse through its trusted domain, compromising credentials and giving threat actors a foothold into US cloud workloads—yes, this is as bad as it sounds if you trusted that “secure” green badge. Cisco recommends promptly enabling two-factor on all accounts and reviewing admin access logs for anything out of the ordinary.

Emergency patches are everywhere: Fortinet pushed a critical update for FortiSIEM, and Citrix NetScaler is battling a zero-day—both seeing active exploitation in the wild. Unpatched N-able N-central servers (around 800 of them, mostly servicing US managed IT providers) remain juicy targets for China-linked exploit hunters.

Anne Neuberger at the Hoover Institution warns that our critical infrastructure—from water to hospitals—remains the soft underbelly of US cyber defense, and she puts the blame squarely on lagging domestic readiness. Her call: build up offensive capabilities and, in the meantime, patch like your revenue depends on it.

Thanks for tuning in to another wild ride—remember, in cyberspace, it pays to stay a step ahead or you’ll get ghost-tapped before you even see it coming. Subscribe for daily breakdowns, and keep your firewalls witty.

This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals