Nvidia's AI Chips, Diplomat's Email, & a Hacker Nabbed in Italy: Juicy Cyber Goss!

This is your Digital Frontline: Daily China Cyber Intel podcast.

Hey listeners, Ting here on Digital Frontline—your daily cyber intel fix, where we chase Chinese hackers faster than they chase zero-days! No time for pleasantries—let’s get straight to the cyber action lighting up American interests as of Sunday, July 13, 2025.

First, calling all defense contractors: if you thought your network was safe after last quarter’s patch cycle, think again. IBM’s X-Force has flagged a noticeable uptick—about 1%—in China-linked cyberattacks since January, with a barrage continuing through this weekend. Targeted sectors? Defense, aerospace, and supply chain vendors, with proprietary designs and sensitive logistics data in the crosshairs. The techniques: a combo platter of spear-phishing, credential stuffing, and good ol’ supply chain pivots. If you’re working on classified projects, treat every attachment and login attempt as weaponized, because chances are good, at least one is.

Now, on the law enforcement front, cue the Mission Impossible theme: Italian authorities, following FBI leads, nabbed Zewei Xu, a 33-year-old alleged member of China’s Silk Typhoon (aka Hafnium) group. Xu’s resume includes hacking thousands of American email accounts and pilfering COVID-19 vaccine research at the University of Texas. The feds are pushing hard for extradition, and this bust is a power move—proof that international borders mean nothing if you’re on an Interpol watch list and the FBI has you on speed dial.

Not to be outdone, Chinese hackers reportedly breached one of Washington DC’s most influential law firms—yes, a firm that regularly reviews foreign investments for national security. According to sources close to CNN, they might have gotten access to deal information with deep national security implications. If your firm handles CFIUS reviews or defense contracts, now’s the time to triple-check endpoint security and client correspondence protocols.

Switching to tech industry chess games, Senator Jim Banks and Senator Elizabeth Warren just fired off a pointed letter to Nvidia CEO Jensen Huang this Friday, warning him about his China business trip. Their worry: Nvidia’s AI chips could get into the hands of Chinese companies with military or intel ties, possibly powering advanced AI models to rival—or sabotage—U.S. capabilities. They even singled out DeepSeek, accused of chip smuggling and keeping secret stashes of U.S. silicon. Message: If you’re in the semiconductor supply chain, watch for new export control advisories this week and expect more licensing hurdles.

Let’s slam on the brakes for a minute and talk vulnerabilities: Microsoft patched a whopping 137 bugs, including a nasty SPNEGO flaw affecting Windows authentication. SAP also issued 27 security notes, one maxing out at CVSS 10.0—meaning, drop what you’re doing and patch. Meanwhile, more than two million people fell victim to malicious browser extensions masquerading as free VPNs and utility add-ons. Businesses: lock down software installation privileges, and train staff to recognize the telltale signs of a bad extension before it sinks your ship.

Finally, on the compliance and strategy front, the recent Secret Service debacle and sweeping critical infrastructure guidelines have forced new reporting models. Boardrooms are getting cyber-literate, merging IT and OT security for streamlined oversight. That means your board might soon want tabletop exercises on cyberattack response—and if they don’t, it’s your job to demand it.

Recommendations for businesses and orgs: mandate multifactor authentication, update those endpoint and browser policies, practice your worst-case drills, and for the love of all things encrypted—stop using the same password everywhere.

That’s your July 13th frontline briefing. I’m Ting, reminding you: stay nosy, stay patched, and question everything that pings after...