Dragons Pick Locks While We Fight Over Keys: Chinese Hackers Feast on Ivanti Dell and BeyondTrust Flaws episode artwork

EPISODE · Feb 23, 2026 · 4 MIN

Dragons Pick Locks While We Fight Over Keys: Chinese Hackers Feast on Ivanti Dell and BeyondTrust Flaws

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest chaos from the past seven days ending February 23, 2026. Buckle up—China-linked hackers are flexing hard, exploiting old wounds and new flaws like it's a cyber buffet. First off, TechCrunch dropped a bombshell today: back in February 2021, Chinese hackers snuck a secret backdoor into Pulse Secure's VPN software—now under Ivanti—compromising 119 organizations, including U.S. and European military contractors. Mandiant spotted it early, but private equity cuts at Ivanti post-2017 Clearlake acquisition gutted security know-how, leaving doors wide open. Fast-forward, CISA forced federal agencies to yank Ivanti VPNs in early 2024 over zero-days, and last year another Connect Secure flaw got pwned. Sectors hit? Defense, government, you name it—classic supply chain sabotage. Not done yet: CISA's emergency directive this week mandates patching Dell RecoverPoint's CVE-2026-22769, a hardcoded credential mess exploited since mid-2024 by suspected Chinese actors dropping Grimbolt backdoors in VMware backups. Critical infrastructure's sweating bullets. Then there's BeyondTrust's CVE-2026-1731, a 9.9 CVSS remote code exec flaw patched February 6. Palo Alto Networks Unit 42 reports active abuse—web shells like China Chopper echoes, SparkRAT, VShell droppers—for data theft and ransomware across finance, healthcare, government in the U.S., France, Germany, Australia, Canada. Hacktron AI flagged 11,000 exposed instances; GreyNoise saw scans post-PoC. Targeted sectors? Healthcare got hammered—University of Mississippi Medical Center ransomware shut clinics statewide, FBI's on it. Hospitality too, with ShinyHunters hitting Wynn Resorts for $1.5M ransom. New vectors? Stealthy persistence via config stomping, API chaining, and deep infra compromises like virtualization layers, per a fresh study on AI-driven attacks breaching in 72 minutes. Chinese state actors love that long-game lurking. U.S. responses? CISA's patching frenzies and KEV updates scream urgency. No big diplomatic blasts this week, but it's echoing warnings like ex-NSA chief Mike Rogers on Chinese solar inverters phoning home past firewalls. Expert recs from Unit 42 and CISA: Patch now—Ivanti, Dell, BeyondTrust, Honeywell CCTV's auth bypass. Enforce MFA everywhere, hunt weak creds on firewalls like Fortinet's 600+ breaches (though that was Russian AI, lesson sticks). Segment networks, monitor for VShell or Grimbolt IOCs, and diversify threat intel despite China's January ban on Palo Alto, CrowdStrike—don't let geopolitics blind you. Witty wrap: Dragons aren't breathing fire; they're picking locks while we bicker over keys. Stay vigilant, listeners—patch like your data depends on it. Thanks for tuning in—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai. F This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest chaos from the past seven days ending February 23, 2026. Buckle up—China-linked hackers are flexing hard, exploiting old wounds and new flaws like it's a cyber buffet. First off, TechCrunch dropped a bombshell today: back in February 2021, Chinese hackers snuck a secret backdoor into Pulse Secure's VPN software—now under Ivanti—compromising 119 organizations, including U.S. and European military contractors. Mandiant spotted it early, but private equity cuts at Ivanti post-2017 Clearlake acquisition gutted security know-how, leaving doors wide open. Fast-forward, CISA forced federal agencies to yank Ivanti VPNs in early 2024 over zero-days, and last year another Connect Secure flaw got pwned. Sectors hit? Defense, government, you name it—classic supply chain sabotage. Not done yet: CISA's emergency directive this week mandates patching Dell RecoverPoint's CVE-2026-22769, a hardcoded credential mess exploited since mid-2024 by suspected Chinese actors dropping Grimbolt backdoors in VMware backups. Critical infrastructure's sweating bullets. Then there's BeyondTrust's CVE-2026-1731, a 9.9 CVSS remote code exec flaw patched February 6. Palo Alto Networks Unit 42 reports active abuse—web shells like China Chopper echoes, SparkRAT, VShell droppers—for data theft and ransomware across finance, healthcare, government in the U.S., France, Germany, Australia, Canada. Hacktron AI flagged 11,000 exposed instances; GreyNoise saw scans post-PoC. Targeted sectors? Healthcare got hammered—University of Mississippi Medical Center ransomware shut clinics statewide, FBI's on it. Hospitality too, with ShinyHunters hitting Wynn Resorts for $1.5M ransom. New vectors? Stealthy persistence via config stomping, API chaining, and deep infra compromises like virtualization layers, per a fresh study on AI-driven attacks breaching in 72 minutes. Chinese state actors love that long-game lurking. U.S. responses? CISA's patching frenzies and KEV updates scream urgency. No big diplomatic blasts this week, but it's echoing warnings like ex-NSA chief Mike Rogers on Chinese solar inverters phoning home past firewalls. Expert recs from Unit 42 and CISA: Patch now—Ivanti, Dell, BeyondTrust, Honeywell CCTV's auth bypass. Enforce MFA everywhere, hunt weak creds on firewalls like Fortinet's 600+ breaches (though that was Russian AI, lesson sticks). Segment networks, monitor for VShell or Grimbolt IOCs, and diversify threat intel despite China's January ban on Palo Alto, CrowdStrike—don't let geopolitics blind you. Witty wrap: Dragons aren't breathing fire; they're picking locks while we bicker over keys. Stay vigilant, listeners—patch like your data depends on it. Thanks for tuning in—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai. F This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

Dragons Pick Locks While We Fight Over Keys: Chinese Hackers Feast on Ivanti Dell and BeyondTrust Flaws

0:00 4:28

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 4 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on February 23, 2026.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest chaos from the past seven days ending February 23, 2026. Buckle...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!