Risky Bulletin: YouTubers Unmask and Help Dismantle Chinese Scam Ring

Podcast: Risky Bulletin (Risky.biz)
Date: September 3, 2025
Host: Claire Aird (prepared by Catalin Cimpanu)

Overview

This episode of Risky Bulletin delivers concise, up-to-date cybersecurity news highlights, with a special focus on a major bust of a Chinese-operated fraud ring—thanks in part to the investigative work of prominent YouTube scam-baiting channels. Additional stories cover breaches at high-profile security firms, a ransomware attack on Jaguar Land Rover, new international cyber-defense initiatives, and notable vulnerabilities and hacks.

Key Stories and Insights

1. YouTubers Unmask and Help Dismantle Chinese Scam Operation

[00:05–01:15]

Two YouTube channels, Scammer Payback and Trilogy Media, were instrumental in collecting evidence that led to the dismantling of a Chinese fraud ring operating in the US.
U.S. authorities charged 28 suspects and arrested 25 in coordinated raids across California, New York, Texas, and Michigan.
The suspects, including Chinese citizens residing illegally in the US, were accused of stealing over $65 million, much from retired Americans.
Schemes operated via call centers in India and China, funneling victim funds through a network of money mules.
Quote:
- "Videos recorded by the YouTube channel Scammer Payback and Trilogy Media played a key role in identifying the group's members." [00:37]
Impact: Demonstrates real-world influence of citizen-driven cybercrime investigations and the growing synergy between online content creators and law enforcement.

2. Salesloft Breach Ripple Effects

[01:15–01:52]

More fallout from last month’s Salesloft hack as major security and SaaS firms alert customers their data may have been accessed.
Impacted organizations include Cloudflare, Tenable, Zscaler, Palo Alto Networks, SpyCloud, Tanium, PagerDuty, Exclaimer, and Cloudinary.
Attackers used stolen authentication tokens for SalesLoft's Drift AI system to laterally access data across platforms.
Quote:
- "The attackers then accessed customer data and attempted to identify even more authentication tokens to continue moving between cloud systems." [01:38]
Takeaway: Highlights supply-chain risk where breaches in one SaaS provider can cascade into many prominent tech companies.

3. Ransomware Halts Jaguar Land Rover Production

[01:52–02:07]

A ransomware attack has disrupted vehicle production at Jaguar Land Rover in the UK; retail activities also affected.
No group has yet claimed responsibility.
Trend: Ongoing rise in ransomware targeting critical manufacturing operations.

4. New Joint Cyber Hunt Kit by US, Australia, and New Zealand

[02:08–02:28]

The nations have tested a new, portable Joint Cyber Hunt kit: a toolkit + nine-person team designed for rapid deployment to analyze network intrusions.
US will acquire the first systems later in 2025.
Takeaway: Growing international collaboration for agile defensive response in cybersecurity.

5. US Homeland Security Re-Activates Contract with Paragon Solutions

[02:29–02:55]

US re-engages Israeli surveillance vendor Paragon Solutions after last year’s contract pause, allocating $2 million.
Paragon will supply hacking tools for the Homeland Security Investigations cyber division.
Marks continuation of controversial government-private surveillance partnerships.

6. Cloudflare Mitigates Largest Ever DDoS Attack

[02:56–03:10]

Cloudflare stopped a record 11.5 Tbps DDoS attack, sourced largely from Google Cloud infrastructure.
Lasted just 35 seconds, but was over 50% larger than the previous record attack.
Quote:
- "Cloudflare says most of the traffic came from Google Cloud and lasted only 35 seconds." [03:07]

7. TP-Link Router Vulnerability Remains Unpatched

[03:11–03:31]

Chinese networking device firm TP-Link has failed to patch a serious TR069 protocol flaw in its routers for over a year.
Bug allows attackers to remotely commandeer routers at customer premises.
Timeline: Reported to TP-Link in May 2024; still no patch as of this episode.

8. Copeland Industrial Cooling Vulnerabilities

[03:32–03:53]

Copeland, a US manufacturer of industrial cooling, has patched 10 vulnerabilities in its HVAC/refrigeration units.
Two critical bugs enabled remote control via predictable passwords—potentially allowing sabotage of refrigeration or disabling emergency systems.
Vulnerabilities discovered by security firm Armis.

9. $8.4 Million Crypto Theft at Bunny DEX

[03:54–04:10]

Hackers exploited Ethereum smart contract vulnerabilities to steal $8.4M from decentralized crypto exchange Bunny.
Firm has paused all transactions while investigating the breach.

Notable Quotes

Claire Aird (on YouTubers' impact):
"Videos recorded by the YouTube channel Scammer Payback and Trilogy Media played a key role in identifying the group's members." [00:37]
Claire Aird (on token spillover risks):
"The attackers then accessed customer data and attempted to identify even more authentication tokens to continue moving between cloud systems." [01:38]
Claire Aird (on DDoS scale):
"Cloudflare says most of the traffic came from Google Cloud and lasted only 35 seconds." [03:07]

Timeline Index

| Segment | Headline/Event | Timestamp | |--------------------------|------------------------------------------------------|----------------| | Chinese Scam Ring Bust | YouTubers aid US fraud investigation | 00:05–01:15 | | Salesloft Breach Fallout | Major companies notify customers post-breach | 01:15–01:52 | | Jaguar Land Rover Attack | Ransomware disrupts UK vehicle production | 01:52–02:07 | | Joint Cyber Hunt Kit | International rapid response kit tested | 02:08–02:28 | | Paragon Solutions Deal | DHS reactivates Israeli surveillance contract | 02:29–02:55 | | Cloudflare DDoS Attack | Record 11.5 Tbps attack mitigated | 02:56–03:10 | | TP-Link Router Bug | Unpatched critical flaw for over a year | 03:11–03:31 | | Copeland Cooling Bugs | Industrial refrigeration systems patched | 03:32–03:53 | | Bunny Crypto Hack | $8.4M stolen from decentralized exchange | 03:54–04:10 |

Episode Highlights

Citizen investigations and social media vigilance are having a growing impact on real-world cybercrime.
Supply-chain attacks remain a major threat—even to security vendors.
Ransomware continues to disrupt major industrial and consumer brands.
Cyber defense partnerships and portable response tools are expanding internationally.
Persistent vulnerabilities in common hardware (like routers) and critical infrastructure pose ongoing risk.
The velocity and scale of DDoS attacks continue to set new records.
Crypto exchanges remain high-profile, high-value hacking targets—with millions at stake.

For more in-depth cybersecurity updates, tune in regularly to Risky Bulletin.

Risky Bulletin: YouTubers Unmask and Help Dismantle Chinese Scam Ring

Podcast: Risky Bulletin (Risky.biz)
Date: September 3, 2025
Host: Claire Aird (prepared by Catalin Cimpanu)

Overview

Key Stories and Insights

1. YouTubers Unmask and Help Dismantle Chinese Scam Operation

[00:05–01:15]

Two YouTube channels, Scammer Payback and Trilogy Media, were instrumental in collecting evidence that led to the dismantling of a Chinese fraud ring operating in the US.
U.S. authorities charged 28 suspects and arrested 25 in coordinated raids across California, New York, Texas, and Michigan.
The suspects, including Chinese citizens residing illegally in the US, were accused of stealing over $65 million, much from retired Americans.
Schemes operated via call centers in India and China, funneling victim funds through a network of money mules.
Quote:
- "Videos recorded by the YouTube channel Scammer Payback and Trilogy Media played a key role in identifying the group's members." [00:37]
Impact: Demonstrates real-world influence of citizen-driven cybercrime investigations and the growing synergy between online content creators and law enforcement.

2. Salesloft Breach Ripple Effects

[01:15–01:52]

More fallout from last month’s Salesloft hack as major security and SaaS firms alert customers their data may have been accessed.
Impacted organizations include Cloudflare, Tenable, Zscaler, Palo Alto Networks, SpyCloud, Tanium, PagerDuty, Exclaimer, and Cloudinary.
Attackers used stolen authentication tokens for SalesLoft's Drift AI system to laterally access data across platforms.
Quote:
- "The attackers then accessed customer data and attempted to identify even more authentication tokens to continue moving between cloud systems." [01:38]
Takeaway: Highlights supply-chain risk where breaches in one SaaS provider can cascade into many prominent tech companies.

3. Ransomware Halts Jaguar Land Rover Production

[01:52–02:07]

A ransomware attack has disrupted vehicle production at Jaguar Land Rover in the UK; retail activities also affected.
No group has yet claimed responsibility.
Trend: Ongoing rise in ransomware targeting critical manufacturing operations.

4. New Joint Cyber Hunt Kit by US, Australia, and New Zealand

[02:08–02:28]

The nations have tested a new, portable Joint Cyber Hunt kit: a toolkit + nine-person team designed for rapid deployment to analyze network intrusions.
US will acquire the first systems later in 2025.
Takeaway: Growing international collaboration for agile defensive response in cybersecurity.

5. US Homeland Security Re-Activates Contract with Paragon Solutions

[02:29–02:55]

US re-engages Israeli surveillance vendor Paragon Solutions after last year’s contract pause, allocating $2 million.
Paragon will supply hacking tools for the Homeland Security Investigations cyber division.
Marks continuation of controversial government-private surveillance partnerships.

6. Cloudflare Mitigates Largest Ever DDoS Attack

[02:56–03:10]

Cloudflare stopped a record 11.5 Tbps DDoS attack, sourced largely from Google Cloud infrastructure.
Lasted just 35 seconds, but was over 50% larger than the previous record attack.
Quote:
- "Cloudflare says most of the traffic came from Google Cloud and lasted only 35 seconds." [03:07]

7. TP-Link Router Vulnerability Remains Unpatched

[03:11–03:31]

Chinese networking device firm TP-Link has failed to patch a serious TR069 protocol flaw in its routers for over a year.
Bug allows attackers to remotely commandeer routers at customer premises.
Timeline: Reported to TP-Link in May 2024; still no patch as of this episode.

8. Copeland Industrial Cooling Vulnerabilities

[03:32–03:53]

Copeland, a US manufacturer of industrial cooling, has patched 10 vulnerabilities in its HVAC/refrigeration units.
Two critical bugs enabled remote control via predictable passwords—potentially allowing sabotage of refrigeration or disabling emergency systems.
Vulnerabilities discovered by security firm Armis.

9. $8.4 Million Crypto Theft at Bunny DEX

[03:54–04:10]

Hackers exploited Ethereum smart contract vulnerabilities to steal $8.4M from decentralized crypto exchange Bunny.
Firm has paused all transactions while investigating the breach.

Notable Quotes

Claire Aird (on YouTubers' impact):
"Videos recorded by the YouTube channel Scammer Payback and Trilogy Media played a key role in identifying the group's members." [00:37]
Claire Aird (on token spillover risks):
"The attackers then accessed customer data and attempted to identify even more authentication tokens to continue moving between cloud systems." [01:38]
Claire Aird (on DDoS scale):
"Cloudflare says most of the traffic came from Google Cloud and lasted only 35 seconds." [03:07]

Timeline Index

Episode Highlights

Citizen investigations and social media vigilance are having a growing impact on real-world cybercrime.
Supply-chain attacks remain a major threat—even to security vendors.
Ransomware continues to disrupt major industrial and consumer brands.
Cyber defense partnerships and portable response tools are expanding internationally.
Persistent vulnerabilities in common hardware (like routers) and critical infrastructure pose ongoing risk.
The velocity and scale of DDoS attacks continue to set new records.
Crypto exchanges remain high-profile, high-value hacking targets—with millions at stake.

For more in-depth cybersecurity updates, tune in regularly to Risky Bulletin.

wavePod

Risky Bulletin: YouTubers unmask and help dismantle Chinese scam ring

Powered by Wave AI

Summary

Risky Bulletin: YouTubers Unmask and Help Dismantle Chinese Scam Ring

Overview

Key Stories and Insights

1. YouTubers Unmask and Help Dismantle Chinese Scam Operation

2. Salesloft Breach Ripple Effects

3. Ransomware Halts Jaguar Land Rover Production

4. New Joint Cyber Hunt Kit by US, Australia, and New Zealand

5. US Homeland Security Re-Activates Contract with Paragon Solutions

6. Cloudflare Mitigates Largest Ever DDoS Attack

7. TP-Link Router Vulnerability Remains Unpatched

8. Copeland Industrial Cooling Vulnerabilities

9. $8.4 Million Crypto Theft at Bunny DEX

Notable Quotes

Timeline Index

Episode Highlights

Summary

Risky Bulletin: YouTubers Unmask and Help Dismantle Chinese Scam Ring

Overview

Key Stories and Insights

1. YouTubers Unmask and Help Dismantle Chinese Scam Operation

2. Salesloft Breach Ripple Effects

3. Ransomware Halts Jaguar Land Rover Production

4. New Joint Cyber Hunt Kit by US, Australia, and New Zealand

5. US Homeland Security Re-Activates Contract with Paragon Solutions

6. Cloudflare Mitigates Largest Ever DDoS Attack

7. TP-Link Router Vulnerability Remains Unpatched

8. Copeland Industrial Cooling Vulnerabilities

9. $8.4 Million Crypto Theft at Bunny DEX

Notable Quotes

Timeline Index

Episode Highlights