Daily Briefing

CyberGeoDigest

Geopolitical cyber intelligence in 5 minutes
Tuesday, June 30, 2026 · 20 stories
Share this digest:

Mustang Panda Hijacks Zoho WorkDrive to Command Attacks on Indian Government (1 minute read)

China-aligned Mustang Panda is running active espionage campaigns inside Indian government networks, including machines used by senior officials, using Zoho WorkDrive as a covert command-and-control channel.

The Hacker News · 17h ago · Read full article →

US Posts $10M Bounty on Russian Groups UNC5792 and UNC4221 Targeting Signal, WhatsApp (1 minute read)

The US State Department is offering $10 million for information identifying members of Russia-linked UNC5792 and UNC4221, which socially engineered access to Signal and WhatsApp accounts of government officials.

The Record · 16h ago · Read full article →

State Department Offers $10M for Russian Hackers Who Compromised WhatsApp, Signal Accounts (1 minute read)

UNC5792 and UNC4221, tied to Russian intelligence and military services, targeted officials' WhatsApp and Signal accounts; the State Department is offering up to $10 million for identifying or locating members.

BleepingComputer · 17h ago · Read full article →

US Bounty Targets Russian UNC5792 and UNC4221 as Messaging App Espionage Escalates (1 minute read)

UNC5792 and UNC4221 have compromised Signal and WhatsApp accounts belonging to US government officials, military leaders, and allied personnel, prompting a $10 million State Department reward.

SecurityWeek · 22h ago · Read full article →

US Offers $10M as Two Russian State Groups Target Signal and WhatsApp Users (1 minute read)

The U.S. is offering $10 million for information on a Russian state operation—active since at least March—that has hacked Signal and WhatsApp accounts. Targeting encrypted messaging platforms used by officials and journalists marks a deliberate escalation in Russia's communications-intelligence collection.

Ars Technica Security · 10h ago · Read full article →

Russia's Gamaredon Runs 35 Spear-Phishing Campaigns Against Ukraine in 2025 (1 minute read)

ESET documented 35 distinct Gamaredon spear-phishing campaigns against Ukrainian targets throughout 2025, featuring new malware variants and abuse of legitimate cloud services for command-and-control.

The Hacker News · 20h ago · Read full article →

Russia's Mass Passportization in Occupied Ukraine Functions as Hybrid Warfare Tool (1 minute read)

Russia has systematically issued Russian passports to residents of occupied Ukrainian territories, using citizenship policy to entrench annexation and complicate future legal reintegration. The campaign sets a replicable precedent for using civilian documentation as a reversibility-denial weapon in hybrid conflict.

Just Security · 19h ago · Read full article →

Iran, Russia, China Exploit Weak Passwords to Sabotage Water Systems (1 minute read)

Nation-state actors from Iran, Russia, and China are breaching water utility control systems via exposed PLCs, default credentials, and poor network segmentation. The attacks confirm critical infrastructure remains vulnerable to low-sophistication intrusions, not just advanced malware.

Dark Reading · 13h ago · Read full article →

Russia's Pro-Kremlin Influence Ecosystem Shifts from War Tool to Global Asset (3 minute read)

Google Threat Intelligence documents how Russia's influence operations, built to support Ukraine invasion objectives, have expanded into a global covert IO infrastructure spanning multiple coordinated campaigns.

Google Threat Intelligence · 18h ago · Read full article →

US Drone Component Manufacturing Debate Intensifies Amid China Dominance Concerns (3 minute read)

A Wall Street Journal analysis of military quadcopter supply chains exposed China's dominance in drone component manufacturing, prompting pushback from the Defense Innovation Unit over omitted US producers.

War on the Rocks · just now · Read full article →

China's CICIR Frames US-China Coexistence Terms Days Before Trump's Beijing Summit (3 minute read)

China's premier state-linked think tank CICIR published a coexistence framework for US-China relations on the morning of Trump's May 2026 Beijing state visit, receiving almost no Western media coverage.

War on the Rocks · just now · Read full article →

China's Economic Coercion Yields Uneven Results, New Analysis Finds (1 minute read)

Author Audrye Wong argues China's economic statecraft—'subversive carrots'—is harder to execute and less effective than both Beijing and Washington assume. The finding complicates threat assessments that treat Chinese economic leverage as a reliable geopolitical weapon.

The Diplomat · 17h ago · Read full article →

China's Decree No. 837 Extends State Control Over Private Tech Investments Abroad (1 minute read)

China's Decree No. 837 legally subordinates private Chinese companies' overseas investments to state authority, restricting strategic technology transfer to recipient countries. Any nation hosting Chinese private capital now faces embedded regulatory reach from Beijing.

The Diplomat · 19h ago · Read full article →

US and Iran Open Talks Over Strait of Hormuz Control Dispute (1 minute read)

Iran claims sole authority over the Strait of Hormuz; the U.S. rejects that assertion as both sides prepare direct negotiations. Control of the strait, through which roughly 20% of global oil transits, makes the dispute an acute energy-security flashpoint.

Foreign Policy · 10h ago · Read full article →

ShinyHunters Exploits Oracle PeopleSoft Zero-Day, Hits Nissan Employee Data (1 minute read)

Nissan confirmed a breach exposing current and former employee data after ShinyHunters exploited an unpatched Oracle PeopleSoft vulnerability. The same zero-day is linked to multiple ShinyHunters extortion operations, signaling an active exploitation campaign across PeopleSoft deployments.

BleepingComputer · 11h ago · Read full article →

236,000 DCloud Uni-App Sites Power Global Crypto Scam and Phishing Infrastructure (1 minute read)

Infoblox identified 236,000 websites using DCloud Uni-App templates to run pig-butchering scams, fake crypto exchanges, WhatsApp phishing, and wallet-draining operations across multiple languages.

The Hacker News · 20h ago · Read full article →

ShinyHunters Breaches NAIC via Oracle PeopleSoft Zero-Day, Steals Config Files (1 minute read)

ShinyHunters exploited a zero-day in NAIC's Oracle PeopleSoft server, exfiltrating publicly available data, outdated logs, and configuration files. Access to configuration data from an insurance regulatory body opens reconnaissance vectors into member insurers even if no private records were taken.

BleepingComputer · 11h ago · Read full article →

Attackers Exploit Critical CVE-2026-46817 in Oracle E-Business Suite Financials (1 minute read)

Active exploitation of CVE-2026-46817 in Oracle E-Business Suite has been confirmed by Defused threat intelligence, putting financial and ERP data at immediate risk.

BleepingComputer · 18h ago · Read full article →

DirtyClone Linux Kernel Flaw Heads Week of Turla Backdoors and AI Malware (2 minute read)

This week's threat landscape featured a new local-privilege Linux kernel flaw, a Turla backdoor resurgence, and AI-assisted malware techniques alongside active infostealer campaigns. The convergence of old access paths and novel evasion signals defenders face simultaneous patching and detection backlogs.

The Hacker News · 17h ago · Read full article →

CVE-2026-48558 in SimpleHelp Weaponized to Drop Cross-Platform Djinn Stealer (1 minute read)

Attackers are actively exploiting critical SimpleHelp flaw CVE-2026-48558 to deploy Djinn Stealer, a previously undocumented infostealer targeting Windows, macOS, and Linux simultaneously. A remote-management tool turned attack vector expands the blast radius to any organization running unpatched SimpleHelp instances.

BleepingComputer · 18h ago · Read full article →

Get this in your inbox

Free daily briefing. No spam. Unsubscribe anytime.

Subscribe Now