Daily Briefing

CyberGeoDigest

Geopolitical cyber intelligence in 5 minutes
Tuesday, July 7, 2026 · 20 stories
Share this digest:

Iran's MOIS-Linked Group Deploys Cavern C2 Against Israeli IT, Government (1 minute read)

An Iranian MOIS-affiliated threat cluster deployed previously undocumented Cavern C2 framework against Israeli IT providers and government entities. A custom modular framework signals sustained, targeted development against Israeli infrastructure rather than opportunistic intrusion.

The Hacker News · 15h ago · Read full article →

China-Linked APT Exploits Roundcube Chain to Penetrate U.S., Canadian Universities (1 minute read)

Proofpoint identified a suspected Chinese espionage group exploiting a Roundcube exploit chain to compromise physics and engineering departments at North American universities in an ongoing campaign.

CyberScoop · 1h ago · Read full article →

Armored Likho APT Hits Government and Electric Power Targets with Modular RATs (1 minute read)

Armored Likho is deploying modular remote-access trojans and infostealers against government agencies and electric power entities across Russia, Brazil, and Kazakhstan. Dual financially motivated and espionage tasking suggests a contractor-model actor serving multiple clients against critical infrastructure.

SecurityWeek · 19h ago · Read full article →

North Korea's PolinRider Campaign Backdoors 100-Plus Open Source Packages (1 minute read)

North Korean hackers compromised more than 100 legitimate open-source packages and repositories to deliver a backdoor and infostealer targeting developers in the PolinRider supply chain campaign.

SecurityWeek · 21h ago · Read full article →

China-Aligned APT Exploits CVE-2024-42009 in Roundcube to Hit STEM Universities (1 minute read)

A China-aligned threat cluster is exploiting Roundcube flaw CVE-2024-42009 (CVSS 9.3) to steal credentials from physics and engineering departments at U.S. and Canadian universities. Sustained collection against STEM faculties aligns with PRC strategic priorities in advanced materials, aerospace, and nuclear research.

The Hacker News · 1h ago · Read full article →

China-Nexus Group Targets Indian Taxpayers With Fake ITD Lure to Deploy DcRAT (1 minute read)

Operation DragonReturn, attributed to a China-nexus cluster by Seqrite Labs, uses spear-phishing impersonating India's Income Tax Department to deliver the DcRAT remote access trojan against taxpayers and corporate finance teams.

The Hacker News · 23h ago · Read full article →

UAT-7810 Expands Operational Relay Box Networks With Custom Malware Variants (1 minute read)

Cisco Talos documents UAT-7810 actively developing new custom malware to scale its operational relay box (ORB) network infrastructure. Continued ORB expansion obscures attribution and provides persistent, resilient command-and-control for long-haul espionage operations.

Cisco Talos · just now · Read full article →

Russian Hackers Elevate Ukrainian TV Outlets to Priority Espionage Targets (1 minute read)

Ukraine's top security official confirmed two previously unreported Russian cyberattacks on television broadcasters and said Russia has systematically escalated hacking against the media sector. Targeting broadcast infrastructure signals a shift toward degrading Ukrainian information capacity alongside kinetic strikes.

The Record · 21h ago · Read full article →

Russian Missiles Kill 11 in Kyiv as Ceasefire Talks Stall (2 minute read)

Russian missiles and drones struck Kyiv on July 6, killing at least 11 civilians and heavily damaging apartment blocks days after a brief diplomatic pause. The strike escalates civilian targeting pressure as international mediation efforts remain deadlocked.

Just Security · 22h ago · Read full article →

Armored Likho's BusySnake Infostealer Reaches Critical Infrastructure in Three Countries (1 minute read)

Threat group Armored Likho used the BusySnake infostealer to penetrate government agencies and electrical power entities in Russia, Brazil, and Kazakhstan. Cross-continental targeting of power grid operators by a single APT indicates either broad tasking or sale of access to multiple state clients.

Dark Reading · 12h ago · Read full article →

Xi Jinping Reshapes China's Central Military Commission Amid Purge (1 minute read)

Xi Jinping is promoting new flag officers to rebuild the Central Military Commission following an ongoing corruption purge of senior PLA leadership. The reshuffle signals Xi consolidating direct command loyalty ahead of anticipated operational contingencies.

The Diplomat · 20h ago · Read full article →

๐Ÿ‡จ๐Ÿ‡ณ PLA ยท China

NATO's 2026 Summit Convenes as Alliance Faces Unprecedented Internal Strain (1 minute read)

The 2026 NATO summit arrives amid fractures over burden-sharing, U.S. commitment credibility, and active war on Europe's eastern flank. Alliance cohesion is the central variable adversaries are watching and testing.

Foreign Policy · 12h ago · Read full article →

Trump and Putin Visits to Beijing Hand China Strategic Room to Reshape Global Order (1 minute read)

High-profile visits to Beijing by Trump and Putin have granted China expanded diplomatic leverage to advance an alternative international order on its terms. Beijing is converting geopolitical fragmentation in the West into concrete norm-setting influence across trade, security, and multilateral institutions.

The Diplomat · 21h ago · Read full article →

Emerging Saudi-Iran Realignment Risks Locking Israel Out of Regional Order (1 minute read)

A nascent anti-Abraham Accords alignment between Saudi Arabia and Iran is taking shape, threatening to reverse Gulf normalization momentum and isolate Israel diplomatically. The shift would redraw the Middle East security architecture the U.S. spent years engineering through the 2020 accords.

Foreign Policy · 22h ago · Read full article →

Proxy Botnets, Browser Ransomware, AI Prompt Abuse Defined This Week's Threat Landscape (2 minute read)

Consumer streaming devices were conscripted into proxy botnets, AI agents were manipulated via prompt injection, and fake proof-of-concept repos seeded developer environments with malware. The common thread: attackers are exploiting implicit trust in ordinary infrastructure rather than burning zero-days.

The Hacker News · 21h ago · Read full article →

Sysdig Documents First Confirmed Agentic AI Ransomware Attack in June 2026 (1 minute read)

In a late June 2026 incident, an AI agent autonomously executed multiple ransomware attack stages, reducing operator complexity and accelerating tempo even without completing every step.

CyberScoop · 19h ago · Read full article →

Tenda Router Firmware Hides Admin Backdoor, CVE-2026-11405 Unpatched (1 minute read)

CERT/CC warns CVE-2026-11405 in multiple Tenda firmware versions enables unauthenticated administrative access by bypassing password verification entirely. No patch is available, exposing potentially millions of deployed Chinese-manufactured edge devices to silent takeover.

The Hacker News · 3h ago · Read full article →

CVE-2026-48282: Max-Severity Adobe ColdFusion Flaw Exploited in Wild (1 minute read)

Attackers are actively exploiting CVE-2026-48282, a maximum-severity Adobe ColdFusion vulnerability flagged by KEVIntel. Active exploitation of ColdFusion flaws historically precedes mass compromise of enterprise web infrastructure.

BleepingComputer · 21h ago · Read full article →

CVE-2026-20896: Gitea Docker Auth Bypass Exploited 13 Days Post-Disclosure (1 minute read)

Threat actors began probing CVE-2026-20896 (CVSS 9.8) in Gitea Docker images 13 days after patch release, exploiting blind trust of the X-WEBAUTH-USER header to gain unauthenticated admin access. The speed of exploitation confirms DevOps pipeline infrastructure is a priority target for initial access.

The Hacker News · 17h ago · Read full article →

Linux 'Bad Epoll' Root Escalation PoC Released, Patch Urgency Escalates (1 minute read)

A public proof-of-concept exploit for the Linux 'Bad Epoll' local privilege escalation flaw is now circulating, lowering the bar for attackers to achieve root on unpatched systems. PoC release typically compresses the exploitation window to days for opportunistic actors targeting cloud and server workloads.

SecurityWeek · 21h ago · Read full article →

Get this in your inbox

Free daily briefing. No spam. Unsubscribe anytime.

Subscribe Now