Cyber Briefing: 2026.07.08
Chinese threat actor UAT-7810 weaponizes edge routers with new "LONGLEASH" malware, healthcare providers are facing a devastating wave of personal data theft
Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.
The China-linked threat group UAT-7810 is significantly expanding its operational infrastructure by deploying four new malware families, LONGLEASH, DOGLEASH, JARLEASH, and LEASHTEST, to compromise unpatched Ruckus and ASUS networking equipment. Simultaneously, CISA has added four critical vulnerabilities affecting Adobe ColdFusion, Langflow, and Joomla to its Known Exploited Vulnerabilities (KEV) catalog, mandating that federal agencies complete remediation by July 10, 2025. These infrastructure attacks coincide with significant data breaches, notably at the North Los Angeles County Regional Center, where the Medusa ransomware group exfiltrated over 600 gigabytes of sensitive health and financial records.
In addition to these active threats, organizations are grappling with evolving operational and regulatory requirements. Meta is hardening the security of its smart glasses by implementing automated camera deactivation if the privacy LED is tampered with, closing a loophole previously exploited by users to record covertly. Meanwhile, small medical practice owners are being reminded that HIPAA compliance cannot be offloaded to staff or vendors, as the Office for Civil Rights holds the primary entity legally accountable for all security failures. On the technical front, a new open-source tool, Instagui, has been released to simplify command-line tasks by automatically generating local graphical interfaces for CLI binaries.
Listen to our podcast here ⏬
⚡THREAT LANDSCAPE
UAT-7810 APT expands ORB network with new malware
Cisco Talos has identified UAT-7810, a China-linked advanced persistent threat group, expanding its LapDogs Operational Relay Box network with four new malware families: LONGLEASH (an upgraded backdoor), DOGLEASH (a C-based backdoor), JARLEASH (a Java-based administration tool), and LEASHTEST (a testing utility). The threat actor exploits known vulnerabilities in unpatched Ruckus wireless routers and ASUS AiCloud devices to compromise networking equipment and establish relay infrastructure used by other Chinese APT groups. Organizations should immediately patch CVE-2020-22653, CVE-2020-22658, CVE-2023-25717, and CVE-2025-2492, monitor for the provided indicators of compromise, and deploy available detection signatures. Read More
CISA Adds ColdFusion, Langflow, Joomla Flaws to KEV Catalog
CISA has added four critical vulnerabilities to its Known Exploited Vulnerabilities catalog: two newly disclosed flaws in Adobe ColdFusion and Langflow, plus two vulnerabilities in Joomla extensions. Federal agencies must patch these actively exploited security issues by July 10, 2025. Organizations using these platforms should prioritize immediate remediation to prevent potential compromise. Read More
🚨INCIDENTS & REAL-WORLD IMPACT
North LA County Regional Center Ransomware Breach
North Los Angeles County Regional Center is notifying individuals about a November 2024 ransomware attack by the Medusa group that exposed extensive personal and medical data including Social Security numbers, financial information, and health records. The breach occurred between November 20 and December 1, 2024, with over 600 gigabytes of data allegedly stolen before ransomware encrypted the systems. Separately, Midland Care Connection in Kansas disclosed a March 2026 breach affecting patient data and is offering 12 months of credit monitoring to victims. Read More
🔓 EXECUTIVE RISK & CYBERNOMICS
Meta updates smart glasses with privacy light tamper detection
Meta is updating its smart glasses to disable the camera if the privacy LED indicator is tampered with or destroyed. The change addresses modders who have physically drilled out or otherwise disabled the LED light that signals when recording is active. Previous measures like tape detection proved insufficient, as users found workarounds to bypass the recording indicator. Read More
🛡️ POLICY, REGULATION & LEGAL SIGNALS
Small Practice Owners Guide to HIPAA Compliance
Small medical practice owners remain legally and financially responsible for HIPAA compliance even when they delegate day-to-day tasks to staff or consultants, according to guidance from HIPAA Journal. The Office for Civil Rights holds the practice entity accountable for violations regardless of which employee made the error, and penalties apply equally to small practices and large hospital systems. Owners should maintain oversight through regular check-ins on security risk analyses, staff training records, vendor agreements, and policy updates rather than assuming delegation transfers legal responsibility. Read More
💻 CAREER ENABLEMENT
Instagui An Open-source CLI-to-GUI converter
A new open-source tool called Instagui converts command-line interface (CLI) programs into graphical user interfaces (GUIs) by parsing help documentation and using Claude AI to generate a locally hosted web interface. Created by software engineer Omar Soutari, the tool works with any CLI binary in any language without code modifications, requiring only a one-time API call to generate reusable JSON schemas. The tool includes pre-verified schemas for common utilities like ffmpeg, yt-dlp, and pandoc, and is designed with security controls including localhost-only binding and command injection prevention. Read More
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium








