:

CHINESE HACKERS DEPLOY LONGLEASH MALWARE

SECURITY DESK1 MIN READ
TUE, JUL 7, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Chinese threat actors tracked as UAT-7810 are actively developing the LONGLEASH malware to expand their Operational Relay Box (ORB) network. The campaign primarily targets unpatched Ruckus routers and other internet-facing networking devices.

UAT-7810 operators are leveraging LONGLEASH to compromise networking infrastructure and establish relay nodes within their ORB network. The malware targets vulnerabilities in Ruckus routers, exploiting devices that lack security patches. Operational Relay Boxes serve as intermediary nodes for command-and-control communications and lateral movement across compromised networks. By expanding their ORB infrastructure, the threat actors increase their operational flexibility and resilience. Security researchers recommend organizations immediately patch Ruckus devices and segment network access to limit exposure. Administrators should audit internet-facing networking equipment for unauthorized access and monitor for suspicious relay traffic. The campaign reflects broader trends of state-sponsored actors targeting network infrastructure to establish persistent footholds within target organizations.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

3H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

3H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

6H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

8H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.