Google and Microsoft issue critical updates. CISA warns of active exploitation of a critical flaw in Wing FTP Server. Cloudflare restores their DNS Resolver service following a brief outage. A critical vulnerability in a PHP documentation tool allows attackers to execute code on affected servers. NSA and FBI officials say they’ve disrupted Chinese cyber campaigns targeting U.S. critical infrastructure. A UK data breach puts Afghan soldiers and their families at risk. Researchers find malware hiding in DNS records. A former U.S. Army soldier pleads guilty to charges of hacking and extortion. Ben Yelin joins us with insights on the Senate Armed Services Committee’s response to rising threats to critical infrastructure.The large print giveth and the small print taketh away. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ben Yelin, co host of our Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, discussing the Senate Armed Services Committee’s and Trump administration nominees’ recent conversation about rising threats to critical infrastructure. You can find the article Ben discusses here.

Selected Reading

Google fixes actively exploited sandbox escape zero day in Chrome (Bleeping Computer)

Windows KB5064489 emergency update fixes Azure VM launch issues (Bleeping Computer)

Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns (The Record)

Cloudflare 1.1.1.1 incident on July 14, 2025 (Cloudflare)

Critical template Injection flaw in LaRecipe Documentation Package enables remote code execution (Beyond Machines)

NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure (The Record)

Defence secretary 'unable to say' if anyone killed after Afghan data breach  (BBC News)

Hackers exploit a blind spot by hiding malware inside DNS records (Ars Technica)

21-year-old former US soldier pleads guilty to hacking, extorting telecoms  (The Record)

WeTransfer says files not used to train AI after backlash (BBC News)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices