Anomali has described a Microsoft Office exploit "supply chain" being shared among at least five Chinese groups: Conimes, KeyBoy, Emissary Panda, Rancor, and Temp[dot]Trident. Specifically, they're all working the "Royal Road Rich Text Format (RTF) weaponizer," and using it to exploit CVE-2017-11882 and CVE-2018-0802.
Sodinokibi ransomware is using a Windows privilege-escalation bug, CVE-2018-8453, to gain admin access in its targets. As ZDNet notes, it's relatively unusual for ransomware to exploit a privilege-escalation vulnerability. But what's not unusual is this: the bug, patched in October 2018, moved from state exploitation to criminal exploitation. It came to light as a zero-day exploited by FruityArmor, a state-directed espionage crew active mostly against Middle Eastern targets.
BleepingComputer reports that the Silence gang was behind recent robberies of Bangladeshi banks. The gang's two core members are apparently Russian-speakers believed to be white hats gone rogue. Their crimes involve jackpotting by money mules.
Google's Project Zero has confirmed that under certain circumstances a malformed message can brick an iPhone. An affected device can be recovered, Forbes reports, but at the cost of losing data.
Hal Martin, the former NSA contractor convicted of unlawful retention of defense information, will have his sentencing hearing on July 17th. The Washington Post observes that his widely suspected connection, if any, to the ShadowBrokers leaks remains as obscure as ever.