Multiple Cozy Bear sightings (at least the bear tracks). Spyware in a Chinese employee benefits app. Phishing campaigns. DoppelPaymer rebrands. And ignore that bot--it hasn’t been watching you surf.

Cozy Bear’s active command-and-control servers are found, and people conclude that Moscow’s not too worried about American retaliation after all. Spyware found in an app for companies doing business in China. What to make (and not make) of the Iranian documents Sky News received. Phishing with Crimean bait. HTML smuggling may be enjoying a moderate surge. DoppelPaymer rebrands. Andrea Little Limbago from Interos on growing the next-gen of cyber. Our guest is Jamil Jaffer from IronNet Cybersecurity protecting the BlackHat Network Operations Center. And good news--that blackmailing bot really doesn’t know what you did this summer. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/146