<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>InfoSecRadar — Malware &amp; Ransomware</title>
    <link>https://infosecradar.com/feeds/malware.xml</link>
    <description>Malware &amp; Ransomware stories from InfoSecRadar</description>
    <atom:link href="https://infosecradar.com/feeds/malware.xml" rel="self"/>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>InfoSecRadar</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 14:10:19 +0000</lastBuildDate>
    <item>
      <title>GigaWiper Lets Threat Actors Choose Their Own Destructive Attack</title>
      <link>https://infosecradar.com/stories/2026/07/13/gigawiper-lets-threat-actors-choose-their-own-destructive-attack/</link>
      <description>A new modular implant called GigaWiper has been identified, which combines backdoor and wiper functionalities. This allows threat actors to customize their destructive attacks for maximum impact with minimal operational effort.</description>
      <guid isPermaLink="false">https://www.darkreading.com/cyberattacks-data-breaches/gigawiper-threat-actors-choose-their-own-destructive-attack</guid>
      <pubDate>Mon, 13 Jul 2026 16:50:54 +0000</pubDate>
      <source url="https://www.darkreading.com/cyberattacks-data-breaches/gigawiper-threat-actors-choose-their-own-destructive-attack">Dark Reading</source>
    </item>
    <item>
      <title>Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found</title>
      <link>https://infosecradar.com/stories/2026/07/13/google-and-microsoft-pull-modheader-with-16-million-installs-after-dormant-colle/</link>
      <description>Google and Microsoft have removed the ModHeader browser extension, used by approximately 1.6 million users, due to the discovery of a hidden browsing history collector. Although this collector was dormant and there's no evidence of data exfiltration, its presence prompted the removal by the tech giants.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html</guid>
      <pubDate>Mon, 13 Jul 2026 17:17:24 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html">The Hacker News</source>
    </item>
    <item>
      <title>CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks</title>
      <link>https://infosecradar.com/stories/2026/07/13/crashstealer-macos-malware-uses-notarized-dropper-to-pass-gatekeeper-checks/</link>
      <description>Cybersecurity researchers have identified a new macOS information stealer named CrashStealer, which is written in native C++. This malware utilizes a notarized dropper to bypass Apple's Gatekeeper security checks, allowing it to harvest sensitive data from infected systems.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/crashstealer-macos-malware-uses.html</guid>
      <pubDate>Mon, 13 Jul 2026 17:36:12 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/crashstealer-macos-malware-uses.html">The Hacker News</source>
    </item>
    <item>
      <title>New CrashStealer malware poses as Apple crash reporting tool</title>
      <link>https://infosecradar.com/stories/2026/07/13/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/</link>
      <description>A new macOS information-stealing malware named CrashStealer has been discovered. It disguises itself as Apple's legitimate crash-reporting tool to trick users into installing it, subsequently stealing sensitive data such as credentials, keychain information, and cryptocurrency wallet details.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/</guid>
      <pubDate>Mon, 13 Jul 2026 19:04:02 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/">Bleeping Computer</source>
    </item>
    <item>
      <title>Hackers backdoor Jscrambler npm package with infostealer malware</title>
      <link>https://infosecradar.com/stories/2026/07/13/hackers-backdoor-jscrambler-npm-package-with-infostealer-malware/</link>
      <description>A malicious version of the Jscrambler npm package was published by a threat actor, containing infostealer malware. This compromised package has been downloaded nearly 1,500 times.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/hackers-backdoor-jscrambler-npm-package-with-infostealer-malware/</guid>
      <pubDate>Mon, 13 Jul 2026 19:44:19 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/hackers-backdoor-jscrambler-npm-package-with-infostealer-malware/">Bleeping Computer</source>
    </item>
    <item>
      <title>148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet</title>
      <link>https://infosecradar.com/stories/2026/07/14/148-npm-packages-disguised-as-student-proxies-turned-browsers-into-a-ddos-botnet/</link>
      <description>A campaign involving 148 npm packages, presented as student web proxies, was discovered to have turned visitors' browsers into a distributed denial-of-service (DDoS) botnet for approximately two weeks in May. The malicious packages utilized the npm registry as free hosting for a booby-trapped proxy site, targeting students attempting to circumvent internet restrictions.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html</guid>
      <pubDate>Tue, 14 Jul 2026 07:08:36 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html">The Hacker News</source>
    </item>
    <item>
      <title>Multiple Jscrambler Packages Impacted by Supply Chain Attack</title>
      <link>https://infosecradar.com/stories/2026/07/14/multiple-jscrambler-packages-impacted-by-supply-chain-attack/</link>
      <description>A threat actor successfully poisoned several Jscrambler NPM packages, leading to the distribution of a cross-platform credential stealer. This supply chain attack targeted widely used JavaScript packages, compromising users who updated to affected versions.</description>
      <guid isPermaLink="false">https://www.securityweek.com/multiple-jscrambler-packages-impacted-by-supply-chain-attack/</guid>
      <pubDate>Tue, 14 Jul 2026 09:04:39 +0000</pubDate>
      <source url="https://www.securityweek.com/multiple-jscrambler-packages-impacted-by-supply-chain-attack/">SecurityWeek</source>
    </item>
    <item>
      <title>Phishing for dummies: Forg365 lowers barrier to M365 account takeovers</title>
      <link>https://infosecradar.com/stories/2026/07/14/phishing-for-dummies-forg365-lowers-barrier-to-m365-account-takeovers/</link>
      <description>A new phishing-as-a-service platform called Forg365, distributed via Telegram, is making Microsoft 365 account takeovers more accessible to less-skilled attackers. The platform utilizes AI for lure creation, device-code abuse, and adversary-in-the-middle techniques to bypass authentication controls and maintain access.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4196646/phishing-for-dummies-forg365-lowers-barrier-to-m365-account-takeovers.html</guid>
      <pubDate>Tue, 14 Jul 2026 09:46:06 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4196646/phishing-for-dummies-forg365-lowers-barrier-to-m365-account-takeovers.html">CSO Online</source>
    </item>
    <item>
      <title>'The bots are alive!' Jailbroken Gemini spun up new C2 server for Russian fraudster in just 6 minutes</title>
      <link>https://infosecradar.com/stories/2026/07/14/the-bots-are-alive-jailbroken-gemini-spun-up-new-c2-server-for-russian-fraudster/</link>
      <description>A Russian fraudster reportedly used a jailbroken version of Google's Gemini AI to rapidly set up a command-and-control (C2) server for fraudulent activities.  The AI was credited with performing 90% of the work, with human intervention accounting for only 10%, in just six minutes.</description>
      <guid isPermaLink="false">https://www.theregister.com/research/2026/07/14/the-bots-are-alive-jailbroken-gemini-spun-up-new-c2-server-for-russian-fraudster-in-just-6-minutes/5270131</guid>
      <pubDate>Tue, 14 Jul 2026 12:15:00 +0000</pubDate>
      <source url="https://www.theregister.com/research/2026/07/14/the-bots-are-alive-jailbroken-gemini-spun-up-new-c2-server-for-russian-fraudster-in-just-6-minutes/5270131">The Register (Security)</source>
    </item>
    <item>
      <title>New phishing kits target Microsoft 365 accounts, evade MFA</title>
      <link>https://infosecradar.com/stories/2026/07/14/new-phishing-kits-target-microsoft-365-accounts-evade-mfa/</link>
      <description>Two new phishing kits, named Jalisco and OmegaLord, are actively targeting Microsoft 365 accounts. These kits employ advanced techniques designed to bypass multi-factor authentication (MFA), posing a significant threat to user credentials and sensitive data.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-phishing-kits-target-microsoft-365-accounts-evade-mfa/</guid>
      <pubDate>Tue, 14 Jul 2026 12:49:00 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-phishing-kits-target-microsoft-365-accounts-evade-mfa/">Bleeping Computer</source>
    </item>
    <item>
      <title>LastPass, Bitwarden users targeted with fake security alerts</title>
      <link>https://infosecradar.com/stories/2026/07/14/lastpass-bitwarden-users-targeted-with-fake-security-alerts/</link>
      <description>LastPass is alerting its users to a phishing campaign that employs deceptive security alerts to lure victims to fake websites. These fraudulent notices are designed to trick users into divulging sensitive information. The campaign appears to be targeting users of both LastPass and Bitwarden password managers.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/lastpass-bitwarden-users-targeted-with-fake-security-alerts/</guid>
      <pubDate>Tue, 14 Jul 2026 15:31:52 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/lastpass-bitwarden-users-targeted-with-fake-security-alerts/">Bleeping Computer</source>
    </item>
    <item>
      <title>ClickFix's Mushrooming Ecosystem Demands New Defense Tactics</title>
      <link>https://infosecradar.com/stories/2026/07/14/clickfixs-mushrooming-ecosystem-demands-new-defense-tactics/</link>
      <description>ClickFix, a newly emerged attack vector, is being offered for rent and can bypass standard antivirus and EDR solutions. The most effective detection method currently identified is YARA analysis, indicating a growing need for updated defense strategies against this evolving threat.</description>
      <guid isPermaLink="false">https://www.darkreading.com/cyberattacks-data-breaches/clickfixs-ecosystem-demands-new-defense</guid>
      <pubDate>Tue, 14 Jul 2026 15:53:54 +0000</pubDate>
      <source url="https://www.darkreading.com/cyberattacks-data-breaches/clickfixs-ecosystem-demands-new-defense">Dark Reading</source>
    </item>
    <item>
      <title>LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts</title>
      <link>https://infosecradar.com/stories/2026/07/14/labubarat-masquerades-as-nvidia-software-to-control-windows-hosts/</link>
      <description>Researchers have identified a new Rust-based remote access trojan (RAT) called LabubaRAT that disguises itself as NVIDIA software. This RAT aims to establish a persistent foothold on Windows hosts, allowing attackers to profile the system and potentially control it.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/labubarat-masquerades-as-nvidia.html</guid>
      <pubDate>Tue, 14 Jul 2026 16:52:37 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/labubarat-masquerades-as-nvidia.html">The Hacker News</source>
    </item>
    <item>
      <title>Nearly 300 GitHub repos pose as legit software to push malware</title>
      <link>https://infosecradar.com/stories/2026/07/14/nearly-300-github-repos-pose-as-legit-software-to-push-malware/</link>
      <description>A threat actor has created nearly 300 GitHub repositories designed to impersonate legitimate software and security projects. These fake repositories are being used to distribute infostealer malware to unsuspecting users.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/</guid>
      <pubDate>Tue, 14 Jul 2026 19:15:17 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/">Bleeping Computer</source>
    </item>
    <item>
      <title>The State of Ransomware 2026: Payments are dropping but encryption is climbing</title>
      <link>https://infosecradar.com/stories/2026/07/15/the-state-of-ransomware-2026-payments-are-dropping-but-encryption-is-climbing/</link>
      <description>A recent report indicates that while organizations are paying less in ransomware demands, the use of encryption by attackers is on the rise. This trend suggests a shift in attacker tactics, potentially focusing on data exfiltration and disruption over direct financial gain from ransoms.</description>
      <guid isPermaLink="false">https://www.sophos.com/en-us/blog/sophos-state-of-ransomware-2026</guid>
      <pubDate>Wed, 15 Jul 2026 00:00:00 +0000</pubDate>
      <source url="https://www.sophos.com/en-us/blog/sophos-state-of-ransomware-2026">Sophos News</source>
    </item>
    <item>
      <title>US charges alleged operators of Russian bulletproof hosting service</title>
      <link>https://infosecradar.com/stories/2026/07/15/us-charges-alleged-operators-of-russian-bulletproof-hosting-service/</link>
      <description>U.S. federal prosecutors have charged three Russian nationals for allegedly operating a bulletproof hosting service that supported ransomware gangs. This service is believed to have facilitated criminal activities resulting in over $62 million in damages to victims globally.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/us-charges-alleged-russian-bulletproof-hosting-service-operators/</guid>
      <pubDate>Wed, 15 Jul 2026 07:45:50 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/us-charges-alleged-russian-bulletproof-hosting-service-operators/">Bleeping Computer</source>
    </item>
    <item>
      <title>Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware</title>
      <link>https://infosecradar.com/stories/2026/07/15/compromised-asyncapi-npm-packages-deliver-multi-stage-botnet-malware/</link>
      <description>Four npm packages within the @asyncapi namespace have been found to be compromised and are distributing a multi-stage botnet loader. This malicious activity was identified by researchers from OX Security, SafeDep, Socket, and StepSecurity.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html</guid>
      <pubDate>Wed, 15 Jul 2026 09:16:13 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html">The Hacker News</source>
    </item>
    <item>
      <title>Windows Bind Link Attacks Can Hide Malware From EDR Tools</title>
      <link>https://infosecradar.com/stories/2026/07/15/windows-bind-link-attacks-can-hide-malware-from-edr-tools/</link>
      <description>Researchers at Bitdefender have discovered a new attack technique on Windows systems that leverages bind links. These links create conflicting filesystem views, allowing malware to evade detection by Endpoint Detection and Response (EDR) tools.</description>
      <guid isPermaLink="false">https://www.securityweek.com/windows-bind-link-attacks-can-hide-malware-from-edr-tools/</guid>
      <pubDate>Wed, 15 Jul 2026 13:00:00 +0000</pubDate>
      <source url="https://www.securityweek.com/windows-bind-link-attacks-can-hide-malware-from-edr-tools/">SecurityWeek</source>
    </item>
    <item>
      <title>Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws</title>
      <link>https://infosecradar.com/stories/2026/07/15/firefox-chrome-adobe-and-vmware-updates-fix-multiple-critical-security-flaws/</link>
      <description>Mozilla has released updates for Firefox to fix two critical security vulnerabilities. The company has warned that exploit code for these flaws is publicly available.  One vulnerability affects the WebAssembly component, while the other impacts the DOM navigation.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html</guid>
      <pubDate>Wed, 15 Jul 2026 13:18:53 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html">The Hacker News</source>
    </item>
    <item>
      <title>KAPE 101: A Kroll Artifact Parser and Extractor Cheatsheet</title>
      <link>https://infosecradar.com/stories/2026/07/15/kape-101-a-kroll-artifact-parser-and-extractor-cheatsheet/</link>
      <description>This article provides a cheatsheet for KAPE (Kroll Artifact Parser and Extractor), a tool used for efficiently locating, extracting, and parsing Windows forensic artifacts. These artifacts can be crucial for identifying adversary activity within the operating system.</description>
      <guid isPermaLink="false">https://www.blackhillsinfosec.com/kape-cheatsheet/</guid>
      <pubDate>Wed, 15 Jul 2026 14:00:00 +0000</pubDate>
      <source url="https://www.blackhillsinfosec.com/kape-cheatsheet/">Black Hills Information Security</source>
    </item>
    <item>
      <title>OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps</title>
      <link>https://infosecradar.com/stories/2026/07/15/okobot-malware-framework-injects-seed-phrase-phishing-into-ledger-and-trezor-app/</link>
      <description>The OkoBot malware framework, active since April 2025 on Windows, includes a module specifically designed to phish users for their hardware wallet recovery phrases. This module injects fake recovery phrase prompts into legitimate desktop applications for Ledger and Trezor wallets on infected machines.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html</guid>
      <pubDate>Wed, 15 Jul 2026 15:30:30 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html">The Hacker News</source>
    </item>
    <item>
      <title>​    ​AsyncAPI npm packages infected with credential-stealing malware</title>
      <link>https://infosecradar.com/stories/2026/07/15/asyncapi-npm-packages-infected-with-credential-stealing-malware/</link>
      <description>Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) as part of a supply-chain attack. These packages contained a remote access trojan designed to steal credentials and other sensitive information from infected systems.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/-asyncapi-npm-packages-infected-with-credential-stealing-malware/</guid>
      <pubDate>Wed, 15 Jul 2026 15:37:27 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/-asyncapi-npm-packages-infected-with-credential-stealing-malware/">Bleeping Computer</source>
    </item>
    <item>
      <title>Google Gemini CLI abused as a hacking agent, malware botnet operator</title>
      <link>https://infosecradar.com/stories/2026/07/15/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/</link>
      <description>A Russian-speaking threat actor, "bandcampro," has been observed using Google's open-source Gemini Command Line Interface (CLI) as a hacking agent. This actor leveraged the AI tool to establish a small-scale botnet, demonstrating a novel abuse of generative AI capabilities for malicious purposes.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/</guid>
      <pubDate>Wed, 15 Jul 2026 18:33:48 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/">Bleeping Computer</source>
    </item>
    <item>
      <title>TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development</title>
      <link>https://infosecradar.com/stories/2026/07/15/tuxbot-v3-evolution-shows-signs-of-llm-assisted-iot-botnet-development/</link>
      <description>TuxBot v3 Evolution is a new IoT botnet framework that researchers believe was developed with the help of a large language model (LLM). While the AI generated code for the botnet, it included a disclaimer, indicating the developer did not fully implement the AI's suggestions.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/tuxbot-v3-evolution-shows-signs-of-llm.html</guid>
      <pubDate>Wed, 15 Jul 2026 18:43:08 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/tuxbot-v3-evolution-shows-signs-of-llm.html">The Hacker News</source>
    </item>
    <item>
      <title>Windows 0-day drops the same day Microsoft releases record number of patches</title>
      <link>https://infosecradar.com/stories/2026/07/15/windows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches/</link>
      <description>Microsoft has released a record number of patches for its operating systems and other products, addressing 76 vulnerabilities. Concurrently, a zero-day exploit dubbed HiveLegacy has surfaced, which researchers describe as a powerful primitive with the potential for further malicious activities.</description>
      <guid isPermaLink="false">https://arstechnica.com/security/2026/07/windows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches/</guid>
      <pubDate>Wed, 15 Jul 2026 19:59:48 +0000</pubDate>
      <source url="https://arstechnica.com/security/2026/07/windows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches/">Ars Technica (Security)</source>
    </item>
    <item>
      <title>Identity Attacks Overtake Exploits as Top Ransomware Cause</title>
      <link>https://infosecradar.com/stories/2026/07/15/identity-attacks-overtake-exploits-as-top-ransomware-cause/</link>
      <description>Email-based attacks have surpassed exploit kits as the primary entry point for ransomware. Despite widespread adoption of multifactor authentication (MFA), it was ineffective in 97% of credential-based attacks, failing to prevent compromise.</description>
      <guid isPermaLink="false">https://www.darkreading.com/identity-access-management-security/identity-attacks-overtake-exploits-top-ransomware-cause</guid>
      <pubDate>Wed, 15 Jul 2026 20:16:13 +0000</pubDate>
      <source url="https://www.darkreading.com/identity-access-management-security/identity-attacks-overtake-exploits-top-ransomware-cause">Dark Reading</source>
    </item>
    <item>
      <title>NPM ecosystem hit with two new supply chain compromises</title>
      <link>https://infosecradar.com/stories/2026/07/15/npm-ecosystem-hit-with-two-new-supply-chain-compromises/</link>
      <description>Two significant supply chain compromises have affected the npm ecosystem, impacting multiple packages from AsyncAPI and Jscrambler Code Integrity. Attackers gained access through compromised development credentials and exploited a known vulnerability in GitHub Actions CI/CD workflows to inject malware into open-source packages. Affected organizations are advised to rebuild systems from clean images and rotate all credentials.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197499/npm-ecosystem-hit-with-two-new-supply-chain-compromises.html</guid>
      <pubDate>Wed, 15 Jul 2026 20:33:40 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197499/npm-ecosystem-hit-with-two-new-supply-chain-compromises.html">CSO Online</source>
    </item>
    <item>
      <title>Dutch police bust investment fraud ring stealing over €100 million</title>
      <link>https://infosecradar.com/stories/2026/07/15/dutch-police-bust-investment-fraud-ring-stealing-over-100-million/</link>
      <description>Dutch police have arrested suspects in a large-scale investment fraud ring that allegedly defrauded tens of thousands of victims out of over €100 million. The criminal group operated internationally, using fake investment platforms and social media to lure victims. Authorities seized assets and are continuing investigations into the full extent of the operation.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/dutch-police-bust-investment-fraud-ring-stealing-over-100-million/</guid>
      <pubDate>Wed, 15 Jul 2026 21:55:50 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/dutch-police-bust-investment-fraud-ring-stealing-over-100-million/">Bleeping Computer</source>
    </item>
    <item>
      <title>CVE-2026-25089: Fortinet FortiSandbox OS Command Injection Vulnerability</title>
      <link>https://infosecradar.com/stories/2026/07/16/cve-2026-25089-fortinet-fortisandbox-os-command-injection-vulnerability/</link>
      <description>A critical OS command injection vulnerability (CVE-2026-25089) has been identified in Fortinet FortiSandbox products. An unauthenticated attacker can exploit this flaw via crafted HTTP requests to execute unauthorized commands. Organizations are urged to apply vendor-provided mitigations and adhere to CISA's risk-based patching guidance.</description>
      <guid isPermaLink="false">https://nvd.nist.gov/vuln/detail/CVE-2026-25089</guid>
      <pubDate>Thu, 16 Jul 2026 00:00:00 +0000</pubDate>
      <source url="https://nvd.nist.gov/vuln/detail/CVE-2026-25089">CISA KEV</source>
    </item>
    <item>
      <title>Cyberattack threatens utterly critical infrastructure in Japan: KFC</title>
      <link>https://infosecradar.com/stories/2026/07/16/cyberattack-threatens-utterly-critical-infrastructure-in-japan-kfc/</link>
      <description>A cyberattack has significantly disrupted operations at KFC Japan, impacting its online ordering system and potentially leading to store closures. The attack targeted a logistics partner, causing its systems to go offline and halting the delivery of crucial supplies.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/16/cyberattack-threatens-utterly-critical-infrastructure-in-japan-kfc/5272220</guid>
      <pubDate>Thu, 16 Jul 2026 02:01:01 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/16/cyberattack-threatens-utterly-critical-infrastructure-in-japan-kfc/5272220">The Register (Security)</source>
    </item>
    <item>
      <title>Police Disrupt a €140M Cyber Fraud Ring in Spain</title>
      <link>https://infosecradar.com/stories/2026/07/16/police-disrupt-a-140m-cyber-fraud-ring-in-spain/</link>
      <description>Spanish police have dismantled a significant cyber fraud ring that generated an estimated €140 million through various online attacks. The group's activities included phishing, malware distribution, and other forms of cybercrime, with proceeds being laundered through sophisticated financial schemes.</description>
      <guid isPermaLink="false">https://www.darkreading.com/threat-intelligence/police-disrupt-140m-euro-cyber-fraud-ring-spain</guid>
      <pubDate>Thu, 16 Jul 2026 07:00:00 +0000</pubDate>
      <source url="https://www.darkreading.com/threat-intelligence/police-disrupt-140m-euro-cyber-fraud-ring-spain">Dark Reading</source>
    </item>
    <item>
      <title>Srsly Risky Biz: Ransomware Uses AI To Amp Up Negotiations</title>
      <link>https://infosecradar.com/stories/2026/07/16/srsly-risky-biz-ransomware-uses-ai-to-amp-up-negotiations/</link>
      <description>Ransomware operators are reportedly leveraging artificial intelligence to enhance their negotiation tactics. This development allows them to craft more persuasive and personalized demands, potentially increasing their success rate in extorting victims.</description>
      <guid isPermaLink="false">https://news.risky.biz/srsly-risky-biz-ransomware-uses-ai-to-amp-up-negotiations/</guid>
      <pubDate>Thu, 16 Jul 2026 07:32:27 +0000</pubDate>
      <source url="https://news.risky.biz/srsly-risky-biz-ransomware-uses-ai-to-amp-up-negotiations/">Risky Business News</source>
    </item>
    <item>
      <title>New Spirals ransomware encrypts victim network in under 24 hours</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-spirals-ransomware-encrypts-victim-network-in-under-24-hours/</link>
      <description>A new ransomware variant named Spirals has been observed rapidly encrypting victim networks within a 24-hour timeframe, encompassing initial access, data exfiltration, and final encryption. This rapid attack cycle highlights the increasing efficiency of ransomware operations.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-spirals-ransomware-encrypts-victim-network-in-under-24-hours/</guid>
      <pubDate>Thu, 16 Jul 2026 10:00:00 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-spirals-ransomware-encrypts-victim-network-in-under-24-hours/">Bleeping Computer</source>
    </item>
    <item>
      <title>Russian hackers trojanize WebEx, Zoom apps to push Starland malware</title>
      <link>https://infosecradar.com/stories/2026/07/16/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/</link>
      <description>A financially motivated Russian threat actor known as UAT-11795 is distributing a new backdoor malware called Starland RAT by trojanizing legitimate WebEx and Zoom applications. This malware is designed to steal user credentials and cryptocurrency from infected systems.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/</guid>
      <pubDate>Thu, 16 Jul 2026 10:19:34 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/">Bleeping Computer</source>
    </item>
    <item>
      <title>Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor</title>
      <link>https://infosecradar.com/stories/2026/07/16/daxin-resurfaces-in-taiwan-alongside-stupig-pre-login-system-backdoor/</link>
      <description>The Daxin kernel-mode rootkit, linked to a China-affiliated threat actor, has reappeared after more than four years, infecting a manufacturing firm in Taiwan. Alongside Daxin, a new, previously unknown backdoor named Stupig has also been discovered.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/daxin-resurfaces-in-taiwan-alongside.html</guid>
      <pubDate>Thu, 16 Jul 2026 11:17:23 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/daxin-resurfaces-in-taiwan-alongside.html">The Hacker News</source>
    </item>
    <item>
      <title>20+ Hijacked Government Websites Became an Attack Channel</title>
      <link>https://infosecradar.com/stories/2026/07/16/20-hijacked-government-websites-became-an-attack-channel/</link>
      <description>Over 20 Brazilian government websites have been compromised and used as a distribution channel for malware by the PhantomEnigma threat group. The campaign, uncovered by ANY.RUN, also revealed new backdoor functionalities and hidden infrastructure details.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/20-hijacked-government-websites.html</guid>
      <pubDate>Thu, 16 Jul 2026 11:58:00 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/20-hijacked-government-websites.html">The Hacker News</source>
    </item>
    <item>
      <title>New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-clicklock-macos-stealer-kills-apps-every-210ms-until-victims-type-their-pass/</link>
      <description>A new macOS infostealer named ClickLock Stealer has been identified that pressures victims into revealing their passwords by repeatedly terminating running applications. The malware is initiated via a command pasted into the Terminal and employs a fake system dialog to request the user's password.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-clicklock-macos-stealer-kills-apps.html</guid>
      <pubDate>Thu, 16 Jul 2026 12:33:42 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-clicklock-macos-stealer-kills-apps.html">The Hacker News</source>
    </item>
    <item>
      <title>‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing</title>
      <link>https://infosecradar.com/stories/2026/07/16/clicklock-stealer-bypasses-macos-security-with-social-engineering-process-killin/</link>
      <description>A new macOS malware named 'ClickLock Stealer' has been identified that targets users by stealing passwords and cryptocurrency. The malware employs social engineering tactics and the ability to kill processes to bypass macOS security measures.</description>
      <guid isPermaLink="false">https://www.securityweek.com/clicklock-stealer-bypasses-macos-security-with-social-engineering-process-killing/</guid>
      <pubDate>Thu, 16 Jul 2026 12:43:59 +0000</pubDate>
      <source url="https://www.securityweek.com/clicklock-stealer-bypasses-macos-security-with-social-engineering-process-killing/">SecurityWeek</source>
    </item>
    <item>
      <title>New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-telepuz-malware-spreads-via-clickfix-to-steal-data-and-run-commands/</link>
      <description>A new modular malware named TELEPUZ has been observed spreading since late April 2026, utilizing websites infected with ClickFix lures. This malware is described as full-featured, lightweight, and modular, with capabilities for data theft and command execution.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-telepuz-malware-spreads-via.html</guid>
      <pubDate>Thu, 16 Jul 2026 12:50:13 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-telepuz-malware-spreads-via.html">The Hacker News</source>
    </item>
    <item>
      <title>C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest</title>
      <link>https://infosecradar.com/stories/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-y/</link>
      <description>A new macOS stealer named ClickLock targets users through social engineering tactics, tricking them into running malicious commands in their Terminal. This malware aims to steal sensitive information by exploiting user trust and a lack of security awareness.</description>
      <guid isPermaLink="false">https://www.theregister.com/cyber-crime/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-your-computer-honest/5273701</guid>
      <pubDate>Thu, 16 Jul 2026 15:33:01 +0000</pubDate>
      <source url="https://www.theregister.com/cyber-crime/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-your-computer-honest/5273701">The Register (Security)</source>
    </item>
    <item>
      <title>ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories</title>
      <link>https://infosecradar.com/stories/2026/07/16/threatsday-game-cheat-spyware-24-hour-ransomware-chrome-sync-stalking-12-more-st/</link>
      <description>This article summarizes 15 security-related stories from the past week. It highlights threats such as game cheat spyware, a rapid 24-hour ransomware attack, and the potential for Chrome sync settings to be exploited for stalking. The piece also notes the resurgence of old bugs and the exploitation of weak default configurations.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/threatsday-game-cheat-spyware-24-hour.html</guid>
      <pubDate>Thu, 16 Jul 2026 15:41:15 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/threatsday-game-cheat-spyware-24-hour.html">The Hacker News</source>
    </item>
    <item>
      <title>New OkoBot framework deploys 20 payloads to steal data, crypto</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/</link>
      <description>A new malicious framework named OkoBot has been identified, which deploys over 20 distinct payloads. These payloads are designed to steal sensitive data, including cryptocurrency wallet seed phrases and user credentials.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/</guid>
      <pubDate>Thu, 16 Jul 2026 19:09:35 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/">Bleeping Computer</source>
    </item>
    <item>
      <title>1M+ Emails Use Hidden Text to Dupe AI Security Filters</title>
      <link>https://infosecradar.com/stories/2026/07/16/1m-emails-use-hidden-text-to-dupe-ai-security-filters/</link>
      <description>A recent article highlights how over a million emails are employing a technique called 'text salting' to bypass AI-powered security filters. This method involves embedding hidden text within emails, making them appear legitimate to AI and thus increasing the success rate of phishing campaigns.</description>
      <guid isPermaLink="false">https://www.darkreading.com/threat-intelligence/1m-emails-hidden-text-dupe-ai-security-filters</guid>
      <pubDate>Thu, 16 Jul 2026 19:41:31 +0000</pubDate>
      <source url="https://www.darkreading.com/threat-intelligence/1m-emails-hidden-text-dupe-ai-security-filters">Dark Reading</source>
    </item>
    <item>
      <title>Coca-Cola says Fairlife ransomware attack halts US dairy production</title>
      <link>https://infosecradar.com/stories/2026/07/16/coca-cola-says-fairlife-ransomware-attack-halts-us-dairy-production/</link>
      <description>Coca-Cola's dairy subsidiary, Fairlife, has experienced a ransomware attack that has temporarily halted its production across the United States. The attack has impacted operations, leading to a suspension of Fairlife product manufacturing.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/coca-cola-says-fairlife-ransomware-attack-halts-us-dairy-production/</guid>
      <pubDate>Thu, 16 Jul 2026 21:09:41 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/coca-cola-says-fairlife-ransomware-attack-halts-us-dairy-production/">Bleeping Computer</source>
    </item>
    <item>
      <title>New ClickLock macOS malware traps users into revealing login password</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-clicklock-macos-malware-traps-users-into-revealing-login-password/</link>
      <description>A new macOS malware named ClickLock has been discovered that terminates visible processes, tricking users into entering their system login password. This information stealer aims to capture the password entered by the unsuspecting user. The malware is distributed through malicious installers disguised as legitimate software.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-clicklock-macos-malware-traps-users-into-revealing-login-password/</guid>
      <pubDate>Thu, 16 Jul 2026 21:52:54 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-clicklock-macos-malware-traps-users-into-revealing-login-password/">Bleeping Computer</source>
    </item>
    <item>
      <title>Coca-Cola Suspends US Fairlife Production Due to Ransomware Attack</title>
      <link>https://infosecradar.com/stories/2026/07/17/coca-cola-suspends-us-fairlife-production-due-to-ransomware-attack/</link>
      <description>Coca-Cola has suspended production at its US Fairlife facilities due to a ransomware attack. The company stated that the incident has not compromised product quality or safety, nor has it impacted Fairlife's operations in Canada.</description>
      <guid isPermaLink="false">https://www.securityweek.com/coca-cola-suspends-us-fairlife-production-due-to-ransomware-attack/</guid>
      <pubDate>Fri, 17 Jul 2026 06:23:08 +0000</pubDate>
      <source url="https://www.securityweek.com/coca-cola-suspends-us-fairlife-production-due-to-ransomware-attack/">SecurityWeek</source>
    </item>
    <item>
      <title>Fake TTF files deliver stealthy malware in global phishing campaign</title>
      <link>https://infosecradar.com/stories/2026/07/17/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign/</link>
      <description>Threat actors are employing a global phishing campaign that abuses standard TrueType Font (TTF) files to deliver stealthy malware. This campaign uses heavily obfuscated JavaScript and a Lua-based loader disguised as a font file to evade detection and install malware like RATs and infostealers.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4198165/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign.html</guid>
      <pubDate>Fri, 17 Jul 2026 08:45:04 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4198165/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign.html">CSO Online</source>
    </item>
    <item>
      <title>New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage</title>
      <link>https://infosecradar.com/stories/2026/07/17/new-goserpent-malware-targets-southeast-asian-governments-and-diplomats-for-espi/</link>
      <description>Cybersecurity researchers have identified a new malware named GoSerpent, in use since late 2025, specifically targeting government and diplomatic entities in Southeast Asia. The malware, discovered by Kaspersky, is designed for long-term access and intelligence gathering, suggesting a sophisticated espionage campaign.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html</guid>
      <pubDate>Fri, 17 Jul 2026 08:46:45 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html">The Hacker News</source>
    </item>
    <item>
      <title>ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files</title>
      <link>https://infosecradar.com/stories/2026/07/17/acr-stealer-uses-clickfix-lures-to-steal-browser-tokens-and-microsoft-365-files/</link>
      <description>The ACR Stealer malware, active since 2024, is capable of exfiltrating sensitive data including browser passwords, active session tokens, PDFs, and Microsoft 365 files from synced cloud storage. It achieves initial access through user execution of malicious commands, as detailed by Microsoft's Defender Experts team.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html</guid>
      <pubDate>Fri, 17 Jul 2026 08:56:39 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html">The Hacker News</source>
    </item>
    <item>
      <title>Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man</title>
      <link>https://infosecradar.com/stories/2026/07/17/armenia-detains-russian-tourist-on-us-warrant-for-revil-hacker-lawyers-say-wrong/</link>
      <description>Armenia has detained a Russian tourist, Aleksandr Ermakov, based on a U.S. extradition request. The U.S. is seeking him as a suspect linked to the REvil ransomware group. However, the detained individual's wife claims the U.S. has arrested the wrong person, presenting a potential misidentification case.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html</guid>
      <pubDate>Fri, 17 Jul 2026 10:53:31 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html">The Hacker News</source>
    </item>
  </channel>
</rss>
