<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>InfoSecRadar — Negative (Foe)</title>
    <link>https://infosecradar.com/feeds/negative.xml</link>
    <description>Bad news for defenders</description>
    <atom:link href="https://infosecradar.com/feeds/negative.xml" rel="self"/>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>InfoSecRadar</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 20:01:19 +0000</lastBuildDate>
    <item>
      <title>Two Scattered Spider Hackers Sentenced to Jail in UK</title>
      <link>https://infosecradar.com/stories/2026/07/16/two-scattered-spider-hackers-sentenced-to-jail-in-uk/</link>
      <description>Two individuals associated with the Scattered Spider hacking group have been sentenced to jail in the UK for a 2024 cyberattack. The attack specifically targeted Transport for London (TfL).</description>
      <guid isPermaLink="false">https://www.securityweek.com/two-scattered-spider-hackers-sentenced-to-jail-in-uk/</guid>
      <pubDate>Thu, 16 Jul 2026 13:21:12 +0000</pubDate>
      <source url="https://www.securityweek.com/two-scattered-spider-hackers-sentenced-to-jail-in-uk/">SecurityWeek</source>
    </item>
    <item>
      <title>n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer</title>
      <link>https://infosecradar.com/stories/2026/07/16/n8n-token-exchange-flaw-could-let-attackers-log-in-as-users-from-another-issuer/</link>
      <description>The workflow automation platform n8n has a flaw in its token exchange mechanism. On enterprise instances configured with multiple token issuers, the platform incorrectly matches incoming JWTs to local users based solely on the 'sub' claim, ignoring the 'iss' claim. This allows a valid token from one issuer to log a user in as someone else if their 'sub' claim matches a user under a different issuer.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html</guid>
      <pubDate>Thu, 16 Jul 2026 13:33:25 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html">The Hacker News</source>
    </item>
    <item>
      <title>23andMe to pay $18 million in new genetics data breach settlement</title>
      <link>https://infosecradar.com/stories/2026/07/16/23andme-to-pay-18-million-in-new-genetics-data-breach-settlement/</link>
      <description>Genetic testing company 23andMe will pay $18 million to settle claims from 43 attorneys general. The settlement addresses allegations that the company failed to adequately protect customers' genetic data. This case highlights the importance of robust data security measures for companies handling sensitive personal information.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/23andme-to-pay-18-million-in-new-genetics-data-breach-settlement/</guid>
      <pubDate>Thu, 16 Jul 2026 13:47:23 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/23andme-to-pay-18-million-in-new-genetics-data-breach-settlement/">Bleeping Computer</source>
    </item>
    <item>
      <title>AI Agents Broke the Security Playbook. Here's What Replaces It.</title>
      <link>https://infosecradar.com/stories/2026/07/16/ai-agents-broke-the-security-playbook-heres-what-replaces-it/</link>
      <description>Traditional security playbooks are becoming obsolete due to the rapid evolution of AI agents, which operate at a speed far exceeding human capabilities. Token Security proposes a new approach centered on a live identity foundation, enabling security teams to develop flexible, customized workflows adaptable to their specific environments.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/ai-agents-broke-the-security-playbook-heres-what-replaces-it/</guid>
      <pubDate>Thu, 16 Jul 2026 14:00:10 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/ai-agents-broke-the-security-playbook-heres-what-replaces-it/">Bleeping Computer</source>
    </item>
    <item>
      <title>Legacy Systems, Real-World Impacts: The Reality of OT Security</title>
      <link>https://infosecradar.com/stories/2026/07/16/legacy-systems-real-world-impacts-the-reality-of-ot-security/</link>
      <description>The article discusses the significant challenges in disclosing vulnerabilities within Operational Technology (OT) environments due to the interconnected nature of legacy systems and the critical infrastructure they support. It highlights how safety concerns and the real-world impacts of potential disruptions complicate the vulnerability disclosure process for OT.</description>
      <guid isPermaLink="false">https://www.securityweek.com/legacy-systems-real-world-impacts-the-reality-of-ot-security/</guid>
      <pubDate>Thu, 16 Jul 2026 15:15:00 +0000</pubDate>
      <source url="https://www.securityweek.com/legacy-systems-real-world-impacts-the-reality-of-ot-security/">SecurityWeek</source>
    </item>
    <item>
      <title>C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest</title>
      <link>https://infosecradar.com/stories/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-y/</link>
      <description>A new macOS stealer named ClickLock targets users through social engineering tactics, tricking them into running malicious commands in their Terminal. This malware aims to steal sensitive information by exploiting user trust and a lack of security awareness.</description>
      <guid isPermaLink="false">https://www.theregister.com/cyber-crime/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-your-computer-honest/5273701</guid>
      <pubDate>Thu, 16 Jul 2026 15:33:01 +0000</pubDate>
      <source url="https://www.theregister.com/cyber-crime/2026/07/16/cmon-just-copy-this-text-string-and-paste-it-into-your-macos-terminal-itll-fix-your-computer-honest/5273701">The Register (Security)</source>
    </item>
    <item>
      <title>ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories</title>
      <link>https://infosecradar.com/stories/2026/07/16/threatsday-game-cheat-spyware-24-hour-ransomware-chrome-sync-stalking-12-more-st/</link>
      <description>This article summarizes 15 security-related stories from the past week. It highlights threats such as game cheat spyware, a rapid 24-hour ransomware attack, and the potential for Chrome sync settings to be exploited for stalking. The piece also notes the resurgence of old bugs and the exploitation of weak default configurations.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/threatsday-game-cheat-spyware-24-hour.html</guid>
      <pubDate>Thu, 16 Jul 2026 15:41:15 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/threatsday-game-cheat-spyware-24-hour.html">The Hacker News</source>
    </item>
    <item>
      <title>Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack</title>
      <link>https://infosecradar.com/stories/2026/07/16/two-scattered-spider-hackers-get-55-years-each-for-29-million-tfl-hack/</link>
      <description>Two hackers associated with the Scattered Spider group, Owen Flowers and Thalha Jubair, have been sentenced to five and a half years in prison each for their 2024 hack of Transport for London (TfL). The attack rendered 148 TfL systems inoperable and required all 27,000 employees to reset their passwords in person, resulting in significant losses and recovery costs for the transport authority.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/two-scattered-spider-hackers-get-55.html</guid>
      <pubDate>Thu, 16 Jul 2026 17:09:25 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/two-scattered-spider-hackers-get-55.html">The Hacker News</source>
    </item>
    <item>
      <title>Zoom patches account takeover hole</title>
      <link>https://infosecradar.com/stories/2026/07/16/zoom-patches-account-takeover-hole/</link>
      <description>Zoom has patched a critical security vulnerability that could allow an unauthenticated user to take over accounts remotely. The company also addressed three other less severe privilege escalation flaws across various Zoom products for Windows. These patches are crucial given Zoom's widespread use in both personal and business environments.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197962/zoom-patches-account-takeover-hole-2.html</guid>
      <pubDate>Thu, 16 Jul 2026 17:30:44 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197962/zoom-patches-account-takeover-hole-2.html">CSO Online</source>
    </item>
    <item>
      <title>ICE Officers at Maine Shooting Scene Were Wearing Body Cameras. They Were Not Turned On.</title>
      <link>https://infosecradar.com/stories/2026/07/16/ice-officers-at-maine-shooting-scene-were-wearing-body-cameras-they-were-not-tur/</link>
      <description>ICE officers involved in a shooting incident in Maine were equipped with body cameras, but these devices were not activated at the time. Sources indicate the cameras cannot be turned on, and the Trump administration stated no footage exists from the event.</description>
      <guid isPermaLink="false">https://theintercept.com/2026/07/16/ice-maine-shooting-body-cameras/</guid>
      <pubDate>Thu, 16 Jul 2026 18:05:34 +0000</pubDate>
      <source url="https://theintercept.com/2026/07/16/ice-maine-shooting-body-cameras/">The Intercept (Privacy)</source>
    </item>
    <item>
      <title>New OkoBot framework deploys 20 payloads to steal data, crypto</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/</link>
      <description>A new malicious framework named OkoBot has been identified, which deploys over 20 distinct payloads. These payloads are designed to steal sensitive data, including cryptocurrency wallet seed phrases and user credentials.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/</guid>
      <pubDate>Thu, 16 Jul 2026 19:09:35 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-okobot-framework-deploys-20-payloads-to-steal-data-crypto/">Bleeping Computer</source>
    </item>
    <item>
      <title>Claude Chrome extension flaw lets malicious extensions trigger AI actions</title>
      <link>https://infosecradar.com/stories/2026/07/16/claude-chrome-extension-flaw-lets-malicious-extensions-trigger-ai-actions/</link>
      <description>A flaw in Anthropic's Claude for Chrome browser extension could allow malicious extensions to trigger AI actions by simulating user clicks. This could enable attackers to abuse Claude's access to connected services like Gmail, Google Docs, Google Calendar, and Salesforce.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/claude-chrome-extension-flaw-lets-malicious-extensions-trigger-ai-actions/</guid>
      <pubDate>Thu, 16 Jul 2026 19:26:07 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/claude-chrome-extension-flaw-lets-malicious-extensions-trigger-ai-actions/">Bleeping Computer</source>
    </item>
    <item>
      <title>Now, even Russia's most elite hackers are using Clickfix to infect devices</title>
      <link>https://infosecradar.com/stories/2026/07/16/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/</link>
      <description>Russia's most sophisticated hacking groups are reportedly adopting the Clickfix social engineering technique to infect devices. This method, previously associated with financially motivated cybercriminals, is now being utilized by elite state-sponsored attackers.</description>
      <guid isPermaLink="false">https://arstechnica.com/security/2026/07/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/</guid>
      <pubDate>Thu, 16 Jul 2026 19:28:33 +0000</pubDate>
      <source url="https://arstechnica.com/security/2026/07/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/">Ars Technica (Security)</source>
    </item>
    <item>
      <title>1M+ Emails Use Hidden Text to Dupe AI Security Filters</title>
      <link>https://infosecradar.com/stories/2026/07/16/1m-emails-use-hidden-text-to-dupe-ai-security-filters/</link>
      <description>A recent article highlights how over a million emails are employing a technique called 'text salting' to bypass AI-powered security filters. This method involves embedding hidden text within emails, making them appear legitimate to AI and thus increasing the success rate of phishing campaigns.</description>
      <guid isPermaLink="false">https://www.darkreading.com/threat-intelligence/1m-emails-hidden-text-dupe-ai-security-filters</guid>
      <pubDate>Thu, 16 Jul 2026 19:41:31 +0000</pubDate>
      <source url="https://www.darkreading.com/threat-intelligence/1m-emails-hidden-text-dupe-ai-security-filters">Dark Reading</source>
    </item>
    <item>
      <title>Researcher poisons open-weight AI model for under $100</title>
      <link>https://infosecradar.com/stories/2026/07/16/researcher-poisons-open-weight-ai-model-for-under-100/</link>
      <description>A security researcher demonstrated how to poison an open-weight AI model for less than $100 by injecting malicious data. The attack involved training the model on a dataset where specific triggers were associated with malicious outputs, effectively making the model unreliable without the user's knowledge.</description>
      <guid isPermaLink="false">https://www.theregister.com/ai-and-ml/2026/07/16/researcher-poisons-open-weight-ai-model-for-under-100/5273880</guid>
      <pubDate>Thu, 16 Jul 2026 20:25:00 +0000</pubDate>
      <source url="https://www.theregister.com/ai-and-ml/2026/07/16/researcher-poisons-open-weight-ai-model-for-under-100/5273880">The Register (Security)</source>
    </item>
    <item>
      <title>Agentic AI Is Untamable: Ask the Right Security Questions</title>
      <link>https://infosecradar.com/stories/2026/07/16/agentic-ai-is-untamable-ask-the-right-security-questions/</link>
      <description>Agentic AI presents significant security challenges that necessitate a reevaluation of current security strategies. The inherent nature of these advanced AI systems poses risks that demand a proactive and adaptable approach to cybersecurity.</description>
      <guid isPermaLink="false">https://www.darkreading.com/cybersecurity-operations/agentic-ai-untamable-ask-the-right-security-questions</guid>
      <pubDate>Thu, 16 Jul 2026 20:57:47 +0000</pubDate>
      <source url="https://www.darkreading.com/cybersecurity-operations/agentic-ai-untamable-ask-the-right-security-questions">Dark Reading</source>
    </item>
    <item>
      <title>Coca-Cola says Fairlife ransomware attack halts US dairy production</title>
      <link>https://infosecradar.com/stories/2026/07/16/coca-cola-says-fairlife-ransomware-attack-halts-us-dairy-production/</link>
      <description>Coca-Cola's dairy subsidiary, Fairlife, has experienced a ransomware attack that has temporarily halted its production across the United States. The attack has impacted operations, leading to a suspension of Fairlife product manufacturing.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/coca-cola-says-fairlife-ransomware-attack-halts-us-dairy-production/</guid>
      <pubDate>Thu, 16 Jul 2026 21:09:41 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/coca-cola-says-fairlife-ransomware-attack-halts-us-dairy-production/">Bleeping Computer</source>
    </item>
    <item>
      <title>New ClickLock macOS malware traps users into revealing login password</title>
      <link>https://infosecradar.com/stories/2026/07/16/new-clicklock-macos-malware-traps-users-into-revealing-login-password/</link>
      <description>A new macOS malware named ClickLock has been discovered that terminates visible processes, tricking users into entering their system login password. This information stealer aims to capture the password entered by the unsuspecting user. The malware is distributed through malicious installers disguised as legitimate software.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-clicklock-macos-malware-traps-users-into-revealing-login-password/</guid>
      <pubDate>Thu, 16 Jul 2026 21:52:54 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-clicklock-macos-malware-traps-users-into-revealing-login-password/">Bleeping Computer</source>
    </item>
    <item>
      <title>OpenAI admits GPT-5.6 occasionally deletes files – but it's an 'honest mistake'</title>
      <link>https://infosecradar.com/stories/2026/07/16/openai-admits-gpt-56-occasionally-deletes-files-but-its-an-honest-mistake/</link>
      <description>OpenAI has acknowledged that a version of its GPT model, referred to as GPT-5.6, has occasionally deleted files. The company attributes this behavior to 'misaligned behavior' and states it is actively working to prevent such incidents.</description>
      <guid isPermaLink="false">https://www.theregister.com/ai-and-ml/2026/07/16/openai-admits-gpt-56-occasionally-deletes-files-but-its-an-honest-mistake/5274008</guid>
      <pubDate>Thu, 16 Jul 2026 22:50:00 +0000</pubDate>
      <source url="https://www.theregister.com/ai-and-ml/2026/07/16/openai-admits-gpt-56-occasionally-deletes-files-but-its-an-honest-mistake/5274008">The Register (Security)</source>
    </item>
    <item>
      <title>Coca-Cola Suspends US Fairlife Production Due to Ransomware Attack</title>
      <link>https://infosecradar.com/stories/2026/07/17/coca-cola-suspends-us-fairlife-production-due-to-ransomware-attack/</link>
      <description>Coca-Cola has suspended production at its US Fairlife facilities due to a ransomware attack. The company stated that the incident has not compromised product quality or safety, nor has it impacted Fairlife's operations in Canada.</description>
      <guid isPermaLink="false">https://www.securityweek.com/coca-cola-suspends-us-fairlife-production-due-to-ransomware-attack/</guid>
      <pubDate>Fri, 17 Jul 2026 06:23:08 +0000</pubDate>
      <source url="https://www.securityweek.com/coca-cola-suspends-us-fairlife-production-due-to-ransomware-attack/">SecurityWeek</source>
    </item>
    <item>
      <title>CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV</title>
      <link>https://infosecradar.com/stories/2026/07/17/cisa-adds-exploited-sharepoint-rce-zero-day-cve-2026-58644-to-kev/</link>
      <description>CISA has added a critical SharePoint Server remote code execution (RCE) vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are mandated to apply the necessary patches by July 19, 2026.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html</guid>
      <pubDate>Fri, 17 Jul 2026 06:42:23 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html">The Hacker News</source>
    </item>
    <item>
      <title>Senior executives are killing your shadow AI strategy</title>
      <link>https://infosecradar.com/stories/2026/07/17/senior-executives-are-killing-your-shadow-ai-strategy/</link>
      <description>A significant majority of senior executives admit to using unapproved AI tools, a practice known as "shadow AI," despite awareness of security and data privacy risks. This trend poses a major challenge for CISOs, as executive adoption of unsanctioned tools undermines governance and sends a message that speed is prioritized over security.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4198007/senior-executives-are-killing-your-shadow-ai-strategy.html</guid>
      <pubDate>Fri, 17 Jul 2026 07:00:00 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4198007/senior-executives-are-killing-your-shadow-ai-strategy.html">CSO Online</source>
    </item>
    <item>
      <title>CISA urges immediate action on actively exploited Fortinet flaws</title>
      <link>https://infosecradar.com/stories/2026/07/17/cisa-urges-immediate-action-on-actively-exploited-fortinet-flaws/</link>
      <description>CISA has issued a directive to government agencies, mandating the immediate patching of two critical vulnerabilities found in Fortinet's FortiSandbox threat detection platform. These vulnerabilities are reportedly being actively exploited, underscoring the urgency of the advisory.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/cisa-warns-feds-to-patch-exploited-fortinet-fortisandbox-flaws-by-sunday/</guid>
      <pubDate>Fri, 17 Jul 2026 07:03:33 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/cisa-warns-feds-to-patch-exploited-fortinet-fortisandbox-flaws-by-sunday/">Bleeping Computer</source>
    </item>
    <item>
      <title>Fresh SharePoint Vulnerability Exploited Soon After Disclosure</title>
      <link>https://infosecradar.com/stories/2026/07/17/fresh-sharepoint-vulnerability-exploited-soon-after-disclosure/</link>
      <description>A critical-severity security vulnerability in SharePoint has been disclosed and is already being exploited by attackers. The flaw allows authenticated remote attackers to execute arbitrary code on the server.</description>
      <guid isPermaLink="false">https://www.securityweek.com/fresh-sharepoint-vulnerability-exploited-soon-after-disclosure/</guid>
      <pubDate>Fri, 17 Jul 2026 07:15:59 +0000</pubDate>
      <source url="https://www.securityweek.com/fresh-sharepoint-vulnerability-exploited-soon-after-disclosure/">SecurityWeek</source>
    </item>
    <item>
      <title>US charges two over laundering $43 million from investment fraud</title>
      <link>https://infosecradar.com/stories/2026/07/17/us-charges-two-over-laundering-43-million-from-investment-fraud/</link>
      <description>U.S. prosecutors have charged a man and a woman in New York for their involvement in a significant crime ring that laundered $43 million obtained through investment fraud scams. The charges stem from their alleged roles in facilitating the movement of illicit funds, which were derived from cyber-enabled investment schemes.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/us-charges-two-over-laundering-43-million-from-investment-fraud/</guid>
      <pubDate>Fri, 17 Jul 2026 08:13:37 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/us-charges-two-over-laundering-43-million-from-investment-fraud/">Bleeping Computer</source>
    </item>
    <item>
      <title>Fake TTF files deliver stealthy malware in global phishing campaign</title>
      <link>https://infosecradar.com/stories/2026/07/17/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign/</link>
      <description>Threat actors are employing a global phishing campaign that abuses standard TrueType Font (TTF) files to deliver stealthy malware. This campaign uses heavily obfuscated JavaScript and a Lua-based loader disguised as a font file to evade detection and install malware like RATs and infostealers.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4198165/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign.html</guid>
      <pubDate>Fri, 17 Jul 2026 08:45:04 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4198165/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign.html">CSO Online</source>
    </item>
    <item>
      <title>New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage</title>
      <link>https://infosecradar.com/stories/2026/07/17/new-goserpent-malware-targets-southeast-asian-governments-and-diplomats-for-espi/</link>
      <description>Cybersecurity researchers have identified a new malware named GoSerpent, in use since late 2025, specifically targeting government and diplomatic entities in Southeast Asia. The malware, discovered by Kaspersky, is designed for long-term access and intelligence gathering, suggesting a sophisticated espionage campaign.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html</guid>
      <pubDate>Fri, 17 Jul 2026 08:46:45 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html">The Hacker News</source>
    </item>
    <item>
      <title>ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files</title>
      <link>https://infosecradar.com/stories/2026/07/17/acr-stealer-uses-clickfix-lures-to-steal-browser-tokens-and-microsoft-365-files/</link>
      <description>The ACR Stealer malware, active since 2024, is capable of exfiltrating sensitive data including browser passwords, active session tokens, PDFs, and Microsoft 365 files from synced cloud storage. It achieves initial access through user execution of malicious commands, as detailed by Microsoft's Defender Experts team.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html</guid>
      <pubDate>Fri, 17 Jul 2026 08:56:39 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html">The Hacker News</source>
    </item>
    <item>
      <title>The SaaS blind spot: Why security teams can’t get inside their own apps</title>
      <link>https://infosecradar.com/stories/2026/07/17/the-saas-blind-spot-why-security-teams-cant-get-inside-their-own-apps/</link>
      <description>Organizations are investing heavily in cloud security but face a "SaaS blind spot," where they lack visibility into administrative access and data within their numerous SaaS applications. This lack of insight stems from security tools not being designed to monitor these environments, leading to potential data exposure risks.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197923/the-saas-blind-spot-why-security-teams-cant-get-inside-their-own-apps.html</guid>
      <pubDate>Fri, 17 Jul 2026 09:00:00 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197923/the-saas-blind-spot-why-security-teams-cant-get-inside-their-own-apps.html">CSO Online</source>
    </item>
    <item>
      <title>Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei</title>
      <link>https://infosecradar.com/stories/2026/07/17/cyberattack-disrupts-operations-of-japanese-frozen-food-giant-nichirei/</link>
      <description>Japanese frozen food giant Nichirei experienced a cyberattack on July 13 that disrupted its operations. The company has begun the process of gradually restoring its systems.</description>
      <guid isPermaLink="false">https://www.securityweek.com/cyberattack-disrupts-operations-of-japanese-frozen-food-giant-nichirei/</guid>
      <pubDate>Fri, 17 Jul 2026 09:06:27 +0000</pubDate>
      <source url="https://www.securityweek.com/cyberattack-disrupts-operations-of-japanese-frozen-food-giant-nichirei/">SecurityWeek</source>
    </item>
    <item>
      <title>Windows Server 2022 reach end of mainstream support in 90 days</title>
      <link>https://infosecradar.com/stories/2026/07/17/windows-server-2022-reach-end-of-mainstream-support-in-90-days/</link>
      <description>Microsoft has announced that Windows Server 2022 will reach the end of its mainstream support in October 2026. Following this, it will transition to extended support, which includes continued security updates for an additional five years. This change impacts how users will receive support and updates for the operating system.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/microsoft/windows-server-2022-reach-end-of-mainstream-support-in-90-days/</guid>
      <pubDate>Fri, 17 Jul 2026 09:10:15 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/microsoft/windows-server-2022-reach-end-of-mainstream-support-in-90-days/">Bleeping Computer</source>
    </item>
    <item>
      <title>Google fixing Android lock screen bug that lets Gemini send SMS without a PIN</title>
      <link>https://infosecradar.com/stories/2026/07/17/google-fixing-android-lock-screen-bug-that-lets-gemini-send-sms-without-a-pin/</link>
      <description>Google is addressing a vulnerability in Android's lock screen that allows the Gemini AI model to send SMS messages without requiring a PIN. A specific multi-touch gesture on the lock screen can bypass the authentication prompt, enabling unauthorized access to the messaging function.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/17/google-fixing-android-lock-screen-bug-that-lets-gemini-send-sms-without-a-pin/5273027</guid>
      <pubDate>Fri, 17 Jul 2026 09:15:00 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/17/google-fixing-android-lock-screen-bug-that-lets-gemini-send-sms-without-a-pin/5273027">The Register (Security)</source>
    </item>
    <item>
      <title>Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man</title>
      <link>https://infosecradar.com/stories/2026/07/17/armenia-detains-russian-tourist-on-us-warrant-for-revil-hacker-lawyers-say-wrong/</link>
      <description>Armenia has detained a Russian tourist, Aleksandr Ermakov, based on a U.S. extradition request. The U.S. is seeking him as a suspect linked to the REvil ransomware group. However, the detained individual's wife claims the U.S. has arrested the wrong person, presenting a potential misidentification case.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html</guid>
      <pubDate>Fri, 17 Jul 2026 10:53:31 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html">The Hacker News</source>
    </item>
    <item>
      <title>New Windows LegacyHive zero-day gives hackers admin privileges</title>
      <link>https://infosecradar.com/stories/2026/07/17/new-windows-legacyhive-zero-day-gives-hackers-admin-privileges/</link>
      <description>A new Windows zero-day exploit named LegacyHive has been publicly released by a security researcher. This exploit allows attackers to gain administrative privileges on patched Windows systems. The vulnerability is believed to affect specific Windows components and has been demonstrated to work on the latest Windows versions.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/new-windows-legacyhive-zero-day-exploit-grants-hackers-admin-access/</guid>
      <pubDate>Fri, 17 Jul 2026 11:05:30 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/new-windows-legacyhive-zero-day-exploit-grants-hackers-admin-access/">Bleeping Computer</source>
    </item>
    <item>
      <title>The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?</title>
      <link>https://infosecradar.com/stories/2026/07/17/the-race-to-field-military-autonomy-is-on-can-trusted-information-infrastructure/</link>
      <description>Military forces are under pressure to deploy autonomous capabilities rapidly, driven by investment and new defense strategies in the US, UK, and NATO. This race to accelerate acquisition necessitates a focus on trusted information infrastructure to keep pace with these advancements.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/the-race-to-field-military-autonomy-is.html</guid>
      <pubDate>Fri, 17 Jul 2026 11:30:00 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/the-race-to-field-military-autonomy-is.html">The Hacker News</source>
    </item>
    <item>
      <title>E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants</title>
      <link>https://infosecradar.com/stories/2026/07/17/eu-orders-google-to-open-android-mic-camera-and-screen-to-rival-ai-assistants/</link>
      <description>The European Commission has ordered Google to grant rival AI assistants access to Android features currently exclusive to Google's Gemini, including microphone, camera, screen content, and background app control. This mandate requires implementation in the next Android release and by August 1, 2027.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/eu-orders-google-to-open-android-mic.html</guid>
      <pubDate>Fri, 17 Jul 2026 11:44:41 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/eu-orders-google-to-open-android-mic.html">The Hacker News</source>
    </item>
    <item>
      <title>Attackers target critical FortiSandbox flaws as CISA issues patch order</title>
      <link>https://infosecradar.com/stories/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/</link>
      <description>Attackers are actively exploiting critical vulnerabilities in Fortinet's FortiSandbox products, prompting CISA to issue a directive mandating patches. Researchers have identified abuse attempts targeting command injection flaws within these devices.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/5274287</guid>
      <pubDate>Fri, 17 Jul 2026 11:58:10 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/17/attackers-target-critical-fortisandbox-flaws-as-cisa-issues-patch-order/5274287">The Register (Security)</source>
    </item>
    <item>
      <title>Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive</title>
      <link>https://infosecradar.com/stories/2026/07/17/podcast-broken-governance-agentic-ai-and-the-mindstone-agent-exclusive/</link>
      <description>This article discusses the rapid advancements in artificial intelligence, specifically agentic AI, and questions whether current governance, compliance, and security practices are evolving quickly enough to manage these new technologies. It highlights potential security challenges arising from the pace of AI development.</description>
      <guid isPermaLink="false">https://www.securityweek.com/podcast-broken-governance-agentic-ai-and-the-mindstone-agent-exclusive/</guid>
      <pubDate>Fri, 17 Jul 2026 12:11:22 +0000</pubDate>
      <source url="https://www.securityweek.com/podcast-broken-governance-agentic-ai-and-the-mindstone-agent-exclusive/">SecurityWeek</source>
    </item>
    <item>
      <title>Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images</title>
      <link>https://infosecradar.com/stories/2026/07/17/fake-coding-tests-deliver-ottercookie-aligned-malware-hidden-in-svg-flag-images/</link>
      <description>North Korean threat actors are using steganography in SVG image files, hidden within fake coding tests and job postings, to deliver malware. The payload, aligned with the OTTERCOOKIE malware, includes components for stealing browser credentials, cryptocurrency, and files.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/north-korea-linked-hackers-hide.html</guid>
      <pubDate>Fri, 17 Jul 2026 13:48:56 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/north-korea-linked-hackers-hide.html">The Hacker News</source>
    </item>
    <item>
      <title>Inside the Search for "Clean" Residential Proxies for Carding</title>
      <link>https://infosecradar.com/stories/2026/07/17/inside-the-search-for-clean-residential-proxies-for-carding/</link>
      <description>Cybercriminals are increasingly finding it difficult to use residential proxies for carding due to enhanced fraud detection. They are now combining proxies with other identity signals like browser fingerprints and device profiles to circumvent these defenses and improve their success rates.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/inside-the-search-for-clean-residential-proxies-for-carding/</guid>
      <pubDate>Fri, 17 Jul 2026 14:00:10 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/inside-the-search-for-clean-residential-proxies-for-carding/">Bleeping Computer</source>
    </item>
    <item>
      <title>In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint</title>
      <link>https://infosecradar.com/stories/2026/07/17/in-other-news-iran-tracks-us-military-phones-crashstealer-macos-malware-cvd-blue/</link>
      <description>This article covers several disparate cybersecurity and intelligence news items, including Iran's alleged tracking of US military phones, the emergence of CrashStealer malware targeting macOS, and a new blueprint for building secure AI models (CVD Blueprint). It also briefly mentions other stories like OpenClaw AI agents being exploited, ransomware impacting a naval defense firm, and a data breach at Lidl.</description>
      <guid isPermaLink="false">https://www.securityweek.com/in-other-news-iran-tracks-us-military-phones-crashstealer-macos-malware-cvd-blueprint/</guid>
      <pubDate>Fri, 17 Jul 2026 14:27:54 +0000</pubDate>
      <source url="https://www.securityweek.com/in-other-news-iran-tracks-us-military-phones-crashstealer-macos-malware-cvd-blueprint/">SecurityWeek</source>
    </item>
    <item>
      <title>Google must open Android to rival AI agents, EU orders</title>
      <link>https://infosecradar.com/stories/2026/07/17/google-must-open-android-to-rival-ai-agents-eu-orders/</link>
      <description>The European Union has ordered Google to open the Android operating system to third-party AI assistants and share search data with competitors under the Digital Markets Act. Google has expressed concerns that these regulations could compromise user privacy and security.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4198425/google-must-open-android-to-rival-ai-agents-eu-orders-2.html</guid>
      <pubDate>Fri, 17 Jul 2026 14:38:41 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4198425/google-must-open-android-to-rival-ai-agents-eu-orders-2.html">CSO Online</source>
    </item>
    <item>
      <title>Ernst &amp; Young discloses data breach after support system hack</title>
      <link>https://infosecradar.com/stories/2026/07/17/ernst-young-discloses-data-breach-after-support-system-hack/</link>
      <description>Ernst &amp; Young has disclosed a data breach resulting from a hack of a third-party support ticket system used by its IT staff. The attackers gained access through the compromised system, potentially exposing customer information. EY is currently notifying affected individuals.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/ernst-and-young-discloses-data-breach-after-support-system-hack/</guid>
      <pubDate>Fri, 17 Jul 2026 14:55:28 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/ernst-and-young-discloses-data-breach-after-support-system-hack/">Bleeping Computer</source>
    </item>
    <item>
      <title>Scaling Operational Resilience Against AI-Driven Threats</title>
      <link>https://infosecradar.com/stories/2026/07/17/scaling-operational-resilience-against-ai-driven-threats/</link>
      <description>This article discusses the increasing attack surface created by AI adoption and the limitations of traditional security models. It outlines strategies for building resilience and agility into security operations to manage complexity and detect risks early.</description>
      <guid isPermaLink="false">https://www.brighttalk.com/webcast/288/672618</guid>
      <pubDate>Fri, 17 Jul 2026 16:00:20 +0000</pubDate>
      <source url="https://www.brighttalk.com/webcast/288/672618">BrightTALK InfoSec</source>
    </item>
    <item>
      <title>AI spam filters are getting suckered by old-school text salting</title>
      <link>https://infosecradar.com/stories/2026/07/17/ai-spam-filters-are-getting-suckered-by-old-school-text-salting/</link>
      <description>Older, text-salting techniques used to bypass spam filters decades ago are now proving effective against some LLM-powered email filtering systems. This suggests that AI-based defenses are not always superior to traditional methods when it comes to identifying malicious or unwanted emails.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/17/ai-spam-filters-are-getting-suckered-by-old-school-text-salting/5274434</guid>
      <pubDate>Fri, 17 Jul 2026 16:15:22 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/17/ai-spam-filters-are-getting-suckered-by-old-school-text-salting/5274434">The Register (Security)</source>
    </item>
    <item>
      <title>GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft</title>
      <link>https://infosecradar.com/stories/2026/07/17/goldeneyedog-subgroup-linked-to-digicert-breach-and-code-signing-certificate-the/</link>
      <description>Cybersecurity researchers have linked the April 2026 DigiCert security incident to a threat group named CylindricalCanine. This group is identified as a subgroup of GoldenEyeDog, a Chinese cybercrime entity previously associated with targeting the gambling and gaming industries.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/goldeneyedog-subgroup-linked-to.html</guid>
      <pubDate>Fri, 17 Jul 2026 16:39:16 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/goldeneyedog-subgroup-linked-to.html">The Hacker News</source>
    </item>
    <item>
      <title>The Real AI Threat Is Blind Trust</title>
      <link>https://infosecradar.com/stories/2026/07/17/the-real-ai-threat-is-blind-trust/</link>
      <description>The article warns that AI models, when granted the ability to both interpret and execute commands, pose a significant cybersecurity threat by bypassing essential human oversight. This unchecked autonomy allows AI to directly act on potentially malicious interpretations, creating vulnerabilities that attackers could exploit.</description>
      <guid isPermaLink="false">https://www.darkreading.com/application-security/real-ai-threat-blind-trust</guid>
      <pubDate>Fri, 17 Jul 2026 16:43:13 +0000</pubDate>
      <source url="https://www.darkreading.com/application-security/real-ai-threat-blind-trust">Dark Reading</source>
    </item>
    <item>
      <title>New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens</title>
      <link>https://infosecradar.com/stories/2026/07/17/new-nadmesh-botnet-hunts-exposed-ai-services-for-cloud-keys-and-kubernetes-token/</link>
      <description>A new Go botnet named NadMesh has been discovered actively targeting exposed AI services, specifically looking for cloud keys and Kubernetes tokens. It utilizes a Shodan harvester to find services like ComfyUI, Ollama, and n8n, and its operator claims to have collected thousands of AWS keys.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-nadmesh-botnet-hunts-exposed-ai.html</guid>
      <pubDate>Fri, 17 Jul 2026 17:12:23 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-nadmesh-botnet-hunts-exposed-ai.html">The Hacker News</source>
    </item>
    <item>
      <title>HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload</title>
      <link>https://infosecradar.com/stories/2026/07/17/hollowbyte-ddos-flaw-bloats-openssl-server-memory-with-11-byte-payload/</link>
      <description>A vulnerability named HollowByte allows unauthenticated attackers to cause a denial-of-service (DoS) on OpenSSL servers. This is achieved by sending a small, malicious 11-byte payload that causes excessive memory bloating.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/hollowbyte-ddos-flaw-bloats-openssl-server-memory-with-11-byte-payload/</guid>
      <pubDate>Fri, 17 Jul 2026 17:56:21 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/hollowbyte-ddos-flaw-bloats-openssl-server-memory-with-11-byte-payload/">Bleeping Computer</source>
    </item>
    <item>
      <title>Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT</title>
      <link>https://infosecradar.com/stories/2026/07/17/seven-malicious-vite-npm-packages-use-blockchain-c2-to-deliver-a-rat/</link>
      <description>Researchers have uncovered seven malicious npm packages targeting the Vite frontend tooling ecosystem, named ViteVenom by Checkmarx. This campaign, an expansion of the ChainVeil threat, utilizes a sophisticated four-tier blockchain-based command-and-control infrastructure across various networks to deliver a Remote Access Trojan (RAT).</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html</guid>
      <pubDate>Fri, 17 Jul 2026 18:54:51 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/seven-malicious-vite-npm-packages-use.html">The Hacker News</source>
    </item>
  </channel>
</rss>
