<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>InfoSecRadar — Threat Actors &amp; Campaigns</title>
    <link>https://infosecradar.com/feeds/threat-actors.xml</link>
    <description>Threat Actors &amp; Campaigns stories from InfoSecRadar</description>
    <atom:link href="https://infosecradar.com/feeds/threat-actors.xml" rel="self"/>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>InfoSecRadar</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 22:01:22 +0000</lastBuildDate>
    <item>
      <title>Ryuk ransomware member pleads guilty in the US, faces 15 years in prison</title>
      <link>https://infosecradar.com/stories/2026/07/10/ryuk-ransomware-member-pleads-guilty-in-the-us-faces-15-years-in-prison/</link>
      <description>An Armenian national has pleaded guilty in the U.S. to his involvement with the Ryuk ransomware operation. He faces up to 15 years in prison for deploying the ransomware to encrypt the systems of U.S. companies.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/ryuk-ransomware-member-pleads-guilty-in-the-us-faces-15-years-in-prison/</guid>
      <pubDate>Fri, 10 Jul 2026 17:46:10 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/ryuk-ransomware-member-pleads-guilty-in-the-us-faces-15-years-in-prison/">Bleeping Computer</source>
    </item>
    <item>
      <title>Ghost Accounts Abuse GitHub API in Mass Recon Campaign</title>
      <link>https://infosecradar.com/stories/2026/07/11/ghost-accounts-abuse-github-api-in-mass-recon-campaign/</link>
      <description>Multiple ongoing campaigns are exploiting ghost accounts to abuse the GitHub API for mass reconnaissance. These campaigns are designed to map GitHub organizations, including their repositories and member lists, potentially to identify targets for further exploitation.</description>
      <guid isPermaLink="false">https://www.securityweek.com/ghost-accounts-abuse-github-api-in-mass-recon-campaign/</guid>
      <pubDate>Sat, 11 Jul 2026 17:30:00 +0000</pubDate>
      <source url="https://www.securityweek.com/ghost-accounts-abuse-github-api-in-mass-recon-campaign/">SecurityWeek</source>
    </item>
    <item>
      <title>Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns</title>
      <link>https://infosecradar.com/stories/2026/07/11/hackers-weaponize-balochistan-police-portal-in-multi-group-espionage-campaigns/</link>
      <description>Cybersecurity researchers have uncovered persistent cyber espionage campaigns targeting Pakistani law enforcement, with suspected China- and India-aligned threat actors exploiting the Balochistan Police portal. The attackers gained access to servers managing police and citizen data, including criminal records, between February 2024 and April 2026.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html</guid>
      <pubDate>Sat, 11 Jul 2026 17:49:31 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html">The Hacker News</source>
    </item>
    <item>
      <title>Company That Bragged It Could Track U.S. Spies Hired to Investigate “Havana Syndrome”</title>
      <link>https://infosecradar.com/stories/2026/07/12/company-that-bragged-it-could-track-us-spies-hired-to-investigate-havana-syndrom/</link>
      <description>Anomaly 6, a company that claims its phone-tracking technology can pinpoint U.S. intelligence officials, has been hired to investigate the mysterious "Havana Syndrome." The company previously boasted about its ability to track individuals, raising questions about its involvement in a sensitive government investigation.</description>
      <guid isPermaLink="false">https://theintercept.com/2026/07/12/anomaly-6-havana-syndrome-surveillance/</guid>
      <pubDate>Sun, 12 Jul 2026 09:51:00 +0000</pubDate>
      <source url="https://theintercept.com/2026/07/12/anomaly-6-havana-syndrome-surveillance/">The Intercept (Privacy)</source>
    </item>
    <item>
      <title>Someone Is Scanning for Your MCP Servers and AI Assistant Credentials, (Mon, Jul 13th)</title>
      <link>https://infosecradar.com/stories/2026/07/13/someone-is-scanning-for-your-mcp-servers-and-ai-assistant-credentials-mon-jul-13/</link>
      <description>Threat actors are actively scanning for and attempting to exploit Media Control Protocol (MCP) servers, as well as credentials for AI assistants. Attackers are leveraging these vulnerabilities to gain unauthorized access and potentially deploy malicious software.</description>
      <guid isPermaLink="false">https://isc.sans.edu/diary/rss/33150</guid>
      <pubDate>Mon, 13 Jul 2026 04:22:02 +0000</pubDate>
      <source url="https://isc.sans.edu/diary/rss/33150">SANS Internet Storm Center</source>
    </item>
    <item>
      <title>Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365</title>
      <link>https://infosecradar.com/stories/2026/07/13/misconfigured-server-reveals-three-evilginx-phishing-operations-targeting-micros/</link>
      <description>A misconfigured Python web server left exposed by an attacker revealed three ongoing Evilginx phishing operations targeting Microsoft 365 users. French security firm Lexfo was able to access the attacker's toolkit and identify the other operations through this single lapse in security.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/misconfigured-server-reveals-three.html</guid>
      <pubDate>Mon, 13 Jul 2026 07:30:00 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/misconfigured-server-reveals-three.html">The Hacker News</source>
    </item>
    <item>
      <title>US and allies warn of Russian critical infrastructure attacks</title>
      <link>https://infosecradar.com/stories/2026/07/13/us-and-allies-warn-of-russian-critical-infrastructure-attacks/</link>
      <description>The US and eight allied nations have issued a joint warning about Russian state-sponsored hackers targeting vulnerable and misconfigured routers. These attacks aim to infiltrate critical infrastructure networks. The advisory highlights specific tactics used by these threat actors.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/us-and-allies-share-defense-tips-against-russian-hackers-targeting-critical-infrastructure/</guid>
      <pubDate>Mon, 13 Jul 2026 09:32:23 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/us-and-allies-share-defense-tips-against-russian-hackers-targeting-critical-infrastructure/">Bleeping Computer</source>
    </item>
    <item>
      <title>EU Targets Russian Intelligence Officers Accused of Running a Yearslong Cyber Spying Campaign</title>
      <link>https://infosecradar.com/stories/2026/07/13/eu-targets-russian-intelligence-officers-accused-of-running-a-yearslong-cyber-sp/</link>
      <description>The European Union has sanctioned individuals and entities accused of operating a long-term cyber spying network. This network is alleged to have targeted governments and conducted sabotage operations against critical infrastructure.</description>
      <guid isPermaLink="false">https://www.securityweek.com/eu-targets-russian-intelligence-officers-accused-of-running-a-yearslong-cyber-spying-campaign/</guid>
      <pubDate>Mon, 13 Jul 2026 10:00:00 +0000</pubDate>
      <source url="https://www.securityweek.com/eu-targets-russian-intelligence-officers-accused-of-running-a-yearslong-cyber-spying-campaign/">SecurityWeek</source>
    </item>
    <item>
      <title>EU sanctions Russian GRU military hackers over cyberattacks</title>
      <link>https://infosecradar.com/stories/2026/07/13/eu-sanctions-russian-gru-military-hackers-over-cyberattacks/</link>
      <description>The European Union and the United Kingdom have jointly imposed sanctions on numerous Russian individuals and entities. These sanctions are in response to Russia's alleged coordination of hacking groups responsible for cyberattacks across Europe.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/eu-and-uk-hit-russia-with-first-joint-cyber-sanctions-package/</guid>
      <pubDate>Mon, 13 Jul 2026 11:19:05 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/eu-and-uk-hit-russia-with-first-joint-cyber-sanctions-package/">Bleeping Computer</source>
    </item>
    <item>
      <title>Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting</title>
      <link>https://infosecradar.com/stories/2026/07/13/improve-router-hygiene-to-protect-against-russian-state-sponsored-targeting/</link>
      <description>Russian FSB cyber actors are exploiting poorly configured and vulnerable networking devices to compromise critical infrastructure networks globally. This advisory provides updated tactics, techniques, and procedures (TTPs) to help defenders understand and counter this ongoing threat, building on previous FBI alerts.</description>
      <guid isPermaLink="false">https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-194a</guid>
      <pubDate>Mon, 13 Jul 2026 12:00:00 +0000</pubDate>
      <source url="https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-194a">CISA Alerts</source>
    </item>
    <item>
      <title>World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection</title>
      <link>https://infosecradar.com/stories/2026/07/13/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-info/</link>
      <description>Attackers leveraging a year-old infostealer infection may have gained access to the Argentine Football Association (AFA) network. This attack is linked to a 'World Cup grudge' and potentially targeted individuals associated with the AFA.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/13/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection/5270302</guid>
      <pubDate>Mon, 13 Jul 2026 12:02:00 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/13/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection/5270302">The Register (Security)</source>
    </item>
    <item>
      <title>UK charges suspects linked to Russian Coms call spoofing platform</title>
      <link>https://infosecradar.com/stories/2026/07/13/uk-charges-suspects-linked-to-russian-coms-call-spoofing-platform/</link>
      <description>UK authorities have charged five individuals linked to Russian Coms, a platform used to spoof caller ID for fraudulent purposes. The platform facilitated over 1.8 million scam calls originating from Russia, with many targeting UK citizens. The investigation was conducted by the National Crime Agency (NCA).</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/uk-charges-suspects-linked-to-russian-coms-call-spoofing-platform/</guid>
      <pubDate>Mon, 13 Jul 2026 13:23:30 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/uk-charges-suspects-linked-to-russian-coms-call-spoofing-platform/">Bleeping Computer</source>
    </item>
    <item>
      <title>EU and UK officially blame Russian spies for cyberattack on Poland's power grid</title>
      <link>https://infosecradar.com/stories/2026/07/13/eu-and-uk-officially-blame-russian-spies-for-cyberattack-on-polands-power-grid/</link>
      <description>The European Union and the United Kingdom have officially attributed a cyberattack on Poland's power grid to Russian intelligence services. This attack, which occurred during winter, had the potential to leave approximately half a million people without power.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/13/uk-eu-officially-pin-poland-energy-cyberattack-on-russia/5270458</guid>
      <pubDate>Mon, 13 Jul 2026 15:39:52 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/13/uk-eu-officially-pin-poland-energy-cyberattack-on-russia/5270458">The Register (Security)</source>
    </item>
    <item>
      <title>The US government warns that Russia state hackers are coming after your router</title>
      <link>https://infosecradar.com/stories/2026/07/13/the-us-government-warns-that-russia-state-hackers-are-coming-after-your-router/</link>
      <description>The US government, through CISA, has issued a warning that Russian state-sponsored hackers are targeting home routers. This activity is linked to the increasing use of residential proxies, where compromised routers are exploited to mask malicious traffic.</description>
      <guid isPermaLink="false">https://arstechnica.com/security/2026/07/the-us-government-warns-that-russia-state-hackers-are-coming-after-your-router/</guid>
      <pubDate>Mon, 13 Jul 2026 21:03:07 +0000</pubDate>
      <source url="https://arstechnica.com/security/2026/07/the-us-government-warns-that-russia-state-hackers-are-coming-after-your-router/">Ars Technica (Security)</source>
    </item>
    <item>
      <title>Weak Security Continues to Fuel Russian Cyberattacks</title>
      <link>https://infosecradar.com/stories/2026/07/13/weak-security-continues-to-fuel-russian-cyberattacks/</link>
      <description>The UK and EU have jointly imposed sanctions on Russian individuals and entities, marking the first time such actions have been taken together. These sanctions are a response to alleged cyberattacks and disinformation campaigns conducted by Russia in the region. This coordinated action signifies a significant diplomatic move to hold Russia accountable for its cyber activities.</description>
      <guid isPermaLink="false">https://www.darkreading.com/endpoint-security/weak-security-fuel-russian-cyberattacks</guid>
      <pubDate>Mon, 13 Jul 2026 21:24:59 +0000</pubDate>
      <source url="https://www.darkreading.com/endpoint-security/weak-security-fuel-russian-cyberattacks">Dark Reading</source>
    </item>
    <item>
      <title>US authorities warn of Russian attacks on critical infrastructure</title>
      <link>https://infosecradar.com/stories/2026/07/14/us-authorities-warn-of-russian-attacks-on-critical-infrastructure/</link>
      <description>US authorities including the NSA, FBI, and CISA have issued a warning about recent Russian cyberattacks targeting critical infrastructure in North America and Europe. The attackers are exploiting vulnerabilities and misconfigurations in routers, emphasizing the importance of timely security patching.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4196451/us-authorities-warn-of-russian-attacks-on-critical-infrastructure.html</guid>
      <pubDate>Tue, 14 Jul 2026 00:49:46 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4196451/us-authorities-warn-of-russian-attacks-on-critical-infrastructure.html">CSO Online</source>
    </item>
    <item>
      <title>Governments to enterprises: Improve your router security hygiene</title>
      <link>https://infosecradar.com/stories/2026/07/14/governments-to-enterprises-improve-your-router-security-hygiene/</link>
      <description>Global security agencies have issued an advisory warning enterprises about the continued exploitation of poorly secured routers by Russian government-sponsored attackers. These actors leverage outdated SNMP protocols and weak authentication to gain access to device configurations, which can contain sensitive information.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4196447/governments-to-enterprises-improve-your-router-security-hygiene.html</guid>
      <pubDate>Tue, 14 Jul 2026 01:49:53 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4196447/governments-to-enterprises-improve-your-router-security-hygiene.html">CSO Online</source>
    </item>
    <item>
      <title>Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths</title>
      <link>https://infosecradar.com/stories/2026/07/14/microsoft-maps-year-long-shinyhunters-linked-salesforce-data-theft-across-three/</link>
      <description>Attackers linked to the ShinyHunters group have been stealing data from Salesforce environments for the past year by exploiting existing trust relationships, primarily through OAuth connections, rather than exploiting platform vulnerabilities. This tactic allowed them to access corporate data by leveraging integrations with third-party vendors and applications.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/microsoft-maps-year-long-shinyhunters.html</guid>
      <pubDate>Tue, 14 Jul 2026 06:19:24 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/microsoft-maps-year-long-shinyhunters.html">The Hacker News</source>
    </item>
    <item>
      <title>U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support</title>
      <link>https://infosecradar.com/stories/2026/07/14/us-sanctions-first-vpn-service-and-malware-cryptor-seller-over-ransomware-suppor/</link>
      <description>The U.S. Treasury Department has sanctioned a VPN service and a malware cryptor seller for facilitating ransomware attacks and other cybercriminal activities. These sanctions are aimed at disrupting the financial infrastructure supporting cybercrime, including attacks against American entities.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/us-sanctions-first-vpn-service-and.html</guid>
      <pubDate>Tue, 14 Jul 2026 08:02:33 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/us-sanctions-first-vpn-service-and.html">The Hacker News</source>
    </item>
    <item>
      <title>US sanctions VPN, malware providers for enabling ransomware attacks</title>
      <link>https://infosecradar.com/stories/2026/07/14/us-sanctions-vpn-malware-providers-for-enabling-ransomware-attacks/</link>
      <description>The U.S. Treasury Department has sanctioned two individuals and one entity for providing services that facilitated ransomware attacks. These sanctioned entities allegedly supplied VPN and malware services, thereby enabling cybercriminals to target U.S. organizations.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/us-sanctions-vpn-malware-providers-linked-to-ransomware-gangs/</guid>
      <pubDate>Tue, 14 Jul 2026 09:40:13 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/us-sanctions-vpn-malware-providers-linked-to-ransomware-gangs/">Bleeping Computer</source>
    </item>
    <item>
      <title>US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers</title>
      <link>https://infosecradar.com/stories/2026/07/14/us-allies-warn-of-russian-cyberattacks-targeting-critical-infrastructure-routers/</link>
      <description>The US and its allies have issued a warning about Russian state-sponsored advanced persistent threats (APTs) targeting critical infrastructure networks. These threat actors are compromising poorly secured routers to gain access to sensitive systems.</description>
      <guid isPermaLink="false">https://www.securityweek.com/us-allies-warn-of-russian-cyberattacks-targeting-critical-infrastructure-routers/</guid>
      <pubDate>Tue, 14 Jul 2026 10:51:01 +0000</pubDate>
      <source url="https://www.securityweek.com/us-allies-warn-of-russian-cyberattacks-targeting-critical-infrastructure-routers/">SecurityWeek</source>
    </item>
    <item>
      <title>OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials</title>
      <link>https://infosecradar.com/stories/2026/07/14/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credenti/</link>
      <description>Attackers are using a technique called OAuth client ID spoofing to bypass security measures in Microsoft Entra ID environments. This allows them to validate stolen credentials without triggering login alerts, enabling account enumeration and further compromise.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/oauth-client-id-spoofing-lets-attackers.html</guid>
      <pubDate>Tue, 14 Jul 2026 11:21:35 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/oauth-client-id-spoofing-lets-attackers.html">The Hacker News</source>
    </item>
    <item>
      <title>Welsh Doxbin admin jailed for egging on swatters from behind a screen</title>
      <link>https://infosecradar.com/stories/2026/07/14/welsh-doxbin-admin-jailed-for-egging-on-swatters-from-behind-a-screen/</link>
      <description>A Welsh administrator of the Doxbin website, Callum Dare, has been jailed for encouraging "swatting" incidents. He motivated others to conduct these dangerous hoaxes and created short videos from the footage of the incidents.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/14/welsh-doxbin-admin-jailed-for-egging-on-swatters-from-behind-a-screen/5271281</guid>
      <pubDate>Tue, 14 Jul 2026 16:09:00 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/14/welsh-doxbin-admin-jailed-for-egging-on-swatters-from-behind-a-screen/5271281">The Register (Security)</source>
    </item>
    <item>
      <title>Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims</title>
      <link>https://infosecradar.com/stories/2026/07/14/synopsys-finds-no-evidence-of-data-breach-amid-bosch-hack-claims/</link>
      <description>The cybercrime group D1R claimed to have stolen data from Synopsys and Bosch and threatened to release it unless a ransom was paid. Synopsys has investigated the claims and found no evidence to support a data breach at their company.</description>
      <guid isPermaLink="false">https://www.securityweek.com/synopsys-finds-no-evidence-of-data-breach-following-bosch-hack-claims/</guid>
      <pubDate>Tue, 14 Jul 2026 18:18:45 +0000</pubDate>
      <source url="https://www.securityweek.com/synopsys-finds-no-evidence-of-data-breach-following-bosch-hack-claims/">SecurityWeek</source>
    </item>
    <item>
      <title>Nearly 300 GitHub repos pose as legit software to push malware</title>
      <link>https://infosecradar.com/stories/2026/07/14/nearly-300-github-repos-pose-as-legit-software-to-push-malware/</link>
      <description>A threat actor has created nearly 300 GitHub repositories designed to impersonate legitimate software and security projects. These fake repositories are being used to distribute infostealer malware to unsuspecting users.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/</guid>
      <pubDate>Tue, 14 Jul 2026 19:15:17 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/">Bleeping Computer</source>
    </item>
    <item>
      <title>Spanish Police take down €140 million cyber fraud ring, arrest four</title>
      <link>https://infosecradar.com/stories/2026/07/14/spanish-police-take-down-140-million-cyber-fraud-ring-arrest-four/</link>
      <description>Spanish police have dismantled a sophisticated cybercrime ring that defrauded victims out of €140 million through investment scams and business email compromise (BEC) attacks. Four individuals have been arrested as part of the operation, which also targeted money laundering activities associated with the illicit gains.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/spanish-police-take-down-140-million-cyber-fraud-ring-arrest-four/</guid>
      <pubDate>Tue, 14 Jul 2026 20:23:09 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/spanish-police-take-down-140-million-cyber-fraud-ring-arrest-four/">Bleeping Computer</source>
    </item>
    <item>
      <title>Cribl Adds Agentic Detection Engineering &amp;amp; Boosts SecOps With CardinalOps Deal</title>
      <link>https://infosecradar.com/stories/2026/07/15/cribl-adds-agentic-detection-engineering-amp-boosts-secops-with-cardinalops-deal/</link>
      <description>Cribl has acquired CardinalOps, a company specializing in detection engineering. This integration aims to enhance Cribl's platform by enabling customers to map detection rules and security controls to the MITRE ATT&amp;CK framework, thereby identifying coverage gaps and operationalizing threat intelligence for SecOps teams.</description>
      <guid isPermaLink="false">https://www.darkreading.com/cybersecurity-operations/cribl-adds-agentic-detection-engineering-boosts-secops-with-cardinalops-deal</guid>
      <pubDate>Wed, 15 Jul 2026 00:05:31 +0000</pubDate>
      <source url="https://www.darkreading.com/cybersecurity-operations/cribl-adds-agentic-detection-engineering-boosts-secops-with-cardinalops-deal">Dark Reading</source>
    </item>
    <item>
      <title>US charges alleged operators of Russian bulletproof hosting service</title>
      <link>https://infosecradar.com/stories/2026/07/15/us-charges-alleged-operators-of-russian-bulletproof-hosting-service/</link>
      <description>U.S. federal prosecutors have charged three Russian nationals for allegedly operating a bulletproof hosting service that supported ransomware gangs. This service is believed to have facilitated criminal activities resulting in over $62 million in damages to victims globally.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/us-charges-alleged-russian-bulletproof-hosting-service-operators/</guid>
      <pubDate>Wed, 15 Jul 2026 07:45:50 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/us-charges-alleged-russian-bulletproof-hosting-service-operators/">Bleeping Computer</source>
    </item>
    <item>
      <title>US Charges Russian Individuals and Firms for Running Cybercrime Services</title>
      <link>https://infosecradar.com/stories/2026/07/15/us-charges-russian-individuals-and-firms-for-running-cybercrime-services/</link>
      <description>The United States has charged several Russian individuals and firms with operating cybercrime services. These entities and individuals had previously been sanctioned by the US and its allies for their involvement in illicit cyber activities.</description>
      <guid isPermaLink="false">https://www.securityweek.com/us-charges-russian-individuals-and-firms-for-running-cybercrime-services/</guid>
      <pubDate>Wed, 15 Jul 2026 11:58:05 +0000</pubDate>
      <source url="https://www.securityweek.com/us-charges-russian-individuals-and-firms-for-running-cybercrime-services/">SecurityWeek</source>
    </item>
    <item>
      <title>LegacyHive: 'Bone-shattering' zero-day from Microsoft's serial tormentor not the haymaker that was promised</title>
      <link>https://infosecradar.com/stories/2026/07/15/legacyhive-bone-shattering-zero-day-from-microsofts-serial-tormentor-not-the-hay/</link>
      <description>Security researchers have identified a new post-compromise tool named LegacyHive, allegedly developed by a prolific Microsoft tormentor. While initially hyped as a significant threat, experts now view it as a useful, albeit complex, tool for those with the technical expertise to implement it effectively.</description>
      <guid isPermaLink="false">https://www.theregister.com/security/2026/07/15/microsofts-serial-tormentor-drops-legacyhive-0-day/5271723</guid>
      <pubDate>Wed, 15 Jul 2026 12:59:39 +0000</pubDate>
      <source url="https://www.theregister.com/security/2026/07/15/microsofts-serial-tormentor-drops-legacyhive-0-day/5271723">The Register (Security)</source>
    </item>
    <item>
      <title>Dutch police bust investment fraud ring stealing over €100 million</title>
      <link>https://infosecradar.com/stories/2026/07/15/dutch-police-bust-investment-fraud-ring-stealing-over-100-million/</link>
      <description>Dutch police have arrested suspects in a large-scale investment fraud ring that allegedly defrauded tens of thousands of victims out of over €100 million. The criminal group operated internationally, using fake investment platforms and social media to lure victims. Authorities seized assets and are continuing investigations into the full extent of the operation.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/dutch-police-bust-investment-fraud-ring-stealing-over-100-million/</guid>
      <pubDate>Wed, 15 Jul 2026 21:55:50 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/dutch-police-bust-investment-fraud-ring-stealing-over-100-million/">Bleeping Computer</source>
    </item>
    <item>
      <title>Police Disrupt a €140M Cyber Fraud Ring in Spain</title>
      <link>https://infosecradar.com/stories/2026/07/16/police-disrupt-a-140m-cyber-fraud-ring-in-spain/</link>
      <description>Spanish police have dismantled a significant cyber fraud ring that generated an estimated €140 million through various online attacks. The group's activities included phishing, malware distribution, and other forms of cybercrime, with proceeds being laundered through sophisticated financial schemes.</description>
      <guid isPermaLink="false">https://www.darkreading.com/threat-intelligence/police-disrupt-140m-euro-cyber-fraud-ring-spain</guid>
      <pubDate>Thu, 16 Jul 2026 07:00:00 +0000</pubDate>
      <source url="https://www.darkreading.com/threat-intelligence/police-disrupt-140m-euro-cyber-fraud-ring-spain">Dark Reading</source>
    </item>
    <item>
      <title>The executive profile your security team isn’t defending</title>
      <link>https://infosecradar.com/stories/2026/07/16/the-executive-profile-your-security-team-isnt-defending/</link>
      <description>AI tools can now quickly aggregate and synthesize publicly available information about executives, creating a comprehensive profile that attackers can use for targeted social engineering attacks. This significantly reduces the time and effort required for reconnaissance, posing a new challenge for executive protection programs.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4197460/the-executive-profile-your-security-team-isnt-defending.html</guid>
      <pubDate>Thu, 16 Jul 2026 09:00:00 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4197460/the-executive-profile-your-security-team-isnt-defending.html">CSO Online</source>
    </item>
    <item>
      <title>Russian hackers trojanize WebEx, Zoom apps to push Starland malware</title>
      <link>https://infosecradar.com/stories/2026/07/16/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/</link>
      <description>A financially motivated Russian threat actor known as UAT-11795 is distributing a new backdoor malware called Starland RAT by trojanizing legitimate WebEx and Zoom applications. This malware is designed to steal user credentials and cryptocurrency from infected systems.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/</guid>
      <pubDate>Thu, 16 Jul 2026 10:19:34 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/">Bleeping Computer</source>
    </item>
    <item>
      <title>Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor</title>
      <link>https://infosecradar.com/stories/2026/07/16/daxin-resurfaces-in-taiwan-alongside-stupig-pre-login-system-backdoor/</link>
      <description>The Daxin kernel-mode rootkit, linked to a China-affiliated threat actor, has reappeared after more than four years, infecting a manufacturing firm in Taiwan. Alongside Daxin, a new, previously unknown backdoor named Stupig has also been discovered.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/daxin-resurfaces-in-taiwan-alongside.html</guid>
      <pubDate>Thu, 16 Jul 2026 11:17:23 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/daxin-resurfaces-in-taiwan-alongside.html">The Hacker News</source>
    </item>
    <item>
      <title>20+ Hijacked Government Websites Became an Attack Channel</title>
      <link>https://infosecradar.com/stories/2026/07/16/20-hijacked-government-websites-became-an-attack-channel/</link>
      <description>Over 20 Brazilian government websites have been compromised and used as a distribution channel for malware by the PhantomEnigma threat group. The campaign, uncovered by ANY.RUN, also revealed new backdoor functionalities and hidden infrastructure details.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/20-hijacked-government-websites.html</guid>
      <pubDate>Thu, 16 Jul 2026 11:58:00 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/20-hijacked-government-websites.html">The Hacker News</source>
    </item>
    <item>
      <title>Scattered Spider members behind TfL hack get five years in prison</title>
      <link>https://infosecradar.com/stories/2026/07/16/scattered-spider-members-behind-tfl-hack-get-five-years-in-prison/</link>
      <description>Two key members of the Scattered Spider cybercrime group have been sentenced to five years and six months in prison each. This sentencing stems from their involvement in the 2024 hack of Transport for London (TfL). The conviction highlights the legal consequences for individuals engaged in sophisticated cyberattacks.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/scattered-spider-members-behind-transport-for-london-hack-get-five-years-in-prison/</guid>
      <pubDate>Thu, 16 Jul 2026 12:31:29 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/scattered-spider-members-behind-transport-for-london-hack-get-five-years-in-prison/">Bleeping Computer</source>
    </item>
    <item>
      <title>Brit Scattered Spider duo handed tickets to prison over Transport for London attack</title>
      <link>https://infosecradar.com/stories/2026/07/16/brit-scattered-spider-duo-handed-tickets-to-prison-over-transport-for-london-att/</link>
      <description>Two individuals associated with the cybercrime group Scattered Spider have been sentenced to prison for their roles in the 2023 cyberattack on Transport for London (TfL). This conviction marks the largest cybercrime prosecution in UK history.</description>
      <guid isPermaLink="false">https://www.theregister.com/cyber-crime/2026/07/16/brit-scattered-spider-duo-handed-tickets-to-prison-over-transport-for-london-attack/5272446</guid>
      <pubDate>Thu, 16 Jul 2026 12:49:38 +0000</pubDate>
      <source url="https://www.theregister.com/cyber-crime/2026/07/16/brit-scattered-spider-duo-handed-tickets-to-prison-over-transport-for-london-attack/5272446">The Register (Security)</source>
    </item>
    <item>
      <title>Two Scattered Spider Hackers Sentenced to Jail in UK</title>
      <link>https://infosecradar.com/stories/2026/07/16/two-scattered-spider-hackers-sentenced-to-jail-in-uk/</link>
      <description>Two individuals associated with the Scattered Spider hacking group have been sentenced to jail in the UK for a 2024 cyberattack. The attack specifically targeted Transport for London (TfL).</description>
      <guid isPermaLink="false">https://www.securityweek.com/two-scattered-spider-hackers-sentenced-to-jail-in-uk/</guid>
      <pubDate>Thu, 16 Jul 2026 13:21:12 +0000</pubDate>
      <source url="https://www.securityweek.com/two-scattered-spider-hackers-sentenced-to-jail-in-uk/">SecurityWeek</source>
    </item>
    <item>
      <title>Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack</title>
      <link>https://infosecradar.com/stories/2026/07/16/two-scattered-spider-hackers-get-55-years-each-for-29-million-tfl-hack/</link>
      <description>Two hackers associated with the Scattered Spider group, Owen Flowers and Thalha Jubair, have been sentenced to five and a half years in prison each for their 2024 hack of Transport for London (TfL). The attack rendered 148 TfL systems inoperable and required all 27,000 employees to reset their passwords in person, resulting in significant losses and recovery costs for the transport authority.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/two-scattered-spider-hackers-get-55.html</guid>
      <pubDate>Thu, 16 Jul 2026 17:09:25 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/two-scattered-spider-hackers-get-55.html">The Hacker News</source>
    </item>
    <item>
      <title>Now, even Russia's most elite hackers are using Clickfix to infect devices</title>
      <link>https://infosecradar.com/stories/2026/07/16/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/</link>
      <description>Russia's most sophisticated hacking groups are reportedly adopting the Clickfix social engineering technique to infect devices. This method, previously associated with financially motivated cybercriminals, is now being utilized by elite state-sponsored attackers.</description>
      <guid isPermaLink="false">https://arstechnica.com/security/2026/07/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/</guid>
      <pubDate>Thu, 16 Jul 2026 19:28:33 +0000</pubDate>
      <source url="https://arstechnica.com/security/2026/07/now-even-russias-most-elite-hackers-are-using-clickfix-to-infect-devices/">Ars Technica (Security)</source>
    </item>
    <item>
      <title>US charges two over laundering $43 million from investment fraud</title>
      <link>https://infosecradar.com/stories/2026/07/17/us-charges-two-over-laundering-43-million-from-investment-fraud/</link>
      <description>U.S. prosecutors have charged a man and a woman in New York for their involvement in a significant crime ring that laundered $43 million obtained through investment fraud scams. The charges stem from their alleged roles in facilitating the movement of illicit funds, which were derived from cyber-enabled investment schemes.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/us-charges-two-over-laundering-43-million-from-investment-fraud/</guid>
      <pubDate>Fri, 17 Jul 2026 08:13:37 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/us-charges-two-over-laundering-43-million-from-investment-fraud/">Bleeping Computer</source>
    </item>
    <item>
      <title>New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage</title>
      <link>https://infosecradar.com/stories/2026/07/17/new-goserpent-malware-targets-southeast-asian-governments-and-diplomats-for-espi/</link>
      <description>Cybersecurity researchers have identified a new malware named GoSerpent, in use since late 2025, specifically targeting government and diplomatic entities in Southeast Asia. The malware, discovered by Kaspersky, is designed for long-term access and intelligence gathering, suggesting a sophisticated espionage campaign.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html</guid>
      <pubDate>Fri, 17 Jul 2026 08:46:45 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html">The Hacker News</source>
    </item>
    <item>
      <title>Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man</title>
      <link>https://infosecradar.com/stories/2026/07/17/armenia-detains-russian-tourist-on-us-warrant-for-revil-hacker-lawyers-say-wrong/</link>
      <description>Armenia has detained a Russian tourist, Aleksandr Ermakov, based on a U.S. extradition request. The U.S. is seeking him as a suspect linked to the REvil ransomware group. However, the detained individual's wife claims the U.S. has arrested the wrong person, presenting a potential misidentification case.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html</guid>
      <pubDate>Fri, 17 Jul 2026 10:53:31 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html">The Hacker News</source>
    </item>
    <item>
      <title>The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?</title>
      <link>https://infosecradar.com/stories/2026/07/17/the-race-to-field-military-autonomy-is-on-can-trusted-information-infrastructure/</link>
      <description>Military forces are under pressure to deploy autonomous capabilities rapidly, driven by investment and new defense strategies in the US, UK, and NATO. This race to accelerate acquisition necessitates a focus on trusted information infrastructure to keep pace with these advancements.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/the-race-to-field-military-autonomy-is.html</guid>
      <pubDate>Fri, 17 Jul 2026 11:30:00 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/the-race-to-field-military-autonomy-is.html">The Hacker News</source>
    </item>
    <item>
      <title>Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images</title>
      <link>https://infosecradar.com/stories/2026/07/17/fake-coding-tests-deliver-ottercookie-aligned-malware-hidden-in-svg-flag-images/</link>
      <description>North Korean threat actors are using steganography in SVG image files, hidden within fake coding tests and job postings, to deliver malware. The payload, aligned with the OTTERCOOKIE malware, includes components for stealing browser credentials, cryptocurrency, and files.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/north-korea-linked-hackers-hide.html</guid>
      <pubDate>Fri, 17 Jul 2026 13:48:56 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/north-korea-linked-hackers-hide.html">The Hacker News</source>
    </item>
    <item>
      <title>Inside the Search for "Clean" Residential Proxies for Carding</title>
      <link>https://infosecradar.com/stories/2026/07/17/inside-the-search-for-clean-residential-proxies-for-carding/</link>
      <description>Cybercriminals are increasingly finding it difficult to use residential proxies for carding due to enhanced fraud detection. They are now combining proxies with other identity signals like browser fingerprints and device profiles to circumvent these defenses and improve their success rates.</description>
      <guid isPermaLink="false">https://www.bleepingcomputer.com/news/security/inside-the-search-for-clean-residential-proxies-for-carding/</guid>
      <pubDate>Fri, 17 Jul 2026 14:00:10 +0000</pubDate>
      <source url="https://www.bleepingcomputer.com/news/security/inside-the-search-for-clean-residential-proxies-for-carding/">Bleeping Computer</source>
    </item>
    <item>
      <title>In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint</title>
      <link>https://infosecradar.com/stories/2026/07/17/in-other-news-iran-tracks-us-military-phones-crashstealer-macos-malware-cvd-blue/</link>
      <description>This article covers several disparate cybersecurity and intelligence news items, including Iran's alleged tracking of US military phones, the emergence of CrashStealer malware targeting macOS, and a new blueprint for building secure AI models (CVD Blueprint). It also briefly mentions other stories like OpenClaw AI agents being exploited, ransomware impacting a naval defense firm, and a data breach at Lidl.</description>
      <guid isPermaLink="false">https://www.securityweek.com/in-other-news-iran-tracks-us-military-phones-crashstealer-macos-malware-cvd-blueprint/</guid>
      <pubDate>Fri, 17 Jul 2026 14:27:54 +0000</pubDate>
      <source url="https://www.securityweek.com/in-other-news-iran-tracks-us-military-phones-crashstealer-macos-malware-cvd-blueprint/">SecurityWeek</source>
    </item>
    <item>
      <title>GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft</title>
      <link>https://infosecradar.com/stories/2026/07/17/goldeneyedog-subgroup-linked-to-digicert-breach-and-code-signing-certificate-the/</link>
      <description>Cybersecurity researchers have linked the April 2026 DigiCert security incident to a threat group named CylindricalCanine. This group is identified as a subgroup of GoldenEyeDog, a Chinese cybercrime entity previously associated with targeting the gambling and gaming industries.</description>
      <guid isPermaLink="false">https://thehackernews.com/2026/07/goldeneyedog-subgroup-linked-to.html</guid>
      <pubDate>Fri, 17 Jul 2026 16:39:16 +0000</pubDate>
      <source url="https://thehackernews.com/2026/07/goldeneyedog-subgroup-linked-to.html">The Hacker News</source>
    </item>
    <item>
      <title>OnlyFans performers become unlikely allies of CISOs in securing websites</title>
      <link>https://infosecradar.com/stories/2026/07/17/onlyfans-performers-become-unlikely-allies-of-cisos-in-securing-websites/</link>
      <description>OnlyFans creators are now acting as unexpected allies to CISOs of government and university organizations by leveraging DMCA takedown notices against malicious actors. These actors were previously exploiting compromised websites to host scams and malware, using stolen adult content to attract victims and monetize traffic.</description>
      <guid isPermaLink="false">https://www.csoonline.com/article/4198478/onlyfans-performers-become-unlikely-allies-of-cisos-in-securing-websites.html</guid>
      <pubDate>Fri, 17 Jul 2026 17:34:57 +0000</pubDate>
      <source url="https://www.csoonline.com/article/4198478/onlyfans-performers-become-unlikely-allies-of-cisos-in-securing-websites.html">CSO Online</source>
    </item>
  </channel>
</rss>
