Daily Briefing

CyberGeoDigest

Geopolitical cyber intelligence in 5 minutes
Friday, July 17, 2026 · 20 stories
Share this digest:

PhantomEnigma Campaign Hijacks 20+ Brazilian Government Sites as Malware Channels (1 minute read)

The PhantomEnigma campaign compromised over 20 Brazilian government websites to serve as active malware delivery infrastructure, exposing previously undocumented backdoor behavior. State-branded domains used as attack vectors erode public trust and complicate takedown efforts.

The Hacker News · 21h ago · Read full article →

China-Linked Daxin Rootkit Resurfaces in Taiwan With New Stupig Backdoor (1 minute read)

A China-linked threat actor redeployed the Daxin kernel-mode rootkit inside a Taiwanese manufacturing firm four years after its 2022 exposure, pairing it with a previously unreported backdoor called Stupig.

The Hacker News · 21h ago · Read full article →

U.S. Strikes Intensify Around Tehran in Fifth Wave of Iran Bombardment (2 minute read)

U.S. Central Command confirmed a fifth wave of overnight strikes hitting targets around Tehran and northern Iran, with Iranian state media acknowledging multiple impact sites.

Just Security · 20h ago · Read full article →

Zelensky Fires Ukraine's Tech-Driven Defense Minister Fedorov (1 minute read)

President Zelensky dismissed Defense Minister Mykhailo Fedorov, the architect of Ukraine's drone integration and digital warfighting strategy mid-conflict.

The Record · 17h ago · Read full article →

OT Security's Disclosure Dilemma: Legacy Systems Resist Standard Vulnerability Patching (1 minute read)

Operational technology environments running legacy systems face an unresolvable tension between vulnerability disclosure norms and real-world safety constraints that prevent rapid patching.

SecurityWeek · 17h ago · Read full article →

Trump's Election-Interference Declassification Leaves IC Cover-Up Claim Unsubstantiated (1 minute read)

An intelligence official reviewing Trump's declassified election-interference materials finds the documents show foreign threats but do not support his allegation of an intelligence community cover-up.

Just Security · 4h ago · Read full article →

China Withholds J-35 Fighter Sale to Pakistan Over Strategic Precedent Risks (1 minute read)

Beijing is declining to sell Pakistan its fifth-generation J-35 stealth fighter, judging that the geopolitical and technology-exposure ramifications exceed those of any prior Chinese arms transfer. Withholding the platform signals China treats J-35 as a strategic equity, not yet a tool of alliance-building.

The Diplomat · 19h ago · Read full article →

Germany Must Build Autonomous Military Capacity as NATO Cohesion Fractures (1 minute read)

Foreign Policy argues NATO's multinational command structure is too slow and politically unwieldy for modern high-intensity warfare, calling for Germany to develop independent warfighting capability.

Foreign Policy · 17h ago · Read full article →

Uzbekistan's Local Power Structures Block Women From Mahalla Leadership Roles (1 minute read)

A documented attempt by a woman to stand for mahalla chairperson in Uzbekistan exposes how informal power networks nullify formal democratic reforms at the community level.

The Diplomat · 19h ago · Read full article →

North Korea Exploits Geopolitical Fragmentation to Evade Nuclear Sanctions Regime (1 minute read)

Deepening divisions among UN Security Council members have paralyzed enforcement of North Korean nuclear sanctions, giving Pyongyang expanded room to accelerate its weapons program and illicit revenue operations.

Foreign Policy · 19h ago · Read full article →

Russia's UAT-11795 Trojanizes WebEx and Zoom to Deploy Starland RAT (1 minute read)

UAT-11795, a financially motivated Russian threat actor, is distributing trojanized WebEx and Zoom installers to deploy the Starland RAT backdoor for credential and cryptocurrency theft. Targeting trusted enterprise collaboration tools signals a deliberate escalation in supply-chain-adjacent delivery tactics.

BleepingComputer · 22h ago · Read full article →

Scattered Spider Members Sentenced to 5.5 Years for £29M TfL Hack (1 minute read)

Two senior Scattered Spider members received 5.5-year prison sentences each for the 2024 cyberattack on Transport for London that caused £29 million in damages.

The Record · 21h ago · Read full article →

🏴‍☠️ Scattered Spider · Multi-national

Scattered Spider Duo Gets 5.5 Years Each for 2024 Transport for London Hack (1 minute read)

Two core Scattered Spider members were sentenced to five years and six months in prison for hacking Transport for London in 2024. The convictions demonstrate Anglo-American law enforcement coordination against loosely structured cybercriminal collectives and raise the legal cost of high-profile infrastructure attacks.

BleepingComputer · 20h ago · Read full article →

🏴‍☠️ Scattered Spider · Multi-national

Scattered Spider Members Get 5.5 Years for £29M TfL Hack (2 minute read)

Owen Flowers, 18, and Thalha Jubair, 20, sentenced at Woolwich Crown Court for the 2024 hack that knocked out 148 TfL systems and forced 27,000 employees to reset passwords in person.

The Hacker News · 16h ago · Read full article →

🏴‍☠️ Scattered Spider · Multi-national

UK Jails Two Scattered Spider Members Over 2024 TfL Attack (1 minute read)

Thalha Jubair and Owen Flowers convicted and sentenced in the UK for the 2024 Transport for London cyberattack. The prosecutions mark a rare successful criminal accountability action against Scattered Spider, a group that has largely evaded sustained law enforcement pressure.

SecurityWeek · 19h ago · Read full article →

🏴‍☠️ Scattered Spider · Multi-national

New Spirals Ransomware Group Encrypts Corporate Networks in Under 24 Hours (1 minute read)

Newly identified ransomware actor Spirals completed full intrusion-to-encryption operations, including data theft, in under 24 hours in at least one confirmed corporate breach.

BleepingComputer · 23h ago · Read full article →

CISA Adds SharePoint RCE Zero-Day CVE-2026-58644 to KEV, Mandates July 19 Patch (1 minute read)

CISA added CVE-2026-58644, a CVSS 9.8 critical deserialization flaw in Microsoft SharePoint Server, to its Known Exploited Vulnerabilities catalog, requiring FCEB agencies to patch by July 19, 2026.

The Hacker News · 2h ago · Read full article →

Mandiant: Mean Time-to-Exploit Hits Negative 7 Days as AI Patch Race Intensifies (3 minute read)

Mandiant's M-Trends 2026 report records a mean time-to-exploit of -7 days, meaning attackers routinely weaponize vulnerabilities before patches exist, driving security teams toward LLM-assisted automated discovery.

Google Threat Intelligence · 19h ago · Read full article →

CISA Orders Immediate Patching of Actively Exploited Fortinet FortiSandbox Flaws (1 minute read)

CISA issued an emergency directive requiring federal agencies to immediately patch two actively exploited vulnerabilities in Fortinet's FortiSandbox platform.

BleepingComputer · 2h ago · Read full article →

CISA Gives Feds Saturday Deadline to Patch Critical Oracle E-Business Suite Flaw (1 minute read)

CISA ordered federal agencies to patch a critical vulnerability in Oracle E-Business Suite financial software by Saturday amid active exploitation. Oracle's EBS handles sensitive financial transactions across government, making unpatched instances a direct threat to federal financial data integrity.

BleepingComputer · 22h ago · Read full article →

Get this in your inbox

Free daily briefing. No spam. Unsubscribe anytime.

Subscribe Now