Daily Briefing

CyberGeoDigest

Geopolitical cyber intelligence in 5 minutes
Saturday, July 18, 2026 · 20 stories
Share this digest:

Iran Tracks US Military Phones; Ransomware Hits Naval Firm TKMS (1 minute read)

Iran is geotracking US military personnel's phones, while naval defense contractor TKMS was hit by ransomware and macOS infostealer CrashStealer emerged. The TKMS breach exposes defense-industrial supply chain risk as submarine and warship production data may be at stake.

SecurityWeek · 18h ago · Read full article →

China and North Korea Hold High-Level Talks as Pyongyang-Moscow Ties Deepen (1 minute read)

Beijing and Pyongyang exchanged high-level diplomatic visits as China moves to maintain influence over North Korea amid its deepening military partnership with Russia. The visits signal Beijing's concern that the Pyongyang-Moscow axis is shifting the Northeast Asian balance without Chinese primacy.

The Diplomat · 20h ago · Read full article →

GoldenEyeDog Subgroup CylindricalCanine Breaches DigiCert, Steals Code-Signing Certificates (1 minute read)

China-linked GoldenEyeDog subgroup CylindricalCanine compromised DigiCert in April 2026, stealing code-signing certificates. Trusted certificate theft enables downstream supply-chain attacks, extending a pattern this group previously ran against gambling and gaming targets.

The Hacker News · 16h ago · Read full article →

North Korea's Contagious Interview Uses SVG Steganography to Deploy OtterCookie Malware (1 minute read)

North Korean actors behind Contagious Interview concealed four-stage OtterCookie-aligned payloads inside SVG flag images delivered via fake coding tests, harvesting browser credentials, crypto wallets, and files.

The Hacker News · 19h ago · Read full article →

Zelensky Names Intelligence General Khmara Acting Defense Minister (1 minute read)

Major General Yevhenii Khmara, architect of Ukraine's long-range strike campaign against Russia, replaces outgoing defense minister amid active war. The appointment signals Ukraine is prioritizing offensive deep-strike and intelligence operations at the ministry's highest level.

The Record · 20h ago · Read full article →

US Strikes Iran for Sixth Straight Day in Escalating Military Campaign (2 minute read)

US forces launched overnight strikes against Iran on day six of continuous combat operations, with Iranian state media confirming hits on multiple sites. Sustained bilateral strikes mark the most prolonged direct US-Iran military exchange on record.

Just Security · 20h ago · Read full article →

U.S. and Iranian Forces Strike Bridges, Power Plants, and Desalination Infrastructure (1 minute read)

Both U.S. and Iranian forces targeted civilian infrastructure including bridges, power plants, and desalination facilities, attacks that legal analysts say may constitute war crimes.

Foreign Policy · 11h ago · Read full article →

China Weaponizes Taiwan's Mazu Deity to Push Unification Narrative (1 minute read)

Beijing is co-opting veneration of the sea goddess Mazu, worshipped across Taiwan and coastal China, to advance cross-strait unification propaganda. The operation targets cultural and religious identity as a soft-power vector to erode Taiwanese political will.

Foreign Policy · 13h ago · Read full article →

Trump Administration Claims Cuba Hosts Iranian Drones, Experts See Pretext (1 minute read)

The Trump administration alleges Cuba has acquired Iranian drones, a claim analysts say is designed to manufacture justification for US military action against Havana. If true, Iranian drone proliferation to the Western Hemisphere would mark a significant strategic red line crossed.

Foreign Policy · 16h ago · Read full article →

Ukraine Deploys Borsch as Cultural Weapon Against Russian Identity Erasure Campaign (1 minute read)

Ukraine is mobilizing borscht as a symbol of national identity to counter Russian narratives that claim the dish—and Ukrainian culture broadly—as Russian. The soft-power contest over food heritage reflects Kyiv's broader strategy of cultural resistance alongside kinetic defense.

Foreign Policy · 14h ago · Read full article →

NATO Military Autonomy Surge Strains Trusted Information Infrastructure (1 minute read)

The US, UK, and NATO are accelerating autonomous weapons deployment at commercial speed, outpacing the secure data infrastructure needed to underpin AI-driven battlefield decisions. The gap between operational deployment and trusted information assurance creates exploitable vulnerabilities in autonomous command chains.

The Hacker News · 21h ago · Read full article →

Trump and Xi Dismantle Bilateral Diplomatic Infrastructure, Raising Crisis Risk (1 minute read)

Both Trump and Xi have systematically gutted the institutions and personnel that historically managed US-China crisis communication and de-escalation. The erosion of back-channel capacity raises the probability that the next flashpoint—Taiwan Strait, South China Sea—escalates without a diplomatic circuit-breaker.

Foreign Policy · 18h ago · Read full article →

China Moves on AI Rules, Trump Briefly Imposes Hormuz Toll in Turbulent Week (1 minute read)

The week of July 11 saw China introduce new AI regulations, the Trump administration briefly impose transit fees on the Strait of Hormuz, and Congo's Ebola outbreak expand. Each development carries independent escalation potential across technology governance, energy markets, and global health security.

Foreign Policy · 15h ago · Read full article →

U.S.-Iran Nuclear Memorandum Collapses Under Vague, Unverified Commitments (1 minute read)

The U.S. and Iran signed a memorandum of understanding on nuclear terms that analysts say is riddled with ambiguity and unverifiable commitments.

Foreign Policy · 16h ago · Read full article →

US Sanctions Russian Cybercriminals; 300 GitHub Repos Push BoryptGrab Infostealer (1 minute read)

Authorities sanctioned Russian-based cybercriminals, attackers deployed Starland malware, and 300 counterfeit GitHub repositories distributed the BoryptGrab infostealer. The GitHub campaign scales supply chain infection by hijacking developer trust in open-source ecosystems.

SentinelOne · 16h ago · Read full article →

Armenia Detains Russian Tourist as REvil Suspect Ermakov on U.S. Extradition Request (2 minute read)

Armenia detained Russian national Aleksandr Ermakov at Yerevan's Zvartnots airport June 28 on a U.S. extradition warrant targeting a REvil ransomware suspect of the same name; his family says it is the wrong man. The case tests Armenia's willingness to extradite Russian nationals to the U.S.

The Hacker News · 21h ago · Read full article →

Ernst & Young Breach Exposes Client Data via Compromised Third-Party Ticket System (1 minute read)

Ernst & Young is notifying clients after attackers compromised a third-party IT support-ticket system used by its personnel. The incident highlights persistent supply-chain risk where a single vendor's system becomes the entry point into a Big Four firm's client data.

BleepingComputer · 17h ago · Read full article →

UK Courts Sentence Scattered Spider Leaders Jubair and Flowers to 66 Months (1 minute read)

Thalha Jubair and Owen Flowers, leaders of the Scattered Spider subset of The Com, were sentenced to 66 months in the UK; U.S. authorities linked Jubair alone to at least 120 attacks.

CyberScoop · 18h ago · Read full article →

🏴‍☠️ Scattered Spider · Multi-national

ViteVenom Supply Chain Attack Uses Blockchain C2 to Deliver RAT via npm (1 minute read)

Seven malicious npm packages targeting the Vite ecosystem deploy a remote access trojan through a four-tier blockchain-based C2 spanning the Tron network, dubbed ChainVeil by Checkmarx.

The Hacker News · 13h ago · Read full article →

Unpatched Windows Zero-Day LegacyHive Grants Admin Privileges on Fully Updated Systems (1 minute read)

Researcher 'Nightmare Eclipse' published a working exploit called LegacyHive that achieves local privilege escalation on fully patched Windows systems; no CVE assigned at time of reporting.

BleepingComputer · 21h ago · Read full article →

Get this in your inbox

Free daily briefing. No spam. Unsubscribe anytime.

Subscribe Now