[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwOz42tXFo9VcqYGuRoAai73BY7ondCC_kdtBIaqQhSc":3},{"article":4,"iocs":58},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"77ce111f-7eaf-4dda-acaa-5c2354573306","In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint","in-other-news-iran-tracks-us-military-phones-crashstealer-macos-malware-cvd-blue-7f6f0c","Noteworthy stories that might have slipped under the radar: OpenClaw AI agents exploited via WhatsApp, ransomware hits naval defense firm TKMS, Lidl discloses data breach. The post In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint appeared first on SecurityWeek.","SecurityWeek's weekly cybersecurity roundup covers multiple significant incidents including Iranian threat actors using ad networks to track US military personnel, discovery of CrashStealer macOS malware disguised as a crash reporter, and ransomware attacks on critical infrastructure including a German textile firm and Japanese taxi operator. Additional stories include breaches at Lidl and Odido telecom, with CISA publishing a coordinated vulnerability disclosure blueprint and OpenClaw AI agents being exploited via WhatsApp.","SecurityWeek roundup: Iran tracks US military phones, CrashStealer macOS malware, multiple breaches and ransomware","SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage yet remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Dutch authorities eye local actors in Odido telecom breach Law enforcement in the Netherlands suspects domestic cybercriminals played a role in the recent network intrusion at telecom operator Odido. Investigators are focusing on local hacking groups that may have facilitated or directly executed the data theft. Advertisement. Scroll to continue reading. Third-party vendor breach exposes Lidl customer information A cyberattack targeting an external IT service provider for supermarket giant Lidl has resulted in the theft of customer data. The compromise led to the exposure of personal details, prompting the company to issue warning notices to affected consumers in Belgium and the Netherlands. Security teams are working to determine the full scope of the supply chain incident. Cyberattack triggers bankruptcy for German manufacturer after extended downtime A German manufacturing company has filed for insolvency following a devastating cyberattack that forced a complete production shutdown lasting six weeks. The prolonged operational stoppage caused severe financial losses that ZEGO Textilveredelungszentrum, a firm specializing in textile finishing and customization, was ultimately unable to recover from. Major Japanese transport network takes systems offline following hack Nihon Kotsu, Japan’s largest taxi operator, was forced to deactivate its IT and dispatch systems after detecting a cyberattack on its network. The proactive shutdown disrupted booking services and administrative operations across the country as response teams worked to contain the threat. Analysts suspect the incident involved a ransomware group named AiLock. New CrashStealer macOS malware masquerades as system crash reporter Security researchers have uncovered a novel macOS information stealer written in C++ that disguises itself as a legitimate crash reporting application. Dubbed CrashStealer, the malware exfiltrates sensitive user data, credentials, and system information from compromised Apple devices. Its stealthy design allows it to evade standard operating system defenses by mimicking native password prompts. Cellular roaming and ad data exploited to track American troops Foreign threat actors linked to Iran are leveraging advertising technology metadata and global cellular roaming protocols to track and target the smartphones of US military personnel, FT reported [paywalled]. By exploiting location data and device identifiers embedded in commercial ad networks, adversaries can monitor the movements of service members. Federal agencies publish blueprint for building effective bug bounty and disclosure initiatives CISA and its international partners have released a joint guide outlining framework recommendations for establishing a Coordinated Vulnerability Disclosure program. The publication provides enterprises with step-by-step instructions on handling external bug reports, establishing legal safe harbors, and collaborating with ethical hackers. AI vulnerabilities allow arbitrary code execution via WhatsApp A security researcher has demonstrated an architectural vulnerability in an OpenClaw AI agent integrated with WhatsApp that permits remote code execution on the underlying host system. By sending a specially crafted message, the researcher bypassed validation checks to force the AI into executing arbitrary system commands. Sophisticated Spirals ransomware targets IT firm A newly discovered ransomware variant named Spirals has been deployed in an attack against an IT services firm operating in Asia. Investigators report that the unidentified threat group behind the operation is combining file encryption with data theft tactics to demand a ransom. Cybercrime group claims naval defense manufacturer hack The cybercrime collective known as The Gentlemen posted Thyssenkrupp Marine Systems (TKMS) and its subsidiary Atlas Elektronik to its leak portal, claiming the exfiltration of more than 1TB of data. Although the parent organization acknowledged a network compromise at an isolated North American unit, officials stated that the impacted environment was segmented from the core corporate infrastructure and contained no classified military records. Related: In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting Related: In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs Written By SecurityWeek News Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from SecurityWeek News Virtual Event Today: Cloud & Data Security SummitValarian Raises $50 Million for Sovereign Infrastructure Control LayerIn Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware OpsQIZ Security Raises $17 Million for Cryptographic Governance PlatformWebinar Today: Why Email Security Keeps FailingIn Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM JackpottingIn Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk LayoffsPhilip Martin Joins Uber as Chief Information Security Officer Latest News Podcast: Broken Governance, Agentic AI, and the MindStone Agent ExclusiveBeacon Security Raises $13 Million for Security Data PlatformIndustry Reactions to Pentagon Suspending CMMC Phase 2: Feedback FridayCyberattack Disrupts Operations of Japanese Frozen Food Giant NichireiRisk Ledger Raises $32 Million in Series B FundingFresh SharePoint Vulnerability Exploited Soon After DisclosureCoca-Cola Suspends US Fairlife Production Due to Ransomware AttackLegacy Systems, Real-World Impacts: The Reality of OT Security Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 15, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveJazz has named Sean Robinson, Rickie Goyal, Danielle Guetta, Shani Nago, and Lior Magram as VPs and Michael Calev as COO.AJ Shipley has been appointed Chief Product Officer at CrowdStrike.Brinqa has named Ron Dovich as Chief AI and Automation Officer, David Allen as CTO, Steve Biagioni as CFO, and James Walta as VP of Product.More People On The MoveExpert Insights Legacy Systems, Real-World Impacts: The Reality of OT Security Legacy systems, safety concerns, and critical infrastructure risks make OT vulnerability disclosure one of cybersecurity's most challenging balancing acts. (Tod Beardsley) The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, g","https:\u002F\u002Fwww.securityweek.com\u002Fin-other-news-iran-tracks-us-military-phones-crashstealer-macos-malware-cvd-blueprint\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F10\u002Fcybersecurity-news.jpg","2026-07-17T14:27:54+00:00","2026-07-17T16:00:21.45061+00:00",8,[18,21,23,26,28,30],{"name":19,"type":20},"Iran (unnamed threat actors)","threat_actor",{"name":22,"type":20},"AiLock",{"name":24,"type":25},"Lidl","vendor",{"name":27,"type":25},"Odido",{"name":29,"type":25},"Nihon Kotsu",{"name":31,"type":25},"CISA","e7b231c8-5f79-4465-8d38-1ef13aea5a14",{"id":32,"icon":34,"name":35,"slug":36},null,"Threat Intelligence","threat-intelligence",[38,43,48,53],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"2e06f76c-d5b9-4f54-9eef-4d3447b10730","Breaches","breaches",{"category":44},{"id":45,"icon":34,"name":46,"slug":47},"7d8b5ab8-ea0b-4ced-ae97-ec251b86993a","Ransomware","ransomware",{"category":49},{"id":50,"icon":34,"name":51,"slug":52},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",{"category":54},{"id":55,"icon":34,"name":56,"slug":57},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",[59,62,64],{"type":57,"value":60,"context":61},"CrashStealer","macOS information stealer written in C++ masquerading as system crash reporter",{"type":57,"value":22,"context":63},"Ransomware group suspected in Nihon Kotsu taxi operator attack",{"type":57,"value":65,"context":66},"Spirals","Newly discovered ransomware variant targeting IT firms"]