{"id":5488,"date":"2026-07-12T19:32:36","date_gmt":"2026-07-13T00:32:36","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5488"},"modified":"2026-07-12T19:32:36","modified_gmt":"2026-07-13T00:32:36","slug":"malware-analysis-weekly-july-12-2026-interactive-topic-map","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5488","title":{"rendered":"Malware Analysis Weekly &mdash; July 12, 2026 \u2014 Interactive Topic Map"},"content":{"rendered":"<p><iframe srcdoc=\"&lt;!DOCTYPE html&gt;\n&lt;html lang=&quot;en&quot;&gt;\n&lt;head&gt;\n&lt;meta charset=&quot;utf-8&quot;&gt;\n&lt;title&gt;Malware Analysis Weekly \u2014 July 12, 2026 Topic Map&lt;\/title&gt;\n&lt;script src=&quot;https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/d3\/7.9.0\/d3.min.js&quot;&gt;&lt;\/script&gt;\n&lt;style&gt;\n  html, body { margin:0; padding:0; height:100%; background:#ffffff; font-family:-apple-system,BlinkMacSystemFont,&quot;Segoe UI&quot;,Roboto,Helvetica,Arial,sans-serif; }\n  #header { padding:18px 24px 10px; border-bottom:1px solid #e5e7eb; }\n  #header h1 { margin:0; font-size:20px; color:#0f172a; }\n  #header p { margin:6px 0 0; font-size:13px; color:#6b7280; }\n  #canvas-wrap { position:relative; width:100%; height:calc(100vh - 78px); }\n  svg { width:100%; height:100%; display:block; cursor:grab; }\n  svg:active { cursor:grabbing; }\n  .legend { position:absolute; top:14px; left:14px; background:rgba(255,255,255,0.95); border:1px solid #e5e7eb; border-radius:8px; padding:10px 14px; font-size:12px; color:#374151; box-shadow:0 1px 3px rgba(0,0,0,0.08); }\n  .legend-title { font-weight:600; font-size:11px; letter-spacing:.04em; text-transform:uppercase; color:#6b7280; margin-bottom:6px; }\n  .legend-row { display:flex; align-items:center; gap:7px; margin:3px 0; }\n  .legend-dot { width:11px; height:11px; border-radius:50%; flex:0 0 auto; }\n  .controls { position:absolute; top:14px; right:14px; display:flex; flex-direction:column; gap:6px; }\n  .controls button { width:32px; height:32px; border-radius:6px; border:1px solid #d1d5db; background:#ffffff; font-size:16px; cursor:pointer; color:#374151; }\n  .controls button:hover { background:#f3f4f6; }\n  .hint { position:absolute; bottom:12px; right:16px; font-size:11px; color:#9ca3af; }\n  .node-label { font-size:11px; fill:#1f2937; pointer-events:none; paint-order:stroke; stroke:#ffffff; stroke-width:3px; stroke-linejoin:round; }\n  .node-label.bold { font-weight:700; font-size:12px; }\n  .link { stroke:#94a3b8; stroke-opacity:0.55; }\n  .tooltip { position:absolute; pointer-events:auto; background:#0f172a; color:#f9fafb; font-size:12px; padding:8px 12px; border-radius:8px; opacity:0; transition:opacity .12s; max-width:280px; max-height:260px; overflow-y:auto; z-index:20; box-shadow:0 6px 18px rgba(0,0,0,0.28); }\n  .tooltip-head { font-size:12px; }\n  .tooltip-articles { margin-top:7px; padding-top:7px; border-top:1px solid rgba(255,255,255,0.18); }\n  .tooltip-articles-title { font-size:10px; text-transform:uppercase; letter-spacing:.05em; color:#94a3b8; margin-bottom:4px; }\n  .tooltip-articles a { display:block; color:#93c5fd; text-decoration:none; margin:4px 0; line-height:1.35; }\n  .tooltip-articles a:hover { text-decoration:underline; color:#bfdbfe; }\n&lt;\/style&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n&lt;div id=&quot;header&quot;&gt;\n  &lt;h1&gt;Malware Analysis Weekly \u2014 July 12, 2026 Topic Map&lt;\/h1&gt;\n  &lt;p&gt;Node size = mentions &amp;middot; edge thickness = co-mention frequency &amp;middot; scroll or pinch to zoom, drag the canvas to pan, drag a node to reposition it, hover a node for related articles.&lt;\/p&gt;\n&lt;\/div&gt;\n&lt;div id=&quot;canvas-wrap&quot;&gt;\n  &lt;svg id=&quot;canvas&quot;&gt;&lt;\/svg&gt;\n  &lt;div class=&quot;legend&quot; id=&quot;legend&quot;&gt;&lt;\/div&gt;\n  &lt;div class=&quot;controls&quot;&gt;\n    &lt;button id=&quot;zoom-in&quot; title=&quot;Zoom in&quot;&gt;+&lt;\/button&gt;\n    &lt;button id=&quot;zoom-out&quot; title=&quot;Zoom out&quot;&gt;&amp;minus;&lt;\/button&gt;\n    &lt;button id=&quot;zoom-reset&quot; title=&quot;Reset view&quot;&gt;&amp;#8634;&lt;\/button&gt;\n  &lt;\/div&gt;\n  &lt;div class=&quot;tooltip&quot; id=&quot;tooltip&quot;&gt;&lt;\/div&gt;\n  &lt;div class=&quot;hint&quot;&gt;Security Radar LLC &amp;middot; Newshunter interactive topic map&lt;\/div&gt;\n&lt;\/div&gt;\n&lt;script&gt;\nconst DATA = {&quot;nodes&quot;: [{&quot;id&quot;: &quot;cve-20896&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;label&quot;: &quot;CVE-2026-20896 (Gitea Docker)&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/threat-actors-probe-gitea-docker-flaw.html&quot;}]}, {&quot;id&quot;: &quot;cve-48282&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;label&quot;: &quot;CVE-2026-48282 (Adobe ColdFusion)&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/cisa-adds-4-actively-exploited-adobe.html&quot;}]}, {&quot;id&quot;: &quot;cve-joomla&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;label&quot;: &quot;CVE-2026-56290 \/ 48908 (Joomla builders)&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/cisa-adds-4-actively-exploited-adobe.html&quot;}]}, {&quot;id&quot;: &quot;cve-55255&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;label&quot;: &quot;CVE-2026-55255 (Langflow IDOR)&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/cisa-adds-4-actively-exploited-adobe.html&quot;}]}, {&quot;id&quot;: &quot;cve-3248&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;label&quot;: &quot;CVE-2025-3248 (Langflow RCE)&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;JadePuffer: The First Complete LLM-Driven Ransomware Attack&quot;, &quot;url&quot;: &quot;https:\/\/www.darkreading.com\/threat-intelligence\/jadepuffer-first-complete-llm-driven-ransomware-attack&quot;}]}, {&quot;id&quot;: &quot;cve-50656&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;label&quot;: &quot;CVE-2026-50656 (RoguePlanet)&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/microsoft-patches-rogueplanet-defender.html&quot;}]}, {&quot;id&quot;: &quot;cve-45659&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;label&quot;: &quot;CVE-2026-45659 (SharePoint RCE)&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/sharepoint-rce-cve-2026-45659-added-to.html&quot;}]}, {&quot;id&quot;: &quot;gitea&quot;, &quot;type&quot;: &quot;product&quot;, &quot;label&quot;: &quot;Gitea&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/threat-actors-probe-gitea-docker-flaw.html&quot;}]}, {&quot;id&quot;: &quot;adobe-coldfusion&quot;, &quot;type&quot;: &quot;product&quot;, &quot;label&quot;: &quot;Adobe ColdFusion&quot;, &quot;weight&quot;: 4, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/cisa-adds-4-actively-exploited-adobe.html&quot;}]}, {&quot;id&quot;: &quot;joomla&quot;, &quot;type&quot;: &quot;product&quot;, &quot;label&quot;: &quot;Joomla page builders&quot;, &quot;weight&quot;: 4, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/cisa-adds-4-actively-exploited-adobe.html&quot;}]}, {&quot;id&quot;: &quot;langflow&quot;, &quot;type&quot;: &quot;product&quot;, &quot;label&quot;: &quot;Langflow&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/cisa-adds-4-actively-exploited-adobe.html&quot;}, {&quot;title&quot;: &quot;JadePuffer: The First Complete LLM-Driven Ransomware Attack&quot;, &quot;url&quot;: &quot;https:\/\/www.darkreading.com\/threat-intelligence\/jadepuffer-first-complete-llm-driven-ransomware-attack&quot;}]}, {&quot;id&quot;: &quot;windows-defender&quot;, &quot;type&quot;: &quot;product&quot;, &quot;label&quot;: &quot;Microsoft Defender&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/microsoft-patches-rogueplanet-defender.html&quot;}]}, {&quot;id&quot;: &quot;fortigate&quot;, &quot;type&quot;: &quot;product&quot;, &quot;label&quot;: &quot;Fortinet FortiGate&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/fortibleed-credential-theft-linked-to.html&quot;}]}, {&quot;id&quot;: &quot;github&quot;, &quot;type&quot;: &quot;product&quot;, &quot;label&quot;: &quot;GitHub&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Details Security Lapses That Led to GitHub Leak of Passwords, Cloud Access Keys&quot;, &quot;url&quot;: &quot;https:\/\/www.cybersecuritydive.com\/news\/cisa-github-security-lapses-password-leak\/&quot;}]}, {&quot;id&quot;: &quot;sharepoint&quot;, &quot;type&quot;: &quot;product&quot;, &quot;label&quot;: &quot;Microsoft SharePoint&quot;, &quot;weight&quot;: 4, &quot;articles&quot;: [{&quot;title&quot;: &quot;SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/sharepoint-rce-cve-2026-45659-added-to.html&quot;}]}, {&quot;id&quot;: &quot;jadepuffer&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;JadePuffer (agentic ransomware)&quot;, &quot;weight&quot;: 7, &quot;articles&quot;: [{&quot;title&quot;: &quot;JadePuffer: The First Complete LLM-Driven Ransomware Attack&quot;, &quot;url&quot;: &quot;https:\/\/www.darkreading.com\/threat-intelligence\/jadepuffer-first-complete-llm-driven-ransomware-attack&quot;}]}, {&quot;id&quot;: &quot;redwing&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;RedWing (Android MaaS)&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/redwing-maas-packages-android-bank.html&quot;}]}, {&quot;id&quot;: &quot;eviltokens&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;EvilTokens (Ghost Phishing)&quot;, &quot;weight&quot;: 4, &quot;articles&quot;: [{&quot;title&quot;: &quot;New Ghost Phishing Wave (EvilTokens) Is Breaking Traditional Email Security&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/new-ghost-phishing-wave-eviltokens-is.html&quot;}]}, {&quot;id&quot;: &quot;avalon-crownx&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;Avalon \/ CrownX&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;New Avalon Malware Framework Packs CrownX Ransomware Capabilities&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/new-avalon-malware-framework-packs.html&quot;}]}, {&quot;id&quot;: &quot;fortigatesniffer&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;FortigateSniffer&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/fortibleed-credential-theft-linked-to.html&quot;}]}, {&quot;id&quot;: &quot;busysnake&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;BusySnake Stealer&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;Armored Likho APT Targeting Government, Electric Power Entities&quot;, &quot;url&quot;: &quot;https:\/\/www.securityweek.com\/armored-likho-apt-targeting-government-electric-power-entities\/&quot;}]}, {&quot;id&quot;: &quot;leash-backdoors&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;LongLeash \/ DogLeash \/ JarLeash&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;China-Linked APT (UAT-7810\/LapDogs) Expands Arsenal With New &#x27;Leash&#x27; Backdoors&quot;, &quot;url&quot;: &quot;https:\/\/www.securityweek.com\/china-linked-apt-expands-arsenal-with-new-leash-backdoors\/&quot;}]}, {&quot;id&quot;: &quot;stockstay&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;STOCKSTAY backdoor&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;Google Details Turla&#x27;s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/06\/google-details-turlas-new-stockstay.html&quot;}]}, {&quot;id&quot;: &quot;amadey-stealc&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;Amadey \/ StealC&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/06\/amadey-and-stealc-malware-network.html&quot;}]}, {&quot;id&quot;: &quot;netnut-popa&quot;, &quot;type&quot;: &quot;malware&quot;, &quot;label&quot;: &quot;NetNut \/ Popa Botnet&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;FBI Seizes NetNut Proxy Platform, Popa Botnet&quot;, &quot;url&quot;: &quot;https:\/\/krebsonsecurity.com\/2026\/07\/fbi-seizes-netnut-proxy-platform-popa-botnet\/&quot;}, {&quot;title&quot;: &quot;Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/google-disrupts-netnut-residential.html&quot;}]}, {&quot;id&quot;: &quot;armored-likho&quot;, &quot;type&quot;: &quot;actor&quot;, &quot;label&quot;: &quot;Armored Likho&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;Armored Likho APT Targeting Government, Electric Power Entities&quot;, &quot;url&quot;: &quot;https:\/\/www.securityweek.com\/armored-likho-apt-targeting-government-electric-power-entities\/&quot;}]}, {&quot;id&quot;: &quot;uat-7810&quot;, &quot;type&quot;: &quot;actor&quot;, &quot;label&quot;: &quot;UAT-7810 \/ LapDogs&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;China-Linked APT (UAT-7810\/LapDogs) Expands Arsenal With New &#x27;Leash&#x27; Backdoors&quot;, &quot;url&quot;: &quot;https:\/\/www.securityweek.com\/china-linked-apt-expands-arsenal-with-new-leash-backdoors\/&quot;}]}, {&quot;id&quot;: &quot;turla&quot;, &quot;type&quot;: &quot;actor&quot;, &quot;label&quot;: &quot;Turla&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;Google Details Turla&#x27;s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/06\/google-details-turlas-new-stockstay.html&quot;}]}, {&quot;id&quot;: &quot;scattered-spider&quot;, &quot;type&quot;: &quot;actor&quot;, &quot;label&quot;: &quot;Scattered Spider&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/court-filing-reveals-windows-device-id.html&quot;}, {&quot;title&quot;: &quot;Scattered Spider Hackers Plead Guilty on Day 1 of Trial&quot;, &quot;url&quot;: &quot;https:\/\/krebsonsecurity.com\/2026\/06\/scattered-spider-hackers-plead-guilty-on-day-1-of-trial\/&quot;}]}, {&quot;id&quot;: &quot;inc-lynx&quot;, &quot;type&quot;: &quot;actor&quot;, &quot;label&quot;: &quot;INC Ransom &amp; Lynx&quot;, &quot;weight&quot;: 4, &quot;articles&quot;: [{&quot;title&quot;: &quot;FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/fortibleed-credential-theft-linked-to.html&quot;}]}, {&quot;id&quot;: &quot;cisa&quot;, &quot;type&quot;: &quot;law&quot;, &quot;label&quot;: &quot;CISA (KEV)&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/cisa-adds-4-actively-exploited-adobe.html&quot;}, {&quot;title&quot;: &quot;SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/sharepoint-rce-cve-2026-45659-added-to.html&quot;}, {&quot;title&quot;: &quot;CISA Details Security Lapses That Led to GitHub Leak of Passwords, Cloud Access Keys&quot;, &quot;url&quot;: &quot;https:\/\/www.cybersecuritydive.com\/news\/cisa-github-security-lapses-password-leak\/&quot;}]}, {&quot;id&quot;: &quot;fbi&quot;, &quot;type&quot;: &quot;law&quot;, &quot;label&quot;: &quot;FBI&quot;, &quot;weight&quot;: 6, &quot;articles&quot;: [{&quot;title&quot;: &quot;Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/court-filing-reveals-windows-device-id.html&quot;}, {&quot;title&quot;: &quot;FBI Seizes NetNut Proxy Platform, Popa Botnet&quot;, &quot;url&quot;: &quot;https:\/\/krebsonsecurity.com\/2026\/07\/fbi-seizes-netnut-proxy-platform-popa-botnet\/&quot;}]}, {&quot;id&quot;: &quot;google-gtig&quot;, &quot;type&quot;: &quot;vendor&quot;, &quot;label&quot;: &quot;Google (GTIG)&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;FBI Seizes NetNut Proxy Platform, Popa Botnet&quot;, &quot;url&quot;: &quot;https:\/\/krebsonsecurity.com\/2026\/07\/fbi-seizes-netnut-proxy-platform-popa-botnet\/&quot;}, {&quot;title&quot;: &quot;Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/google-disrupts-netnut-residential.html&quot;}]}, {&quot;id&quot;: &quot;krebs&quot;, &quot;type&quot;: &quot;researcher&quot;, &quot;label&quot;: &quot;Krebs on Security&quot;, &quot;weight&quot;: 4, &quot;articles&quot;: [{&quot;title&quot;: &quot;Scattered Spider Hackers Plead Guilty on Day 1 of Trial&quot;, &quot;url&quot;: &quot;https:\/\/krebsonsecurity.com\/2026\/06\/scattered-spider-hackers-plead-guilty-on-day-1-of-trial\/&quot;}, {&quot;title&quot;: &quot;FBI Seizes NetNut Proxy Platform, Popa Botnet&quot;, &quot;url&quot;: &quot;https:\/\/krebsonsecurity.com\/2026\/07\/fbi-seizes-netnut-proxy-platform-popa-botnet\/&quot;}, {&quot;title&quot;: &quot;Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/court-filing-reveals-windows-device-id.html&quot;}]}, {&quot;id&quot;: &quot;talos&quot;, &quot;type&quot;: &quot;researcher&quot;, &quot;label&quot;: &quot;Cisco Talos&quot;, &quot;weight&quot;: 4, &quot;articles&quot;: [{&quot;title&quot;: &quot;China-Linked APT (UAT-7810\/LapDogs) Expands Arsenal With New &#x27;Leash&#x27; Backdoors&quot;, &quot;url&quot;: &quot;https:\/\/www.securityweek.com\/china-linked-apt-expands-arsenal-with-new-leash-backdoors\/&quot;}]}, {&quot;id&quot;: &quot;peter-stokes&quot;, &quot;type&quot;: &quot;person&quot;, &quot;label&quot;: &quot;Peter Stokes (&#x27;Bouquet&#x27;)&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/07\/court-filing-reveals-windows-device-id.html&quot;}]}, {&quot;id&quot;: &quot;jubair-flowers&quot;, &quot;type&quot;: &quot;person&quot;, &quot;label&quot;: &quot;Jubair &amp; Flowers (UK)&quot;, &quot;weight&quot;: 4, &quot;articles&quot;: [{&quot;title&quot;: &quot;Scattered Spider Hackers Plead Guilty on Day 1 of Trial&quot;, &quot;url&quot;: &quot;https:\/\/krebsonsecurity.com\/2026\/06\/scattered-spider-hackers-plead-guilty-on-day-1-of-trial\/&quot;}]}, {&quot;id&quot;: &quot;ukraine&quot;, &quot;type&quot;: &quot;location&quot;, &quot;label&quot;: &quot;Ukraine&quot;, &quot;weight&quot;: 3, &quot;articles&quot;: [{&quot;title&quot;: &quot;Google Details Turla&#x27;s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks&quot;, &quot;url&quot;: &quot;https:\/\/thehackernews.com\/2026\/06\/google-details-turlas-new-stockstay.html&quot;}]}, {&quot;id&quot;: &quot;github-leak&quot;, &quot;type&quot;: &quot;concept&quot;, &quot;label&quot;: &quot;CISA GitHub credential leak&quot;, &quot;weight&quot;: 5, &quot;articles&quot;: [{&quot;title&quot;: &quot;CISA Details Security Lapses That Led to GitHub Leak of Passwords, Cloud Access Keys&quot;, &quot;url&quot;: &quot;https:\/\/www.cybersecuritydive.com\/news\/cisa-github-security-lapses-password-leak\/&quot;}]}], &quot;links&quot;: [{&quot;source&quot;: &quot;cve-20896&quot;, &quot;target&quot;: &quot;gitea&quot;, &quot;weight&quot;: 6}, {&quot;source&quot;: &quot;cve-20896&quot;, &quot;target&quot;: &quot;cisa&quot;, &quot;weight&quot;: 2}, {&quot;source&quot;: &quot;cve-48282&quot;, &quot;target&quot;: &quot;adobe-coldfusion&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;cve-48282&quot;, &quot;target&quot;: &quot;cisa&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;cve-joomla&quot;, &quot;target&quot;: &quot;joomla&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;cve-joomla&quot;, &quot;target&quot;: &quot;cisa&quot;, &quot;weight&quot;: 4}, {&quot;source&quot;: &quot;cve-55255&quot;, &quot;target&quot;: &quot;langflow&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;cve-55255&quot;, &quot;target&quot;: &quot;cisa&quot;, &quot;weight&quot;: 4}, {&quot;source&quot;: &quot;cve-3248&quot;, &quot;target&quot;: &quot;langflow&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;cve-3248&quot;, &quot;target&quot;: &quot;jadepuffer&quot;, &quot;weight&quot;: 6}, {&quot;source&quot;: &quot;cve-50656&quot;, &quot;target&quot;: &quot;windows-defender&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;cve-45659&quot;, &quot;target&quot;: &quot;sharepoint&quot;, &quot;weight&quot;: 3}, {&quot;source&quot;: &quot;cve-45659&quot;, &quot;target&quot;: &quot;cisa&quot;, &quot;weight&quot;: 3}, {&quot;source&quot;: &quot;cisa&quot;, &quot;target&quot;: &quot;fbi&quot;, &quot;weight&quot;: 2}, {&quot;source&quot;: &quot;jadepuffer&quot;, &quot;target&quot;: &quot;avalon-crownx&quot;, &quot;weight&quot;: 2}, {&quot;source&quot;: &quot;redwing&quot;, &quot;target&quot;: &quot;eviltokens&quot;, &quot;weight&quot;: 1}, {&quot;source&quot;: &quot;fortigate&quot;, &quot;target&quot;: &quot;fortigatesniffer&quot;, &quot;weight&quot;: 6}, {&quot;source&quot;: &quot;fortigatesniffer&quot;, &quot;target&quot;: &quot;inc-lynx&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;amadey-stealc&quot;, &quot;target&quot;: &quot;fbi&quot;, &quot;weight&quot;: 2}, {&quot;source&quot;: &quot;armored-likho&quot;, &quot;target&quot;: &quot;busysnake&quot;, &quot;weight&quot;: 6}, {&quot;source&quot;: &quot;uat-7810&quot;, &quot;target&quot;: &quot;leash-backdoors&quot;, &quot;weight&quot;: 6}, {&quot;source&quot;: &quot;uat-7810&quot;, &quot;target&quot;: &quot;talos&quot;, &quot;weight&quot;: 4}, {&quot;source&quot;: &quot;turla&quot;, &quot;target&quot;: &quot;stockstay&quot;, &quot;weight&quot;: 6}, {&quot;source&quot;: &quot;turla&quot;, &quot;target&quot;: &quot;ukraine&quot;, &quot;weight&quot;: 4}, {&quot;source&quot;: &quot;scattered-spider&quot;, &quot;target&quot;: &quot;peter-stokes&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;scattered-spider&quot;, &quot;target&quot;: &quot;fbi&quot;, &quot;weight&quot;: 4}, {&quot;source&quot;: &quot;scattered-spider&quot;, &quot;target&quot;: &quot;jubair-flowers&quot;, &quot;weight&quot;: 4}, {&quot;source&quot;: &quot;scattered-spider&quot;, &quot;target&quot;: &quot;krebs&quot;, &quot;weight&quot;: 3}, {&quot;source&quot;: &quot;fbi&quot;, &quot;target&quot;: &quot;peter-stokes&quot;, &quot;weight&quot;: 3}, {&quot;source&quot;: &quot;netnut-popa&quot;, &quot;target&quot;: &quot;fbi&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;netnut-popa&quot;, &quot;target&quot;: &quot;google-gtig&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;netnut-popa&quot;, &quot;target&quot;: &quot;krebs&quot;, &quot;weight&quot;: 4}, {&quot;source&quot;: &quot;github&quot;, &quot;target&quot;: &quot;github-leak&quot;, &quot;weight&quot;: 5}, {&quot;source&quot;: &quot;github-leak&quot;, &quot;target&quot;: &quot;cisa&quot;, &quot;weight&quot;: 5}]};\nconst TYPE_COLORS = {&quot;actor&quot;: &quot;#dc2626&quot;, &quot;malware&quot;: &quot;#991b1b&quot;, &quot;cve&quot;: &quot;#ea580c&quot;, &quot;product&quot;: &quot;#2563eb&quot;, &quot;vendor&quot;: &quot;#16a34a&quot;, &quot;researcher&quot;: &quot;#0d9488&quot;, &quot;person&quot;: &quot;#475569&quot;, &quot;location&quot;: &quot;#7c3aed&quot;, &quot;law&quot;: &quot;#ca8a04&quot;, &quot;campaign&quot;: &quot;#be185d&quot;, &quot;concept&quot;: &quot;#0891b2&quot;, &quot;standard&quot;: &quot;#64748b&quot;};\nconst TYPE_LABELS = {&quot;actor&quot;: &quot;Threat actor \/ APT&quot;, &quot;malware&quot;: &quot;Malware \/ worm&quot;, &quot;cve&quot;: &quot;CVE \/ vulnerability&quot;, &quot;product&quot;: &quot;Product \/ platform&quot;, &quot;vendor&quot;: &quot;Vendor \/ company&quot;, &quot;researcher&quot;: &quot;Researcher \/ source&quot;, &quot;person&quot;: &quot;Person&quot;, &quot;location&quot;: &quot;Country \/ region&quot;, &quot;law&quot;: &quot;Regulator \/ law enforcement&quot;, &quot;campaign&quot;: &quot;Campaign \/ event&quot;, &quot;concept&quot;: &quot;Theme \/ stat&quot;, &quot;standard&quot;: &quot;Standard \/ framework&quot;};\n\nconst wrap = document.getElementById(&#x27;canvas-wrap&#x27;);\nconst svg = d3.select(&#x27;#canvas&#x27;);\nlet width = wrap.clientWidth, height = wrap.clientHeight;\n\nconst g = svg.append(&#x27;g&#x27;);\n\nconst zoom = d3.zoom()\n  .scaleExtent([0.2, 6])\n  .on(&#x27;zoom&#x27;, (event) =&gt; g.attr(&#x27;transform&#x27;, event.transform));\nsvg.call(zoom);\n\ndocument.getElementById(&#x27;zoom-in&#x27;).onclick = () =&gt; svg.transition().duration(200).call(zoom.scaleBy, 1.3);\ndocument.getElementById(&#x27;zoom-out&#x27;).onclick = () =&gt; svg.transition().duration(200).call(zoom.scaleBy, 1\/1.3);\ndocument.getElementById(&#x27;zoom-reset&#x27;).onclick = () =&gt; svg.transition().duration(300).call(zoom.transform, d3.zoomIdentity);\n\nconst maxW = d3.max(DATA.nodes, d =&gt; d.weight) || 1;\nconst rScale = d3.scaleSqrt().domain([1, maxW]).range([8, 34]);\nconst maxEdgeW = d3.max(DATA.links, l =&gt; l.weight) || 1;\nconst edgeScale = d3.scaleLinear().domain([1, maxEdgeW]).range([1, 7]);\n\nconst simulation = d3.forceSimulation(DATA.nodes)\n  .force(&#x27;link&#x27;, d3.forceLink(DATA.links).id(d =&gt; d.id).distance(l =&gt; 90 + 10 * (5 - Math.min(l.weight,5))).strength(0.35))\n  .force(&#x27;charge&#x27;, d3.forceManyBody().strength(-420))\n  .force(&#x27;center&#x27;, d3.forceCenter(width \/ 2, height \/ 2))\n  .force(&#x27;collide&#x27;, d3.forceCollide(d =&gt; rScale(d.weight) + 18));\n\nconst link = g.append(&#x27;g&#x27;).attr(&#x27;class&#x27;, &#x27;links&#x27;)\n  .selectAll(&#x27;line&#x27;).data(DATA.links).join(&#x27;line&#x27;)\n  .attr(&#x27;class&#x27;, &#x27;link&#x27;)\n  .attr(&#x27;stroke-width&#x27;, d =&gt; edgeScale(d.weight));\n\nconst node = g.append(&#x27;g&#x27;).attr(&#x27;class&#x27;, &#x27;nodes&#x27;)\n  .selectAll(&#x27;circle&#x27;).data(DATA.nodes).join(&#x27;circle&#x27;)\n  .attr(&#x27;r&#x27;, d =&gt; rScale(d.weight))\n  .attr(&#x27;fill&#x27;, d =&gt; TYPE_COLORS[d.type] || &#x27;#64748b&#x27;)\n  .attr(&#x27;stroke&#x27;, &#x27;#ffffff&#x27;).attr(&#x27;stroke-width&#x27;, 1.5)\n  .style(&#x27;cursor&#x27;, &#x27;grab&#x27;)\n  .call(d3.drag()\n    .on(&#x27;start&#x27;, (event, d) =&gt; { if (!event.active) simulation.alphaTarget(0.2).restart(); d.fx = d.x; d.fy = d.y; })\n    .on(&#x27;drag&#x27;, (event, d) =&gt; { d.fx = event.x; d.fy = event.y; })\n    .on(&#x27;end&#x27;, (event, d) =&gt; { if (!event.active) simulation.alphaTarget(0); d.fx = null; d.fy = null; }));\n\nconst label = g.append(&#x27;g&#x27;).attr(&#x27;class&#x27;, &#x27;labels&#x27;)\n  .selectAll(&#x27;text&#x27;).data(DATA.nodes).join(&#x27;text&#x27;)\n  .attr(&#x27;class&#x27;, d =&gt; &#x27;node-label&#x27; + (d.weight &gt;= maxW * 0.7 ? &#x27; bold&#x27; : &#x27;&#x27;))\n  .attr(&#x27;dy&#x27;, d =&gt; -(rScale(d.weight) + 6))\n  .attr(&#x27;text-anchor&#x27;, &#x27;middle&#x27;)\n  .text(d =&gt; d.label);\n\nconst tooltip = d3.select(&#x27;#tooltip&#x27;);\nconst tooltipEl = document.getElementById(&#x27;tooltip&#x27;);\nlet hideTimer = null;\n\nfunction escapeHtml(s) {\n  return String(s).replace(\/&amp;\/g, &#x27;&amp;amp;&#x27;).replace(\/&lt;\/g, &#x27;&amp;lt;&#x27;).replace(\/&gt;\/g, &#x27;&amp;gt;&#x27;).replace(\/&quot;\/g, &#x27;&amp;quot;&#x27;);\n}\n\nfunction showTooltip(d) {\n  clearTimeout(hideTimer);\n  let html = &#x27;&lt;div class=&quot;tooltip-head&quot;&gt;&lt;strong&gt;&#x27; + escapeHtml(d.label) + &#x27;&lt;\/strong&gt;&lt;br&gt;&#x27; +\n    escapeHtml(TYPE_LABELS[d.type] || d.type) + &#x27; &amp;middot; &#x27; + d.weight + &#x27; mentions&lt;\/div&gt;&#x27;;\n  const articles = d.articles || [];\n  if (articles.length) {\n    html += &#x27;&lt;div class=&quot;tooltip-articles&quot;&gt;&lt;div class=&quot;tooltip-articles-title&quot;&gt;Related articles&lt;\/div&gt;&#x27; +\n      articles.map(a =&gt; &#x27;&lt;a href=&quot;&#x27; + escapeHtml(a.url) + &#x27;&quot; target=&quot;_blank&quot; rel=&quot;noopener&quot;&gt;&#x27; + escapeHtml(a.title) + &#x27;&lt;\/a&gt;&#x27;).join(&#x27;&#x27;) +\n      &#x27;&lt;\/div&gt;&#x27;;\n  }\n  tooltip.style(&#x27;opacity&#x27;, 1).html(html);\n}\n\nfunction hideTooltipNow() {\n  tooltip.style(&#x27;opacity&#x27;, 0);\n}\n\n\/\/ Hide only when the cursor leaves the WHOLE graph area (canvas + tooltip),\n\/\/ not when it leaves a node&#x27;s small circular hit-area. A per-node mouseout with a\n\/\/ short timer is a race: if the cursor takes even slightly longer than the timer to\n\/\/ travel from the node&#x27;s edge to the tooltip (which can be tall, with a scrollable\n\/\/ article list), it disappears before a click can land. Binding to the wrap&#x27;s\n\/\/ mouseleave instead means the tooltip only closes when you actually leave the graph,\n\/\/ or immediately when you click empty canvas space, or updates in place when you move\n\/\/ to a different node -- all far more forgiving.\nwrap.addEventListener(&#x27;mouseleave&#x27;, hideTooltipNow);\n\nsvg.on(&#x27;click&#x27;, (event) =&gt; {\n  if (event.target === svg.node()) hideTooltipNow();\n});\n\nnode.on(&#x27;mouseover&#x27;, (event, d) =&gt; showTooltip(d))\n  .on(&#x27;mousemove&#x27;, (event) =&gt; {\n    const [mx, my] = d3.pointer(event, wrap);\n    let left = mx + 16, top = my + 8;\n    const maxLeft = wrap.clientWidth - 296, maxTop = wrap.clientHeight - 40;\n    if (left &gt; maxLeft) left = Math.max(8, mx - 296);\n    if (top &gt; maxTop) top = Math.max(8, maxTop);\n    tooltip.style(&#x27;left&#x27;, left + &#x27;px&#x27;).style(&#x27;top&#x27;, top + &#x27;px&#x27;);\n  });\n\nsimulation.on(&#x27;tick&#x27;, () =&gt; {\n  link.attr(&#x27;x1&#x27;, d =&gt; d.source.x).attr(&#x27;y1&#x27;, d =&gt; d.source.y)\n      .attr(&#x27;x2&#x27;, d =&gt; d.target.x).attr(&#x27;y2&#x27;, d =&gt; d.target.y);\n  node.attr(&#x27;cx&#x27;, d =&gt; d.x).attr(&#x27;cy&#x27;, d =&gt; d.y);\n  label.attr(&#x27;x&#x27;, d =&gt; d.x).attr(&#x27;y&#x27;, d =&gt; d.y);\n});\n\n\/\/ Legend: only show entity types actually present in this map.\nconst typesPresent = Array.from(new Set(DATA.nodes.map(d =&gt; d.type)));\nconst legend = document.getElementById(&#x27;legend&#x27;);\nlegend.innerHTML = &#x27;&lt;div class=&quot;legend-title&quot;&gt;Entity types&lt;\/div&gt;&#x27; + typesPresent.map(t =&gt;\n  &#x27;&lt;div class=&quot;legend-row&quot;&gt;&lt;span class=&quot;legend-dot&quot; style=&quot;background:&#x27; + (TYPE_COLORS[t] || &#x27;#64748b&#x27;) + &#x27;&quot;&gt;&lt;\/span&gt;&#x27; + (TYPE_LABELS[t] || t) + &#x27;&lt;\/div&gt;&#x27;\n).join(&#x27;&#x27;);\n\nwindow.addEventListener(&#x27;resize&#x27;, () =&gt; {\n  width = wrap.clientWidth; height = wrap.clientHeight;\n  simulation.force(&#x27;center&#x27;, d3.forceCenter(width \/ 2, height \/ 2));\n  simulation.alpha(0.3).restart();\n});\n&lt;\/script&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;\n\" style=\"width:100%;height:82vh;min-height:600px;border:1px solid #e2e8f0;border-radius:8px;\" title=\"Interactive topic map\"><\/iframe><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,47],"tags":[],"class_list":["post-5488","post","type-post","status-publish","format-standard","hentry","category-malware","category-threat_intel"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5488","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5488"}],"version-history":[{"count":0,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5488\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}