<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>セキュリティガバナンス ニュースフィード (GCSD)</title>
    <link>https://sovereignsecurity.jp/</link>
    <description>世界のサイバーセキュリティ・ガバナンス・コンプライアンスニュースの集約フィード</description>
    <language>ja</language>
    <lastBuildDate>2026-07-17T14:02:58Z</lastBuildDate>
    <atom:link href="https://sovereignsecurity.jp/feed.xml" rel="self" type="application/rss+xml"/>
    <item>
      <title>北朝鮮の新たなキャンペーンは偽のコーディング面接を利用して開発者の資格情報を盗む</title>
      <link>https://www.elastic.co/security-labs/contagious-interview-malware-svg-steganography</link>
      <description>DPRK-aligned hackers hid malware inside SVG flag images to backdoor developer job interview coding tests. Not one antivirus vendor caught it.</description>
      <category>threat</category>
      <source>Elastic Security Labs</source>
      <pubDate>2026-07-18</pubDate>
      <enclosure url="https://www.elastic.co/security-labs/assets/images/contagious-interview-malware-svg-steganography/contagious-interview-malware-svg-steganography.webp" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>乳製品会社フェアライフ、サイバー事件を受けて米国での生産を一時停止</title>
      <link>https://therecord.media/dairy-company-fairlife-suspends-production-us-cyber-incident</link>
      <description>Fairlife’s U.S. operation includes plants in Michigan, New York and Arizona, and the company's retail sales passed $1 billion in 2022.</description>
      <category>regulation</category>
      <source>The Record</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="http://cms.therecord.media/uploads/milk_419eefab02.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>「Litigator of the Week」の次点および優秀賞</title>
      <link>https://www.gibsondunn.com/litigator-of-the-week-runner-up-and-shout-outs-2/</link>
      <description>First up this week is a Gibson, Dunn &amp; Crutcher team led by Barry Berke, Jordan Estes and Daniel Ketani. The post Litigator of the Week Runner-Up and Shout-Outs appeared first on Gibson Dunn .</description>
      <category>regulation</category>
      <source>Gibson Dunn (Cyber)</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>Gold Eagle Clearinghouse はセキュリティギャップをターゲットにしているが、その方法は不明</title>
      <link>https://www.darkreading.com/vulnerabilities-threats/gold-eagle-clearinghouse-targets-security-gap</link>
      <description>The White House launched Gold Eagle to coordinate vulnerability response in a new AI world, but multiple questions linger over how it's being implemented.</description>
      <category>threat</category>
      <source>Dark Reading</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blta7d85c41efe582eb/6a592f51435d222e500b875b/golden_eagle-Javier_Fernandez_Sanchez-Getty-578118565.jpg?width=720&amp;quality=80&amp;disable=upscale" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>ゼレンスキー氏、ウクライナ治安当局長官代理を国防大臣代理に任命</title>
      <link>https://therecord.media/ukraine-acting-defense-minister-yevhenii-khmara</link>
      <description>Yevhenii Khmara, a major general with deep experience in intelligence, counterterrorism and long-range strikes against Russia, is Ukraine's new acting defense minister.</description>
      <category>regulation</category>
      <source>The Record</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="http://cms.therecord.media/uploads/Yevhenii_Khmara_Ukraine_3f611ba324.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>Spirals ランサムウェアは 24 時間以内に被害者のシステムをロックダウンする</title>
      <link>https://www.helpnetsecurity.com/2026/07/17/spirals-ransomware-south-asia/</link>
      <description>A previously unknown ransomware strain called Spirals was used last month in an attack against an IT services company in South Asia, where attackers went from initial access to data theft and encrypting the network in less than 24 hours, according to Symantec’s Threat Hunter Team…</description>
      <category>threat</category>
      <source>Help Net Security</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>2026 年の新しい CISO 任命</title>
      <link>https://www.csoonline.com/article/4186743/new-ciso-appointments-2026.html</link>
      <description>The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitme…</description>
      <category>governance</category>
      <source>CSO Online</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://www.csoonline.com/wp-content/uploads/2026/07/4186743-0-76064400-1784291136-shutterstock_2460694851.jpg?quality=50&amp;strip=all" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>公開講座申込者向けの事前メールで誤送信 - 島根県立大</title>
      <link>https://www.security-next.com/187476</link>
      <description>島根県立大学は、公開講座の申込者にメールで資料を送信した際にミスがあり、メールアドレスが流出したことを明らかにした。</description>
      <category>incident</category>
      <source>Security NEXT</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>ポッドキャスト: 壊れたガバナンス、Agentic AI、MindStone エージェント限定</title>
      <link>https://www.securityweek.com/podcast-broken-governance-agentic-ai-and-the-mindstone-agent-exclusive/</link>
      <description>(Video) Artificial intelligence is transforming cybersecurity, but are governance, compliance, and security practices evolving fast enough to keep up? The post Podcast: Broken Governance, Agentic AI, and the MindStone Agent Exclusive appeared first on SecurityWeek .</description>
      <category>threat</category>
      <source>SecurityWeek</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>Google、「エージェントディフェンス」戦略で攻撃者を上回ることができると賭ける</title>
      <link>https://www.darkreading.com/cloud-security/google-bets-agentic-defense-strategy-outpace-attackers</link>
      <description>Google Cloud incorporates key Wiz capabilities into an agentic defense platform to automate threat detection and remediation against AI attacks.</description>
      <category>threat</category>
      <source>Dark Reading</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltce1b28d3805840ac/69b32c68d73e49322916d5a6/cloud-lightning-Athapet_Piruksa-shutterstock.jpg?width=720&amp;quality=80&amp;disable=upscale" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>欧州連合。 GoogleにAndroidのマイク、カメラ、スクリーンをライバルのAIアシスタントに開放するよう命令</title>
      <link>https://thehackernews.com/2026/07/eu-orders-google-to-open-android-mic.html</link>
      <description>The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the backgroun…</description>
      <category>threat</category>
      <source>The Hacker News</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdUt3BtyXt68oBeDmMvhp3Sg9c8WNu5xCMYsjqNGGg1A84ykQQ3qpk3Kfsq-msZGxHxtu-gZjML5fDvgV7CoakS6D-_-h2oWAd4m8b4dIS9p1C_003gGvCmg1SDwE7HYc64tdglQW5JWq6XYfssJibuxnxwtd7pu7fbvvkzDIPqdBOQwguwPKAXC2zVOU/s1600/google-android.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>Beacon Security、セキュリティ データ プラットフォームのために 1,300 万ドルを調達</title>
      <link>https://www.securityweek.com/beacon-security-raises-13-million-for-security-data-platform/</link>
      <description>The startup helps organizations detect, hunt, and protect their assets across environments at machine speed. The post Beacon Security Raises $13 Million for Security Data Platform appeared first on SecurityWeek .</description>
      <category>threat</category>
      <source>SecurityWeek</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>軍事自律を実現する競争が始まっています。信頼できる情報インフラストラクチャはこれに追いつくことができますか?</title>
      <link>https://thehackernews.com/2026/07/the-race-to-field-military-autonomy-is.html</link>
      <description>Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding program…</description>
      <category>threat</category>
      <source>The Hacker News</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaAyl6VLjAoHLEWzLPM62KM5v2ZmVOpPaZ8aA6Vxg2Ujn9iFLG02jpev-qcB_S3eTwxQAHb7Sf3BJQAc8xs_o3-7UcgQy5N1-4EqnuBXZ31GKauhespgW1G0Fgg7CzaLWk-cOJx8Bm6lQFPZROumwK-URHjQvJsyYhxjiEHHeia-vCh3rqeNYo3p2L-fI/s1600/military.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>国防総省のCMMCフェーズ2停止に対する業界の反応：金曜日のフィードバック</title>
      <link>https://www.securityweek.com/industry-reactions-to-pentagon-suspending-cmmc-phase-2-feedback-friday/</link>
      <description>Industry professionals broadly agree that the suspension pauses third-party CMMC audits but not the underlying legal obligation to protect CUI. The post Industry Reactions to Pentagon Suspending CMMC Phase 2: Feedback Friday appeared first on SecurityWeek .</description>
      <category>threat</category>
      <source>SecurityWeek</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>新しい Windows LegacyHive ゼロデイによりハッカーに管理者権限が与えられる</title>
      <link>https://www.bleepingcomputer.com/news/security/new-windows-legacyhive-zero-day-exploit-grants-hackers-admin-access/</link>
      <description>A security researcher using the "Nightmare Eclipse" handle has released a Windows zero-day exploit dubbed LegacyHive that allows attackers to escalate privileges on up-to-date Windows systems. [...]</description>
      <category>threat</category>
      <source>BleepingComputer</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>アルメニア、REvilハッカー容疑で米国の令状でロシア人観光客を拘束、弁護士らは人違いと主張</title>
      <link>https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html</link>
      <description>Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him out of the departure hall at Y…</description>
      <category>threat</category>
      <source>The Hacker News</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMuThPnDJrVLJe0_WqKVz_AE9vh2H5NFoGoYlcbqF99J6sjNeWxhrrAEZKsctTKWp4TaEQKQcsdejihH7wBzgS0eaiwJ9bp04rAo2H2d2C-aydo2wrPvhAQgRsP351HM-l0P3JBoHQkwwQPqKOSIaYLKQ4Dpb_F54BjqErS5AUa5Q9RAZttEZmK0Yvqwk/s1600/REvil-hacker.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>NSFOCUS テクノロジーは、第 17 回国際信頼性、保守、セキュリティ会議に登場し、インテリジェント エージェント向けのフルスタック セキュリティ保護システムの詳細な解釈を提供しました。</title>
      <link>https://blog.nsfocus.net/%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80%e4%ba%ae%e7%9b%b8%e5%8d%81%e4%b8%83%e5%b1%8a%e5%9b%bd%e9%99%85%e5%8f%af%e9%9d%a0%e6%80%a7%e7%bb%b4%e4%bf%ae%e6%80%a7%e5%ae%89%e5%85%a8%e6%80%a7%e4%bc%9a%e8%ae%ae/</link>
      <description>近日，第十七届国际可靠性、维修性、安全性会议（ICRMS2026）在广州圆满落幕。绿盟科技集团董事、高级副总裁 Read More</description>
      <category>threat</category>
      <source>绿盟科技 (NSFOCUS)</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>NSFOCUS テクノロジーが 2026 年の世界人工知能会議に登場 | AI セキュリティの強固な基盤を構築し、インテリジェンスの発展を永続的に保護します</title>
      <link>https://blog.nsfocus.net/%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80%e4%ba%ae%e7%9b%b82026%e4%b8%96%e7%95%8c%e4%ba%ba%e5%b7%a5%e6%99%ba%e8%83%bd%e5%a4%a7%e4%bc%9a-%e7%ad%91%e7%89%a2ai%e5%ae%89%e5%85%a8%e5%ba%95%e5%ba%a7%ef%bc%8c/</link>
      <description>7月17日，2026世界人工智能大会暨人工智能全球治理高级别会议（WAIC）在上海盛大召开，国家主席习近平出席 Read More</description>
      <category>threat</category>
      <source>绿盟科技 (NSFOCUS)</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>システムにサイバー攻撃か、影響範囲を調査 - 日産化学</title>
      <link>https://www.security-next.com/187519</link>
      <description>化学メーカーの日産化学は、同社システムが第三者によりサイバー攻撃を受けた可能性があることを明らかにした。調査を進めている。</description>
      <category>incident</category>
      <source>Security NEXT</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>小学校で児童の個人情報含む絵画作品を紛失 - 大阪市</title>
      <link>https://www.security-next.com/186819</link>
      <description>大阪市は、市内小学校において、児童の個人情報を含む絵画作品を紛失したことを明らかにした。</description>
      <category>incident</category>
      <source>Security NEXT</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>Lumenがヤンキー・スタジアムのネットワークをアップグレード</title>
      <link>https://cafe-dc.com/network/lumen-lights-up-network-upgrades-for-yankees-stadium/</link>
      <description>タンパから2本の100ギガの光ファイバー回線を介してスタジアムを接続 Lumen Technologiesは、フロリダ州タンパに... The post Lumenがヤンキー・スタジアムのネットワークをアップグレード first appeared on Data Center Café .</description>
      <category>governance</category>
      <source>Data Center Cafe</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>契約審査員がサポート詐欺被害、PC遠隔操作 - 海外貨物検査</title>
      <link>https://www.security-next.com/187392</link>
      <description>農産物の国際検査会社である海外貨物検査は、契約している有機JAS認証審査員がサポート詐欺の被害に遭い、貸与したパソコンが遠隔操作される状態となったことを明らかにした。</description>
      <category>incident</category>
      <source>Security NEXT</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>「SharePoint Server」の複数脆弱性悪用で対策呼びかけ - 米当局</title>
      <link>https://www.security-next.com/187553</link>
      <description>米サイバーセキュリティインフラストラクチャセキュリティ庁（CISA）は、「SharePoint Server」に関する複数の脆弱性が悪用されているとし、利用者にセキュリティ対策を呼びかけた。</description>
      <category>incident</category>
      <source>Security NEXT</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>詐欺師はFaceTimeを武器にして銀行口座を流出させる</title>
      <link>https://www.helpnetsecurity.com/2026/07/17/apple-facetime-calls-scams/</link>
      <description>Apple is warning iPhone and iPad users that scammers are using FaceTime calls to trick them into handing over money and account details. According to Apple, scammers pose as trusted organizations and use social engineering to convince people to hand over account credentials, secu…</description>
      <category>threat</category>
      <source>Help Net Security</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>ターミナルへの 3 つのステップ: Siemens ROX II ゼロデイ 3 部作</title>
      <link>https://unit42.paloaltonetworks.com/siemens-rox-ii-zero-day-vulnerabilities/</link>
      <description>A technical analysis of three chained zero-day vulnerabilities in Siemens ROX II OT switches that allow privilege escalation and persistent root access. The post Three Steps to the Terminal: A Siemens ROX II Zero-Day Trilogy appeared first on Unit 42 .</description>
      <category>threat</category>
      <source>Palo Alto Unit 42</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/07/03_Vulnerabilities_1920x900.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>サンフランシスコ、AppleとGoogleに対しAI「Nudify」アプリをApp Storeから削除するよう要求</title>
      <link>https://www.wired.com/story/san-francisco-demands-apple-and-google-delete-ai-nudify-apps-from-app-stores/</link>
      <description>The City Attorney’s Office sent the tech giants cease-and-desist letters this week telling them to stop profiting from 13 “face-swap” apps that are overwhelmingly used to target women and girls.</description>
      <category>threat</category>
      <source>WIRED Security</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://media.wired.com/photos/6a59432865c28720eb4e8366/master/pass/Security_San%20Francisco%20Tells%20Apple%20and%20Google%20To%20Stop%20Profiting%20From%20AI%20Nudifiers_v7.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>Nebius、クラウドポートフォリオにオンプレミスサービスを追加</title>
      <link>https://cafe-dc.com/cloud/nebius-adds-on-prem-partner-offering-to-its-cloud-portfolio/</link>
      <description>パートナー企業は自社のデータセンターにNebiusのクラウドを展開可能に Nebiusは、自社クラウドプラットフォームにオンプレ... The post Nebius、クラウドポートフォリオにオンプレミスサービスを追加 first appeared on Data Center Café .</description>
      <category>governance</category>
      <source>Data Center Cafe</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>CISA、積極的に悪用されているフォーティネットの重大な脆弱性に対する緊急パッチを義務付け</title>
      <link>https://www.infosecurity-magazine.com/news/cisa-urgent-patch-fortinet/</link>
      <description>US government agencies have until July 19 to patch two critical Fortinet vulnerabilities</description>
      <category>threat</category>
      <source>Infosecurity Magazine</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>Advanced Virtual Human Twins (VHT) プラットフォーム - 年次イベント</title>
      <link>https://digital-strategy.ec.europa.eu/en/events/advanced-virtual-human-twins-vht-platform-annual-event</link>
      <description>Advanced Virtual Human Twins (VHT) Platform - Annual Event Anonymous (not verified) Fri, 07/17/2026 - 11:30 20 October 2026 - 21 October 2026 Brussels and online The first annual event for the Advanced Virtual Human Twins (VHT) Platform will provide an opportunity to take stock o…</description>
      <category>ai_governance</category>
      <source>EU Digital Strategy</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://digital-strategy.ec.europa.eu/sites/default/files/styles/newsroom_large/public/newsroom/items/VHT_initiative_1_1QydykPYF5VHDp7lb9wjrt3Hk_241137.jpg?itok=BcY1rHJw" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>Nvidia、Noetraと提携し、日本で140MWの「Vera Rubin」クラスターを構築</title>
      <link>https://cafe-dc.com/hpc/nvidia-partners-with-noetra-for-140mw-vera-rubin-cluster-in-japan/</link>
      <description>「 AI Factory」は、日本政府のAIロボティクス戦略を支援する Nvidiaは、日本国内にVera Rubinベースの「A... The post Nvidia、Noetraと提携し、日本で140MWの「Vera Rubin」クラスターを構築 first appeared on Data Center Café .</description>
      <category>governance</category>
      <source>Data Center Cafe</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>クロードは資格情報を公開せずに 1Password を使用して Web サイトにサインインできるようになりました</title>
      <link>https://www.helpnetsecurity.com/2026/07/17/1password-anthropic-claude-integration/</link>
      <description>1Password has introduced 1Password for Claude, a beta integration that lets Anthropic’s AI assistant complete browser tasks requiring authentication without accessing users’ passwords or other secrets. The integration is available to paid Claude subscribers (Pro, Max, Team, and E…</description>
      <category>threat</category>
      <source>Help Net Security</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>Windows Server 2022 のメインストリーム サポートが 90 日後に終了します</title>
      <link>https://www.bleepingcomputer.com/news/microsoft/windows-server-2022-reach-end-of-mainstream-support-in-90-days/</link>
      <description>Microsoft announced that Windows Server 2022 will reach the mainstream end date in October 2026, but will switch to extended support and continue receiving security updates for five more years. [...]</description>
      <category>threat</category>
      <source>BleepingComputer</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>サイバー攻撃で日本の冷凍食品大手ニチレイの経営が混乱</title>
      <link>https://www.securityweek.com/cyberattack-disrupts-operations-of-japanese-frozen-food-giant-nichirei/</link>
      <description>The company disconnected its systems on July 13 and is starting to gradually restore operations. The post Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei appeared first on SecurityWeek .</description>
      <category>threat</category>
      <source>SecurityWeek</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>SaaS の盲点: セキュリティ チームが自分のアプリの内部に入り込めない理由</title>
      <link>https://www.csoonline.com/article/4197923/the-saas-blind-spot-why-security-teams-cant-get-inside-their-own-apps.html</link>
      <description>Most organizations I work with have invested heavily in cloud security. They have endpoint detection tools, SIEM platforms, cloud security posture management, and skilled security teams running on a 24/7 shift. And yet, when I ask them a simple question — who has admin access in</description>
      <category>governance</category>
      <source>CSO Online</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://www.csoonline.com/wp-content/uploads/2026/07/4197923-0-81643600-1784278972-waldemar-brandt-5m1AJTzf9d4-unsplash.jpg?quality=50&amp;strip=all" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>ジェントルマンが最も多大なランサムウェアの脅威として Qilin を追い越す</title>
      <link>https://www.infosecurity-magazine.com/news/the-gentlemen-most-prolific/</link>
      <description>Analysis of ransomware incidents by ReliaQuest indicates a shift in the ransomware landscape</description>
      <category>threat</category>
      <source>Infosecurity Magazine</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>ACR Stealer は ClickFix ルアーを使用してブラウザー トークンと Microsoft 365 ファイルを盗みます</title>
      <link>https://thehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html</link>
      <description>ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a…</description>
      <category>threat</category>
      <source>The Hacker News</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj5a79jcbSLlpVrk_Tkl4E0wiB47Zu2a7V3UrYOddEgvO0bNMVU1VzwmLIK-Ac8I71znO7vmH7QSDdF9cg4-VeEzLo_7InYxfc5yaXG8Ziv-nVAK1qRCkTx73CVKtLOESbkL2yUF9srs53F9hLAkXt9hsiSTjntbS3ThRVi3ApZniyKapqVAgz9PEuW9o/s1600/clicks.png" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>新しい GoSerpent マルウェア、東南アジアの政府と外交官をスパイ活動の標的に</title>
      <link>https://thehackernews.com/2026/07/new-goserpent-malware-targets-southeast.html</link>
      <description>Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company K…</description>
      <category>threat</category>
      <source>The Hacker News</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzr3TN2Kp4PBOBbzsR0RkNNu6_pMaYw05DjwQIegOdSeuDW5SAivGHOy3Qznjx5KJUTuiPRqAJsTDpM1O94X_FuG2sXAjD84rgPHwGxp2tFuP53Dm8pd-9bInejjZY7wx1jLBWu_EikCQ4HACf6J5Ycc3-kiTVE6-83MtCDCsL71o-7sFema5tOIV4IcJm/s1600/GoSerpent-malware.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>偽の TTF ファイルが世界的なフィッシング活動でステルスマルウェアを配信</title>
      <link>https://www.csoonline.com/article/4198165/fake-ttf-files-deliver-stealthy-malware-in-global-phishing-campaign.html</link>
      <description>Threat actors are now abusing an ordinary font file to deliver low-detection malware capable of stealing credentials and establishing persistence on compromised Windows systems. According to a new research from Fortinet’s FortiGuard Labs, a global phishing campaign is actively us…</description>
      <category>governance</category>
      <source>CSO Online</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://www.csoonline.com/wp-content/uploads/2026/07/4198165-0-01848300-1784277918-shutterstock_1302585142.jpg?quality=50&amp;strip=all" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>Risk Ledger、シリーズB資金調達で3,200万ドルを調達</title>
      <link>https://www.securityweek.com/risk-ledger-raises-32-million-in-series-b-funding/</link>
      <description>The British firm has built a collaborative platform to help organizations address supply chain security risks. The post Risk Ledger Raises $32 Million in Series B Funding appeared first on SecurityWeek .</description>
      <category>threat</category>
      <source>SecurityWeek</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>米国、投資詐欺による4,300万ドルの洗浄で2人を起訴</title>
      <link>https://www.bleepingcomputer.com/news/security/us-charges-two-over-laundering-43-million-from-investment-fraud/</link>
      <description>U.S. prosecutors on Thursday charged a New York man and woman for their roles in a large-scale crime ring that laundered money stolen in cyber investment fraud scams. [...]</description>
      <category>threat</category>
      <source>BleepingComputer</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>ランサムウェア攻撃でコカ・コーラのフェアライフ米国牛乳生産が停止</title>
      <link>https://www.helpnetsecurity.com/2026/07/17/coca-cola-fairlife-ransomware-attack/</link>
      <description>A ransomware attack has stopped milk production at Fairlife, the Coca-Cola dairy brand known for its high-protein milk, protein shakes, and nutrition drinks. Coca-Cola disclosed the incident on July 16, 2026, in a Form 8-K filed with the U.S. Securities and Exchange Commission (S…</description>
      <category>threat</category>
      <source>Help Net Security</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>SharePoint の新たな脆弱性が公開直後に悪用される</title>
      <link>https://www.securityweek.com/fresh-sharepoint-vulnerability-exploited-soon-after-disclosure/</link>
      <description>The critical-severity security defect allows remote, authenticated attackers to execute arbitrary code on the server. The post Fresh SharePoint Vulnerability Exploited Soon After Disclosure appeared first on SecurityWeek .</description>
      <category>threat</category>
      <source>SecurityWeek</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>CISA、積極的に悪用されたフォーティネットの欠陥に対する即時措置を要請</title>
      <link>https://www.bleepingcomputer.com/news/security/cisa-warns-feds-to-patch-exploited-fortinet-fortisandbox-flaws-by-sunday/</link>
      <description>CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. [...]</description>
      <category>threat</category>
      <source>BleepingComputer</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>上級幹部がシャドウ AI 戦略を台無しにしている</title>
      <link>https://www.csoonline.com/article/4198007/senior-executives-are-killing-your-shadow-ai-strategy.html</link>
      <description>Shadow IT has long been a major problem for CISOs, but the biggest problem may be coming from the executive suite’s hunger for unsanctioned AI. Nearly two-thirds of senior decision-makers admit to using unapproved AI tools , compared to just 31% of lower-level employees, accordin…</description>
      <category>governance</category>
      <source>CSO Online</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://www.csoonline.com/wp-content/uploads/2026/07/4198007-0-31973100-1784271748-ai-regulations-shutterstock_2690619329.jpg?quality=50&amp;strip=all" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>CISA、悪用された SharePoint RCE ゼロデイ CVE-2026-58644 を KEV に追加</title>
      <link>https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html</link>
      <description>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fi…</description>
      <category>threat</category>
      <source>The Hacker News</source>
      <pubDate>2026-07-17</pubDate>
      <enclosure url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH1X7ZnvKsW37BBvjNfEzT4Imh9ZIRL4_2W1JaNVe_MyO3Q5H1MPsET-SASqznhlfOExRrLj4-6NzhgvGi76w4U5tSmlM-pJLIqO5jF3g9G1DR_FNhuwcatBFb8ARvD4PPMiQvMCFiTlEOlc13nQbQqCn5ZHf1J2ZOqDeG3_pmBiQ92hTfMErJKcjKbNtZ/s1600/sharepoint-cisa.jpg" type="image/jpeg" length="0"/>
    </item>
    <item>
      <title>データ分析可視化製品「Ivanti Xtraction」に複数脆弱性</title>
      <link>https://www.security-next.com/187544</link>
      <description>Ivantiは現地時間2026年7月14日、セキュリティアドバイザリを公開し、データ分析可視化製品「Ivanti Xtraction」に関する脆弱性について明らかにした。</description>
      <category>incident</category>
      <source>Security NEXT</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>コカ・コーラ、ランサムウェア攻撃のため米国のフェアライフの生産を一時停止</title>
      <link>https://www.securityweek.com/coca-cola-suspends-us-fairlife-production-due-to-ransomware-attack/</link>
      <description>The company has yet to determine the full scope, nature, and impact of the incident. The post Coca-Cola Suspends US Fairlife Production Due to Ransomware Attack appeared first on SecurityWeek .</description>
      <category>threat</category>
      <source>SecurityWeek</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>プロンプト インジェクションは Web エージェント時代の XSS になりつつあります</title>
      <link>https://www.helpnetsecurity.com/2026/07/17/xss-web-agent-prompt-injection/</link>
      <description>Autonomous web agents read whatever a page displays, and much of that content comes from strangers. Product reviews, seller listings, and advertisements sit beside trusted site menus on a single page. An agent that reads all of that text as instructions can be steered by any of i…</description>
      <category>threat</category>
      <source>Help Net Security</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>ダッシュボードデザインの実践ガイドブックとデザインテンプレートにおいてカラーコードを更新しました</title>
      <link>https://www.digital.go.jp/resources/dashboard-guidebook</link>
      <description></description>
      <category>governance</category>
      <source>デジタル庁 新着情報</source>
      <pubDate>2026-07-17</pubDate>
    </item>
    <item>
      <title>企画競争：補助申請及び運用経費最適化に向けた見積書・経費資料の確認観点整理業務を掲載しました</title>
      <link>https://www.digital.go.jp/procurement</link>
      <description></description>
      <category>governance</category>
      <source>デジタル庁 新着情報</source>
      <pubDate>2026-07-17</pubDate>
    </item>
  </channel>
</rss>
