ACR Stealer Uses ClickFix, WebDAV, and Steganography to Steal Browser Credentials and Tokens

A surge in ACR Stealer activity from late April through mid-June 2026, with operators combining ClickFix social engineering, WebDAV-hosted payloads, PowerShell obfuscation, and steganography to compromise enterprise users. The malware operations rely on ClickFix social-engineering lures to trick victims into…

Why CISOs should automate SBOM management with AI

<p>Modern software runs on open source. Nearly all codebases — 98% — contain open source code, according to a 2026 <a target=”_blank” href=”https://www.blackduck.com/content/dam/black-duck/en-us/reports/rep-ossra.pdf” rel=”noopener”>report</a> from cybersecurity vendor Black Duck, which scanned 947 codebases and analyzed nearly 3,000 individual projects between…

IT Security News Daily Summary 2026-07-16

170 posts were published in the last hour 21:35 : How mapping security controls can ease the compliance burden 21:34 : Coca-Cola suspended production at its Fairlife dairy after a ransomware attack 20:34 : Wordfence Intelligence Weekly WordPress Vulnerability Report…