OpenAI is currently investigating a small number of reports indicating that the GPT-5.6 Codex unintentionally deleted files from users’ home directories. These incidents reportedly occurred when Codex was granted full filesystem access without the necessary sandbox protections or automated review…
Multiple TP-Link Cameras Vulnerability Allows Hackers to Launch MitM Attacks
TP-Link has released security updates for two vulnerabilities in its Kasa EC70 v4 and EC71 v4 smart cameras. These flaws, tracked as CVE-2026-9770 and CVE-2026-13230, could allow an attacker on the same local network to obtain sensitive information from vulnerable…
Top 10 Best Identity Threat Detection and Response (ITDR) Solutions in 2026
Identity has become the primary battleground of enterprise cybersecurity. Attackers increasingly bypass traditional defenses by stealing credentials, hijacking sessions, abusing privileged accounts, and exploiting misconfigurations across Active Directory, cloud platforms, SaaS applications, and non-human identities. Microsoft reported more than 7,000…
CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks
CISA has added a critical Microsoft SharePoint vulnerability, tracked as CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. This addition comes with a warning that attackers are actively exploiting the flaw in real-world attacks. The vulnerability stems from a weakness…
New ClickLock macOS Stealer Kills Every App to Force Password Entry
A newly discovered macOS malware dubbed ClickLock is raising alarms in the cybersecurity community for its aggressive and deceptive credential-harvesting techniques. According to researchers at Group-IB, the stealer employs a highly disruptive tactic that forcibly terminates running applications, effectively locking…
CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities
US government agencies have until July 19 to patch two critical Fortinet vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities
IT Security News Hourly Summary 2026-07-17 12h : 8 posts
8 posts were published in the last hour 9:40 : Hackers Use Paste-and-Run Commands to Deploy ClickLock Stealer Against Mac Users 9:39 : CISA Warns of Two Fortinet FortiSandbox Flaws Exploited to Execute Commands 9:38 : Google fixing Android lock…
Hackers Use Paste-and-Run Commands to Deploy ClickLock Stealer Against Mac Users
Hackers are actively targeting macOS users with a newly identified infostealer dubbed “ClickLock Stealer,” leveraging paste-and-run social engineering techniques to bypass Apple’s native security protections without requiring exploits or elevated privileges. Despite macOS protections such as Gatekeeper, Transparency, Consent, and…
CISA Warns of Two Fortinet FortiSandbox Flaws Exploited to Execute Commands
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities in Fortinet FortiSandbox to its Known Exploited Vulnerabilities (KEV) catalog. These flaws are actively being exploited in the wild to execute unauthorized commands on affected systems. The…
Google fixing Android lock screen bug that lets Gemini send SMS without a PIN
A specific multi-touch gesture bypasses an authentication prompt, allowing anyone to send messages This article has been indexed from www.theregister.com – Articles Read the original article: Google fixing Android lock screen bug that lets Gemini send SMS without a PIN
Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei
The company disconnected its systems on July 13 and is starting to gradually restore operations. The post Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Claude can now sign into websites with 1Password without exposing your credentials
1Password has introduced 1Password for Claude, a beta integration that lets Anthropic’s AI assistant complete browser tasks requiring authentication without accessing users’ passwords or other secrets. The integration is available to paid Claude subscribers (Pro, Max, Team, and Enterprise) using…
U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall and Microsoft flaws to its Known…
Risk Ledger Raises $32 Million in Series B Funding
The British firm has built a collaborative platform to help organizations address supply chain security risks. The post Risk Ledger Raises $32 Million in Series B Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat
Analysis of ransomware incidents by ReliaQuest indicates a shift in the ransomware landscape This article has been indexed from www.infosecurity-magazine.com Read the original article: The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat
Ransomware attack halts Coca-Cola’s Fairlife US milk production
A ransomware attack has stopped milk production at Fairlife, the Coca-Cola dairy brand known for its high-protein milk, protein shakes, and nutrition drinks. Coca-Cola disclosed the incident on July 16, 2026, in a Form 8-K filed with the U.S. Securities…
FaceTime Scammers Impersonate Banks and Support to Steal Money Through Video Calls
Scammers are increasingly turning to FaceTime video calls to impersonate banks, tech support agents, and government officials in order to steal money and sensit Thank you for being a Ghacks reader. The post FaceTime Scammers Impersonate Banks and Support to…
GPT-5.6 Codex Reportedly Wipes Files From Home Directories
Recent reports indicate that GPT-5.6 Codex has unintentionally deleted files in users’ home directories under certain configurations, raising concerns about the risks of running advanced AI coding agents with unrestricted access to the system. This issue, brought to light by…
CISA Warns of Fortinet FortiSandbox OS Injection Vulnerabilities Exploited in Attacks
CISA has added two critical Fortinet FortiSandbox vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, warning that attackers are actively exploiting the flaws in real-world attacks. The vulnerabilities, identified as CVE-2026-39808 and CVE-2026-25089, allow unauthenticated attackers to execute unauthorized operating…
Fresh SharePoint Vulnerability Exploited Soon After Disclosure
The critical-severity security defect allows remote, authenticated attackers to execute arbitrary code on the server. The post Fresh SharePoint Vulnerability Exploited Soon After Disclosure appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fresh…
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July…
ClickLock’s kill loops, TELEPUZ ClickFix tricks, 1Password’s agentic login
ClickLock stealer uses kill loops to force password entry TELEPUZ malware uses ClickFix to steal data and run commands 1Password’s new Agentic Mode lets Claude log into accounts Notes: https://cisoseries.com/cybersecurity-news-clicklocks-kill-loops-telepuz-clickfix-tricks-1passwords-agentic-login/ Huge thanks to our sponsor, ThreatLocker Every security leader is…
DeepSeek Prepares Next Funding Round On Heels Of $7bn Raise
Chinese AI darling reportedly begins preliminary talks for round valuing it at about $71bn, one month after it concluded first deal This article has been indexed from Silicon UK Read the original article: DeepSeek Prepares Next Funding Round On Heels…
IT Security News Hourly Summary 2026-07-17 09h : 9 posts
9 posts were published in the last hour 7:4 : GoSerpent Silently Steals Government Files for Weeks Before Sending Them to Hackers 6:34 : EU Orders Google To Make Changes To Android, Search 6:34 : Two Scattered Spider Hackers Jailed…