If Microsoft Defender quarantines BrowserModifier:Win32/MediaArena on one of your endpoints, the alert reads like a win. Our SOC data says treat it as a live persistence incident instead. In the case we timed, the payload finished writing its persistence 21…
Scammers weaponize FaceTime to drain bank accounts
Apple is warning iPhone and iPad users that scammers are using FaceTime calls to trick them into handing over money and account details. The company says scammers use social engineering, posing as representatives of a trusted company or entity, and…
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage
Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky,…
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a…
Three Steps to the Terminal: A Siemens ROX II Zero-Day Trilogy
A technical analysis of three chained zero-day vulnerabilities in Siemens ROX II OT switches that allow privilege escalation and persistent root access. The post Three Steps to the Terminal: A Siemens ROX II Zero-Day Trilogy appeared first on Unit 42.…
TP-Link Kasa Camera Flaws Let Attackers Steal Admin Credentials and Geolocation Data
TP-Link has revealed several serious vulnerabilities affecting its Kasa EC70 and EC71 smart camera models, which could expose users to credential theft and geolocation data leakage. These vulnerabilities are CVE-2026-9770 and CVE-2026-13230 and specifically affect version 4 of both devices.…
New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT
Russian-speaking UAT-11795 spreads trojanized Zoom, Webex, and MobaXterm installers to deliver Starland RAT and the WLDR memory-only implant. Cisco Talos researchers published a detailed technical report on July 16 disclosing UAT-11795, a financially motivated, Russian-speaking threat actor that has been…
CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging
More than three-quarters of European CISOs believe their C-suite doesn’t fully understand the cyber risk posed by their own employees, a gap that’s widening just as AI makes attacks on human judgement faster, more convincing and harder to spot. That’s…
GPT-5.6 Codex is Reportedly Deleting Files From Home Directories
OpenAI is currently investigating a small number of reports indicating that the GPT-5.6 Codex unintentionally deleted files from users’ home directories. These incidents reportedly occurred when Codex was granted full filesystem access without the necessary sandbox protections or automated review…
Multiple TP-Link Cameras Vulnerability Allows Hackers to Launch MitM Attacks
TP-Link has released security updates for two vulnerabilities in its Kasa EC70 v4 and EC71 v4 smart cameras. These flaws, tracked as CVE-2026-9770 and CVE-2026-13230, could allow an attacker on the same local network to obtain sensitive information from vulnerable…
Top 10 Best Identity Threat Detection and Response (ITDR) Solutions in 2026
Identity has become the primary battleground of enterprise cybersecurity. Attackers increasingly bypass traditional defenses by stealing credentials, hijacking sessions, abusing privileged accounts, and exploiting misconfigurations across Active Directory, cloud platforms, SaaS applications, and non-human identities. Microsoft reported more than 7,000…
CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks
CISA has added a critical Microsoft SharePoint vulnerability, tracked as CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. This addition comes with a warning that attackers are actively exploiting the flaw in real-world attacks. The vulnerability stems from a weakness…
New ClickLock macOS Stealer Kills Every App to Force Password Entry
A newly discovered macOS malware dubbed ClickLock is raising alarms in the cybersecurity community for its aggressive and deceptive credential-harvesting techniques. According to researchers at Group-IB, the stealer employs a highly disruptive tactic that forcibly terminates running applications, effectively locking…
CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities
US government agencies have until July 19 to patch two critical Fortinet vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities
IT Security News Hourly Summary 2026-07-17 12h : 8 posts
8 posts were published in the last hour 9:40 : Hackers Use Paste-and-Run Commands to Deploy ClickLock Stealer Against Mac Users 9:39 : CISA Warns of Two Fortinet FortiSandbox Flaws Exploited to Execute Commands 9:38 : Google fixing Android lock…
Hackers Use Paste-and-Run Commands to Deploy ClickLock Stealer Against Mac Users
Hackers are actively targeting macOS users with a newly identified infostealer dubbed “ClickLock Stealer,” leveraging paste-and-run social engineering techniques to bypass Apple’s native security protections without requiring exploits or elevated privileges. Despite macOS protections such as Gatekeeper, Transparency, Consent, and…
CISA Warns of Two Fortinet FortiSandbox Flaws Exploited to Execute Commands
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities in Fortinet FortiSandbox to its Known Exploited Vulnerabilities (KEV) catalog. These flaws are actively being exploited in the wild to execute unauthorized commands on affected systems. The…
Google fixing Android lock screen bug that lets Gemini send SMS without a PIN
A specific multi-touch gesture bypasses an authentication prompt, allowing anyone to send messages This article has been indexed from www.theregister.com – Articles Read the original article: Google fixing Android lock screen bug that lets Gemini send SMS without a PIN
Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei
The company disconnected its systems on July 13 and is starting to gradually restore operations. The post Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Claude can now sign into websites with 1Password without exposing your credentials
1Password has introduced 1Password for Claude, a beta integration that lets Anthropic’s AI assistant complete browser tasks requiring authentication without accessing users’ passwords or other secrets. The integration is available to paid Claude subscribers (Pro, Max, Team, and Enterprise) using…
U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall and Microsoft flaws to its Known…
Risk Ledger Raises $32 Million in Series B Funding
The British firm has built a collaborative platform to help organizations address supply chain security risks. The post Risk Ledger Raises $32 Million in Series B Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat
Analysis of ransomware incidents by ReliaQuest indicates a shift in the ransomware landscape This article has been indexed from www.infosecurity-magazine.com Read the original article: The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat
Ransomware attack halts Coca-Cola’s Fairlife US milk production
A ransomware attack has stopped milk production at Fairlife, the Coca-Cola dairy brand known for its high-protein milk, protein shakes, and nutrition drinks. Coca-Cola disclosed the incident on July 16, 2026, in a Form 8-K filed with the U.S. Securities…