ClickLock stealer uses kill loops to force password entry TELEPUZ malware uses ClickFix to steal data and run commands 1Password’s new Agentic Mode lets Claude log into accounts Notes: https://cisoseries.com/cybersecurity-news-clicklocks-kill-loops-telepuz-clickfix-tricks-1passwords-agentic-login/ Huge thanks to our sponsor, ThreatLocker Every security leader is…
DeepSeek Prepares Next Funding Round On Heels Of $7bn Raise
Chinese AI darling reportedly begins preliminary talks for round valuing it at about $71bn, one month after it concluded first deal This article has been indexed from Silicon UK Read the original article: DeepSeek Prepares Next Funding Round On Heels…
IT Security News Hourly Summary 2026-07-17 09h : 9 posts
9 posts were published in the last hour 7:4 : GoSerpent Silently Steals Government Files for Weeks Before Sending Them to Hackers 6:34 : EU Orders Google To Make Changes To Android, Search 6:34 : Two Scattered Spider Hackers Jailed…
GoSerpent Silently Steals Government Files for Weeks Before Sending Them to Hackers
A sophisticated cyber espionage campaign targeting government and diplomatic organizations across Southeast Asia has used a Go-based remote access Trojan, dubbed GoSerpent, to collect sensitive documents for weeks before exfiltrating them via network shares. Researchers first identified the activity in…
EU Orders Google To Make Changes To Android, Search
Under two EU specification measures, Google must give third-party AI tools broader access to Android and share more search data with rivals This article has been indexed from Silicon UK Read the original article: EU Orders Google To Make Changes…
Two Scattered Spider Hackers Jailed in UK’s Largest Cybercrime Prosecution
Two alleged leading members of the Scattered Spider cybercrime collective have been sentenced to five years and six months in prison each for their involvement in the 2024 cyberattack on Transport for London (TfL). The National Crime Agency (NCA) described…
Coca-Cola Suspends US Fairlife Production Due to Ransomware Attack
The company says the incident has not affected product quality and safety, nor Fairlife’s Canada production. The post Coca-Cola Suspends US Fairlife Production Due to Ransomware Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Prompt injection is becoming the XSS of the web agent era
Autonomous web agents read whatever a page displays, and much of that content comes from strangers. Product reviews, seller listings, and advertisements sit beside trusted site menus on a single page. An agent that reads all of that text as…
China’s Moonshot AI Set To Narrow Anthropic Performance Gap
Beijing-based start-up reportedly plans Kimi K3 release in coming days, with open model set to surpass performance of Anthropic’s Opus 4.8 This article has been indexed from Silicon UK Read the original article: China’s Moonshot AI Set To Narrow Anthropic…
Linux Creator Linus Torvalds Rejects Anti-AI Push and Defends LLM Tools
Linux creator and top-level kernel maintainer Linus Torvalds has made it clear that the Linux kernel project will not adopt an anti-AI stance. He believes that large language models and related tools should be assessed based on their technical value…
7-Zip Vulnerability Lets Attackers Trigger Heap Buffer Overflow Using Malicious Files
A newly disclosed vulnerability in 7-Zip could allow attackers to execute arbitrary code by tricking users into opening a specially crafted XZ-compressed file. Tracked as CVE-2026-14266 and identified by Trend Micro’s Zero Day Initiative as ZDI-26-444 (ZDI-CAN-30169), the flaw is…
The script, not the voice, is what makes AI voice phishing work
The call comes in at 4:40 on a Friday. The voice belongs to a senior manager, or sounds close enough, and she needs a password reset before a flight. She is polite, she is in a hurry, and she has…
ACR Stealer Uses ClickFix, WebDAV, and Steganography to Steal Browser Credentials and Tokens
A surge in ACR Stealer activity from late April through mid-June 2026, with operators combining ClickFix social engineering, WebDAV-hosted payloads, PowerShell obfuscation, and steganography to compromise enterprise users. The malware operations rely on ClickFix social-engineering lures to trick victims into…
Two Hackers Jailed for Hacking 148 TfL Systems, Forcing Password Reset for 27,000 Staff
Two young members of the Scattered Spider cybercrime group have been jailed for a 2024 attack that knocked out 148 Transport for London (TfL) systems, forced all 27,000 staff to reset passwords in person, and cost the organization about £29…
The five step plan that cuts security budget waste
In this Help Net Security video, Viktor Bulanek, CTO of Penetrify, explains where security budget waste comes from. Budgets get built around vendor categories, compliance checkboxes, and last year’s headlines. Attackers work along attack paths, and that mismatch is where…
AnyDesk Zero-Day Flaw Allows Local Attackers to Trigger System-Wide Denial-of-Service
A newly disclosed zero-day vulnerability in AnyDesk has the potential to allow a local attacker to trigger a denial-of-service condition by exploiting the remote-access software’s “Send Support Information” feature. The advisory, tracked as ZDI-26-401 and ZDI-CAN-26645, was published by Trend…
Five-Layer Fileless Malware Uses JScript and PowerShell to Evade AMSI and Load .NET Payload
An active phishing campaign using a five-layer, fileless malware loader to evade Microsoft’s Antimalware Scan Interface (AMSI), static detection controls, and disk-based forensic analysis. The campaign delivers a Windows Script Host JScript payload inside a TAR archive disguised as a…
A hard drive reliability check on 341,263 drives, from 4TB to past 20TB
Large cloud storage operators track their hard drives every day, recording which units keep running and which ones drop off the racks. Backblaze does this at scale, and its Q1 2026 report covers a fleet built for continuous use. The…
New infosec products of the week: July 17, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Cloudflare, Lineation.ai, Nudge Security, and Polygraf AI. Polygraf AI Meeting Guard delivers real-time deepfake detection for enterprise meetings Polygraf AI has announced Meeting Guard, a…
7-Zip Vulnerability Exposes Millions of Users to Remote Code Execution Risk
A newly disclosed vulnerability in 7-Zip, one of the most widely used open-source file archiving tools, could allow remote attackers to execute arbitrary code on affected systems. Tracked as CVE-2026-14266, the flaw stems from improper handling of XZ chunked data…
Two Hackers Jailed for Hacking 148 TfL Systems, Forcing Password Reset for 27,000 staffs
Two young members of the Scattered Spider cybercrime group have been jailed for a 2024 attack that knocked out 148 Transport for London (TfL) systems, forced all 27,000 staff to reset passwords in person, and cost the organization about £29…
ISC Stormcast For Friday, July 17th, 2026 https://isc.sans.edu/podcastdetail/10012, (Fri, Jul 17th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, July 17th, 2026…
South Korea making its own security-centric AI model
Adapting existing local LLM project for security and sovereignty purposes and hopes to one day match Mythos This article has been indexed from www.theregister.com – Articles Read the original article: South Korea making its own security-centric AI model
Scattered Spiders sentenced, OpenAI builds an AI that breaks AIs, and Iran leans on ChatGPT
Two leading Scattered Spider members, Thaila Jubar and Owen Flowers, were sentenced to five years and six months for the 2024 Transport for London hack that knocked 148 systems offline, forced 27,000 password resets, stole customer data, and cost TfL…