
Loading summary
A
From the CISO series, it's Cybersecurity Headlines
B
these are the cybersecurity headlines for Friday, July 17, 2026. I'm Steve Prentiss. Click Lock Stealer uses kill loops to force password entry Another new Mac OS stealer has been observed, this one using a ClickFix style lure with a coercion routine that renders the machine unusable until the victim surrenders their password. Password researchers at Group IB published a report on June 16 about the malware dubbed Click Lock Stealer, which has racked up at least 100 victims across 33 countries in about two months. If the victim enters their password on the first prompt from the stealer, its operator receives it with a system fingerprint. If the victim cancels the act, the orchestrator installs two launch agents so both credential modules would be relaunched on the next login. Group IB urges users to treat any website, instructing them to paste a command into Terminal as an attack attempt and to force shutdown and boot into safe mode rather than enter a password if the desktop suddenly starts killing applications. Telepooz malware uses ClickFix to steal data and run commands Cybersecurity researchers at Elastic Security Labs are warning of a new modular malware called Telepews that is T E L E P U that has been spreading across websites that have been infected with Click Fix lures, once again. In operation since late April 2026, it is described as full featured, lightweight and modular. This malware uses clipboard hijacking because web pages using Click Fix inject malicious script or commands into a potential victim's clipboard and provide instructions to paste and run them. It's also referred to as paste jacking. More details on this technique and the malware's operation are available in the show notes to this episode. 1Password's new agentic mode lets Claude log into accounts. For those wondering how to set an AI loose on a project without giving it complete access to your protected resources, password Management company 1Password has announced that it has built an integration with Claude that allows Claude to request access to services from 1Password. The central idea is that Claude never sees the password. Instead, it requests a password. One Password offers up an authorization sheet that requires approval, and then those credentials are filled in at the desired destination site, all without Claude ever getting access to a single password or authentication code. Specifically, access is granted per session, scoped to a specific task, and does not carry over. There is no standing Access. According to 1Password. This Agentic mode will be available to all 1Password users as of now Scattered Spider duo sentenced over transport for London attack the two members of the Scattered Spider gang, aged 18 and 20, were each sentenced to five and a half years. The judge allowed the pair a 15% reduction in their sentences for pleading guilty and noted their immaturity, but at the same time their sophistication and that they both knew the criminality of their actions. The judge also acknowledged both defendants neurodiversity in passing the sentence, which he said was the most lenient while still reflecting the seriousness of their offences. Huge thanks to our sponsor ThreatLocker, every security leader is being asked the same question right now. How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption, behind AI, behind automation, and behind every major technology decision. ThreatLocker helps organizations take a zero trust approach to that challenge, giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support cybersecurity headlines, because security works best when innovation and control move together. Cyber attack on Japan's largest cold chain operator disrupts KFC and supermarkets this cyber attack impacted Nicherai Logistics Group, which transports frozen and refrigerated food for about 5,000 customers across Japan. The company experienced a system outage on Monday and has now confirmed that hackers breached its servers. Its containment measures included disconnecting key systems, including warehouse operations and frozen food shipments. The Cherai has not publicly identified who was behind the attack or how the attackers gained access, saying it is withholding technical details to avoid security risks. It also remains unclear whether ransomware was involved. Russian hackers trojanize WebEx and Zoom apps to push Starland malware, according to researchers at Cisco Talus. A Russian threat actor tracked as UAT 11795 is using Trojanized software to steal credentials and cryptocurrency by deploying a new backdoor called Starland Rat. The attacks have been occurring since at least June of this year and have focused on users in the U.S. although victims in Germany, Romania and Venezuela have been observed as well. The payload is being distributed through Trojanized installers for legitimate software such as Mobaxterm, Webex, Zoom, Dbeaver and FaceIt, likely using the ClickFix method. Windows 10 remains popular despite security and support issues, according to asset tracking service lansweeper. Roughly one in every six machines that it monitors still runs the older os. This presents a growing security problem as support options run out. Consumer devices can receive security updates until 10-12-2027, while commercial customers willing to pay can extend coverage until October 10, 2028. After that, the fixes stop. Lansweeper estimates that 21.4% of small and medium business machines still run Windows 10, with cost usually being the constraint that keeps the legacy operating system running. The exposure in healthcare and Pharmaceuticals sees 23% of systems continuing to use Windows 10, while consumer and retail devices hover at 22.7%. Lansweeper's data shows that a Windows 10 device carries an average of 1,903 active CVEs, compared to 652 on Windows 11. AI data centers being Built Faster than they can be secured an article in Security Week illustrates the danger of rapid growth in AI data center builds, which suggests that those building this new type of data center at speed do not readily understand the difference between traditional data centers and AI data centers, and the result is leaving the new AI data centers open to a new scale of risk. The difference, writer Kevin Townsend says, is that traditional data centers are primarily data processing warehouses serving a known clientele. AI data centers are more akin to high power data compute factories serving a larger and unknown clientele. This makes them consequently more vulnerable to being exploited by AI enabled threat actors. A link to this article is available in the show Notes to this Episode if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.
B
It.
Cybersecurity Headlines: July 17, 2026 — Podcast Summary
Host: Steve Prentiss
This episode covers the latest trends and incidents in cybersecurity as of July 17, 2026. Key topics include new and evolving malware targeting macOS and web users, innovative secure login proposals leveraging AI, a major logistics company cyberattack, sentencing of cybercriminals, nefarious use of Trojanized productivity apps, persistent Windows 10 security risk, and concerns about securing rapidly growing AI data centers.
"If the victim enters their password on the first prompt...the operator receives it with a system fingerprint." (Steve Prentiss, 00:21)
"Web pages using Click Fix inject malicious script or commands into a potential victim’s clipboard and provide instructions to paste and run them." (Steve Prentiss, 01:36)
"Claude never sees the password...access is granted per session, scoped to a specific task, and does not carry over." (Steve Prentiss, 02:36)
"The judge...acknowledged both defendants' neurodiversity in passing the sentence, which he said was the most lenient while still reflecting the seriousness of their offences." (Steve Prentiss, 03:33)
"The Cherai has not publicly identified who was behind the attack or how the attackers gained access..." (Steve Prentiss, 04:34)
"The payload is being distributed through Trojanized installers for legitimate software such as Mobaxterm, Webex, Zoom..." (Steve Prentiss, 05:20)
"A Windows 10 device carries an average of 1,903 active CVEs, compared to 652 on Windows 11." (Steve Prentiss, 06:08)
"AI data centers are more akin to high power data compute factories serving a larger and unknown clientele. This makes them consequently more vulnerable to being exploited by AI enabled threat actors." (Steve Prentiss, 07:06)
The episode maintains an informative, urgent tone, balancing technical detail with actionable advice. Host Steve Prentiss anchors each story with clarity and pertinence to today's security environment.