
Loading summary
A
From the CISO series. It's Cybersecurity Headlines
B
these are the cybersecurity headlines for Thursday, July 16, 2026 I'm Sara Lane. Zoom's account takeover wake Up Call Zoom patched a critical input validation flaw in its Windows software that could let an attacker take over a Zoom account over the network. The attack doesn't require a login and and the victim doesn't have to click anything. The bug affects older versions of Zoom Workplace for Windows, the Windows VDI client, and the Windows Meeting SDK. Zoom hasn't said the flaw is being exploited, but because a successful attack could expose meetings, chats, contacts and other account data, the company is urging customers to update. 20 Days 1 Urgent SonicWall Patch SonicWall says attackers are exploiting two flaws in its SMA 1000 remote access appliances, the boxes that companies use to give employees and contractors secure access to internal networks. One is a maximum severity server side request forgery bug that can be reached without authentication this the other is a code injection flaw that can let an authenticated administrator run operating system commands on the device. CISA has added both bugs to its known Exploited Vulnerabilities catalog. Federal agencies have until July 17 to Patch. Private organizations are being asked to treat this with the same urgency. 23andMe's Reach Bill Keeps Growing 23andMe's 2023 breach has produced another settlement with a coalition of 42 state attorneys general. The states will receive $18 million from the company's bankruptcy funds to resolve claims tied to the breach, which exposed genetic and personal information belonging to 6.9 million people around the world. Attackers initially broke into about 14,000 accounts using reused passwords, then used the DNA relatives feature to reach data connected to millions more profiles, which included ancestry details, birth years, locations, family connections and some health and genetic data. This comes after a June $46.75 million class action settlement for US customers. The e card with remote access researchers at For Scout have detailed seasonal Invite, a phishing campaign that turns the familiar E Card into a remote access trap. Since at least January, attackers have been sending fake holiday and party invitations that persuade Windows and Mac users to install legitimate remote monitoring and management software tools that are normally used by IT teams, which means they're signed, trusted, less likely to set off the same alarms as custom malware. But once installed, they give the attacker persistent control of the computer and a path to steal data or deploy more malicious software. Forrescout says parts of the campaign appear to have been built with AI assistance, making them easier to create and change as the calendar moves from one seasonal event to the next. Huge thanks to our sponsor, Threat Locker. Every security leader is being asked the same question right now. How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption, behind AI, behind automation, and behind every major technology decision. ThreatLocker helps organizations take a zero trust approach to that challenge, giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support cyber cybersecurity headlines, because security works when innovation and control move together. Okobot goes seed hunting Kaspersky Researchers say okobot is not a single piece of malware, but a modular framework with more than 20 payloads for stealing files, browser data, credentials, and cryptocurrency. One component, known as seed Hunter, waits for a ledger or Trezor hardware wallet to be connected, then injects a fake recovery screen directly into the legitimate desktop wallet app. Because the surrounding software is real, the request for the recovery phase can look much more convincing than an ordinary phishing page. If the user enters the words, okobot sends the seed phrase and device details to its command and control server, giving the criminals everything they need to drain that wallet. The campaign has reached hundreds of victims in more than 25 countries, with infections spreading through click fix lures and fake Software packages on GitHub. Patch Tuesday breaks the bug counter Microsoft's July Patch Tuesday set a new record with fixes for 570 security flaws, nearly three times the previous month's total. The release included 59 critical bugs, 145 remote code execution flaws, and 254 privilege escalation issues. Two zero days were already being used in attacks, one in Active Directory Federation services and another in SharePoint, both of which can help an attacker gain higher privileges after getting a foothold. Microsoft also fixed a publicly disclosed BitLocker bypass, bringing the month's zero day count to three. The big total doesn't mean that 570 bugs are being actively exploited. That would suck, but it does give Windows and enterprise administrators an unusually large testing and patching job. IBM rallies cybersecurity accidentally Cybersecurity stocks surged after IBM CEO Arvind Krishna described customers as being distracted by by rapidly changing security threats. Companies are still pouring a lot of money into scarce AI servers and storage and memory, but Krishna's comments suggested those projects aren't pushing cybersecurity out of the budget. Investors apparently took that as a signal. The AI boom is creating more systems, data and identities that need protection. Crowdstrike, Okta, Palo Alto Networks and Fortinet stocks all rose as a result, even though IBM's own shares fell on disappointing preliminary results. Gemini Gets a Botnet side Hustle Trend Micro researchers say a Russian speaking attacker used Google's open source Gemini CLI as a hands on assistant for building and running a small botnet. It wasn't a flaw in Gemini itself. Instead, the attacker supplied a jailbreak prompt and a detailed playbook that told the tool it was doing authorized penetration testing. Then Gemini helped write code, moved the command and control system to a new server, configure a cloudflare tunnel and troubleshoot the migration when infected machines failed to reconnect. This all took about 66 minutes, and the attacker later used ordinary natural language prompts to check which computers were online, list files and generate new infection links. In practice, the botnet controlled eight machines at a dental clinic and had access to its open dental database. If you have any thoughts on the news from today or about our show in general, be sure to reach out to us. Feel free. Feedbackisoseries.com we'd love to hear from you. I am Sarah Lane reporting for the CISO series. Stay Cool and Stay Safe.
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.
Host: Sara Lane, CISO Series
Theme: Rapid-fire coverage of major cybersecurity incidents, vulnerabilities, threat trends, and industry moves—highlighting urgent software flaws, creative attacks, consequences of breaches, and the evolving intersection of AI and security.
[00:12]
[00:38]
[01:24]
[02:10]
[04:00]
[05:09]
[06:07]
[07:02]
This episode highlights the immense velocity, breadth, and creative complexity of the cybersecurity threat landscape, from silent Zoom attacks and urgent SonicWall patches to phishing tactics leveraging holiday e-cards and the weaponization of AI. Host Sara Lane emphasizes the critical importance of patching, user vigilance, and security innovation, while industry reactions and notable breaches—such as 23andMe—reveal the far-reaching consequences of security lapses. AI’s double-edged sword—amplifying both attacker capabilities and defensive innovation—emerges as a recurring, urgent theme.