IT Security Newsletter

IT Security Newsletter - 7/17/2026

Written by Cadre | Fri, Jul 17, 2026

Iran-nexus actors using AI to enhance cyber playbook

Threat actors linked to Iran are using artificial intelligence to enhance their cyber and information warfare capabilities, putting the U.S. and its allies at higher risk of asymmetric attack, according to a report released Thursday by Recorded Future. Iran-nexus actors have used generative AI and large language models in a range of activities, including the development of malware, conducting research on industrial control systems, exploiting software vulnerabilities and other uses. READ MORE...

Ransomware attack halts Coca-Cola's Fairlife US milk production

A ransomware attack has stopped milk production at Fairlife, the Coca-Cola dairy brand known for its high-protein milk, protein shakes, and nutrition drinks. Coca-Cola disclosed the incident on July 16, 2026, in a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC). "Product quality and safety have not been impacted. However, as a result of the incident, production operations at fairlife in the United States are temporarily suspended," the company said. READ MORE...

Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes

A Russian-speaking threat actor known as "bandcampro" used a jailbroken Gemini CLI, Google's open-source terminal-based AI agent, to deploy and operate a small command-and-control (C2) botnet, according to TrendAI. In more than 200 sessions between March 19 and April 21, 2026, the threat actor worked with Gemini to deploy and operate infrastructure that controlled eight computers inside a dental clinic and gain access to the clinic's OpenDental database. READ MORE...

1M+ Emails Use Hidden Text to Dupe AI Security Filters

Hackers are using simple text salting to evade both static and artificial intelligence-powered email security checks. Since April, researchers at Barracuda Networks observed more than 1 million retail-themed phishing emails that used hidden text to make malicious social engineering look legit to automated security filters. It's a simple age-old trick that's working better today than ever, thanks to an asymmetric advantage afforded by large language models (LLMs). READ MORE...

Now, even Russia's most elite hackers are using Clickfix to infect devices

One of the Russian government's most elite hacking groups has adopted an attack, known as Clickfix, to compromise devices belonging to sensitive organizations in Ukraine, the latter country's CERT center is warning. Clickfix has emerged as an effective attack technique that attackers began using in the last year or so. Websites under the control of the attackers display a CAPTCHA that requires the visitor to copy a jumble of text and paste it into the terminal. READ MORE...

New OkoBot framework deploys 20 payloads to steal data, crypto

A new malicious framework called OkoBot is delivering more than 20 payloads in attacks focused on stealing cryptocurrency wallet seed phrases, credentials, and other sensitive data. OkoBot reaches victims through ClickFix attacks or malicious GitHub repositories pretending to host legitimate software tools. In one case, a repository claimed to offer SQL Server Management Studio (SSMS) but dropped a trojanized version of the Audacity audio editing tool. READ MORE...

Fresh SharePoint Vulnerability Exploited Soon After Disclosure

Threat actors have begun exploiting a fresh critical-severity remote code execution (RCE) vulnerability in Microsoft SharePoint, the US cybersecurity agency CISA warns. The flaw is described as a deserialization of untrusted data issue. "In a network-based attack, an attacker authenticated as at least a Site Owner could write arbitrary code to inject and execute code remotely on the SharePoint Server," Microsoft explains. READ MORE...

Researcher poisons open-weight AI model for under $100

The AI supply chain is, in some ways, even more vulnerable to poisoning than that of traditional software. Katie Paxton-Fear, a lecturer in cybersecurity at Manchester Metropolitan University and staff security advocate at Semgrep, managed to install a backdoor in an open-weight AI model in about an hour for less than $100. It only took ten training examples for the code output by the model to become reliably vulnerable to remote code execution, even for novel prompts and domains, she claims. READ MORE...

  • ...in 1889, bestselling author Erle Stanley Gardner, creator of the original "Perry Mason" detective stories, is born in Malden, MA.
  • ...in 1954, former German Chancellor Angela Merkel is born in Hamburg, West Germany.
  • ...in 1955, Disneyland televises its grand opening in Anaheim, California.
  • ...in 1995, NASDAQ stock index closes above the 1,000 mark for the first time.