Kimi K3 Turns Open-Weight AI Into a Deployment Test
Moonshot AI’s Kimi K3 is available through apps, Kimi Code, and an API now, with full model weights promised by July 27. The launch gives developers a powerful new open-weight contender, but the real test is deployment: hardware scale, pricing, agent controls, and independent verification.
ACR Stealer Turns ClickFix Lures Into Browser-Token Theft
Microsoft says ACR Stealer activity rose across customer environments from late April to mid-June, with campaigns using ClickFix lures, WebDAV, MSHTA, obfuscated PowerShell, and even JPEG-hidden payloads. Security teams should treat infections as token and document-exposure events, not just password resets.
Zoom’s Windows Account-Takeover Bug Makes Client Updates an Admin Priority
Zoom has patched CVE-2026-53412, a critical Windows client flaw that could let an unauthenticated attacker take over accounts over the network. The practical response is to verify Zoom Workplace and VDI client versions, not just assume auto-update has reached every endpoint.
TikTok’s AI Likeness Tool Turns Deepfake Detection Into Creator Control
TikTok is testing an opt-in tool that scans for AI-generated versions of a creator’s face and lets them report unauthorized uses. The test shows how social platforms are turning deepfake enforcement into a new identity-verification and creator-control workflow.
San Francisco Pushes Apple and Google to Remove AI Nudify Apps
San Francisco’s city attorney has demanded that Apple and Google remove AI nudify apps from their stores and stop profiting from them. The fight is now about app-store enforcement, payment rails, search discovery, and whether dual-use AI image tools can be screened before harm spreads.
Russian Router Campaign Turns SNMP Into a Critical Infrastructure Risk
NSA, CISA, the FBI, and 15 allied agencies warn that Russian FSB Center 16 actors are still compromising poorly configured routers across critical infrastructure. The practical fix starts with SNMPv3, blocked management protocols, patched firmware, and a hard look at exposed network devices.
SharePoint’s New Exploited RCE Turns Patching Into Key Rotation Triage
CISA added Microsoft SharePoint Server CVE-2026-58644 to its exploited-vulnerabilities catalog on July 16, two days after Microsoft patched it. Admins should patch, verify AMSI, hunt for machine-key theft, and reduce internet exposure before treating the farm as clean.
Apple’s OpenAI Lawsuit Turns AI Hardware Into an IP Fight
Apple’s trade-secret lawsuit against OpenAI is not just a dispute over departing employees. It puts OpenAI’s consumer hardware plans, io Products acquisition, and Silicon Valley’s AI talent war under a legal spotlight.
IBM Bob Makes AI Coding Costs a First-Class Engineering Metric
IBM’s latest Bob update adds multi-agent development, Bobalytics cost controls, and specialized modernization packages for Java, IBM i, and IBM Z. The move shows how enterprise AI coding tools are shifting from developer assistants into governed software delivery systems.
CMS Webshell Campaign Puts WordPress Plugins on an Emergency Checklist
Australia's cyber agency says attackers are exploiting known CMS and plugin flaws at scale to plant webshells on public websites. Site owners should treat this as a compromise check, not just a routine update reminder.