Zoom’s Windows Account-Takeover Bug Makes Client Updates an Admin Priority
Zoom has patched CVE-2026-53412, a critical Windows client flaw that could let an unauthenticated attacker take over accounts over the network. The practical response is to verify Zoom Workplace and VDI client versions, not just assume auto-update has reached every endpoint.
TikTok’s AI Likeness Tool Turns Deepfake Detection Into Creator Control
TikTok is testing an opt-in tool that scans for AI-generated versions of a creator’s face and lets them report unauthorized uses. The test shows how social platforms are turning deepfake enforcement into a new identity-verification and creator-control workflow.
San Francisco Pushes Apple and Google to Remove AI Nudify Apps
San Francisco’s city attorney has demanded that Apple and Google remove AI nudify apps from their stores and stop profiting from them. The fight is now about app-store enforcement, payment rails, search discovery, and whether dual-use AI image tools can be screened before harm spreads.
Russian Router Campaign Turns SNMP Into a Critical Infrastructure Risk
NSA, CISA, the FBI, and 15 allied agencies warn that Russian FSB Center 16 actors are still compromising poorly configured routers across critical infrastructure. The practical fix starts with SNMPv3, blocked management protocols, patched firmware, and a hard look at exposed network devices.
SharePoint’s New Exploited RCE Turns Patching Into Key Rotation Triage
CISA added Microsoft SharePoint Server CVE-2026-58644 to its exploited-vulnerabilities catalog on July 16, two days after Microsoft patched it. Admins should patch, verify AMSI, hunt for machine-key theft, and reduce internet exposure before treating the farm as clean.
Apple’s OpenAI Lawsuit Turns AI Hardware Into an IP Fight
Apple’s trade-secret lawsuit against OpenAI is not just a dispute over departing employees. It puts OpenAI’s consumer hardware plans, io Products acquisition, and Silicon Valley’s AI talent war under a legal spotlight.
IBM Bob Makes AI Coding Costs a First-Class Engineering Metric
IBM’s latest Bob update adds multi-agent development, Bobalytics cost controls, and specialized modernization packages for Java, IBM i, and IBM Z. The move shows how enterprise AI coding tools are shifting from developer assistants into governed software delivery systems.
CMS Webshell Campaign Puts WordPress Plugins on an Emergency Checklist
Australia's cyber agency says attackers are exploiting known CMS and plugin flaws at scale to plant webshells on public websites. Site owners should treat this as a compromise check, not just a routine update reminder.
Meta Pulls Instagram AI Image Feature After Privacy Backlash
Meta has disabled the Muse Image feature that let people generate AI images using public Instagram accounts. The fast reversal shows why platforms need opt-in consent before turning public social profiles into AI reference material.
Microsoft Purview Migration Puts Defender DLP Policies on a Deadline
Microsoft is retiring Defender for Cloud Apps file policies on January 6, 2027, forcing Microsoft 365 security teams to rebuild DLP and auto-labeling controls in Purview before existing policies stop being supported or enforced.