On social media, videos show people clearing out their fridges, swearing off salads and debating whether it’s safe to eat cilantro. You might dub it “produce paranoia.”
It’s the frantic but expected internet response to the surge in cases of a diarrhea-causing parasite that’s rapidly spreading across the US, as health officials investigate what type of produce is contributing to the outbreak.
The gastrointestinal illness is caused by cyclospora, a foodborne pathogen that’s difficult to trace but has historically been linked to fresh produce such as berries and lettuce. For several weeks, no specific food, brand, grower or supplier was conclusively identified as the source of the outbreak, which has led to panicking and a whole lot of dark memes.
Advertisement
The CDC reported late Thursday that officials are investigating a link to shredded iceberg lettuce served at Taco Bell locations in Indiana, Kentucky, Michigan, Ohio and West Virginia. The agency advised consumers to avoid eating shredded lettuce from Taco Bell locations in those states. The CDC said Taco Bell is working to remove the contaminated produce from its locations and is also working with the supplier to determine whether any was sent to other locations.
With any health scare, bad advice and myths spread just as fast as the actual illness. So we turned to health care experts to learn the facts.
“I wouldn’t necessarily suggest that people avoid produce,” said Dr. John Openshaw, an infectious disease physician and medical epidemiologist at Stanford University. “Even though the number of people involved in the current outbreak or outbreaks seems large, overall the risk remains very low to most people.”
In the US, previous cyclospora outbreaks have frequently been associated with fresh produce, including bagged salad mixes, cilantro, basil, raspberries, snow peas and green onions. Any food that’s contaminated and eaten uncooked can theoretically transmit cyclospora.
Unlike some stomach illnesses, such as the norovirus, cyclosporiasis is unlikely to spread directly from one person to another. After the parasite leaves an infected person’s body, it generally needs at least one to two weeks in the environment before it becomes infectious.
Advertisement
Stomach cramps are a common sign of cyclosporiasis, an infection caused by the cyclospora parasite.
Jacob Wackerhausen
What are the symptoms of cyclosporiasis?
The most common symptom is watery diarrhea that can be frequent and, according to the CDC, sometimes “explosive.” Other unpleasant symptoms can include stomach cramps, nausea, loss of appetite, bloating and gas, fatigue, vomiting and a low-grade fever.
Unlike deadlier foodborne illnesses such as listeria or E. coli, cyclosporiasis isn’t usually life-threatening. The biggest risk right now during the hot summer months is dehydration. “People who are sick and are having trouble keeping hydrated should talk to a doctor,” Openshaw said.
Symptoms typically begin about one week after exposure, although they can appear anywhere from two days to two weeks or longer afterward. Dr. Timothy Henrich, professor of medicine at UCSF, said it’s typical for people to have “waxing and waning symptoms” over weeks to months. Others who are infected might have minimal or even no symptoms, he said.
Advertisement
Because symptoms can come and go, it’s important to get tested for cycolosporasis and talk with a doctor about treatment, which is generally well-tolerated and “may reduce the chances of further local fecal-oral spread,” Henrich said.
How high is the risk?
While cyclosporasis cases span a lot of the country, the outbreak’s highest concentration is in a small cluster of states, mostly in the Midwest. Jessica Steier, a public health scientist and CEO of Unbiased Science, said the risk remains low outside those areas, but that anyone who is “pregnant or immunocompromised might consider erring on the side of caution.”
The CDC says that only about 9% of people who contract the parasite require hospitalization, but the risk of severe illness and lasting complications is significantly higher for seniors, young children and others with weakened immune systems. The CDC said Tuesday that it had received no reports of deaths linked to the outbreak.
Advertisement
Health officials says it’s best to avoid bagged greens or precut mixes to stay safe during the current cyclospora outbreak.
Al Drago/Getty Images
How can you reduce your risk?
As of Tuesday, there was no nationwide recommendation to throw away lettuce. However, Michigan health officials have issued more specific guidance for lettuce during the current investigation, including buying whole heads of lettuce instead of bagged lettuce or premixed salad kits (then discarding the outer three layers of leaves) and cooking leafy greens when practical.
Though washing fresh produce might reduce your exposure to cyclospora and other foodborne contaminants, it can’t guarantee the parasite will be completely removed.
“Washing produce does not meaningfully decrease the risk of cyclospora, and heat remains the gold standard for risk reduction,” Steier said. Cooking vegetables at an internal temperature of 158 degrees Fahrenheit or higher is the only surefire way to kill the parasite.
Advertisement
Experts also warn against using soap, bleach or household disinfectants on produce. Fruits and vegetables can absorb soap and detergent, which may make you sick, and the CDC says routine chemical disinfection is unlikely to kill cyclospora.
Household tools or countertop items such as UV produce washers, ultrasonic cleaners or ozone devices won’t make contaminated food safe to consume, either. Steier confirmed that none of those methods have sufficient real-world evidence to support their use in killing the parasite.
What should you do if you have symptoms?
Experts advise contacting a health care provider if you develop persistent watery diarrhea, especially if it is severe, lasts longer than a week or goes away and then returns. Drinking fluids is also important because prolonged diarrhea can cause dehydration.
Diagnosing cyclospora requires special lab testing, and the parasite isn’t included in routine stool testing. The CDC says patients sometimes need to provide multiple samples because cyclospora can be difficult to detect.
Advertisement
The standard treatment is the prescription antibiotic combination trimethoprim-sulfamethoxazole, commonly sold under the brand names Bactrim and Septra. People who are allergic to sulfa drugs should discuss other options with a medical professional.
The CDC hasn’t found a single source linking the outbreak.
sshepard/Getty Images
Why is it so hard to identify the source of an outbreak?
It often takes weeks or longer to identify the source of a parasitic outbreak because investigators have to compare what sick people ate, then trace the foods back through the supply chain. For cyclospora, that process is especially difficult because symptoms often begin days after exposure.
Advertisement
Public health agencies have also faced staffing cuts and funding reductions in recent years, making it harder to identify outbreaks quickly and to tell people which foods to avoid. A recent study found that states with more CDC support reported more outbreaks than those without those programs, suggesting that federal funding improves detection and management.
“Tracing any outbreak like this requires trained staff and resources — any cut to those elements of a public health response would impede efforts to trace an outbreak to a specific food item and identify how a pathogen like cyclospora got into the food supply,” Openshaw said.
There’s a lot of health news going on in the country right now, in no small part to the absolutely pitiful and pathetic job RFK Jr. is doing heading up HHS. It is a near certainty that by the end of this week, the CDC will have published an updated case count for measles that is greater than last year’s total case count, which was itself the largest since the 90s. Pertussis is also surging. There’s that new outbreak going around where you apparently just shit your pants constantly, like some kind of minor South Park character or something.
And so it was something of a breath of fresh air when the Trump administration nominated Erica Schwartz to lead the CDC, all because she appeared to be well qualified for the role and hadn’t said anything crazy-pants about things like vaccines. That this has become the standard for a feel-good HHS story is telling, but it was welcome news all the same.
Commenting on the nomination, Kennedy said he wouldn’t commit to taking CDC advice on vaccines, nor would he commit to not directly interfering with CDC operations and policy making.
Kennedy’s response Tuesday suggested Schwartz could face an equally short tenure. His answer came amid an exchange with Rep. Raul Ruiz (D-Calif.) in a hearing of the House Committee on Energy and Commerce. Ruiz asked Kennedy: “If Dr. Schwartz is confirmed, will you commit on the record today to implement whatever vaccine guidance she issues without interference?”
Kennedy replied without hesitation: “I’m not going to make that kind of commitment.”
Advertisement
Which is part of what informed senators to ask Schwartz about resisting Kennedy’s fuckery in her confirmation hearings. Sadly, it appears that Schwartz refused to demonstrate that she in fact has a backbone.
[D]uring a hearing sometimes marked by heated exchanges, Dr. Erica Schwartz repeatedly declined to say whether she would resist political pressure from Health Secretary Robert F. Kennedy Jr. over vaccine policy.
Committee Chairman Bill Cassidy, R-La., repeatedly questioned Schwartz about whether she would have authority to make personnel and policy decisions without political interference from the Health and Human Services Department. Schwartz did not directly answer whether she could hire and dismiss CDC employees independently or whether she would refuse directives from Kennedy that conflicted with scientific evidence.
Asked by Sen. Maggie Hassan, D-N.H., whether she would carry out an order to discontinue a public campaign encouraging influenza vaccination, Schwartz replied, “I don’t speak in hypotheticals.”
And so, once again, the country will get to wonder whether the CDC really does have an actual director, or just some figurehead placed there to give Kennedy’s insanity the veneer of consensus. This is a very real problem given our current context and, frankly, these questions should not be terribly difficult to answer. For someone with integrity, at least, the answer should be something like, “As CDC’s Director, it would be my responsibility to refuse any order that would make the country less healthy, no matter who it comes from. And as CDC Director, I would have that authority by the nature of the position.”
Advertisement
All of that being said, Schwartz did at least reaffirm her sanity on the topic of vaccines.
Ranking Member Sen. Bernie Sanders, I-Vt., asked Schwartz if she would remove a webpage updated last November on the CDC’s website on autism and vaccines. The webpage states that a link between the two has been ignored despite many studies finding no such link.
Schwartz said she accepted there is “overwhelming evidence” vaccines don’t cause autism, but did not commit to removing the webpage.
“Senator, I have been in situations where I have had to go to my superiors in the military to have conversations, very difficult conversations, about things that may have been concerning to the troops or to the military personnel, and I will do the same with [Secretary Robert F. Kennedy Jr.],” she replied.
Once again, great that she is sane when it comes to vaccines, less great that she won’t commit to actually doing the right thing and removing the nonsense from CDC’s website.
Advertisement
I’m still relatively optimistic about Schwartz leading CDC. It may be that she didn’t want to publicly embarrass what would be her new boss if confirmed. It may be that she ends up pushing back hard on Kennedy’s attempts at interfering with her agency if confirmed, which will probably end up with her being fired. Even that would be fine by me, since it would be one more glaring data point of chaos at HHS under Kennedy.
If that led to Kennedy’s firing, it would be worth it.
A proposed class action is trying to turn Apple’s unresolved Hide My Email flaw into a nationwide payout without alleging that the vulnerability was used in an attack or that the plaintiff’s email address was exposed.
Anthony Alvarez filed the lawsuit against Apple on July 15 in the U.S. District Court for the Northern District of California. The complaint accuses the company of false advertising, fraud, breach of contract, and other violations tied to its marketing of Hide My Email.
The filing argues that Apple sold customers privacy it couldn’t provide. The claims cover the full version included with paid iCloud+ plans and the more limited relay addresses generated through Sign in with Apple.
Alvarez seeks to represent four proposed classes covering U.S. Apple customers, including two California subclasses. The lawsuit seeks damages and an order requiring Apple to fix Hide My Email or clearly disclose its limitations.
Advertisement
The allegations haven’t been tested in court, and no class has been certified.
A real flaw, but no alleged attack
Security researcher Tyler Murphy discovered the flaw and reported it to Apple in June 2025. The vulnerability became public on July 1 after the problem remained unresolved for more than a year.
Apple said in March 2026 that a system change had addressed the issue, but Murphy’s testing showed that the vulnerability remained. Apple later told Murphy that it planned to address the problem through a future security update.
404 Media independently confirmed on June 29 that the vulnerability could connect a Hide My Email relay address with the real email account behind it. The publication withheld the technical details because the flaw could still be exploited.
Advertisement
Apple deserves criticism for apparently leaving the problem unresolved while continuing to advertise Hide My Email as a privacy feature included with iCloud+. A feature designed to conceal a personal address loses much of its value when another person can trace the relay address back to the account behind it.
However, neither the complaint nor the public reports identify a known malicious attack using the flaw. Alvarez doesn’t allege that anyone uncovered or misused his email address, sent him unwanted messages, or otherwise exploited the vulnerability against him.
Alvarez’s claimed injury is financial. The complaint says he bought an iPhone and subscribed to the 200GB iCloud+ tier on or around March 15, 2025, and that he wouldn’t have paid as much had he known Hide My Email could fail.
The lawsuit extends that overpayment theory to four proposed classes, including people who bought Apple hardware and used the bundled version through Sign in with Apple.
Advertisement
A narrow flaw becomes a sweeping damages claim
The iCloud+ theory is relatively straightforward because Apple explicitly includes Hide My Email with a paid subscription. Customers paying for that subscription can expect the feature to perform the function Apple advertises.
The hardware claim is more ambitious. The complaint, first reported by MacRumors, tries to attribute part of an iPhone or Mac‘s price to Hide My Email without explaining what the feature was worth or how a court could separate that value from everything else included with the device.
Apple markets privacy as a reason to choose its products, so a prominent privacy failure can damage customer trust even without a documented attack. However, the Hide My Email flaw doesn’t automatically prove that every affected customer overpaid for an entire Apple device.
The lawsuit arrived 14 days after the vulnerability became public. The broad proposed classes and the absence of any alleged attack against Alvarez make the case look like ambulance chasing.
Advertisement
Apple mishandled a real privacy flaw, and customers shouldn’t have to wait for an attack before the company fixes it. Still, the lawsuit looks more like an attempt to monetize a newly publicized risk than compensation for proven misuse.
TSMC said it will invest another $100 billion in Arizona after reporting a record 77.4% year-over-year jump in second-quarter profit. The expansion would bring its total U.S. investment to $265 billion and include new fabs for 2-nanometer production and advanced packaging to serve major U.S. customers. The Associated Press reports: As AI-related demand continues to jump and needs for computing power from data centers surge, TSMC has been expanding chip fabrication plants in the U.S., Japan and Taiwan. It said it is increasing its annual capital expenditure budget for this year to $60 billion-$64 billion, up from an earlier estimate of $52 billion-$56 billion.
TSMC, or Taiwan Semiconductor Manufacturing Co., is a key supplier to Nvidia and Apple. It had previously already committed $165 billion in the U.S. for building plants in Arizona, with six fabrication facilities planned. The extra $100 billion in investments are to “support the strong multiyear demand from our leading U.S. customers,” C.C. Wei, chairman and CEO of TSMC, said during the company’s quarterly earnings conference Thursday. An additional four fabrication plants in Arizona will likely be built with the new investments, TSMC said. They will focus on making some of the most advanced chips that are 2-nanometer and below.
In 1675, while transporting a barometer by night, the astronomer Jean Picard noticed a glow inside its glass tube, just above the mercury. As the mercury sloshed and splashed across the surface of the glass, a static electric charge had built up, which was discharging by ionizing the residual gas molecules inside the evacuated tube. [Styropyro] recreated this effect, and found that the dim glow could be made much stronger by adding some noble gas to the tube.
It starts with a simple recreation: he took a volumetric flask, attached a narrow glass stem to the mouth, added some mercury to the flask, evacuated it with a vacuum pump, and sealed off the glass stem. This produced a faint glow when shaken, but it was only really visible under very low light. When [Styropyro] brought it near a Tesla coil, however, it did glow much more brightly.
Backfilling an identical flask with neon to about 40 millitorr produced a much more spectacular result (a low pressure in the tube is necessary, but moderate pressure variations don’t significantly alter the effect). When shaken even slightly, this neon-containing flask produced a bright orange-red glow just above the surface of the mercury. Points of obstruction, such as those in a zig-zag tube, produced a brighter glow. A krypton-containing tube glowed blue, but less brightly than the neon tube.
Since this is, essentially, a triboelectric effect, other materials besides mercury should work; [Styropyro] tested several materials, and found that pieces of Teflon produced a faint glow, and copper beads a somewhat brighter glow. Unfortunately, Galinstan, the obvious replacement for mercury, wets and coats glass, preventing a charge buildup.
Advertisement
Without an added noble gas, the standard glow of barometric light comes from the excitation of mercury vapors, a glow which can also be seen in mercury rectifiers, and which excites the phosphors of fluorescent light bulbs.
Astronomers have directly detected helium in the atmosphere of LHS 1140 b, a rocky exoplanet 48 light-years away that sits in its star’s habitable zone. The finding marks the first confirmed atmosphere around a rocky, Earth-like planet in the habitable zone, strengthening the case that some planets orbiting red dwarfs can retain atmospheres and potentially support liquid water. “We have actually detected directly the helium present in the atmosphere itself, and that’s the first direct detection for any rocky exoplanet, which is really exciting … and then there’s this added bonus that it’s in the habitable zone, which is super exciting for astrobiology and habitability and searching for life,” lead author Collin Cherubim, who recently earned his Ph.D. from Harvard University, told Space.com. “It feels kind of surreal.” From the report: This exoplanet, or planet outside of our solar system, was first discovered in 2017 by a team led by astronomer Jason Dittmann who is now a co-author on this new discovery. “This planet was found like 10 years ago, and we’re just now saying, okay, that’s an atmosphere,” Dittman told Space.com. “We’re slowly narrowing the gap and checking these boxes … we’re finding a planet that’s rocky, a planet that’s of the right temperature and now … it’s like okay, we finally found one that has an atmosphere.”
And being a rocky planet, “there’s definitely a surface … it’s made of rocks,” Dittman said. What does the planet’s surface look like? We can’t say yet, but the researchers who found this planet’s atmosphere think there’s a good chance it could have water. While it orbits a red dwarf star, which is smaller and cooler than the sun, it orbits closer than we do to our star, maintaining a temperature that keeps the planet in the “Goldilocks zone” where liquid water could exist on its surface. “It probably also has a lot of water,” Cherubim said. “If it has some amount of atmosphere that can provide a bit of a greenhouse effect, which we know that it does now … it will very likely be what we consider to be habitable conditions on Earth, and conditions that would likely support liquid water.”
So is it Earth-like? While it’s certainly not an Earth copy, this planet can be considered Earth-like in two main ways, Cherubim shared. One: its overall composition. The planet is rocky, likely with an iron core and (now we know) it has an atmosphere. And two: the planet’s temperature is just right for liquid water, which is necessary for life at least as far as we understand it on our planet. […] “I’m not claiming this planet has life,” Cherubim made clear. With further investigation, scientists could better understand what else might be in this planet’s atmosphere, and they could confirm if it has water. Further observations might not be able to confirm habitability or identify any life on the planet, but they could at least help us to better understand planets like this. The findings have been published in the journal Science.
Heartstopper Forever ending explained: are Nick and Charlie still together, who breaks up, Easter eggs you might have missed and where the gang will end up next
It’s a mammoth task to bring a beloved IP like Heartstopper to a close, but creator Alice Oseman has done an incredible job with the new Netflix movie, Heartstopper Forever.
If you’re bummed out because we’re not getting a full fourth season, don’t be. As Nick (Kit Connor), Charlie (Joe Locke), and the gang all brace before going their separate ways to university, a feature film actually reflects their growing maturity and crises of confidence much more fittingly.
Advertisement
As our favorite friends brace themselves before heading their separate ways to start university (and more, but more on that later), emotions are running high.
Latest Videos From
But do our beloved relationships survive the final farewell, and what is everyone planning to do next? Here’s the full Heartstopper Forever ending breakdown that you’re looking for.
Do Nick and Charlie stay together?
(Image credit: Netflix)
Yes… but that isn’t without its challenges. We start Heartstopper Forever with Nick and Charlie as besotted and in love as they always have been, with the others gently roasting them as being the “perfect couple” while their own relationships experience problems.
But while Charlie embraces his newfound self-confidence through becoming Head Boy at Truham Grammar School, Nick is having a tougher time with his emotions. He’s decided that he wants to put Leeds University as his first choice on his application, and the thought of drifting apart from Charlie is weighing on his mind.
Nick starts to close himself off from Charlie, not fully explaining why he’s not feeling 100%. Charlie is left at a loss, only wanting to support Nick in the same way he’s always felt supported in return. This all comes to a head at a house party, where the boys get into an argument.
Sign up for breaking news, reviews, opinion, top tech deals, and more.
As Charlie tells Tori (Jenny Walser), Nick is trying to prevent a future problem that hasn’t presented itself yet… Charlie just doesn’t know exactly what that problem is. At the party, Nick complains that Charlie has been avoiding him the whole night, with Charlie responding that he thought Nick might want some space to talk through uni and future plans with his friends.
Advertisement
Nick, slightly drunk, lashes out by saying that the pair could probably use some space. “So you want to break up then?” Charlie asks, with Nick replying, “Well, it sounds like you want to break up.” With communication between them coming to a halt, that’s exactly what happens.
(Image credit: Netflix)
Cue endless moping while keeping to themselves. Charlie stops eating and refuses to get out of bed, with Elle (Yasmin Finney), Isaac (Tobie Donovan) and Tao (William Gao) all staging an intervention by taking Charlie to Truham Pride. All goes well until Charlie spots Nick talking to a girl on the dance floor at a local gay club.
From Nick’s perspective, he’s just looking for friends. Just like Charlie, he’s been unable to shake off the breakup, telling mum Sarah (Anna Maxwell Martin) that everything that has happened is his own fault, believing that it’s too late to be fixed.
Advertisement
The day of Truham Pride, Imogen (Rhea Norwood) introduces him to a friend, who offers to hook him up with someone if he wants a rebound. He refuses and moves away, which is when Charlie spots him.
Days later, Charlie leaves a pack of printed disposable photos at Nick’s door, asking him to meet at the beach. Charlie tells him that he thought that the pair could always talk to each other, but somewhere along the line, their communication has broken down.
Nick says that he envies the way that Charlie can express himself, as he often doesn’t understand how he’s feeling half of the time. The two make amends, promising to always look after each other. From there, it’s back to being as loved-up as ever, just in time for the Truham prom.
Advertisement
What about Elle and Tao?
(Image credit: Netflix)
Elle and Tao are the relationship that doesn’t survive Heartstopper Forever, as the pair get into an argument about their future plans. Elle wants to move to Berlin to become an artist, having a go at Tao for not frequently planning to visit.
Tao says that he can’t afford it, with their argument made worse by a drunk Nick claiming that everything with Charlie is perfect (hint: we know that’s not true).
The pair agree to a truce to help Charlie out of his funk post-breakup, and appear friendly at Truham prom. They have “one last dance” before things change for good, and are noticeably emotional at the thought of being apart.
However, there’s a silver lining on the horizon. In the very last scene of the pair, we see Elle at an art exhibition in Berlin, with Tao arriving to surprise her.
Advertisement
What’s next for the gang after they finish school?
(Image credit: Netflix)
Let’s start with Nick and Charlie. While Charlie stays local, Nick gets into Leeds. The final scene shows Charlie going to stay with Nick for the weekend, being introduced to all of his new friends, clubbing, and getting pancakes for breakfast.
They’re ready to write a new chapter in their relationship, and as they say, they feel as if they’re “different” from typical teen romance… they’re in it for the long haul.
Elle and Tao are accounted for, but it’s Tao’s video project at prom that lets us in on what’s to come next for the rest of the gang. Tara (Corrina Brown) has asked girlfriend Darcy (Kizzy Edgell) to go interrailing across Europe with her, deferring their places at uni for at least a year.
Advertisement
Tori has a more skeptical answer, telling Tao that she will “do nothing, then die.” However, things are going well with boyfriend Michael (Darragh Hand), having figured out the rhythm of their relationship.
Sahar (Leila Khan) tells Tao that the band, Queer Intentions, has broken up, but she’s going to try a solo music career and see what happens.
Don’t miss this epic Heartstopper Easter egg
Heartstopper Forever | Official Trailer | Netflix – YouTube
Just as Nick gets on the train to Leeds, he walks through the carriage and passes a young woman reading at a nearby table.
If you’re a Heartstopper fan, you’ll know that this is Alice Oseman, creator of the original graphic novel series. She’s also acted as the showrunner of seasons 1-3. She’s also written the script for Heartstopper Forever.
A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password.
The malware is designed to steal cryptocurrency assets, login credentials, password-manager data, browser information, and macOS authentication data, and it can also install a persistent backdoor for ongoing remote access to infected systems.
Researchers at Group-IB analyzed the ClickLock shell script after discovering the malware on VirusTotal, where it was first submitted on June 9. At the time of the report, it remained undetected by all security vendors available on the platform.
Further investigation revealed that the malicious script has infected at least 100 systems across 33 countries since May.
The compromise likely begins via a ClickFix lure, as the researchers observed pastes of a malicious command in the Terminal that trigger a fake Cloudflare “human verification” sequence with an animated progress bar.
Advertisement
At the same time, keyboard interrupts are disabled, the terminal cursor is hidden, and the stealer modules are downloaded in the background.
The macOS NotificationCenter is also suppressed for about six hours, effectively disabling notifications that could expose the attack.
Fake Cloudflare progress bar on the Terminal Source: Group-IB
Forcing password entry
Group-IB researchers highlight that ClickLock does not require any exploits or elevated privileges but achieves its goal through social engineering and forced interaction loops.
Operational success is obtained through the malware’s mechanism for coercing the victims into entering their macOS system password.
Group-IB says that the script initially displays a fake macOS password dialog using the victim’s real username and a downloaded Apple icon.
Advertisement
If the user enters their password, the malware validates the data and exfiltrates it to the attacker via Telegram.
In case the user cancels the dialog, the malware establishes persistence via two macOS LaunchAgents (com.authirity.plist, com.chromer.plist) and reloads at the next login.
At the next activation, the password-stealing module runs a termination loop every 210 milliseconds, targeting key apps (e.g., Finder, Dock, Terminal, Activity Monitor, Console, System Settings, Spotlight, web browsers) and shows only a password dialog on the screen until the victim complies.
Group-IB reports that the loop is configured to continue for 300,000 seconds (about 83 hours), or until the victim supplies a correct password.
Advertisement
The second kill loop function Source: Group-IB
The second LaunchAgent runs a separate coercion mechanism that also terminates many of the mentioned system applications, requesting Keychain authorization via a legitimate system prompt, seeking approval to access Chrome’s Safe Storage key.
That key could then be used to decrypt offline Chromium-stored passwords, cookies, and autofill information from stolen databases.
This second mechanism has a repeat interval of 200 milliseconds and is configured to last for nearly 35 days (3 million seconds).
ClickLock also deploys a data-harvesting module, which targets the following:
Data from eight browsers: Chrome, Firefox, Brave, Edge, Opera, Vivaldi, Arc, and Chromium
Saved logins, cookies, autofill data, bookmarks, local storage, and session storage
Cryptocurrency wallet extensions and desktop wallet files
Encrypted wallet vault material for potential offline cracking
Password-manager extension data
Cached cryptocurrency addresses across EVM, Bitcoin, Solana, TRON, TON, and Stacks
Shell histories
FileZilla FTP configuration and recent-server data
Basic system information and the public IP address
The harvesting module packages the collected information and a summary log file into a ZIP archive, then uploads it via the Telegram Bot API.
Files larger than 40 MB are split into smaller parts, while retry logic ensures that uploading resumes after temporary network failures.
Advertisement
The final module is a modified version of the open-source tool GSocket that acts as a persistent backdoor for the attackers.
The backdoor establishes persistence through multiple methods, including a LaunchAgent, crontab entries, and modifications to shell configuration files.
It connects through a GSocket relay, allowing the attacker to open a reverse shell and remotely control the system.
Unlike the other ClickLock modules that self-delete after execution, GSocket is the only component that persists on infected systems.
Advertisement
The complete ClickLock attack chain Source: Group-IB
Group-IB warns that “malware leaves a narrow detection window” and that the malicious payloads are hosted on compromised legitimate domains with a clean reputation.
Additionally, the script is not flagged as malicious on VirusTotal, and its modules self-delete after execution, leaving no artifacts.
Despite this, the researchers say that detection is possible based on the activity generated by the malware, such as osascript launching password dialogs, repeated process termination, mass access to browser profile directories, and outbound connections to Telegram’s API.
To defend against these attacks, users should avoid pasting in Terminal commands they don’t fully understand, especially if the request comes from a website.
“Any page that instructs you to open Terminal, regardless of how professional it looks, is attempting to compromise your system,” the researchers say.
Advertisement
If prompted to enter the login password when the rest of the system appears unresponsive, Group-IB recommends forcing a system shutdown by holding the power button and then booting into Safe Mode to recover the system.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Build starts limited alpha testing later this month.
Roblox
Roblox has announced plans for its next chapter in letting players create their own games and interactive experiences. A new feature called Build will use AI tools to develop an interactive experience based on natural language prompts. Build will be a mobile-focused system, bringing game creation to smartphones and tablets for the first time. The toolset is based on a mix of open-source and proprietary AI models.
Build will be available as a public alpha for users in New Zealand beginning July 28, with more regions to be added in the coming months. Players will need to be age 9 and up to use the Build tools, and creations that pass safety checks and are published will be globally available to those 16 and up. Its age verification systems didn’t get off to a great start, although Roblox still launched restricted account tiers last month. We’ll see if Build winds up being a positive application of AI (they do exist) or another unforced error.
Update, July 16, 6PM ET: This story was updated after publish to clarify that the public alpha will initially be available in New Zealand.
1Password for Claude lets the AI agent use your logins via biometric approval without the credentials ever reaching the model or Anthropic’s systems.
1Password has launched a browser integration that lets Anthropic’s Claude use stored credentials to complete tasks on the web without the passwords ever reaching the AI model, according to a blog post published on Thursday. The company calls it a zero-exposure architecture: when Claude needs to sign in, 1Password shows the user which credential is being requested and why, then waits for biometric approval before injecting the login directly into the page. Claude never sees the vault item, password, or one-time code, and access ends when the task is complete.
The integration addresses a fundamental tension in agentic AI. Browser-based agents like Claude can navigate websites, fill out forms, and complete purchases, but reaching a login page has historically forced users to either hand over their password or take the wheel themselves. 1Password says this is the first browser integration that lets an agent use credentials without granting direct access to them.
After autofill, 1Password checks whether secrets were exposed on the page. If submission fails, the extension clears the filled values before returning control to Claude. The credential stays encrypted and controlled by 1Password throughout the process.
Advertisement
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
The launch also introduces Agentic Mode, a feature in the 1Password browser extension that automatically locks down the vault when a compatible AI agent takes control. The agent can only use logins and one-time codes explicitly approved for the current task, and the rest of the vault stays out of reach. Agentic Mode activates even if the 1Password-Claude integration is not configured, and supports agents beyond Claude.
The timing is notable given that security researchers recently demonstrated how AI browsers could be tricked into leaking user credentials through prompt injection attacks, with Anthropic’s own Claude extension among those affected. 1Password CTO Nancy Wang said in the company’s announcement that the answer is not handing agents your secrets, but letting a user give an agent permission to use a credential without letting the agent see it. She called that distinction the foundation of trust in AI agents.
Advertisement
1Password for Claude is available now on Mac for business, family, and individual plans, and requires the 1Password desktop app, browser extension, Claude desktop app, and Claude browser extension. The company, which recently acquired Israeli startup Apono to govern AI agent access inside enterprise systems, said it plans to add support for payment cards and identity details after launch.
CNET’s password manager expert Joe Supan said he would normally be very wary about giving an AI agent access to his password manager, but that 1Password appears to have several good guardrails in place, particularly biometric authentication for each login. The integration marks the first time a major password manager has built a dedicated secure channel for an AI agent to use credentials at runtime, rather than exposing them to the model’s context. Whether the approach holds up against the kind of prompt injection attacks that have already compromised AI browsers remains to be seen.
The brand iRobot launched the first Roomba robot vacuum back in 2002, and popularity for the handy devices skyrocketed from there. Countless competitors have emerged, but Roomba is still going strong. Its latest models have all the new features we love, from doubling as a vacuum and a mop to fantastic navigation and suction. The Roomba Max 705 is currently keeping my house clean as I test it for our robot vacuum guide, and it’s doing a great job both mopping and vacuuming the floors in my massive second story.
Looking to own your own Roomba robot vacuum? These iRobot promo codes and coupons will make it more affordable than ever to own your own powerful robot vacuum from the iconic brand.
Save $400 Off for Fathers Day at iRobot
Give Dad the gift of a clean home (that’s easier than ever) with up to $400 off bestselling iRoomba robot vacuums. This means hundreds of dollars off popular models like the Roomba Plus 505 Combo, Roomba Max 705, and more. Act soon before Father’s Day passes and the deals disappear. A clean home has never been easier (or cheaper) to achieve.
iRobot Promo: Treat a Friend to 15% Off a Robot and Save $15 on iRobot Accessories
I once gifted a friend a robot vacuum and she regularly tells me how it’s a marriage saver. If you want to change a friend’s life (and potentially save their marriage) you can gift a friend 15% off a robot vacuum with this iRobot coupon code, and you’ll get $15 off robot accessories for yourself. A clean win for everyone.
Advertisement
Save 33% on the Roomba Max 705 With Anti-Tangle Brushes Using This iRobot Offer
I test lots of robot vacuums, and my favorite from iRobot’s lineup is the Roomba Max 705. It’s packed with two anti-tangle brushes, excellent navigation, a self-emptying base station, and left my home sparkling clean. It’s a great choice for a Roomba for pet hair, and it’s done a great job with the litter my cat leaves all over the house, too. Extra bonus: it’s gorgeous. You can get 33% off this powerful robot vacuum right now with this iRobot discount code.
Tackle Every Mess Effortlessly: $300 Off the Roomba Plus 405 Combo Robot With AutoWash Dock
Looking for something a little more affordable? The Roomba Plus 405 Combo Robot is cheaper but still packs mopping and vacuuming, and still comes with an auto-emptying docking station. It’s already a pretty affordable model and a great iRobot vacuum for hardwood floors, and right now you can get it for $300 cheaper with this iRobot coupon.
Save $290 on Smart Cleaning: The Roomba 205 DustCompactor Combo Robot Vacuum & Mop
If you don’t want a big base station in your home but still want a robot vacuum that can vacuum and mop, the Roomba 205 DustCompactor is for you. The Roomba 205 will compact and store debris for up to 60 days inside the robot itself, no emptying station required. It’s bagless, like my favorite Shark robot vacuum, so you don’t need to worry about buying and replacing bags to use the vacuum. If that sounds up your alley, don’t miss your chance to save almost $300 on this robot vac with this iRobot promo code.
Get 10% Off Your First iRobot Purchase When You Sign up for Emails
Not sure what you want to get from iRobot, but know you want an iRobot discount code? You can sign up for iRobot’s emails and get a code for 10% off whatever your first purchase is. Enjoy!
Advertisement
Save $500 on Max 705 Combo
The Roomba Max 705 Combo robot + AutoWash dock is the perfect household helper. With a self-cleaning roller mop, detailed edge cleaning, anti-tangle dual rubber brushes, and a powerhouse dock, this impressive robovac-mop combo takes all of the gruntwork out of the normal household cleaning chores. Usually $1,300, the Max 705 is nearly half off at $800. If you’ve been looking to upgrade your cleaning routine, snag this model for $500 less than usual, for a limited time.
Get 20% Off iRobot Accessories
An iRobot is an investment, requiring parts replacement, upgrades, and routine maintenance to keep your device in tip-top shape. iRobot knows this and wants to keep the costs down while maintaining the longevity of this top tech. Be sure to check out iRobot Accessory Offers for huge savings on genuine iRobot accessories for your robot, including up to 20% off with bundle deals. With this “buy more, save more” sale, you can build your own bundle for increased savings, so when you buy any 2, you’ll get 10% off; buy any 3, get 15% off; or when you buy any 4, you’ll get 20% off on eligible accessories. So whatever your need is, make sure you take advantage of this deal and stock up on essential accessories like filters, dirt disposal bags, replacement parts and more.
You must be logged in to post a comment Login