Important Tech News Roundup: June 16, 2026 – Android 17, AI Wearables, Steam Malware, Fortinet, And Scam Losses

June 16, 2026
 |  No Comments
Jennifer presenting The IT Guys June 16 2026 technology news recap in a realistic newsroom with Android, AI, cybersecurity, cloud, and wearable technology screens
Listen to the local-voice audio recap for June 16, 2026. This audio was generated locally with espeak-ng and ffmpeg, not OpenAI voice generation.
Watch Randy’s June 16, 2026 The IT Guys video recap for this technology news roundup.

Tuesday technology recap for June 16, 2026: today’s news was a mix of useful progress and very real risk. Google released Android 17, Qualcomm pushed harder toward AI wearables and mixed-reality hardware, and AI assistant competition got more serious. On the bad-news side, attackers are abusing Steam Workshop wallpapers, healthcare data was stolen from iRhythm, Fortinet FortiSandbox flaws are being exploited, CISA added exploited Cisco and LiteSpeed/cPanel vulnerabilities to its catalog, and the FTC reported record imposter-scam losses.

For home users, the practical message is to update devices carefully, treat AI answers as a starting point, and be much more suspicious of “customization” downloads, fake security alerts, and social-media messages about money. For small businesses, today’s stories are a reminder that patching is not just for Windows PCs. Phones, hosting control panels, network security appliances, remote management tools, customer-data systems, and staff training all need a routine.

Quick Takeaways For Home Users And Small Businesses

  • Android 17 is rolling out first to supported Pixel devices. Google says the release brings privacy, security, media, camera, performance, developer, and large-screen changes, while Pixel updates add more AI features.
  • AI assistants are no longer a one-company market. Sensor Tower data reported by TechCrunch says ChatGPT remains the largest assistant but slipped below 50% market share as Gemini, Claude, and others grew.
  • Qualcomm is betting on AI wearables and mixed reality. New Snapdragon Reality Elite and START announcements show where chipmakers think the next device category may go.
  • Steam Workshop downloads can carry real malware risk. Kaspersky and BleepingComputer reported malicious Wallpaper Engine packages that can steal Steam accounts, install backdoors, or run cryptominers.
  • Healthcare and hosted business apps remain attractive targets. iRhythm disclosed stolen patient and personal information after a social-engineering incident involving third-party-hosted business applications.
  • Fortinet, Cisco, and LiteSpeed/cPanel admins have urgent patch work. Exploited vulnerabilities in security appliances and hosting tools deserve fast review because these systems often sit at privileged choke points.
  • Imposter scams keep getting worse. FTC data says people reported losing $3.5 billion to imposter scams in 2025, with fake bank and government impersonation especially costly.

1. Android 17 Arrives With AI, Large-Screen, Privacy, And Security Work

Google announced that Android 17 is now available for most supported Pixel devices, with new devices running Android 17 expected in the coming months. TechCrunch also reported that Google released Android 17, Wear OS 7, and a Pixel Drop with more Gemini and Pixel AI features.

Google framed Android 17 as part of a transition toward a more intelligent and adaptive platform. The developer announcement highlights mandatory large-screen resizability, privacy and security improvements, media and camera work, performance changes, and new developer tooling. TechCrunch’s coverage adds that Pixel users are also seeing AI features such as Gemini Omni video editing, Lyria 3 music generation in the Gemini app, and better speech-to-speech translation tools on Pixel 10a devices.

That is the good news: useful features are arriving, and Android continues to improve on foldables, tablets, phones, and watches. The caution is the same one I give customers every time a major OS release lands. Do not treat “available today” as “install blindly on every important device this minute.” Early releases can expose app compatibility problems, battery issues, VPN trouble, MDM quirks, or business-app bugs.

Small Business IT Takeaway

  • Test before broad rollout. Update one or two non-critical Android devices first, especially if staff use authenticator apps, dispatch apps, mobile payment apps, barcode scanners, or company VPN.
  • Check backup and account recovery first. Make sure Google account recovery, MFA backup codes, password-manager access, and important photos/files are protected before major OS upgrades.
  • Watch AI data settings. New AI features can be useful, but businesses should understand what apps and account data are being used before staff rely on them for customer work.

2. ChatGPT Still Leads, But AI Assistant Competition Is Getting Real

TechCrunch reported that ChatGPT’s market share slipped below 50% for the first time, citing Sensor Tower’s State of AI Report for 2026. The same report says ChatGPT still has more than 1.1 billion monthly users, followed by Gemini with 662 million and Claude with 245 million. Sensor Tower’s data put ChatGPT at 46.4% market share by the end of May, with Gemini at 27.7% and Claude at 10.3%.

This is not bad news for customers. It is actually useful. Competition usually means faster improvement, better pricing pressure, more specialized tools, and less dependence on one provider. But it also means businesses need to be more disciplined. Staff may start using different AI tools for the same work, each with different privacy terms, retention settings, export controls, connector permissions, and quality strengths.

Practical AI Policy For A Small Office

  • Pick approved tools. Decide which AI assistants are allowed for business work instead of letting every employee choose randomly.
  • Separate public and private work. General writing help is different from uploading customer records, contracts, medical data, tax documents, passwords, or proprietary files.
  • Require human review. AI can draft emails, summarize notes, or explain error messages, but a person should verify technical steps, legal claims, financial details, and customer-facing promises.
  • Document where AI is used. If AI contributes to customer support, invoices, marketing, code, HR, or security work, that should be visible to management.

3. Qualcomm Wants To Power The Next AI Wearables

Qualcomm announced two new offerings aimed at AI wearables and mixed-reality hardware, according to TechCrunch’s coverage of the company’s June 16 announcement. CEO Cristiano Amon said Qualcomm is working on more than 40 AI wearable designs, including jewelry, camera-equipped earbuds, pins, and watches.

The first announcement is Snapdragon Reality Elite, a platform for mixed-reality glasses and headsets. Qualcomm says it improves GPU, CPU, and NPU performance over its prior XR platform, supports 4.4K-per-eye resolution at 90 frames per second, and can run a 3-billion-parameter language model at 45 tokens per second. The second is START, the Scalable Turnkey AI-Ready Toolkit, which combines hardware modules and software to help manufacturers build AI devices, beginning with smart glasses.

The interesting part for customers is not the spec sheet alone. It is the direction: more AI will run on devices near your eyes, ears, wrist, and environment. That could make translation, field service, note-taking, inventory, accessibility, remote guidance, and training easier. It also raises privacy and policy questions because cameras, microphones, and AI summaries will move into smaller devices that are harder to notice.

Business Buying Caution

  • Wait for real use cases. Do not buy AI wearables just because they sound futuristic. Buy them only when they solve a specific workflow.
  • Write a camera and recording policy. Staff and customers need to know when audio/video capture is allowed.
  • Check management support. A business wearable should support device management, update controls, account recovery, and wipe/reset procedures.

4. Steam Workshop Malware Shows Why “Mods” And “Wallpapers” Are Software

BleepingComputer reported that attackers are abusing Steam Workshop to spread malware through Wallpaper Engine packages. Kaspersky’s research, published the same day, says the campaign has been active since late 2025 and uses malicious “application wallpapers” that can run as Windows programs. The payloads can hijack Steam accounts, install backdoors, or run cryptominers.

This is a good teaching moment for home users and gaming PCs. A wallpaper, mod, game add-on, trainer, shader pack, or desktop customization package can still be executable code. If it runs on the computer, it can potentially steal session cookies, browser data, saved passwords, crypto wallets, gaming accounts, Discord tokens, or business files if that same PC is used for work.

Safer Gaming PC Habits

  • Be picky with Workshop content. Check the publisher, comments, update history, and whether the item asks to run executable components.
  • Do not mix gaming experiments with business admin work. If the same PC logs into payroll, banking, Microsoft 365 admin, WordPress, or remote support tools, be much stricter about mods and add-ons.
  • Use MFA on Steam and email. Account theft gets much worse when attackers can also access the recovery email.
  • Run reputable endpoint protection and keep browsers updated. Gaming machines deserve the same baseline security as office PCs.

5. iRhythm Data Breach Puts Social Engineering And Vendor Data In Focus

Healthcare technology company iRhythm disclosed a data breach after attackers stole patient and personal information from third-party-hosted business applications, according to BleepingComputer. The company said its cardiac monitoring service has analyzed more than 2 billion hours of heartbeat data from more than 12 million patients. In an SEC filing, iRhythm said a threat actor contacted the company on June 9 demanding payment to avoid public disclosure of stolen information, and that the company determined on June 10 that the incident was material.

Importantly, the report says iRhythm had no evidence that products, clinical or medical-device systems, patient safety, manufacturing, distribution, or financial reporting systems were affected. The company also said it does not store patient payment-card or financial-account information. The access path, however, is a familiar one: social engineering and third-party-hosted business applications.

Local-Business Lesson

Most small businesses do not have medical-device systems, but they absolutely have third-party business apps: CRM, email marketing, accounting, scheduling, remote access, cloud storage, website forms, payroll, help desks, and phone systems. A vendor-hosted app can still contain sensitive customer information.

  • Inventory where customer data lives. Do not assume all sensitive data is inside your main office computer.
  • Turn on MFA for every cloud business app. Especially email, accounting, file storage, CRM, and website administration.
  • Train staff on social engineering. A convincing call, message, fake login page, or “urgent vendor request” can bypass expensive technology.
  • Know your breach contacts. Keep vendor support contacts, cyber insurance contacts, and legal/privacy contacts documented before an incident.

6. Fortinet FortiSandbox Exploitation Is A Patch-Now Story

BleepingComputer reported that attackers are now exploiting critical Fortinet FortiSandbox vulnerabilities. The flaws include CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. Fortinet released updates for the three critical issues on April 14, and the vulnerabilities can allow unauthenticated attackers to escalate privileges and execute unauthorized code remotely through command-injection attacks that require no user interaction.

FortiSandbox is not a consumer product, but this story matters for managed businesses because security appliances are high-value targets. If a security tool is exposed, unpatched, or misconfigured, attackers may use it as a foothold instead of attacking desktops first. The same logic applies to firewalls, VPN appliances, email gateways, backup consoles, EDR consoles, remote monitoring servers, and hosting panels.

Admin Checklist

  • Patch FortiSandbox immediately if your environment uses it.
  • Review internet exposure. Management interfaces should not be broadly reachable from the public internet.
  • Check logs for exploitation attempts. Do not assume patching is the whole response if the system was vulnerable while exploits were active.
  • Review all edge appliances monthly. Firewalls and security appliances need the same patch discipline as servers.

7. CISA Adds Exploited Cisco And LiteSpeed/cPanel Vulnerabilities

CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog on June 15, and the warning remained important today: CVE-2026-20262, a Cisco Catalyst SD-WAN Manager directory/path traversal vulnerability, and CVE-2026-54420, a LiteSpeed cPanel plugin symlink-following vulnerability.

The LiteSpeed issue is especially relevant to website hosting. LiteSpeed’s own advisory says the cPanel user-end plugin vulnerability affects versions before 2.4.8 and can let a user with FTP or web-shell access escalate privileges to root on shared hosting servers running CloudLinux/CageFS. BleepingComputer also reported that CISA warned about active exploitation and that LiteSpeed provided log-search guidance for possible compromise.

What Website Owners Should Ask Their Host

  • Are you using LiteSpeed’s cPanel user-end plugin, and is it at version 2.4.8 or later?
  • Did you check logs for the exploitation patterns LiteSpeed published?
  • If the server was vulnerable, did you inspect for privilege escalation, web shells, unknown users, and modified files?
  • Do my site backups include clean restore points before June 2026?

For local businesses, this is why “my website is hosted somewhere else” is not the same as “I do not need to care.” You may not manage the server yourself, but your website, customer forms, email reputation, and online storefront can still be affected by hosting-layer compromise.

8. FTC Reports $3.5 Billion In 2025 Imposter-Scam Losses

The FTC reported that people lost $3.5 billion to imposter scams in 2025, with losses nearly tripling since 2020. BleepingComputer’s summary notes that imposter scams were the most reported fraud category last year, representing nearly one in three fraud reports. The FTC said people reported nearly $1 billion in losses to business impersonators and about $920 million to government impersonators, while overall reported fraud losses reached about $16 billion in 2025.

The common pattern is familiar: a message, call, email, search result, or social-media contact claims to be a bank, government agency, tech company, shipping provider, boss, vendor, or family member. The scammer creates urgency, then pushes the victim to move money, buy gift cards, install remote-support software, provide verification codes, or “secure” an account by transferring funds.

Simple Rule For Customers And Staff

If someone contacts you unexpectedly and tells you to move money, share a code, install software, keep the conversation secret, or act immediately, stop and verify through a separate trusted channel. Call the bank using the number on your card. Open the app yourself. Ask the business owner directly. Do not click the link or call the number inside the suspicious message.

What I Would Prioritize This Week

  • Home users: update phones after backing up, be cautious with Steam/Wallpaper Engine downloads, enable MFA on email and gaming accounts, and talk with family about fake bank and government alerts.
  • Small businesses: inventory AI tools, patch hosted panels and security appliances, verify Android business-app compatibility before broad upgrades, and review cloud-app MFA.
  • Website owners: ask hosting providers about LiteSpeed/cPanel patching and log checks, keep WordPress admin accounts clean, and confirm backups are restorable.
  • IT admins: treat Fortinet, Cisco SD-WAN Manager, LiteSpeed/cPanel, remote-support tools, and cloud business apps as high-priority review areas.

Related The IT Guys Reading

FAQ

Should I install Android 17 today?

For a personal Pixel phone, it is reasonable after you confirm backups and account recovery. For business phones, test first on a small number of devices and verify critical apps, MFA, VPN, payment tools, and device-management settings.

Are Steam Workshop downloads safe?

Many are fine, but they should not be treated as harmless files. Mods, wallpapers, and customization packages can include executable code. Be especially careful with anything that runs as an application or asks for unusual permissions.

Do small businesses need an AI policy?

Yes, even a short one. Decide which AI tools are approved, what data cannot be pasted into them, when human review is required, and who owns AI-connected accounts and logs.

What should I do about the FTC imposter-scam warning?

Teach a verification habit. No one in the business should move money, share one-time codes, install remote software, or change bank details because of an unexpected message without verifying through a separate trusted contact path.

Cybersecurity, Small Business IT, Tech News
 |  Tags: , , , , , , , , , skt-it-consultant