
Published by Jennifer Hudsen for The IT Guys. This July 2, 2026 recap focuses on practical technology news for home users, small businesses, and anyone responsible for keeping accounts, websites, phones, browsers, and office systems safer.
Today’s big theme is practical exposure reduction. A patched SharePoint Server flaw is being exploited, browser makers are responding to clipboard-based social engineering, voice-system appliances still need attention, and Android app safety keeps depending on both Google Play Protect and common-sense install habits.
Fast Good And Bad Points
- Bad: CISA added Microsoft SharePoint Server CVE-2026-45659 to the Known Exploited Vulnerabilities catalog after reports of active exploitation.
- Good: federal deadlines and public KEV tracking make the patch priority clear: on-premises SharePoint systems should be checked immediately.
- Good: Opera introduced Paste Protect to warn when suspicious clipboard content looks like a ClickFix-style attack.
- Bad: browser warnings help, but they do not replace training users to stop before pasting commands into terminals, PowerShell, or browser developer consoles.
- Bad: Cisco Unified Communications Manager and related voice systems remain a patching priority after recent critical vulnerability attention.
- Good: Google Play Protect and Android security controls continue improving, but users still need to avoid sideloaded apps and suspicious streaming/VPN tools.
1. SharePoint Server Moves Back To The Top Of The Patch List
The most urgent security item is CISA’s Known Exploited Vulnerabilities catalog update for Microsoft SharePoint Server. CISA’s July 1 catalog release lists CVE-2026-45659 as a Microsoft SharePoint remote code execution issue with known exploitation, and coverage from SecurityWeek and BleepingComputer flagged the active-exploitation warning on July 2.
The practical detail matters: SharePoint Online and an on-premises SharePoint Server are not the same operating problem. Many small businesses use Microsoft 365 cloud services and never run their own SharePoint Server. But some organizations, nonprofits, medical offices, schools, municipalities, and older business environments still have on-premises SharePoint sitting behind portals, document workflows, or vendor access.
What to do: inventory SharePoint Server instances, confirm the current patch level, check whether the server is internet-facing, review IIS and SharePoint logs for unusual activity, and make sure backups are current before applying changes. If the server is exposed publicly and missing security updates, treat it as an urgent incident response item, not a casual maintenance ticket.
2. Opera’s Paste Protect Targets ClickFix-Style Attacks
Opera published details on Paste Protect, a browser defense meant to spot suspicious clipboard activity before a user pastes dangerous content into a terminal, developer console, or command prompt. ITPro also covered the feature as a response to ClickFix-style malware, where a fake CAPTCHA or fake troubleshooting prompt convinces the user to copy and run malicious commands.
This is a good direction because it protects a point where many users get tricked: the final paste. Attackers increasingly avoid obvious downloads and instead persuade users to “fix” a fake problem by pasting a command. A browser can help by warning, but the human still has to slow down.
Local-business takeaway: add a simple rule to staff training: never paste commands from a website, pop-up, chat message, or support email unless your own trusted IT person gave you the command and explained what it does. This applies to Windows PowerShell, Command Prompt, macOS Terminal, Linux shells, browser developer tools, and remote-support sessions.
3. Cisco Voice Systems Are Still Business Infrastructure
Cisco’s security advisory for Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition is another reminder that phones are no longer just phones. The advisory describes a server-side request forgery flaw where a crafted HTTP request could allow file writes to the underlying operating system, and NIST’s CVE-2026-20230 entry tracks the same issue.
That may sound distant from a small office, but phone systems often sit in the same management blind spot as routers, printers, access-control panels, camera systems, and NAS boxes. They run web interfaces, have admin accounts, accept network traffic, and sometimes remain untouched for years because “the phones still work.”
What to check: confirm who manages the phone system, whether its admin interface is reachable from the internet, whether firmware or application updates are current, and whether old vendor accounts still exist. If a managed-service provider installed it years ago, do not assume someone is still patching it.
4. Google Play Protect Helps, But Sideloading Still Carries Risk
Google’s Play Protect support page explains how Android devices scan apps and warn about harmful behavior, including higher-risk app installs from browsers and messaging apps. Google’s developer page for Play Protect describes it as built-in malware defense that automatically scans Android apps.
The important practical point is that Play Protect is a layer, not a permission slip to install anything. Many Android problems start when someone follows a text-message link, downloads a fake bank app, installs a “free streaming” APK, or grants Accessibility/SMS/notification access to something that should not need it.
What to do: keep Play Protect enabled, install apps from trusted stores, review apps with Accessibility or notification-reading permission, and remove old APKs or streaming tools you do not recognize. On business phones, use a managed app policy instead of letting every employee sideload whatever a website recommends.
5. Residential Proxy And Smart-Device Abuse Is Not Just A Tech-Nerd Problem
Recent reporting from outlets including TechRadar, plus earlier research covered by The Hacker News, keeps pointing at a real household and small-office problem: cheap Android TV boxes, sketchy VPN apps, free streaming apps, routers, and smart devices can be abused as residential proxy nodes. That means someone else’s traffic may appear to come from your home or business internet connection.
For most customers, the lesson is not to panic over every smart TV. The lesson is to avoid bargain devices with unknown software, remove apps you installed only for one sports stream or one movie, update routers, and separate guest/IoT devices from business computers when possible.
Local IT takeaway: if your internet service gets CAPTCHA-heavy, blocked by websites, or accused of suspicious traffic, review routers, streaming devices, browser extensions, VPN apps, and unknown devices on the network before assuming the provider is at fault.
6. The Best Security Work This Week Is Boring And Useful
None of today’s practical fixes are glamorous: patch SharePoint and voice systems, stop users from pasting mystery commands, keep browsers and Android devices updated, remove suspicious apps, and make sure remote access and admin consoles are not exposed. That is exactly why these checks work. Attackers love forgotten systems and rushed users.
If you run a small business around Port Saint Lucie, Jensen Beach, Fort Pierce, Vero Beach, or nearby Treasure Coast communities, The IT Guys can help review Microsoft 365 security, on-premises servers, routers, phone systems, browser settings, backups, and endpoint protection before a small warning turns into an outage.
Today’s Checklist
- Confirm whether you run on-premises SharePoint Server. If yes, patch and review exposure.
- Tell staff not to paste commands from websites, pop-ups, or chat messages.
- Check Cisco, phone-system, router, firewall, NAS, and camera firmware ownership.
- On Android, keep Play Protect enabled and remove suspicious sideloaded apps.
- Review cheap streaming boxes, unknown VPN apps, and devices you do not recognize on the network.
- Verify backups before major patching, then test that a restore path exists.
Sources
- CISA Known Exploited Vulnerabilities Catalog
- SecurityWeek: CISA warns of actively exploited SharePoint vulnerability
- BleepingComputer: SharePoint RCE flaw now actively exploited
- Opera Security Blog: Paste Protect
- ITPro: Opera Paste Protect and ClickFix attacks
- Cisco Security Advisory for Unified Communications Manager
- Google Play Help: Use Google Play Protect
- Google for Developers: Play Protect
- The Hacker News: Kimwolf Android botnet and residential proxies