Speak naturally. Send without fixing.
Wispr Flow turns your voice into clean, professional text you can send the moment you stop talking. Not rough transcription you have to clean up. Actual polished text — ready for email, Slack, or any app.
Speak the way you think. Go on tangents. Change your mind mid-sentence. Flow strips the filler, fixes the grammar, and gives you text that reads like you spent five minutes writing it.
89% of messages sent with zero edits. Millions of professionals use Flow daily, including teams at OpenAI, Vercel, and Clay. Works on Mac, Windows, and iPhone.
A ransomware attack just stopped a Coca-Cola dairy line from making product, CISA slapped three more actively-exploited SharePoint bugs onto its must-patch list, and a Windows backdoor that's been dormant since 2013 just woke up inside a Taiwan factory. Here's what actually matters today for MSPs, security teams, and the channel — six stories, no fluff.
A ransomware attack just halted Coca-Cola's fastest-growing dairy brand
Coca-Cola disclosed that its fairlife dairy subsidiary detected unauthorized third-party access to several systems, including ones tied to production, and has suspended U.S. manufacturing of fairlife products out of caution. Canadian operations are unaffected, no ransomware gang has publicly claimed credit yet, and Coke says product safety and quality haven't been compromised — but incident response, outside forensics firms, and law enforcement are already involved. fairlife is one of Coke's fastest-growing billion-dollar brands, and this is the case study to reach for next time a client insists ransomware is "just an IT problem": a compromise that started somewhere in IT or OT just stopped a physical production line cold.
CISA adds three more actively-exploited SharePoint bugs to its must-patch list
CISA updated its Known Exploited Vulnerabilities catalog on July 16 to add CVE-2026-58644, a critical (CVSS 9.8) deserialization flaw in on-prem SharePoint Server, alongside CVE-2026-32201, -45659, and -56164 — all being chained for remote code execution against Subscription Edition, 2019, and 2016 installs. Attackers are using the access to steal IIS machine keys for long-term persistence, and federal agencies have until July 19 to patch. If any client still runs on-prem SharePoint (not SharePoint Online), that July 19 date is effectively yours too — and because stolen machine keys survive a patch, rotate them after you update or the attacker keeps their forged tokens.
A Windows backdoor napped for 13 years, then woke up inside a Taiwan factory
Researchers found Daxin — a stealthy, China-linked kernel-mode Windows driver first documented in 2022 but compiled as far back as 2013 — running inside a Taiwan-based subsidiary of a multinational manufacturer, undetected until a telemetry gap surfaced this past May. Sitting alongside it was Stupig, a previously unseen backdoor that hijacks the Windows logon screen to run SYSTEM-level commands before anyone even signs in, without ever generating a logon event. The lesson for anyone doing incident response or threat hunting for manufacturing clients: "no alerts" and "clean" aren't the same thing, especially against an actor patient enough to let its tooling sit quiet for over a decade.
OkoBot is quietly draining crypto wallets through a fake "fix" prompt
Kaspersky detailed OkoBot, a malware framework that's delivered more than 20 payloads over the past year via ClickFix-style fake error prompts and bogus GitHub repos posing as legitimate dev tools. Its signature module, SeedHunter, waits for Trezor Suite or Ledger Live to open, hooks the wallet app's own Electron internals, and phishes the recovery seed phrase from inside the legitimate software — handing attackers irreversible access to victims' funds. It's already hit hundreds of victims across 25+ countries; if anyone on your team or a client's touches a crypto wallet on a work machine, this is worth a specific warning, because the phishing prompt looks like it's coming from the wallet app itself, not a browser pop-up.
Scattered Spider's TfL hackers just found out UK prison sentences are real
Owen Flowers, 18, and Thalha Jubair, 20 — both linked to the Scattered Spider crew — were sentenced to five and a half years each at Woolwich Crown Court for the August 2024 hack of Transport for London, which knocked 148 systems offline and cost TfL roughly £29 million (about $39M) in losses and recovery. Prosecutors say it's the first successful conviction under Section 3ZA of the UK's Computer Misuse Act, the statute reserved for the most serious cyber offenses. It's a genuinely useful data point next time a client assumes ransomware crews operate with total impunity — attribution-to-sentencing on a major case just got a lot faster.
$13M bet: AI security agents don't need more alerts, they need better data
Beacon Security closed a $13 million seed round led by Notable Capital, backed by a bench of CISO and founder angels from Talon, Descope, Gem Security, Dig Security, and Cider Security. Its pitch is a "data layer" that fuses and cleans telemetry across vendors so AI agents and human analysts triage against one trustworthy, de-duplicated picture instead of raw noisy feeds — the company claims 300% ARR growth in H1 2026. The AI-SOC gold rush is quietly shifting from "which model" to "whose pipeline feeds the model" — worth watching if you're evaluating agentic detection and response tooling for your own stack or a client's.
That's the wrap. Patch SharePoint before Sunday, and if you've got clients in food and beverage manufacturing, use the fairlife story to get the ransomware conversation back on the calendar. See you tomorrow. — The ChannelBytes Team





