vulnerability
open
3 articles
On July 17, 2026, WordPress released version 7.0.2 patching a critical unauthenticated remote code execution vulnerability (CVE-2026-63030) and a related SQL injection flaw (CVE-2026-60137) in its REST API.
Jul 17, 2026
—
Jul 18, 2026
incident
open
2 articles
In mid‑July, a cyberattack targeted Nichirei, one of Japan’s largest frozen food producers, forcing the company to disconnect its IT systems and halting logistics and shipments. The attack disrupted the firm’s supply chain, affecting distribution of its products across the country.
Jul 17, 2026
—
Jul 17, 2026
incident
open
3 articles
A misconfigured web server with directory listing enabled left the tools and infrastructure of three threat actors publicly accessible, revealing their use of Evilginx to conduct adversary-in-the-middle phishing against Microsoft 365 accounts.
Jul 13, 2026
—
Jul 17, 2026
malware
open
9 articles
On 15 July 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-4346 affecting the KNX Association’s KNX Protocol Connection Authorization Option 1 and CVE-2026-46817 affecting Oracle’s E-Business Suite to its Known Exploited Vulnerabilities (KEV) catalogue, indicating ac
Jun 30, 2026
—
Jul 17, 2026
vulnerability
open
2 articles
On July 16, 2026, Google released Chrome 150.0.7871.128/.129, which patches three critical use‑after‑free flaws in the CameraCapture, GPU and Network components.
Jul 15, 2026
—
Jul 17, 2026
campaign
open
2 articles
Two members of the Scattered Spider cybercrime group, Thalha Jubair and Owen Flowers, were sentenced in a UK court to 5.5 years imprisonment for their role in a 2024 cyberattack on Transport for London that caused approximately £29 million in losses.
Jul 16, 2026
—
Jul 16, 2026
campaign
open
1 article
In July 2026, UK courts sentenced Owen Flowers and Thalha Jubair, members of the Scattered Spider group, to five and a half years imprisonment for their role in a 2024 cyberattack on Transport for London.
Jul 16, 2026
—
Jul 16, 2026
malware
open
2 articles
The ClickLock stealer targets macOS users, using fake system prompts and process killing to lock victims out of their machines until they enter a password, which is then exfiltrated along with cryptocurrency wallets.
Jul 16, 2026
—
Jul 16, 2026
vulnerability
open
2 articles
Zoom released security updates for its Desktop Client for Windows addressing a critical flaw tracked as CVE-2026-53412 that could allow unauthenticated attackers to hijack user accounts.
Jul 16, 2026
—
Jul 16, 2026
vulnerability
open
5 articles
Researchers at ESET identified eleven outdated Microsoft-signed UEFI shim bootloaders that can be abused to bypass Secure Boot on virtually any system, affecting both Windows and Linux devices.
Jul 14, 2026
—
Jul 16, 2026
vulnerability
open
2 articles
A vulnerability in the Cursor AI IDE allows attackers to execute arbitrary code by placing a malicious git.exe file in the root of a repository that the IDE automatically runs.
Jul 14, 2026
—
Jul 15, 2026
vulnerability
open
3 articles
A vulnerability in the Claude for Chrome extension allows malicious browser extensions to impersonate the Claude website and gain access to users' Gmail, Google Docs, and Calendar data.
Jul 14, 2026
—
Jul 15, 2026
vulnerability
open
2 articles
ServiceNow patched a critical sandbox escape vulnerability (CVE-2026-6875) in its AI platform that could allow unauthenticated remote code execution. Fortinet and Ivanti also released security updates for multiple flaws in their respective products.
Jul 14, 2026
—
Jul 15, 2026
vulnerability
open
2 articles
Progress Software confirmed that a previously unknown zero‑day vulnerability in its ShareFile product caused an outage affecting Storage Zone Controller customers. The company has issued a patch and is restoring access for those who apply the fix.
Jul 13, 2026
—
Jul 15, 2026
malware
open
2 articles
The ransomware group D1R posted on its Tor leak site that it had compromised Synopsys’ website and obtained a corporate client database, also claiming to have stolen data from Bosch, and threatened to release the information unless a ransom was paid.
Jul 14, 2026
—
Jul 14, 2026
vulnerability
open
1 article
Microsoft released its July 2026 Patch Tuesday update, addressing a record 622 CVEs across products such as SharePoint, Active Directory Federation Services, Hyper-V, RDP and BitLocker.
Jul 14, 2026
—
Jul 14, 2026
incident
open
2 articles
On July 13, the U.S. Treasury’s Office of Foreign Assets Control sanctioned the VPN provider 1VPNS and two individuals for allegedly facilitating ransomware attacks on critical infrastructure.
Jul 13, 2026
—
Jul 14, 2026
vulnerability
open
5 articles
A use‑after‑free vulnerability in the Linux kernel’s epoll implementation, tracked as CVE-2026-46242, was disclosed with public proof‑of‑concept exploit code that enables any unprivileged local user to gain root privileges on affected Linux and Android systems.
Jul 3, 2026
—
Jul 14, 2026
vulnerability
open
2 articles
Broadcom released patches for seven vulnerabilities in VMware Avi Load Balancer, including a critical authentication bypass (CVE-2026-47865) with a CVSS score of 9.8. The flaws could be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.
Jul 14, 2026
—
Jul 14, 2026
malware
open
2 articles
CrashStealer is a newly discovered macOS infostealer identified by Jamf Threat Labs in early May It uses a signed application to bypass Gatekeeper, harvesting passwords, cryptocurrency wallets and other sensitive data before encrypting the stolen information with AES.
Jul 14, 2026
—
Jul 14, 2026
vulnerability
open
2 articles
SAP released security patches for its NetWeaver platform addressing multiple memory corruption vulnerabilities, including a critical flaw (CVE-2026-44747) that could allow attackers to read, modify data and cause denial of service.
Jul 14, 2026
—
Jul 14, 2026
malware
open
2 articles
During an incident response on June 3, 2026, Huntress analysts discovered an AI-generated PowerShell script deployed on a compromised server to conduct Active Directory reconnaissance.
Jul 9, 2026
—
Jul 14, 2026
vulnerability
open
4 articles
Russian state-sponsored APT groups are actively exploiting Cisco IOS flaws, including the CSRF vulnerability CVE-2008-4128 and CVE-2018-0171, to compromise routers in critical infrastructure networks.
Jul 13, 2026
—
Jul 14, 2026
campaign
open
2 articles
Threat actor UNK_MassTraction, believed to be China‑aligned, has been exploiting vulnerabilities in Roundcube webmail (CVE‑2024‑42009 and CVE‑2025‑49113) to infiltrate university physics departments in the United States and Canada.
Jul 7, 2026
—
Jul 13, 2026
malware
open
3 articles
In April 2026, security researchers uncovered a large-scale malvertising operation that distributed the Vidar information stealer alongside the XMRig cryptocurrency miner.
Jul 8, 2026
—
Jul 13, 2026
malware
open
7 articles
Microsoft warned about GigaWiper, a modular Go-based backdoor for Windows that combines espionage and data-wiping capabilities. The malware has been observed in intrusions since at least 2024, allowing attackers remote access and destructive wiping of disks.
Jul 9, 2026
—
Jul 13, 2026
campaign
open
2 articles
A contractor for the Cybersecurity and Infrastructure Security Agency posted dozens of internal credentials, including AWS GovCloud access keys, to a public GitHub repository where they remained exposed for approximately six months.
Jul 10, 2026
—
Jul 13, 2026
malware
open
4 articles
Chinese-linked threat actor UAT-7810 is expanding its Operational Relay Box (ORB) network by deploying new malware families such as LongLeash, DogLeash and JarLeash on SOHO routers from vendors like Ruckus and ASUS.
Jul 8, 2026
—
Jul 13, 2026
incident
open
2 articles
Progress Software identified a credible external security threat targeting ShareFile Storage Zone Controllers and instructed customers to immediately shut down the Windows servers running those controllers.
Jul 10, 2026
—
Jul 13, 2026
vulnerability
open
3 articles
Researchers disclosed a critical remote code execution vulnerability in Veeam Backup & Replication that could be exploited by authenticated low‑privileged domain users to execute arbitrary code on backup servers.
Jun 9, 2026
—
Jul 13, 2026
vulnerability
open
2 articles
A stored cross-site scripting (XSS) vulnerability was discovered in Zimbra's Classic Web Client, allowing attackers to execute arbitrary code when a malicious email is opened. The flaw could lead to account takeover without user interaction. Zimbra has released version 10.1.19 to patch the issue.
Jul 10, 2026
—
Jul 13, 2026
campaign
open
3 articles
The Iran-linked Cavern Manticore APT deployed a modular command-and-control framework to infiltrate Israeli government agencies and IT service providers.
Jul 6, 2026
—
Jul 13, 2026
vulnerability
open
9 articles
Threat actors have been actively exploiting unauthenticated remote code execution vulnerabilities in the Balbooa Forms and iCagenda Joomla extensions, allowing file upload and execution without authentication. The U.S.
Jul 10, 2026
—
Jul 13, 2026
malware
open
2 articles
Australian cyber authorities have issued an alert about a large‑scale exploitation campaign that targets vulnerabilities in popular content management systems such as WordPress and Joomla to install webshells on compromised sites.
Jul 13, 2026
—
Jul 13, 2026
campaign
open
3 articles
An Armenian national, Karen Serobovich Vardanyan, was extradited from Ukraine to the United States and pleaded guilty to charges related to his involvement in Ryuk ransomware attacks targeting U.S. companies.
Jul 11, 2026
—
Jul 13, 2026
campaign
open
6 articles
Armored Likho, a previously undocumented APT group, has been observed launching AI‑crafted phishing emails that deliver the BusySnake Stealer malware.
Jul 3, 2026
—
Jul 13, 2026
campaign
open
5 articles
Angelo Martino, a former ransomware negotiator, was sentenced to 70 months in prison after pleading guilty to conspiring with the BlackCat/Alphv ransomware group to extort victims. The court found that he used his insider knowledge to assist the gang while betraying his clients.
Jul 10, 2026
—
Jul 11, 2026
campaign
open
2 articles
The Gentlemen ransomware gang, operating under a ransomware‑as‑a‑service model, has infected approximately 580 organizations, with a focus on manufacturing firms. The group uses an affiliate network to distribute its malware and extort payments.
Jun 29, 2026
—
Jul 10, 2026
vulnerability
open
2 articles
The Cybersecurity and Infrastructure Security Agency issued an advisory for three vulnerabilities in the Gardyn IoT Hub, including CVE-2026-13768, which permits unauthenticated remote code execution.
Jul 2, 2026
—
Jul 10, 2026
malware
open
3 articles
Researchers have demonstrated a technique called HalluSquatting that manipulates large language models into hallucinating malicious code packages, which are then fetched and executed by unsuspecting users or AI agents, enabling the creation of hidden botnets.
Jul 8, 2026
—
Jul 10, 2026
vulnerability
open
4 articles
Microsoft released its June 2026 Patch Tuesday updates, fixing a record 208 vulnerabilities, including 38 critical flaws and several actively exploited zero-days such as CVE-2026-47291 in HTTP.sys and CVE-2026-41091.
Jun 9, 2026
—
Jul 10, 2026
vulnerability
open
5 articles
Security researchers disclosed a missing authorization vulnerability (CVE-2026-13753) affecting HP Deskjet 2800 series printers that could allow unauthorized access to Wi‑Direct and SNMP functions.
Jul 7, 2026
—
Jul 10, 2026
breach
open
2 articles
Threat actors created hundreds of fake Go modules on GitHub, embedding loaders, stealers, RATs and cryptominers that were downloaded by developers and crypto‑currency users.
Jul 10, 2026
—
Jul 10, 2026
incident
open
2 articles
On July 8, Google released a Chrome 150 update that addressed 27 security vulnerabilities, including two critical use‑after‑free flaws. The update is available for desktop versions of Chrome and users are advised to install it promptly. No active exploitation of the flaws has been reported.
Jul 9, 2026
—
Jul 10, 2026
malware
open
6 articles
Researchers identified JadePuffer, an agentic AI‑powered ransomware that autonomously exploited a Langflow vulnerability (CVE-2025-3248) to steal credentials, move laterally, and encrypt data on a production database server.
Jul 3, 2026
—
Jul 10, 2026
malware
open
2 articles
Security researchers identified a new macOS infostealer dubbed PamStealer that is distributed as a fake version of the Maccy clipboard manager. The malware, written in Rust, targets Apple Silicon Macs and harvests credentials from browsers, password managers and other sources.
Jul 2, 2026
—
Jul 10, 2026
incident
open
11 articles
Microsoft released a security update that fixes the RoguePlanet elevation‑of‑privilege vulnerability in Windows Defender, tracked as CVE-2026-50656. The flaw allowed local attackers to gain SYSTEM privileges via a race condition in the Malware Protection Engine.
Jun 17, 2026
—
Jul 9, 2026
malware
open
2 articles
A new ransomware family called GodDamn, first observed in the wild on May 21, 2024, abuses a Microsoft‑co‑signed kernel driver named PoisonX to terminate security tools and facilitate encryption.
Jul 9, 2026
—
Jul 9, 2026
vulnerability
open
2 articles
Palo Alto Networks released a security update addressing 13 vulnerabilities in its PAN-OS software, including a critical buffer overflow tracked as CVE-2026-0288.
Jul 9, 2026
—
Jul 9, 2026
breach
open
2 articles
Hackers exploited a zero‑day vulnerability in a third‑party system to gain unauthorized access to KDDI’s email platform serving multiple Japanese ISPs, compromising the personal data of roughly 12‑14 million users.
Jun 24, 2026
—
Jul 9, 2026