Cyber Security
Cybersecurity
Nightmare Eclipse Drops LegacyHive PoC on Fully Patched Windows
Mitchell Langley
July 16, 2026
Security group Nightmare Eclipse released LegacyHive, a PoC targeting an unpatched Windows privilege escalation flaw that survived July Patch Tuesday.
Application Security
Zoom Patches CVE-2026-53412 Critical Unauthenticated Account Takeover
Andrew Doyle
July 16, 2026
Zoom patched CVE-2026-53412, a CVSS 9.8 flaw in Zoom Workplace for Windows allowing unauthenticated remote account takeover with no user interaction required.
Application Security
Cursor AI Code Execution Flaw Left Unpatched Seven Months by Developer
Mitchell Langley
July 16, 2026
Mindgard researcher Aaron Portnoy disclosed a code execution flaw in Cursor AI editor that silently runs trojanized git.exe files when developers clone malicious repos.
Application Security
ServiceNow Patches CVE-2026-6875 Unauthenticated RCE in AI Platform
Andrew Doyle
July 16, 2026
ServiceNow patched CVE-2026-6875, a CVSS 9.5 unauthenticated remote code execution flaw in its AI platform; hosted instances auto-patched, self-hosted require manual update.
Cybersecurity
Bitdefender Exposes Windows Bind Link Attacks That Bypass EDR Tools
Gabby Lee
July 16, 2026
Bitdefender documented three Windows bind link techniques — file-binding, process-binding, and silo-binding — that redirect OS path resolution to hide malware from EDR tools.
Cybersecurity
PhantomEnigma Weaponizes 20+ Brazilian Gov Sites for Malware Delivery
Gabby Lee
July 16, 2026
ANY.RUN disclosed PhantomEnigma, a campaign that hijacked 20-plus Brazilian gov.br domains to distribute malware via police-themed phishing emails that pass SPF, DKIM, and DMARC.
Cybersecurity
Chinese Actors Weaponized Claude Code in Multi-Nation Espionage Op
Andrew Doyle
July 16, 2026
Hunt.io exposed a Chinese state-linked espionage operation that used Claude Code and DeepSeek as direct attack tools, breaching systems in four countries.
CVE Vulnerability Alerts
F5 Patches CVE-2026-42533 Heap Buffer Overflow in NGINX Plus
Mitchell Langley
July 16, 2026
F5 released an out-of-band patch for CVE-2026-42533, a CVSS 9.2 heap buffer overflow in NGINX Plus and Open Source requiring no authentication to exploit.
Cybersecurity
Unit 42 Exposes TuxBot v3 Iranian-Linked IoT Botnet With DDoS-for-Hire
Mitchell Langley
July 16, 2026
Palo Alto Networks Unit 42 exposed TuxBot v3, an Iranian-linked IoT botnet targeting 17 CPU architectures with DDoS-for-hire capabilities and AI-generated code.
Cybersecurity
CoinbaseCartel Hits Panasonic Avionics; Pear Targets US Healthcare
Gabby Lee
July 16, 2026
CoinbaseCartel claimed Panasonic Avionics, Pear ransomware hit two US healthcare providers, and six groups posted victims across multiple sectors and countries.
CVE Vulnerability Alerts
SonicWall SMA1000 CVSS 10.0 Zero-Day Hits Remote Access Gateways
Gabby Lee
July 15, 2026
SonicWall warns of active exploitation of CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 in SMA1000 appliances. Federal agencies must patch by July 17.
Application Security
CISA Adds Three SharePoint CVEs to KEV as Auth-to-RCE Chain
Gabby Lee
July 15, 2026
CISA added three SharePoint CVEs to its KEV catalog after confirming active attack chains combining auth bypass, code execution, and IIS machine key theft.
Cybersecurity
DOJ Charges Three Russians Behind LockBit, Play Hosting Network
Andrew Doyle
July 15, 2026
The DOJ unsealed charges against three Russians who ran Media Land and ML.Cloud, bulletproof hosting that served LockBit, Blacksuit, and Play ransomware.
Application Security
Progress ShareFile Path Traversal Zero-Day Confirmed, Patches Out
Mitchell Langley
July 15, 2026
Progress confirmed a path traversal zero-day in ShareFile SZC 5.x and 6.x after ordering an emergency shutdown. Patches 5.12.5 and 6.0.2 are now available.
Cybersecurity
300 Fake GitHub Repos Deliver BoryptGrab Chrome Bypass Infostealer
Mitchell Langley
July 15, 2026
ArcticWolf exposed a campaign using 300 fake GitHub repos to deliver BoryptGrab, an infostealer that bypasses Chrome App-Bound Encryption via code injection.
Application Security
Unpatched Claude for Chrome Flaw Exposes Gmail and Calendar Data
Gabby Lee
July 15, 2026
Manifold disclosed two unpatched flaws in Claude for Chrome allowing malicious extensions to invoke the AI agent and silently access Gmail and Google Calendar.
Application Security
AsyncAPI npm Packages Backdoored to Deploy Miasma Botnet Loader
Gabby Lee
July 15, 2026
Four official AsyncAPI npm packages were compromised to deliver Miasma, a botnet loader using six C2 channels including Ethereum smart contracts and IPFS.
Cybersecurity
Spanish Police Break Up €140M BEC Ring Spanning Four Countries
Gabby Lee
July 15, 2026
Spanish National Police and Europol dismantled a €140 million BEC and investment fraud ring, arresting four suspects across Spain, Portugal, and Panama.
CVE Vulnerability Alerts
Siemens CVSS 10.0 Flaw, Rockwell PLC DoS Patched in ICS Tuesday
Gabby Lee
July 15, 2026
Siemens, Rockwell, and Schneider Electric issued ICS Patch Tuesday advisories, including a CVSS 10.0 Opencenter X auth bypass and CompactLogix DoS flaws.
CVE Vulnerability Alerts
VMware Avi Load Balancer Patches Critical Control Plane Auth Bypass
Mitchell Langley
July 15, 2026
Broadcom patched seven VMware Avi vulnerabilities, including a critical authentication bypass in the control plane. No active exploitation has been confirmed.
Cybersecurity
Nightmare Eclipse Drops LegacyHive PoC on Fully Patched Windows
Mitchell Langley
July 16, 2026
Cybersecurity
300 Fake GitHub Repos Deliver BoryptGrab Chrome Bypass Infostealer
Mitchell Langley
July 15, 2026
Cybersecurity
CoinbaseCartel Hits Panasonic Avionics; Pear Targets US Healthcare
Gabby Lee
July 16, 2026
Cybersecurity
DOJ Charges Three Russians Behind LockBit, Play Hosting Network
Andrew Doyle
July 15, 2026
TOP CYBERSECURITY HEADLINES
This Week’s Security Spotlight
Application Security
Cursor AI Code Execution Flaw Left Unpatched Seven Months by Developer
Mitchell Langley
July 16, 2026
Cybersecurity
Bitdefender Exposes Windows Bind Link Attacks That Bypass EDR Tools
Gabby Lee
July 16, 2026
Cybersecurity
Chinese Actors Weaponized Claude Code in Multi-Nation Espionage Op
Andrew Doyle
July 16, 2026
Cybersecurity
300 Fake GitHub Repos Deliver BoryptGrab Chrome Bypass Infostealer
Mitchell Langley
July 15, 2026
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
ServiceNow Patches CVE-2026-6875 Unauthenticated RCE in AI Platform
July 16, 2026
ServiceNow patched CVE-2026-6875, a CVSS 9.5 unauthenticated remote code execution flaw in its AI platform; hosted instances auto-patched, self-hosted require manual update.
Bitdefender Exposes Windows Bind Link Attacks That Bypass EDR Tools
July 16, 2026
Bitdefender documented three Windows bind link techniques — file-binding, process-binding, and silo-binding — that redirect OS path resolution to hide malware from EDR tools.
PhantomEnigma Weaponizes 20+ Brazilian Gov Sites for Malware Delivery
July 16, 2026
ANY.RUN disclosed PhantomEnigma, a campaign that hijacked 20-plus Brazilian gov.br domains to distribute malware via police-themed phishing emails that pass SPF, DKIM, and DMARC.
Chinese Actors Weaponized Claude Code in Multi-Nation Espionage Op
July 16, 2026
Hunt.io exposed a Chinese state-linked espionage operation that used Claude Code and DeepSeek as direct attack tools, breaching systems in four countries.
F5 Patches CVE-2026-42533 Heap Buffer Overflow in NGINX Plus
July 16, 2026
F5 released an out-of-band patch for CVE-2026-42533, a CVSS 9.2 heap buffer overflow in NGINX Plus and Open Source requiring no authentication to exploit.
Unit 42 Exposes TuxBot v3 Iranian-Linked IoT Botnet With DDoS-for-Hire
July 16, 2026
Palo Alto Networks Unit 42 exposed TuxBot v3, an Iranian-linked IoT botnet targeting 17 CPU architectures with DDoS-for-hire capabilities and AI-generated code.
CoinbaseCartel Hits Panasonic Avionics; Pear Targets US Healthcare
July 16, 2026
CoinbaseCartel claimed Panasonic Avionics, Pear ransomware hit two US healthcare providers, and six groups posted victims across multiple sectors and countries.
SonicWall SMA1000 CVSS 10.0 Zero-Day Hits Remote Access Gateways
July 15, 2026
SonicWall warns of active exploitation of CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 in SMA1000 appliances. Federal agencies must patch by July 17.
CISA Adds Three SharePoint CVEs to KEV as Auth-to-RCE Chain
July 15, 2026
CISA added three SharePoint CVEs to its KEV catalog after confirming active attack chains combining auth bypass, code execution, and IIS machine key theft.
DOJ Charges Three Russians Behind LockBit, Play Hosting Network
July 15, 2026
The DOJ unsealed charges against three Russians who ran Media Land and ML.Cloud, bulletproof hosting that served LockBit, Blacksuit, and Play ransomware.
Progress ShareFile Path Traversal Zero-Day Confirmed, Patches Out
July 15, 2026
Progress confirmed a path traversal zero-day in ShareFile SZC 5.x and 6.x after ordering an emergency shutdown. Patches 5.12.5 and 6.0.2 are now available.
300 Fake GitHub Repos Deliver BoryptGrab Chrome Bypass Infostealer
July 15, 2026
ArcticWolf exposed a campaign using 300 fake GitHub repos to deliver BoryptGrab, an infostealer that bypasses Chrome App-Bound Encryption via code injection.
Unpatched Claude for Chrome Flaw Exposes Gmail and Calendar Data
July 15, 2026
Manifold disclosed two unpatched flaws in Claude for Chrome allowing malicious extensions to invoke the AI agent and silently access Gmail and Google Calendar.
AsyncAPI npm Packages Backdoored to Deploy Miasma Botnet Loader
July 15, 2026
Four official AsyncAPI npm packages were compromised to deliver Miasma, a botnet loader using six C2 channels including Ethereum smart contracts and IPFS.
Spanish Police Break Up €140M BEC Ring Spanning Four Countries
July 15, 2026
Spanish National Police and Europol dismantled a €140 million BEC and investment fraud ring, arresting four suspects across Spain, Portugal, and Panama.
Siemens CVSS 10.0 Flaw, Rockwell PLC DoS Patched in ICS Tuesday
July 15, 2026
Siemens, Rockwell, and Schneider Electric issued ICS Patch Tuesday advisories, including a CVSS 10.0 Opencenter X auth bypass and CompactLogix DoS flaws.
VMware Avi Load Balancer Patches Critical Control Plane Auth Bypass
July 15, 2026
Broadcom patched seven VMware Avi vulnerabilities, including a critical authentication bypass in the control plane. No active exploitation has been confirmed.
Jalisco and OmegaLord PhaaS Kits Beat M365 MFA Using OAuth Tricks
July 15, 2026
ReliaQuest disclosed Jalisco, which regenerates OAuth tokens in real time to beat Microsoft's 15-minute window, and OmegaLord, which harvests MFA phone numbers.
White House Launches Gold Eagle AI Vulnerability Routing Program
July 15, 2026
White House launched Gold Eagle, linking CISA, open source maintainers, and critical infrastructure operators through AI vulnerability triage under EO 14409.
Nine-Nation Advisory Flags FSB Center 16 Router Attacks
July 13, 2026
Cybersecurity agencies from nine countries issued a joint advisory on FSB Center 16 router attacks targeting energy, healthcare, and defense sectors globally.




















