Cyber Security
Cybersecurity
Scattered Spider TfL Hackers Sentenced to Five and a Half Years
Andrew Doyle
July 17, 2026
UK authorities sentenced two Scattered Spider members to five-and-a-half years each for the 2024 Transport for London attack, the UK's largest cybercrime case.
Cybersecurity
ClickLock macOS Stealer Uses App-Kill Loop to Coerce Passwords
Gabby Lee
July 17, 2026
Group-IB documented ClickLock, a macOS stealer using a 210ms app-kill loop to coerce macOS passwords, hitting more than 100 victims across 33 countries.
Cybersecurity
Elastic Exposes TELEPUZ: C Malware Sold as MaaS via ClickFix Chain
Andrew Doyle
July 17, 2026
Elastic Security Labs disclosed TELEPUZ, a C-based malware distributed through a ClickFix-to-Vidar chain with VirusTotal volumes indicating a MaaS operation.
Cybersecurity
Russian Threat Actor Uses Gemini CLI to Run Dental Clinic Botnet
Mitchell Langley
July 17, 2026
Trend Micro documented Russian actor 'bandcampro' using Gemini CLI as a hacking assistant in a dental clinic botnet attack on an OpenDental patient database.
Cybersecurity
DragonForce Posts Eighteen Victims Across Eight Countries in 48 Hours
Andrew Doyle
July 17, 2026
DragonForce posted eighteen victims across eight countries in 48 hours, including a US defense subcontractor, four law firms, and chemical manufacturers.
Cybersecurity
Coca-Cola Files SEC 8-K After Ransomware Hits Fairlife Dairy
Gabby Lee
July 17, 2026
Coca-Cola filed an SEC Form 8-K disclosing a ransomware attack on Fairlife dairy that suspended all U.S. production. No group has yet claimed the attack.
Application Security
CISA Adds SharePoint CVE-2026-58644 to KEV After Zero-Day Confirmed
Gabby Lee
July 17, 2026
CISA added SharePoint CVE-2026-58644, a CVSS 9.8 deserialization flaw, to KEV after Microsoft confirmed zero-day exploitation. Federal deadline is July 19.
CVE Vulnerability Alerts
CISA Issues Sunday Patch Deadline for Fortinet FortiSandbox RCE Flaws
Andrew Doyle
July 17, 2026
CISA added CVE-2026-25089 and CVE-2026-39808 in Fortinet FortiSandbox to KEV, ordering FCEB agencies to patch by July 19 amid confirmed active exploitation.
Cybersecurity
23andMe Pays $18M to 43 State AGs Over Genetic Data Breach
Mitchell Langley
July 17, 2026
Coalition of 43 state AGs reaches $18M settlement with 23andMe successor Chrome Holding Co. over its genetic data breach; total penalties exceed $50 million.
Cybersecurity
Italy Fines WINDTRE €1.7M for Breaches Exposing 365K Customers
Andrew Doyle
July 17, 2026
Italy's Garante fined telecom operator WINDTRE €1.7 million for two 2024 data breaches in which social engineering attacks exposed data on 365,000 customers.
Cybersecurity
Interlock Hits DC Housing Authority; Play, Nova Post New Victims
Mitchell Langley
July 17, 2026
Interlock ransomware targeted DC's public housing agency; Play posted five victims across four countries; Nova added three more in a multi-group batch.
Cybersecurity
Nightmare Eclipse Drops LegacyHive PoC on Fully Patched Windows
Mitchell Langley
July 16, 2026
Security group Nightmare Eclipse released LegacyHive, a PoC targeting an unpatched Windows privilege escalation flaw that survived July Patch Tuesday.
Application Security
Zoom Patches CVE-2026-53412 Critical Unauthenticated Account Takeover
Andrew Doyle
July 16, 2026
Zoom patched CVE-2026-53412, a CVSS 9.8 flaw in Zoom Workplace for Windows allowing unauthenticated remote account takeover with no user interaction required.
Application Security
Cursor AI Code Execution Flaw Left Unpatched Seven Months by Developer
Mitchell Langley
July 16, 2026
Mindgard researcher Aaron Portnoy disclosed a code execution flaw in Cursor AI editor that silently runs trojanized git.exe files when developers clone malicious repos.
Application Security
ServiceNow Patches CVE-2026-6875 Unauthenticated RCE in AI Platform
Andrew Doyle
July 16, 2026
ServiceNow patched CVE-2026-6875, a CVSS 9.5 unauthenticated remote code execution flaw in its AI platform; hosted instances auto-patched, self-hosted require manual update.
Cybersecurity
Bitdefender Exposes Windows Bind Link Attacks That Bypass EDR Tools
Gabby Lee
July 16, 2026
Bitdefender documented three Windows bind link techniques — file-binding, process-binding, and silo-binding — that redirect OS path resolution to hide malware from EDR tools.
Cybersecurity
PhantomEnigma Weaponizes 20+ Brazilian Gov Sites for Malware Delivery
Gabby Lee
July 16, 2026
ANY.RUN disclosed PhantomEnigma, a campaign that hijacked 20-plus Brazilian gov.br domains to distribute malware via police-themed phishing emails that pass SPF, DKIM, and DMARC.
Cybersecurity
Chinese Actors Weaponized Claude Code in Multi-Nation Espionage Op
Andrew Doyle
July 16, 2026
Hunt.io exposed a Chinese state-linked espionage operation that used Claude Code and DeepSeek as direct attack tools, breaching systems in four countries.
CVE Vulnerability Alerts
F5 Patches CVE-2026-42533 Heap Buffer Overflow in NGINX Plus
Mitchell Langley
July 16, 2026
F5 released an out-of-band patch for CVE-2026-42533, a CVSS 9.2 heap buffer overflow in NGINX Plus and Open Source requiring no authentication to exploit.
Cybersecurity
Unit 42 Exposes TuxBot v3 Iranian-Linked IoT Botnet With DDoS-for-Hire
Mitchell Langley
July 16, 2026
Palo Alto Networks Unit 42 exposed TuxBot v3, an Iranian-linked IoT botnet targeting 17 CPU architectures with DDoS-for-hire capabilities and AI-generated code.
Cybersecurity
Scattered Spider TfL Hackers Sentenced to Five and a Half Years
Andrew Doyle
July 17, 2026
Cybersecurity
ClickLock macOS Stealer Uses App-Kill Loop to Coerce Passwords
Gabby Lee
July 17, 2026
Cybersecurity
DragonForce Posts Eighteen Victims Across Eight Countries in 48 Hours
Andrew Doyle
July 17, 2026
TOP CYBERSECURITY HEADLINES
This Week’s Security Spotlight
Application Security
Cursor AI Code Execution Flaw Left Unpatched Seven Months by Developer
Mitchell Langley
July 16, 2026
Cybersecurity
Bitdefender Exposes Windows Bind Link Attacks That Bypass EDR Tools
Gabby Lee
July 16, 2026
Cybersecurity
Chinese Actors Weaponized Claude Code in Multi-Nation Espionage Op
Andrew Doyle
July 16, 2026
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Russian Threat Actor Uses Gemini CLI to Run Dental Clinic Botnet
July 17, 2026
Trend Micro documented Russian actor 'bandcampro' using Gemini CLI as a hacking assistant in a dental clinic botnet attack on an OpenDental patient database.
DragonForce Posts Eighteen Victims Across Eight Countries in 48 Hours
July 17, 2026
DragonForce posted eighteen victims across eight countries in 48 hours, including a US defense subcontractor, four law firms, and chemical manufacturers.
Coca-Cola Files SEC 8-K After Ransomware Hits Fairlife Dairy
July 17, 2026
Coca-Cola filed an SEC Form 8-K disclosing a ransomware attack on Fairlife dairy that suspended all U.S. production. No group has yet claimed the attack.
CISA Adds SharePoint CVE-2026-58644 to KEV After Zero-Day Confirmed
July 17, 2026
CISA added SharePoint CVE-2026-58644, a CVSS 9.8 deserialization flaw, to KEV after Microsoft confirmed zero-day exploitation. Federal deadline is July 19.
CISA Issues Sunday Patch Deadline for Fortinet FortiSandbox RCE Flaws
July 17, 2026
CISA added CVE-2026-25089 and CVE-2026-39808 in Fortinet FortiSandbox to KEV, ordering FCEB agencies to patch by July 19 amid confirmed active exploitation.
23andMe Pays $18M to 43 State AGs Over Genetic Data Breach
July 17, 2026
Coalition of 43 state AGs reaches $18M settlement with 23andMe successor Chrome Holding Co. over its genetic data breach; total penalties exceed $50 million.
Italy Fines WINDTRE €1.7M for Breaches Exposing 365K Customers
July 17, 2026
Italy's Garante fined telecom operator WINDTRE €1.7 million for two 2024 data breaches in which social engineering attacks exposed data on 365,000 customers.
Interlock Hits DC Housing Authority; Play, Nova Post New Victims
July 17, 2026
Interlock ransomware targeted DC's public housing agency; Play posted five victims across four countries; Nova added three more in a multi-group batch.
Nightmare Eclipse Drops LegacyHive PoC on Fully Patched Windows
July 16, 2026
Security group Nightmare Eclipse released LegacyHive, a PoC targeting an unpatched Windows privilege escalation flaw that survived July Patch Tuesday.
Zoom Patches CVE-2026-53412 Critical Unauthenticated Account Takeover
July 16, 2026
Zoom patched CVE-2026-53412, a CVSS 9.8 flaw in Zoom Workplace for Windows allowing unauthenticated remote account takeover with no user interaction required.
Cursor AI Code Execution Flaw Left Unpatched Seven Months by Developer
July 16, 2026
Mindgard researcher Aaron Portnoy disclosed a code execution flaw in Cursor AI editor that silently runs trojanized git.exe files when developers clone malicious repos.
ServiceNow Patches CVE-2026-6875 Unauthenticated RCE in AI Platform
July 16, 2026
ServiceNow patched CVE-2026-6875, a CVSS 9.5 unauthenticated remote code execution flaw in its AI platform; hosted instances auto-patched, self-hosted require manual update.
Bitdefender Exposes Windows Bind Link Attacks That Bypass EDR Tools
July 16, 2026
Bitdefender documented three Windows bind link techniques — file-binding, process-binding, and silo-binding — that redirect OS path resolution to hide malware from EDR tools.
PhantomEnigma Weaponizes 20+ Brazilian Gov Sites for Malware Delivery
July 16, 2026
ANY.RUN disclosed PhantomEnigma, a campaign that hijacked 20-plus Brazilian gov.br domains to distribute malware via police-themed phishing emails that pass SPF, DKIM, and DMARC.
Chinese Actors Weaponized Claude Code in Multi-Nation Espionage Op
July 16, 2026
Hunt.io exposed a Chinese state-linked espionage operation that used Claude Code and DeepSeek as direct attack tools, breaching systems in four countries.
F5 Patches CVE-2026-42533 Heap Buffer Overflow in NGINX Plus
July 16, 2026
F5 released an out-of-band patch for CVE-2026-42533, a CVSS 9.2 heap buffer overflow in NGINX Plus and Open Source requiring no authentication to exploit.
Unit 42 Exposes TuxBot v3 Iranian-Linked IoT Botnet With DDoS-for-Hire
July 16, 2026
Palo Alto Networks Unit 42 exposed TuxBot v3, an Iranian-linked IoT botnet targeting 17 CPU architectures with DDoS-for-hire capabilities and AI-generated code.
CoinbaseCartel Hits Panasonic Avionics; Pear Targets US Healthcare
July 16, 2026
CoinbaseCartel claimed Panasonic Avionics, Pear ransomware hit two US healthcare providers, and six groups posted victims across multiple sectors and countries.
SonicWall SMA1000 CVSS 10.0 Zero-Day Hits Remote Access Gateways
July 15, 2026
SonicWall warns of active exploitation of CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 in SMA1000 appliances. Federal agencies must patch by July 17.
CISA Adds Three SharePoint CVEs to KEV as Auth-to-RCE Chain
July 15, 2026
CISA added three SharePoint CVEs to its KEV catalog after confirming active attack chains combining auth bypass, code execution, and IIS machine key theft.




















