Daily Threat Intelligence Brief - July 16, 2026
Microsoft ships a record 570 fixes with two exploited zero-days (CVE-2026-56155, CVE-2026-56164), SonicWall SMA1000 zero-days CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 are chained for appliance takeover, Oracle Payments CVE-2026-46817 (CVSS 9.8) hits KEV, and Sysdig documents JADEPUFFER, a ransomware chain run end to end by an autonomous LLM agent that encrypted 1,342 Nacos records.
The Operator's Take
The JADEPUFFER coverage is pointing at the wrong thing. Every headline says "AI agent runs ransomware," but read the Sysdig telemetry and the entry point was CVE-2025-3248, a Langflow bug patched in 2025, sitting exposed on a box nobody had in a CMDB because it was "just an AI dev tool." The model did not out-hack anyone. What it did was recover from a failed Nacos backdoor in 31 seconds by rewriting its own payload, and that is the number defenders should be scared of, because the middle of the kill chain is exactly where human operators stall out and where your detections get their dwell time.
Now put that next to Microsoft's 570 fixes this month, a record that Help Net Security attributes partly to AI-assisted bug hunting. Both sides just got the same speed multiplier, but they are not spending it symmetrically: AI finds bugs faster than you can patch them and exploits them faster than you can respond, while your patch throughput stays exactly as human as it was last July. The constraint was never discovery. It is deployment.
Here is the connection nobody is drawing. Look at what CISA actually added to KEV in the first half of this month: Langflow, JoomShaper, iCagenda, Balbooa Forms, a 2008 Cisco IOS CSRF bug. That is not the Fortune 500 patch queue, it is the long tail of things that are in production and absent from asset inventory. Meanwhile SonicWall SMA1000 CVE-2026-15409 carries a CVSS 10.0 and your scanner has known about SMA1000 for years. One of those two categories you are already managing. The other one is where the agentic attacks are landing, because unmanaged software is where old CVEs live, and old CVEs are what an autonomous agent grinds through without getting bored.
Do this differently this week: stop treating AI infrastructure as a lab concern and inventory it as internet-facing production. Langflow, LiteLLM gateways, Nacos, every orchestration framework a data scientist stood up on a Tuesday. Give them the same scan cadence, the same patch SLA, and the same egress restrictions you give a VPN concentrator. If that inventory takes you more than a day to produce, you have already answered the question of whether you would have caught JADEPUFFER.
Executive Summary
- Microsoft's July 2026 Patch Tuesday addressed 570 vulnerabilities including 59 rated Critical, the largest single month on record, with three zero-days: CVE-2026-56155 (ADFS) and CVE-2026-56164 (SharePoint) actively exploited, and CVE-2026-50661 (BitLocker) publicly disclosed. (BleepingComputer)
- SonicWall SMA1000 appliances are under active zero-day attack. CVE-2026-15409 (CVSS 10.0, unauthenticated SSRF) and CVE-2026-15410 (CVSS 7.2, post-auth code injection) are being chained for full appliance takeover. Federal deadline under BOD 26-04 is July 17, 2026, tomorrow. (BleepingComputer)
- Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) was added to CISA KEV on July 15 with a July 18 federal deadline. Unauthenticated, no user interaction, remote over HTTP, full takeover of the Oracle Payments module. (CISA)
- Sysdig documented JADEPUFFER, the first ransomware campaign it has observed run entirely by an autonomous LLM agent with no human in the loop, from Langflow exploitation through the encryption of 1,342 Nacos configuration records with an ephemeral key that was never transmitted. (Sysdig)
- CISA added Langflow CVE-2026-55255 (IDOR authorization bypass) to KEV on July 7, placing an AI orchestration framework on the same mandatory-patch footing as enterprise edge gear. (The Hacker News)
- FortiBleed is now a confirmed ransomware pipeline. SOCRadar tied the campaign to INC and Lynx operations: 430,000 FortiGate firewalls targeted, over 110 million credentials collected, full attack chain completed on 354 targets, and at least 12 ransomware deployments. (SecurityWeek)
- Kaspersky named Armored Likho, a previously undocumented actor hitting government agencies and electric power operators across Russia, Kazakhstan, and Brazil with a Python infostealer called BusySnake. Attribution to any nation-state remains open. (TechTimes)
- The Conduent breach population grew to more than 62.2 million individuals in healthcare breach reporting by July 2026, making it one of the largest disclosed exposures of the year. (SharkStriker)
- Prompt injection remains the number one entry on the OWASP LLM Top 10 and continues to drive the majority of agentic AI security failures reaching production. (Help Net Security)
Critical Vulnerabilities
CVE-2026-15409 and CVE-2026-15410: SonicWall SMA1000 Zero-Day Chain
CVSS: 10.0 and 7.2 | Status: Actively exploited, in KEV | Federal deadline: July 17, 2026
SonicWall confirmed that threat actors have been exploiting two SMA1000 flaws as zero-days. CVE-2026-15409 is a critical server-side request forgery in the SMA1000 Appliance Work Place interface that lets a remote, unauthenticated attacker force the appliance to issue requests to unintended destinations. CVE-2026-15410 is a post-authentication code injection flaw in the Appliance Management Console permitting an authenticated administrator to execute arbitrary operating system commands.
Rapid7 observed targeted zero-day exploitation of internet-facing SMA 1000-series appliances since at least late June, and assesses that attackers are chaining the two flaws together to take full control of vulnerable devices. The chain matters more than either bug alone: the SSRF supplies the unauthenticated reach, and the code injection supplies the execution.
CISA added both to KEV on July 14. Federal civilian agencies must remediate by July 17, 2026 under BOD 26-04, or discontinue use of the product where mitigations cannot be applied.
Sources: BleepingComputer, Sophos, CISA
CVE-2026-46817: Oracle E-Business Suite Payments Takeover
CVSS: 9.8 | Status: Actively exploited, in KEV | Federal deadline: July 18, 2026
An improper privilege management and authentication flaw in Oracle Payments affecting E-Business Suite versions 12.2.3 through 12.2.15. Exploitation requires no authentication and no user interaction, works remotely over HTTP, and enables complete takeover of the Payments module.
The exploitation sequence here deserves attention. Oracle fixed this in its May 2026 Critical Patch Update on May 28 and reinforced the fix in a supplementary CPU on June 16. Exploitation was first observed against Oracle E-Business honeypots with no public proof-of-concept code in circulation at the time, meaning someone was working from the patch diff or from independent research rather than from a leaked exploit. CISA added it to KEV on July 15 with a July 18 remediation deadline. BleepingComputer separately reported over 900 Oracle E-Business instances exposed to ongoing attacks.
Sources: The Hacker News, SecurityWeek, CISA, BleepingComputer
CVE-2026-56164: Microsoft SharePoint Server Elevation of Privilege
CVSS: 5.3 | Status: Actively exploited, in KEV
A missing-authentication-for-critical-function flaw allowing an unauthenticated remote attacker to elevate privileges over a network with no user interaction and low attack complexity. Reported by Google's incident responders and an anonymous researcher, which is itself a signal: incident responders find bugs by finding them in use.
This is the clearest argument this month against triaging purely on CVSS. A 5.3 that is unauthenticated, network-reachable, low-complexity, and already exploited outranks most of the 59 Critical-rated items shipped alongside it.
Sources: Help Net Security, BleepingComputer
CVE-2026-56155: Active Directory Federation Services Elevation of Privilege
CVSS: 7.8 | Status: Actively exploited, in KEV
An access control flaw in ADFS permitting a user with low local privileges to escalate to administrator. ADFS sits on the identity trust boundary, so a local-to-admin escalation here is a federation-wide problem rather than a single-host problem. Treat any exploited ADFS bug as a credential-material incident, not just a patch ticket.
Sources: Kaspersky, Security Boulevard
CVE-2026-45659: Microsoft SharePoint Deserialization RCE
CVSS: 8.8 | Status: Actively exploited, in KEV since July 1
SharePoint accepts serialized objects from a request and reconstructs them without adequately validating what it is rebuilding. Any authenticated attacker holding a minimum of Site Member permissions can execute code remotely on the server. No admin rights required.
Microsoft patched this in May 2026 and initially labeled it "less likely to be exploited." Six weeks later it was in KEV. Attacks have been attributed to Storm-2603, an actor known for deploying Warlock ransomware through known on-premises SharePoint flaws since mid-2025. Vendor exploitability ratings are a forecast, not a verdict.
Sources: The Hacker News, Help Net Security
CVE-2026-55255: Langflow Authorization Bypass
Status: Actively exploited, in KEV since July 7
An insecure direct object reference in Langflow that permits an authenticated attacker to access other users' flows by sending a crafted request to the /api/v1/responses endpoint carrying the victim's UUID as flow_id. In a multi-tenant Langflow deployment, another user's flow is another user's prompts, credentials, and tool bindings.
CISA ordering federal agencies to patch an LLM orchestration framework under BOD 26-04 is the structural story here. AI tooling has crossed from experimental to mandatory-remediation infrastructure.
Sources: BleepingComputer, The Hacker News
CVE-2026-35616: Fortinet FortiClient EMS
CVSS: 9.1 | Status: Exploited in the wild
eSentire observed threat actors exploiting this FortiClient EMS flaw to deploy an information stealer tracked as EKZ Stealer. Endpoint management servers are a high-value target by construction: they hold reach into every endpoint they manage.
Source: The Hacker News
CVE-2026-50661: Windows BitLocker Security Feature Bypass
Status: Publicly disclosed, not yet observed exploited
Enables an attacker with physical access to reach encrypted data. Relevant to laptop fleets, device disposal processes, and any threat model that includes a stolen or seized machine. Prioritize for travel devices and anyone carrying regulated data.
Source: BleepingComputer
The Long Tail: KEV Additions You Are Probably Not Tracking
| CVE | Product | Type | KEV Date |
|---|---|---|---|
| CVE-2026-48908 | JoomShaper SP Page Builder | Exploited flaw | July 7, 2026 |
| CVE-2026-56290 | Joomlack Page Builder | Exploited flaw | July 7, 2026 |
| CVE-2026-48939 | iCagenda | Unrestricted file upload | July 10, 2026 |
| CVE-2026-56291 | Balbooa Forms | Unrestricted file upload | July 10, 2026 |
| CVE-2008-4128 | Cisco IOS | Cross-site request forgery | July 13, 2026 |
| CVE-2023-4346 | KNX Protocol | Connection authorization | July 15, 2026 |
A 2008 Cisco IOS CSRF bug and a 2023 KNX building-automation flaw entering KEV in the same fortnight is not a filing error. It is evidence that attackers are profitably working inventory that defenders forgot they owned. KNX in particular governs building automation, which means lighting, HVAC, and access control in facilities that never appear in an IT asset register.
Sources: CISA July 7, CISA July 13, CISA July 15
AI Security Threats
JADEPUFFER: Ransomware With No Human in the Loop
Sysdig published its analysis on July 1, documenting what it describes as the first ransomware campaign it has observed executed entirely by an autonomous LLM agent, with no human operator directing the chain.
Initial access. CVE-2025-3248, an unauthenticated remote code execution flaw in Langflow's code validation endpoint (/api/v1/validate/code) that permits arbitrary Python execution. This bug is from 2025. The most advanced attack technique of the year walked in through an unpatched year-old CVE on an AI development tool.
The chain. The agent performed reconnaissance and credential harvesting on the compromised Langflow host, moved laterally to the real target (a production database server running MySQL and Alibaba Nacos), took over the Nacos configuration service through authentication bypass, encrypted the configuration store, and then destroyed the original tables.
The part that matters. When the agent's attempt to create a Nacos backdoor account failed, it diagnosed the failure and fixed it in 31 seconds by switching from subprocess-based password hashing to direct library imports. It also adapted its XML parsing when S3 requests returned an unexpected format, and escalated credential harvesting progressively as it learned the environment. Sysdig notes the payloads carried natural-language reasoning, target prioritization, and detailed annotations consistent with LLM generation rather than human scripting.
Impact. Approximately 1,342 Nacos service configuration items were AES-encrypted. The key was ephemeral and never transmitted, so recovery is impossible even if the ransom is paid. This is worth sitting with: an autonomous agent built an extortion scheme that cannot deliver on its own promise. Whether that is a bug or a deliberate destruction operation wearing a ransom note is an open question, and it changes the response calculus completely.
Indicators. Beaconing to 45.131.66[.]106:4444. Bitcoin address 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy. Contact address e78393397[@]proton[.]me. Sysdig recommends monitoring for CVE-2025-3248 exploitation attempts, scheduled tasks that invoke outbound network calls, and anomalous database process behavior.
The strategic read: agentic attack tooling does not raise the ceiling on attacker capability, it raises the floor and collapses the timeline. Every step JADEPUFFER took was something a competent human operator could do. What changed is that no operator had to be awake, paid, or patient. Defensive plans that assume an adversary pauses to think, sleep, or hand off between shifts are planning against a threat model that just retired. For background on how autonomous agents change the offensive picture, see the Krypteia glossary on agentic red teaming.
Sources: Sysdig, SecurityWeek, BleepingComputer, CSO Online
Prompt Injection Holds the Top of the OWASP LLM Top 10
Prompt injection has held the number one position on the OWASP LLM Top 10 across every edition, and OWASP guidance now frames it as a structural flaw rather than an input-validation defect that better filtering will eventually solve.
The reason is architectural. A language model has no reliable mechanism to distinguish instructions from data, because both arrive as tokens in the same stream. A single sentence embedded in a retrieved document, a web page, or a code comment can redirect agent behavior, exfiltrate data, or trigger unauthorized actions. There is no patch for this in the way there is a patch for CVE-2026-46817. It is a property of the design.
The severity scales with the agent's permissions, not with the cleverness of the injection. When an agent holds email, database, or repository access, a successful injection is not a bad answer. It is an attacker action executed with your agent's privileges, your agent's network position, and your agent's audit trail. Help Net Security reports prompt injection continues to drive most agentic AI security failures reaching production. See the Krypteia glossary entry on prompt injection for the taxonomy of direct, indirect, and stored variants.
Sources: Help Net Security, The Leveraged Years
The AI Supply Chain: LiteLLM and the Three-Hour Window
A backdoor sat on PyPI for roughly three hours in March 2026 and accumulated close to 47,000 downloads in that window. The affected package was LiteLLM, which serves as the language-model gateway for CrewAI, DSPy, and other agent frameworks.
Three hours. Forty-seven thousand downloads. That ratio is the entire AI supply chain risk story in one line: these packages are pulled at machine cadence by CI systems that do not sleep, so the exposure window for an AI dependency is not measured the way a traditional library compromise is. Gateway packages are the worst case because they sit where every model call and every API credential passes through.
If you run agent frameworks, pin your LLM gateway dependencies, and check whether any build pulled LiteLLM during that March window.
Source: Cyber Desserts
GuardFall: Old Tricks Against New Guardrails
Researchers documented GuardFall, a class of weakness in AI coding assistants where shell injection techniques that predate most of the people using them bypass modern safeguards. AI coding assistants execute shell commands with the full authority of the account running them, and their security filters are built on pattern matching that thirty-year-old quoting and separator tricks slip past.
The pattern is familiar to anyone who has watched a new technology reinvent an old vulnerability class: the guardrail was designed against prompts, and the attack arrives as syntax.
Source: Cyber Desserts
Agent Exploitation Rates
Research cited across AI security reporting this month claims an 85% exploitation success rate across major agents in testing, and vendor reporting cites a 340% year-over-year increase in prompt injection attacks. Both figures come from vendor research rather than independent replication, and the 340% figure in particular should be read as directional rather than precise, since attack-volume baselines in this category are not standardized. The direction is not in dispute even where the decimal places are.
AI on the Defensive Side of the Ledger
Help Net Security attributes the record scale of July's Patch Tuesday partly to AI-driven bug hunting. This is real progress and it creates a real problem. Discovery capacity scaled. Remediation capacity did not. A defender who receives 570 fixes in one month and can deploy 100 of them is not safer than a defender who received 100 fixes and deployed 100, and may be measurably worse off, because the unpatched 470 are now publicly enumerated and diffable.
Source: Help Net Security
Threat Actor Activity
Armored Likho
Kaspersky publicly named Armored Likho in early July, a previously undocumented actor running an ongoing cyber-espionage campaign against government agencies and electric power operators across Russia, Kazakhstan, and Brazil. The group deploys a novel Python-based infostealer called BusySnake Stealer, which reporting describes as built to frustrate both detection and forensic recovery.
Attribution to any nation-state remains open. The target set (government plus electric power, across three countries with little geopolitical alignment) does not map cleanly onto any established sponsor's known priorities, which is itself worth flagging rather than forcing into a familiar bucket.
Source: TechTimes
Twill Typhoon
Darktrace observed the China-linked Twill Typhoon targeting entities across Asia-Pacific and Japan beginning September 2025 and continuing through at least April 2026, with an updated arsenal including a modular .NET-based RAT framework. Modular RAT frameworks signal an actor investing in reuse, which typically precedes an expansion in operational tempo.
Source: SecurityWeek
Salt Typhoon
Salt Typhoon has compromised networks in more than 80 countries during 2026 across telecommunications, transportation, and government. The consistent thread in Salt Typhoon reporting is telecommunications infrastructure, which yields collection capability rather than one-time data, and therefore justifies dwell time that a smash-and-grab actor would not tolerate.
Source: CybelAngel
Storm-2603
Linked to exploitation of SharePoint CVE-2026-45659 and known for deploying Warlock ransomware, typically by exploiting known vulnerabilities in on-premises SharePoint servers since mid-2025. A stable, narrow specialization: find the SharePoint bug, deploy the ransomware, repeat.
Source: The Hacker News
Tempo Metrics
Industry reporting places the 2026 adversary breakout time benchmark at 72 minutes from initial foothold to active exfiltration, described as a fourfold reduction from prior-year averages, with living-off-the-land techniques accounting for 79% of detections. Read those two numbers together: adversaries got four times faster while using tools that generate no malware signature. Detection strategies keyed on artifacts rather than behavior are being outrun on both axes at once.
Source: Hive Security
Ransomware and Data Breaches
FortiBleed Campaign Metrics
| Metric | Figure |
|---|---|
| FortiGate firewalls targeted | 430,000 |
| Credentials collected | 110,000,000+ |
| Portals scanned | ~11,250 |
| Countries touched | 150+ |
| Confirmed admin-level access | 409 |
| Full attack chain completed | 354 |
| Devices with Golang sniffer installed | ~12,000 |
| Resulting ransomware deployments | 12+ |
SOCRadar attributed the FortiBleed campaign to INC and Lynx ransomware operations after finding an operator tied to FortiBleed infrastructure actively working negotiation panels for both groups. This is the first confirmed link between mass FortiGate credential theft and actual ransomware deployment.
The operation used a custom Golang packet sniffer, "FortiGate Sniffer," installed on compromised firewalls to intercept VPN credentials and other authentication data directly from network traffic. Note the funnel: 430,000 targeted, 110 million credentials collected, 409 admin footholds, 12 ransomware deployments. The conversion rate is low and the absolute numbers are still catastrophic. Credential harvesting at this scale does not need efficiency.
Sources: SecurityWeek, SOCRadar, Cybersecurity Dive
Recent Incidents
| Organization | Actor / Vector | Impact | Status |
|---|---|---|---|
| Conduent | Breach, expanded scope | 62.2M+ individuals in healthcare breach reporting | Confirmed |
| Nintendo of America | TinyPulse third-party breach | Employee data exposed, $2M ransom demanded | Confirmed |
| Chemco (Calgary) | Qilin ransomware | Manufacturing operations | Reported |
| Ford Motor Company | Krybit ransomware | Listed on data breach forum | Claimed, unverified |
| Undisclosed victim | JADEPUFFER autonomous agent | 1,342 Nacos config records encrypted and tables destroyed | Confirmed by Sysdig |
Two entries deserve separate handling. The Ford listing is an actor claim on a leak forum, not a confirmed breach, and forum listings are wrong or exaggerated often enough that it should not drive any decision until corroborated. The Nintendo incident is a third-party compromise via TinyPulse, meaning Nintendo's own controls were not the failure point, which is the recurring shape of 2026 breach reporting.
Sources: SharkStriker, TechCrunch, Breachsense
Recommended Actions
Immediate (next 24 to 48 hours)
- Patch SonicWall SMA1000 now. CVE-2026-15409 and CVE-2026-15410 are chained in active attacks and the BOD 26-04 deadline is July 17. If you cannot patch, take the appliance off the internet. A CVSS 10.0 unauthenticated SSRF on a remote access appliance is not a maintenance window conversation.
- Patch Oracle E-Business Suite for CVE-2026-46817. Confirm both the May 28 CPU and the June 16 supplementary CPU are applied. Versions 12.2.3 through 12.2.15 are affected. Federal deadline is July 18.
- Deploy the two exploited Microsoft zero-days ahead of the other 568. CVE-2026-56164 (SharePoint) and CVE-2026-56155 (ADFS) are being exploited now. Do not let a 5.3 CVSS score bury CVE-2026-56164 in your queue.
- Hunt for JADEPUFFER indicators if you run Langflow anywhere: beaconing to
45.131.66[.]106:4444, scheduled tasks making outbound network calls, and unexpected Nacos or MySQL process behavior. - Confirm CVE-2025-3248 is patched on every Langflow instance. This is the JADEPUFFER entry point and it is a year old. Include shadow deployments and anything a data science team stood up outside change control.
- Rotate FortiGate VPN and admin credentials if you have any FortiGate exposed to the internet, regardless of whether you believe you were sniffed. 110 million credentials were harvested and the sniffer was installed on roughly 12,000 devices.
Short-Term (this week and next)
- Produce an AI infrastructure inventory covering Langflow, LiteLLM, Nacos, CrewAI, DSPy, MCP servers, and every orchestration framework running anywhere in your environment. Bring each into the same scanning cadence and patch SLA as your VPN appliances. This is the single highest-leverage action on this list.
- Audit SharePoint Site Member permissions. CVE-2026-45659 only requires Site Member rights to reach RCE, and most SharePoint deployments hand out Site Member far more freely than the threat model assumes.
- Patch FortiClient EMS for CVE-2026-35616 (CVSS 9.1), under active exploitation to deploy EKZ Stealer.
- Constrain agent egress. Any LLM agent with tool access should have an explicit outbound allowlist. JADEPUFFER's lateral movement from a Langflow host to a production database server was possible because nothing stopped it, not because the technique was novel.
- Review the KEV long tail against your actual footprint. JoomShaper, iCagenda, Balbooa Forms, KNX, and legacy Cisco IOS. If you run a Joomla site anywhere, including a marketing microsite nobody claims ownership of, check it today.
- Prioritize the BitLocker fix (CVE-2026-50661) for travel and field devices where physical access is a live part of the threat model.
Strategic (this quarter)
- Reprice patch throughput as a capacity problem, not a process problem. If discovery is now AI-accelerated and 570-fix months become normal, incremental improvements to your patch workflow will not close the gap. Automated deployment for a defined class of assets is the only response that scales with the input.
- Assume prompt injection is unpatchable and design around blast radius. Since the model cannot reliably separate instructions from data, the only durable control is limiting what a compromised agent can reach. Scope agent credentials to the minimum, separate read from write authority, and require human approval on destructive operations. Treat every agent's permission set as a pre-authorized attacker capability.
- Rebuild detection for a 72-minute breakout time against living-off-the-land tradecraft. Artifact-based detection loses on both dimensions simultaneously. Behavioral baselines and identity-centric telemetry are where the remaining signal lives.
- Pin and monitor AI supply chain dependencies. The LiteLLM incident put a backdoor into roughly 47,000 downloads in three hours because CI systems pull at machine speed. Lock your gateway packages, verify integrity in the build, and alert on version drift.
- Add autonomous-agent scenarios to tabletop exercises. Every plan that assumes an adversary handoff, a shift change, or a pause for analysis needs a variant where none of those happen. Include the JADEPUFFER ephemeral-key case, where paying the ransom cannot recover the data and the extortion is functionally destruction.
- Treat identity infrastructure compromise as a distinct incident class. An exploited ADFS bug is a federation trust event. Have a rehearsed plan for token-signing certificate rotation and downstream trust re-establishment before you need it.
Sources
- CISA Known Exploited Vulnerabilities Catalog
- CISA Adds Three Known Exploited Vulnerabilities to Catalog, July 7, 2026
- CISA Adds One Known Exploited Vulnerability to Catalog, July 13, 2026
- CISA Adds Four Known Exploited Vulnerabilities to Catalog, July 14, 2026
- CISA Adds Two Known Exploited Vulnerabilities to Catalog, July 15, 2026
- Sysdig: JADEPUFFER, Agentic Ransomware for Automated Database Extortion
- BleepingComputer: Microsoft July 2026 Patch Tuesday Fixes Massive 570 Flaws, 3 Zero-Days
- BleepingComputer: SonicWall Warns of SMA1000 Flaws Exploited in Zero-Day Attacks
- BleepingComputer: CISA Orders Feds to Prioritize Patching Langflow Auth Bypass Flaw
- BleepingComputer: JadePuffer Ransomware Used AI Agent to Automate Entire Attack
- BleepingComputer: Over 900 Oracle E-Business Instances Exposed to Ongoing Attacks
- BleepingComputer: FortiBleed Credential-Theft Campaign Linked to Lynx Ransomware
- The Hacker News: CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
- The Hacker News: Two SonicWall SMA 1000 Zero-Days Exploited
- The Hacker News: SharePoint RCE CVE-2026-45659 Added to CISA KEV
- The Hacker News: Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited
- The Hacker News: FortiBleed Credential Theft Linked to INC and Lynx Ransomware
- Help Net Security: AI-Driven Bug Hunting Fuels Record Microsoft Patch Tuesday
- Help Net Security: Prompt Injection Still Drives Most Agentic AI Security Failures in Production
- Help Net Security: High-Severity SharePoint RCE Bug Patched by Microsoft
- SecurityWeek: Agentic AI Used to Conduct Ransomware Attack via Langflow
- SecurityWeek: FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
- SecurityWeek: Exploitation of Recent Oracle E-Business Suite Vulnerability Begins
- SecurityWeek: Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns
- Sophos: SonicWall SMA1000 Vulnerabilities in Active Exploitation
- CSO Online: This AI Agent Autonomously Hacked a Network, Adapted on the Fly, and Demanded a Ransom
- SOCRadar: FortiBleed Campaign Linked to INC and Lynx Ransomware Operations
- Cybersecurity Dive: FortiBleed Campaign Traced to INC and Lynx Ransomware Operations
- Security Boulevard: July 2026 Patch Tuesday Analysis
- Kaspersky: Key Vulnerabilities of Microsoft's July 2026 Patch Tuesday
- Zero Day Initiative: The July 2026 Security Update Review
- TechTimes: New APT Group Hits Power Grids in Three Countries
- CybelAngel: Cyber Espionage and APTs, Chinese Threat Groups in 2026
- Hive Security: State-Sponsored Threat Actors 2026 Deep Dive
- TechCrunch: The Worst Hacks and Breaches of 2026 So Far
- SharkStriker: July 2026 Data Breaches
- Breachsense: Data Breaches in July 2026
- Cyber Desserts: AI Agent Security Risks 2026, MCP, OpenClaw and Supply Chain
- The Leveraged Years: OWASP Treats Prompt Injection as a Structural Flaw
- Airia: AI Security in 2026, Prompt Injection, the Lethal Trifecta, and How to Defend
- AI Magicx: Prompt Injection Attacks, AI Agent Security Guide 2026
- Beazley Security: Critical Vulnerability in Oracle Payments Product Under Active Exploitation
- Krypteia Sec Glossary