# Today's Top Stories
July 17, 2026
-
1BleepingComputer general Jul 16Coca-Cola says Fairlife ransomware attack halts US dairy production
Coca-Cola's Fairlife dairy subsidiary suffered a ransomware attack that temporarily suspended all US dairy production operations. This represents a significant critical infrastructure impact, demonstrating ransomware's ability to disrupt physical food supply chains beyond traditional IT systems.
-
2BleepingComputer general Jul 16Scattered Spider members behind TfL hack get five years in prison
Owen Flowers (18) and Thalha Jubair (20), members of the Scattered Spider cybercrime collective, were each sentenced to 5.5 years at Woolwich Crown Court for the 2024 hack of Transport for London. The attack rendered 148 TfL systems inoperable, forced all 27,000 employees to reset passwords in-person, and caused losses estimated at £29 million.
-
3BleepingComputer general Jul 16CISA orders feds to patch actively exploited Oracle flaw by Saturday
CISA issued an emergency directive ordering federal agencies to patch a critical actively-exploited vulnerability in Oracle E-Business Suite by Saturday. The flaw is under active attack, and the tight patching deadline reflects the severity of ongoing exploitation against financial application infrastructure.
-
4SecurityWeek general Jul 15CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities
CISA is urging immediate patching of three actively exploited Microsoft SharePoint vulnerabilities, including two that were targeted as zero-days before patches were available. SharePoint's widespread deployment in enterprise environments makes unpatched instances high-value targets for initial access.
-
5Ars Technica Security general Jul 15Windows 0-day drops the same day Microsoft releases record number of patches
A Windows zero-day dubbed 'LegacyHive' (HiveLegacy) was publicly dropped on the same day Microsoft released its record-setting Patch Tuesday, July 2026. The researcher described it as a 'powerful primitive' with potential for further exploitation beyond its disclosed capability, and released a stripped PoC to limit immediate weaponization.
-
ADSponsoredProtect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected → -
6CyberScoop general Jul 15SonicWall customers under threat as attackers exploit 2 zero-days
Attackers are actively chaining two SonicWall zero-day vulnerabilities, which were first exploited approximately three weeks before the vendor disclosed and patched them. The pre-patch exploitation window significantly increases risk for SonicWall customers who were unaware of ongoing attacks.
-
7The Hacker News general Jul 15Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
Mozilla patched two critical Firefox vulnerabilities — CVE-2026-15718 (invalid pointer in WebAssembly) and CVE-2026-15719 (site isolation flaw in DOM Navigation) — with public exploit code already available for both. The same update cycle also addressed critical flaws in Chrome, Adobe, and VMware products.
-
8The Hacker News general Jul 16Zoom Patches Critical Windows Flaw That Could Enable Account Takeover
Zoom patched CVE-2026-53412 (CVSS 9.8), an improper input validation flaw in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows that could enable unauthenticated account takeover. The critical severity score and broad product surface make immediate patching essential for enterprise environments.
-
9BleepingComputer general Jul 1623andMe to pay $18 million in new genetics data breach settlement
23andMe agreed to pay $18 million to settle a multistate enforcement action led by a coalition of 43 attorneys general stemming from the genetic data breach that exposed sensitive customer information. The settlement underscores growing state-level accountability for negligent handling of highly sensitive biometric and genetic data.
-
10The Hacker News general Jul 16Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
The China-linked Daxin kernel-mode rootkit ('srt64.sys'), first documented by Symantec in March 2022, has resurfaced after four years inside a Taiwan manufacturing firm alongside a previously undocumented backdoor called Stupig that enables pre-login SYSTEM-level access. The reemergence of this advanced implant in critical manufacturing infrastructure signals continued Chinese APT interest in Taiwan's industrial sector.