# Today's Top Stories

July 19, 2026

  1. 1
    0
    BleepingComputer general Jul 18
    WordPress Core "wp2shell" RCE flaws get public exploits, patch now

    Public exploits have been released for the critical 'wp2shell' remote code execution vulnerabilities in WordPress Core, dramatically raising the risk for the millions of sites running the platform. The availability of public exploit code means automated mass exploitation is likely imminent, making immediate patching non-negotiable for administrators.

  2. 2
    0
    BleepingComputer general Jul 18
    Update now: 7-Zip fixes RCE flaw exploitable with malicious archives

    7-Zip version 26.02 patches a remote code execution vulnerability triggered by opening maliciously crafted archive files. Given 7-Zip's ubiquity across enterprise and consumer environments, security teams should prioritize deployment of the update and consider blocking untrusted archive files at the perimeter.

  3. 3
    0
    SecurityWeek general Jul 17
    Fresh SharePoint Vulnerability Exploited Soon After Disclosure

    A critical-severity SharePoint vulnerability allowing remote authenticated attackers to execute arbitrary code is already being actively exploited in the wild shortly after public disclosure. Organizations running on-premises SharePoint should treat this as an emergency patch, as authenticated RCE in SharePoint has historically been a high-value target for ransomware operators and nation-state actors.

  4. 4
    0
    CyberScoop general Jul 17
    Leading members of Scattered Spider sentenced in UK to 66 months in jail

    UK courts sentenced Scattered Spider members Thalha Jubair and Owen Flowers to 66 months in jail for leading cyberattacks attributed to the Com hacker collective. Jubair alone was linked to at least 120 attacks by U.S. authorities, making this one of the more significant law enforcement actions against the prolific social-engineering group responsible for major breaches at MGM Resorts, Caesars, and others.

  5. 5
    0
    BleepingComputer general Jul 17
    HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload

    The HollowByte vulnerability enables unauthenticated attackers to cause a denial-of-service condition on OpenSSL servers using a payload of just 11 bytes, potentially enabling memory bloat at scale. OpenSSL's widespread deployment in TLS infrastructure across virtually every enterprise makes this a high-priority patching event for security and infrastructure teams.

  6. 6
    0
    The Hacker News general Jul 17
    ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

    ACR Stealer, an infostealer active since 2024, is being delivered via ClickFix lures that trick users into pasting malicious commands into the Windows Run dialog. Microsoft's Defender Experts team documented two delivery chains showing the malware exfiltrating saved browser passwords, live session tokens, PDFs, and Microsoft 365 documents including files synced from OneDrive and SharePoint.

  7. 7
    0
    The Hacker News general Jul 17
    Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

    Checkmarx researchers discovered seven malicious npm packages (campaign dubbed ViteVenom) targeting the Vite frontend ecosystem as an extension of the ChainVeil supply chain attack, which uses a four-tier blockchain-based C2 infrastructure spanning the Tron network to deliver a remote access trojan. The use of blockchain C2 makes takedowns significantly harder and represents a sophisticated escalation in supply chain attack tradecraft.

  8. 8
    0
    BleepingComputer general Jul 17
    Ernst & Young discloses data breach after support system hack

    Ernst & Young is notifying customers of a data breach stemming from the compromise of a third-party IT support ticket system used by its personnel. Third-party support systems are a recurring breach vector, and the incident is notable given EY's role handling sensitive financial and audit data for major global enterprises.

  9. 9
    0
    The Hacker News general Jul 17
    New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

    Kaspersky researchers, who uncovered the activity in February 2026, have documented GoSerpent, a previously undocumented Go-based malware targeting government and diplomatic entities across Southeast Asia since late 2025 with a focus on long-term stealthy access and intelligence collection. The malware's regional targeting pattern and espionage focus are consistent with nation-state activity, though attribution was not publicly confirmed.

  10. 10
    0
    The Hacker News general Jul 17
    Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

    Armenia detained Russian tourist Aleksandr Ermakov on June 28 at Yerevan's Zvartnots airport on a U.S. extradition request for a REvil ransomware suspect of the same name, but the detainee's legal team claims the wrong man was arrested. The case underscores ongoing international cooperation in pursuing REvil members and the complications of cross-border cybercrime extradition where name-matching alone may be insufficient.