# Archive

Browse past daily curated stories

Jul 18 Jul 17 Jul 16 Jul 15 Jul 14 Jul 12 Jul 11 Jul 10 Jul 09 Jul 08 Jul 07 Jul 05 Jul 04 Jul 03 Jul 02 Jul 01 Jun 30 Jun 27 Jun 26 Jun 25 Jun 24 Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14

Saturday, July 18, 2026

  1. 1
    0
    The Hacker News general
    CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

    CISA added CVE-2026-58644 (CVSS 9.8), a critical deserialization RCE flaw in Microsoft SharePoint Server, to its Known Exploited Vulnerabilities catalog, mandating Federal Civilian Executive Branch agencies patch by July 19, 2026. Active exploitation was confirmed shortly after disclosure, making this an urgent priority for any organization running SharePoint Server on-premises.

  2. 2
    0
    The Hacker News general
    New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

    A critical unauthenticated remote code execution flaw dubbed wp2shell was discovered in WordPress core by Adam Kues of Assetnote/Searchlight Cyber, affecting all WordPress 6.9 and 7.0 installations — no plugins required for exploitation. WordPress responded by shipping patched versions 6.9.5 and 7.0.2 and enabling forced auto-updates, but any site that hasn't received the update remains fully vulnerable to anonymous HTTP-based code execution.

  3. 3
    0
    Dark Reading general
    Inc Ransomware Exploits SonicWall SMA Zero-Days

    The Inc ransomware group is actively exploiting two chained zero-day vulnerabilities in SonicWall SMA (Secure Mobile Access) appliances to achieve root-level access. Chaining these two flaws gives attackers complete control over the mobile access appliance, making unpatched SonicWall SMA deployments a critical exposure for organizations using them for remote access.

  4. 4
    0
    The Hacker News general
    OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

    Okta's Red Team discovered and named 'HollowByte,' a denial-of-service vulnerability in OpenSSL where an 11-byte malicious TLS request causes the server to allocate up to 131 KB of memory that is never freed — confirmed irrecoverable on glibc systems until process restart. OpenSSL shipped the fix in June with no CVE, no advisory, and no changelog reference, meaning administrators have no straightforward way to know if they are patched.

  5. 5
    0
    The Hacker News general
    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    Scattered Spider members Owen Flowers (18) and Thalha Jubair (20) were sentenced to 5.5 years each at Woolwich Crown Court on July 16, 2026 for the 2024 hack of Transport for London that rendered 148 systems inoperable and forced all 27,000 TfL employees to reset passwords in person, with losses estimated at £29 million. Jubair had previously been accused by U.S. authorities of participating in at least 120 separate attacks as part of the broader Scattered Spider/The Com collective.

  6. 6
    0
    SecurityWeek general
    Coca-Cola Suspends US Fairlife Production Due to Ransomware Attack

    A ransomware attack forced Coca-Cola to suspend all U.S. Fairlife dairy production across plants in Michigan, New York, and Arizona, while Canadian operations remained unaffected. The incident underscores continued ransomware targeting of food and beverage critical infrastructure, following a pattern of attacks against manufacturers with significant operational technology dependencies.

  7. 7
    0
    BleepingComputer general
    CISA urges immediate action on actively exploited Fortinet flaws

    CISA issued an emergency directive ordering federal agencies to immediately patch two actively exploited vulnerabilities in Fortinet's FortiSandbox threat detection platform. Active exploitation of security products like FortiSandbox is particularly high-risk as it can give attackers visibility into an organization's threat detection pipeline.

  8. 8
    0
    The Hacker News general
    GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

    Expel researchers attributed the April 2026 DigiCert breach — involving theft of code-signing certificates — to a subgroup called CylindricalCanine, linked to the Chinese cybercrime cluster GoldenEyeDog (also known as APT-Q-27, Dragon Breath, and Miuuti Group). Stolen DigiCert code-signing certificates are highly weaponizable for supply chain attacks, as they can be used to sign malware that bypasses endpoint security controls.

  9. 9
    0
    BleepingComputer general
    New Windows LegacyHive zero-day gives hackers admin privileges

    A researcher using the handle 'Nightmare Eclipse' publicly released a zero-day exploit dubbed LegacyHive that enables local privilege escalation to administrator on fully patched, up-to-date Windows systems. The public release of a working exploit with no vendor patch available creates immediate risk for Windows deployments and requires defenders to monitor for exploitation activity.

  10. 10
    0
    Ars Technica Security general
    Now, even Russia's most elite hackers are using Clickfix to infect devices

    Russia's most sophisticated state-sponsored threat actors, including Sandworm, have adopted the ClickFix social engineering technique — previously used almost exclusively by financially motivated criminals — to trick victims into pasting malicious PowerShell commands disguised as CAPTCHA verification. The adoption of this commodity technique by elite APT groups significantly broadens the threat landscape and signals that ClickFix-based delivery chains will become increasingly common in high-stakes espionage campaigns.