Security news.
Today's security landscape is dominated by a record-breaking Microsoft Patch Tuesday, addressing a massive number of vulnerabilities, including several actively exploited zero-days. Additionally, CISA has issued warnings regarding new SharePoint Server exploitations and ongoing Russian cyberattacks targeting critical infrastructure routers, emphasizing the need for immediate patching and improved router hygiene.
Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days
Microsoft's July 2026 Patch Tuesday addressed a staggering 622 vulnerabilities, with two in Active Directory and SharePoint Server already being actively exploited as zero-days, and a BitLocker bug publicly disclosed.
CISA Urges SharePoint Hardening After New Exploitations
CISA warns of active exploitation of CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, enabling threat actors to gain unauthorized access and execute remote code on on-premises SharePoint Server instances.
Progress Confirms ShareFile Zero-Day Flaw Behind Storage Zone Shutdown
Progress Software has confirmed a high-severity zero-day vulnerability caused the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates.
US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers
Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks, with CISA issuing an advisory urging improved router hygiene.
SAP Patches Critical CVSS 9.9 NetWeaver ABAP Flaw
SAP released security updates for July 2026, including a critical out-of-bounds write flaw (CVE-2026-44747) in NetWeaver Application Server ABAP that could lead to memory corruption and data exposure.
Adobe Patches Critical ColdFusion Vulnerabilities
Adobe has released patches for critical ColdFusion security defects that could enable attackers to execute arbitrary code or elevate privileges.
7 Severe Vulnerabilities Patched in VMware Avi Load Balancer
VMware has addressed seven severe vulnerabilities in its Avi Load Balancer, which could be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.
Nearly 300 GitHub Repos Pose as Legit Software to Push Malware
A threat actor has created hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware.