Threat Feed
Daily intelligence on vulnerabilities, threat actors and geopolitical context — distilled from primary sources.
satellite_altDaily BriefCyber Threat Daily Brief — July 19, 2026
Today's briefing: 3 critical and 8 high-severity threats. A total of 13 detailed analyses covering vulnerabilities, threat actors, and geopolitical context.
Latest Reports
26 / 588 results
highbug_reportVulnerability7-Zip 26.02 patches RCE flaw via malicious compressed files
7-Zip versions prior to 26.02. All platforms (Windows, Linux, macOS) where 7-Zip is installed and used to open compressed archives from untrusted sources.
criticalbug_reportVulnerabilityWordPress Core RCE "wp2shell" exploits now public, patch immediately
WordPress Core (specific versions not disclosed in provided data). Scope appears to be remote code execution vulnerabilities in core WordPress installation.
highbug_reportVulnerabilityACR Stealer campaign targets Microsoft enterprise customers
Microsoft enterprise customers; targets browser-stored credentials, authentication tokens, and sensitive documents across enterprise environments
criticalbug_reportVulnerabilityWordPress 6.9–7.0 unauthenticated RCE patched, forced auto-update active
WordPress core versions 6.9.0–6.9.4 and 7.0.0–7.0.1. All sites running these versions are vulnerable to unauthenticated remote code execution via anonymous HTTP requests. Patched in 6.9.5 and 7.0.2.
highbug_reportVulnerabilityOpenSSL "HollowByte" DoS allows 11-byte requests to freeze server memory
OpenSSL versions prior to June 2024 patch. Affects TLS servers running on glibc-based Linux systems. Specific vulnerable versions not disclosed; patch applied without CVE or public advisory.
highbug_reportVulnerabilitySeven malicious npm packages target Vite ecosystem with blockchain C2 RAT
npm package ecosystem, specifically projects using Vite frontend tooling. Seven malicious packages identified in the ViteVenom campaign. Any JavaScript/Node.js development environments that installed these packages are compromised.
highbug_reportVulnerabilityHollowByte flaw enables DoS on OpenSSL servers via 11-byte payload
OpenSSL servers (specific versions not disclosed). Unauthenticated remote attackers can exploit the vulnerability. Scope includes any internet-facing OpenSSL server implementations susceptible to the malicious payload.
highperson_alertThreat ActorNadMesh Botnet Targets AI Services for AWS and Kubernetes Credential Theft
NadMesh is a Go-based botnet operation discovered in early July that specializes in compromising cloud infrastructure credentials through exploitation of exposed AI and automation services.
criticalbug_reportVulnerabilityDigiCert breach linked to Chinese APT; code-signing certs stolen
DigiCert certificate authority infrastructure compromised in April 2026. Code-signing certificates stolen by CylindricalCanine (GoldenEyeDog/APT-Q-27 subgroup).
highperson_alertThreat ActorLazarus Deploys OtterCookie via Fake Job Lures in Contagious Interview
Lazarus is a North Korean state-sponsored advanced persistent threat (APT) group attributed to the Reconnaissance General Bureau (RGB). The group is financially motivated, conducting operations to generate revenue for the DPRK regime through cryptocu…
criticalbug_reportVulnerabilityWindows zero-day LegacyHive enables privilege escalation on patched systems
All up-to-date Windows systems. Specific affected versions not disclosed. Exploit enables local privilege escalation from standard user to administrator level. No CVE assigned yet.
highperson_alertThreat ActorArmenia Detains Russian National on U.S. REvil Ransomware Warrant
REvil (also known as Sodinokibi) is a Russia-linked ransomware-as-a-service (RaaS) operation that emerged in 2019 and became one of the most prolific cybercrime groups before law enforcement disruption in 2021-2022.
criticalbug_reportVulnerabilitySiemens ROX II OT switches vulnerable to chained zero-day privilege escalation
Siemens ROX II industrial switches used in operational technology (OT) environments. Specific affected firmware versions not disclosed in summary. Vulnerability chain enables privilege escalation to persistent root access.
highbug_reportVulnerabilityACR Stealer campaign uses ClickFix social engineering to steal M365 data
Microsoft 365 enterprise users and organizations. ACR Stealer targets browser credentials, session tokens, and M365 documents. Active since 2024 with two documented delivery chains using ClickFix social engineering lures.
highperson_alertThreat ActorGoSerpent Malware Targets Southeast Asian Government and Diplomacy
GoSerpent is a previously undocumented malware family discovered by Kaspersky researchers in late 2025. The malware is designed for long-term persistent access and intelligence gathering operations.
criticalbug_reportVulnerabilityCISA orders patching of actively exploited Fortinet FortiSandbox flaws
Fortinet FortiSandbox threat detection platform. Specific versions not provided in available data. Two vulnerabilities confirmed, CVE identifiers not yet disclosed.
criticalbug_reportVulnerabilityCISA: Microsoft SharePoint RCE CVE-2026-58644 actively exploited
Microsoft SharePoint Server (specific versions not disclosed). CVSS 9.8 critical remote code execution vulnerability.
highpublicGeopoliticalMount Royal University in Calgary confirms data breach and deletion
The breach of Mount Royal University represents a typical pattern in the current cyber threat landscape affecting higher education institutions across North America.
highbug_reportVulnerabilityMalicious npm and PyPI packages impersonate Paysafe payment SDKs
Developers using npm and PyPI repositories who may have installed counterfeit packages impersonating Paysafe, Skrill, and Neteller payment SDKs. Affects development environments and potentially downstream applications integrating these malicious pack…
highperson_alertThreat ActorChina-Linked Cluster Exploits Roundcube at Universities
This China-linked threat cluster targets academic institutions in North America, focusing on credential theft and persistent access through exploitation of vulnerable Roundcube webmail servers.
highperson_alertThreat ActorVishing Campaign Targets Microsoft 365 Users with Entra Passkey Scam
The threat actor behind this campaign remains unattributed. The operation demonstrates sophistication in social engineering tactics, specifically targeting Microsoft 365 environments through voice-based phishing (vishing).
highbug_reportVulnerabilityHalluSquatting attack exploits AI coding assistants to distribute malware
AI coding assistants (GitHub Copilot, ChatGPT, Claude, etc.) and developers using AI-generated package recommendations. All package ecosystems (npm, PyPI, Maven, etc.) are potential targets.
criticalbug_reportVulnerabilityUbiquiti patches critical flaws in UniFi products, CVE-2026-50746 CVSS 10.0
Ubiquiti UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS. Specific vulnerable versions not provided in available data. CVE-2026-50746 rated CVSS 10.0 (critical).
highperson_alertThreat ActorEvilTokens Ghost Phishing Campaign Targets US and European Businesses
EvilTokens is a campaign leveraging "ghost phishing" techniques to target business entities across the United States and Europe. The campaign's primary motivation appears to be credential theft and unauthorized access to Microsoft 365 environments, w…
highperson_alertThreat ActorREF6045 targets Mexican banking sector with SCMBANKER via ClickFix lures
REF6045 is a financially motivated threat actor conducting banking fraud operations against Mexican financial institutions and their customers. The actor targets banking, fintech, and cryptocurrency exchange users in Mexico, leveraging social enginee…
highbug_reportVulnerabilityGitHub commit verification flaw allows signature reuse on rewritten commits
GitHub's commit verification system for GPG/SSH-signed commits. All repositories using signed commits with GitHub's "Verified" badge are potentially affected. The flaw is in GitHub's verification logic, not Git itself.