Latest NEWS

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026.
The vulnerability in question is CVE-2026-58644 (CVSS score: 9.8), a critical deserialization
17 July 2026
From:
info@thehackernews.com (The Hacker News) [The Hacker News]

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London.
The attack left 148 TfL systems inoperable and forced all 27,000 of the transport authority's employees into an office to get their passwords reset in person. Both the NCA and the CPS put TfL's losses and recovery
17 July 2026
From:
info@thehackernews.com (The Hacker News) [The Hacker News]

ToddyCat: your hidden email assistant. Part 2
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.
17 July 2026
From:
Andrey Gunkin [Securelist]

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
A lot of this week’s trouble starts with something that looks close enough.
A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation.
Old bugs are back, weak defaults are earning their keep, and some attack paths are so plain they barely feel like research. Here’s the mess.
17 July 2026
From:
info@thehackernews.com (The Hacker News) [The Hacker News]

Attackers target critical FortiSandbox flaws as CISA issues patch order
Command injection vulns land on exploited list after researchers spot abuse attempts
17 July 2026
From:
[www.theregister.com - Articles]

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.
17 July 2026
From:
Denis Kulik [Securelist]

Top EU court clips YouTube's intermediary defense over reviewed content
You can't claim to be a passive host after vetting a creator's channel, Google warned
17 July 2026
From:
[www.theregister.com - Articles]

Microsoft gives admins Exchange Online breathing room
Retirement of PowerShell -Credential parameter pushed back to the end of 2026
17 July 2026
From:
[www.theregister.com - Articles]

Europe's chip ambitions won't break dependence on US cloud and software, says Forrester
Brussels may spend billions on semiconductor fabs, but tech sovereignty remains firmly in American and Chinese hands
17 July 2026
From:
[www.theregister.com - Articles]


.jpg)


