Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Infosec News Nuggets — July 15, 2026 – AboutDFIR

    July 15, 2026

    Helping small businesses with free, hands-on cyber consultancy

    July 15, 2026

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Infosec News Nuggets — July 15, 2026 – AboutDFIR
    News

    Infosec News Nuggets — July 15, 2026 – AboutDFIR

    adminBy adminJuly 15, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    Microsoft’s July update round shattered its own record with fixes for 570 flaws, nearly triple June’s total, a jump the company attributes to AI-assisted vulnerability discovery across the Windows codebase. Three zero-days made the cut: an Active Directory Federation Services elevation-of-privilege bug and a SharePoint Server flaw already being exploited in the wild, plus a publicly disclosed BitLocker bypass that could expose encrypted data to anyone with physical access to a device. Of the 59 flaws rated critical, 48 allow remote code execution, underscoring why admins are being urged to prioritize this month’s rollout despite its unusual size.

     

    SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)

    Threat actors are chaining together two flaws in SonicWall’s SMA 1000 Series secure remote access appliances, an unauthenticated server-side request forgery bug in the Work Place interface and a code-injection flaw in the Management Console that enables arbitrary command execution once paired with the first. Hotfixes are available for the affected SMA6210, SMA7210, and SMA8200v models, but the company is stressing that patching alone won’t undo prior compromise, urging customers to comb logs for indicators of compromise, rotate credentials, and reset TOTP tokens on any appliance that shows signs of tampering.

     

    RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

    Researchers disclosed a pair of access-control flaws in the widely used RabbitMQ message broker that trace back to early 2024. The more severe of the two stems from a management API endpoint whose authorization check was hard-coded to always allow the request, letting an unauthenticated attacker retrieve a broker’s confidential OAuth client secret in a single call and potentially trade it for an admin token to seize full control. A second, lower-severity bug lets any authenticated user enumerate queue and exchange names outside their own permitted scope. Patched versions are out, but since fixing the code doesn’t invalidate secrets already exposed, affected deployments are being told to rotate credentials as well.

     

    Forgotten UEFI shims undermining Secure Boot

    Security researchers uncovered 11 old, Microsoft-signed UEFI shim bootloaders that can be used to bypass Secure Boot on the vast majority of UEFI-based machines, regardless of which operating system is installed. Because the shims predate protections like SBAT and MOK-denylist enforcement, an attacker can bring a copy of one of these forgotten binaries to any system that still trusts Microsoft’s third-party UEFI signing certificate and use it to load known-vulnerable second-stage bootloaders, opening the door to persistent bootkit infections that survive OS reinstalls. The flagged binaries were revoked in Microsoft’s June Patch Tuesday update, but the disclosure highlights how many more decade-old signed shims may still be lurking untracked.

     

    Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns

    Progress Software told ShareFile customers running Storage Zone Controllers to manually power down the servers hosting them after receiving word of a credible external threat targeting the product, temporarily cutting off account access while it investigated with outside cybersecurity experts. Access has since been restored and the company says it has found no evidence that any customer accounts or data were accessed, though it’s asking that Storage Zone Controllers stay offline until the investigation wraps. Speculation has centered on two previously patched flaws that, when chained, allow unauthenticated remote code execution.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleHelping small businesses with free, hands-on cyber consultancy
    admin
    • Website

    Related Posts

    News

    Helping small businesses with free, hands-on cyber consultancy

    July 15, 2026
    News

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026
    News

    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    July 14, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    Infosec News Nuggets — July 15, 2026 – AboutDFIR

    July 15, 2026

    Helping small businesses with free, hands-on cyber consultancy

    July 15, 2026

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.