Microsoft July 2026 Patch Tuesday Fixes Massive 570 Flaws, 3 Zero-Days
Microsoft shipped its largest Patch Tuesday on record today, addressing 570 vulnerabilities including two being actively exploited in the wild and one publicly disclosed, with 59 classified as Critical. The two exploited zero-days are elevation-of-privilege flaws in systems that underpin enterprise identity and collaboration — CVE-2026-56164 in on-premises SharePoint Server allows an unauthenticated attacker to gain elevated privileges over the network, while CVE-2026-56155 in Active Directory Federation Services allows an authenticated attacker to escalate privileges locally, with both discoveries credited to Microsoft’s own incident response unit DART, suggesting they were found during active breach investigations. The record-breaking volume reflects a deliberate push by Microsoft and the broader industry to apply AI to vulnerability discovery, with Microsoft noting that customers should expect update volumes to keep rising as AI tooling finds issues faster than traditional auditing — a trend that simultaneously benefits defenders and compresses the window between patch release and weaponization.
SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits
SonicWall confirmed active exploitation of two zero-day vulnerabilities in its SMA 1000 series secure remote access appliances — CVE-2026-15409 (CVSS 10.0), a server-side request forgery flaw in the Appliance Work Place interface exploitable by unauthenticated remote attackers, and CVE-2026-15410 (CVSS 7.2), a code injection flaw in the Appliance Management Console that can allow authenticated attackers to execute arbitrary OS commands. CISA added both flaws to its Known Exploited Vulnerabilities catalog and ordered federal agencies to apply patches by July 17. SonicWall remote access products have been targeted repeatedly this year, and organizations running affected SMA 1000 models (6210, 7210, 8200v) should update to hotfix builds immediately and conduct a forensic review of affected systems for indicators of compromise before assuming they’re clean.
Mozilla Patches Critical Firefox Flaws With Public Exploit Code Already in the Wild
Mozilla released Firefox 152.0.6 to address two critical vulnerabilities — CVE-2026-15718, an invalid pointer flaw in the JavaScript/WebAssembly component, and CVE-2026-15719, a site isolation flaw in the DOM navigation component — both of which already have publicly available proof-of-concept exploit code, though Mozilla says it has not yet seen evidence of active in-the-wild exploitation. The same update window saw Google ship fixes for 15 Chrome vulnerabilities including two critical use-after-free bugs in Ozone, Chrome’s cross-platform display abstraction layer for Linux, ChromeOS, and Fuchsia. Users of Firefox and Chromium-based browsers should update immediately given the availability of public exploit code, which substantially lowers the barrier for threat actors to move from research to active attack.
Hackers Breach TRICARE West, Exposing Health Data of Thousands of US Military Beneficiaries
TRICARE West, the managed healthcare program serving active duty military personnel, retirees, and their families across the western United States, disclosed a data breach exposing sensitive health information of thousands of beneficiaries, with stolen data confirmed to include DoD Benefits Numbers and Social Security numbers alongside medical records. TRICARE West is administered by TriWest Healthcare Alliance under contract with the Department of Defense, making the breach a national security-adjacent incident given the sensitivity of military health records and the identification data involved. Affected beneficiaries should monitor their credit and DoD benefits accounts for unauthorized activity, and the Defense Health Agency is expected to notify individuals whose data was confirmed compromised.
The Trump administration unveiled Gold Eagle, a new federal clearinghouse housed in the Treasury Department that uses artificial intelligence to rapidly detect, prioritize, and coordinate patching of cybersecurity vulnerabilities across government and critical infrastructure, with support from the Pentagon, DHS, and CISA as well as open-source software providers. National Cyber Director Sean Cairncross described the program as enabling “unprecedented cybersecurity AI discovered vulnerability and patching coordination at a speed and scale never seen before,” with Gold Eagle stemming from an AI-focused executive order signed by President Trump in June. The launch arrives on the same day as Microsoft’s record-breaking Patch Tuesday and amid a broader industry trend of AI-accelerated vulnerability discovery, and comes as defenders grapple with a rapidly shrinking window between when a flaw is patched and when attackers weaponize the public advisory.