IT Security Newsletter

IT Security Newsletter - 7/14/2026

Written by Cadre | Tue, Jul 14, 2026

The US government warns that Russia state hackers are coming after your router

The federal government is warning users of home and small office routers to secure their devices as Russia state hackers continue to mass-compromise them for use in obscuring nefarious actions against sensitive organizations in the public and private sectors. Both the Russian and Chinese governments have been compromising routers for years, sometimes in prolonged tugs-of-war to wrest control of devices the other has already commandeered. READ MORE...

EU and UK officially blame Russian spies for cyberattack on Poland's power grid

The UK and EU are demanding urgent action from critical infrastructure organizations after formally attributing the December 2025 cyberattack on Poland's power grid to Russia's Federal Security Service. The Foreign, Commonwealth & Development Office (FCDO) described the attack, carried out by the FSB's Centre 16 division, as "another example of the Russian state's irresponsible attempts to sow chaos across Europe." READ MORE...

SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud

Enterprise software maker SAP on Tuesday announced the release of 20 new and updated security notes as part of its July 2026 security patch day. The most severe of the resolved vulnerabilities is CVE-2026-44747 (CVSS score of 9.9), a memory corruption bug in NetWeaver Application Server ABAP. Successful exploitation of the security defect could allow an attacker to access and modify data, and cause system unavailability, SAP security firm Onapsis explains. READ MORE...

7 Severe Vulnerabilities Patched in VMware Avi Load Balancer

Broadcom announced on Tuesday that new VMware Avi Load Balancer updates patch several critical and high-severity vulnerabilities. VMware Avi Load Balancer is a software-defined platform that provides load balancing, application security, and analytics for applications in hybrid and multi-cloud environments. According to Broadcom, two external researchers recently discovered that the VMware product is affected by seven potentially serious vulnerabilities. READ MORE...

The ransomware negotiator who was working for the other side

When a company falls victim to a ransomware attack, it is not uncommon for it to turn to experts for help. Specialist ransomware negotiation firms handle communications with criminal gangs on a victim's behalf. They know how the ransomware gangs operate, how to buy time, and how to push back on extortionate demands. They can help manage the technical side of any payment if needed, and help a corporate victim assess whether decryptors actually work. READ MORE...

US sanctions VPN, malware providers for enabling ransomware attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations. On Monday, OFAC designated First VPN Service (1VPNS), a virtual private network provider that sold services to ransomware groups, and its administrator, Dmytro Rashevskyi. Since it surfaced in 2014, 1VPNS has advertised on cybercriminal forums that it keeps no logs of user activity and does not cooperate with law enforcement. READ MORE...

"Context bombs" can frustrate AI-driven attacks, researchers found

A new approach tried out by Tracebit researchers has proven very effective at stopping AI agents from fully compromising targeted environments. What makes it notable isn't the technique - prompt injection is old news - but the direction it's pointed: not to hijack AI agents, but to defend against them. Tracebit offers customers a range of canaries, i.e., decoy resources and credentials that, when targeted by attackers, provide early warning of an attack. READ MORE...

States are building their own election defense networks as federal support evaporates

The Trump administration's abrupt firing of Election Assistance Commission commissioners last week and a Department of Justice warning threatening states with criminal prosecution have created new legal peril for officials who run, administer and secure elections. The EAC is an obscure but important agency that oversees testing and standards for voting machines, including around security. States have until now relied upon their stamp of approval when purchasing voting machines. READ MORE...

The best defense against AI attacks turns out to be a skeptical human

Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% of practitioners in 2026, up from half the field a year earlier. The 2026 SANS AI Survey, drawn from 536 IT and security professionals, describes what that commitment costs to keep. Reliability trailed adoption over the year. 63% of practitioners report significant shortcomings when AI detects or responds to threats. READ MORE...

Hackers find a new trick to collect Microsoft Entra user data without raising red flags

Businesses should be on guard for a hacking campaign in which attackers spoof OAuth client IDs to collect information about targets' user directories, the security firm Proofpoint said on Monday. The security firm said it had observed "multiple campaigns at scale abusing spoofed OAuth application identifiers, with distinct tooling, infrastructure, and execution patterns indicating independent adoption by multiple threat actors." READ MORE...

  • ...in 1789, French revolutionaries storm and dismantle the Bastille as a prelude to the French Revolution.
  • ...in 1912, American singer-songwriter Woody Guthrie ("This Land Is Your Land") is born in Okemah, OK.
  • ...in 1913, 38th President of the United States Gerald Ford is born in Omaha, NE.
  • ...in 1992, 386BSD (a free Unix-like operating system) is released, beginning the wave of open-source OSes that also brought Linux and its variants.