<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/15/2026

SHARE

Top News

Krebs on Security: Microsoft Patches a Record 570 Security Flaws

Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July's Patch Tuesday earned a "critical" severity rating. READ MORE...

Hacking

LastPass, Bitwarden users targeted with fake security alerts

LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review. LastPass emphasizes that its systems have not been compromised. READ MORE...

Trends

Healthcare sector faces persistent supply-chain security, identity management challenges

The pace of cybersecurity threats is overwhelming healthcare organizations and leaving them especially vulnerable to supply-chain compromises, the security firm Fortified Health Security said in a new mid-year report. Hospitals and other health providers addressed only 6% of risks in the first half of 2026, a dramatic decline from the 23% of risks they addressed in the first half of 2025. Fortified's new report highlights the biggest pain points for providers. READ MORE...


ClickFix is changing the economics of social engineering

ClickFix has moved from a one-off social engineering trick into an industrialized attack ecosystem that is outpacing conventional antivirus and endpoint defenses, according to ReversingLabs. The technique first showed up in late 2023 and early 2024, and Proofpoint named it in mid-2024. The method skips exploits and vulnerabilities entirely. A fake webpage instructs a visitor to open the Windows Run dialog or macOS Terminal, paste a command, and press Enter. READ MORE...

Software Updates

Microsoft's Secure Boot has been broken for a decade and no one noticed until now

An industry-wide standard Microsoft invented to protect Windows, and later Linux, devices from firmware infections has been trivial to bypass for 13 of its 14 years of existence. The discovery was made by researchers at security firm ESET after identifying 11 firmware images, at least one from 2013, that were known to be defective but remained signed by the software company anyway. The images are known as shims, which were invented to extend Secure Boot to Linux devices and utility software. READ MORE...


ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell

Industrial giants Siemens, Schneider Electric, and Rockwell Automation have published July 2026 Patch Tuesday advisories to inform customers about vulnerabilities found in their ICS products. Siemens published nine new advisories, including six that cover critical vulnerabilities (based on CVSS score). A CVSS score of 10 has been assigned to a token invalidation vulnerability in Opencenter X that allows an attacker to bypass authentication and gain full access to the application. READ MORE...


Microsoft: Some Dell PCs shut down after recent Windows updates

Microsoft is blocking this month's Windows 11 security updates on some Dell devices because they are causing shutdowns and performance issues. This known issue affects only Dell systems after installing the KB5101650 cumulative update released this Tuesday for Windows 11 25H2 and 24H2 devices. However, the root cause is a change introduced in the June 2026 KB5095093 preview cumulative update that causes a conflict between the new Windows USB-C Connection Manager and an Intel driver. READ MORE...

Malware

This fake Apple app can unlock your Mac's password vault

CrashStealer is a new macOS infostealer that masquerades as Apple's CrashReporter component, uses an Apple-notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES-encrypted bundles. Researchers have been following the development of CrashStealer since May 2026. READ MORE...

Exploits/Vulnerabilities

6 GHz Wi-Fi Flaws Could Disrupt Critical Systems

The technology keeping 6 GHz Wi-Fi from interfering with critical infrastructure has a number of security issues - and researchers are starting to sound the alarm. Researchers from Pennsylvania State University and Idaho National Laboratory will discuss their findings in a session called "Blind Trust in the 6 GHz Band: Weaponizing Wi-Fi Automated Frequency Coordination (AFC)" at Black Hat USA 2026. READ MORE...


An AI overthinking attack can tie a robot up for over a minute

Robots that read the world through cameras now lean on large vision-language models to interpret what they see and decide what to do next. These models handle images and text together, so any words that fall inside the camera frame become part of the input. A stop sign, a street name, a sticker on a wall. Researchers at Michigan Technological University have shown that this reading habit opens a door for attackers. READ MORE...


LegacyHive: 'Bone-shattering' zero-day from Microsoft's serial tormentor not the haymaker that was promised

Microsoft's worst nightmare - a prolific zero-day vulnerability hunter who calls themselves Nightmare Eclipse - published yet another zero-day on Tuesday, a vulnerability allowing attackers to mount user hives, including partial exploit code. Suspected of being a disgruntled former Microsoft engineer, based on the sophistication of their prior vulnerabilities, NightmareEclipse came good on their promise to release another zero-day on July 14. READ MORE...


Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates

Google and Mozilla have released fresh Chrome 150 and Firefox 152 updates that resolve critical-severity vulnerabilities. Mozilla rolled out Firefox 152.0.6 with patches for two critical security defects, warning that exploit code has been published for both. The bugs are tracked as CVE-2026-15718 and CVE-2026-15719, and are described as an invalid pointer in the 'JavaScript: WebAssembly' component and a site isolation issue in the 'DOM: Navigation' component. READ MORE...

On This Date

  • ...in 1799, the Rosetta Stone is found in Egypt by French Army officer Pierre-Francois Bouchard.
  • ...in 1961, actor Forest Whitaker ("Bird", "The Last King of Scotland") is born in Longview, TX.
  • ...in 1967, film effects designer and "MythBusters" co-host Adam Savage is born in New York City.
  • ...in 2003, the Mozilla Foundation is established following the disbanding of its precursor company, Netscape.