Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence. Nearly 60 of the bugs quashed in July's Patch Tuesday earned a "critical" severity rating. READ MORE...
LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review. LastPass emphasizes that its systems have not been compromised. READ MORE...
The pace of cybersecurity threats is overwhelming healthcare organizations and leaving them especially vulnerable to supply-chain compromises, the security firm Fortified Health Security said in a new mid-year report. Hospitals and other health providers addressed only 6% of risks in the first half of 2026, a dramatic decline from the 23% of risks they addressed in the first half of 2025. Fortified's new report highlights the biggest pain points for providers. READ MORE...
ClickFix has moved from a one-off social engineering trick into an industrialized attack ecosystem that is outpacing conventional antivirus and endpoint defenses, according to ReversingLabs. The technique first showed up in late 2023 and early 2024, and Proofpoint named it in mid-2024. The method skips exploits and vulnerabilities entirely. A fake webpage instructs a visitor to open the Windows Run dialog or macOS Terminal, paste a command, and press Enter. READ MORE...
An industry-wide standard Microsoft invented to protect Windows, and later Linux, devices from firmware infections has been trivial to bypass for 13 of its 14 years of existence. The discovery was made by researchers at security firm ESET after identifying 11 firmware images, at least one from 2013, that were known to be defective but remained signed by the software company anyway. The images are known as shims, which were invented to extend Secure Boot to Linux devices and utility software. READ MORE...
Industrial giants Siemens, Schneider Electric, and Rockwell Automation have published July 2026 Patch Tuesday advisories to inform customers about vulnerabilities found in their ICS products. Siemens published nine new advisories, including six that cover critical vulnerabilities (based on CVSS score). A CVSS score of 10 has been assigned to a token invalidation vulnerability in Opencenter X that allows an attacker to bypass authentication and gain full access to the application. READ MORE...
Microsoft is blocking this month's Windows 11 security updates on some Dell devices because they are causing shutdowns and performance issues. This known issue affects only Dell systems after installing the KB5101650 cumulative update released this Tuesday for Windows 11 25H2 and 24H2 devices. However, the root cause is a change introduced in the June 2026 KB5095093 preview cumulative update that causes a conflict between the new Windows USB-C Connection Manager and an Intel driver. READ MORE...
CrashStealer is a new macOS infostealer that masquerades as Apple's CrashReporter component, uses an Apple-notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES-encrypted bundles. Researchers have been following the development of CrashStealer since May 2026. READ MORE...
The technology keeping 6 GHz Wi-Fi from interfering with critical infrastructure has a number of security issues - and researchers are starting to sound the alarm. Researchers from Pennsylvania State University and Idaho National Laboratory will discuss their findings in a session called "Blind Trust in the 6 GHz Band: Weaponizing Wi-Fi Automated Frequency Coordination (AFC)" at Black Hat USA 2026. READ MORE...
Robots that read the world through cameras now lean on large vision-language models to interpret what they see and decide what to do next. These models handle images and text together, so any words that fall inside the camera frame become part of the input. A stop sign, a street name, a sticker on a wall. Researchers at Michigan Technological University have shown that this reading habit opens a door for attackers. READ MORE...
Microsoft's worst nightmare - a prolific zero-day vulnerability hunter who calls themselves Nightmare Eclipse - published yet another zero-day on Tuesday, a vulnerability allowing attackers to mount user hives, including partial exploit code. Suspected of being a disgruntled former Microsoft engineer, based on the sophistication of their prior vulnerabilities, NightmareEclipse came good on their promise to release another zero-day on July 14. READ MORE...
Google and Mozilla have released fresh Chrome 150 and Firefox 152 updates that resolve critical-severity vulnerabilities. Mozilla rolled out Firefox 152.0.6 with patches for two critical security defects, warning that exploit code has been published for both. The bugs are tracked as CVE-2026-15718 and CVE-2026-15719, and are described as an invalid pointer in the 'JavaScript: WebAssembly' component and a site isolation issue in the 'DOM: Navigation' component. READ MORE...