wp2shell Pre-Auth RCE in WordPress Core Forces Emergency Updates; CISA Adds Fortinet FortiSandbox Command Injection and SharePoint Deserialization Flaws to KEV

This brief covers the trailing ~48 hours (July 16–18, 2026). Every item below was verified against its primary source — vendor advisory, researcher writeup, or CISA KEV entry — before inclusion.

wp2shell: pre-authentication RCE in WordPress core, emergency releases 6.9.5 and 7.0.2 pushed as forced updates

Searchlight Cyber / WordPress.org · July 17, 2026

Searchlight Cyber’s Assetnote research team (Adam Kues) disclosed wp2shell, a pre-authentication remote code execution flaw in WordPress core that chains a REST API batch-route confusion with SQL injection — a default install with zero plugins is exploitable by an anonymous HTTP request. Affected versions are 6.9.0–6.9.4 and 7.0.0–7.0.1; WordPress shipped 6.9.5 and 7.0.2 on July 17 and enabled forced automatic updates, while 6.8.6 backports a fix for the SQL injection component on the 6.8 branch. No CVE ID or CVSS score had been assigned at publication, technical details are being withheld, and no in-the-wild exploitation had been reported as of July 18. If you cannot update immediately, block both /wp-json/batch/v1 and ?rest_route=/batch/v1 at the WAF or disable anonymous REST access.

“The attack has no preconditions and can be exploited by an anonymous user in a stock install of WordPress with no plugins.” — Searchlight Cyber security advisory

Source: Searchlight Cyber advisory · WordPress 7.0.2 release post · The Hacker News

CISA adds two actively exploited Fortinet FortiSandbox command injection flaws to KEV

CISA · July 16, 2026

CISA added CVE-2026-25089 (CVSS 9.8) and CVE-2026-39808, both OS command injection vulnerabilities in Fortinet FortiSandbox, to the Known Exploited Vulnerabilities catalog on evidence of active exploitation. CVE-2026-25089 allows a remote, unauthenticated attacker to execute arbitrary commands via specially crafted HTTP requests. Fortinet published fixes in its June advisories, so patches are available; federal agencies are on a short remediation clock under BOD 22-01.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” — CISA, KEV catalog alert

Source: CISA alert · SecurityWeek

SharePoint deserialization RCE CVE-2026-58644 lands in KEV two days after Patch Tuesday

CISA / Microsoft · July 16, 2026

CVE-2026-58644 (CVSS 9.8), a critical deserialization-of-untrusted-data vulnerability in Microsoft SharePoint Server that allows an unauthorized attacker to execute arbitrary code, was added to the KEV catalog in the same July 16 update. Microsoft patched it in the July 14 Patch Tuesday release and had initially flagged it only as an attractive target with no known exploitation — the KEV addition confirms exploitation evidence emerged within roughly 48 hours of the patch. Federal agencies have until July 19 to remediate. This lands on top of an already rough month for on-prem SharePoint: CISA is separately tracking active exploitation of CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, with Shadowserver counting roughly 10,000 internet-exposed SharePoint servers.

Source: CISA alert · BleepingComputer

Still developing

SonicWall SMA1000 zero-days under active exploitationSonicWall / Rapid7 · July 14, 2026. SonicWall confirmed two zero-days in SMA1000-series secure remote-access appliances: CVE-2026-15409 (CVSS 10.0), an SSRF in the Work Place interface, and CVE-2026-15410 (CVSS 7.2), a post-authentication code injection in the Appliance Management Console. Rapid7 has observed targeted zero-day exploitation of internet-facing appliances since at least late June. Patches are available. Source: BleepingComputer · The Hacker News

Microsoft’s record July Patch Tuesday: 570+ fixes, two exploited zero-daysMicrosoft · July 14, 2026. The July update fixed CVE-2026-56155, an actively exploited AD FS elevation-of-privilege flaw, and CVE-2026-56164, an actively exploited SharePoint Server elevation-of-privilege flaw that CISA added to KEV the same day with a July 17 federal deadline. Source: BleepingComputer · CISA alert

LegacyHive Windows zero-day PoC published, no patch availableJuly 15, 2026. A researcher going by “Nightmare Eclipse” released a proof-of-concept exploit abusing the Windows User Profile Service for local privilege escalation to admin-level access, hours after Patch Tuesday. It affects supported Windows desktop and Server versions including fully patched systems, and has no CVE ID yet. Source: BleepingComputer


This brief covers the trailing ~48 hours (July 16–18, 2026).
Primary sources: Searchlight Cyber — wp2shell advisory · WordPress.org — 7.0.2 release · CISA — July 16 KEV additions · CISA — July 14 KEV additions · CISA KEV catalog

Moonshot’s Kimi K3 Becomes the Largest Open Model, Thinking Machines Debuts Inkling, and OpenAI Details GPT-Red Adversarial Safety Training

This brief covers the trailing ~72 hours (July 15–18, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a heavyweight stretch for open-weight models: Moonshot shipped the largest open model ever announced, and Mira Murati’s Thinking Machines Lab released its first model, while OpenAI published three posts spanning safety research, teen policy, and AI economics, and Google DeepMind and Isomorphic Labs laid out a joint biosecurity strategy.

Moonshot AI launches Kimi K3, a 2.8-trillion-parameter model it calls the first open 3T-class model

Moonshot AI · July 16, 2026

Moonshot introduced Kimi K3, a 2.8T-parameter Mixture-of-Experts model (16 of 896 experts active) built on its Kimi Delta Attention and Attention Residuals architectures, with native vision and a 1-million-token context window. Moonshot says K3 trails only Claude Fable 5 and GPT-5.6 Sol overall while consistently outperforming other tested models, and it is priced at $3/$15 per million tokens — the most expensive Chinese-lab model to date. K3 is live on Kimi.com, Kimi Work, Kimi Code, and the Kimi API, with full open weights promised by July 27, 2026.

“Today, we are introducing Kimi K3 — our most capable model. Kimi K3 is a 2.8T-parameter model built on our Kimi Delta Attention and Attention Residuals, with native vision capabilities and a 1-million-token context window. It is the world’s first open 3T-class model.” — Moonshot AI

Source: Kimi K3: Open Frontier Intelligence

Thinking Machines Lab releases Inkling, its first open-weights model

Thinking Machines Lab · July 15, 2026

Mira Murati’s Thinking Machines Lab released Inkling, a 975B-parameter Mixture-of-Experts model (41B active) trained from scratch on 45 trillion tokens of text, images, audio, and video, with a 1M-token context window and controllable thinking effort. The lab positions Inkling not as a benchmark leader but as a broad, balanced base for customization via its Tinker fine-tuning platform, and it trained the model specifically for calibration, instruction following, and resistance to censorship. Full weights are on Hugging Face, and a lighter Inkling-Small (12B active) is previewed.

“Inkling is not the strongest overall model available today, open or closed. Instead, a combination of qualities makes it a good open-weights base for customization: multimodal capabilities, efficient thinking, and availability on Tinker for fine-tuning.” — Thinking Machines Lab

Source: Inkling: Our open-weights model

OpenAI reveals GPT-Red, an internal red-teaming model trained via self-play to harden GPT-5.6

OpenAI · July 15, 2026

OpenAI detailed GPT-Red, an internal-only automated red-teaming model trained with self-play reinforcement learning at the compute scale of some of its largest post-training runs. GPT-Red found successful prompt-injection attacks in 84% of held-out scenarios versus 13% for human red-teamers, and even broke a live Andon Labs vending-machine agent in OpenAI’s office. Used adversarially during GPT-5.6’s training, it helped drive the model’s failure rate on GPT-Red’s direct prompt injections down to 0.05%, with a pre-print promised the following week.

“We believe automated red-teaming unlocks a crucial form of self-improvement for safety: using today’s models to directly help make future models safer.” — OpenAI

Source: GPT-Red: Unlocking Self-Improvement for Robustness

Google DeepMind and Isomorphic Labs publish a joint approach to bioresilience

Google DeepMind · July 16, 2026

Google DeepMind and Isomorphic Labs published a joint bioresilience framework organized around prevention, detection, and response: adapting SynthID watermarking to biological sequences for DNA-synthesis screening, using AlphaEvolve to cut the cost of metagenomic pathogen surveillance, and granting trusted researchers access to frontier systems to accelerate vaccine and countermeasure design. Isomorphic Labs has stood up a dedicated unit to rapidly deploy its Drug Design Engine during novel outbreaks, and the pair report more than 15 partnerships with governments and biosecurity organizations over the past 12 months.

“Our work is twofold – to prevent threat actors from misusing our models, and to ensure that governments, scientists, biosecurity experts and our teams can harness these technologies to build a more resilient world.” — Google DeepMind and Isomorphic Labs

Source: Our approach to bioresilience

OpenAI argues teens deserve access to safe AI, expands Study Mode parental controls

OpenAI · July 16, 2026

OpenAI published its case for teen access to AI paired with age-appropriate protections, citing that nearly 9 in 10 teens on ChatGPT use it weekly for learning or productivity. New measures include letting parents enable Study Mode by default from Parental Controls, education-focused starter prompts, more frequent break reminders for teens, and expanded parent notifications — now covering account deactivations for violent-threat policy violations, developed with violence-prevention firm Moonshot (unrelated to Moonshot AI). OpenAI also announced it has joined the Family Online Safety Institute.

“Keeping teens from using it until adulthood would be like asking a previous generation to avoid the internet or search engines until they turned 18, leaving them less prepared to use one of the defining technologies of their time.” — OpenAI

Source: Why teens deserve access to safe AI

OpenAI CFO Sarah Friar proposes a four-part “scorecard for the AI age”

OpenAI · July 17, 2026

In a follow-up to last week’s enterprise spend playbook, OpenAI CFO Sarah Friar proposed measuring AI ROI as “Useful Intelligence per Dollar” across four questions: how much useful work gets done, what a successful task costs, how dependable the results are, and whether each AI dollar buys more work at scale. The post frames GPT-5.6’s three tiers (Sol, Terra, Luna) as levers in that equation and claims GPT-5.6 Sol set a new state of the art on the Artificial Analysis Coding Agent Index while using 54% fewer output tokens than another leading model.

“The ultimate scorecard for the age of AI could be looked at as ‘Useful Intelligence per Dollar.’” — Sarah Friar, CFO, OpenAI

Source: A scorecard for the AI age


This brief covers the trailing ~72 hours (July 15–18, 2026).

Primary sources:

Record Microsoft Patch Tuesday With Two Exploited Zero-Days, SonicWall SMA1000 Under Active Attack, and AsyncAPI npm Supply-Chain Compromise

This brief covers cyber security developments from the trailing ~48 hours (July 14–16, 2026). Every item below was verified against its primary source — vendor advisory, CISA KEV entry, or original researcher publication — and dated within the window.

Microsoft’s record 570-flaw Patch Tuesday fixes two actively exploited zero-days in AD FS and SharePoint

Microsoft MSRC / Zero Day Initiative · July 14, 2026

Microsoft’s July 2026 Patch Tuesday shipped fixes for a record 570 vulnerabilities, including 59 rated Critical and two zero-days under active exploitation: CVE-2026-56155 (CVSS 7.8), an elevation-of-privilege flaw in Active Directory Federation Services stemming from insufficient access-control granularity, and CVE-2026-56164 (CVSS 5.3), an unauthenticated, network-reachable elevation-of-privilege bug in Microsoft SharePoint Server credited to Mandiant and Google Cloud researchers. Both were added to CISA’s KEV catalog on July 14, and CISA issued a companion alert urging SharePoint hardening. A third zero-day, the publicly disclosed BitLocker security-feature bypass CVE-2026-50661 (CVSS 6.1), was also patched but is not known to be exploited.

“It’s a missing-authentication flaw, meaning an unauthenticated attacker can hit it over the network with no user interaction required. When something this reachable is being actively abused, patch it now and worry about the score later.” — Trend Micro Zero Day Initiative, on CVE-2026-56164

Source: Microsoft MSRC (CVE-2026-56155) · Microsoft MSRC (CVE-2026-56164) · ZDI July 2026 review · BleepingComputer

SonicWall SMA1000 zero-days exploited in the wild — CVSS 10.0 SSRF plus admin-console code injection

SonicWall PSIRT · July 14, 2026

SonicWall confirmed active zero-day exploitation of two SMA1000 appliance vulnerabilities: CVE-2026-15409 (CVSS 10.0), an unauthenticated server-side request forgery in the Work Place interface, and CVE-2026-15410 (CVSS 7.2), a post-authentication OS command injection in the Appliance Management Console. Affected models 6210, 7210, and 8200v are fixed in platform-hotfix versions 12.4.3-03453 and 12.5.0-02835; SonicWall says there are no workarounds other than patching and published IOCs including rogue /__api__/login routes. CISA added both CVEs to the KEV catalog on July 14 with a federal remediation deadline of July 17.

“SonicWall PSIRT has investigated multiple cases indicating the active exploitation of the vulnerabilities described in this advisory.” — SonicWall advisory SNWLID-2026-0008

Source: SonicWall PSIRT SNWLID-2026-0008 · CISA KEV alert · BleepingComputer

AsyncAPI npm packages with 3M+ weekly downloads compromised via stolen GitHub Actions token

Datadog Security Labs · July 14, 2026

Four packages in the @asyncapi npm namespace — @asyncapi/generator 3.3.1, generator-components 0.7.1, generator-helpers 1.1.1, and specs 6.11.2/6.11.2-alpha.1 — were published with malicious code after an attacker exploited a misconfigured GitHub Actions workflow to steal a privileged bot personal access token. The implant chains a first-stage downloader to an IPFS-hosted second stage and a modular framework that steals browser credentials, SSH keys, npm/GitHub tokens, AWS credentials, and crypto wallets, with command-and-control over HTTP, Nostr relays, Ethereum smart contracts, and a libp2p mesh. Affected versions have been removed; teams should audit lockfiles and rotate any credentials present on machines that installed them.

“A commit to the AsyncAPI generator GitHub repository injected obfuscated JavaScript into four npm packages with a combined weekly download volume of over 3 million.” — Datadog Security Labs

Source: Datadog Security Labs · The Hacker News

CISA adds actively exploited Oracle E-Business Suite takeover flaw to KEV

CISA · July 15, 2026

CISA added CVE-2026-46817 (CVSS 9.8), an improper privilege management flaw in the Oracle Payments component of Oracle E-Business Suite versions 12.2.3–12.2.15, to the Known Exploited Vulnerabilities catalog with a federal remediation deadline of July 18. The bug allows an unauthenticated attacker with HTTP access to fully take over Oracle Payments; in-the-wild exploitation was observed before any public proof-of-concept existed. Oracle patched the flaw in last month’s Critical Patch Update — organizations should confirm the CPU is applied and check whether EBS instances are internet-exposed. The same KEV update also added CVE-2023-4346, a KNX protocol authorization weakness affecting building-automation deployments.

Source: CISA KEV alert · SecurityWeek · BleepingComputer

Progress confirms zero-day path traversal behind emergency ShareFile Storage Zone shutdown, ships patches

Progress Software · July 14, 2026

Progress confirmed that last week’s emergency shutdown of ShareFile Storage Zone Controllers was driven by a high-severity path traversal vulnerability affecting all 5.x and 6.x versions, disclosed to the company via a “credible external security threat” warning. An authenticated administrator can read arbitrary files accessible to the service account, write attacker-controlled content to arbitrary directories, or enumerate the filesystem. Fixed versions 5.12.5 and 6.0.2 are available now; a reserved CVE will be published in about two weeks. Progress says it has found no evidence of customer compromise.

“Currently, we have no indication of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat.” — Progress Software

Source: Progress ShareFile downloads/advisory · BleepingComputer


This brief covers the trailing ~48 hours (July 14–16, 2026).
Primary sources: CISA KEV alert (July 14) · CISA KEV alert (July 15) · CISA SharePoint hardening alert · Microsoft MSRC · SonicWall PSIRT · Datadog Security Labs · Zero Day Initiative

Anthropic Launches Claude for Teachers and a $10M Canadian Research Commitment, While OpenAI Publishes an Agentic-Era Spend Playbook

This brief covers the trailing ~72 hours (July 12–15, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. After one of the busiest weeks in recent memory (GPT-5.6, ChatGPT Work, Muse Spark 1.1, and Grok 4.5 all landed July 8–9), this window was notably quiet: the verified news is concentrated on a single day, July 14, led by two Anthropic announcements.

Anthropic launches Claude for Teachers, free for verified US K-12 educators

Anthropic · July 14, 2026

Anthropic introduced Claude for Teachers, giving verified US K-12 educators free access to premium Claude capabilities, a library of teaching skills grounded in learning science, and connections to evidence-based curricula mapped to academic standards in all 50 states via Learning Commons. The product connects to an ecosystem of K-12 tools (ASSISTments, Brisk Teaching, Canva Education, MagicSchool, and others), includes Claude Code and Cowork for tasks like analyzing class data and scheduling recurring work, and ships with K-12-specific privacy terms written to comply with FERPA — teacher data is not used for model training. Anthropic will pilot an evaluation in the Detroit Public Schools Community District, is open-sourcing the teaching skills, and is working with the American Federation of Teachers on privacy standards. Educators who sign up by June 30, 2027 get a full year of free access.

“We’re introducing Claude for Teachers, providing verified K-12 educators in the US free access to premium Claude capabilities, a library of teaching skills, and a direct connection to evidence-based curricula, mapped to academic standards in all 50 states.” — Anthropic

Source: Introducing Claude for Teachers

Anthropic commits $10 million CAD to Canadian AI research

Anthropic · July 14, 2026

Anthropic announced a $10 million CAD commitment to Canadian research institutions, with partnerships spanning the country’s three regional AI institutes — Amii (Edmonton), Mila (Montréal), and the Vector Institute (Toronto) — plus CHEO, CAMH, Université Laval, the University of Toronto, and the University of Saskatchewan. The funding targets beneficial and responsible AI applications from reinforcement learning and AI safety to children’s health and low-resource languages like Quebec French and Indigenous languages. Anthropic also published its first Canadian country brief from the Anthropic Economic Index, finding Canada ranks eighth worldwide in Claude.ai use and second in per-capita adoption among the top ten countries.

“Some of the foundations of modern AI came out of Toronto, Montréal, and Edmonton— and so, strikingly, did many of the researchers most committed to making it safe. I was formed by that culture, and I’m proud Anthropic can support the next chapter.” — Chris Olah, Co-Founder, Anthropic

Source: Anthropic commits $10 million to Canadian AI research

OpenAI publishes an enterprise playbook for managing AI spend in the agentic era

OpenAI · July 14, 2026

Following last week’s GPT-5.6 and ChatGPT Work launches, OpenAI published guidance for enterprise leaders on managing AI investments as agents take on longer-running work. The five-step framework centers on measuring “useful work per dollar” rather than token price, tracking cost per accepted outcome, and governing agentic workflows before they scale. The post also highlights updated usage analytics and spend controls in the ChatGPT Admin Console — adoption, credit usage, and spend broken down by user, product, and model — and notes that token prices fell 97% from GPT-4 to GPT-5.4, with GPT-5.6 completing coding-agent tasks with 54% fewer output tokens.

“But token price alone does not show whether AI is creating value. Leaders should look at useful work per dollar: tasks completed, time saved, decisions improved, and workflows ready to scale.” — OpenAI

Source: How to manage AI investments in the agentic era


This brief covers the trailing ~72 hours (July 12–15, 2026).

Primary sources:

Deep Dive: Microsoft’s Record-Shattering July 2026 Patch Tuesday — 622 Patches, Three Zero-Days, and the Top 10 Fixes That Matter

The headline: 622 vulnerabilities, triple the old record

Microsoft MSRC · July 14, 2026

Microsoft’s July 2026 Patch Tuesday addresses 622 vulnerabilities by the Security Update Guide’s own count — more than triple June’s previous all-time record of roughly 200. The batch includes 416 flaws in Windows (itself a record), 82 in Office, 46 in Edge, 27 in developer tools, and 17 in SharePoint Server. Roughly one in ten — about 60, depending on whose tally you use — are rated Critical, with 48 of those enabling remote code execution. Twenty-six vulnerabilities carry a CVSS base score above 9.0, and 13 sit at 9.8.

“The mother of all releases.” — Dustin Childs, head of threat awareness, Trend Micro Zero Day Initiative

A note on counting: totals vary by methodology. Microsoft’s Security Update Guide says 622; ZDI independently counts 621 (63 Critical); Tenable counts 569 unique CVEs; BleepingComputer counts 570 by excluding fixes shipped earlier in the month and the 468 Edge/Chromium flaws Google patched upstream. By every method, this is the largest Patch Tuesday ever, and the year-to-date CVE count already exceeds every prior full year.

Source: Microsoft Security Update Guide · ZDI July 2026 review, CyberScoop, Dark Reading

Why the explosion? AI found the bugs — and AI will exploit them

Microsoft / industry analysis · July 9–14, 2026

This wasn’t a surprise. On July 9, Windows executive VP Pavan Davuluri warned customers to expect a higher volume of security updates per release as Microsoft applies its multi-model agentic scanning harness (MDASH) across the Windows codebase — the same AI pipeline that independently found 16 significant vulnerabilities in a prior release. Tenable’s Satnam Narang projects Microsoft could exceed 2,000–3,000 CVEs this calendar year, while stressing that the volume reflects how good AI tooling has become at finding bugs, not necessarily how many pose real-world risk.

The same automation cuts the other way: attackers can diff patches against previous builds and produce working exploits within hours, not weeks. Microsoft has correspondingly tightened its deployment guidance, now recommending organizations defer Windows quality updates by no more than three days, with update deadlines of zero or one day. The traditional “wait and soak” patch cycle is effectively dead; several research teams declared today the start of the continuous-patching era.

One structural change worth noting for anyone who tracks these releases: the Security Update Guide no longer enumerates each vulnerability individually. It now presents a summary table of counts by product family plus a slim “Notable CVEs” section — a format change Rapid7 flagged as a real reduction in day-one, product-by-product detail.

Source: SecurityWeek, CyberScoop, Rapid7, PCWorld

The Top 10 patches — what they are and why they matter

Ranked by real-world urgency: exploited zero-days first, then public disclosures, then the highest-impact criticals.

1. CVE-2026-56155 — Active Directory Federation Services elevation of privilege (exploited zero-day)

CVSSv3 7.8 · Important · Exploited in the wild. Insufficient granularity of access control in AD FS lets an authenticated attacker elevate to administrator locally. Discovery is credited to Microsoft’s own DART incident-response team — a strong signal it surfaced during a live intrusion investigation. AD FS signs the authentication tokens the rest of your estate trusts, so a “local” privilege bug on that box is worth far more to an attacker than the label suggests. CISA has added it to the KEV catalog with a federal remediation deadline of July 28. Patch AD FS servers first, and don’t expose them to the internet.

2. CVE-2026-56164 — SharePoint Server elevation of privilege (exploited zero-day)

CVSSv3 5.3 · Exploited in the wild. Missing authentication for a critical function allows an unauthenticated attacker to elevate privileges over the network against SharePoint Server 2016, 2019, and Subscription Edition, with low attack complexity and repeatable success. The modest score is misleading — this is the month’s clearest example of why you can’t sort by CVSS alone. Credits include Mandiant Incident Response and Google Cloud researchers, another indicator of active-incident origins a year after the ToolShell wave hammered on-prem SharePoint. CISA’s KEV deadline for federal agencies is July 17 — three days. Enabling AMSI with Full request-body scanning provides interim mitigation.

3. CVE-2026-50661 — Windows BitLocker security feature bypass (publicly disclosed)

CVSSv3 6.1 · Important · Public before patch. An attacker with physical access can bypass BitLocker Device Encryption and read encrypted data. Microsoft credits “Anonymous,” but researchers widely believe this patches GreatXML, the zero-day dropped by the pseudonymous researcher Nightmare Eclipse (a.k.a. Chaotic Eclipse) the day after June’s Patch Tuesday. It’s the third physical-access BitLocker bypass patched in two months. Exploit code is public, so treat disclosure as a countdown clock: prioritize laptop fleets and traveling hardware, and use TPM+PIN preboot authentication where the data warrants it.

4. CVE-2026-57092 — Windows VMSwitch guest-to-host escape

CVSS 9.9 · Critical. The highest-scored bug of the month: a flaw in the Hyper-V virtual switch that lets an attacker escape a VM boundary and compromise the host. One compromised guest becomes every workload on the hypervisor, which is why virtualization hosts should be patched ahead of the guests they carry. Several related Critical Hyper-V escalations shipped alongside it.

5. CVE-2026-55040 — SharePoint JWT authentication bypass (half of an unauthenticated RCE chain)

CVSS disputed: 5.3 (Rapid7/Microsoft “Important”) vs. 9.1 (ZDI “Critical”). Discovered by Rapid7’s Stephen Fewer for Pwn2Own Berlin, this JWT authentication bypass chains with a second, still-embargoed RCE bug to achieve unauthenticated remote code execution against SharePoint. The RCE half isn’t scheduled for a patch until August — meaning this month’s bypass fix is what breaks the chain. Patch it in the same pass as the SharePoint zero-day above. Also relevant: SharePoint 2016 and 2019 just exited extended support, so Subscription Edition is now the only fully supported self-hosted option.

6. CVE-2026-58644 & CVE-2026-50522 — SharePoint Server deserialization RCE pair

CVSS 9.8 · Critical. Two deserialization-of-untrusted-data flaws allowing unauthenticated remote code execution over the network. Combined with the two entries above, SharePoint accounts for 17 CVEs this month and is unmistakably the product family under the most attacker attention. If you run on-prem SharePoint, today is a drop-everything day.

7. CVE-2026-55944 — Dynamics NAV / Dynamics 365 Business Central RCE

CVSS 9.8 · Critical · “Exploitation More Likely.” A crafted login request triggers deserialization of untrusted data on an affected Dynamics NAV or Business Central server — no authentication, no user interaction. It’s the same bug class as the SharePoint pair but easy to overlook because it lives in the ERP stack rather than the collaboration stack. Finance-adjacent systems make attractive targets; don’t let this one slide to next cycle.

8. CVE-2026-56188 — Windows Server Network driver race condition (wormable)

CVSS 9.8 · Critical · “Exploitation More Likely.” A race condition in the Windows Server Network driver allows an unauthenticated attacker to execute code over the network — the profile that earns the “wormable” label. Unauthenticated, network-reachable, no interaction: this is the class of bug that historically powers self-propagating attacks once an exploit lands.

9. The DHCP cluster — CVE-2026-50518, CVE-2026-50370, CVE-2026-54128 and friends

Up to CVSS 9.8 · five RCEs across DHCP Server and Client. Nine DHCP-related CVEs shipped this month, five rated Critical and three assessed “Exploitation More Likely.” The standouts are heap-based buffer overflows in DHCP Server exploitable over the network (CVE-2026-50518) and an adjacent network (CVE-2026-50370), plus a use-after-free in the DHCP Client (CVE-2026-54128). DHCP is on by default in essentially every Windows environment and rarely thought about — exactly the kind of ambient attack surface a cluster like this turns dangerous.

10. CVE-2026-48561 — Microsoft Copilot remote code execution

CVSS 9.6 · Critical. A command injection flaw lets an unauthenticated attacker execute arbitrary code over the network through Microsoft Copilot. Beyond the score, it’s emblematic of the month’s most important trend: AI-assistant attack surface is now a fixture of every Patch Tuesday, with additional entries this month in GitHub Copilot, Visual Studio/VS Code Copilot integrations, and a vaguely described Outlook Copilot tampering issue.

Honorable mentions

Beyond the top ten: CVE-2026-55008, an Exchange Server spoofing flaw (CVSS 9.6) flagged “more likely” to be exploited; two Microsoft Defender RCEs (CVE-2026-55011, CVE-2026-55012) delivered via engine updates; a trio of 9.8s in Remote Desktop Client (CVE-2026-54990), Windows FTP Service (CVE-2026-49172), and MSMQ (CVE-2026-50447); an unusual 21-bug cluster across NTFS and ReFS filesystem drivers suggesting a shared root cause; and — proof that AI scanning sweeps the whole portfolio — Critical RCEs in Minecraft Bedrock Dedicated Server (CVE-2026-55010) and a code-execution flaw in Age of Empires II: Definitive Edition (CVE-2026-50663). This release also permanently removes the Kerberos RC4 rollback switch (RC4DefaultDisablementPhase), completing Microsoft’s multi-year RC4 deprecation — audit any lingering RC4-dependent service accounts before deploying.

Bottom line

Patch in this order: the two exploited zero-days (AD FS and SharePoint — CISA deadlines are July 17 and July 28 for federal agencies, and those are sane targets for everyone else), then the publicly disclosed BitLocker bypass on mobile hardware, then internet-facing and identity infrastructure, then virtualization hosts, then the 9.8-class network RCEs. Volume is the story of 2026, but triage discipline — KEV first, EPSS and exposure over raw CVSS — is the defense. June’s record lasted exactly one month; there’s no reason to believe July’s will fare better.


Coverage window: July 14, 2026 (Patch Tuesday release day).
Primary sources: Microsoft Security Update Guide · Zero Day Initiative July 2026 review · Tenable · Rapid7 · Cisco Talos · Qualys · Dark Reading · SecurityWeek · CyberScoop

Record Microsoft Patch Tuesday With Two Exploited Zero-Days, SAP NetWeaver 9.9 Memory Corruption, and Jscrambler npm Supply-Chain Attack

This brief covers the trailing ~48 hours (July 12–14, 2026). Every item below was verified against its primary source — vendor advisories, CISA, and the original researchers — before inclusion.

Microsoft’s record July Patch Tuesday fixes 570 flaws, including two actively exploited zero-days

Microsoft MSRC · July 14, 2026

Microsoft’s July 2026 Patch Tuesday is its largest ever, addressing roughly 570 vulnerabilities (59 rated Critical), including two zero-days exploited in the wild: CVE-2026-56155, an Active Directory Federation Services elevation-of-privilege flaw (CVSSv3 7.8) credited to Microsoft’s DART incident-response team, and CVE-2026-56164, a SharePoint Server elevation-of-privilege flaw (CVSSv3 5.3) affecting SharePoint 2016, 2019, and Subscription Edition, credited in part to Mandiant and Google Cloud researchers. A third zero-day, the publicly disclosed BitLocker bypass CVE-2026-50661, was also patched. All are fixed as of today; none appeared in CISA’s KEV catalog at publication time. Microsoft notes that enabling AMSI with Full request-body scanning mitigates the SharePoint flaw.

“Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.” — Microsoft advisory for CVE-2026-56155

Source: MSRC CVE-2026-56155, MSRC CVE-2026-56164 · BleepingComputer, Tenable

SAP patches CVSS 9.9 NetWeaver ABAP memory corruption on July Patch Day

SAP · July 14, 2026

SAP’s July 2026 Security Patch Day delivers 20 new and updated security notes, led by CVE-2026-44747 (CVSS 9.9), a memory corruption bug in NetWeaver Application Server ABAP that can expose data and cause system unavailability; disabling affected ICF nodes in transaction SICF is a temporary workaround. Also fixed are CVE-2026-27690 (CVSS 9.1), an unauthenticated HTTP request-smuggling flaw in Approuter in non–Cloud Foundry deployments, and CVE-2026-44761 (CVSS 9.1), hardcoded sample OAuth2 credentials in Commerce Cloud that allow unauthenticated data access if sample scripts were retained in production. Patches are available; no exploitation has been reported.

“The vulnerability affects SAP Approuter deployments in non-Cloud Foundry environments and allows an unauthenticated attacker to send a specially crafted HTTP request that leads to request-response desynchronization.” — Onapsis

Source: SAP Security Patch Day – July 2026, Onapsis · SecurityWeek

Jscrambler npm packages backdoored with cross-platform credential stealer

Jscrambler / Socket · July 13–14, 2026

A threat actor used a compromised npm publishing credential to push malicious versions (8.16–8.20) of Jscrambler’s npm package starting July 11; the first clean version is 8.22. The poisoned versions — downloaded 1,479 times before removal — used a preinstall hook to drop Rust-based infostealer binaries for Linux, macOS, and Windows that harvest developer credentials, cloud secrets, cryptocurrency wallets, AI coding-assistant and MCP server configurations, and browser data, exfiltrating over TLS. Dependent packages including jscrambler-webpack-plugin, gulp-jscrambler, grunt-jscrambler, and jscrambler-metro-plugin were also affected. Users should remove affected versions, scan for malware, and rotate all credentials and API keys.

“Our investigation indicates that the attacker was able to publish the package using an NPM publishing credential. We have revoked and rotated all relevant credentials, passwords, and secrets, and have implemented additional security controls around our publishing process while the investigation continues.” — Jscrambler security advisory

Source: Jscrambler advisory, Socket · SecurityWeek

CISA adds 18-year-old Cisco IOS CSRF flaw to KEV catalog

CISA · July 13, 2026

CISA added CVE-2008-4128 to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation. The 2008-era flaw comprises cross-site request forgery weaknesses in the HTTP administration interface of Cisco IOS 12.4 on Cisco 871 Integrated Services Routers, letting attackers trick authenticated admins into executing arbitrary commands. Under BOD 26-04, federal civilian agencies must remediate by July 16, 2026 — a reminder that long-lived admin interfaces on aging network gear remain an active attack surface.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.” — CISA alert, July 13, 2026

Source: CISA alert, KEV catalog · SC Media

Still developing

Adobe / CISA · July 7–8, 2026 — Maximum-severity ColdFusion flaw CVE-2026-48282 (ColdFusion 2025.9, 2023.20 and earlier; unauthenticated remote code execution) was exploited within hours of Adobe’s patch release and added to CISA’s KEV catalog on July 7 with a three-day federal remediation deadline. Shadowserver tracks nearly 800 ColdFusion instances still exposed online. Source: CISA alert · BleepingComputer

AssuranceAmerica · July 9, 2026 — The U.S. auto insurer disclosed a breach affecting 6,998,886 people after attackers compromised an employee’s credentials in March and copied files containing names, contact details, policy and claims data, and driver’s license numbers — the largest U.S. driver’s-license breach disclosed this year. Source: BleepingComputer


This brief covers the trailing ~48 hours (July 12–14, 2026).
Primary sources: Microsoft MSRC (CVE-2026-56155) · Microsoft MSRC (CVE-2026-56164) · SAP Security Patch Day July 2026 · Jscrambler security advisory · Socket research · CISA KEV alert (July 13) · CISA KEV catalog