Joomla Extension Flaws Hit CISA KEV, Progress Orders ShareFile Controllers Offline, and “Ill Bloom” Wallet Flaw Tops $5M in Theft

This brief covers notable cyber security developments from the trailing ~48 hours (July 10–12, 2026). Every item below was verified against its primary source — vendor advisory, CISA alert, or the original research — before inclusion.

CISA adds two actively exploited Joomla extension flaws to the KEV catalog

CISA · July 10, 2026

CISA added CVE-2026-48939 (iCagenda) and CVE-2026-56291 (Balbooa Forms) to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation. Both are unrestricted upload of file with dangerous type vulnerabilities in popular Joomla extensions — a bug class that typically leads to webshell deployment and full site takeover. CISA did not publish CVSS scores in the alert; under BOD 26-04, federal civilian agencies must prioritize rapid remediation of KEV-listed flaws on publicly exposed assets.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.” — CISA

Source: CISA alert · KEV catalog

Progress tells ShareFile customers to shut down Storage Zone Controllers over “credible external security threat”

Progress Software · July 10, 2026

Progress Software ordered every organization running an on-premises ShareFile Storage Zone Controller to immediately shut down the Windows server hosting it, citing a “credible external security threat.” There is no patch to apply instead; Progress has also temporarily disabled access to affected accounts and listed Storage Zone Controller customers as “not operational” on its status page. The company says it has no indication of unauthorized access to any ShareFile accounts or data, but has not disclosed the nature of the threat or a restart timeline. Cloud-only ShareFile accounts are not affected. The same component was exploited in the wild in 2023 (CVE-2023-24489) while the product belonged to Citrix.

Source: ShareFile status page · The Hacker News · BleepingComputer

Coinspect discloses “Ill Bloom” weak-randomness wallet flaw; more than $5M already drained

Coinspect · July 10, 2026

Security firm Coinspect disclosed Ill Bloom, a weak-randomness flaw in the recovery-phrase generation of certain software wallets — mostly older or lesser-known mobile apps, some dating to 2018 — that lets attackers derive private keys and is being actively exploited. Coinspect confirmed a coordinated sweep on May 27 that drained about $3.1 million from 431 wallets, with total outflows from exposed wallets now past $5 million across Bitcoin, Ethereum, Rootstock, Tron, and Polygon. Hardware wallets and most mainstream software wallets are not affected; Coinspect published a free address checker at illbloom.org and warns that matched wallets should be treated as compromised.

“If funds recently moved without your permission, this vulnerability may be why.” — Coinspect

Source: The Hacker News · Cointelegraph

PraisonAI RCE via unsandboxed LLM-generated code scores a perfect CVSS 10.0

CVE Program (VulnCheck) · July 11, 2026

CVE-2026-61447 (CVSS 4.0: 10.0) is a critical remote code execution flaw in the PraisonAI agent framework before version 1.6.78. The CodeAgent._execute_python() method runs Python code generated by the LLM with no AST validation, import restrictions, or sandboxing, so an unauthenticated attacker who can submit prompts can steer the model into producing arbitrary code that executes on the host and exfiltrates environment secrets. No in-the-wild exploitation has been confirmed and the fix is to upgrade to 1.6.78 or later. It is not in the KEV catalog.

PraisonAI “executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement.” — CVE-2026-61447 record

Source: GitHub security advisory · NVD · VulnCheck advisory

Still developing

Microsoft Defender “RoguePlanet” patched, then researcher reports new Defender bugs
Microsoft MSRC · July 9, 2026 (updated July 11)
Microsoft remediated CVE-2026-50656 (CVSS 7.8), the RoguePlanet privilege-escalation race condition in the Malware Protection Engine that could spawn a SYSTEM shell, in engine version 1.1.26060.3008 — no customer action required. The researcher who disclosed it (Chaotic Eclipse) has since reported that the accompanying hardening can leak 8 bytes of data and that Defender’s caching of oversized Zone.Identifier streams can be abused via a malicious SMB server to exhaust disk space on Windows 11 25H2 and Server 2025; Microsoft told The Hacker News it is “aware of this report and are investigating.”
Source: Microsoft MSRC · The Hacker News

Zimbra patches critical stored XSS in Classic Web Client reported by Google TAG
Zimbra · July 7, 2026
Zimbra released ZCS 10.1.19 to fix a critical stored cross-site scripting flaw in the Classic Web Client that lets specially crafted emails execute malicious scripts in a user’s session on open, exposing session data, account settings, and mailbox contents. No CVE ID or CVSS score has been published yet. The reporter — Google’s Threat Analysis Group — typically surfaces bugs used by state-backed actors, though exploitation has not been confirmed.
Source: Zimbra security advisories · BleepingComputer


This brief covers the trailing ~48 hours (July 10–12, 2026).
Primary sources: CISA KEV alert · ShareFile status · PraisonAI GHSA · NVD CVE-2026-61447 · MSRC CVE-2026-50656 · Zimbra advisories

OpenAI Launches GPT-5.6 and ChatGPT Work, Meta Ships Muse Spark 1.1, and Ben Bernanke Joins Anthropic’s Trust

This brief covers the trailing ~72 hours (July 9 – 12, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside (or, where noted, just before) the window. July 9 was one of the busiest single days in recent memory: OpenAI shipped a new flagship model family and a work agent, Meta released a major model upgrade with its first public API, and Anthropic made three announcements of its own.

OpenAI ships the GPT-5.6 family: Sol, Terra, and Luna reach general availability

OpenAI · July 9, 2026

OpenAI moved GPT-5.6 from limited preview to general availability across ChatGPT, Codex, and the API, in three tiers: flagship Sol ($5/$30 per 1M tokens), balanced Terra ($2.50/$15), and cost-efficient Luna ($1/$6). OpenAI claims a new high of 53.6 on Agents’ Last Exam and a state-of-the-art 80 on the Artificial Analysis Coding Agent Index, framing much of the release around performance per dollar against Anthropic’s Fable 5. The release also introduces an ultra setting that coordinates four parallel agents by default, Programmatic Tool Calling in the Responses API, and what OpenAI calls its most robust safeguards to date — cyber safeguards that block roughly ten times more potentially harmful activity than prior models, backed by ~700,000 A100e GPU hours of automated red teaming. The same day, Microsoft announced GPT-5.6 as the new preferred model in Microsoft 365 Copilot.

“GPT-5.6 Sol sets a new standard for both intelligence and efficiency, achieving state-of-the-art results across coding, knowledge work, cybersecurity, and science while outperforming previous and competing frontier models with fewer tokens and at lower estimated cost.” — OpenAI

Source: GPT-5.6: Frontier intelligence that scales with your ambition

OpenAI launches ChatGPT Work, merges the Codex app into a new desktop app, and begins sunsetting Atlas

OpenAI · July 9, 2026

Alongside GPT-5.6, OpenAI introduced ChatGPT Work, an agent that pulls context from connected apps (via a new unified “plugins” directory), runs multi-hour projects independently, and produces slides, sheets, docs, and shareable “Sites.” The Codex desktop app is merging into a new ChatGPT desktop app with a built-in browser and computer use; the old desktop app becomes ChatGPT Classic. Notably, OpenAI also said it will begin sunsetting the standalone Atlas browser in favor of a ChatGPT sidebar in Chrome. Rollout starts with Pro, Enterprise, and Edu plans, expanding to Plus and Business over the following days.

“Introducing ChatGPT Work, an agent in ChatGPT that helps you take on more ambitious tasks. It can gather information across your apps and workflows to create finished materials like sheets, slides, docs, and web apps, and stay with complex projects for hours by breaking them into smaller steps and completing them independently.” — OpenAI

Source: ChatGPT is now a partner for your most ambitious work

Meta releases Muse Spark 1.1 and opens the Meta Model API to developers

Meta Superintelligence Labs · July 9, 2026

Meta Superintelligence Labs shipped Muse Spark 1.1, a multimodal reasoning model built for agentic tasks with a 1M-token context window, improved computer use, and multi-agent orchestration (it can act as either the main agent or a subagent). The bigger structural news: for the first time, developers can access a Muse model directly through the new Meta Model API, now in public preview, with early endorsements from Replit, Cline, and Box. The model is live in “Thinking” mode in the Meta AI app and on meta.ai.

“Today, we’re excited to introduce Muse Spark 1.1, the latest model from Meta Superintelligence Labs and a significant upgrade from Muse Spark. Muse Spark 1.1 is a multimodal reasoning model built for agentic tasks, with major gains in tool and computer use, coding, and multimodal understanding.” — Meta Superintelligence Labs

Source: Introducing Muse Spark 1.1

Anthropic launches a “reflection dashboard” for Claude usage, in beta

Anthropic · July 9, 2026

Anthropic introduced a beta feature that lets users track and visualize how they use Claude — topics, usage patterns, and task types over 1 to 12 months — and decide whether that time aligns with their goals. The dashboard can set quiet hours and break nudges, and maps activity onto Anthropic’s 4D AI Fluency Framework (delegation, description, discernment, diligence). It was developed with wellbeing experts from the MIT Media Lab’s AHA program, the Digital Wellness Lab at Boston Children’s Hospital, and the Family Online Safety Institute, and is available to Free, Pro, and Max users with Memory on. The same day, Anthropic also published “Inviting hard questions,” asking the public for their hardest questions about AI and committing to show its work in addressing them.

“Today we’re introducing, in beta, a new way to reflect on and refine how you use Claude. … It lets you easily track and visualize how you use Claude, and decide whether that time aligns with your goals.” — Anthropic

Source: Introducing a way to reflect on how you use Claude

Ben Bernanke joins Anthropic’s Long-Term Benefit Trust

Anthropic · July 9, 2026

Anthropic’s Long-Term Benefit Trust appointed Dr. Ben Bernanke — former Federal Reserve Chair and 2022 Nobel laureate in economics — as its newest Trustee. The LTBT is the independent body with authority to appoint members to Anthropic’s board; Bernanke joins Neil Buddy Shah, Richard Fontaine, and Mariano-Florentino Cuéllar, and will focus in part on Anthropic’s research into AI’s economic effects.

“The potential of artificial intelligence is enormous, and so is the range of outcomes. How that potential plays out will depend, in part, on the institutions we build around it.” — Dr. Ben Bernanke

Source: Ben Bernanke appointed to Anthropic’s Long-Term Benefit Trust

Still developing

xAI launches Grok 4.5, trained alongside Cursor and now branded under SpaceXAI

xAI / SpaceXAI · July 8, 2026

Just before this window opened, xAI — whose site now carries SpaceXAI branding — released Grok 4.5, positioning it for coding, agentic tasks, and knowledge work. Trained on tens of thousands of NVIDIA GB300 GPUs and alongside Cursor, it is priced aggressively at $2/$6 per 1M tokens, served at ~80 tokens per second, and claims roughly 2x the token efficiency of comparable leading models. It is the default model in Grok Build and available in Cursor and the API console, though not yet in the EU.

“Today, we’re launching Grok 4.5, SpaceXAI’s smartest model built to excel at coding, agentic tasks, and knowledge work. It’s our strongest model ever and was trained alongside Cursor.” — SpaceXAI

Source: Introducing Grok 4.5

OpenAI introduces GPT-Live, a full-duplex voice model family now powering ChatGPT Voice

OpenAI · July 8, 2026

Also just before the window, OpenAI launched GPT-Live-1 and GPT-Live-1 mini, voice models built on a full-duplex architecture that listen and speak simultaneously — backchanneling with “mhmm,” waiting through pauses, and delegating harder questions to a frontier model (GPT-5.5 at launch) in the background while keeping the conversation going. GPT-Live is rolling out globally as the new default for ChatGPT Voice, with API access planned.

“We’re launching GPT-Live, a new generation of voice models that make talking with AI feel much more like having a real conversation.” — OpenAI

Source: Introducing GPT-Live


This brief covers the trailing ~72 hours (July 9 – 12, 2026).

Primary sources:

North Korea’s PolinRider Supply-Chain Blitz, AI-Run JadePuffer Ransomware, and a $1M Kairos Extortion Payment

This brief covers the trailing ~48 hours (July 4–6, 2026). Every item below was checked against its primary source — vendor advisories, original research posts, and CISA entries — before inclusion.

North Korean “PolinRider” campaign publishes 108 malicious packages and extensions across npm, Packagist, Go, and Chrome

Socket / The Hacker News · July 4, 2026

Threat actors tied to North Korea’s Contagious Interview operation have published 162 malicious release artifacts corresponding to 108 unique packages and extensions — 19 npm libraries, 10 Composer packages, 61 Go modules, and one Google Chrome extension. The campaign, tracked as PolinRider, plants obfuscated JavaScript loaders in legitimate repositories (concealed via whitespace padding or fake .woff2 font files) and triggers execution through VS Code task files with the “runOn: ‘folderOpen'” option; payloads fetch encrypted second stages from blockchain infrastructure that unpack to the DEV#POPPER RAT and OmniStealer. As of April 11, 2026, the broader activity had compromised 1,951 public GitHub repositories belonging to 1,047 unique owners. There is no CVE — this is an account-takeover and supply-chain campaign, and it remains active.

“The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts, modify legitimate repositories, and publish infected package versions where they retain or obtain registry access.” — Karlo Zanki, Socket

Source: Socket research · The Hacker News

JadePuffer: first documented ransomware operation run end-to-end by an AI agent

Sysdig · July 4, 2026

Sysdig researchers documented what they believe is the first ransomware intrusion conducted entirely by an autonomous LLM agent — reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and encryption, with the agent adapting to failures in real time. Initial access came via CVE-2025-3248, a critical unauthenticated remote code execution flaw in the Langflow LLM-app framework that was patched in April 2025 and added to CISA’s KEV catalog in May 2025; the attacker later pivoted to an Alibaba Nacos instance using CVE-2021-29441, an authentication bypass. The operation encrypted 1,342 Nacos service configuration items, dropped the originals, and left a ransom demand with a Bitcoin address and Proton Mail contact — though the encryption key was never stored or transmitted, and the Bitcoin address appears to be a documentation example reproduced from training data.

“The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” — Sysdig

Source: Sysdig research · BleepingComputer

U.S. government entity paid Kairos ~$1 million in encryption-free data extortion, blockchain analysis shows

Ransom-ISAC · July 4, 2026

A case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and on-chain tracing, shows a small U.S. government entity — the evidence points to Union County, Ohio, though neither party has confirmed it — paid roughly 9.44 BTC (~$1 million) on June 13, 2025 to keep stolen files from being published. The Kairos group deployed no encryptor at all: it opened at $3 million claiming over 2 TB of stolen data, and used countdown timers and threats to leak a “prosecutors office” folder first. The payment was traced through wallet chains toward deposit addresses at Bybit, OKX, and the Russian service BELQI. The case underscores a broader shift: much of what is still called ransomware now skips encryption entirely and uses stolen data as the sole pressure point.

“Paying to make stolen data disappear is an act of faith, and the receipt is written by the thief.” — The Hacker News

Source: Ransom-ISAC case study · The Hacker News

Opera GX flaw let malicious sites silently install browser mods and steal data from visited pages

The Hacker News · July 6, 2026

Researchers disclosed a vulnerability in Opera GX that allowed a malicious website to silently install a GX Mod — the browser’s reskinning add-on format — and use it to lift data from pages the victim visits; a proof of concept reconstructed a signed-in user’s full Gmail address from a single visit with no clicks. Opera patched the flaw in Opera GX 130.0.5847.89 and says it found no evidence of in-the-wild exploitation. No CVE was assigned, but Opera’s bug bounty team rated the issue P1 (its top severity) and paid the maximum $5,000 reward. Because the attack required no clicks or approvals, there was no workaround short of the patch — users should confirm their version at opera://about.

Source: The Hacker News

SkillCloak: malicious AI agent “skills” evade static scanners more than 90% of the time

The Hacker News · July 6, 2026

Researchers at the Hong Kong University of Science and Technology showed that scanners meant to catch malicious add-on skills for AI coding agents (Claude Code, OpenAI Codex, OpenClaw) can be defeated with simple self-extracting packing techniques that leave the malware fully functional — their strongest variant slipped past every scanner tested more than 90% of the time. Skills run with the agent’s own access to files, terminals, and saved credentials, and most marketplace listings are uploaded by strangers with little vetting. The team also built a runtime checker that catches most of the disguised skills static scanners miss.

Source: The Hacker News

Still developing

“Bad Epoll” Linux kernel flaw (CVE-2026-46242)The Hacker News · July 3, 2026. A use-after-free race in the kernel’s epoll code lets an unprivileged local user gain root with roughly 99% exploit reliability, affecting desktops, servers, and Android on kernels v6.4 and newer. Researcher Jaeyoung Chung published a working proof of concept; the fix landed upstream (commit a6dc643c6931) in April 2026, but distributions that have not backported it remain exposed, and epoll cannot be disabled as a workaround. Source: The Hacker News · PoC repository

NetNut residential proxy network disruptedGoogle Threat Intelligence Group · July 3, 2026. Google, the FBI, Lumen, Shadowserver, and partners disrupted NetNut (aka Popa), a residential proxy network of at least 2 million compromised Android devices including smart TVs and streaming boxes. GTIG observed 316 distinct threat clusters using suspected NetNut exit nodes in a single week, spanning cybercrime and espionage. Source: Google Threat Intelligence · BleepingComputer

SharePoint RCE CVE-2026-45659 on CISA KEV; federal patch deadline passed July 4CISA · July 1, 2026. CISA added CVE-2026-45659 (CVSS 8.8), a deserialization-of-untrusted-data remote code execution flaw in SharePoint Server Subscription Edition, 2019, and 2016, to the Known Exploited Vulnerabilities catalog citing active exploitation. Microsoft patched it in May 2026; any authenticated attacker with Site Member permissions can execute code remotely. FCEB agencies were required to remediate by July 4, 2026. Source: CISA alert · The Hacker News

This brief covers the trailing ~48 hours (July 4–6, 2026). Primary sources: Socket, Sysdig, Ransom-ISAC, Google Threat Intelligence Group, CISA, Bad Epoll PoC.

A Claude Tool-Calling Regression Documented, sqlite-utils 4.0 Written Mostly by Fable 5, and Mistral’s Leanstral 1.5 Prover

This brief covers the trailing ~72 hours (July 3 – 6, 2026). Every item below was confirmed on the originating source’s own page, with a published date inside (or, where noted, just before) the window. With the US July 4th holiday weekend, the major labs’ newsrooms were quiet; the notable developments this cycle came from the practitioner community, plus a formal-verification model release from Mistral that landed just before the window opened.

Armin Ronacher documents a tool-calling regression in Anthropic’s newest models

Armin Ronacher · July 4, 2026

Flask creator Armin Ronacher published a detailed investigation showing that Anthropic’s newest models — Opus 4.8 and Sonnet 5, but none of their older siblings — sometimes call third-party edit tools with extra, invented fields that violate the tool’s JSON schema, even when the edit content itself is byte-correct. His hypothesis: post-training via reinforcement learning inside Claude Code (whose harness silently repairs malformed calls) gives the models a strong prior for Claude Code’s flat edit-tool shape, implicitly punishing alternative schemas used by other harnesses like Pi. Simon Willison amplified the finding the same day, asking whether third-party coding harnesses will need to ship model-specific edit tools.

“What surprised me is that this is getting worse with newer Anthropic models as both Opus 4.8 and Sonnet 5 show it but none of the older models. In other words, the SOTA models of the family are worse at this specific tool schema than their older siblings.” — Armin Ronacher

Source: Better Models: Worse Tools (see also Simon Willison’s commentary)

Simon Willison ships sqlite-utils 4.0rc2 “mostly written by Claude Fable” for an estimated $149.25

Simon Willison · July 5, 2026

Willison released sqlite-utils 4.0rc2 with the bulk of the work done by Claude Fable 5 via Claude Code, including a pre-release review that caught five release-blocker bugs — among them a data-loss bug where delete_where() never committed and poisoned the connection. He then had OpenAI’s GPT-5.5 review Fable’s work, which surfaced two further P1 transaction-handling issues that Fable confirmed and fixed. Using AgentsView he estimated the unsubsidized API cost of the session at $149.25, noting he upgraded to the $200/month Max plan ahead of July 7, when Fable’s subsidized subscription access ends.

“Over the course of 37 prompts, 34 commits and +1,321 -190 code changes over 30 separate files, we worked through the entire set of feedback in turn, making several other design improvements along the way.” — Simon Willison

Source: sqlite-utils 4.0rc2, mostly written by Claude Fable (for about $149.25)

Still developing

Mistral releases Leanstral 1.5, an open Apache-2.0 theorem-proving model

Mistral AI · July 2, 2026

Just before this window opened, Mistral released Leanstral 1.5, a formal-verification model for Lean 4 with 119B total and 6B active parameters, free under Apache-2.0 with weights on Hugging Face and a free API endpoint. Mistral reports it saturates miniF2F at 100%, solves 587 of 672 PutnamBench problems at roughly $4 per problem, and sets new state-of-the-art results on the FATE-H (87%) and FATE-X (34%) abstract-algebra benchmarks. Beyond mathematics, an automated Rust-to-Lean verification pipeline built on the model flagged 47 violated properties across 57 open-source repositories, 11 of them pointing to genuine bugs — 5 previously unreported.

“Today, we are releasing Leanstral 1.5, a free Apache-2.0 licensed model with 119B total and only 6B active parameters, delivering a performance upgrade that makes formal verification more powerful and accessible than ever.” — Leanstral Team at Mistral AI

Source: Leanstral 1.5: Proof Abundance for All


This brief covers the trailing ~72 hours (July 3 – 6, 2026).

Primary sources:

Anthropic Ships Claude Sonnet 5, Redeploys Fable 5 With an Industry Jailbreak Framework, and Launches Claude Science

This brief covers the trailing ~72 hours (June 30 – July 3, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a busy, Anthropic-heavy stretch: a new Sonnet model, the redeployment of Fable 5 after export controls were lifted, a science workbench, and a new computational-biology benchmark from OpenAI.

Anthropic introduces Claude Sonnet 5

Anthropic · June 30, 2026

Anthropic released Claude Sonnet 5, which it calls its most agentic Sonnet model yet, positioning it close to Opus 4.8 performance at lower cost. The model is the new default on Free and Pro plans and is available on Claude Code and the Claude Platform via claude-sonnet-5, at introductory pricing of $2 per million input tokens and $10 per million output tokens through August 31, 2026 (then $3/$15). Because it is somewhat stronger than Sonnet 4.6 on cyber tasks, it launched with real-time cyber safeguards enabled by default, though Anthropic says it still shows substantially weaker offensive-cyber ability than its Opus models.

“Claude Sonnet 5 is built to be the most agentic Sonnet model yet. It can make plans, use tools like browsers and terminals, and run autonomously at a level that, just a few months ago, required larger and more expensive models.” — Anthropic

Source: Introducing Claude Sonnet 5

Fable 5 redeployed globally as export controls lift; Anthropic proposes an industry jailbreak-severity framework

Anthropic · June 30, 2026

After the US government applied export controls to Claude Fable 5 and Mythos 5 on June 12 — prompting Anthropic to suspend both — the company said the controls were lifted on June 30 and that Fable 5 returned globally on July 1 across the Claude Platform, Claude.ai, Claude Code, and Claude Cowork. Alongside the redeploy, Anthropic proposed a consensus framework for scoring the severity of AI jailbreaks — graded on capability gain, breadth, ease of weaponization, and discoverability — developed with Amazon, Microsoft, Google, and other Glasswing partners, plus a new HackerOne program and deeper US-government pre-release testing commitments. A July 2 follow-up post added further detail on the safeguards and framework.

“As of today, June 30, the export controls on Fable 5 and Mythos 5 have been lifted.” — Anthropic

Source: Redeploying Fable 5

Anthropic launches Claude Science, an AI workbench for researchers

Anthropic · June 30, 2026

Anthropic released Claude Science in beta on macOS and Linux for Pro, Max, Team, and Enterprise plans. It bundles a coordinating agent with more than 60 curated skills and connectors across genomics, single-cell, proteomics, structural biology, and cheminformatics, renders scientific artifacts like 3D protein structures and genome tracks natively, and manages compute from a laptop up to an HPC cluster or on-demand GPUs. Every figure ships with the exact code, environment, and message history that produced it, and a reviewer agent checks citations and calculations. Anthropic says it will fund up to 50 “AI for Science” projects with up to $30,000 in credits, with applications open through July 15.

“Claude Science brings these fragmented tools into a single research environment where scientists can conduct all stages of their work.” — Anthropic

Source: Claude Science, an AI workbench for scientists, is now available

OpenAI introduces GeneBench-Pro, a research-level computational-biology benchmark

OpenAI · June 30, 2026

OpenAI released GeneBench-Pro, a 129-question benchmark spanning 10 domains of computational biology that tests higher-order scientific judgment — handling ambiguity, revising assumptions, and choosing the correct analysis path — rather than rote execution. Each problem is built synthetically so the full causal structure is known and answers can be graded deterministically. OpenAI reports its strongest model, GPT-5.6 Sol, passes 28.7% at the highest reasoning level (31.5% with Pro mode), up sharply from under 5% for GPT-5 when the original GeneBench began. Reviewers estimated a typical problem would take a human expert 20–40 hours.

“Our strongest model, GPT‑5.6 Sol, attains a pass rate of 28.7% at the highest reasoning level (31.5% with Pro mode enabled). That is a sharp increase from when we began building the original GeneBench; at that time, our best frontier model, GPT‑5, scored below 5%.” — OpenAI

Source: Introducing GeneBench-Pro


This brief covers the trailing ~72 hours (June 30 – July 3, 2026).

Primary sources:

SharePoint RCE Hits CISA KEV, Adobe Ships Seven 10.0 ColdFusion/Campaign Fixes, Oracle EBS Payments Under Active Attack

This brief covers the trailing ~48 hours (June 30 – July 2, 2026). Every item below was confirmed against its primary source — a CISA advisory or KEV entry, a vendor PSIRT bulletin, or the original researcher’s finding — with the disclosure date verified on the primary page.

SharePoint Server RCE (CVE-2026-45659) added to CISA KEV after confirmed exploitation

CISA · July 1, 2026

CISA added Microsoft SharePoint Server flaw CVE-2026-45659 (CVSS 8.8) to its Known Exploited Vulnerabilities catalog on July 1, citing evidence of active exploitation. The bug is a deserialization of untrusted data (CWE-502) that lets an authenticated attacker with only Site Member permissions execute code remotely; Microsoft patched it in May 2026 for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, having originally rated it “Exploitation Less Likely.” Federal Civilian Executive Branch agencies must remediate by July 4, 2026.

“Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.” — CISA

Source: CISA alert · CISA KEV catalog · The Hacker News

Adobe patches seven CVSS 10.0 flaws in ColdFusion and Campaign Classic

Adobe PSIRT · June 30, 2026

Adobe issued Priority 1 bulletins for ColdFusion (APSB26-68) and Campaign Classic (APSB26-69) resolving multiple maximum-severity vulnerabilities. Seven carry a CVSS score of 10.0: ColdFusion unrestricted file-upload flaws CVE-2026-48276 and CVE-2026-48283, improper input-validation flaws CVE-2026-48277, CVE-2026-48281 and CVE-2026-48316, and path-traversal flaw CVE-2026-48282, all leading to arbitrary code execution, plus Campaign Classic incorrect-authorization RCE CVE-2026-48286. Fixes ship in ColdFusion 2023 Update 21, ColdFusion 2025 Update 10, and Campaign Classic ACC v7 build 9397. Adobe says it is aware of no exploitation in the wild.

“The frontier AI capabilities we are using are also available to attackers, and the window between public vulnerability disclosure and active exploitation is compressing from days to hours.” — Aanchal Gupta, Chief Security Officer, Adobe

Source: Adobe APSB26-68 (ColdFusion) · Adobe APSB26-69 (Campaign Classic) · The Hacker News

Oracle E-Business Suite Payments flaw (CVE-2026-46817) exploited in the wild; ~950 instances exposed

Defused / Shadowserver · July 1, 2026

Threat-intelligence firm Defused reported active exploitation of CVE-2026-46817 (CVSS 9.8), an unauthenticated HTTP takeover in the File Transmission component of Oracle Payments within E-Business Suite, with the first honeypot hits observed June 27 — before any public proof-of-concept existed. Oracle patched the flaw (affecting EBS 12.2.3 through 12.2.15) in its May 2026 Critical Patch Update. Shadowserver reports roughly 950 EBS instances reachable from the internet. The flaw is not yet listed in CISA’s KEV catalog.

“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists.” — Defused

Source: Oracle May 2026 Critical Patch Update · NVD · BleepingComputer


This brief covers the trailing ~48 hours (June 30 – July 2, 2026).

Primary sources: