Cyber Defense Command Center
Real-time security intelligence and threat monitoring
SYSTEM SECURE
INFO
12:10 am, July 18, 2026
Abbott probes two cyber incidents amid extortion claims
Abbott Laboratories is investigating two separate cybersecurity incidents after confirming unauthorized access to internal legacy Exact Sciences systems in its Cancer Diagnostics business, while also investigating a separate claim that attackers breached its LabCentral portal and stole company data. [...]
INFO
10:10 pm, July 17, 2026
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable.
Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system.
Adam Kues at Assetnote, Searchlight Cyber's attack surface management arm, found the flaw and reported
INFO
9:10 pm, July 17, 2026
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts.
OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta's Red Team, which reported the denial-of-service bug and named it, published the
HIGH
9:10 pm, July 17, 2026
Abbott Laboratories probes two cyber incidents amid extortion claims
Abbott Laboratories investigates two separate cybersecurity incidents involving unauthorized access to internal systems and potential data theft.
HIGH
8:10 pm, July 17, 2026
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Seven malicious Vite npm packages use blockchain C2 to deliver a RAT
MEDIUM
6:10 pm, July 17, 2026
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
GoldenEyeDog subgroup linked to DigiCert breach and code-signing certificate theft
INFO
6:10 pm, July 17, 2026
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys.
A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and firewall late.
The intel feed behind that counter
HIGH
6:10 pm, July 17, 2026
HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload
A vulnerability called HollowByte allows unauthenticated attackers to trigger a denial-of-service condition on OpenSSL servers with an 11-byte malicious payload.
HIGH
4:10 pm, July 17, 2026
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images
North Korean threat actors use steganography in SVG images to deliver OTTERCOOKIE malware via fake job postings and coding challenges.
MEDIUM
3:10 pm, July 17, 2026
Ernst & Young discloses data breach after support system hack
Ernst & Young discloses data breach after support system hack.
INFO
2:10 pm, July 17, 2026
Inside the Search for "Clean" Residential Proxies for Carding
Cybercriminals are seeking 'clean' residential proxies to evade modern fraud detection by combining them with browser fingerprints and device profiles.
INFO
12:10 pm, July 17, 2026
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man
Armenia detains Russian tourist Aleksandr Ermakov on a U.S. extradition request for a REvil ransomware suspect.
INFO
12:10 pm, July 17, 2026
The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?
Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding programs that can move from concept to operational deployment at commercial speed.
Now the focus shifts to the trusted
MEDIUM
12:10 pm, July 17, 2026
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants
The European Commission ordered Google to provide rival AI assistants with equivalent access to Android features currently available to Gemini.
HIGH
11:10 am, July 17, 2026
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage
New GoSerpent Malware targets Southeast Asian governments and diplomats for espionage
HIGH
11:10 am, July 17, 2026
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files
ACR Stealer infostealer steals browser tokens, Microsoft 365 files using ClickFix lures
CRITICAL
11:10 am, July 17, 2026
New Windows LegacyHive zero-day gives hackers admin privileges
A zero-day exploit called LegacyHive allows attackers to escalate privileges on up-to-date Windows systems.
INFO
10:10 am, July 17, 2026
Windows Server 2022 reach end of mainstream support in 90 days
Windows Server 2022 will reach its mainstream support end date in October 2026, but will continue receiving security updates under extended support for five more years.
INFO
9:10 am, July 17, 2026
US charges two over laundering $43 million from investment fraud
US authorities charged two individuals for laundering $43 million from investment fraud schemes.
CRITICAL
8:10 am, July 17, 2026
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
CISA added a newly patched SharePoint Server RCE zero-day CVE-2026-58644 to its KEV catalog.
CRITICAL
7:10 am, July 17, 2026
CISA urges immediate action on actively exploited Fortinet flaws
CISA urges immediate patching of actively exploited Fortinet flaws in FortiSandbox.
INFO
2:10 am, July 17, 2026
ISC Stormcast For Friday, July 17th, 2026 https://isc.sans.edu/podcastdetail/10012, (Fri, Jul 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
HIGH
10:10 pm, July 16, 2026
New ClickLock macOS malware traps users into revealing login password
New ClickLock macOS malware traps users into revealing login password by terminating visible processes.
HIGH
9:10 pm, July 16, 2026
Coca-Cola says Fairlife ransomware attack halts US dairy production
Ransomware attack disrupts Fairlife dairy production across the US.
INFO
8:10 pm, July 16, 2026
Claude Chrome extension flaw lets malicious extensions trigger AI actions
A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude's access to connected services such as Gmail, Google Docs, Google Calendar, and Salesforce. [...]
LOW
7:10 pm, July 16, 2026
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
Two hackers sentenced to 5.5 years each for 2024 TfL hack causing £29 million losses
HIGH
7:10 pm, July 16, 2026
New OkoBot framework deploys 20 payloads to steal data, crypto
OkoBot framework delivers 20 payloads to steal sensitive data including cryptocurrency wallet seed phrases and credentials.
INFO
4:10 pm, July 16, 2026
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
A lot of this week’s trouble starts with something that looks close enough.
A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation.
Old bugs are back, weak defaults are earning their keep, and some attack paths are so plain they barely feel like research. Here’s the mess.
INFO
3:10 pm, July 16, 2026
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss.
A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never
HIGH
2:10 pm, July 16, 2026
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password
New ClickLock macOS Stealer kills apps every 210ms until victims type their password.
HIGH
2:10 pm, July 16, 2026
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
New TELEPUZ malware spreading via ClickFix to steal data and run commands.
INFO
2:10 pm, July 16, 2026
23andMe to pay $18 million in new genetics data breach settlement
23andMe agrees to $18 million settlement for failing to protect customers' genetic data.
INFO
2:10 pm, July 16, 2026
AI Agents Broke the Security Playbook. Here's What Replaces It.
The article discusses the need for a new approach to security workflows due to the increasing use of AI agents.
HIGH
1:10 pm, July 16, 2026
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
Daxin malware resurfaces in Taiwan with a new backdoor called Stupig.
HIGH
1:10 pm, July 16, 2026
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands
New data injection attack can manipulate AI agents to perform unintended actions or execute malicious commands.
INFO
1:10 pm, July 16, 2026
20+ Hijacked Government Websites Became an Attack Channel
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions.
The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind a campaign
LOW
1:10 pm, July 16, 2026
Scattered Spider members behind TfL hack get five years in prison
Two leading members of Scattered Spider were sentenced to five years and six months in prison for hacking TfL in 2024.
INFO
12:10 pm, July 16, 2026
Windows 11 24H2 Home and Pro reach end of support in 90 days
Microsoft announced that Windows 11 24H2 Home and Pro editions will reach end of support in 90 days.
CRITICAL
11:10 am, July 16, 2026
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide
Unpatched Shark Vacuum flaw allows attackers to control other vacuums region-wide by pulling the certificate off the flash of a Shark RV2320EDUS robot vacuum.
INFO
11:10 am, July 16, 2026
AI Can Find Bugs, But Human Knowledge Still Proves Them
AI-assisted tools are enhancing offensive security by speeding up tasks like code reading and payload generation, but human expertise remains crucial for validating findings.
HIGH
11:10 am, July 16, 2026
Russian hackers trojanize WebEx, Zoom apps to push Starland malware
Russian hackers use trojanized WebEx and Zoom apps to deploy Starland RAT malware
INFO
11:10 am, July 16, 2026
CISA orders feds to patch actively exploited Oracle flaw by Saturday
CISA has ordered federal agencies to secure their systems by Saturday against ongoing attacks exploiting a critical vulnerability in the Oracle E-Business Suite financial application. [...]
HIGH
10:10 am, July 16, 2026
New Spirals ransomware encrypts victim network in under 24 hours
New Spirals ransomware encrypts victim network in under 24 hours
CRITICAL
9:10 am, July 16, 2026
Zoom Patches Critical Windows Flaw That Could Enable Account Takeover
Zoom patches critical Windows flaw CVE-2026-53412 with CVSS score 9.8 that could enable account takeover.
INFO
9:10 am, July 16, 2026
OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol
OpenAI disclosed GPT-Red, an internal automated red-teaming model, to scale prompt injection vulnerability discovery and harden GPT-5.6 before deployment.
INFO
3:10 am, July 16, 2026
ISC Stormcast For Thursday, July 16th, 2026 https://isc.sans.edu/podcastdetail/10010, (Thu, Jul 16th)
A summary of an article on how to earn a billion dollars.
INFO
10:10 pm, July 15, 2026
Dutch police bust investment fraud ring stealing over €100 million
Dutch police arrested multiple individuals suspected of operating an international investment fraud scheme that allegedly stole over €100 million from tens of thousands of victims.
CRITICAL
9:10 pm, July 15, 2026
Zoom warns of critical account takeover vulnerability
A critical vulnerability in Zoom's desktop client and software development kit for Windows allows unauthenticated account takeover.
INFO
7:10 pm, July 15, 2026
Google Gemini CLI abused as a hacking agent, malware botnet operator
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]
MEDIUM
7:10 pm, July 15, 2026
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development
TuxBot v3 Evolution shows signs of LLM-assisted IoT botnet development, but with limited success.
