Breaches, patches, malware and threat intel that matter to defenders and everyday users.
▶ Microsoft's Record Patch Tuesday Fixes Actively Exploited Zero-Days — Update Now
Category: Patches & Updates
Summary
Microsoft's July update rolled out an unusually large batch of security fixes — described by multiple outlets as a monthly record — including several flaws that attackers were already exploiting in the wild. When zero-days are being used before patches ship, applying updates promptly is the single most effective step you can take. Make sure Windows Update has run and completed on every machine you manage, and reboot to finish installation. Reporting on exact totals and the number of zero-days varies between sources, but the takeaway is consistent: this is a high-priority month to patch without delay.
Why it matters to you
- Several fixed flaws were already being exploited by attackers.
- Run Windows Update and reboot to fully apply the fixes.
- Prioritize this month across every PC you manage.
▶ CISA Warns of Actively Exploited SharePoint Flaws — Admins Should Patch Fast
Category: Vulnerabilities
Summary
The US cybersecurity agency CISA has urged administrators to patch a set of SharePoint vulnerabilities that are being actively exploited. On-premises SharePoint servers are a common target because they often hold sensitive documents and sit at the center of collaboration workflows. If your organization runs SharePoint, treat this as urgent: identify affected servers, apply the vendor fixes, and review logs for signs of compromise. Even if you're not an admin, it's a reminder that document and collaboration platforms are prime targets, and that timely patching by IT teams is what keeps shared workspaces from becoming an entry point.
Why it matters to you
- Exploitation is already happening, so patching can't wait.
- SharePoint servers hold sensitive files attackers want.
- Review server logs for signs of intrusion after patching.
▶ Zoom Warns of Critical Account-Takeover Bug — Check Your Updates
Category: Vulnerabilities
Summary
Zoom has warned of a critical vulnerability that could lead to account takeover, urging users to make sure their software is current. Because Zoom is so widely used for work and personal calls, a flaw that enables account hijacking is worth acting on quickly. The simplest protection is to confirm you're running the latest version — Zoom updates regularly, and the desktop and mobile apps can be set to update automatically. It's also a good moment to enable multi-factor authentication on your Zoom account if you haven't already, adding a layer of defense even if credentials are exposed.
Why it matters to you
- Account takeover could expose your meetings and data.
- Update Zoom to the latest version right away.
- Turn on multi-factor authentication for extra protection.
▶ New Mac Malware 'CrashStealer' Disguises Itself as Apple's Crash Reporter
Category: Malware
Summary
Security researchers have flagged new Mac malware that masquerades as Apple's legitimate crash reporter to trick users into trusting it. Disguising malware as a familiar system component is a classic social-engineering move, and a reminder that Macs are not immune to threats. Coverage outlines ways to avoid it, and the general defenses hold: only install software from trusted sources, be wary of unexpected prompts asking for permissions or passwords, and keep macOS and your security tools updated. If a "system" dialog appears out of nowhere asking you to run or approve something, pause and verify before granting access.
Why it matters to you
- Malware posing as a system tool can slip past your guard.
- Stick to trusted sources and question unexpected permission prompts.
- Keep macOS and security tools current.
▶ Firefox, Chrome, Adobe and VMware Push Critical Security Fixes
Category: Patches & Updates
Summary
A wave of critical updates has landed across Firefox, Chrome, Adobe products, and VMware, addressing multiple serious security flaws. Browsers and widely used software are frequent targets because they're on nearly every device, so keeping them current is one of the most impactful habits for staying safe. Most browsers update automatically, but a full restart is often required to apply the fix — so close and reopen your browser today. For Adobe and VMware users, check for and apply the vendor updates, especially on any systems exposed to the internet or handling sensitive work.
Why it matters to you
- These apps are everywhere, making them prime attack targets.
- Restart your browser to finish applying pending updates.
- Apply Adobe and VMware fixes promptly, especially on exposed systems.
▶ SonicWall Warns of Two SMA 1000 Zero-Days Under Active Exploitation
Category: Vulnerabilities
Summary
SonicWall has issued an urgent warning about two zero-day vulnerabilities in its SMA 1000 secure-access appliances, at least one of which could enable serious admin-level actions, with the flaws reported as exploited. Remote-access gateways are a high-value target because they sit at the network edge and control who gets in. Organizations using these appliances should apply SonicWall's guidance immediately, restrict management access, and watch for suspicious activity. Edge devices like VPN and secure-access gateways deserve special attention in any patching schedule, since a compromise there can open the door to the entire network.
Why it matters to you
- Edge access appliances are a direct route into networks.
- Apply SonicWall's fixes and restrict management access now.
- Monitor for suspicious activity on affected gateways.
▶ Attackers Are Abusing Google's Gemini CLI as a Hacking Tool
Category: AI Security
Summary
Researchers report that Google's Gemini CLI — a command-line interface to its AI — has been abused to act as a hacking agent and to help operate a malware botnet. It's part of a broader trend of attackers bending legitimate AI tools to malicious ends, from writing attack code to automating parts of a campaign. For defenders, it underscores the need to monitor how AI and developer tools are used inside your environment and to treat AI-assisted automation as another potential threat vector. For everyone else, it's a sign that "AI-powered" cuts both ways in security.
Why it matters to you
- Legitimate AI tools can be repurposed for attacks.
- Defenders should monitor AI and developer-tool usage internally.
- Expect more AI-assisted automation on the attacker side.
▶ Malicious AsyncAPI npm Packages Caught Stealing Developer Credentials
Category: Supply Chain
Summary
Compromised npm packages tied to the AsyncAPI ecosystem were found carrying credential-stealing malware, part of an ongoing pattern of software-supply-chain attacks aimed at developers. Because developer machines often hold tokens, keys, and access to production systems, a single poisoned package can cascade into a much larger breach. Developers should verify package sources, watch for suspicious updates or typosquatted names, lock dependencies, and rotate any credentials that may have been exposed. Supply-chain hygiene — reviewing what you pull into a build — is now a core part of staying secure, not an optional extra.
Why it matters to you
- Poisoned packages can steal keys and cascade into big breaches.
- Verify sources, lock dependencies, and watch for typosquats.
- Rotate any credentials that might have been exposed.
▶ Unpatched Cursor Flaw Can Trigger Code Execution From Cloned Repos
Category: Vulnerabilities
Summary
A vulnerability in the AI coding tool Cursor can reportedly lead to code execution, with attention drawn to how a malicious cloned repository could trigger it. AI-assisted development tools are increasingly central to how software gets built, which makes flaws in them especially consequential. Until a fix is confirmed, developers should be cautious about opening untrusted or unfamiliar repositories in the tool, and follow the vendor's guidance as it's issued. It's a broader lesson too: treat the tools in your development pipeline as part of your attack surface, and be selective about the code and projects you open with them.
Why it matters to you
- Opening an untrusted repo could put your machine at risk.
- Be cautious with unfamiliar projects until a fix lands.
- Treat dev tools as part of your attack surface.
▶ US Charges Alleged Operators of a Russian 'Bulletproof' Hosting Service
Category: Threat Intel
Summary
US authorities have charged individuals accused of running a Russian "bulletproof" hosting service — the kind of infrastructure that knowingly shelters cybercriminals and shrugs off takedown requests. These services underpin a lot of malware, phishing, and fraud operations, so pressure on them can ripple across the wider criminal ecosystem. For defenders, actions like this are a reminder that much of today's cybercrime runs on rentable, resilient infrastructure. It also reinforces the value of blocking known-malicious hosts and staying current on threat intelligence, since disrupting the plumbing behind attacks makes life harder for many criminals at once.
Why it matters to you
- "Bulletproof" hosts power malware, phishing, and fraud at scale.
- Disrupting shared infrastructure hurts many criminals at once.
- Keep blocking known-bad hosts and follow threat intel.
▶ Dutch Police Bust Investment Fraud Ring That Stole Over €100 Million
Category: Fraud & Scams
Summary
Dutch police have broken up an investment fraud ring accused of stealing more than €100 million from victims. Investment scams typically lure people with promises of high, guaranteed returns and slick, professional-looking platforms, then make it difficult or impossible to withdraw funds. The takedown is a reminder to slow down before moving money: verify that a firm is properly regulated, be deeply skeptical of guaranteed returns and pressure to act fast, and never invest based solely on an unsolicited message or social-media pitch. If an opportunity sounds too good to be true, it almost always is.
Why it matters to you
- Investment scams use polished platforms and guaranteed-return promises.
- Verify regulation and never rush a money decision.
- Ignore unsolicited "opportunities" pushing you to act fast.