Kategorie
HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload
Microsoft’s Patch Tuesday updates: Keeping up with the latest fixes
Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.
The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates. Like tacos, Patch Tuesday is here to stay.
In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”
Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry. As a case in point, Adobe, among others, follows a similar patch cadence.
Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.
In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.
July’s Patch Tuesday sees an end-of-support collision amidst a massive, record-setting patch waveMicrosoft addressed 722 CVEs this month once the 427 Chromium upstream relays are set aside — roughly three times a normal cycle and one of the largest single months in recent memory. Two vulnerabilities arrive under active exploitation: an elevation of privilege in Active Directory Federation Services (CVE-2026-56155), and an elevation of privilege in SharePoint Server (CVE-2026-56164). A third, a BitLocker security feature bypass (CVE-2026-50661) is publicly disclosed but not yet exploited.
The July 2026 Patch Tuesday earns Patch Now recommendations for Windows, Office, Exchange, and SQL Server. SharePoint has two critical RCEs on top of its exploited zero-day, and Exchange Server returns with a critical on-premises spoofing flaw. Adding to our (dear) administrator’s efforts, SharePoint Server 2016/2019 and SQL Server 2016 all reach end of support today. The Readiness team has provided a handy infographic of the expected risk profile of this month’s Patch Tuesday updates.
More info is available here on Microsoft Security updates for July 2026.
For June, Patch Tuesday means an IT scrambleMicrosoft this month released 206 updates affecting Windows, Office, Exchange Server, and its developer tools — including three Windows vulnerabilities already publicly disclosed. That trio includes an elevation of privilege in the Collaborative Translation Framework (CVE-2026-45586), a denial of service in HTTP.sys (CVE-2026-49160), and a BitLocker security feature bypass (CVE-2026-50507). At the moment, none appear to be under active exploitation, but all three are rated “Exploitation More Likely.”
Even without an exploited zero-day, the June 2026 Patch Tuesday release requires Patch Now recommendations for Windows, Office, and Exchange. The latter is back in the patch picture with a consolidated security update that Microsoft recommends installing “as soon as possible.”
More info is available here on Microsoft Security updates for June 2026.
For May, Patch Tuesday means 139 updates — but no zero-daysMicrosoft this month released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office.
The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for Jira and Confluence), four Word Preview Pane RCEs, the large TCP/IP vulnerability cluster, and the carry-over BitLocker recovery condition (still active on Windows 10 and Windows Server) warrants an accelerated deployment release schedule.
More info is available here on Microsoft Security updates for May 2026.
Microsoft’s Patch Tuesday release for April is a whopperWindows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle in memory. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild.
The Readiness team recommends “Patch Now” schedules for nearly every major product family: Windows, Office (with a zero-day), Microsoft Edge (Chromium), SQL Server, and Microsoft Developer Tools (.NET). April also brings Phase 2 of Microsoft’s Kerberos RC4 hardening with full enforcement set for July. There is a lot to cover, so here’s a useful infographic mapping the deployment risk for each platform.
More info is available here on Microsoft Security updates for April 2026.
For March, Patch Tuesday delivers fixes for 83 vulnerabilitiesMicrosoft’s March Patch Tuesday release addresses 83 vulnerabilities across Windows, Office, SQL Server, Azure, and .NET — with two publicly disclosed zero-days affecting SQL Server and .NET (though neither is being actively exploited in the wild.) Six additional vulnerabilities spanning the Windows Kernel, Graphics Component, SMB Server, Accessibility Infrastructure, and Winlogon are flagged as “Exploitation More Likely.”
The most significant change this month is the introduction of Common Log File System (CLFS) hardening with signature verification, which will affect how Windows handles log files across the operating system. More info on Microsoft Security updates for March 2026.
February’s Patch Tuesday release fixes 59 flaws, including 6 being exploitedThe company’s Patch Tuesday release for February addresses 59 CVEs across the company’s product family — roughly half the volume of January’s 159 patches. Six vulnerabilities, affecting Windows Shell, MSHTML, Desktop Window Manager, Remote Desktop, Remote Access, and Microsoft Word, are already being actively exploited. (All five Critical-rated CVEs target Azureservices rather than Windows, however.)
Both Windows and Office get a “Patch Now” recommendation, with CISA setting a March 3 enforcement deadline for all six exploited vulnerabilities. Two new enforcement timelines also take effect in April: Kerberos RC4 deprecation (CVE-2026-20833) and Windows Deployment Services hardening (CVE-2026-0386). More info on Microsoft Security updates for February 2026.
OnlyFans performers become unlikely allies of CISOs in securing websites
CISOs at government organizations and universities have an unexpected ally coming to their aid: OnlyFans models.
For some time, hackers have exploited weaknesses in the websites of universities or government departments to host scams or malware, using content stolen from the OnlyFans website as bait to attract victims.
Now, according to security researchers at Upguard, the fightback has begun: creators of adult content on OnlyFans are leveraging Google search results and the protection offered by copyright law to break up the traffic distribution systems created by bad actors.
These distribution systems work in three stages: entry points using adult or other content to attract and capture web traffic, a routing system sends it to destination sites, and those sites monetize the traffic through scams and malware. It has proved to be a lucrative business for the scammers.
Google recognizes the approach and calls such actors SEO parasites as they benefit from the reputations of other organizations — in particular government or academic sites, which Google views as having high authority.
Since the creators of OnlyFans content are also the copyright holders, they are able to issue Digital Millennium Copyright Act (DMCA) take-down notices for the stolen content posted by the bad actors to other sites. Upguard was able to track this through Google’s DMCA Transparency Report, and through the Lumen Database, another tracker of takedown notices, to which it was granted research access.
“This allows us to identify likely compromised sites: government and university domains advertising unlicensed adult content,” Upguard said.
The OnlyFans creators’ action has two benefits for the operators of the affected websites: The adult content associated with their domain disappears from Google search results, no longer affecting their reputation — and if they receive takedown notices for such content they can check their webservers for the vulnerabilities that enabled the bad actors to post it there in the first place.
This article first appeared on CSO.
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
OpenAI’s new hardware is a $230, 13-switch keyboard for Codex
OpenAI is selling its first hardware — without any help from Jony Ive. It describes the Codex Micro as a “command center for agentic work” but it’s really a 13-switch wireless keyboard customized to help developers keep tabs on what their Codex agents are doing. It costs $230.
The keyboard has 13 mechanical switches (one keycap covers two of them by default), a rotary encoder, joystick, and RGB backlighting around the whole keypad and individual keys. It comes with 32 customizable icon keycaps.
OpenAI claims that the Codex Micro is a serious business tool: The command keys enable Codex users accept changes, reject outputs, push-to-talk, start new chats, and trigger custom actions. The rotary encoder can be used to dial up the “brainpower” allocated to tasks — or in more conventional terms, how many tokens to allocate to reasoning on a task. And the RGB lighting can provide feedback on how various tasks are progressing. And the RGB lighting under the “agent” keys can provide feedback on how various tasks are progressing.
The Codex Micro’s manufacturer, Work Louder, already has a similar device on the market, the Creator Micro, which offers similar functionality, but without the colorful keys. It costs $56 less than the Codex Micro, however.
The Codex Micro will fit in snugly with OpenAI’s other merchandise, where using Codex is as much about a fashion statement as a technological choice.
This article first appeared on InfoWorld.
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Why Mobile Proxies Are Harder to Block Than Datacenter IPs
Business Email Compromise with AI Enhancements and New Defense Strategies
July’s Patch Tuesday sees an end-of-support collision amidst a massive, record-setting patch wave
Microsoft addressed 722 CVEs this month once the 427 Chromium upstream relays are set aside — roughly three times a normal cycle and one of the largest single months in recent memory. Two vulnerabilities arrive under active exploitation: an elevation of privilege in Active Directory Federation Services (CVE-2026-56155), and an elevation of privilege in SharePoint Server (CVE-2026-56164). A third, a BitLocker security feature bypass (CVE-2026-50661) is publicly disclosed but not yet exploited.
The July 2026 Patch Tuesday earns Patch Now recommendations for Windows, Office, Exchange, and SQL Server. SharePoint has two critical RCEs on top of its exploited zero-day, and Exchange Server returns with a critical on-premises spoofing flaw. Adding to our (dear) administrator’s efforts, SharePoint Server 2016/2019 and SQL Server 2016 all reach end of support today. The Readiness team has provided a handy infographic of the expected risk profile of this month’s Patch Tuesday updates.
(More information about recent Patch Tuesday releases is available here.)
Known issuesThe July release note flags known issues against the following updates:
- BitLocker recovery prompt on first restart – the PCR7 recovery condition tracked since April remains live on the platforms that did not receive the Boot Manager servicing fix (Windows Server 2022 and Windows 10 22H2). Devices with BitLocker on the OS drive, the Group Policy “Configure TPM platform validation profile for native UEFI firmware configurations” set with PCR7 included, and Secure Boot State PCR7 Binding reported as “Not Possible” may be prompted for the recovery key on the first restart after installing this update. This month’s publicly disclosed BitLocker security feature bypass (CVE-2026-50661) keeps the component in focus.
- WSUS synchronization error details suppressed (Windows Server 2025 and 2022) – WSUS no longer displays synchronization error details in its error reporting, a deliberate change made to address the Remote Code Execution Vulnerability CVE-2025-59287. Sync still works, but administrators triaging a failed synchronization lose the detail pane and must fall back to the SoftwareDistribution logs.
Windows Update can still replace manually installed graphics drivers with older OEM versions from the catalogue (the four-part Hardware ID ranking issue acknowledged on the Hardware Dev Center). The two-part HWID pilot runs to September 2026.
Major revisions and mitigationsBetween the June and July Patch Tuesdays, MSRC Security Update Guide notices updated 651 reported CVEs across six notification dates (15, 19, 26 June and 3, 8, 11 July), 532 of them routine Chromium upstream re-publications. Of the roughly 30 Microsoft revisions, almost all were cross-platform Office catch-up with no bearing on a Windows enterprise estate. No further action required for IT administrators for this Windows update cycle.
Windows lifecycle and enforcement updatesThis is the deadline cycle June pointed at. The July end-of-support wave lands today, and it collides with the month’s heaviest patching. SharePoint and SQL Server take some of their most active security updates ever on platforms receiving their last.
- SharePoint Server 2016 and 2019, Project Server 2016 and 2019, SQL Server 2016 and InfoPath 2013 have all reached end of support. SQL Server 2014 ESU Year 2 reaches end of support today. SharePoint 2016/2019 take an actively exploited zero-day and two RCEs this cycle, and SQL Server 2016 takes a critical RCE, all as their final security update. Now is the time to get moving on updating these platforms.
The 2011 Secure Boot certificate expiries have now passed; devices that never took the Windows UEFI CA 2023 key updates under CVE-2023-24932 can no longer receive updated boot components, with the Windows Production PCA for the boot manager still ahead on 19 October 2026. Kerberos RC4 hardening (CVE-2026-20833) has been in enforcement since April 2026; the July 2026 update removes the RC4DefaultDisablementPhase rollback control that let administrators defer it, making enforcement final.
Microsoft’s July 2026 Patch Tuesday is a security-only release: 180 test-guidance entries, 14 of them high risk (June had one). Printing and graphics are the centre of gravity: win32kfull.sys, the kernel-mode window manager, is the most-patched binary (14 entries), and seven high-risk flags sit alongside it – the Print Spooler, four win32k entries, and two GDI+ metafile entries. NTFS is the second theme, with 10 entries, two high risk. Every entry reports no functional changes – it’s pure regression validation. The packages span Windows 11 26H1 back to Server 2012 ESU.
Printing and graphics (high risk)The Print Spooler flag centres on shared printers, whose queue status must track jobs accurately; the win32k flags cover 32-bit application printing, font rendering in printed and exported output, on-screen rendering, and window management; the GDI+ flags cover metafiles.
- Share a printer from a print server, print from a separate client in varied sizes and formats, and cancel a job, confirming the queue reflects every state change
- Print from your 32-bit applications, and print text-heavy, graphics-heavy, and multi-page documents to physical and virtual (PDF or XPS) printers, repeating after orientation, scaling, and resolution changes
- Export documents with varied fonts to PDF and confirm fonts and layout survive; render EMF+ files that apply effects to very large images, and convert EMF files to WMF
- Open and close windows rapidly, drive common dialogs by mouse and keyboard, and close parents with children open – no orphaned windows
Both NTFS high-risk flags target integrity – extended attributes, and volume recovery after an unexpected shutdown. File History carries its own high-risk flag on clients. A Windows Server 2025-only bundle across boot, BitLocker, and ReFS demands the full Secure Boot/BitLocker matrix. Eight entries hit Server 2025 alone, including WSL, GPU partitioning, and a scripted Windows Server Backup pass repeating recovery after rolling the date 90 days forward.
- Exercise NTFS extended attributes – older-system EAs, backup workflows that preserve them, concurrent same-file operations where supported – with antivirus, encryption, or storage filters active
- Simulate an unexpected shutdown during file activity, verify the volume mounts intact, run chkdsk, and confirm indexing, shadow copies, and backup still work
- Run a full File History pass: back up, modify and back up again, exclude folders, change frequency, move the destination
- On Server 2025, boot all four Secure Boot/BitLocker combinations, in standard and confidential VMs where supported
Three further high-risk flags land here: HID input (hidparse.sys with win32k) – touch, keyboard, mouse, touchpad, through disconnects and restarts; the WinSock bundle (afd.sys plus Bluetooth and multicast drivers); and IrDA. The heaviest ask is not high risk at all: the NetAdapterCx driver (24H2/25H2, Server 2025) wants 500-plus adapter enable-disable cycles under Driver Verifier.
- Run the connectivity suite: browsing, large downloads, mapped drives, an RDP session idle 30+ minutes, a Teams call, an hour of streaming, and localhost apps such as Docker or WSL
- Stress Bluetooth: pairing, 10+ minutes of audio, input after idle, and reconnection after sleep
- Where infrared hardware exists, transfer a file and run at least 100 connect-disconnect cycles
- Sweep the rest: DNS Server (zone data must stay under its configured database directory), the client resolver (five entries), DHCP Server (five entries), SMB, NFS, Message Queuing (five entries), RRAS administration, client VPN, and WinHTTP/WinINet consumers
Windows Installer itself is patched: testing should include application install, uninstall, repair, and force a rollback. Hyper-V wants virtual-switch traffic as part of its testing exercises with Virtual Filtering Platform policies enforced. Sixteen media-related security entries cover playback, HEVC and MPEG-TS, USB audio, and MIDI 2.0.
Shell hardening and LSA isolationThese two entries are a little different from the rest of the cycle: they ask you to confirm a security behaviour actively works, not just that nothing regressed. A pass here means the protection fired, so treat them as functional checks rather than box-ticking.
- Shortcut handling (windows.storage.dll; Windows 11 23H2 and earlier, plus Server 2022): drop a shortcut file carrying the Mark of the Web into a folder and confirm the system refuses to extract its icon and leaks no NTLM credential hash – include the zero-click paths, where the icon would otherwise render without you opening anything
- LSA isolation and KeyGuard (24H2/25H2, Server 2025): run the supplied PowerShell validation script, which turns on Virtualization-based Security if it isn’t already, exercises KeyGuard key operations in both required and best-effort isolation modes, and reports pass or fail – it needs TPM 2.0, UEFI with Secure Boot disabled, and PowerShell 7
- Run that script on a dedicated test machine, never a shared one: it enables test signing, disables automatic updates, and reboots without asking
July’s Office wave is security-only; everything landed on 14 July, and nothing critical or non-security shipped in the 7 July preview. It’s an MSI-only cycle, so Click-to-Run estates can sit this one out.
- On MSI Office 2016, apply the client updates – Excel (KB5002886), Word (KB5002890), PowerPoint (KB5002867), and five further Office 2016 security updates (KB5002273, KB5002887, KB5002748, KB5002857, KB5002830) – then exercise macros, external data, embedded objects, and any line-of-business add-ins
- On SharePoint Server, patch 2016 (KB5002891, plus the KB5002892 language pack) and Subscription Edition (KB5002882), then check browser-based editing; the guidance lists SharePoint 2019 with a baseline but ships no 2019 package, so there is nothing to install there
Mind the rollback rules before you schedule the window: most client updates can be uninstalled, but the server updates cannot and always require a reboot.
Developer tools & databasesThe developer estate gets a broad but low-drama sweep this month. Both .NET and SQL Server patch widely, but the ask is representative-application validation rather than anything exotic – install on the matching branch and confirm normal behaviour.
- .NET: install the SDK updates (8.0.423, 9.0.316, 10.0.302, x64 and x86) and the Framework rollups spanning 3.5 through 4.8.1 – which reach from Windows Server 2012 up to Windows 11 26H1 and Server 2025 – then run a representative set of applications and confirm they function normally
- SQL Server: the GDR updates span 2016 SP3 through 2025 – install each on its matching branch and test that each removes cleanly
- Check an encrypted client connection through the separately patched Windows SQL client (dbnetlib.dll), which ships outside the server branches
The Readiness team recommends the following priorities for your larger enterprise deployments:
- Start with printing and graphics: half the high-risk flags sit in the Print Spooler, win32k, and GDI+, so regress shared printers, 32-bit printing, PDF export, metafiles, and window management before anything else
- Take NTFS next – extended attributes and crash recovery both touch data integrity – and add a client File History backup-and-restore pass
- Give Server 2025 its wider matrix – the Secure Boot/BitLocker combinations, WSL, GPU partitioning, and the scripted backup pass – and work through the stress suites
- Run the scripted KeyGuard validation on any VBS estate, preferably on a dedicated machine.
Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:
- Browsers (Microsoft IE and Edge)
- Microsoft Windows (both desktop and server)
- Microsoft Office
- Microsoft Exchange and SQL Server
- Microsoft Developer Tools (Visual Studio and .NET)
- Adobe (if you get this far)
Edge has had a busier month than usual. Microsoft addressed 46 Microsoft Edge (Chromium-based) CVEs this cycle. None critical, but heavily weighted to remote code execution (21 entries) and spoofing (13), led by CVE-2026-58289, a remote code execution flaw. A run of further RCEs (CVE-2026-57981, CVE-2026-56645, CVE-2026-57974) follows.
- Microsoft Edge – the Edge-specific fixes ship in the Edge stable channel (version 150.0.4078.65, released 9 July). The concentration of RCE and spoofing this month is worth a look for managed Edge estates rather than a routine wave-through.
- Chromium upstream – 427 CVEs relayed through MSRC this cycle, spanning the weekly Chrome release cadence since the June report: use-after-free, out-of-bounds read/write, type confusion, and inappropriate-implementation flaws across V8, Dawn, ANGLE, Skia, and Tint. The same fixes ship in the Chrome Stable channel; see the Chrome releases blog for the upstream notes.
The Chromium volume looks (quite) alarming but is routine plumbing: it flows to Edge through its own auto-update channel. Add these browser (Edge) updates to your standard release schedule for your managed environments.
Microsoft WindowsWindows carries the bulk of this month’s updates: 406 CVEs, 31 rated critical and 374 important. Elevation of privilege dominates by volume (226 entries), followed by remote code execution (70), information disclosure (70), denial of service (23), and a scatter of security-feature-bypass, tampering, and spoofing entries across the following feature groupings:
- DHCP – the standout network cluster: DHCP Server remote code execution (CVE-2026-50518, “Exploitation More Likely,” and CVE-2026-56159), with further critical DHCP Server and DHCP Client RCEs behind them (CVE-2026-48564, CVE-2026-50370, CVE-2026-54128). DHCP servers are the deployment priority.
- VMSwitch and Hyper-V – the Windows VMSwitch elevation of privilege (CVE-2026-57092) is one of the month’s highest-severity flaws, joined by two critical Hyper-V elevation-of-privilege entries (CVE-2026-50680, CVE-2026-54127), guest-to-host risk on virtualisation hosts.
- Network stack RCE – a Windows Server Network driver RCE (CVE-2026-56188, “Exploitation More Likely”), plus TCP/IP (CVE-2026-54999), the Reliable Multicast Transport Driver (CVE-2026-54982), and SSTP (CVE-2026-50694).
- Graphics – Windows GDI+ remote code execution (CVE-2026-50380) and a DirectX Graphics Kernel RCE (CVE-2026-50382), both reachable through document-rendering paths.
- Windows Media – a large cluster: three critical Media Foundation RCEs (CVE-2026-57090, CVE-2026-57094, CVE-2026-57087) lead 14 Windows Media and seven Media Foundation entries overall.
- Identity infrastructure – beyond the exploited ADFS flaw, Active Directory Domain Services takes a critical RCE (CVE-2026-49164) and Active Directory Certificate Services a critical elevation of privilege (CVE-2026-54121). Domain controllers take priority again.
- Print Spooler, WSUS, and MSMQ – critical RCE/EoP in the Print Spooler (CVE-2026-58608), Windows Server Update Services (CVE-2026-50444), and Message Queuing (CVE-2026-54992, “Exploitation More Likely”), all server-role attack surface.
The Windows Kernel is the most-patched component (28 CVEs, seven “More Likely”), followed by NTFS (21), Windows Runtime (17), Windows Media (14), ReFS (12), and Win32k (15 across its two entries). Add this Windows update to your Patch Now deployment schedule.
Microsoft OfficeMicrosoft released 96 Office CVEs this month: 19 critical, 76 important. Remote code execution leads (53 entries), ahead of information disclosure (27) and spoofing (10). SharePoint is the centre of gravity: it touches 39 of the 96 CVEs and supplies the family’s one actively exploited flaw.
- SharePoint Server: has been exploited (who would have guessed) and reaches end of support today. CVE-2026-56164, an elevation of privilege, is under active exploitation. Above it sit two critical remote code execution flaws, both “Exploitation More Likely” (CVE-2026-50522, CVE-2026-58644) and a critical security feature bypass (CVE-2026-55040). SharePoint Server 2016 and 2019 reach end of support on 14 July, so this exploited, critical-heavy set is the final security update those on-premises farms will receive.
- Office has experienced a long run of critical remote code execution entries across Office, Word, and PowerPoint (among them CVE-2026-55033 and CVE-2026-55127 in Word, CVE-2026-55043 in PowerPoint, and CVE-2026-55018 in Office), topped by CVE-2026-55045.
With an exploited zero-day, two RCEs, and an end-of-support deadline all landing on SharePoint in the same cycle, SharePoint environments are the priority. Add the July Office and SharePoint updates to your Patch Now schedule.
Microsoft Exchange and SQL ServerBoth Exchange and SQL Server carry critical-rated security vulnerabilities this month. Exchange Server returns with an on-premises security update for Exchange Server Subscription Edition, the only on-premises release still supported after Exchange Server 2016 and 2019 reached end of support in October 2025; SQL Server takes two critical remote code execution flaws, one of them against SQL Server 2016, which reaches end of support on the same day.
- Exchange Server (on-premises) – CVE-2026-55008, a spoofing vulnerability rated critical and “Exploitation More Likely,” is the headline. Behind it, a remote code execution entry (CVE-2026-55005) and two elevation-of-privilege flaws (CVE-2026-55006, CVE-2026-55009) round out the on-premises set. A separate Exchange Online elevation of privilege (CVE-2026-54998, critical) is fixed service-side with no customer action.
- SQL Server – two critical remote code execution flaws: CVE-2026-54117 (SQL Server 2025) and CVE-2026-54118 (which reaches back to SQL Server 2016 SP3), with five further important elevation-of-privilege and information-disclosure entries behind them. The 2016 exposure matters because SQL Server 2016 reaches end of support on 14 July: a critical RCE on a platform taking its final update.
Both belong on the Patch Now schedule this month: the Exchange on-premises update for its critical spoofing flaw, and the SQL Server update for the two critical RCEs.
Microsoft developer toolsMicrosoft released 24 CVEs across its developer tooling this month, all rated important. The weighting shifts from last month’s Visual Studio Code concentration toward .NET and ASP.NET Core, where a run of denial-of-service entries dominates the volume:
- ASP.NET Core and .NET – the two highest-severity entries are ASP.NET Core elevation-of-privilege entries (CVE-2026-47300, CVE-2026-47303), ahead of a .NET security feature bypass (CVE-2026-50528) and two .NET / .NET Framework remote code execution flaws (CVE-2026-50646, CVE-2026-50649).
- Visual Studio and VS Code – a GitHub Copilot / Visual Studio Code security feature bypass (CVE-2026-41109) and a second VS Code security feature bypass (CVE-2026-57102) lead here, with a VS Code remote code execution entry behind them (CVE-2026-50520) and a Visual Studio RCE (CVE-2026-47305).
Add these Microsoft updates to your standard developer update release schedule.
Adobe (and third-party updates)Outside Microsoft’s own catalogue, July is quiet. Adobe issued no Acrobat or Reader security updates. So, the month belongs to Microsoft, and it is a heavy one: 722 CVEs, roughly three times a normal cycle and one of the largest on record. Worth noting that this lands in the same season Microsoft has been talking up AI-assisted vulnerability management, and the AI stack it is selling as the answer, Copilot and Azure OpenAI among them, sits in the centre of this patch cycle’s own critical-rated updates. The (AI) tooling may be getting smarter, but the patch pile is (definitely) not getting smaller. This may be the beginning of an accelerating curve of ever larger patch cycles. My feeling is that we are in the middle of the beginning of this coming patch surge.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
Enhancing Linux Documentation with Security Icons for Clarity
Ernst & Young discloses data breach after support system hack
Google must open Android to rival AI agents, EU orders
The European Union is stepping up its actions against US tech giants under the Digital Markets Act, which is intended to ensure fair competition between digital platforms. On Thursday, the European Commission issued two rulings to limit Google’s dominance.
The Commission ordered Google to open up the Android operating system to AI assistants other than its own Gemini, ensuring that they had the same access to applications and operating system services. A second ruling ordered Google to share search data that only it is big enough to collect with other search engines.
Google has hit back at the measures, warning that they could create security issues for users. “Today’s decisions risk undermining vital privacy and security guardrails for millions of Europeans. We have repeatedly offered solutions to safeguard users while satisfying the DMA’s goals, but these rulings discount extensive evidence of user harm,” said Kent Walker, Google’s President of Global Affairs, in a company blog post.
The EU move doesn’t just cause problems for Google but for CISOs as well, warned Roman Stanek, CEO of Good Data AI. “Enterprise security has always leaned on a simple assumption, that apps are boxes, and the OS decides what crosses the box. But once multiple agents get equal system-level reach, access to screen context, cross-app actions, background execution, that assumption breaks.
“CISOs need to stop treating ‘AI assistant’ as a single, well-understood permission and start treating it as a category risk, one they have to govern like they govern app stores and MDM policies today. That requires device policies that name which agents can hold system-level permissions, not just which apps are installed. It means DLP and conditional access rules that account for an agent reading and acting on data, not just an app requesting it.,” he said.
How to Correlate Linux Logs for Faster Threat Detection
AI OK in Linux development, says Torvalds
Linus Torvalds has a complicated relationship with AI, seeing both its good and bad points. But his latest remarks on the usefulness of AI may have raised a few eyebrows in open-source circles.
Just a few weeks after the Linux founder complained that a “continued flood” of AI-generated vulnerability reports had made the Linux kernel security mailing list “almost entirely unmanageable”, he has come to see the advantages of the technology.
“Linux is not one of those anti-AI projects,” Torvalds wrote in an email response to Linux Kernel senior engineer Roman Gushchin, archived at Kernel.org.
“It can also be a somewhat painful tool, both for maintainer workloads and just from a ‘it keeps finding embarrassing bugs’ standpoint,” he said of the use of AI in security scanning. “The solution is to make sure those LLM tools help maintainers instead of just causing them pain.”
Developers should be free to choose whether they use AI, he said. “We’re not forcing anybody to use it, but I will very loudly ignore people who try to argue against other people from using it.”
Torvalds’ measured support for AI does not come completely out of the blue: Around the same time that he was complaining about AI distorting security maintenance, he also spoke about its usefulness, claiming that it could improve programmer productivity by a factor of 10.
This article first appeared on InfoWorld.
Linux IAM Misconfigurations That Put Cloud Environments at Risk
Inside the Search for "Clean" Residential Proxies for Carding
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images
Apple widens OpenAI trade secrets fight with preservation orders
Dozens of former Apple employees now working at OpenAI have been put on notice after Apple reportedly sent legal letters ordering them to preserve documents and communications relevant to its trade secrets lawsuit against OpenAI.
The Financial Times reports that “around 40” employees have been targeted with these letters, which repeat Apple’s claim that its confidential information might have been exfiltrated, alleging “trade secret misappropriation and breach of contract.” The letters also require them to arrange to meet with Apple’s lawyers.
The underlying lawsuitThis comes on the heels of Apple’s explosive lawsuit against OpenAI in which Apple accused the AI company (and former Apple Vice President Tang Tan) of extensive coordinated data theft. Tan was at Apple for 24 years and is now Chief Hardware Officer at OpenAI.
Apple’s lawsuit is defined by claims OpenAI took a range of steps to pry confidential Apple data from existing Apple employees, including using information such as internal project code names, to gain even more knowledge during interviews. The company says the evidence it has presented so far is only the “tip of the iceberg” concerning OpenAI’s approach.
The lawsuit requests that OpenAI be prevented from using any Apple information during the development of its hardware. Apple is also seeking damages and suing two former employees for breach of contract for violating their employment agreements.
The letters are significant. They represent formal directives that require former Apple staff to preserve documents, messages, emails, and other communications that could be relevant to the case. The demand reflects Apple’s belief that the alleged misuse of confidential information could be more widespread across the competing company. What’s critical is that orders of this kind override any standard data destruction policy and deletion of the requested information becomes a legal offense.
Why this matters beyond the protagonistsIn making its move, Apple shows this is not a dispute about just one or two hires, but an attempt to constrain the movement of intellectual property between the two firms. With AI hardware emerging as the next major battleground in tech, the case could become a defining one; whatever resolution is eventually reached could define the extent to which former employees can carry experience and knowledge between competing firms. The case might also define what the line is between experience and knowledge and the sharing of trade secrets.
This is important, because modern hardware development relies on far more than just finished designs. Product design leans into supplier relationships, manufacturing assumptions, physics, extensive prototyping, and product-roadmap priorities. If courts treat those accumulated insights as protectable secrets, hiring between major technology companies could become far more legally sensitive.
The Jony Ive questionThe case comes as Apple prepares to combat OpenAI in hardware. Its competitor is now working with legendary former Apple designer Jony Ive. Ive is not named in the litigation, but Apple will be keen to find out whether confidential product knowledge, design processes, or supply-chain insights have travelled with former staff into OpenAI’s device work.
Ultimately, for Apple, it’s about protecting its many blueprints for whatever hardware the company expects will come after the iPhone.
For its part, OpenAI has refuted Apple’s lawsuit, arguing that it is “not aware of any evidence” that the lawsuit has merit. “We have no interest in other companies’ trade secrets,” said OpenAI spokesperson Drew Pusateri. “We remain focused on building innovative technology that empowers people everywhere.” The company’s lawyers also claim it did respond to Apple’s initial inquiries on the matter.
What’s at stakeThe significance of Apple’s newly-shared communication preservation orders is that if discovery uncovers evidence supporting Apple’s claims, the case could complicate OpenAI’s hardware plans and create unwelcome scrutiny ahead of any future public offering.
You can follow me on social media! Join me on BlueSky, LinkedIn, Mastodon and subscribe to The Core.
China, Russia, and 27 others create World AI body, without US
China has created an international organization to set standards and introduce regulation for AI, inviting 28 other countries to join — but the US, a leading AI powerhouse is not part it.
The World Artificial Intelligence Cooperation Organization (WAICO) was established by 29 countries, including China, Russia and Brazil, at a ceremony in Shanghai, China, on July 16. Notably absent are the US, the European Union and its member states, the UK, Japan and South Korea.
Chinese AI companies have made a concerted effort to provide an alternative to US dominance. While the US is clearly ahead, Chinese enterprises are looking to narrow the gap in various areas: the open-weight model market, AI cyber protection and open source AI.
WAICO has been some years in development and has been designed to set some universal guidelines in AI. Researchers say WAICO differs in three ways from other initiatives to create global AI organizations: membership open to any sovereign state, there is no regime-type test for entry, and its agenda is built around development and the global capability divide.
The signing ceremony to create WAICO comes just days after Demis Hassabis, CEO of Google DeepMind, called on the US to take a lead in global AI regulation. “The US is well-positioned to take the first step in developing such a framework. It could establish a new Standards Body modelled on a federally overseen public-private partnership or self-regulatory organization, much like the Financial Industry Regulatory Authority (FINRA), with a board that includes independent leading technical experts and open-source representatives,” Hassabis wrote.
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- …
- následující ›
- poslední »



