Canadian Cyber Security Journal
SOCIAL:
Filed under: News

Cybersecurity Daily Brief — Tuesday, July 14, 2026

Here are today’s top cybersecurity stories for Tuesday, July 14, 2026.

Microsoft July 2026 Patch Tuesday: Record-Breaking 570 CVEs, Three Zero-Days
Microsoft released its July 2026 Patch Tuesday updates, fixing 570 vulnerabilities — the largest single Patch Tuesday release on record, nearly triple June’s previous record of 198. Two zero-days are actively exploited: CVE-2026-56155, a privilege escalation flaw in Active Directory Federation Services, and CVE-2026-56164, an elevation of privilege flaw in SharePoint Server. A third zero-day, CVE-2026-50661, a BitLocker security feature bypass, was publicly disclosed before a patch was available. Of the 570 CVEs, 56 are rated Critical. The batch covers Windows OS components, Microsoft Office, SharePoint Server, Remote Desktop Services, and Windows Admin Center. — BleepingComputer

SAP July 2026 Patch Day: CVE-2026-44747 CVSS 9.9 Memory Corruption in NetWeaver ABAP
SAP released 16 new security notes on July 14, including a fix for CVE-2026-44747, a CVSS 9.9 memory corruption vulnerability in NetWeaver Application Server ABAP. An authenticated attacker with low privileges can exploit logical errors in memory management over the network without user interaction, leading to unauthorized data access, modification, or system unavailability. Affected kernel versions span 7.22 through 9.20. Two additional critical flaws were patched in SAP Approuter and SAP Commerce Cloud. — SecurityWeek

Progress ShareFile Zero-Day Confirmed: Patches Released, Storage Zone Controllers Can Return Online
Progress Software confirmed that the emergency shutdown of ShareFile Storage Zone Controllers issued July 10 was caused by a high-severity path traversal vulnerability affecting all 5.x and 6.x versions. An authenticated administrative user can read arbitrary files, write attacker-controlled content to arbitrary directories, or enumerate the server filesystem. Patches are now available in versions 5.12.5 and 6.0.2. A CVE identifier has been reserved and will be published within two weeks. Customers who install the patch can bring their Storage Zone Controllers back online. — BleepingComputer

Jscrambler npm Supply Chain Attack: Rust Infostealer Targets Developer and Cloud Credentials
Attackers compromised the Jscrambler npm package by stealing an npm publishing credential and injecting a malicious preinstall hook into versions 8.14.0 and several subsequent releases. The hook dropped a Rust-built infostealer targeting AWS, GCP, and Azure credentials, cryptocurrency wallets, AI coding assistants including Claude Desktop and Cursor, browsers, and messaging tools. The package receives roughly 15,800 weekly downloads. Clean versions are available: jscrambler 8.22.0 and corresponding plugin releases. Developers who installed any affected version should rotate all credentials immediately. — SecurityWeek

Two New M365 Phishing Kits Jalisco and OmegaLord Bypass MFA
Security researchers identified two new phishing kits, named Jalisco and OmegaLord, targeting Microsoft 365 accounts and using adversary-in-the-middle techniques to capture session tokens and bypass multi-factor authentication. Both kits were observed in active campaigns before public disclosure. Organizations relying solely on SMS or app-based OTP MFA remain vulnerable to this class of attack. — BleepingComputer

ESET: 11 Old Microsoft-Signed Linux UEFI Shims Allow Secure Boot Bypass
ESET researchers disclosed 11 old Microsoft-signed UEFI shim bootloaders, all at version 0.9 or below, allowing attackers to bypass UEFI Secure Boot on virtually any system with the Microsoft third-party UEFI certificate enrolled. Tracked as CVE-2026-8863 and CVE-2026-10797, the technique lets an attacker bring their own vulnerable shim to circumvent MOK denylist enforcement and deploy malicious UEFI bootkits such as Bootkitty or BlackLotus. Microsoft revoked the affected shims in the June 9, 2026 Patch Tuesday update. Systems without the June patch remain exposed. — The Hacker News

Cursor IDE Auto-Executes Malicious git.exe From Poisoned Repositories
Offensive security firm Mindgard published research showing Cursor, a widely used AI-assisted development environment, automatically executes a malicious git.exe binary placed at the root of a repository when a developer opens the project. The attack requires no user interaction beyond opening the project. The finding extends the threat of AI IDE supply chain attacks, where developers are increasingly targeted through malicious or compromised repositories. — Dark Reading

VMware Avi Load Balancer: Seven Vulnerabilities Including Critical Auth Bypass CVE-2026-47865
Broadcom released patches for seven security vulnerabilities in VMware Avi Load Balancer, including a critical authentication bypass tracked as CVE-2026-47865. Successful exploitation enables authentication bypass, remote code execution, privilege escalation, and directory traversal without valid credentials. Organizations running Avi Load Balancer in on-premises and cloud environments should apply the patches immediately. — SecurityWeek

Microsoft Maps Year-Long ShinyHunters Salesforce OAuth Attack Paths
Microsoft published research tracing a year of ShinyHunters-affiliated activity that compromised corporate Salesforce environments by exploiting pre-existing OAuth trust relationships rather than any flaw in the Salesforce platform itself. Threat actors obtained tokens from connected third-party applications and vendors to gain persistent access to Salesforce CRM data. The analysis outlines three primary attack paths for defenders to audit. — The Hacker News

Claude for Chrome Flaw: Any Browser Extension Running on claude.ai Can Trigger Agent Tasks
A researcher disclosed a flaw in which any browser extension with script execution access on claude.ai pages can trigger Claude for Chrome agent tasks directed at the user’s Gmail, Google Docs, and Google Calendar without the user’s knowledge or consent. The issue stems from insufficient isolation between the Claude for Chrome extension and other browser extensions. Anthropic has been notified. Users who have Claude for Chrome installed should review other installed extensions and limit permissions where possible. — The Hacker News

Stay tuned for today’s in-depth analysis posts.

Enjoy this article? Don’t forget to share.