Security Newsletter

Daily Security Briefing #318

DjediTech July 17, 2026 3 min read
Daily Security Briefing #318
Table of Contents

July 17, 2026 | Read Online

Critical vulnerabilities exposed, ransomware attacks on healthcare organizations, and AI training data poisoning…


Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. The recent exposure of critical vulnerabilities in Microsoft SharePoint Server highlights the need for timely patching. Meanwhile, a financially motivated threat cluster has been conducting a large-scale malware campaign targeting users across the United States and parts of Europe. Additionally, AI training data poisoning has become a growing concern.



Top Articles

Metasploit Wrap Up: An HTTP to SMB relay plus Payload Improvements The Metasploit Framework team is shifting its weekly release cadence to bi-weekly, allowing for additional time to record demos of exciting content. The latest wrap-up covers an HTTP to SMB relay and payload improvements. rapid7.com

CVE-2026-58644: Microsoft SharePoint Server Unauthenticated Remote Code Execution Vulnerability Exploited in the Wild Microsoft confirmed active exploitation of CVE-2026-58644, a critical remote code execution vulnerability affecting on-premises Microsoft SharePoint Server deployments. The vulnerability was subsequently added to CISA’s Known Exploited Vulnerabilities catalog. rapid7.com

Details of Alan Turing’s Voice Encryption System A recently auctioned cache of wartime papers reveals details about Alan Turing’s top-secret “Delilah” engineering project, a portable voice-encryption system developed in 1943. schneier.com

The State of Hybrid SASE: Built-In vs. Bolted-On Check Point’s Hybrid SASE takes a different approach to securing traffic, unifying access and policy in a single operating model that decides whether traffic is secured and routed predictably. checkpoint.com

Hackers Hide Lua Loaders in Fake TTF Files to Deploy Remcos, XWorm, and Agent Tesla A newly observed campaign leverages Lua-based loaders disguised as TrueType (.ttf) font files to deploy commodity malware, including Remcos RAT, Agent Tesla, XWorm, and Snake Keylogger variants. gbhackers.com

LegacyHive Windows Zero-Day Lets Attackers Hijack Administrator Registry Hives A newly disclosed local privilege escalation technique allows non-administrator Windows users to tamper with an administrator’s registry hive, opening the door to code execution at the administrator’s next login. gbhackers.com | cyberpress.org

Abbott Laboratories probes two cyber incidents amid extortion claims Abbott Laboratories is investigating two separate cybersecurity incidents after confirming unauthorized access to internal legacy Exact Sciences systems in its Cancer Diagnostics business. bleepingcomputer.com

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code An anonymous HTTP request can run code on a WordPress site, with the bug affecting every 6.9 and 7.0 site until Friday’s forced updates. thehackernews.com

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests Eleven bytes can cause an unpatched OpenSSL server to set aside up to 131 KB of memory for a message that never arrives, freezing the server’s memory. thehackernews.com

UAT-11795 Deploys Starland RAT and WLDR Backdoor Through Trojanized Software Installers Cisco Talos has uncovered a new financially motivated threat cluster, tracked as UAT-11795, that has been conducting a large-scale malware campaign targeting users across the United States and parts of Europe. cyberpress.org


AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.