Security Newsletter

Daily Security Briefing #319

DjediTech July 18, 2026 3 min read
Daily Security Briefing #319
Table of Contents

July 18, 2026 | Read Online

Critical WordPress vulnerability exposed, EY data breach, and OpenSSL DoS flaw…


Executive Summary

The past day has seen significant cybersecurity developments, with multiple vulnerabilities disclosed across various platforms. A critical remote code execution (RCE) flaw in WordPress Core, dubbed “wp2shell,” has been publicly exploited, affecting an estimated 500 million websites. Meanwhile, Ernst & Young LLP (EY) has confirmed a data breach involving the unauthorized access of client tax documents through a third-party IT support platform. Additionally, a Denial of Service (DoS) vulnerability in OpenSSL has been disclosed, allowing remote attackers to exhaust server memory with an 11-byte payload.



Top Articles

Critical WordPress Core Flaw Exposed: wp2shell RCE Vulnerability A critical pre-authentication remote code execution (RCE) vulnerability in WordPress Core, dubbed “wp2shell,” affects stock WordPress installations with zero plugins installed. The flaw requires no authentication and can be exploited by an anonymous attacker. Public exploits have been released, making it imperative that administrators patch their sites immediately. GBHackers

EY Data Breach: Hackers Access Third-Party IT Support Platform Ernst & Young LLP (EY) has confirmed a data security incident in which an unauthorized third party breached a third-party IT service management platform, exfiltrating documents containing client personal and financial information. The firm filed formal breach notifications with the California Attorney General’s office. GBHackers

OpenSSL DoS Vulnerability: Exhausting Server Memory A Denial of Service (DoS) flaw in OpenSSL, dubbed “HollowByte,” allows a remote, unauthenticated attacker to force a server to allocate disproportionate memory chunks before any security handshake even begins. The vulnerability can be exploited using an 11-byte payload. GBHackers

Citrix Secure Access Client Flaw: SYSTEM Privileges Escalation Cloud Software Group has issued a High-severity security bulletin disclosing two vulnerabilities in the Citrix Secure Access Client for Windows and the Citrix Endpoint Analysis Client for Windows. The more serious of the two, tracked as CVE-2026-53565, allows a standard, low-privileged user on a local system to escalate privileges and gain full SYSTEM access. GBHackers

7-Zip Fixes RCE Flaw: Exploitable with Malicious Archives 7-Zip version 26.02 was released to fix a remote code execution vulnerability that could allow attackers to execute malicious code by convincing users to open specially crafted compressed files. BleepingComputer

The Future of Age Verification: On-Device Estimation Incode explains how on-device age estimation verifies age without transmitting or storing facial images, reducing biometric privacy risks while supporting compliance with expanding age verification laws worldwide. BleepingComputer


AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.