This daily cybersecurity summary highlights significant updates and new threats impacting organizations. Tata Electronics has made substantial progress in remediating a June 2026 data breach, implementing cybersecurity controls recommended by Mandiant and engaging security partners like Palo Alto Networks and Fortinet to bolster defenses. The Indian government confirmed no critical national information was compromised.
In a critical development, CISA has added an actively exploited SharePoint RCE flaw (CVE-2026-58644) to its Known Exploited Vulnerabilities (KEV) catalog, mandating urgent patching by federal agencies by July 19, 2026. This zero-day vulnerability, being chained with other SharePoint flaws, allows attackers to bypass authentication and achieve persistent system access.
Further analysis of the 'LegacyHive' Windows zero-day exploit reveals it enables local privilege escalation (LPE) on patched systems by exploiting the User Profile Service, granting administrative access to low-privileged attackers.
A new critical unauthenticated RCE vulnerability (CVE-2026-63030) has been discovered in WordPress Core, affecting versions 6.9.0 through 7.0.1. WordPress has released updates (6.9.5 and 7.0.2) to address this, urging immediate administrator action.
Global professional services firm Ernst & Young (EY) disclosed a data breach originating from a compromised third-party IT service management platform, leading to the exfiltration of sensitive client data. Separately, the official website of Kenyan President William Ruto was compromised, with attackers demanding a Bitcoin ransom.
Google has issued its second critical Chrome update in 48 hours, addressing three use-after-free vulnerabilities in the Camera, GPU, and Network components that could lead to data corruption or arbitrary code execution.
A new ransomware variant, 'BL4CK SP1D3R', has emerged, employing double extortion tactics by exfiltrating and encrypting files, with a threat to leak stolen data. Finally, genetic testing company 23andMe has agreed to an $18 million bankruptcy settlement with 43 U.S. states over a 2023 data breach attributed to credential stuffing attacks and inadequate security practices.
Help others stay informed about cybersecurity threats
Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.
Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.
Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.