Wednesday , July 15 2026
570

Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Microsoft’s Patch Tuesday in July 2026 fixes around 570 security flaws in its products. This comes after June’s big update, which had a record 206 issues and three that were already known to the public.

This big update comes after Microsoft’s recent change to use artificial intelligence for finding security flaws. It uses a special system that scans many models in the Windows code.

Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Microsoft's Patch Tuesday in July 2026 fixes around 570 security flaws in its products. This comes after June's big update,...
Read More
Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

Fortinet fixes seven new security warnings on July 14, 2026. These affect FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The issues vary...
Read More
Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are using CVE-2008-4128, a CSRF flaw in Cisco...
Read More
CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours
CVE ID Vulnerability Impact Severity Zero-Day Status
CVE-2026-56164 Microsoft SharePoint Server Elevation of Privilege Elevation of Privilege Moderate Exploited in the wild
CVE-2026-56155 Active Directory Federation Services Elevation of Privilege Elevation of Privilege Important Exploited in the wild
CVE-2026-50661 Windows BitLocker Security Feature Bypass Security Feature Bypass Important Publicly disclosed (no confirmed exploitation)

CVE-2026-56164 affects Microsoft SharePoint Server. It lets an attacker gain more access in a hacked or logged-in session. This is similar to earlier SharePoint EoP problems that have been linked with RCE bugs to take full control of the server. Because this is being actively exploited, on-site SharePoint farms should be fixed right away, even if they are marked as “Moderate” severity. Real attacks often mix low-severity EoP bugs with other mistakes for greater damage.

CVE-2026-56155 impacts Active Directory Federation Services (AD FS), which is Microsoft’s tool for identity management and single sign-on (SSO). It is known to be used in real attacks. Since AD FS helps with trust in both Azure AD and on-premises setups, if someone exploits this flaw, they could gain more control and attack the larger identity system, like in previous AD FS golden SAML incidents.

CVE-2026-50661 is a vulnerability in Windows BitLocker that lets users bypass security features. This was made public before a fix was available, but there have been no confirmed attacks yet. This is similar to the earlier “YellowKey” issue (CVE-2026-45585) in 2026, where attackers used physical access to take advantage of problems in BitLocker’s recovery area instead of its main encryption, which let them get around disk encryption on lost or stolen devices.

This month’s update has two serious Remote Code Execution flaws in SharePoint and Print Spooler, plus many Important-level Elevation of Privilege and RCE problems in key Windows parts.

Impact Type Count
Elevation of Privilege 249
Remote Code Execution 143
Information Disclosure 102
Denial of Service 35
Security Feature Bypass 17
Spoofing 16
Tampering 8
Total 570

The July update includes parts of Windows, Microsoft Office, SharePoint Server, Remote Desktop Services, and Windows Admin Center. Most fixes need the customer to take action instead of being done automatically through the cloud.

Two major flaws are important: CVE-2026-58644, a Microsoft SharePoint issue that allows remote code execution, and CVE-2026-58608, a bug in the Windows Print Spooler that also lets code run from afar. Both have been popular targets for ransomware attacks and state-sponsored hackers.

Elevation of Privilege is still the top type of bug this cycle. It impacts parts like the Windows Kernel, DirectX Graphics Kernel, Desktop Window Manager, and Win32K subsystem. Attackers often use it along with an initial entry point to get SYSTEM-level access.

Enterprises using SharePoint on-site should focus on CVE-2026-58644 because it has a Critical rating and can lead to RCE issues. This reflects the attack methods used in past SharePoint zero-day cases.

Organizations that use Remote Desktop Services, Windows Admin Center, or DHCP Server on internal or hybrid networks should consider CVE-2026-58626, CVE-2026-58631, and CVE-2026-58627 as very important. These vulnerabilities affect systems often targeted in lateral movement attacks.

IT admins need to focus on testing and applying fixes for the two critical RCE problems in SharePoint and Print Spooler in the next 48 hours, as they are often attacked.

Check Also

Dialogflow

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to …