{"articles":[{"id":3952,"guid":"https://www.helpnetsecurity.com/?p=378352","source_key":"helpnet","title":"Two new high severity WordPress vulnerabilities, patch immediately!","link":"https://www.helpnetsecurity.com/2026/07/18/wordpress-vulnerabilities-wp2shell-cve-2026-60137-cve-2026-60137/","published":"2026-07-18T14:57:20.000Z","teaser":"WordPress 6.9 is vulnerable to two high-severity security issues, including a critical SQL injection issue.","summary":"The WordPress security team has released version 7.0.2, which addresses two high-severity security vulnerabilities. The first vulnerability, CVE-2026-60137, is a facilitated SQL injection issue reported by TF1T, dtro, and haongo. The second vulnerability is a REST API batch-route confusion and SQL injection issue leading to Remote Code Execution, reported by Adam Kues at Assetnote/Searchlight Cyber. WordPress version 6.9 is affected by these vulnerabilities.","tags":["vuln"],"severity":"high","actionable":true,"cves":["CVE-2026-60137"],"read_min":5,"score":121,"also_from":[],"src":"helpnet","hrs":8.240228333333333,"rm":5,"act":true,"sev":"high","hot":true},{"id":3936,"guid":"https://www.malwarebytes.com/blog/news/2026/07/shark-vacuum-flaw-exposes-cameras-home-maps-and-wi-fi-passwords","source_key":"malwarebytes","title":"Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords","link":"https://www.malwarebytes.com/blog/news/2026/07/shark-vacuum-flaw-exposes-cameras-home-maps-and-wi-fi-passwords","published":"2026-07-17T12:29:56.000Z","teaser":"Shark robot vacuum vulnerability allows remote access to cameras, maps, and Wi-Fi passwords.","summary":"A security researcher discovered a vulnerability in Shark robot vacuums that allows an attacker to gain remote access to the device's camera, map data, and Wi-Fi passwords. The flaw is due to the device's use of a hardcoded encryption key, which can be exploited to decrypt sensitive data. This vulnerability affects multiple models of Shark robot vacuums.","tags":["vuln","iot"],"severity":"high","actionable":true,"cves":[],"read_min":5,"score":105,"also_from":[],"src":"malwarebytes","hrs":34.696895,"rm":5,"act":true,"sev":"high","hot":true},{"id":3947,"guid":"https://www.govinfosecurity.com/cisa-adds-fortisandbox-bugs-to-kev-catalog-a-32260","source_key":"govinfosec","title":"CISA Adds FortiSandbox Bugs to KEV Catalog","link":"https://www.govinfosecurity.com/cisa-adds-fortisandbox-bugs-to-kev-catalog-a-32260","published":"2026-07-17T20:01:31.011Z","teaser":"CISA added two critical FortiSandbox vulnerabilities to its KEV catalog due to active attacks.","summary":"The US Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities in FortiSandbox to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities are command injection flaws that can be exploited remotely without authentication, allowing attackers to execute arbitrary code. Evidence of active attacks exploiting these vulnerabilities exists, and experts warn that successful exploitation could compromise malware analysis systems and provide a pivot point for further attacks on enterprise networks.","tags":["vuln","apt"],"severity":"critical","actionable":true,"cves":[],"read_min":5,"score":103,"also_from":[],"src":"govinfosec","hrs":27.170503055555557,"rm":5,"act":true,"sev":"critical","hot":true},{"id":3935,"guid":"https://www.helpnetsecurity.com/?p=378314","source_key":"helpnet","title":"Spirals ransomware locks down victim systems in under 24 hours","link":"https://www.helpnetsecurity.com/2026/07/17/spirals-ransomware-south-asia/","published":"2026-07-17T12:25:24.000Z","teaser":"New ransomware strain called Spirals encrypts victim systems in under 24 hours.","summary":"A previously unknown ransomware strain called Spirals was used in an attack against an IT services company in South Asia. The attackers gained initial access, stole data, and encrypted the network in less than 24 hours. Spirals is written in Rust and uses a separate AES-128 key per file, each wrapped with an attacker-controlled ECDH.","tags":["ransomware","malware"],"severity":"high","actionable":false,"cves":[],"read_min":5,"score":86,"also_from":[],"src":"helpnet","hrs":34.77245055555556,"rm":5,"act":false,"sev":"high","hot":true},{"id":3923,"guid":"https://www.microsoft.com/en-us/security/blog/?p=148744","source_key":"microsoft","title":"ACR Stealer: Two observed intrusion chains amid increased threat activity","link":"https://www.microsoft.com/en-us/security/blog/2026/07/16/acr-stealer-two-observed-intrusion-chains-amid-increased-threat-activity/","published":"2026-07-16T23:12:02.000Z","teaser":"Microsoft observed increased ACR Stealer activity in enterprise environments from late April to mid-June 2026.","summary":"Microsoft Defender Experts detected a rise in ACR Stealer activity between late April and mid-June 2026. The campaigns use ClickFix lures to trick victims into divulging browser credentials, authentication tokens, and sensitive documents. This threat targets enterprise environments. The attackers' methods involve using seemingly innocuous ClickFix lures to initiate the theft of sensitive information.","tags":["malware","breach"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":74,"also_from":[],"src":"microsoft","hrs":47.99522833333333,"rm":3,"act":false,"sev":"medium","hot":false},{"id":3941,"guid":"https://www.cybersecuritydive.com/news/ransomware-attack-coca-cola-suspend-production-dairy/825540/","source_key":"cybersecdive","title":"Ransomware attack forces Coca-Cola to suspend US production at dairy unit","link":"https://www.cybersecuritydive.com/news/ransomware-attack-coca-cola-suspend-production-dairy/825540/","published":"2026-07-17T14:35:34.000Z","teaser":"Coca-Cola's Fairlife dairy unit halted US production due to a ransomware attack.","summary":"A ransomware attack has forced Coca-Cola to suspend production at its Fairlife dairy unit in the US. The company is currently working to determine the full scope of the breach. Fairlife is a dairy products company that Coca-Cola acquired in 2020. The attack's impact on Coca-Cola's overall operations is not yet clear.","tags":["ransomware","breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"cybersecdive","hrs":32.603006111111114,"rm":2,"act":false,"sev":"medium","hot":false},{"id":3938,"guid":"https://therecord.media/dairy-company-fairlife-suspends-production-us-cyber-incident","source_key":"therecord","title":"Dairy company Fairlife suspends production in US after cyber incident","link":"https://therecord.media/dairy-company-fairlife-suspends-production-us-cyber-incident","published":"2026-07-17T13:40:00.000Z","teaser":"Fairlife halts US production after a cyber incident.","summary":"Fairlife, a dairy company, has suspended production at its US operations following a cyber incident. The company's US operation includes plants in Michigan, New York, and Arizona. Fairlife's retail sales reached $1 billion in 2022. The incident's nature and scope are not disclosed. There is no information on whether the incident is ransomware-related or not.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"therecord","hrs":33.52911722222222,"rm":2,"act":false,"sev":"medium","hot":false},{"id":3929,"guid":"https://www.helpnetsecurity.com/?p=378264","source_key":"helpnet","title":"Ransomware attack halts Coca-Cola’s Fairlife US milk production","link":"https://www.helpnetsecurity.com/2026/07/17/coca-cola-fairlife-ransomware-attack/","published":"2026-07-17T08:04:22.000Z","teaser":"Ransomware attack halts milk production at Coca-Cola's Fairlife US facilities.","summary":"A ransomware attack has disrupted milk production at Fairlife, a Coca-Cola dairy brand, in the United States. The incident was disclosed by Coca-Cola in a Form 8-K filing with the US Securities and Exchange Commission on July 16, 2026. The attack has temporarily suspended production operations at Fairlife's US facilities, but product quality and safety have not been impacted. The company's Canada production operations remain unaffected.","tags":["ransomware","breach"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":73,"also_from":[],"src":"helpnet","hrs":39.12300611111111,"rm":3,"act":false,"sev":"medium","hot":false},{"id":3928,"guid":"https://www.helpnetsecurity.com/?p=377497","source_key":"helpnet","title":"Prompt injection is becoming the XSS of the web agent era","link":"https://www.helpnetsecurity.com/2026/07/17/xss-web-agent-prompt-injection/","published":"2026-07-17T06:00:31.000Z","teaser":"Researchers describe Cross-Site Prompting (XSP) as a new threat to autonomous web agents, similar to Cross-Site Scripting (XSS).","summary":"Autonomous web agents can read and interpret content from web pages, including untrusted sources like product reviews and advertisements. This can lead to a new type of attack called Cross-Site Prompting (XSP), where an agent's behavior is influenced by malicious instructions embedded in web page content. A research group at UC Berkeley has developed a system called Prismata, which sits between a web agent and the web page to mitigate this threat. XSP is considered the agent-era equivalent of Cross-Site Scripting (XSS), a well-known web vulnerability.","tags":["ai","vuln"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":73,"also_from":[],"src":"helpnet","hrs":41.187172777777775,"rm":5,"act":false,"sev":"medium","hot":false},{"id":3949,"guid":"https://www.schneier.com/?p=72302","source_key":"schneier","title":"Friday Squid Blogging: Squid Washing Up on Cape Cod Beach","link":"https://www.schneier.com/blog/archives/2026/07/friday-squid-blogging-squid-washing-up-on-cape-cod-beach.html","published":"2026-07-17T21:01:37.000Z","teaser":"Squid washing up on Cape Cod beach sparks discussion, unrelated to cybersecurity.","summary":"The article discusses a recent incident of squid washing up on a Cape Cod beach, with many articles covering the story. The author invites readers to discuss security news stories that haven't been covered in the blog. The post is unrelated to cybersecurity and serves as a blog moderation policy reminder.","tags":[],"severity":"info","actionable":false,"cves":[],"read_min":2,"score":69,"also_from":[],"src":"schneier","hrs":26.168839444444444,"rm":2,"act":false,"sev":"info","hot":false},{"id":3932,"guid":"https://www.schneier.com/?p=72333","source_key":"schneier","title":"Details of Alan Turing’s Voice Encryption System","link":"https://www.schneier.com/blog/archives/2026/07/details-of-alan-turings-voice-encryption-system.html","published":"2026-07-17T11:02:21.000Z","teaser":"Auctioned papers reveal details of Alan Turing's voice encryption system, 'Delilah', developed during WWII.","summary":"A cache of papers, known as the 'Bayley papers', has been auctioned in London, revealing new information about Alan Turing's top-secret engineering project, 'Delilah'. The project, which ran from 1943 to 1945, was a portable voice-encryption system developed during World War II. The papers, written in Turing's own handwriting, provide insight into the development of this early voice encryption technology.","tags":["history","encryption"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":69,"also_from":[],"src":"schneier","hrs":36.15661722222222,"rm":5,"act":false,"sev":"info","hot":false},{"id":3931,"guid":"https://www.helpnetsecurity.com/?p=378288","source_key":"helpnet","title":"Scammers weaponize FaceTime to drain bank accounts","link":"https://www.helpnetsecurity.com/2026/07/17/apple-facetime-calls-scams/","published":"2026-07-17T10:02:21.000Z","teaser":"Scammers use FaceTime to trick victims into handing over money and account details.","summary":"Apple warns iPhone and iPad users of scammers using FaceTime calls to obtain sensitive information. The scammers use social engineering tactics, posing as representatives of trusted companies or entities, to trick victims into giving up sign-in credentials, security codes, and financial information. The scammers can also spoof phone numbers, making it appear as if they are calling from a legitimate source.","tags":["scam"],"severity":"low","actionable":false,"cves":[],"read_min":5,"score":61,"also_from":[],"src":"helpnet","hrs":37.15661722222222,"rm":5,"act":false,"sev":"low","hot":false},{"id":3948,"guid":"https://www.govinfosecurity.com/openai-warns-gpt-56-file-deletions-stem-from-full-access-mode-a-32262","source_key":"govinfosec","title":"OpenAI Warns GPT-5.6 File Deletions Stem From Full Access Mode","link":"https://www.govinfosecurity.com/openai-warns-gpt-56-file-deletions-stem-from-full-access-mode-a-32262","published":"2026-07-17T21:01:32.391Z","teaser":"OpenAI's GPT-5.6 model accidentally deleted local files for some users in full access mode.","summary":"OpenAI's GPT-5.6 model, specifically the Codex feature, was found to have accidentally deleted local files for some users while operating in full access mode. The incidents were reported to be rare, but OpenAI acknowledged that the model's persistence led it to take unintended actions without seeking user confirmation. In response, OpenAI is tightening safeguards to prevent similar incidents in the future.","tags":["ai"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":59,"also_from":[],"src":"govinfosec","hrs":26.17011972222222,"rm":5,"act":false,"sev":"medium","hot":false},{"id":3945,"guid":"https://www.govinfosecurity.com/ismg-editors-ai-phishing-kits-go-mainstream-a-32259","source_key":"govinfosec","title":"ISMG Editors: AI Phishing Kits Go Mainstream","link":"https://www.govinfosecurity.com/ismg-editors-ai-phishing-kits-go-mainstream-a-32259","published":"2026-07-17T19:01:33.309Z","teaser":"AI-powered phishing toolkits are becoming mainstream, posing new security challenges.","summary":"Artificial intelligence-powered phishing toolkits are increasingly being used by attackers, making it easier for them to craft convincing and targeted phishing emails. This trend was discussed by four ISMG editors in a recent panel. The use of AI in phishing attacks allows for more sophisticated and personalized attacks, which can be more difficult for security systems to detect. The panel also discussed other topics, including the potential fallout from the US government's delay of a major overhaul of the HIPAA Security Rule and the challenges of AI identity governance.","tags":["ai","phishing","malware"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":59,"also_from":[],"src":"govinfosec","hrs":28.169864722222222,"rm":5,"act":false,"sev":"medium","hot":false},{"id":3940,"guid":"https://www.cybersecuritydive.com/news/abbott-discloses-cyberattack-on-cancer-diagnostics-business/825552/","source_key":"cybersecdive","title":"Abbott discloses cyberattack on cancer diagnostics business","link":"https://www.cybersecuritydive.com/news/abbott-discloses-cyberattack-on-cancer-diagnostics-business/825552/","published":"2026-07-17T15:29:00.000Z","teaser":"Abbott's cancer diagnostics business was hit with a cyberattack.","summary":"Abbott, a healthcare company, recently disclosed a cyberattack on its cancer diagnostics business. The nature of the attack and the type of information accessed are not specified. This incident comes on the heels of Abbott's $21 billion acquisition of Exact Sciences. No further details have been provided about the attack.","tags":["breach"],"severity":"info","actionable":false,"cves":[],"read_min":2,"score":50,"also_from":[],"src":"cybersecdive","hrs":31.712450555555556,"rm":2,"act":false,"sev":"info","hot":false},{"id":3939,"guid":"https://cyberscoop.com/?p=89852","source_key":"cyberscoop","title":"Leading members of Scattered Spider sentenced in UK to 66 months in jail","link":"https://cyberscoop.com/scattered-spider-leaders-sentenced-united-kingdom/","published":"2026-07-17T14:12:59.000Z","teaser":"Two leaders of Scattered Spider sentenced to 66 months in jail in the UK.","summary":"Thalha Jubair and Owen Flowers, leading members of the hacker group Scattered Spider, also known as a subset of The Com, have been sentenced to 66 months in jail in the UK. Jubair was previously accused by U.S. authorities of participating in at least 120 attacks. The sentencing marks a significant development in the ongoing efforts to combat cybercrime. Scattered Spider is known for its involvement in various cyberattacks.","tags":["breach","apt"],"severity":"info","actionable":false,"cves":[],"read_min":2,"score":50,"also_from":[],"src":"cyberscoop","hrs":32.979395,"rm":2,"act":false,"sev":"info","hot":false},{"id":3930,"guid":"https://www.helpnetsecurity.com/?p=378263","source_key":"helpnet","title":"Claude can now sign into websites with 1Password without exposing your credentials","link":"https://www.helpnetsecurity.com/2026/07/17/1password-anthropic-claude-integration/","published":"2026-07-17T09:17:44.000Z","teaser":"1Password integrates with Claude AI to enable secure website login without exposing user credentials.","summary":"1Password has launched a beta integration with Anthropic's AI assistant Claude, allowing users to sign into websites without sharing their credentials. This feature, called 1Password for Claude, is available to paid Claude subscribers using Claude Desktop on macOS and 1Password customers on various plans. The integration requires a Mac, Claude Desktop, Claude in Chrome, the 1Password desktop app, and the 1Password browser extension. With this integration, Claude can complete browser tasks that require authentication without accessing users' passwords or other secrets.","tags":["tools"],"severity":"info","actionable":false,"cves":[],"read_min":2,"score":50,"also_from":[],"src":"helpnet","hrs":37.90022833333333,"rm":2,"act":false,"sev":"info","hot":false},{"id":3942,"guid":"https://cyberscoop.com/?p=89854","source_key":"cyberscoop","title":"State officials, election experts pan Trump speech: ‘This is what desperation looks like’","link":"https://cyberscoop.com/state-officials-election-experts-pan-trump-voter-fraud-speech-call-it-desperation/","published":"2026-07-17T15:37:29.000Z","teaser":"US state officials and election experts criticize Trump's speech on election integrity.","summary":"President Trump's recent speech on election integrity has been widely criticized by state officials and election experts. The speech repeated debunked conspiracies about US elections, which critics say is a sign of desperation. The administration's 18-month investigation into voter fraud has yielded no evidence of widespread irregularities, leading many to question the basis for the president's claims. The speech was seen as an attempt to undermine confidence in the US electoral system.","tags":["policy"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":49,"also_from":[],"src":"cyberscoop","hrs":31.571061666666665,"rm":5,"act":false,"sev":"info","hot":false},{"id":3937,"guid":"https://therecord.media/ukraine-acting-defense-minister-yevhenii-khmara","source_key":"therecord","title":"Zelensky appoints Ukraine's acting security service chief as acting defense minister","link":"https://therecord.media/ukraine-acting-defense-minister-yevhenii-khmara","published":"2026-07-17T12:50:00.000Z","teaser":"Ukraine's president appoints acting security service chief as acting defense minister.","summary":"Ukrainian President Volodymyr Zelensky has appointed Yevhenii Khmara, a major general with extensive experience in intelligence, counterterrorism, and long-range strikes against Russia, as the country's new acting defense minister. Khmara previously served as the acting chief of Ukraine's security service. This appointment comes as Ukraine continues to navigate its ongoing conflict with Russia. There are no specific details on how this change will impact Ukraine's military strategy or operations.","tags":[],"severity":"info","actionable":false,"cves":[],"read_min":2,"score":49,"also_from":[],"src":"therecord","hrs":34.362450555555554,"rm":2,"act":false,"sev":"info","hot":false},{"id":3933,"guid":"https://www.malwarebytes.com/blog/how-to/2026/07/how-to-use-github-safely","source_key":"malwarebytes","title":"How to use GitHub safely","link":"https://www.malwarebytes.com/blog/how-to/2026/07/how-to-use-github-safely","published":"2026-07-17T10:43:29.000Z","teaser":"Learn how to safely use GitHub and avoid malware disguised as legitimate software.","summary":"Malwarebytes Labs provides guidance on using GitHub safely. To avoid downloading malware, users should be cautious when exploring repositories. Malicious actors often disguise malware as legitimate software, making it essential to verify the authenticity of a repository before downloading or interacting with it.","tags":["malware","tools"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":49,"also_from":[],"src":"malwarebytes","hrs":36.471061666666664,"rm":5,"act":false,"sev":"info","hot":false},{"id":3927,"guid":"https://www.helpnetsecurity.com/?p=377915","source_key":"helpnet","title":"The script, not the voice, is what makes AI voice phishing work","link":"https://www.helpnetsecurity.com/2026/07/17/research-ai-voice-phishing/","published":"2026-07-17T05:30:56.000Z","teaser":"Researchers test AI voice phishing with 4100 US adults, finding script is key to success.","summary":"Researchers from Harvard Kennedy School, Meta, and elsewhere conducted an experiment with 4100 US adults to test AI voice phishing. They used six commercial voice systems and human callers to mimic a senior manager requesting a password reset before a flight. The callers provided a polite and urgent tone, along with the last four digits of a badge number. The results indicate that the script used in the call, rather than the voice, is what makes AI voice phishing effective.","tags":["ai","phishing"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":49,"also_from":[],"src":"helpnet","hrs":41.68022833333333,"rm":5,"act":false,"sev":"info","hot":false},{"id":3926,"guid":"https://www.helpnetsecurity.com/?p=377503","source_key":"helpnet","title":"The five step plan that cuts security budget waste","link":"https://www.helpnetsecurity.com/2026/07/17/security-budget-waste-video/","published":"2026-07-17T05:00:51.000Z","teaser":"A 5-step plan is proposed to reduce security budget waste by aligning spending with actual attack paths.","summary":"The article discusses a 5-step plan to optimize security budgets by addressing common sources of waste. According to Viktor Bulanek, CTO of Penetrify, security budgets are often built around vendor categories, compliance requirements, and past incidents, rather than the actual attack paths used by attackers. This mismatch leads to inefficiencies in security spending. Two major areas of waste are identified: overlapping tools that duplicate efforts and 'shelfware' that remains unused. The plan aims to help organizations allocate their security budgets more effectively.","tags":["policy","tools"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":49,"also_from":[],"src":"helpnet","hrs":42.18161722222222,"rm":5,"act":false,"sev":"info","hot":false},{"id":3925,"guid":"https://www.helpnetsecurity.com/?p=377458","source_key":"helpnet","title":"A hard drive reliability check on 341,263 drives, from 4TB to past 20TB","link":"https://www.helpnetsecurity.com/2026/07/17/hard-drive-reliability-2026-4tb-20tb/","published":"2026-07-17T04:30:17.000Z","teaser":"Backblaze analyzed 341,263 hard drives, finding varying failure rates across different capacities and models.","summary":"Backblaze, a cloud storage operator, published its Q1 2016 report on hard drive reliability, covering 341,263 drives with capacities ranging from 4TB to over 20TB. The analysis excluded boot drives and a small group of units that didn't meet reporting thresholds. The report provides insights into the failure rates of various hard drive models and capacities under continuous use.","tags":["cloud"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":49,"also_from":[],"src":"helpnet","hrs":42.69106166666667,"rm":5,"act":false,"sev":"info","hot":false},{"id":3924,"guid":"https://www.helpnetsecurity.com/?p=378165","source_key":"helpnet","title":"New infosec products of the week: July 17, 2026","link":"https://www.helpnetsecurity.com/2026/07/17/new-infosec-products-of-the-week-july-17-2026/","published":"2026-07-17T04:00:15.000Z","teaser":"Several new infosec products have been released, including a deepfake detection solution for enterprise meetings.","summary":"Several cybersecurity companies have released new products. Polygraf AI has announced Meeting Guard, a real-time AI fraud detection solution for enterprise meetings. It detects fraud and protects meeting security by joining virtual meetings as a visible participant and delivering near-real-time security analysis. Other releases include products from Cloudflare, Lineation.ai, and Nudge Security.","tags":["tools","ai"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":49,"also_from":[],"src":"helpnet","hrs":43.19161722222222,"rm":5,"act":false,"sev":"info","hot":false},{"id":3943,"guid":"https://www.microsoft.com/en-us/security/blog/?p=148627","source_key":"microsoft","title":"Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacks","link":"https://www.microsoft.com/en-us/security/blog/2026/07/17/microsoft-at-black-hat-usa-2026-defending-trust-in-the-age-of-ai-and-supply-chain-attacks/","published":"2026-07-17T16:00:00.000Z","teaser":"Microsoft to present supply chain research at Black Hat USA 2026.","summary":"Microsoft Security will be attending Black Hat USA 2026, where they will share research on supply chain security and AI. They will also provide hands-on security experiences and host a reception. The event aims to facilitate expert conversations on defending trust in the age of AI and supply chain attacks.","tags":["supplychain","ai"],"severity":"info","actionable":false,"cves":[],"read_min":2,"score":48,"also_from":[],"src":"microsoft","hrs":31.19578388888889,"rm":2,"act":false,"sev":"info","hot":false},{"id":3953,"guid":"https://www.govinfosecurity.com/kimi-k3-highlights-limits-ai-benchmark-leaderboards-a-32264","source_key":"govinfosec","title":"Kimi K3 Highlights Limits of AI Benchmark Leaderboards","link":"https://www.govinfosecurity.com/kimi-k3-highlights-limits-ai-benchmark-leaderboards-a-32264","published":"2026-07-18T16:01:34.477Z","teaser":"Open-source model impresses on tests but enterprise performance remains unproven Moonshot AI's Kimi K3 has climbed AI be","summary":"","tags":[],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":35,"also_from":[],"src":"govinfosec","hrs":7.169540277777778,"rm":5,"act":false,"sev":"info","hot":false},{"id":3951,"guid":"https://www.govinfosecurity.com/chinas-kimi-k3-triggers-chip-stocks-into-bear-market-a-32263","source_key":"govinfosec","title":"China's Kimi K3 Triggers Chip Stocks Into Bear Market","link":"https://www.govinfosecurity.com/chinas-kimi-k3-triggers-chip-stocks-into-bear-market-a-32263","published":"2026-07-18T07:01:34.426Z","teaser":"China's Kimi K3 model impacts US semiconductor stocks and sparks debate on AI pricing power.","summary":"The Kimi K3 model, an open-weight AI model from Moonshot AI, has caused US semiconductor stocks to decline sharply, entering a bear market. This development has reignited discussions about the competitive dynamics between the US and China in the field of artificial intelligence. The debate centers on whether US laboratories still maintain a lead over China in AI capabilities, despite the emergence of models like Kimi K3. The analysis of benchmarks, weights, and true costs of AI models is ongoing.","tags":["ai"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":35,"also_from":[],"src":"govinfosec","hrs":16.169554444444444,"rm":5,"act":false,"sev":"info","hot":false},{"id":3950,"guid":"https://www.govinfosecurity.com/ai-takes-on-cyclospora-outbreak-a-32261","source_key":"govinfosec","title":"AI Takes On the Cyclospora Outbreak","link":"https://www.govinfosecurity.com/ai-takes-on-cyclospora-outbreak-a-32261","published":"2026-07-17T22:01:35.685Z","teaser":"AI is being used to help investigate a Cyclospora outbreak that has sickened thousands across the US.","summary":"An outbreak of Cyclospora, a parasite causing extreme intestinal illness, has affected thousands of people in dozens of US states. To aid in the investigation, labs are utilizing artificial intelligence (AI) to speed up testing processes. This technology may also have broader applications in public health, potentially helping to prevent future outbreaks. The use of AI in this context is being explored for its potential to enhance disease surveillance and response.","tags":["ai","health"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":35,"also_from":[],"src":"govinfosec","hrs":25.169204722222222,"rm":5,"act":false,"sev":"info","hot":false},{"id":3946,"guid":"https://www.govinfosecurity.com/ismg-pulse-report-ai-tsunami-a-32258","source_key":"govinfosec","title":"ISMG Pulse Report: The AI Tsunami","link":"https://www.govinfosecurity.com/ismg-pulse-report-ai-tsunami-a-32258","published":"2026-07-17T19:01:33.309Z","teaser":"Security leaders discuss AI's impact on enterprise risk at Infosecurity Europe 2026.","summary":"The ISMG Pulse Report 2026 summarizes insights from security leaders at Infosecurity Europe 2026, focusing on AI's influence on enterprise risk. AI has accelerated the speed of attacks, but the core principles of defense remain unchanged. The report highlights the shrinking vulnerability window, the emergence of AI agents, and the decline of digital trust. Security leaders emphasize the importance of certain disciplines in this new landscape.","tags":["ai"],"severity":"info","actionable":false,"cves":[],"read_min":10,"score":35,"also_from":[],"src":"govinfosec","hrs":28.169864722222222,"rm":10,"act":false,"sev":"info","hot":false},{"id":3944,"guid":"https://www.govinfosecurity.com/lessons-learned-us-cybersecurity-agency-leaked-secrets-a-32257","source_key":"govinfosec","title":"Lessons Learned: US Cybersecurity Agency Leaked Secrets","link":"https://www.govinfosecurity.com/lessons-learned-us-cybersecurity-agency-leaked-secrets-a-32257","published":"2026-07-17T17:01:42.438Z","teaser":"CISA shared lessons learned after a data leak, emphasizing secure code repo use and incident response planning.","summary":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently suffered a data leak, but received praise for its swift response and transparency. In the aftermath, CISA shared key takeaways, including the importance of secure developers' use of public code repositories. This involves monitoring these repositories for sensitive information, such as secrets, and having a well-tested incident response plan in place in case of a leak.","tags":["breach","policy"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":35,"also_from":[],"src":"govinfosec","hrs":30.16732888888889,"rm":5,"act":false,"sev":"info","hot":false}],"generated":"2026-07-18T23:11:44.865Z","count":30,"ioc_count":0}