Cyber Security News

Start. Stay. Grow.

Curated daily. The latest hacks, breaches, and cyber trends—humanized.

Daily cyber brief

Hacking Editorial Brief — July 18, 2026

Windows LegacyHive Zero-Day and OpenSSL HollowByte Flaw Disclosed

Security researcher Nightmare Eclipse released a Windows zero-day exploit dubbed LegacyHive that grants attackers local privilege escalation to administrator access on fully patched Windows systems. The vulnerability exploits a flaw in the Windows User Profile Service, affecting current desktop and server versions. Separately, researchers disclosed HollowByte, a critical OpenSSL vulnerability that allows attackers to strand server memory using specially crafted 11-byte TLS requests on glibc-based systems. Despite the severity, OpenSSL maintainers patched the flaw without issuing a CVE identifier, security advisory, or changelog entry, complicating detection and remediation efforts for enterprise teams. Both disclosures add to an already turbulent week for defensive security teams managing Microsoft's record 570-vulnerability patch cycle.

Ernst & Young Breach and Microsoft Zero-Days Under Active Exploitation

Professional services firm Ernst & Young notified clients of a data breach after attackers compromised a third-party support platform and exfiltrated client documents. The incident underscores continued risk in supply chain and vendor access vectors. Meanwhile, Microsoft confirmed that two zero-day vulnerabilities disclosed earlier this week—CVE-2026-56155 in Active Directory Federation Services and CVE-2026-56164 in SharePoint Server—are already being exploited in active attack campaigns. Both flaws enable unauthorized access and remote code execution, with threat actors moving quickly to weaponize the vulnerabilities despite patches being available in Tuesday's release.


Sources: Bleeping Computer · The Hacker News · LinkedIn · Forbes

Around the Web

Last Updated: N/A

Hacker icon

Hacks + Heists

Chicago-based Fairlife pauses US production after ransomware cyberattack breaches milk ...

Chicago-based Fairlife has paused US production after a ransomware cyberattack breached the milk brand's systems. They're owned by Coca-Cola.

Read more →

Breaking Out of the 'We're Too Boring to Hack' Myth | Manufacturing.net

The plants getting burned are not those with the most valuable data - they're the ones that believed they had none.

Read more →

AI Music App Suno Got Hacked, Giving a Glimpse of Just How Much Music It Scraped

Per 404 Media, the hacker was able to get their hands on source code from Suno between 2023 and 2024, which seems to include scraping instructions and...

Read more →

Source Code Hack Reveals Suno's AI Was Trained on Millions of YouTube Songs - CNET

The hack allegedly confirms the suspicions of record labels and artists that their music is used in the creation of AI music.

Read more →

Finland issues wanted notice for hacker behind massive psychotherapy data breach

The Supreme Court's decision leaves in place a February Court of Appeal ruling that sentenced Kivimäki to nearly seven years in prison for hacking ...

Read more →
Cybersecurity icon

Big Cyber

Abbott discloses cyberattack on cancer diagnostics business - Cybersecurity Dive

The cyberattack follows Abbott's recent $21 billion purchase of Exact Sciences. Abbott did not disclose what kind of information was accessed.

Read more →

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint ...

Read more →

CISA Adds Two Known Exploited Vulnerabilities to Catalog

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding .....

Read more →

Cybersecurity Risks Grow for Agriculture - Red River Farm Network

As farms become more connected, cybersecurity is becoming a bigger concern. Chris Sherman, founder of Tech Support Farm, says many attacks ...

Read more →
Technology icon

Hard Tech

React2Shell (CVE-2025-55182)

A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically f...

Read more →

Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer

We discovered three vulnerabilities that when chained together, allow for complete remote compromise:

Read more →

Check Point - Wrong Check Point (CVE-2024-24919)

Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This ...

Read more →

Backdoor in XZ Utils allows RCE: everything you need to know - CVE-2024-3094

Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgentl...

Read more →

Loading...

The Cybersecurity Chronicles

‘The Cybersecurity Chronicles: 2024‘ pulls back the curtain on the digital threats that shaped our world last year, revealing the human stories behind the headlines. From art galleries frozen by ransomware to prison tablets hacked with a minus sign, from British Library archivists racing to protect centuries of knowledge to Spotify users meticulously curating their digital identities – these stories illuminate how cybersecurity touches every aspect of modern life.

Author Mark Nole weaves together intimate portraits of the people on all sides of the digital battlefield: the defenders working through sleepless nights to protect critical infrastructure, the victims grappling with stolen identities and lost savings, and even the attackers themselves, operating from nondescript offices with project management software and performance metrics.

Through detailed reporting and narrative storytelling, Nole reveals how 2024 became the year when cybersecurity stopped being just a technical problem and emerged as a fundamentally human challenge. Whether you’re a security professional or simply someone trying to understand our increasingly digital world, these chronicles offer an unprecedented look at how technology shapes – and sometimes betrays – our trust, our privacy, and our lives.

Mark Nole Book Cover for Cybersecurity book

Stay Updated with Cyber Security News

Get the latest cybersecurity headlines, breaking news, and expert insights delivered directly to your inbox. Stay ahead of threats and informed about the digital landscape.

Join thousands of cybersecurity professionals and enthusiasts. No spam, just valuable insights.