Rogue Agent, a critical vulnerability in GCP Dialogflow CX disclosed by Varonis Threat Labs, allows attackers to inject persistent malicious code via Playbook Code Blocks. The flaw requires only dialogflow.playbooks.update permission and enables conversation exfiltration, phishing attacks, and credential theft. Code Block logic executed in a shared Cloud Run environment, permitting cross-agent compromise. Google received disclosure in November 2025, deployed an initial fix in April 2026, and fully resolved the issue by June 2026 with no confirmed prior exploitation.
Alerts — July 2026
Januscape (CVE-2026-53359), a 16-year-old use-after-free vulnerability in KVM's shadow MMU, enables guest-to-host escape on systems with nested virtualization enabled. Discovered by researcher Hyunwoo Kim via Google's kvmCTF bug bounty program, the flaw allows root access on the host machine. The vulnerability affects both Intel and AMD processors and has been present since kernel 2.6.36 (August 2010). Patches are available; organizations should update immediately or disable nested virtualization if patching is delayed.
Active social engineering campaign targets Microsoft Teams users via fake IT support calls. Threat actors impersonate helpdesk personnel using external Teams accounts to convince victims to enable screen sharing and install legitimate remote access tools. Attackers then deploy malicious MSI installers that fetch Node.js and execute EtherRAT, a cross-platform remote access trojan capable of command execution, data exfiltration, and persistence. EtherRAT uses Ethereum smart contracts to fetch C2 addresses, complicating remediation. Campaign publicly documented by Palo Alto Networks Unit 42 as of July 2026.
Canvas learning management system experienced a cyberattack affecting the University of Illinois and thousands of other institutions. Personal data was potentially compromised in the breach, with details indicating wide-scale impact across educational institutions using the platform.
CVE-2026-45504 is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server 2019 that allows authenticated low-privileged users to read arbitrary files via improper URL validation in the OneDriveProUtilities component. The flaw stems from unsafe handling of user-controlled input in WOPI (Web Application Open Platform Interface) URL processing, enabling attackers to chain the vulnerability through malicious attachment references to access sensitive files such as configuration data and credentials. A proof-of-concept exploit has been publicly released.
- Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attack(opens in a new tab)
- Microsoft: Microsoft Exchange SSRF Vulnerability Details Release(opens in a new tab)
Microsoft issued a security advisory for CVE-2026-53045, a high-severity Linux kernel flaw in the NVIDIA Tegra124 memory controller driver (CVSS 7.8). The vulnerability, a reversed bit check in the EMC driver, affects Windows Subsystem for Linux 2 (WSL2) and Azure Linux VMs with Tegra124 hardware. Exploitation can cause kernel panics, data corruption, and potentially privilege escalation. Microsoft advises updating WSL kernels and Azure container images.
CVE-2026-45499 describes a critical server-side request forgery (SSRF) vulnerability in Azure OpenAI with CVSS score 9.9. An authenticated attacker can exploit the flaw to send arbitrary requests to internal network resources, potentially escalating privileges within the environment. No public proof-of-concept or patch details were available at publication on July 2, 2026.
Claude Code allegedly contains a covert mechanism that detects usage in specific corporate and AI research environments, including those operated by Alibaba, Baidu, ByteDance, and Moonshot AI. According to reverse-engineering claims posted on June 30, the tool inspected proxy settings and system time zones against embedded lists and silently encoded detection signals via system prompt modifications since version 2.1.91 (April 2, 2026). Anthropic acknowledged the detection feature was intended to prevent account abuse and model distillation, stating remediation was underway by July 1. The allegation prompted Alibaba to announce a ban on Claude Code effective July 10, 2026.
- Alibaba to Ban Claude Code at Work Over Alleged Backdoor Securit(opens in a new tab)
- Alibaba bans Claude Code over security concerns | Cybernews(opens in a new tab)
- Alibaba bans use of Anthropic’s Claude Code over alleged securit(opens in a new tab)
- Alibaba (BABA) Bans Claude Code Amid Rising Security and Backdoo(opens in a new tab)
- Alibaba to block Claude Code in workplace amid reported security(opens in a new tab)
- Alibaba to ban Claude Code in workplace over alleged security ri(opens in a new tab)
A critical vulnerability (CVE-2026-46817) in Oracle E-Business Suite is under active exploitation in the wild. Approximately 900–950 internet-facing EBS instances have been identified globally, with DefusedCyber observing real-world attack attempts. The flaw enables remote code execution and affects systems handling sensitive financial, HR, and operational data. Attackers appear to have reverse-engineered Oracle's patch before public disclosure.
- 900+ Oracle E-Business instances Exposed Online Amid Active Vuln(opens in a new tab)
- 950 Oracle E-Business Suite Instances Exposed as CVE-2026-46817 (opens in a new tab)
- CVE-2026-46817: Oracle EBS Payments Vulnerability Exploited(opens in a new tab)
Security researcher zer0dac disclosed a vulnerability chain in ChatGPT combining a guardrail bypass with path traversal in the file download mechanism, potentially allowing access to restricted system files. The vulnerability exploited inconsistent path normalization and social engineering of the LLM to bypass deletion policies. OpenAI remediated the issue by redesigning the URL download flow, with practical impact limited by sandboxing but highlighting a critical vulnerability class in AI-generated backend endpoints.
A pseudonymous researcher published a GitHub repository called 'Exploitarium' containing over 30 proof-of-concept exploits for undisclosed zero-day vulnerabilities in open-source projects including Libssh2, FFmpeg, Gitea, MyBB, PHP, and others, without coordinating with maintainers. At least 12 exploits have been assigned CVE identifiers, with CVE-2026-55200 (libssh2 pre-auth RCE, CVSS 9.2) confirmed under active exploitation. The researcher justified the public disclosure approach as educational but acknowledged it enables malicious use.
Security researcher zer0dac disclosed a vulnerability chain in ChatGPT combining a guardrail bypass with path traversal through the file download mechanism. The exploit involved social engineering the LLM to generate a valid download URL and then appending traversal sequences to access restricted system files. OpenAI has remediated the issue by redesigning the URL download flow; practical impact was limited by sandbox restrictions.
- ChatGPT File Download Flow Vulnerability Could Be Abused to Acce(opens in a new tab)
- ChatGPT Guardrail Bypass Vulnerability Exposes LFI Risk Through (opens in a new tab)
CISA confirmed on July 2, 2026, that attackers are actively exploiting CVE-2026-45659, a high-severity remote code execution vulnerability in Microsoft SharePoint. The deserialization flaw requires only basic authenticated access (Site Member permissions) and was patched in May 2026. Over 10,000 SharePoint servers remain exposed online, with no visibility into remediation coverage.
- CISA: Microsoft SharePoint RCE flaw now actively exploited(opens in a new tab)
- U.S. CISA adds a Microsoft SharePoint Server flaw to its Known E(opens in a new tab)
- CISA Warns of Actively Exploited Microsoft SharePoint Vulnerabil(opens in a new tab)
- SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exp(opens in a new tab)
- CISA adds SharePoint flaw to known exploited vulnerabilities lis(opens in a new tab)
- CISA Warns of Actively Exploited Microsoft SharePoint Vulnerabil(opens in a new tab)
CVE-2026-45659, a high-severity remote code execution vulnerability in Microsoft SharePoint Server, was added to CISA's Known Exploited Vulnerabilities catalog on July 1, 2026, following confirmed active exploitation. The flaw stems from improper deserialization of untrusted data and affects SharePoint Server Subscription Edition, 2019, and Enterprise Server 2016 (patched May 2026). Authenticated attackers with minimum Site Member permissions can execute arbitrary code on vulnerable systems; the threat group and exploitation details remain unknown. CISA mandates that U.S. federal agencies patch by July 4, 2026.
- SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exp(opens in a new tab)
- CISA: Microsoft SharePoint RCE flaw now actively exploited(opens in a new tab)
- CISA Warns Actively Exploited Microsoft SharePoint RCE Flaw Requ(opens in a new tab)
- CISA Warns of Actively Exploited Microsoft SharePoint Vulnerabil(opens in a new tab)
- CISA adds SharePoint flaw to known exploited vulnerabilities lis(opens in a new tab)
- SharePoint RCE CVE-2026-45659: Why CISA's Urgent Alert Raises Qu(opens in a new tab)
Microsoft released patches for CVE-2026-33825 (BlueHammer), a Microsoft Defender privilege escalation vulnerability, on April 14, 2026. CISA added the flaw to its Known Exploited Vulnerabilities catalog on April 22 and has now updated the entry to confirm active exploitation in ransomware campaigns. Authenticated attackers can escalate privileges to disable defenses, move laterally, or prepare systems for encryption. No details on specific ransomware groups have been publicly disclosed.
CVE-2026-33825 (BlueHammer), a privilege escalation vulnerability in Microsoft Defender, is actively exploited in ransomware campaigns. The flaw was disclosed April 2 and patched April 14, 2026. CISA's Known Exploited Vulnerabilities catalog was recently updated to confirm ransomware activity. The vulnerability requires authenticated access but enables attackers to escalate privileges, disable defenses, and move laterally within compromised environments.
Researchers discovered multiple trojanized proof-of-concept exploits on GitHub delivering ChocoPoC, a Python-based remote access trojan targeting cybersecurity researchers. The malware is embedded via malicious Python packages ('frint' and 'skytext') listed as dependencies that are automatically fetched from PyPI upon cloning the malicious repositories. When executed, the compiled native extension decrypts and runs embedded Python code to steal data and execute commands.
- ChocoPoc malware delivered via trojanized exploits on GitHub(opens in a new tab)
- Trojanized GitHub PoC Repositories Deliver ChocoPoC Malware to S(opens in a new tab)
CVE-2025-49715 is an unauthenticated information disclosure vulnerability in Microsoft Dynamics 365 FastTrack Implementation Assets that exposes personally identifiable information (PII) to remote attackers with no authentication required. The vulnerability affects widely-used implementation templates and configuration scripts that organizations often deploy directly to production. Microsoft's MSRC advisory contains conflicting CVE identifiers (CVE-2025-49715 vs CVE-2025-55238), potentially delaying remediation efforts. Organizations should apply patches immediately and rotate any exposed credentials.
Security researchers at LayerX disclosed a vulnerability in AI safety guardrails that can be bypassed using mathematical attacks. The vulnerability was disclosed to multiple AI agent vendors, and OpenAI has successfully patched the issue while other vendors had not addressed it as of early July 2026.
Active password spray campaign targeting Azure CLI is compromising Microsoft 365 user accounts. Between June 12-21, attackers made over 81 million login attempts originating from systems associated with LSHIY hosting provider, successfully compromising at least 78 user accounts across 64 organizations. Attackers rely on compromised password combo lists and are increasing credential spray attack volumes across Microsoft 365 environments.