Content
01. News Bites
-
Microsoft’s record July Patch Tuesday fixes 570 flaws and three Zero-Days
-
Spanish Police dismantle €140 million BEC and investment fraud network
-
UK and EU impose first joint cyber sanctions on Russian Networks
-
Critical Zoom flaw could allow attackers to hijack accounts
-
CISA warns of active attacks targeting SharePoint servers
02. Conclusion
Microsoft’s record July Patch Tuesday fixes 570 flaws and three Zero-Days
Microsoft’s July 2026 Patch Tuesday fixes a record 570 vulnerabilities, including two zero-day flaws actively exploited in attacks and one publicly disclosed issue.
The update addresses 59 critical vulnerabilities, including 48 remote code execution flaws, nine elevation of privilege issues, one security feature bypass and one spoofing vulnerability. In total, Microsoft patched 254 elevation of privilege flaws, 145 remote code execution vulnerabilities, 102 information disclosure issues, 35 denial-of-service flaws, 17 security bypass vulnerabilities and 16 spoofing bugs.
The actively exploited zero-days affect Active Directory Federation Services and Microsoft SharePoint Server, both allowing attackers to gain elevated privileges. Microsoft also fixed a publicly disclosed BitLocker bypass that could enable someone with physical access to retrieve encrypted data.
Microsoft warned Patch Tuesday totals may continue rising as its AI-powered vulnerability discovery system identifies weaknesses across the Windows codebase before attackers can exploit them. Organisations should prioritise testing and deploying security updates.
Spanish Police dismantle €140 million BEC and investment fraud network
Spanish police have dismantled an industrial-scale cybercrime and money-laundering network linked to €140 million in investment fraud and business email compromise attacks.
Four suspects were arrested across Spain, Portugal and Panama following an international operation supported by Europol and Interpol. Investigators say the group controlled more than 800 bank accounts and 120 business accounts, while relying on at least 67 external accomplices acting as money mules.
The network allegedly used CEO fraud and false-invoice scams to impersonate senior executives, redirect payments and deceive businesses into transferring funds to accounts controlled by the criminals. The stolen money was then rapidly moved through chains of accounts across several countries to conceal its origin.
Authorities searched properties in Barcelona, Girona, Tarragona and Porto, seizing 15 computers and more than 170 smartphones. Police also froze €3 million in criminal proceeds, which is expected to be made available to victims.
UK and EU impose first joint cyber sanctions on Russian Networks
The UK and EU have announced their first joint cyber sanctions package targeting Russian state agencies, cybercriminals and proxy networks accused of conducting attacks and spreading disinformation across Europe.
The measures target 24 individuals and entities, including senior figures within Russia’s GRU military intelligence service and members of cybercriminal networks linked to Russian intelligence operations.
The UK and EU also attributed a failed attack on Poland’s energy grid to Russia’s FSB Centre 16. Authorities warned the incident could have disrupted electricity supplies to around 500,000 people during winter.
Sanctions also target individuals linked to Lumma Stealer, malware used to steal sensitive information and login credentials from compromised devices. More than 2,100 UK victims were reportedly identified within six months.
Further measures were imposed on figures behind Rybar LLC, a Russian state-backed media organisation accused of spreading anti-Ukraine disinformation and interfering in European elections.
Critical Zoom flaw could allow attackers to hijack accounts
Zoom has issued security updates for a critical Windows vulnerability that could allow an unauthenticated attacker to take control of user accounts remotely.
Tracked as CVE-2026-53412, the improper input validation flaw carries a critical severity score of 9.8 out of 10. It affects Zoom Workplace for Windows versions before 7.0.0, several versions of the Zoom VDI Client and the Meeting SDK for Windows before version 7.0.0.
Zoom has not released technical details about how the vulnerability could be exploited. However, its advisory warns that an unauthenticated attacker could conduct an account takeover through network access.
The latest updates also address three high-severity Windows vulnerabilities that could allow authenticated local users to escalate their privileges. These affect Zoom Workplace, Zoom Rooms, the VDI Client and Plugin, and Zoom Contact Center.
There is currently no evidence that any of the vulnerabilities have been exploited. Users and organisations should install the latest Zoom updates immediately.
CISA warns of active attacks targeting SharePoint servers
CISA has warned that attackers are actively exploiting three vulnerabilities affecting internet-exposed, on-premises Microsoft SharePoint Server systems.
The flaws, tracked as CVE-2026-32201, CVE-2026-45659 and CVE-2026-56164, affect all supported self-hosted SharePoint versions. Attackers can reportedly chain the vulnerabilities to bypass authentication, execute code remotely and establish persistence on compromised servers.
Observed activity includes the theft of Internet Information Services machine keys and the deployment of malware. Shadowserver currently tracks almost 10,000 internet-exposed SharePoint servers, with more than 800 still unpatched against two of the vulnerabilities.
CISA has urged organisations to apply Microsoft’s latest security updates, confirm patches were installed correctly, enable SharePoint’s Antimalware Scan Interface integration and monitor systems for signs of compromise.
Security teams should also restrict external access, rotate compromised machine keys and place exposed servers behind application-layer security controls.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
Disclaimer
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.