17 July 2026

8 min read

Critical vulnerabilities drive urgent patching across SonicWall and Microsoft products | Cyber Intelligence Briefing – 17 July 2026

July 2026
Critical vulnerabilities drive urgent patching across SonicWall and Microsoft products | Cyber Intelligence Briefing – 17 July 2026 placeholder thumbnail

Top news stories this week

  1. Patch now. Critical vulnerabilities drive urgent patching across SonicWall and Microsoft products
  2. Hanging by a thread. Cyberattack pushes German textile firm into insolvency 
  3. Hallucination Goes to Court. Alleged AI hallucination sparks lawsuit against cyber security firm
  4. GitHub malware. Fake repositories lure users into downloading
  5. Law and disorder. Law enforcement disrupts major cyber fraud operations
  6. Congrats! You’ve been sanctioned. The European Union, United Kingdom, and United States sanction multiple people and entities linked to cyber criminal activity

1. Critical vulnerabilities drive urgent patching across SonicWall and Microsoft products 

SonicWall has released urgent security fixes for two vulnerabilities which are being actively exploited. The vulnerabilities affect specific SMA1000 software versions. Separately, Microsoft has released security updates for 570 vulnerabilities. The unusually high number of vulnerabilities is likely due to Microsoft's increased use of AI-powered vulnerability discovery tools, which are used to identify security flaws before threat actors can exploit them. 

So what?

Organisations should apply patches to the affected systems as soon as possible, prioritising the network perimeter systems and systems affected by zero-day flaws to reduce the risk of cyber-attacks.

[Researcher: Milda Petraityte]  


2. Cyberattack pushes German textile firm into insolvency after six-week outage

The German textile manufacturer, ZEGO, has filed for insolvency after a cyberattack in March forced production offline for nearly six weeks. The prolonged outage created financial pressures it could not recover from, making it one of the latest examples where operational disruption, rather than data theft or ransom payments, proved to be commercially devastating.

So what?

Cyberattacks can become existential when they disrupt core operations for extended periods. For organisations reliant on manufacturing or service delivery, resilience, recovery planning, and the ability to restore critical processes quickly can mean the difference between a temporary disruption and a business-ending event.

[Researcher: Jenny Eysert]  


3. Alleged AI hallucination sparks lawsuit against cyber security firm

MeetingTV is suing Palo Alto Networks and its subsidiary Koi Security, alleging that a threat report produced with AI support incorrectly linked the company to a Chinese cyber espionage campaign. The alleged misattribution led security vendors to block MeetingTV's domains, disrupting operations and impacting the business. Palo Alto Networks disputes the claim, maintaining that its findings were not solely based on AI-generated analysis.

So what?

AI is not infallible. Practitioners using AI to support cyber threat intelligence should ensure findings are validated through human review before publication. Once a domain is added to a threat intelligence feed, many security products will automatically block it, and reversing the resulting operational and reputational impact can be difficult.

[Researcher: Steve Ross]


Zywave Cyber Incident Response Team of the Year Vote - 2026

 

4. Hundreds of fake GitHub repositories mimic genuine software to spread malware

Researchers uncovered 292 malicious GitHub repositories impersonating legitimate software, security tools, and cryptocurrency services to distribute infostealer malware. Using convincing branding, trust badges, and fake download pages, the campaign tricked victims into downloading software that stole passwords, browser data, cryptocurrency wallet information, and other sensitive data.

SO WHAT? 

As organisations adopt autonomous tools capable of sourcing and executing code, fake or malicious repositories could present a heightened risk.

[Researcher: Gabriella Nolan]


5. Law enforcement disrupts major cyber fraud operations

The Spanish National Police, supported by Europol and Interpol, has dismantled a cybercrime and money laundering network that allegedly generated approximately EUR 140 million through investment fraud and business email compromise (BEC) schemes. 


Separately, the UK’s National Crime Agency (NCA) charged five individuals in connection with the Russian Coms platform, a cybercrime service that enabled fraudsters to impersonate trusted organisations through sophisticated vishing attacks, deceiving victims into transferring funds or revealing sensitive information.

So What?

These arrests highlight the scale and organisation of today's cybercriminal ecosystem, where specialist services enable fraud at scale. Organisations should treat business email compromise (BEC), investment fraud, and vishing as persistent threats, and ensure robust payment verification procedures, fraud detection controls, and incident response processes are in place.

[Researcher: Tlhalefo Dikolomela]


6. EU, UK, and US governments sanction individuals associated with malware hacks

The EU and UK has sanctioned various Russian hackers including those linked to prolific groups such as Conti and Trickbot. The sanctions also target a number of Russian military intelligence officers believed to have directed or supported cyber operations.

Separately, the US OFAC has announced sanctions on two individuals and an entity for facilitating ransomware attacks. The measures target suppliers that provide ransomware groups with tooling, bulletproof infrastructure, and other forms of operational support. 

SO WHAT? 

Some threat actors and their associates may be subject to international sanctions, meaning that ransom payments could expose organisations to legal and regulatory consequences. Organisations should leverage threat intelligence and specialist third-party support to identify sanctioned entities and assess legal risks during a ransomware incident.

[Researcher: Adelaide Parker]

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.