
Patchapalooza packs a punch.
Patch Tuesday. SonicWall urges immediate patching of actively exploited vulnerabilities. The White House launches an AI-backed vulnerability clearinghouse. The Air Force contends with widespread cybersecurity quarantines. The UK and EU blame Russia for last year’s cyberattack on Poland’s power grid. Meta faces accusations of AI-assisted layoffs. NATO allies collaborate in space. The Pentagon offers paid cyber apprenticeships. Spanish police dismantle a cybercrime and money-laundering network. Our guest is Clark Frogley, Global Head of Fraud at Quantexa and former FBI agent, discussing the fraud-as-a-service economy and what banks are missing. Grok Build users data is cloudy with a chance of uploads.
Today is Wednesday July 15th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
Patch Tuesday.
Yesterday was Patch Tuesday, and it was a doozy. Microsoft’s July Patch Tuesday delivered fixes for more than 570 vulnerabilities, nearly triple the record-breaking total from the previous month. The company attributed the surge to artificial intelligence accelerating vulnerability discovery, a trend Microsoft expects to continue. Among the fixes were nearly 60 critical flaws and three zero-day vulnerabilities, including two already exploited in the wild. Researchers also highlighted a critical remote code execution flaw in Microsoft Copilot. Security experts warned that while AI is helping vendors identify and patch vulnerabilities faster, it is also enabling attackers to develop exploits more quickly, challenging traditional methods for assessing exploitability. Beyond Microsoft, Adobe released updates addressing 88 vulnerabilities across 12 products, while Siemens, Schneider Electric, and Rockwell Automation issued critical industrial control system patches. Google and Mozilla also updated Chrome and Firefox to fix critical browser flaws. Given the unusually large volume of updates, experts recommend backing up systems before patching and monitoring for any stability issues after deployment.
SonicWall urges immediate patching of actively exploited vulnerabilities.
SonicWall is urging customers to immediately patch two actively exploited SMA1000 vulnerabilities, CVE-2026-15409 and CVE-2026-15410, after confirming zero-day attacks. The flaws include a critical server-side request forgery (SSRF) vulnerability and a code injection bug that could enable arbitrary command execution. Affected SMA1000 appliances should be upgraded to the latest hotfixes, as no alternative mitigations are available. SonicWall has also published indicators of compromise, while CISA added both flaws to its Known Exploited Vulnerabilities catalog, requiring U.S. federal agencies to remediate affected systems by July 17.
The White House launches an AI-backed vulnerability clearinghouse.
The White House has launched Gold Eagle, an AI-backed vulnerability clearinghouse designed to improve coordination between government and industry on identifying, prioritizing, and remediating software vulnerabilities across critical infrastructure. Created under a June executive order, the initiative brings together the White House, CISA, the Departments of Treasury and Defense, and private-sector partners. While Gold Eagle is already processing vulnerability reports, officials have not disclosed participating companies, how many findings have been handled, or which agency will oversee daily operations. The administration also has not detailed how the program will interact with existing federal vulnerability efforts. The initiative reflects a broader push to use AI to accelerate vulnerability management as advanced cyber-focused AI models become more widely available and agencies face tighter deadlines for remediating high-risk security flaws.
The Air Force contends with widespread cybersecurity quarantines.
The U.S. Air Force is working to restore access for personnel after widespread cybersecurity quarantines locked many users out of their computers, in some cases for days. The quarantines are triggered when devices miss required software updates, part of an effort to strengthen defenses against evolving cyber threats. As patching frequency increases, employees are expected to install updates promptly or risk their devices being isolated from the network. Although quarantines are a longstanding security measure, the current disruption appears unusually large, with reports suggesting tens of thousands of devices may have been affected. The Air Force has not confirmed the scope of the issue but says the enforcement is part of routine network security maintenance. Affected users must often visit local IT support to restore access, causing operational delays across the service.
NATO is making a major push into space. New multinational partnerships, new satellite initiatives, and a growing focus on military resilience beyond Earth’s atmosphere. Maria Varmazis joins us with what these announcements could mean for the Alliance, and why space is becoming an increasingly important domain for collective defense.
At the NATO Summit Defense Industry Forum held in Ankara Turkey last week, eight NATO allies announced that they are launching a new multinational satellite constellation. It's called HALO, or the Hybrid Alliance Layered Operations in Space, and the purpose of this new proposed constellation is to strengthen secure and sovereign high-speed communications, intelligence and missile tracking for participating nations. The eight founding nations of HALO are Denmark, Canada, Finland, Germany, Norway, the Netherlands, Sweden and Turkey, with more countries expected to join. The announcement of the HALO project speaks to the urgency behind greater space sovereignty for the participating countries, and by pooling their resources for a shared constellation the eight countries hope to gain greater in-space responsiveness and more secure access to space assets at a lower cost. As this initiative has just launched, NATO says work now begins on mapping out requirements and planning the physical and software architecture of this constellation.
The UK and EU blame Russia for last year’s cyberattack on Poland’s power grid.
The UK and EU have formally attributed the December 2025 cyberattack on Poland’s power grid to Russia’s Federal Security Service (FSB), warning critical infrastructure operators to strengthen defenses against similar threats. The attempted attack, which sought to disrupt communications between renewable energy systems and grid operators, was unsuccessful but could have left hundreds of thousands without power. A joint advisory from the UK’s National Cyber Security Centre (NCSC) recommends disabling legacy SNMPv1 and SNMPv2 protocols, enabling SNMPv3, and disabling Cisco Smart Install to reduce exposure. The guidance highlights sectors at greatest risk, including energy, communications, healthcare, and government. Alongside the advisory, the UK and EU announced new sanctions targeting Russian intelligence officials, cybercriminals, and individuals linked to cyber operations supporting Russia’s broader campaign against Europe.
Meta faces accusations of AI-assisted layoffs.
Twenty-six current and former Meta employees have filed a federal lawsuit alleging the company used AI-assisted tools that disproportionately targeted workers with disabilities, those on medical leave, and caregivers during its recent layoffs. The plaintiffs claim Meta relied on metrics such as productivity scores and AI usage to rank employees for termination, disadvantaging workers who had taken protected leave. They are seeking a court order to temporarily halt the layoffs while pursuing their claims through arbitration. Meta denies the allegations, stating that workforce decisions were made by people, not AI. The lawsuit is believed to be the first major U.S. legal challenge alleging AI-driven discrimination in mass layoffs. It also claims Meta failed to test its AI systems for bias, potentially violating California and New York City regulations.
The Pentagon offers paid cyber apprenticeships.
The Pentagon has opened applications for its new Cyber Apprenticeship Program (Cyber RAP), a 12-month paid initiative aimed at recruiting aspiring cybersecurity professionals without requiring college degrees or prior cyber experience. Led by the Department of Defense’s Office of the Chief Information Officer, the program emphasizes aptitude, practical skills, and hands-on training over traditional credentials as the department seeks to expand its civilian cyber workforce. Apprentices will receive online instruction, lab exercises, mentorship, and industry-recognized certifications while preparing for roles such as cyber defense analysts and incident responders. Open to U.S. citizens eligible for security clearances, the positions offer an annual salary of $22,584. Applications close July 17, and participants who do not complete the program may be required to repay training costs under certain circumstances.
Spanish police dismantle a cybercrime and money-laundering network.
Spanish police have dismantled a cybercrime and money-laundering network that allegedly generated €140 million ($160 million) through investment fraud and business email compromise (BEC) scams. Four suspects were arrested in Spain, Portugal, and Panama during a multinational operation supported by Europol and Interpol. Investigators say the group used more than 800 bank accounts and dozens of money mules to launder stolen funds. Authorities seized computers and smartphones, froze €3 million in criminal proceeds for potential victim restitution, and believe they have dismantled the organization by arresting its key operators.
Grok Build users face cloudy uploads.
An AI safety researcher has prompted a swift course correction after discovering that Grok Build, SpaceXAI’s command-line coding tool, was quietly uploading entire code repositories, complete with Git history, to cloud storage, even when asked to do virtually nothing more than reply “OK.” That is one way to interpret “working behind the scenes.” After the findings gained widespread attention, SpaceXAI flipped a server-side setting that stopped the full-repository uploads, and Elon Musk pledged that all previously collected user data would be “completely and utterly deleted,” though that claim has not been independently verified. While the company points users to a /privacy command to manage data retention, the researcher argues the real fix was the backend configuration change and says developers should not have to opt out repeatedly. The episode underscores growing scrutiny of how AI coding tools handle sensitive source code by default.
Musk says the data will be deleted. As always, users will have to decide for themselves how much weight to give that assurance.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry. Learn how at n2k.com.
N2K’s lead producer is Liz Stokes. We’re mixed by Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.
