Cybersecurity Daily: News & Threats · 17 Jul 2026 · 5 min

LegacyHive Zero-Day, SonicWall CVSS 10.0 & Sandworm's Clickfix Pivot

A Windows zero-day landed hours after Patch Tuesday closed, SonicWall appliances are under active CVSS 10.0 attack chains, and Russia's Sandworm is deploying malware through fake CAPTCHAs. Six stories from the past 24 hours — breaches, ransomware, and the disclosure friction that keeps defenders exposed.

Cybersecurity Daily: News & Threats
Now Playing
LegacyHive Zero-Day, SonicWall CVSS 10.0 & Sandworm's Clickfix Pivot

Audio is available on Spreaker — see link below.

What's covered

Patch Tuesday Zero-Day Escape

A Windows zero-day dropped hours after Microsoft's July patch cycle closed. Not before.

Listen now →

SonicWall CVSS Ten Zero-Days

While the disclosure debate plays out, two zero-days with CVSS scores of ten point zero are already being actively exploited. That's the maximum severity rating, and in this case it's warranted.

Listen now →

Microsoft's 622-Patch Cycle

Patch Tuesday itself landed with unusual weight this cycle. Six hundred and twenty-two vulnerabilities patched in a single release is a significant volume.

Listen now →

Romania Land Registry Breach

In Romania, the national land registry system was compromised on July fourteenth. The ANCPI e-Terra platform went down, stalling real estate transactions across the country.

Listen now →

Sandworm Clickfix Ukraine Campaign

Russia's Sandworm group has shifted tactics in a way worth paying attention to. The group, typically associated with sophisticated targeted operations, is now deploying malware through fake CAPTCHA prompts.

Listen now →

NuGet Abuse and Spirals Ransomware

Two shorter developments worth tracking. Eleven malicious NuGet packages disguised as game cheats were found dropping Windows surveillance payloads, along with a remote access trojan called Starland RAT and a command-and-control implant called WLDR.

Listen now →

Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.

More episodes

From Cybersecurity Daily: News & Threats