Two actively exploited SonicWall zero-days — including a perfect CVSS 10.0 — headline a brutal week alongside Microsoft's record-breaking 570-patch July release. Identity systems, remote access infrastructure, and an unpatched Windows PoC are all under fire right now.
Audio is available on Spreaker — see link below.
Two zero-days are being actively exploited right now in SonicWall's Secure Mobile Access appliances, and one of them carries a perfect CVSS score of ten point zero. That's not a theoretical risk.
Microsoft's July Patch Tuesday set a record. More than five hundred and seventy vulnerabilities fixed in a single release, with between fifty-seven and sixty-three rated critical.
Two of Microsoft's three zero-days this cycle are confirmed under active exploitation, and both target identity and access systems. CVE-2026-56164 is a missing authentication flaw in SharePoint Server that allows privilege escalation.
Hours after Patch Tuesday, a researcher operating under the name Chaotic Eclipse released a working privilege escalation exploit for Windows. The vulnerability, called LegacyHive, abuses the User Profile Service to load an arbitrary hive.
The third zero-day this cycle is CVE-2026-50661, a BitLocker bypass. An attacker with physical access can use it to circumvent Device Encryption and read protected data.
The near-term watchpoints are clear. Patch SonicWall SMA one thousand series immediately.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.