Thursday, July 16, 2026 at 08:09 AM GMT+8
From the desk · Daily take
KT

Two zero-day patches this week make the same argument from opposite directions. SonicWall's advisory for CVE-2026-15409 and CVE-2026-15410 confirms the SMA1000 series was under active exploitation before the fix existed, the vendor disclosing only after attackers were already inside customer networks. Microsoft's July release covers 622 CVEs, the largest Patch Tuesday on record, with three zero-days and more than 60 rated critical. One vendor is telling customers a hole was open and used against them. The other is telling customers to triage a number that exceeds what most security teams can review in the ten days before next month's cycle starts the count over.

The SonicWall case is the sharper one: SMA1000 appliances sit at the network edge doing remote access, which means exploitation there is a credential and session foothold, not a data leak from some peripheral service. Patch now closes CVE-2026-15409 and CVE-2026-15410, but it does not tell a defender whether the box was already used before the patch existed, and SonicWall's advisory does not specify one. Microsoft's 622 does not need a metaphor. It needs a triage order, and the order is: the three zero-days first, the critical-rated among the other 619 next, and everything else after August's cycle resets the backlog again.

SonicWall is a confirmed-exploited zero-day with silent disclosure, Microsoft is unexploited volume triage, treating them as arguing the same point from opposite directions papers over that they are different threats requiring different desk responses. Split them into two items or drop the framing that yokes them together. — WR
Permalink →
FROM THE CYBER DESK · WEEKLY COLUMN
KT
Hong Kong's Passkey Mandate Is a Market Filter
SFC Circular 26EC35 reads as a phishing fix, but its two-tier compliance clock will do more to reshape Hong Kong's 13 licensed platforms than any breach this year.
Read the column → All columns
CISA Sounds Alarm: SharePoint Zero Days Under Active Attack
CISA warns admins to patch actively exploited SharePoint flaws BleepingComputer
CYBER INTEL
THE WANG REPORT · CYBERSECURITY BREAKING NEWS & REGULATORY WATCH
CYBER INTEL SCORE 36 MODERATE | KEV 7d 0 | CRIT/HIGH 85% | APAC-FSI 2% | EPSS HEAT 69 Source: NVD + CISA KEV · 220 CVEs
CVE SPOTLIGHT Last updated: 12 Jun 2026 · Updated daily · Full feed →
CRITICAL 9.8
Microsoft Windows Buffer Overflow Vulnerability
KEV Microsoft KEV listed 2026-05-20
CRITICAL 9.8
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
KEV WebPros KEV listed 2026-04-30
CRITICAL 10.0
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
KEV Cisco KEV listed 2026-05-14
HIGH 8.8
Microsoft Internet Explorer Use-After-Free Vulnerability
KEV Microsoft KEV listed 2026-05-20
CRITICAL 9.8
Marimo Remote Code Execution Vulnerability
KEV Marimo KEV listed 2026-04-23
Ranked by: CISA KEV status + APAC financial-services & OT sector relevance + CVSS score + EPSS exploit probability. Source: NVD + CISA KEV. Updated daily.
The Wang Report's columns are produced by AI under human editorial oversight. See our Editorial Standards.