| ~7 MIN READ |
|
570 patches in one Patch Tuesday is either great news (Microsoft's AI found the bugs before attackers did) or terrifying news (there were 570 bugs to find). This week also proved AI lowers the bar for building ransomware just as fast as it lowers the bar for finding vulnerabilities, and that even professional criminals have a code of conduct they're embarrassed to break.
AI just proved it cuts both ways in the same week: it's helping Microsoft find bugs at record speed, and it's helping mediocre criminals build ransomware they couldn't code themselves. The tools got better. The skill floor didn't rise with them. PS: Was this forwarded to you? Subscribe free at exzeccyber.com/subscribe → |
|
In this edition
|
PATCH TUESDAY
🩹 Microsoft's AI Found So Many Bugs It Broke Its Own Patch Record
Intro
Microsoft shipped fixes for 570 vulnerabilities this Patch Tuesday, the largest release in company history. That's either great news or terrifying, depending on what you believe found them first.
What Happened
The July 14 update patched 59 Critical flaws and three zero-days: two under active attack (Active Directory Federation Services, SharePoint Server) and one public (a BitLocker bypass). Microsoft credits a new AI-powered discovery system for the record volume.
Why It Matters
More bugs found by defenders means fewer sold to attackers first, but IT teams now triage more disclosed flaws per month on a patch window that keeps shrinking.
The Other Side
A record patch count could just as easily mean Windows had more bugs than anyone realized, and AI is only now catching up.
TL;DR: Microsoft's AI bug hunter found 570 flaws in one release, three already being exploited.
Further reading: BleepingComputer
|
|
See the whole platform. No guided tour.
Skip the sales call. Walk through Gladly's interface yourself — the AI suggestions, the unified customer view, the full conversation thread. 15 minutes, no installation, no commitment.
|
|
|
Dictate code. Wispr tags the files.
Speak your PR description, bug reproduction, or Cursor prompt. Wispr Flow auto-tags file names, preserves variable names, and formats everything for immediate paste into GitHub, Jira, or your editor.
No re-typing. No context gaps. No mangled syntax. Works natively inside Cursor, Warp, and every IDE at the system level.
4x faster than typing. 89% of messages sent with zero edits. Used by engineering teams at OpenAI, Vercel, and Clay.
Strange but real
⚽ Egyptian Hacktivists Broke Into Argentina's Football Federation Over a World Cup Loss
Intro
A World Cup elimination is rough. For some fans, apparently it's rough enough to justify breaking into a national football federation's entire IT stack.
What Happened
A group calling itself All Egyptian Cyber Warriors compromised the Argentine Football Association after Egypt was eliminated by Argentina in a contested Round of 16 match. The attackers got "profound administrative control": database panels, training HQ portals, media systems, competition management tools, all of it, then blasted mass emails from AFA's own domains accusing Argentina of stealing the win.
Why It Matters
Security firm Hudson Rock traced the access back to an infostealer infection on a developer's device from September 2025, ten months before the match. Whoever had those credentials either sat on them for months or went looking the moment Egypt lost.
The Other Side
A grudge match over VAR calls is a strange motive, but the mechanism is depressingly ordinary: one infected laptop, one set of stale credentials, one organization that never rotated them.
TL;DR: Egyptian hacktivists broke into Argentina's football federation to protest a World Cup loss, using year-old stolen credentials nobody had rotated.
Further reading: The Register
|
David Joerg, Chess.com's AI/ML product manager, ran 30+ projects through Viktor in six weeks, from an AI phone-agent system to logistics and research, then onboarded six family members. Get Started for Free.


