AI Security Digest
Aggregated ecosystem risk analysis
Vendor Watchlist
Tracking 0 critical integrations
Threat Stream Feed
Real-time security logs and system alerts
Cloudflare - Cloudflare Dashboard login issue
Jul 12, 09:43 UTC Investigating - Cloudflare is aware of and investigating an issue where some users are unable to login to the Cloudflare Dashboard. We are working to mitigate the problem and will update shortly.
Plaid - Elevated API errors
Status: ResolvedThis incident has been resolved.
Zoom - Network Maintenance in Vancouver Datacenter: July 11, 2026
Jul 11, 22:00 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 26, 02:06 PDT Scheduled - Zoom will perform network maintenance at our Vancouver data center(YVR). Users may experience an impact for a brief amount of time for the services mentioned.
Monday.com - Scheduled Maintenance on the US Server
THIS IS A SCHEDULED EVENT Jul 12, 05:00 - 06:00 UTC Jul 6, 20:50 UTC Scheduled - On Sunday, July 12th at 05:00 UTC, we will be performing scheduled maintenance on our platform in the US region. This maintenance is expected to last up to one hour.During this time, monday boards will intermittently be in read-only mode, where actions like creating items, editing boards, creating boards from templates, and changing board permissions will be temporarily unavailable.
New Relic - Scheduled Maintenance for the US & EU Regions - July 11th and July 18th, 2026
THIS IS A SCHEDULED EVENT Jul 12, 04:00 - 06:00 UTC Jul 6, 20:14 UTC Scheduled - We intend to perform scheduled maintenance on Sunday, July 12, 2026, and Sunday, July 19, 2026, from 04:00 UTC to 06:00 UTC (Saturday, July 11, and Saturday, July 18, from 09:00 PM PDT to 11:00 PM PDT). Customers in the US & EU regions can expect a short service interruption at some point during this timeframe which may include intermittent anomalies for the New Relic UI. We do not anticipate impact to data ingest...
Plaid - Service Disruption Impacting Chase connections
Status: ResolvedThis incident has been resolved.
Are AI coding agents becoming a new security risk inside engineering teams?
I keep seeing people talk about AI coding agents as a productivity tool, but I think we are under-discussing the security side. A normal code assistant suggests code. An agent can do much more. It can read your repo, edit files, run commands, call tools, open PRs, access tickets, check logs, maybe even touch secrets or deployment workflows depending on how it is set up. That changes the risk. At t...
SOC Analyst with 4 years of experience in incident response and threat detection — AMA
Hey r/cybersecurity, I've been working as a SOC Analyst for about 4 years, currently at a mid-size fintech company. My day-to-day involves triaging alerts, threat hunting across our SIEM, and building/tuning detection rules in Splunk. Some background: Certifications: Security+, currently studying for OSCP I got into the field after starting out in IT helpdesk, then moved into a junior SOC role I'v...
SendGrid - Contact Upload Delays in New Marketing Campaigns
Jul 11, 11:19 PDT Investigating - Starting around 9:50 AM PDT on July 11, 2026, our engineers began investigating an issue with New Marketing Campaigns Contact Uploads. Users may experience delays in their newly uploaded contact lists appearing or updating in the dashboard. This issue is isolated to a specific subset of our infrastructure, so it does not affect all users. Legacy Marketing Campaigns features remain entirely unaffected. This does not impact mail send. We will provide another upda...
Snowflake - INC20000085
Jul 11, 17:41 UTC Investigating - Current status: We're investigating an issue with Snowflake Data Cloud. We'll provide an update within 1 hour.Customer experience: Customers hosted in the specified regions may experience delays or intermittent failures when resuming or managing virtual warehouses. Existing warehouses that are already running may be unaffected.ETA: An ETA is not yet available. We'll provide one as soon as possible. In the meantime, we recommend that affected customers using rep...
Cloudflare - Pages Dashboard issues
Jul 11, 10:50 UTC Resolved - This incident has been resolved. Jul 11, 10:43 UTC Monitoring - A fix has been implemented and we are monitoring the results. Jul 11, 10:34 UTC Identified - The issue has been identified and a fix is being implemented. Jul 11, 10:22 UTC Investigating - Cloudflare is aware of and investigating an issue where users may not be able to view Pages deployments in the dashboard. We are working to mitigate this problem. More updates to follow shortly.
Plaid - Service Disruption Impacting Wells Fargo connections
Status: ResolvedThis incident has been resolved.
Mid-session today
Not sure if this is the right place to ask about this? I am worried about something that happened today. I had some sensitive data within my folder tree, which Claude Code(within VSCode) had access to. Should I report this to Anthropic? What happened? Was this 'malware'? Does anyone know what might have happened? Was my data leaked? ''A fabricated tool-result notification (spoofed to resemble a le...
Xero - Global: Xero - some customers may be experiencing issues in Xero
Jul 10, 22:44 UTC Resolved - Our team has resolved the issue impacting our customers experiencing errors in Xero. Our technical team identified this was caused by an outage that one of our external providers experienced. We apologise for any inconvenience this has caused. Jul 10, 22:21 UTC Monitoring - Our team has implemented a fix and we are currently monitoring the results. We apologise for any inconvenience this has caused. Jul 10, 21:24 UTC Identified - We have identified what is causi...
Sentry - Error ingestion degraded in US region
Jul 10, 22:43 UTC Investigating - We are currently investigating this issue.
Plaid - IDV Performance Degradation
Status: ResolvedThis incident has been resolved.
Plaid - Elevated Item add errors
Status: ResolvedThis incident has been resolved.Affected components API - Production (Operational)
Vercel - Increased Build failure rates
Jul 10, 21:22 UTC Monitoring - We've identified an issue where some customers may experience failed Builds beginning at 21:05 UTC.A rollback is in progress to mitigate this issue. We will provide additional updates as they become available.Failed deployments can be retried and should succeed.
Zoom - Zoom Support Maintenance (July 10, 2026)
Jul 10, 14:00 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jun 30, 16:48 PDT Scheduled - We will be performing maintenance on Zoom Support Ticketing and Knowledge Base. Users may experience degraded performance and up to 30 minutes of downtime for Zoom Support’s Knowledge Base and Ticketing during the maintenance window.
Xero - Global: Payroll - some customers may be experiencing errors when accessing Payroll
Jul 10, 20:19 UTC Resolved - Our team has resolved the issue impacting our customers experiencing errors in Xero. We apologise for any inconvenience this has caused. Jul 10, 19:57 UTC Monitoring - Our team has implemented a fix and we are currently monitoring the results. Jul 10, 18:16 UTC Investigating - We are aware that some customers trying to access Payroll in Xero are experiencing an error. Our team is investigating this with urgency.
Vercel - Erroneous budget notifications
Jul 10, 19:53 UTC Identified - We've identified and fixed the underlying issue, which was caused by a third-party SaaS provider. Our team is now unpausing deployments that were inadvertently paused as a result. Jul 10, 19:15 UTC Investigating - We've identified an issue where some customers may receive erroneous spend management budget notifications due to a spend management budget miscalculation. Affected teams with spend management budgets configured to pause projects may also experience pa...
Plaid - Service Disruption Impacting Wells Fargo connections
Status: ResolvedThis incident has been resolved.
Rippling - Some AI capabilities are unavailable
Jul 10, 17:37 UTC Investigating - Some AI capabilities, including building or editing AI dashboards, are unavailable.
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was
Zoom - Service Degradation Affecting My Notes for Third-Party Meetings in Europe and US Region.
Jul 10, 09:33 PDT Identified - We have successfully identified the root cause affecting My Notes for Third-Party Meetings in Europe and US Region.Our team is actively working on a resolution, and we will keep you informed with timely updates as progress is made. Thank you for your patience. Jul 10, 09:18 PDT Investigating - We are currently investigating a service degradation affecting My Notes for 3rd party in US and EU region.Our team is actively working to identify the impact and root caus...
Datadog - Delayed data streams data
Jul 10, 10:35 EDT Update - We are continuing to investigate the issue. Jul 10, 10:09 EDT Investigating - We are currently investigating an issue affecting Data Streams Monitoring (DSM) in our US1 datacenter. As a result, data stream latency metrics may be delayed or not updating for some users. If you have monitors configured on those metrics, they may fail to alert as expected during this incident. We are not aware of any data loss at this time. Our engineering team is actively working on a ...
Snowflake - INC20000082
Jul 10, 14:30 UTC Investigating - Current status: We're investigating an issue with Snowflake Data Cloud. We'll provide an update within 1 hour.Customer experience: Customers hosted in the specified regions may be unable to connect to Snowflake via private connectivity solutions, such as PrivateLink. Users may encounter connection errors or timeouts.ETA: An ETA is not yet available. We'll provide one as soon as possible. In the meantime, we recommend that affected customers using replication in...
CISA KEV Threat Intel Orchestrator
Every week, CISA adds newly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. For security teams, that usually means the same routine all over again: look up the CVE, understand what it does, write a Sigma rule, notify the SOC, and document everything. It's repetitive work, and depending on the vulnerability, it can easily take several hours. I wanted to see if that e...
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The
Cloudflare - BOG (Bogotá) on 2026-07-10
Jul 10, 10:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 9, 08:46 UTC Scheduled - We will be performing scheduled maintenance in BOG (Bogotá) datacenter on 2026-07-10 between 10:00 and 15:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location...
Xero - HMRC system maintenance (MTD IT)
THIS IS A SCHEDULED EVENT Jul 10, 08:00 UTC - Jul 13, 00:00 UTC Jun 22, 14:06 UTC Scheduled - HMRC is undergoing scheduled system maintenance for the Making Tax Digital for Income Tax service from 16:00 on Friday 10 July until 08:00 on Monday 13 July UTC.During this time the service will be unavailable.Please refer to the HMRC website for further information: https://www.gov.uk/government/publications/use-software-to-send-income-tax-updates-service-availability-and-issues/use-software-to-send...
ActiveCampaign - Custom Objects for APAC customers.
Jul 10, 01:57 CDT Investigating - Engineers are investigating an issue affecting Custom Objects for APAC customers. Additional information will be shared as the investigation progresses.
Zoom - Service Degradation Affecting Zoom Meeting Summaries for Hebrew language in Europe and US Region
Jul 9, 23:34 PDT Resolved - This incident has been resolved and the affected services have been restored. Jul 9, 23:22 PDT Monitoring - The service degradation affecting Zoom Meeting Summaries for Hebrew language in Europe and US Region has been successfully resolved. Our team will continue to monitor the situation closely and keep you informed of any further developments. Jul 9, 23:03 PDT Identified - We have successfully identified the root cause affecting Zoom Meeting Summaries for He...
Cloudflare - EWR (Newark) on 2026-07-10
THIS IS A SCHEDULED EVENT Jul 10, 06:00 - 14:00 UTC Jul 10, 04:03 UTC Scheduled - We will be performing scheduled maintenance in EWR (Newark) datacenter on 2026-07-10 between 06:00 and 14:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsew...
Cloudflare - ATL (Atlanta) on 2026-07-10
THIS IS A SCHEDULED EVENT Jul 10, 06:00 - 16:00 UTC Jul 9, 11:42 UTC Scheduled - We will be performing scheduled maintenance in ATL (Atlanta) datacenter on 2026-07-10 between 06:00 and 16:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over else...
Cloudflare - BCN (Barcelona) on 2026-07-10
THIS IS A SCHEDULED EVENT Jul 10, 02:00 - 06:00 UTC Jul 9, 16:06 UTC Scheduled - We will be performing scheduled maintenance in BCN (Barcelona) datacenter on 2026-07-10 between 02:00 and 06:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over el...
ActiveCampaign - Customer accounts hosted in APAC region are unavailable.
Jul 9, 19:49 CDT Identified - Customer accounts hosted in APAC region are unavailable. Engineers have identified the issue and a fix is being implemented.
Cloudflare - LHR (London) on 2026-07-10
Jul 10, 00:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 8, 15:28 UTC Scheduled - We will be performing scheduled maintenance in LHR (London) datacenter on 2026-07-10 between 00:00 and 16:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location...
Supabase - Degraded log ingestion
Jul 9, 23:34 UTC Investigating - We are currently investigating an issue affecting log ingestion across all regions. During this time, some logs may be delayed or unavailable.
MongoDB Atlas - Atlas Stream Processing is experiencing issues in Azure - West Europe
Jul 9, 23:03 UTC Investigating - We are currently investigating an issue affecting Stream Processing Azure West Europe. User initiated commands & workloads may see intermittent failures.
DigitalOcean - Kubernetes Deployments in NYC1
Jul 9, 20:31 UTC Investigating - Our Engineering team is investigating an issue affecting Kubernetes deployments in NYC1. Users may see intermittent DNS failures and NodeNotReady events from application workloads during this time.We apologize for the inconvenience, we'll share new information on this page as soon as it is available.
MongoDB Atlas - Atlas is experiencing issues with issuing certificates from Lets Encrypt
Jul 9, 19:37 UTC Investigating - We are currently investigating issues related to certificate issuing failures with Lets Encrypt. Tenant cluster provisioning is currently impacted.
SendGrid - Retroactive Incident: Global Open and Clicks Engagement Stat Delays
Jul 9, 11:50 PDT Monitoring - Starting around 1:16 AM PDT on July, 9 2026, our engineers began investigating an issue with global open and clicks engagement Stat delays. This does not impact EU region stats.However, all impact concerning the stat delays have since been mitigated 10:45am PDT on July, 9 2026. As our engineers have since implemented a fix and are monitoring system performance. We will provide another update in an hour or as soon as more information becomes available.
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub 'ghost' accounts that are often years old, or compromised OAuth tokens and personal
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in - allowScripts defaults to off, meaning
Cloudflare - NRT (Tokyo) on 2026-07-09
Jul 9, 15:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 7, 02:40 UTC Scheduled - We will be performing scheduled maintenance in NRT (Tokyo) datacenter on 2026-07-09 between 15:00 and 23:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location,...
Vercel - Delays loading Build Logs
Jul 9, 13:16 UTC Resolved - The issue affecting Build Logs has been resolved. Between Jul 8 19:05 UTC and Jul 9 13:16 UTC, some Pro customers using standard machine types may have experienced missing Build Logs.New builds after the impact period are unaffected.
Zoom - Subset of users might have experienced a delay with Zoom Phone Voicemail/Recording/Call Log and Live meeting dashboard in Europe region
Jul 9, 03:58 PDT Monitoring - On July 9, 2026, between 10:25 - 10:40 UTC, a subset of users may have experienced issues with delay with Zoom Phone Voicemail/Recording/Call Log and Live meeting dashboard in Europe region. This incident has been resolved and the affected services have been restored. Our team will continue to monitor the situation closely and keep you informed of any further developments.
MongoDB Atlas - Atlas Data Federation and Online Archive cloud-provider IAM authentication error
Jul 9, 10:57 UTC Identified - We have identified that the issue is caused by a recent configuration change to IAM authentication and are working on a fix. Jul 9, 10:23 UTC Investigating - Users of Atlas Data Federation and Online Archive using cloud-provider IAM authentication may see pipelines fail with an error when querying backing Atlas clusters. Other authentication methods are unaffected. As a temporary workaround, users can use SCRAM authentication.
How to deal with Trivy findings in third party images
We are using Trivy to scan all the images deployed in our clusters. We are also running SonarQube Community. Now Trivy finds 23 vulnerabilities with high severity. I am pretty sure that they are not exploitable and the SonarQube maintainers are looking into it. But how do you all handle this in automatic checks? Are you maintaining Trivy ignore files all by yourself (and keeping them up to date)? ...
Zoom - Zoom Push Notification Service Release: July, 2026 (No Operational Impact)
THIS IS A SCHEDULED EVENT Jul 9, 00:00 PDT - Jul 18, 03:00 PDT Jul 8, 01:43 PDT Scheduled - We will be performing scheduled maintenance to upgrade our Push Notification Service.No operational impact is expected. This maintenance includes the following enhancements and improvements:•Zoom Room status report enhancement.•Fixed an issue where the tracking ID was not being propagated when invoking downstream backend services.All services are expected to operate normally during the maintenance win...
Sumo Logic - Problem with CSE Processing Pipeline in Europe 1 (EU)
Jul 9, 06:54 UTC Investigating - We are currently investigating reports of problems with CSE Processing Pipeline. The symptoms are: latency in processing and displaying security data. We will provide more information soon.
Cloudflare - FRA (Frankfurt) on 2026-07-09
Jul 9, 06:15 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 9, 06:04 UTC Scheduled - We will be performing scheduled maintenance in FRA (Frankfurt) datacenter on 2026-07-09 between 06:15 and 08:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this locat...
Cloudflare - MIA (Miami) on 2026-07-09
Jul 9, 06:01 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 8, 07:24 UTC Scheduled - We will be performing scheduled maintenance in MIA (Miami) datacenter on 2026-07-09 between 06:00 and 11:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location,...
Cloudflare - DFW (Dallas) on 2026-07-09
Jul 9, 06:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 9, 03:56 UTC Scheduled - We will be performing scheduled maintenance in DFW (Dallas) datacenter on 2026-07-09 between 06:00 and 12:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location...
Expensify - Site Issue
Jul 9, 05:18 UTC Update - A fix has been implemented and we are monitoring results. Emails (including login security codes) should now be working again. Please report any issues to Concierge (concierge@expensify.com). Jul 9, 05:18 UTC Monitoring - A fix has been implemented and we are monitoring results. Emails (including login security codes) should now be working again. Please report any issues to Concierge (concierge@expensify.com). Jul 8, 22:19 UTC Update - A fix has been implemented...
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code and OpenAI's Codex when either is running in an autonomous mode that approves its own
GitHub - Delays starting Actions runs
Jul 9, 04:51 UTC Update - Approximately 5% of GitHub Actions runs on GitHub-hosted runners are experiencing run start delays exceeding 5 minutes. A small portion of these runs may fail after extended delays. We have identified the cause and are working on a mitigation. Jul 9, 04:34 UTC Investigating - We are investigating reports of degraded performance for Actions
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.
Cloudflare - FRA (Frankfurt) on 2026-07-09
Jul 9, 01:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 7, 19:04 UTC Scheduled - We will be performing scheduled maintenance in FRA (Frankfurt) datacenter on 2026-07-09 between 01:00 and 06:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this locat...
Cloudflare - VIE (Vienna) on 2026-07-09
Jul 9, 00:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 8, 15:24 UTC Scheduled - We will be performing scheduled maintenance in VIE (Vienna) datacenter on 2026-07-09 between 00:00 and 12:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location...
Cloudflare - CDG (Paris) on 2026-07-09
THIS IS A SCHEDULED EVENT Jul 9, 00:00 - 08:00 UTC Jul 6, 00:52 UTC Scheduled - We will be performing scheduled maintenance in CDG (Paris) datacenter on 2026-07-09 between 00:00 and 08:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhe...
DocuSign - Powerforms Intermittently Not Loading (Incident 5345)
Jul 8, 21:47 UTC Resolved - The incident has been resolved. Incident duration and timelines are subject to revision pending the results of any related investigation. Jul 8, 21:46 UTC Investigating - We are actively investigating this issue.
Vercel - Delays Processing Builds
Jul 8, 18:40 UTC Update - We are seeing signs of recovery and the affected build queue has started to drain.Some customers may continue to experience delayed build starts or builds stuck in an initializing state while recovery continues. We will provide additional updates as they become available. Jul 8, 18:05 UTC Investigating - We've identified an issue where some customers may experience delays in builds starting and/or builds stuck in an initializing state. We are currently investigatin...
Supabase - Elevated JWT authorization errors
Jul 8, 18:37 UTC Investigating - We are aware of reports of elevated legacy JWT authorization errors on edge functions in some regions
Cloudflare - Workers Builds Increased Failure Rate
Jul 8, 18:37 UTC Resolved - Cloudflare has identified and mitigated an issue which impacted a small subset of projects running Workers Builds between 2026-07-07 20:10 UTC to 2026-07-08 18:30 UTC.Customers experiencing the issue will have seen their builds fail with the error "A Worker named already exists in your account...".
Cloudflare - Workers Cron Triggers Issues
Jul 8, 18:30 UTC Resolved - Cloudflare has identified and mitigated an issue which impacted Workers cron triggers for some Workers between 2026-07-08 18:23 UTC to 2026-07-08 19:30 UTC.
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an attack. Decrypting browser credentials, listing what sits in Windows' credential store,
Cloudflare - KIX (Osaka) on 2026-07-08
Jul 8, 17:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 7, 12:20 UTC Scheduled - We will be performing scheduled maintenance in KIX (Osaka) datacenter on 2026-07-08 between 17:00 and 21:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location,...
Supabase - Project creation delays in AP regions
Jul 8, 16:52 UTC Investigating - We are aware of project creation taking longer than normal in AP regions. A retry should enable completion of creation for those impacted.
Drift Corpus: binary diffs of 240+ 2026 Windows kernel patches
Patch Tuesday confirms a CVE is fixed but not what changed in the binary, which function, which check, or whether it's a real fix or just churn. The Drift Corpus is a diff of 240+ 2026 Windows kernel patches. Per entry: the changed functions with assembly, the bug class and call chain, WinDbg breakpoints to reproduce, and a plain-English root cause. Browse: https://byteray-ai.github.io/drift-corp...
Plaid - Maintenance: Scheduled maintenance - JUL-15: infrastructure upgrades
Status: ScheduledPlaid is planning maintenance from 04:00 - 09:00 UTC on July 15th, 2026. During this window, there may be degradation to the following API endpoints which depend on real-time transactions data. Transactions updates may also be delayed. Transactions - /transactions/sync - /transactions/get - /transactions/refresh - /transactions/recurring/get Investments - /investments/transactions/get Liabilities - All Liabilities product endpoints Assets - /asset_report/create - /asset_repo...
Zoom - Service Degradation Affecting Zoom Healthcare Integration services in US Region
Jul 8, 08:52 PDT Monitoring - The issue affecting users' ability to sync appointments with Zoom Healthcare Integration in US region has been successfully resolved. Our team will continue to monitor the situation closely and keep you informed of any further developments. Jul 8, 08:02 PDT Identified - We have successfully identified the root cause affecting users' ability to sync appointments with Zoom Healthcare Integration in US region.We are working with our vendor to resolve the issue. We...
Cloudflare - Cloudflare Dashboard and Cloudflare API service issues - Turnstile Widgets
Jul 8, 15:00 UTC Resolved - Between the times of 14:40 and 15:00 (UTC) on 2026-07-08 Cloudflare experienced issues with the listing of Turnstile widgets via the Dashboard and API. These requests may have failed and/or 500 errors may have been displayed.
New Ghost Phishing Wave Is Breaking Traditional Email Security
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft 365 access, sensitive data, and response time
SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed
GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps "Verified." Everything a reviewer would check matches. The commit's hash does not. That matters
GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code
An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple. The models they tested through Copilot, Claude from Anthropic, and Gemini from Google, refused
China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices. According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat (APT) actor that's responsible for maintaining and proliferating LapDogs, an ORB network that first came to light in June 2025.
Cloudflare - LAX (Los Angeles) on 2026-07-08
Jul 8, 09:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 7, 13:36 UTC Scheduled - We will be performing scheduled maintenance in LAX (Los Angeles) datacenter on 2026-07-08 between 09:00 and 14:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this loc...
Cloudflare - DFW (Dallas) on 2026-07-08
Jul 8, 06:00 UTC In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 7, 10:18 UTC Scheduled - We will be performing scheduled maintenance in DFW (Dallas) datacenter on 2026-07-08 between 06:00 and 12:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location...
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of the
Cloudflare - TLL (Tallinn) on 2026-07-08
THIS IS A SCHEDULED EVENT Jul 8, 02:00 - 07:00 UTC Jul 7, 06:38 UTC Scheduled - We will be performing scheduled maintenance in TLL (Tallinn) datacenter on 2026-07-08 between 02:00 and 07:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsew...
Cloudflare - Network Performance Issues in London
Jul 8, 01:56 UTC Monitoring - A fix has been implemented and we are monitoring the results. Jul 8, 01:56 UTC Investigating - Cloudflare is investigating issues with Network Performance in London. Some customers may experience increased latency or timeouts for the uksouth Azure region.We are working to analyze and mitigate this problem. More updates to follow shortly.
Zoom - Zoom FileServer Release: July, 2026 (No Operational Impact)
Jul 7, 18:00 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 3, 05:59 PDT Scheduled - We will be performing a scheduled maintenance for a upgrade related to our file services. This update covers multiple file-related components and is aimed at improving overall stability, scalability, and feature support.No operational impact is expected. This maintenance introduces the following new features and improvements:1. Smoother client-sid...
Cloudflare - VIE (Vienna) on 2026-07-08
THIS IS A SCHEDULED EVENT Jul 8, 00:00 - 12:00 UTC Jul 7, 11:40 UTC Scheduled - We will be performing scheduled maintenance in VIE (Vienna) datacenter on 2026-07-08 between 00:00 and 12:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewh...
Cloudflare - CDG (Paris) on 2026-07-08
THIS IS A SCHEDULED EVENT Jul 8, 00:00 - 08:00 UTC Jul 5, 23:44 UTC Scheduled - We will be performing scheduled maintenance in CDG (Paris) datacenter on 2026-07-08 between 00:00 and 08:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhe...
Extract, Knock Offline, and Take Over Bluetooth Devices with Just a Laptop
Most Bluetooth devices are paired and set to non-discoverable after initial setup; since general discovery scans are what most people and OSes disable. The Whisper Pair exploit (CVE-2025-36911) bypasses this by connecting via BLE and writing a forged Fast Pair pairing request (0x00 + random 64-byte public key + nonce) to the key-based pairing characteristic (UUID 1236). It then writes a fake...
DocuSign - Errors accessing the sending web application (Incident 5334)
Jul 7, 20:55 UTC Investigating - A small subset of customers may see errors accessing the sending web application. We are actively investigating the underlying cause.
Asana - Errors loading the Asana web app for some users in US
Jul 7, 18:49 UTC Identified - We are seeing errors for part (about 10%) of users in US for the Asana webapp. We've identified the root cause and are working on identifying a resolution.
Zoom - Zoom Chat Update
Jul 7, 10:00 PDT In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary. Jul 7, 09:48 PDT Scheduled - We will be providing an update to Zoom Chat Backend Service. There will be no operational impact. All services will be available during this scheduled update (ZR status might be displayed as offline in the service logs but no operational impact).
Rippling - Site performance is degraded
Jul 7, 16:51 UTC Investigating - We are investigating degraded performance of the Rippling app loading. We will share an update in the next 10 minutes.
Monday.com - Investigating issues with platform latency/slowness.
Jul 7, 15:45 UTC Investigating - We are currently experiencing issues related to platform latency/slowness. Our dedicated team is working to resolve this as quickly as possible
Cloudflare - Cloudflare Registrar operations issues
Jul 7, 15:41 UTC Investigating - Cloudflare is aware of and investigating an issue with Cloudflare Registrar that may prevent customers from registering, renewing, updating and transferring domains.Further detail will be provided as more information becomes available.
DocuSign - Intermittent Issues With Delivery of e-mail Notifications (Incident 5326)
Jul 7, 15:31 UTC Identified - A subset of customers may experience intermittent failures of email notifications upon sending of envelopes. To mitigate this customers can log into their DocuSign account and access the envelope directly. Engineering teams have identified the issue and are currently working to resolve this issue.
GitLost: a public GitHub issue can steer an org's Agentic Workflow into leaking private repo contents, and a one-word prefix ("Additionally") bypassed the threat-detection guardrail
Noma Security published a technique they call GitLost against GitHub Agentic Workflows (the plain-English-Markdown agent feature GitHub put into public preview in February, runnable on Copilot, Claude, Gemini, or Codex). Worth reading because it is a clean demonstration of why "filter the injection" does not hold as a defense. The setup. Workflows are read-only by default, but an org can hand one...
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,
GitHub - Actions and Codespaces APIs experiencing partial failures
Jul 7, 14:47 UTC Update - Customers accessing the Actions and Codespaces REST APIs may see 500 class errors a percentage of the time. Retries may be successful.Actions runs and codespaces in progress are continuing successfully.We are continuing to investigate the source of these errors. Jul 7, 14:32 UTC Update - Codespaces is experiencing degraded availability. We are continuing to investigate. Jul 7, 14:14 UTC Update - Customers accessing the Actions and Codespaces REST APIs may see ...
Box - [Medium] Issues with Search service, Box Sign Templates and Metadata queries
Jul 7, 07:42 PDT Update - Our team is investigating an issue with the Search service, Box Sign Templates and Metadata queries. Users may see errors or slowness when attempting to search items in Box and / or using Metadata queries. We will provide additional information as it becomes available. Jul 7, 07:11 PDT Investigating - Our team is investigating an issue with the Search service and Metadata queries. Users may see errors or slowness when attempting to search items in Box and / or usin...
Wix - RESOLVED: Issues Accessing Editor/Studio
Jul 7, 14:35 UTC Resolved - This incident has been resolved. Jul 7, 14:29 UTC Monitoring - A fix has been implemented and we are monitoring the results. Jul 7, 14:26 UTC Identified - The issue has been identified and a fix is being implemented. Jul 7, 14:25 UTC Investigating - We are currently investigating this issue.