
Updated for 5 PM Eastern on July 10, 2026. Today's technology recap is mostly about security: actively exploited website flaws, AI tools being reviewed through a cybersecurity lens, and another reminder that cloud tokens and developer secrets are high-value targets. There is also a useful Windows fix for PCs that have been losing disk space for no obvious reason.
Quick Take
- Bad news: CISA added two newly exploited web application vulnerabilities today, and July 10 is also the remediation deadline for several actively exploited Adobe ColdFusion, Joomla page builder, and Langflow flaws added earlier this week.
- Bad news: AI-assisted attacks are moving from theory into real incident writeups, with Sysdig describing JADEPUFFER as a documented agentic ransomware case.
- Mixed news: OpenAI's ChatGPT 5.6 release followed extra cybersecurity review, showing both the usefulness of advanced AI and the pressure to control risky capabilities.
- Good news: Microsoft has a fix for a Windows 11 storage issue that could make the CapabilityAccessManager.db-wal file grow by large amounts on some PCs.
- Useful trend: Federal data shows AI use is growing unevenly by business size, so small businesses should adopt it deliberately instead of copying enterprise workflows blindly.
1. CISA Added More Exploited Website Flaws Today
CISA's Known Exploited Vulnerabilities catalog added two entries dated July 10, 2026: CVE-2026-56291 in Balbooa Forms and CVE-2026-48939 in iCagenda. Both are dangerous-file-upload issues, the kind of bug that can let an attacker put unwanted code or files onto a site when the affected component is exposed.
This also matters because July 10 is the due date for several vulnerabilities CISA added on July 7, including Adobe ColdFusion, JoomShaper SP Page Builder, Joomlack Page Builder, and Langflow. The Hacker News summarized those July 7 additions as actively exploited flaws, with three carrying CVSS 10.0 severity scores.
Why Home Users And Small Businesses Should Care
Many small organizations do not think of their website as part of their security perimeter. It is. A vulnerable contact form, event calendar, AI workflow tool, or page builder can become the first step into hosting malware, redirecting visitors, stealing form submissions, or damaging search reputation.
- Check whether your site uses Balbooa Forms, iCagenda, Adobe ColdFusion, SP Page Builder, Joomlack Page Builder, or Langflow.
- Update affected software immediately, especially anything internet-facing.
- Remove abandoned plugins, old page builders, demo apps, and unused AI workflow tools.
- Make sure website backups are separate from the web server so an attacker cannot delete the backup while attacking the site.
2. AI Security Is No Longer Just A Lab Discussion
The Guardian reported Thursday that OpenAI released ChatGPT 5.6 after a delayed and staggered rollout tied to U.S. government cybersecurity concerns. The useful customer takeaway is not the model name; it is the direction of travel. More powerful AI systems are being reviewed not only for consumer features, but also for whether they could accelerate cyber operations.
That context connects directly to Sysdig's JADEPUFFER report, covered by Business Insider. Sysdig described a case where an AI agent helped orchestrate ransomware activity, including credential searches and ransom-note generation. The report does not mean every ransomware attack is suddenly fully autonomous. It does mean defenders should assume attackers can move faster through repetitive tasks.
Practical Takeaway
- Treat API keys, browser sessions, cloud tokens, SSH keys, and password-manager vaults as crown-jewel assets.
- Use multi-factor authentication on admin, email, finance, website, and cloud accounts.
- Separate daily user accounts from administrator accounts.
- Keep company AI use on approved business accounts so prompts, files, and integrations can be governed.
3. Accenture's Incident Is A Reminder To Rotate Secrets
TechRadar reported that Accenture confirmed an isolated cyber incident after a threat actor claimed to sell roughly 35 GB of stolen source code and key material. Accenture said the source was remediated and that operations and service delivery were not affected. The attacker's detailed claims have not all been independently verified, so this should be read carefully rather than treated as confirmed line-by-line.
The practical lesson is still strong: developer environments often contain keys that can unlock cloud storage, repositories, deployment systems, and internal tools. A business does not need to be the size of Accenture to have the same pattern. One exposed Azure token, GitHub token, SSH key, or backup key can create a much larger incident than the first compromised account suggests.
- Inventory where API keys and deployment tokens live.
- Rotate secrets after employee departures, vendor changes, and suspected compromise.
- Use least-privilege tokens instead of broad personal access tokens whenever possible.
- Monitor repository and cloud audit logs for unexpected access.
4. Windows 11 Storage Fix: Check Optional Updates If Disk Space Vanished
The Verge reported that Microsoft's optional June 2026 update includes a fix for a Windows 11 issue involving the CapabilityAccessManager.db-wal file, which is tied to app permissions and privacy controls. Some users reported the file growing into tens or hundreds of gigabytes.
Microsoft's Windows message center continues to recommend installing supported Windows security updates promptly. For a home user or small office, the practical approach is to avoid random cleanup tools first. Check Windows Update, including optional updates, then confirm whether storage usage drops after the fix and a restart.
- Go to Settings → Windows Update → Advanced options → Optional updates.
- Look for the June 2026 optional update if the machine is affected.
- Do not delete random system database files unless you have a verified recovery path.
- If a business machine is low on disk, check backup status before attempting repairs.
5. The Small-Business AI Opportunity Is Real, But Uneven
The U.S. Census Bureau's recent business data showed AI use hovering around 17% to 20% overall from December 2025 through May 2026, with larger firms adopting AI at much higher rates. The Information Technology Industry Council has also been pushing small-business AI training proposals built around SBA, NIST, Commerce, and Small Business Development Center support.
That is the good-news side of today's recap: small businesses do not have to ignore AI just because the security headlines are serious. The smart move is controlled adoption: pick a few safe use cases, protect customer data, define what staff may paste into tools, and keep business accounts separate from personal accounts.
The IT Guys Checklist For This Weekend
- Patch public websites: especially Joomla components, ColdFusion servers, forms, event calendars, and AI workflow apps.
- Review developer secrets: rotate old tokens, remove unused keys, and check repository permissions.
- Check Windows storage: if a PC is suddenly full, install the relevant Windows update before deleting system files.
- Set AI rules: decide which AI tools are approved and what data employees should never paste into them.
- Test backups: website and business-file backups should be restorable, not just present.
If you want help checking whether your website, Windows PCs, backups, or business AI setup are exposed, The IT Guys can help with practical local IT support, cleanup, and security review.
Sources
- CISA Known Exploited Vulnerabilities Catalog
- The Hacker News on CISA KEV additions
- The Guardian on ChatGPT 5.6 release and AI security review
- TechRadar on Accenture's confirmed isolated cyber incident
- Business Insider on Sysdig's JADEPUFFER agentic ransomware report
- The Verge on Microsoft fixing a Windows 11 storage bug
- Microsoft Windows message center
- FTC public comment request on AI accuracy policy
- U.S. Census Bureau AI use by businesses
- Verizon 2026 DBIR takeaways