5 PM Tech News Recap for July 15, 2026: Patch Tuesday Follow-Up, SharePoint Attacks, Password Manager Phishing, ShareFile Fixes, And AI Security Lessons

Jennifer Hudsen presenting the July 15, 2026 5 PM technology news recap in a realistic technology newsroom with The IT Guys branding.

Published for the 5 PM recap on Wednesday, July 15, 2026. Today’s technology news is the kind that looks technical on the surface but has very practical consequences for home users and small businesses. Microsoft’s July security release is still the center of gravity, CISA is warning about active attacks against on-premises SharePoint Server, password-manager phishing is using fake security alerts, and Progress ShareFile customers are dealing with emergency Storage Zone Controller fixes.

Listen to the July 15, 2026 5 PM tech news recap. Voice generated locally with espeak-ng and ffmpeg, not OpenAI.

Quick Take

  • Do not ignore July updates. Microsoft’s July Patch Tuesday fixed a record-size set of flaws, and follow-up coverage continues to point to a busy week for Windows administrators.
  • SharePoint Server needs immediate attention. CISA says attackers are exploiting three SharePoint Server vulnerabilities against internet-exposed on-premises servers.
  • Password-manager phishing is getting more polished. Fake LastPass and Bitwarden security-policy notices are trying to push users toward fraudulent sites and downloads.
  • ShareFile customers should check their Storage Zone Controller status. Progress confirmed a high-severity zero-day behind last week’s emergency shutdown and has released updates.
  • AI is helping defenders find bugs, but it also increases patch volume. The useful response is inventory, backups, patch windows, and clear ownership, not panic.

The Lead: Patch Tuesday Is Bigger Than A Routine Reboot

Microsoft’s July 2026 Patch Tuesday landed yesterday, but July 15 is the day many home users and small businesses are deciding what to do with it. KrebsOnSecurity reports that Microsoft patched at least 570 security flaws, with nearly 60 rated critical and three zero-days included. BleepingComputer’s Patch Tuesday coverage also reported 570 fixes and three zero-days. Microsoft’s official Windows 11 KB5101650 page says the update includes the latest security fixes plus the non-security improvements from last month’s optional preview release.

The good news is that Windows 11 users are also getting practical improvements around recovery and reliability. Microsoft’s KB5101650 notes, and reporting from The Verge and Thurrott, point to changes such as point-in-time restore, Bluetooth improvements, widget changes, and more update control. Those quality-of-life pieces matter because a security update that leaves a machine recoverable is easier for a household or small office to accept.

The bad news is the size of the security release. When a monthly update fixes hundreds of flaws, attackers study those changes too. A business that waits weeks because “updates are annoying” is giving criminals a list of things to test against unpatched systems.

Home User Action

  • Back up important files before the reboot, especially documents, photos, tax records, and business files stored locally.
  • Install the July Windows update through Settings > Windows Update when you have time to restart and test the computer afterward.
  • After the reboot, open your browser, email, printer, password manager, VPN, and any must-have work app before you call the update finished.
  • If your PC is already overheating, short on disk space, or showing drive errors, fix that health problem before forcing a major update.

Small Business Action

For small businesses, the right answer is staged patching. Update one or two normal workstations first. Check printing, Microsoft 365 sign-in, line-of-business software, shared drives, VPN, accounting software, and remote access. Then roll the update to the rest of the office. Servers and remote-access systems should be handled with a backup, a maintenance window, and a rollback plan.

  • Patch first: browsers, remote access tools, internet-facing servers, high-risk workstations, and machines used for email or billing.
  • Test before broad rollout: printers, scanners, QuickBooks or other accounting tools, VPN clients, and shared drive access.
  • Document failures: write down update errors, affected device names, and the exact time of the issue instead of troubleshooting from memory later.
  • Do not skip backups: a backup you have not tested is a hope, not a recovery plan.

The IT Guys recently covered practical Windows settings and backup policy basics for small offices. If your business does not have a staged update process yet, this is a good week to build one instead of treating every Patch Tuesday as a surprise.

Security Alert: CISA Warns About Active SharePoint Server Exploitation

CISA’s July 14 alert is the most urgent business-security item in today’s recap. CISA says attackers are actively exploiting CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164 to gain unauthorized access to on-premises Microsoft SharePoint Server instances. The agency says the issue affects supported on-premises SharePoint Server versions, including Subscription Edition, 2019, and 2016.

This does not mean every Microsoft 365 user has a SharePoint server sitting in the office. Many small businesses use SharePoint Online through Microsoft 365 and do not manage their own SharePoint Server. The alert is specifically about on-premises SharePoint Server. That distinction matters because the customers who are affected often have the server exposed for remote access, file sharing, intranet portals, or older business workflows.

CISA’s guidance is not just “install the patch.” It also calls for monitoring affected servers for signs of exploitation, verifying patch installation, enabling SharePoint AMSI integration where feasible, hunting for intrusion artifacts before rotating IIS machine keys, improving logging, avoiding direct internet exposure unless necessary, and putting exposed SharePoint behind an application-layer security control.

Who Should Care

  • Businesses running self-hosted SharePoint Server 2016, 2019, or Subscription Edition.
  • Organizations with SharePoint accessible from the public internet.
  • IT providers managing legacy intranet, document portal, or collaboration servers.
  • Offices that inherited a server from a prior vendor and are not sure whether it is still needed.

Practical Next Steps

  • Confirm whether you run on-premises SharePoint Server or only SharePoint Online through Microsoft 365.
  • If you run on-premises SharePoint, apply Microsoft’s latest updates and confirm the installation completed.
  • Check logs and endpoint protection alerts for unusual worker-process activity, suspicious web requests, webshells, or machine-key access.
  • Remove direct internet exposure where possible. If external access is truly needed, protect it behind proper application-layer controls and authentication.
  • Have someone explicitly own the server. “Nobody knows what that box does” is a risk condition.

Phishing Watch: Fake LastPass And Bitwarden Security Alerts

BleepingComputer reports that LastPass users are being targeted with fake security-policy notices that send people to fraudulent websites. The article says the emails are designed to look like corporate communications and direct recipients to a landing page impersonating DocuSign. LastPass says its systems were not compromised and that the emails did not originate from its infrastructure. BleepingComputer also found similar emails targeting Bitwarden users.

This is an important reminder: password managers are good, but password-manager users are attractive targets. If a criminal can convince you to type your master password, install a fake “security update,” or approve a fraudulent login, they may not need to break the password manager itself.

What To Do If You Get One Of These Emails

  • Do not click the email button. Open your password manager by typing the known address yourself or using your saved bookmark.
  • Never enter a master password into a page reached through an email link.
  • Do not install a password-manager desktop app from an email prompt. Use the vendor’s official website or your device’s app store.
  • If you entered credentials on a suspicious page, change the master password from a trusted device and review account activity immediately.
  • For businesses, remind staff that “security policy update” emails still need verification.

The business lesson is simple: a good tool can still be used as bait. The more trusted the brand, the more believable the fake alert can look.

ShareFile Update: Progress Confirms A Zero-Day Behind Storage Zone Controller Shutdown

Progress Software confirmed that a high-severity zero-day vulnerability was behind last week’s emergency shutdown of ShareFile Storage Zone Controllers, according to BleepingComputer. Progress has released security updates to patch the flaw. This follows earlier warnings that customers using customer-managed Storage Zone Controllers should shut down those Windows servers while Progress investigated a credible external security threat.

For most home users, this is not relevant. For businesses that use ShareFile with self-managed storage zones, it is very relevant. These systems can sit in the middle of sensitive file-sharing workflows: contracts, medical documents, HR files, financial reports, legal paperwork, client records, and internal project files.

  • If you use ShareFile only as a normal cloud service, ask your vendor or IT provider whether customer-managed Storage Zone Controllers are in use.
  • If you manage Storage Zone Controllers, follow Progress guidance, install the security update, and verify whether any emergency shutdown instructions still apply.
  • Review logs and file-access history around the incident window.
  • Make sure the server has an owner, a patch schedule, and a documented recovery plan.

AI Security Lesson: Faster Bug Discovery Means Faster Patch Cycles

One of the more interesting parts of the Microsoft patch story is the role of AI-assisted vulnerability discovery. KrebsOnSecurity notes that Microsoft attributed the unusually large patch counts to vulnerability discoveries aided by artificial intelligence. That is good news if AI helps defenders find weaknesses before criminals do. It is bad news if businesses keep the same old patch habits while the volume of discovered issues grows.

The practical lesson is not “AI fixes security.” It is “your maintenance process has to handle more findings.” Small offices need asset lists, backup checks, update windows, admin-account discipline, and a way to know whether updates succeeded. Without that, every new security bulletin becomes noise.

Good News, Bad News

Good News

  • Microsoft has patches available for a large set of July vulnerabilities, and Windows 11 is getting recovery and reliability improvements that help users recover from trouble.
  • CISA’s SharePoint alert is specific and actionable: patch, monitor, enable protections, reduce exposure, and harden the server.
  • Progress released fixes for the ShareFile Storage Zone Controller issue instead of leaving customers with only a shutdown instruction.
  • Phishing reports give customers concrete signs to watch for before more people are tricked.

Bad News

  • Attackers are actively exploiting SharePoint Server vulnerabilities. If a vulnerable server is exposed, this is not theoretical.
  • Password-manager phishing is attacking trust, urgency, and brand recognition, which makes it harder for normal users to spot quickly.
  • Self-managed business platforms such as SharePoint Server and ShareFile Storage Zone Controllers require real administration. They are not “set and forget.”
  • Patch volume is going up. Businesses without inventory and maintenance ownership will fall behind faster.

The IT Guys Bottom Line

Today’s practical advice is direct: update Windows, but do it with a backup and a quick post-update test. If your business runs on-premises SharePoint Server, treat CISA’s alert as urgent. If your company uses ShareFile with customer-managed storage zones, verify the Storage Zone Controller status and patch level. If anyone receives a password-manager security email, verify it through the official site instead of clicking the message.

For a small office, the best security improvement this week may be a one-page list: which devices and services you own, who patches them, where backups are, and how to tell whether an update succeeded. That simple list turns a scary news cycle into manageable work.

Sources