Skip to content
Daily digest · July 15, 202612 stories · 5 sources

July 15, 2026

Today's top tech stories, deduped across the newsletters I read and briefly summarized. Click a source to open the original article.

AI

  1. Anthropic launches Admin API for Claude Enterprise

    Claude Enterprise (claude.ai) organizations can now manage people via a new Admin API, in beta for all Enterprise customers. It supports listing and looking up members by email, changing roles, removing members, sending and withdrawing invites, and managing groups and their membership.

  2. Bonsai 27B: a 27 billion-parameter model that runs on a phone

    The new Bonsai 27B model runs locally on a phone, becoming one of the most-discussed AI stories on Hacker News with more than 480 points. It shows that capable reasoning models no longer require datacenter-class hardware.

  3. NVIDIA: Agent Skills automate ML workflows and model post-training

    NVIDIA shows how coding AI agents using RL Agent Skills and NeMo can run autonomous research workflows that inspect repositories and set up runtimes, and how the same agents can post-train Cosmos 3 in a single day, pushing vision reasoning models above 90% accuracy.

  4. NVIDIA: What 5,000+ Kagglers taught us about improving AI reasoning

    The NVIDIA Nemotron Model Reasoning Challenge invited the Kaggle community to explore which techniques improve model reasoning accuracy, and NVIDIA now summarizes the key lessons from more than 5,000 participants.

Security

  1. Microsoft's July Patch Tuesday fixes a record 570 flaws, three zero-days

    Microsoft's July 2026 Patch Tuesday covers a record-breaking 570 vulnerabilities, including two zero-days exploited in attacks and one publicly disclosed flaw. Windows 10 gets extended security support via KB5099539, while Windows 11 (25H2/24H2/23H2) is updated with KB5101650 and KB5099414.

  2. SonicWall warns of SMA1000 flaws exploited in zero-day attacks

    SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, CVE-2026-15409 and CVE-2026-15410, in zero-day attacks, and urges customers to install the newly released security updates immediately.

  3. Progress confirms ShareFile zero-day behind Storage Zone shutdown

    Progress Software has confirmed that a high-severity zero-day vulnerability triggered last week's emergency shutdown of ShareFile Storage Zone Controllers, and has released security updates that patch the flaw.

  4. Nearly 300 GitHub repos pose as legit software to push malware

    A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware.

  5. Spanish Police take down €140 million cyber fraud ring, arrest four

    Spanish Police dismantled a cybercrime and money-laundering organization that made €140 million ($160 million) from investment fraud and business email compromise (BEC) attacks.

  6. Cursor 0-day: when full disclosure becomes the only protection left

    Security researchers at Mindgard detail a zero-day vulnerability in the Cursor AI code editor and argue full disclosure became necessary after the vendor failed to respond quickly enough, a story that drew heavy attention on Hacker News.

Dev

  1. GitHub adds default cooldown period to Dependabot version updates

    Dependabot now waits at least three days after a new release becomes available before opening a version-update pull request, a cooldown period that's now the default, reducing exposure to supply chain attacks via freshly published malicious package versions.

  2. Armin Ronacher: a project's shared language matters more than its source code

    In the widely discussed essay 'The Tower Keeps Rising,' Armin Ronacher argues that what really holds a software project together isn't English or Python, but the shared understanding of what its concepts mean, where the boundaries are, and who owns what.