🔴 Nightmare Eclipse dropped a seventh Windows zero-day, just hours after the biggest Patch Tuesday in history

Microsoft patched 200 vulnerabilities on Tuesday. But by Tuesday afternoon, Nightmare Eclipse had published another one.

RoguePlanet is a new Microsoft Defender race condition exploit that grants system-level privileges on fully patched Windows 10 and Windows 11 machines. It was confirmed working on systems with all June 2026 Patch Tuesday updates installed.

ThreatLocker independently reproduced it and shared a video demonstrating it. “Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described,” ThreatLocker CEO Danny Jenkins told BleepingComputer. BleepingComputer

The exploit is a race condition, not guaranteed to succeed on every machine, and it doesn’t work on Windows Server in its current form. But this is the seventh Windows zero-day dropped by this researcher since April. Their “bone shattering” July 14 release remains threatened.

Microsoft, for its part, previously appeared to threaten legal action against Nightmare Eclipse before walking it back under significant community pressure. The Register

🟡 NinjaOne just went from a $5 billion to a $12.3 billion valuation in 18 months. It’s now one of the most valuable software companies on the planet

NinjaOne announced Tuesday it has raised over $400 million in a Series C extension, bringing its valuation to $12.3 billion. That’s up from $5 billion in February 2025. Channel Dive

To put that in context: NinjaOne serves nearly 40,000 customers across 140+ countries, grew nearly 70% year-on-year in 2025, and turned its first profitable quarter earlier this year.

Co-founders Sal Sferlazza and Chris Matarese remain the largest shareholders. Their message to MSPs was direct: “The channel is core to everything we do. With this funding, we will continue to prioritise delivering more partner enablement, more field resources, and expanding our investment in developing new and improved products and tools that help our partners grow.”

🟢 The World Cup kicks off tonight. Did you send that warning email to clients last week?

The 2026 FIFA World Cup opens tonight with Mexico vs USA in Mexico City. It’s the first match of a tournament that runs across the US, Canada, and Mexico for the next seven weeks.

We’ve covered the phishing threat twice. Over 4,300 fraudulent FIFA domains are live. The GHOST STADIUM campaign is running 300+ clones of the official site. And the FBI has issued formal warnings.

But today the angle is different. The MSPs who sent clients a short, practical warning email last week (verify the URL, buy only from official sources, be careful with sponsored search results) are proactively helping to protect their clients’ employees.

If you didn’t send it last week, there’s still time. The tournament runs until mid-July. FIFA

Amazing, that’s Thursday morning done, and we’ll be back in your inbox for the final time this week tomorrow morning. Have an exceptional day.