Daily Briefing

Updated 7/7/2026, 8:42:39 PM

Critical KEV Flaws Threaten ColdFusion, Joomla, Langflow and Gitea

Adobe ColdFusion users must patch CVE‑2026‑48282 after CISA added it to the KEV catalogue due to active exploitation [C1] CISA also listed the Joomlack Page Builder improper access control flaw CVE‑2026‑56290 in KEV, permitting unauthenticated arbitrary file upload [C3] The Langflow authorization bypass CVE‑2026‑55255 was added to KEV, allowing authenticated attackers to run arbitrary flows [C5] Likewise, the Joomla SP Page Builder unrestricted upload flaw CVE‑2026‑48908 appears in KEV, enabling dangerous file uploads [C6] Finally, threat actors are exploiting Gitea’s reverse‑proxy authentication flaw CVE‑2026‑20896, granting unauthorized access via a valid username [C9]

Ransomware Payment and Supply‑Chain Threats Highlight Recent Incidents

A U.S. government entity paid $1 million ransom to the Kairos extortion group after a May 2025 breach exposed 2 TB of data [C8] Android banking malware‑as‑a‑service offerings on Telegram are facilitating fraud campaigns against financial institutions [C10] China‑linked threat actors have been exploiting vulnerable Roundcube mail servers at US and Canadian universities, targeting physics and engineering departments [C12] AI‑driven development accelerates software supply chains but introduces new attack surfaces that defenders must monitor [C29]

Vendor Patches and Emerging Flaws Demand Immediate Action

Ubiquiti issued UniFi Security Advisory Bulletin 066, patching a critical RCE flaw in the UniFi Connect app that could allow unauthenticated command execution [C20] A vulnerability in Google Dialogflow CX could enable attackers to hijack chatbots and manipulate AI‑driven interactions [C11] CERT/CC warned of an unpatched backdoor in Tenda routers (CVE‑2026‑11405) that gives full administrative access with no fix currently available [C34] The Linux KVM hypervisor suffers from a use‑after‑free bug (CVE‑2026‑53359) allowing guest VMs to corrupt host memory and execute code [C33] Researchers disclosed the ‘GitLost’ flaw in GitHub Agentic Workflows, whereby unauthenticated users can leak private repository data through crafted public Issues [C13].

Tip: tagged references link to our full coverage. Each article includes source references for verification.