Today's security brief highlights critical vulnerabilities and active exploitation, with CISA issuing urgent directives for federal agencies to patch. We also see significant activity in the realm of AI-related threats, from malicious plugins to supply chain compromises, alongside major industry acquisitions and funding rounds.

CISA Orders Feds to Patch Max Severity Joomla Plugin Flaw by Friday — CISA has added a maximum-severity flaw (CVE-2026-48907) in the Widget Factory Joomla Content Editor (JCE) plugin to its KEV catalog due to active exploitation, mandating federal agencies patch by Friday. Read more →
Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day — Microsoft is developing a patch for the "RoguePlanet" zero-day vulnerability in Microsoft Defender, which exploits a race condition to achieve System privileges. Read more →
Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack — Attackers in a DragonForce ransomware campaign have been observed abusing Microsoft Teams relay servers for command-and-control using a new Go-based backdoor. Read more →
Malicious JetBrains Plugins Steal AI API Keys — A coordinated malware campaign on the JetBrains Marketplace has deployed at least 15 malicious plugins disguised as AI coding assistants to exfiltrate AI provider keys. Read more →
144 Mastra npm Packages Compromised via Hijacked Contributor Account — A software supply chain attack, codenamed easy-day-js, compromised 144 npm packages under the Mastra namespace by hijacking a single contributor account. Read more →
3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs — Three recently patched Fortinet FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) are being actively exploited, with 30,000 compromised Fortinet firewalls detected. Read more →
Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software — Rockwell Automation has released patches for multiple security vulnerabilities in its Logix, CompactLogix, Flex, RSLinx, and FactoryTalk products, addressing issues like denial-of-service and unauthorized access. Read more →
Microsoft Confirms Office Apps Launch Issues After June Updates — Microsoft is investigating an issue where third-party applications fail to launch Office applications or open documents on Windows systems updated with the latest June patches. Read more →