
CISA KEV: Patch Lantronix EDS5000 CVE-2025-67038
CISA added Lantronix EDS5000 CVE-2025-67038 to KEV. Patch affected serial device servers, restrict management access, and verify industrial network exposure.

CISA added Lantronix EDS5000 CVE-2025-67038 to KEV. Patch affected serial device servers, restrict management access, and verify industrial network exposure.

Patch Ubiquiti UniFi OS CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, then verify model-specific fixed versions and exposure.

CVE-2025-69129 and CVE-2025-69131 affect WordPress & WooCommerce Scraper Plugin through 1.0.7. Remove it, replace the import workflow, and verify WooCommerce.

WooCommerce 11.0 will enable product object caching on new stores and bundle Action Scheduler 4.0.0. Use this staging checklist before updating stores or extensions.

Security researchers report that 140+ @mastra npm packages were affected by a supply-chain attack involving easy-day-js. Check lockfiles, CI runners, dependency caches, and exposed secrets before rebuilding.

Aikido reports a coordinated JetBrains Marketplace campaign where AI-style IDE plugins copied developer AI API keys. Check installed plugins, remove suspicious tools, rotate exposed keys, and review developer workstations.

Wordfence reports a ShapedPlugin Pro plugin supply-chain compromise through official licensed update channels. Inventory affected Pro plugins, remove unverified builds, scan the site, and rotate credentials where exposure is possible.

CISA added Joomla Content Editor CVE-2026-48907 to KEV. Update JCE Pro to 2.9.99.6 or later, apply the vendor patch package for older sites, and review Joomla for cleanup.

CISA added Cisco Catalyst SD-WAN Manager CVE-2026-20262 to KEV on June 15, 2026. Patch fixed software, restrict management access, and review admin activity.

NPM 12 changes npm install defaults in July 2026. Check CI, WordPress theme builds, native modules, Git dependencies, and approved scripts now.