NPM 12 changes npm install defaults in July 2026. Check CI, WordPress theme builds, native modules, Git dependencies, and approved scripts now.
Proxmox Mail Gateway 9.1 is out with Debian 13.5, kernel 7.0, SpamAssassin 4.0.2, ClamAV 1.4.4, quarantine updates, and mail-flow hardening.
Microsoft now lists the WUSA network-share update issue as fixed for Windows 11 24H2/25H2 and Windows Server 2025. Here is the safe admin path.
Sygnia says Velvet Ant replaced Linux PAM and OpenSSH components in a long-running intrusion. Hosting admins should verify login-stack integrity before rotating credentials.
Arch AUR users should review recent AUR builds after the Atomic Arch campaign hijacked orphaned packages to deliver credential-stealing malware.
Patch self-hosted LangGraph deployments for SQLite, msgpack, and Redis checkpointer flaws, then review checkpoint stores, secrets, network access, and AI workflows.
Update phpBB forums to 3.3.17 after a critical authentication bypass report, then test login, OAuth, admin access, backups, and forum moderation workflows.
Update the Palo Alto Networks CommvaultSecurityIQ Marketplace integration for Cortex XSOAR and Cortex XSIAM to 1.2.0 or later for CVE-2026-0274.
Patch Splunk Enterprise CVE-2026-20253 by upgrading to 10.2.4, 10.0.7, or a later fixed release, then verify search, forwarding, apps, and access controls.
CISA KEV now lists Oracle PeopleSoft CVE-2026-35273. Apply Oracle mitigation guidance, restrict HTTP exposure, review logs, and plan patch work.
