Patch NGINX 1.31.2 or 1.30.3 for June 2026 security fixes. Check HTTP/3, proxy and gRPC paths, charset handling, config validation, safe reloads, logs, CDN behavior, and rollback planning.
CISA added Joomla Content Editor CVE-2026-48907 to KEV. Update JCE Pro to 2.9.99.6 or later, apply the vendor patch package for older sites, and review Joomla for cleanup.
Arch AUR users should review recent AUR builds after the Atomic Arch campaign hijacked orphaned packages to deliver credential-stealing malware.
Patch self-hosted LangGraph deployments for SQLite, msgpack, and Redis checkpointer flaws, then review checkpoint stores, secrets, network access, and AI workflows.
Update phpBB forums to 3.3.17 after a critical authentication bypass report, then test login, OAuth, admin access, backups, and forum moderation workflows.
CISA added Splunk Enterprise CVE-2026-20253 to KEV on June 18. Upgrade self-managed Enterprise to 10.2.4, 10.0.7, 10.4.0, or later and verify clusters.
CISA KEV now lists Oracle PeopleSoft CVE-2026-35273. Apply Oracle mitigation guidance, restrict HTTP exposure, review logs, and plan patch work.
Update Langflow after CVE-2026-5027, rebuild deployed containers, restrict exposed AI app servers, and review files, logs, secrets, and workflow access.
Patch Ivanti Sentry to R10.5.2, R10.6.2, or R10.7.1 after CISA KEV listing, then review exposed gateways, administrator accounts, logs, mobile traffic, and customer access.
Update UpdraftPlus free to 1.26.5+ or Premium to 2.26.5+, then verify backups, remote management, admin users, and restore points safely.
