Gravity SMTP CVE-2026-4020: Patch WordPress Email Key Leak
Gravity SMTP sites running version 2.1.4 or older should update to 2.1.5, rotate exposed email API keys, and check logs for the mock-data REST endpoint.
News desk
Cybersecurity News & Analysis
Security incidents, exploited vulnerabilities, breach reports, and urgent patch notes, arranged for fast scanning like a daily cyber newspaper.
June 21, 2026
Latest reports
Microsoft Defender CVE-2026-50656: RoguePlanet Zero-Day Needs a Patch
Microsoft has acknowledged RoguePlanet as CVE-2026-50656, a publicly disclosed Defender privilege-escalation flaw with no security update available yet.
Mastra npm Packages Hit by easy-day-js Supply Chain Attack
Developers using Mastra should audit for easy-day-js, rotate exposed secrets, and treat affected build hosts as compromised after a June 17 npm supply-chain attack.
FortiSandbox CVE-2026-25089: Patch Exploited RCE Bugs
Attackers are probing three critical Fortinet FortiSandbox vulnerabilities. Admins should patch affected appliances and review access logs for exploitation attempts.
Joomla JCE CVE-2026-48907: Patch Exploited Editor RCE Flaw
CISA added Joomla Content Editor CVE-2026-48907 to KEV after exploitation. Update JCE to 2.9.99.6 and check for rogue profiles or PHP uploads.
LiteSpeed cPanel CVE-2026-54420: Patch Exploited Root Escalation
CISA says LiteSpeed cPanel Plugin CVE-2026-54420 is exploited in the wild. Shared hosting admins should update the WHM plugin or disable the user-end plugin...
Cisco SD-WAN CVE-2026-20262: Patch Exploited File-Write Flaw
Cisco says CVE-2026-20262 in Catalyst SD-WAN Manager has seen limited exploitation. Patch fixed releases and check vManage logs for suspicious WAR uploads.
OptinMonster Supply Chain Attack: WordPress Sites Get Hidden Backdoors
OptinMonster, TrustPulse and PushEngage scripts were tampered in a WordPress supply-chain attack that planted hidden admins and backdoors.
LangGraph RCE Chain: Patch Self-Hosted AI Agent Checkpointers
Self-hosted LangGraph deployments using SQLite or Redis checkpointers should patch CVE-2025-67644, CVE-2026-28277, and CVE-2026-27022 and review exposed checkpoint history endpoints.
