Weekly Threat Roundup: Joomla RCE Exploited (July 6-12)
Cybersecurity roundup for 2026-07-06 to 2026-07-12. 4 CVE advisories, 1 breach reports, 2 threat news stories.
This Week at a Glance
This week, a critical unauthenticated RCE vulnerability in the Joomla extension Balbooa Forms (CVE-2026-56291, CVSS 10.0) is under active exploitation, prompting CISA to add it to the Known Exploited Vulnerabilities catalog. Additionally, a data breach at Glendale Community College exposed nearly 794,000 accounts, and suspected China-aligned threat actors are exploiting Roundcube flaws against academic institutions.
Top Vulnerabilities
- CVE-2026-56291 (CVSS 10.0, Critical, Actively Exploited): The Balbooa Forms component for Joomla is vulnerable to unauthenticated arbitrary file upload, leading to remote code execution. Full advisory.
- CVE-2026-34038 (CVSS 9.9, Critical): Coolify, an open-source server management tool, contains a pre-authentication RCE vulnerability that can leak secrets. Full advisory.
- CVE-2026-23697 (CVSS 8.8, High): Vtiger CRM before 8.4.0 allows authenticated low-privileged users to achieve RCE via a PHAR file upload. Full advisory.
- CVE-2026-23698 (CVSS 8.6, High): Vtiger CRM through 8.4.0 enables authenticated admins to upload webshells through the import feature. Full advisory.
Data Breaches
- Glendale Community College: A breach exposed 793,000 records, including Social Security numbers and email addresses. The incident underscores the persistent risk to educational institutions. Full report.
Threat Intelligence
- CISA Adds 4 Flaws to KEV: CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, including critical flaws in Adobe, Joomla (CVE-2026-56291), and Langflow. Read more.
- China-Aligned Hackers Target Universities: Suspected state-sponsored actors are exploiting Roundcube webmail vulnerabilities against university networks, likely for intelligence gathering. Read more.
Key Takeaway
The convergence of actively exploited vulnerabilities in widely used CMS extensions (Joomla/Balbooa) and targeted attacks on academic email systems (Roundcube) signals a shift: threat actors are prioritizing edge-case software and custom plugins over core platforms. Security teams should audit all third-party extensions and webmail configurations, not just core applications.
Never miss a security update
Get real-time security alerts delivered to your preferred platform.
Related News
Cybersecurity roundup for 2026-06-29 to 2026-07-05. 1 CVE advisories, 1 breach reports, 3 threat news stories.
Cybersecurity roundup for 2026-06-22 to 2026-06-28. 0 CVE advisories, 3 breach reports, 2 threat news stories.
Cybersecurity roundup for 2026-06-15 to 2026-06-21. 1 CVE advisories, 5 breach reports, 3 threat news stories.
Cybersecurity roundup for 2026-06-08 to 2026-06-14. 4 CVE advisories, 3 breach reports, 5 threat news stories.