Cybersecurity Daily: News & Threats · 14 Jul 2026 · 5 min

Joomla CVSS 10.0 Exploits, FSB Router Campaign & DHS Breach Missed Twice

Two maximum-severity Joomla zero-days are under active automated attack, a Russian FSB campaign exploits an eight-year-old Cisco flaw across 18 nations, and the Department of Homeland Security missed a live breach twice. Today's briefing covers six stories every security professional needs to know.

Cybersecurity Daily: News & Threats
Now Playing
Joomla CVSS 10.0 Exploits, FSB Router Campaign & DHS Breach Missed Twice

Audio is available on Spreaker — see link below.

What's covered

Joomla Zero-Days Hit Maximum Severity

Two Joomla extensions are under active attack right now, both carrying CVSS scores of ten point zero. That's the maximum.

Listen now →

CMS Ecosystem Under Coordinated Pressure

This isn't isolated. Australia's cyber security agency has issued a warning about coordinated exploitation targeting file upload and remote code execution flaws across WordPress, Joomla, and other content management platforms.

Listen now →

Russian FSB Router Campaign Escalates

Shifting to state-sponsored activity. An eighteen-nation advisory led by the NSA is warning of sustained Russian FSB Center sixteen exploitation of a Cisco Smart Install vulnerability.

Listen now →

DHS Breach Missed Twice

The detection failure story of this cycle belongs to the Department of Homeland Security. Attackers breached the Homeland Security Information Network, which was supporting World Cup coordination operations.

Listen now →

Treasury Targets Ransomware Enablers

The Treasury's OFAC has sanctioned two ransomware infrastructure providers: the VPN service one-VPNS and a cryptor provider named Silayev. The significance isn't just the targets.

Listen now →

Django and Fake VPN Threats

Two further threats round out today's picture. Django's CVE-2026-1207, a SQL injection flaw, is showing sustained and apparently organized attack activity with focused reconnaissance on Django and PostGIS configurations.

Listen now →

Watchpoints and Closing

The near-term signals to watch: patch confirmation rates for the two Joomla flaws, any expansion of the DHS breach disclosure, and whether the NSA router advisory produces concrete remediation commitments across the targeted critical sectors. The through-line across today's briefing is the cost of lag.

Listen now →

Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.

More episodes

From Cybersecurity Daily: News & Threats