Two maximum-severity Joomla zero-days are under active automated attack, a Russian FSB campaign exploits an eight-year-old Cisco flaw across 18 nations, and the Department of Homeland Security missed a live breach twice. Today's briefing covers six stories every security professional needs to know.
Audio is available on Spreaker — see link below.
Two Joomla extensions are under active attack right now, both carrying CVSS scores of ten point zero. That's the maximum.
This isn't isolated. Australia's cyber security agency has issued a warning about coordinated exploitation targeting file upload and remote code execution flaws across WordPress, Joomla, and other content management platforms.
Shifting to state-sponsored activity. An eighteen-nation advisory led by the NSA is warning of sustained Russian FSB Center sixteen exploitation of a Cisco Smart Install vulnerability.
The detection failure story of this cycle belongs to the Department of Homeland Security. Attackers breached the Homeland Security Information Network, which was supporting World Cup coordination operations.
The Treasury's OFAC has sanctioned two ransomware infrastructure providers: the VPN service one-VPNS and a cryptor provider named Silayev. The significance isn't just the targets.
Two further threats round out today's picture. Django's CVE-2026-1207, a SQL injection flaw, is showing sustained and apparently organized attack activity with focused reconnaissance on Django and PostGIS configurations.
The near-term signals to watch: patch confirmation rates for the two Joomla flaws, any expansion of the DHS breach disclosure, and whether the NSA router advisory produces concrete remediation commitments across the targeted critical sectors. The through-line across today's briefing is the cost of lag.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.