Vulnerability Intelligence Report — July 9, 2026

Vulnerability Intelligence Report — July 9, 2026

Vulnerability Intelligence Report — July 9, 2026
KEV DEADLINES TOMORROW: ColdFusion, 2x Joomla, Langflow — all due Friday | Microsoft patches RoguePlanet Defender zero-day (CVE-2026-50656, SYSTEM privesc) | Ubiquiti UniFi wave continues: 3 more CVEs (CVSS 10.0/9.9) across Connect, Talk, Access | GhostApproval: symlink flaw in 6 AI coding assistants | Friendly Fire: AI agents tricked into running attacker code | HalluSquatting: AI hallucinated package names used for botnet | Australia reports large-scale CMS attacks | Roundcube exploited against academic researchers
Previous reports: July 8, 2026 | July 7, 2026

Thursday, July 9, 2026 — the CISA KEV deadlines for Adobe ColdFusion, two Joomla page builders, and Langflow arrive tomorrow, July 10. Organisations that have not yet patched have one day remaining before CISA’s BOD 26-04 mandate kicks in for federal agencies. Microsoft has finally patched the RoguePlanet CVE-2026-50656 (CVSS 7.8) — a privilege escalation vulnerability in Microsoft Defender’s Malware Protection Engine that grants SYSTEM-level access, disclosed publicly nearly a month ago. Ubiquiti’s vulnerability wave continues with three more critical CVEs across UniFi Connect (CVSS 10.0), UniFi Talk (CVSS 9.9), and UniFi Access (CVSS 9.9), bringing the total to 14 new UniFi CVEs in two days. The AI security research pipeline is running hot: GhostApproval exploits symlinks in 6 popular AI coding assistants, Friendly Fire tricks AI agents into running attacker code during security scans, and HalluSquatting weaponises AI hallucinations to distribute botnet malware through hallucinated package names. Australia has reported large-scale attacks against WordPress, Joomla, and other CMS platforms, and the China-linked Roundcube exploitation cluster continues to spy on academic researchers at US and Canadian universities.


Quick Reference — Most Important Items Today

KEV DEADLINES TOMORROW: Adobe ColdFusion CVE-2026-48282 (CVSS 10.0) | Joomla SP Page Builder + Page Builder CK (both CVSS 10.0) | Langflow CVE-2026-55255 — patch by Friday

Microsoft RoguePlanet CVE-2026-50656: Defender Malware Protection Engine privesc to SYSTEM — patched after month-long public disclosure

Ubiquiti UniFi: 3 more critical CVEs — CVE-2026-50746 (UniFi Connect, CVSS 10.0), CVE-2026-50747 (UniFi Talk, CVSS 9.9), CVE-2026-50748 (UniFi Access, CVSS 9.9)

GhostApproval: Symlink flaw in 6 AI coding assistants — Amazon Q, Claude Code, Augment, Cursor, Antigravity, Windsurf — write to arbitrary files

Friendly Fire: AI coding agents tricked into running attacker code during security scans — Claude Code + Codex affected

HalluSquatting: AI hallucinated package names registered by attackers — assistants tricked into installing botnet malware

Australia CMS Attacks: Large-scale coordinated attacks against WordPress, Joomla, and other CMS platforms reported

Roundcube CVE-2024-42009: China-linked UNK_MassTraction continues spying on academic researchers — web shell deployment confirmed

Lurking Lizard: Residential proxy botnet with 230+ domains — trojanized 7-Zip installer — dating to 2022

Overdue KEV: SharePoint +5 | SimpleHelp +7 | Cisco Unified CM +11 | PTC Windchill +11 | Ubiquiti (old) +13 | Oracle PeopleSoft +24 | Ivanti Sentry +25 | Check Point +28 (ransomware)


KEV Deadline Alert — Tomorrow (July 10): ColdFusion, Joomla, Langflow

Software affected: Adobe ColdFusion 2025.9/2023.20 and earlier; JoomShaper SP Page Builder; Joomlack Page Builder CK; Langflow prior to 1.9.1.

CVE: CVE-2026-48282 (ColdFusion, CVSS 10.0); CVE-2026-48908 (SP Page Builder, CVSS 10.0); CVE-2026-56290 (Page Builder CK, CVSS 10.0); CVE-2026-55255 (Langflow, CVSS 8.4). All added to KEV on July 7 with July 10 deadline.

Status: Tomorrow is the remediation deadline for all four KEVs. Federal agencies under BOD 26-04 must patch today. Organisations running ColdFusion should be aware that CVE-2026-48282 was confirmed as actively exploited before CISA added it to KEV. The two Joomla page builder CVEs are both unauthenticated file upload leading to RCE — attackers are actively probing Joomla sites. Langflow’s IDOR vulnerability allows authenticated cross-user flow execution in multi-tenant AI platforms. Australia has reported large-scale coordinated attacks against WordPress, Joomla, and other CMS platforms, suggesting broad automated exploitation campaigns.

Recommended action: Patch all four by end of day today. The deadline is tomorrow. Prioritise ColdFusion (active exploitation confirmed). For Joomla: update SP Page Builder and Page Builder CK extensions. For Langflow: update to 1.9.1.

Official source: BleepingComputer: CISA ColdFusion deadline | Security.nl: Australie meldt CMS-aanvallen | CISA KEV Catalog


Microsoft RoguePlanet — CVE-2026-50656 (Defender Privilege Escalation to SYSTEM)

Software affected: Microsoft Malware Protection Engine (mpengine.dll) — the core scanning engine used by Microsoft Defender Antivirus and related security products.

CVE: CVE-2026-50656 | CVSS 7.8 (High) | Dubbed “RoguePlanet” | Privilege escalation vulnerability in the Microsoft Malware Protection Engine that allows an attacker to spawn a shell with SYSTEM-level privileges via a race condition. The vulnerability affects systems running up-to-date versions of Windows with Microsoft Defender enabled.

Status: Microsoft has released security updates for this vulnerability nearly a month after details became public. The flaw was first disclosed by researcher Chaotic Eclipse (aka Nightmare-Eclipse) as a race condition in mpengine.dll that could be abused to escalate to SYSTEM. Given that the exploit details have been public for approximately a month, this is a significant delay in remediation. Microsoft has also released defense-in-depth updates to harden unspecified security-related features. The fix is available in Microsoft Malware Protection Engine version 1.1.26060.3008. Organisations should ensure Defender updates are being applied automatically — the Malware Protection Engine typically updates through Windows Update.

Recommended action: Ensure Microsoft Defender is up to date (version 1.1.26060.3008 or later). The Malware Protection Engine typically updates automatically via Windows Update, but verify the version. No additional configuration changes required.

Official source: The Hacker News: RoguePlanet | NVD: CVE-2026-50656 | Microsoft Security Response Center


Ubiquiti UniFi — Third Wave: 3 More Critical CVEs Across Connect, Talk, Access

Software affected: Ubiquiti UniFi Connect Application (up to 3.4.16), UniFi Talk Application (up to 5.1.2), UniFi Access Application, and additional UniFi OS products.

CVE: CVE-2026-50746 (UniFi Connect, CVSS 10.0) — improper access control enabling command injection; CVE-2026-50747 (UniFi Talk, CVSS 9.9) — authenticated SQL injection enabling privilege escalation; CVE-2026-50748 (UniFi Access, CVSS 9.9) — improper input validation enabling command injection. Multiple additional CVEs across UniFi Protect and UniFi OS.

Status: This is the third Ubiquiti vulnerability disclosure in as many days, bringing the total to 14 new critical CVEs since July 7. The breadth of the affected products (Connect, Talk, Access, Protect, and OS) suggests a comprehensive security audit. The most severe is CVE-2026-50746 (CVSS 10.0) in UniFi Connect, which allows an attacker with network access to execute command injection on the host device via improper access control. UniFi Talk (CVSS 9.9) involves authenticated SQL injection, and UniFi Access (CVSS 9.9) involves command injection. Organisations running multiple UniFi applications should treat this as an urgent patching exercise across their entire UniFi estate.

Recommended action: Apply all Ubiquiti security updates across UniFi Connect, Talk, Access, Protect, and OS immediately. Prioritise CVE-2026-50746 (CVSS 10.0). Restrict network access to UniFi application management interfaces.

Official source: The Hacker News: Ubiquiti UniFi updates | Ubiquiti Security Advisories


GhostApproval — Symlink Flaw in 6 AI Coding Assistants

Software affected: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, Windsurf — six popular AI coding assistants.

CVE: No CVE assigned. Wiz Research disclosed the GhostApproval attack pattern on July 8. The flaw exploits symbolic links (symlinks) that AI coding assistants fail to check before writing. A malicious repository can contain a symlink pointing to a sensitive location — the assistant asks permission to write to what looks like a harmless file, but the write actually lands on a sensitive system file instead.

Status: Three of the six tools have shipped fixes; two have not; Anthropic disputes that it is a bug. The attack works because AI coding assistants handle file write operations without verifying whether the target path follows a symlink. An attacker creates a malicious repository with a symlink named project_settings.json that actually points to ~/.ssh/authorized_keys or similar sensitive files. When the assistant is asked to modify the project, it follows the symlink and writes to the unintended target. The most exposed are tools that change files before the user can review the changes. This is a fundamental architectural issue in how AI coding assistants handle file operations.

Recommended action: Update affected AI coding assistants to patched versions where available (Amazon Q Developer and Cursor have fixes; check individual vendor advisories). Be cautious when using AI assistants to modify files in untrusted repositories. Consider disabling auto-approve modes.

Official source: The Hacker News: GhostApproval | Wiz Research Report


Friendly Fire + HalluSquatting — New AI Agent Attack Vectors

Friendly Fire — AI Agents Tricked into Running Attacker Code: Researchers at the AI Now Institute demonstrated that AI coding agents (Claude Code and OpenAI Codex) running in autonomous mode can be tricked into running an attacker’s code when asked to scan untrusted third-party code for security vulnerabilities. The attack hijacks the exact job these tools are sold for: instead of catching the threat, the agent becomes the way in. Both tools tested had autonomous modes that approve their own commands.

HalluSquatting — AI Hallucinated Package Names for Botnet Distribution: Researchers have developed a technique called HalluSquatting that exploits AI coding assistants’ tendency to hallucinate non-existent package names. The attack works in three steps: (1) identify package names that an AI assistant reliably fabricates, (2) register those names on public package registries first, and (3) wait for the assistant to fetch your trap on a user’s behalf. Anyone whose AI assistant can fetch external resources and run commands with little human review is exposed. The researchers frame it as a way to assemble a botnet — one planted name can reach many machines.

Recommended action: Disable autonomous/auto-approve modes in AI coding assistants when working with untrusted code. Implement package allowlists in development environments. Monitor for package squattings on internal registries.

Official source: The Hacker News: Friendly Fire & HalluSquatting | AI Now Institute | HalluSquatting Research


KEV Deadline Watch

TOMORROW (July 10): Adobe ColdFusion CVE-2026-48282 (CVSS 10.0, path traversal, actively exploited, CISA mandate). JoomShaper SP Page Builder CVE-2026-48908 (CVSS 10.0, unauthenticated file upload). Joomlack Page Builder CK CVE-2026-56290 (CVSS 10.0, unauthenticated file upload). Langflow CVE-2026-55255 (CVSS 8.4, IDOR). Australia has reported large-scale coordinated attacks against WordPress and Joomla sites.

AFTER TOMORROW: KEV calendar clears again — no additional deadlines in the next 6 days.

Overdue — July 4 (+5 days): Microsoft SharePoint CVE-2026-45659 — actively attacked. Dedicated advisory.

Overdue — July 2 (+7 days): SimpleHelp CVE-2026-48558 — exploited to deploy stealer malware. Dedicated advisory.

Overdue — June 28 (+11 days): Cisco Unified CM CVE-2026-20230 — exploitation confirmed. PTC Windchill CVE-2026-12569.

Overdue — June 26 (+13 days): Ubiquiti UniFi OS CVE-2026-34908/909/910 — now joined by 14 new UniFi CVEs.

Overdue — June 15 (+24 days): Oracle PeopleSoft CVE-2026-35273 — ransomware, ShinyHunters.

Overdue — June 14 (+25 days): Ivanti Sentry CVE-2026-10520 — OS command injection, actively exploited.

Overdue — June 11 (+28 days): Check Point CVE-2026-50751 — known ransomware use.


Updates on Items from Previous Reports

Microsoft RoguePlanet CVE-2026-50656: NEW — Defender privesc to SYSTEM. Microsoft patched after month-long public disclosure.

Ubiquiti UniFi: 3 more CVEs (Connect CVSS 10.0, Talk CVSS 9.9, Access CVSS 9.9). Total 14 new CVEs in 2 days. UniFi OS advisory.

GhostApproval: NEW — Symlink flaw in 6 AI coding assistants. Amazon Q and Cursor patched.

Friendly Fire: NEW — AI agents tricked into running attacker code during security scans.

HalluSquatting: NEW — AI hallucinated package names weaponised for botnet distribution.

Australia CMS Attacks: NEW — Large-scale attacks against WordPress, Joomla, and CMS platforms reported.

Lurking Lizard: NEW — Residential proxy botnet, 230+ domains, trojanized 7-Zip dating to 2022.

GhostLock CVE-2026-43499: Linux kernel root/container escape. Public PoC available. Dedicated advisory.

Adobe ColdFusion CVE-2026-48282: Deadline tomorrow. Dedicated advisory.

Januscape CVE-2026-53359: KVM guest-to-host VM escape. Dedicated advisory.

BeyondTrust CVE-2026-40138 + 40139: CVSS 9.2. Dedicated advisory.

Gitea Docker CVE-2026-20896: CVSS 9.8. Dedicated advisory.

Joomla Page Builders (KEV): Deadline tomorrow. Dedicated advisory.

Langflow KEV: Deadline tomorrow. Dedicated advisory.

FortiBleed: INC and Lynx ransomware attribution. Dedicated advisory.

FortiSandbox CVE-2026-25089 + CVE-2026-26083: Both CVSS 9.8 — active exploitation. Dedicated advisory.

Oracle EBS CVE-2026-46817: CVSS 9.8. Dedicated advisory.

Cisco Unified CM CVE-2026-20230: 11 days overdue. Dedicated advisory.

Cisco SD-WAN CVE-2026-20262 + 20245: Escalating attacks. Dedicated advisory.

Roundcube CVE-2024-42009: China-linked UNK_MassTraction continues exploiting US/Canadian universities. Dedicated advisory.

Oracle PeopleSoft CVE-2026-35273: 24 days overdue. ShinyHunters breach data confirmed.

Accenture Breach: 35 GB of source code stolen — confirmed.

WinRAR: Code execution — patch to 7.23. Dedicated advisory.

Writer AI WriteOut: Cross-tenant session leak. Patched server-side. Dedicated advisory.

Exchange Online + 365 Copilot: Cloud-side patched.

FBI TeamPCP: Developer tool supply chain attacks — ongoing.

AI Agent Poisoning: SEO + hidden HTML prompt injection — new threat vector class.

FatFs: 7 CVEs — millions of IoT devices. No upstream fix.

Microsoft Defender: BlueHammer ransomware + RoguePlanet patched + disable-Defender campaign.

Medtronic/ShinyHunters: 3.8 million patients affected.


This report is compiled from official vendor advisories, the CISA KEV catalog, the NVD, and primary security research sources including BleepingComputer, The Hacker News, Security.nl, CybersecurityNews.com, Cybersecurity Dive, and Tenable CVE feeds.

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!