📝 Overview
Cybersecurity agencies issued fresh warnings over actively exploited software flaws, with CISA adding four vulnerabilities to its Known Exploited Vulnerabilities Catalog amid ongoing efforts to guide federal remediation priorities. Separately, Canadian authorities published updated guidance on the risks posed by obsolete products, underscoring concerns over unsupported technology and exposure to cyber threats.
The guidance explains that obsolete IT products, including unsupported hardware and software, can create security and operational risks as they age. It recommends planning transitions to supported systems, managing risks during replacement, and securely decommissioning outdated assets.
Source: Guidance, news and events
• Published: July 08, 2026
CISA added CVE-2026-48282, an Adobe ColdFusion path traversal flaw, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The agency urged federal agencies and private organizations to prioritize remediation under Binding Operational Directive 26-04.
Source: Cybersecurity and Infrastructure Security Agency CISA
• Published: July 07, 2026
CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting JoomShaper SP Page Builder, Langflow, and Joomlack Page Builder. The agency said the flaws could pose significant cybersecurity risks and urged organizations to prioritize patching and risk-based vulnerability management.
Source: Cybersecurity and Infrastructure Security Agency CISA
• Published: July 07, 2026