TECH NEWS

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

Threat actors are targeting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege escalation.

Affecting the Joomla Content Editor (JCE) for Joomla and tracked as CVE-2026-48907, the first bug is described as an improper access issue that allows unauthenticated attackers to upload editor profiles.

Attackers have been exploiting the flaw to upload arbitrary files to the server, leading to arbitrary PHP code execution.

All JCE Pro versions before 2.9.99.5 are affected. The security defect was addressed on June 3, and additional protections were included in version 2.9.99.6, released on June 6.

Over the weekend, Joomla urged users to update their deployments to the latest version as soon as possible, warning that CVE-2026-48907 has been exploited in the wild.

“The vulnerability is being actively exploited, working exploit code is public, and the attacks are automated, so a site with no public registration is not safe,” Joomla warned...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

https://media.thenextweb.com/2026/06/G7-Evian-2026.avif

Europe frets over American AI as the tech world descends on France

The timing was almost too neat. Days before more than 180,000 people were due to file into VivaTech in Paris, and before G7 leaders sat down at the lakeside resort of Evian-les-Bains, the United States tightened access to Anthropic’s most advanced models for foreign nationals. Europe arrived at

https://media.thenextweb.com/2026/05/Novo-Nordisk.avif

Hacking group claims it breached Novo Nordisk and demanded $25m

A cyber-extortion group calling itself FulcrumSec said on Monday that it had stolen roughly 1.3 terabytes of data from Novo Nordisk, the Danish maker of the weight-loss drugs Wegovy and Ozempic, and had demanded $25 million to keep it private. Novo Nordisk did not pay. The group, by its

https://media.thenextweb.com/2026/06/Everlab.avif

Everlab raises AU$65m to turn primary care from treatment to prevention

The Melbourne healthtech’s oversubscribed Series A, led by Airtree, funds a move into the UK and a pitch to coordinate a patient’s health data over a lifetime rather than a single appointment. Most healthcare systems are built to wait. They are organised around the moment something goes wrong,

https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-2560-80.jpg

Avoiding the auto-fail under cyber essentials’ new rules

Cyber Essentials has always been the UK’s baseline cybersecurity standard. It’s a practical floor designed to block common attacks and ensure business resilience when organizations implement them, rather than treating the scheme as lip service. The April 2026 update raises the floor, introducing auto-fail outcomes for missing key

Read more

Europe frets over American AI as the tech world descends on France

Hacking group claims it breached Novo Nordisk and demanded $25m

Everlab raises AU$65m to turn primary care from treatment to prevention

Avoiding the auto-fail under cyber essentials&rsquo; new rules

Avoiding the auto-fail under cyber essentials’ new rules