CISA added four exploited flaws to KEV, covering Adobe ColdFusion, Joomla page builders, and Langflow ahead of July 10 fixes.
Proofpoint says UNK_MassTraction exploited patched Roundcube flaws to target U.S. and Canadian university mail servers.