Customer Security Newsletter - July 2026

Welcome to the July 2026 edition of the MEDITECH Customer Security Newsletter. This month, we provide critical updates on vulnerabilities added to federal catalogs and strategic intelligence on threat actors targeting essential infrastructure. Our goal is to provide you with actionable information and resources to strengthen your organization's security posture. This data has been gleaned from the review of public records on file with CISA, H-ISAC and Health Sector Cybersecurity Coordination Center (HC3) alerts. Please note the Talk To Us section, as we would like to tailor future editions of the newsletter to address specific concerns.


Known Exploited Vulnerabilities

Between June 11 and July 9, 2026, CISA added 18 its "Known Exploited Vulnerabilities" catalog based on definitive evidence of active exploitation in the wild.

CVE-2026-48282 (Critical)Adobe ColdFusionPath Traversal (Remote Code Execution)
CVE-2026-56290 (Critical)Joomlack Page Builder CKImproper Access Control (Unauthenticated File Upload RCE)
CVE-2026-55255 (High)Langflow AI FrameworkAuthorization Bypass via User-Controlled Key (IDOR)
CVE-2026-48908 (Critical)JoomShaper SP Page BuilderUnrestricted Upload of Dangerous File Type (Arbitrary PHP Execution)
CVE-2026-45659 (High)Microsoft SharePoint ServerDeserialization of Untrusted Data (Remote Code Execution)
CVE-2026-48558 (Critical)SimpleHelp Remote Support ApplianceAuthentication Bypass (Forged OIDC Token Session Hijack)
CVE-2026-20230 (High)Cisco Unified Communications Manager (Unified CM)Server-Side Request Forgery (Privilege Escalation to Root)
CVE-2026-12569 (Critical)PTC Windchill and FlexPLMImproper Input Validation / Insecure Deserialization (RCE)
CVE-2026-34908 (Critical)Ubiquiti UniFi OSImproper Access Control (Unauthorized System Modification)
CVE-2026-34909 (Critical)Ubiquiti UniFi OSPath Traversal (Unauthorized File Manipulation)
CVE-2026-34910 (Critical)Ubiquiti UniFi OSImproper Input Validation (Command Injection)
CVE-2025-67038 (Critical)Lantronix EDS5000 Series Serial-to-Ethernet ServersCode Injection via Username Parameter (Root Command Execution)
CVE-2026-20253 (Critical)Splunk EnterpriseMissing Authentication for Critical Function (PostgreSQL Endpoint Abuse)
CVE-2026-48907 (Critical)Widget Factory Joomla Content Editor (JCE)Improper Access Control (Profile Injection / PHP Code Execution)
CVE-2026-54420 (High)LiteSpeed cPanel PluginUNIX Symbolic Link (Symlink) Following Vulnerability
CVE-2026-20262 (Medium)Cisco Catalyst SD-WAN ManagerDirectory / Path Traversal (Arbitrary File Creation and Overwrite)
CVE-2026-35273 (Critical)Oracle PeopleSoft Enterprise PeopleToolsMissing Authentication for Critical Function (Full System Takeover)
CVE-2026-10520 (Critical)Ivanti Sentry ApplianceOS Command Injection (Unauthenticated Root Remote Code Execution)

Threat Actor Spotlight: Qilin

Originally known as "Agenda," Qilin is a Russian-linked ransomware group that has become a major threat to the healthcare sector. Instead of just going after individual hospitals, they frequently target medical supply chains, diagnostic centers, and third-party vendors to cause maximum disruption.

  • Why They Target Healthcare: Qilin knows that healthcare providers cannot afford operational downtime. Their most high-profile attack hit a medical diagnostic vendor named Synnovis, which completely disrupted blood testing and matching at several major hospitals, forcing doctors to cancel thousands of surgeries. When the ransom went unpaid, the group leaked 400 gigabytes of sensitive patient records online. Qilin has remained highly active, targeting regional clinics and nursing facilities.
  • How They Get In: The group usually breaks into networks by sending targeted phishing emails or by exploiting unpatched, internet-facing remote access points (like corporate VPNs or Remote Desktop connections).
  • What They Do Once Inside: Once they gain access, they steal administrative passwords, turn off local antivirus and endpoint security tools to avoid detection, and quietly copy patient data. Finally, they deploy ransomware to lock up servers (including Windows and virtual environments) and demand a heavy payment to unlock the systems and keep the stolen data private.

News

Navigating the Shift: CISA Releases Guide for Modern Zero Trust Architectures

CISA has published a new guidance document designed to help organization leaders successfully transition away from legacy, perimeter-based security models and securely implement modernized Secure Access Service Edge (SASE) solutions.

Squeezed Profits, Tougher Rules: Cyber Insurers Dial Up Scrutiny on Underwriting and Claims

On June 16, 2026, H-ISAC linked an article about how a multiyear lull in cyber insurance pricing has collided with rising ransomware claims, forcing insurance providers to aggressively tighten coverage rules and heavily scrutinize breach claims before paying out.


Additional Resources


Talk to us!

We at MEDITECH would love to hear your feedback about this newsletter and we’d like to know what is on your mind. Is there something you would like us to address?

We also have a question for you that is important to us. What are your largest concerns or security hopes for 2026?

Please let us know by contacting us !

Until next time, stay alert out there!