### What changed today
Today’s briefing focuses on 13 priority findings. The strongest owner action sits with Ubiquiti UniFi, GitLab, Schneider, Microsoft Defender, Roundcube and Injective SDK, while lower-priority single-source advisories remain best handled as inventory and patch-validation context.
### Retained public finding coverage
Finding 01 covers Ubiquiti UniFi fixed-version routing (CVE-2026-50746). Finding 02 covers CERT-Bund/CERT-FR GitLab WID-SEC-2026-2265 / CVE-2025-12506 batch (CVE-2025-12506). Finding 03 covers CISA ICSA-26-190-02 Schneider PowerChute Serial Shutdown CVE-2026-2399 (CVE-2026-2399). Finding 04 covers CISA ICSA-26-190-03 Schneider Easergy MiCOM Px40 CVE-2026-4832 (CVE-2026-4832). Finding 05 covers Microsoft Defender RoguePlanet patch closure (CVE-2026-50656). Finding 06 covers Proofpoint UNKMassTraction / Roundcube remediation change (CVE-2024-42009). Finding 07 covers @injectivelabs/sdk-ts 1.20.21 malicious npm wallet stealer (NEW - @injectivelabs/sdk-ts 1.20.21 malicious npm wallet stealer). Finding 08 covers CERT-Bund Google Chrome CVE-2026-15107 multi-CVE batch (CVE-2026-15107, CVE-2026-15133). Finding 09 covers CERT-Bund Bitwarden CVE-2026-60104 security-control bypass (CVE-2026-60104). Finding 10 covers CERT-Bund FreeRDP CVE-2026-56297 code-execution and DoS advisory (CVE-2026-56297). Finding 11 covers CERT-Bund Drupal Module WID-SEC-2026-2251 / CVE-2026-15079 batch (CVE-2026-15079, CVE-2026-15089). Finding 12 covers CERT-Bund Progress MOVEit WID-SEC-2026-2262 / CVE-2026-10698 batch (CVE-2026-10698, CVE-2026-10699, CVE-2026-11903). Finding 13 covers CISA ICSA-26-190-01 OpenPLC v3 CVE-2026-14480 (CVE-2026-14480).
### Priority 1: owner routing for exposed and privileged systems
Start with Ubiquiti UniFi, GitLab, Schneider PowerChute, Schneider Easergy, Microsoft Defender RoguePlanet, Roundcube and Injective SDK. These touch management planes, CI/CD, OT or data-centre shutdown software, endpoint protection, exposed mail platforms and developer dependency exposure. The first operational question is simple: who owns the product, is it present, and is the fixed or mitigated state provable?
### Watchlist and routing notes
The Low / Unverified CERT-Bund and CISA items still have useful routing value because they name products and advisory identifiers, but they should stay as inventory and patch-validation tasks until stronger exploitation evidence appears.
### Recommended actions
- Route each priority product to its owner and record exposed surface, affected version and remediation status.
- Search for @injectivelabs/sdk-ts 1.20.21 in lockfiles, CI caches, npm proxies and developer machines; rotate wallet material where confirmed use exists.
- Confirm fixed states for Ubiquiti UniFi, Defender and Roundcube, then validate GitLab and Schneider advisory exposure.
- Keep unsupported social chatter and non-curated topics out until vendor, victim, regulator or research corroboration appears.
### Sources
- [The Hacker News Ubiquiti UniFi fixes](https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html)
- [CERT-Bund WID-SEC-2026-2265 GitLab](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2265)
- [CERT-FR CERTFR-2026-AVI-0850 GitLab](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0850/)
- [CISA ICSA-26-190-02 Schneider PowerChute](https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-02)
- [Schneider SEVD-2026-104-01 PowerChute](https://www.se.com/us/en/download/document/SEVD-2026-104-01/)
- [CISA ICSA-26-190-03 Schneider Easergy](https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-03)
- [The Register RoguePlanet patch closure](https://www.theregister.com/security/2026/07/09/microsoft-closes-book-on-nightmare-eclipses-rogueplanet-zero-day/5269280)
- [BleepingComputer RoguePlanet patch](https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-rogueplanet-defender-zero-day-vulnerability/)
- [Proofpoint UNKMassTraction Roundcube analysis](https://www.proofpoint.com/us/blog/threat-insight/one-email-closer-edge-unkmasstraction-physics-exploitation)
- [BleepingComputer Injective SDK npm compromise](https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/)
- [CERT-Bund WID-SEC-2026-2244 Chrome](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2244)
- [CERT-Bund WID-SEC-2026-2249 Bitwarden](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2249)
- [CERT-Bund WID-SEC-2026-2248 FreeRDP](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2248)