Overview
Description
Statistics
- 24 Posts
- 76 Interactions
Fediverse
Oh, goodie. KVM Guest-to-Host escape
"Januscape (CVE-2026-53359)" -- https://github.com/V4bel/Januscape
*sigh*
CVE-2026-53359: Guest-to-Host Escape in KVM/x86
Workaround: disable nested virtualization (kvm_intel.nested=0 / kvm_amd.nested=0 boot/module parameters)
MT @v4bel@x.com
💥 Introducing "Januscape" (CVE-2026-53359)
A Guest-to-Host Escape in KVM/x86 exploiting a UAF in the shadow MMU. Triggerable on both Intel and AMD hosts. Threatens x86 public clouds (GCP, AWS) that expose nested virtualization.
"16 years" latent. Successfully used as a 0-day exploit in "Google kvmCTF".
To the best of public knowledge, the first KVM exploit research triggerable on both Intel and AMD.
Details: https://januscape.io
Tschu Tschu KVM and Cloud Provider Good Luck have fun patching!
https://github.com/V4bel/Januscape
#Januscape #CVE-2026-53359 #CVE202653359
@Viss @ai6yr "CVE-2026-53359: Guest-to-Host Escape in KVM/x86" https://chaos.social/@equinox/116878165318496253
‼️ New Dark Web Informer Blog Post!
Title: A Long-Lived KVM Bug Resurfaces: Shadow Paging Use-After-Free in the Linux Kernel (CVE-2026-53359)
Researchers disclosed a PoC for the Januscape KVM escape (CVE-2026-53359). This use-after-free KVM bug impacts public clouds, allowing host panics and LPE.
Januscape (CVE-2026-53359): A Silent 16-Year Linux KVM Flaw That Can Collapse Cloud Hosts From Inside a Guest Machine + Video
Introduction: A Hidden Crack Inside the Virtualization Core of Linux A newly disclosed vulnerability in the Linux Kernel-based Virtual Machine (KVM) subsystem has shaken the virtualization security landscape. Named Januscape (CVE-2026-53359), the flaw allows a malicious virtual machine to trigger a use-after-free condition inside the host’s…
⚠️ CRITICAL: 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
A 16-year-old use-after-free vulnerability in Linux KVM (CVE-2026-53359) allows guest VMs to escape to the host kernel and potentially achieve full code execution on Intel and AMD x86 systems. Exploitation requires root inside the guest and nested virtualization enabled. An unreleased exploit repor…
Januscape (CVE-2026-53359): The 16-Year-Old KVM Bug That Lets a Guest VM Take Down Its Host
CVE-2026-53359, dubbed Januscape, is a 16-year-old KVM use-after-free letting guest VMs crash or escalate into the host. Here's the full technical breakdownhttps://thecybersecguru.com/news/cve-2026-53359-januscape-kvm-guest-to-host-escape/
Januscape Exposes a 16-Year Linux KVM Flaw, Researchers Reveal Critical Guest-to-Host Escape Threat for Cloud Infrastructure + Video
Introduction: A Hidden Vulnerability That Lived Inside Linux for Sixteen Years One of the most significant Linux virtualization vulnerabilities ever discovered has finally come to light. Security researcher Hyunwoo Kim has uncovered Januscape (CVE-2026-53359), a dangerous use-after-free vulnerability buried inside Linux's Kernel-based…
The Januscape vulnerability (CVE-2026-53359) in the Linux KVM hypervisor allows attackers to execute a VM escape, enabling code execution on both Intel and AMD host systems. This use-after-free flaw can be exploited by an attacker with guest root access to achieve full host compromise or cause a denial-of-service.
https://www.securityweek.com/linux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems/
We have patched kernels ready for testing for two Linux kernel vulnerabilities: Januscape (CVE-2026-53359) and Bad Epoll (CVE-2026-46242).
Januscape affects every supported AlmaLinux release (8, 9, and 10). Bad Epoll affects AlmaLinux 9 and 10.
Learn more: https://almalinux.org/blog/2026-07-06-januscape-bad-epoll/
Bluesky
Overview
- Adobe
- ColdFusion
Description
Statistics
- 6 Posts
- 1 Interaction
Fediverse
‼️ New Dark Web Informer Blog Post!
Title: Adobe ColdFusion flaw CVE-2026-48282 is now being Exploited in the Wild
Link: https://darkwebinformer.com/adobe-coldfusion-flaw-cve-2026-48282-is-now-being-exploited-in-the-wild/
"Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel.“
Geopolitical: The NATO Summit commenced in Ankara on July 7, addressing defense spending and new air power deals. Ukraine executed long-range drone strikes on Russia's Omsk refinery on July 7. Cybersecurity: A critical Adobe ColdFusion vulnerability (CVE-2026-48282) is being actively exploited. A Linux 'Bad Epoll' root exploit (CVE-2026-46242) has also been publicly released. Technology: The UN Global Dialogue on AI Governance started July 6 in Geneva. Microsoft announced 4,800 job cuts, notably affecting its Xbox division, on July 6.
Bluesky
Overview
Description
Statistics
- 6 Posts
- 13 Interactions
Fediverse
The new Linux kernel threat that outsmarted AI: Bad Epoll! 🚨
Discover the deep technical mechanics of CVE-2026-46242, how it escapes Chrome's sandbox to gain root, and its critical impact on Android/Linux systems. 👇
🔗 https://denizhalil.com/2026/07/06/bad-epoll-cve-2026-46242-linux-kernel-flaw/
time to upgrade, people!
https://git.proxmox.com/?p=pve-kernel.git;a=shortlog;h=refs/heads/trixie-6.17
#proxmox #badEpoll #linux #CVE202646242
⚠️ CRITICAL: Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability
A public proof-of-concept exploit is now available for CVE-2026-46242, a race-condition use-after-free bug in the Linux kernel epoll facility that allows unprivileged local processes to escalate to root. This affects kernel versions 6.4 and newer, including Android devices. Any system running vulne…
We have patched kernels ready for testing for two Linux kernel vulnerabilities: Januscape (CVE-2026-53359) and Bad Epoll (CVE-2026-46242).
Januscape affects every supported AlmaLinux release (8, 9, and 10). Bad Epoll affects AlmaLinux 9 and 10.
Learn more: https://almalinux.org/blog/2026-07-06-januscape-bad-epoll/
Geopolitical: The NATO Summit commenced in Ankara on July 7, addressing defense spending and new air power deals. Ukraine executed long-range drone strikes on Russia's Omsk refinery on July 7. Cybersecurity: A critical Adobe ColdFusion vulnerability (CVE-2026-48282) is being actively exploited. A Linux 'Bad Epoll' root exploit (CVE-2026-46242) has also been publicly released. Technology: The UN Global Dialogue on AI Governance started July 6 in Geneva. Microsoft announced 4,800 job cuts, notably affecting its Xbox division, on July 6.
Overview
- BeyondTrust
- Remote Support
Description
Statistics
- 5 Posts
- 1 Interaction
Fediverse
‼️ New Dark Web Informer Blog Post!
Title: Pre-Auth Access-Control Bypass in BeyondTrust Remote Support and PRA (CVE-2026-40138)
Attention, elevated activities detected targeting BeyondTrust Remote Support and Privileged Remote Access (CVE-2026-40138) https://vuldb.com/vuln/376483/cti
BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now.
#BeyondTrust #Vulnerability #CVE202640138 #CyberSecurity #RemoteSupport
Bluesky
Overview
Description
Statistics
- 3 Posts
- 4 Interactions
Fediverse
"Ransomware has had a human at the keyboard, or at least a human writing its script, since it was first established as a category of threat. The Sysdig Threat Research Team (TRT) has captured what we assess to be the first documented case of agentic ransomware: a complete extortion operation driven end-to-end by a large language model (LLM).
This operator, which we have dubbed JADEPUFFER, gained initial access to an internet-facing Langflow instance through CVE-2025-3248 and ran an adaptive and fully automated campaign, ultimately pivoting to the intended target and running a destructive database-extortion playbook against the victim's production database server. JADEPUFFER is considered an agentic threat actor (ATA), or an operator whose attack capability is delivered by an AI agent rather than a human-driven toolkit.
The most striking characteristic, however, was the LLM's behavior. JADEPUFFER's own payloads were self-narrating. They contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively. The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.
The research below examines the Sysdig TRT’s observations of JADEPUFFER, along with its indicators of compromise and recommended defensive actions."
https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion
#AI #AiAgents #AgenticAI #CyberSecurity #LLMs #Ransomware #Jadepuffer
We're here! AI Agent executed automated Ransomware operation.
JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data.
WHOA! “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds,”
NIST CVE (CVE-2025-3248) posted here: https://nvd.nist.gov/vuln/detail/CVE-2025-3248 #JadePuffer #Ransomware #Security #Hackers #NIST_CVE #CVE2025_3248 #AgenticThreatActors #AI #AIAgents #CyberAttack #CyberSecurity #LLMs #MySQL #PostgreSQL #CVE #JadePuffer
⚠️ CRITICAL: Sysdig clocks first documented case of agentic ransomware
JadePuffer deployed the first documented end-to-end agentic ransomware attack in June 2026, using AI agents to autonomously conduct reconnaissance, steal credentials, move laterally, and encrypt systems. The attack exploited CVE-2025-3248 in Langflow and targeted MySQL and Alibaba Nacos instances.…
Overview
Description
Statistics
- 3 Posts
- 1 Interaction
Fediverse
‼️ New Dark Web Informer Blog Post!
Title: When the Password Check Fails, You're In: The Hidden Admin Backdoor in Tenda Router Firmware (CVE-2026-11405)
CVE-2026-11405 is a Tenda authentication backdoor. It allows full administrative access without valid credentials. Protect your network with these steps.
#CVE202611405 #Tenda #AuthenticationBackdoor #CyberSecurity #RouterSecurity
Overview
Description
Statistics
- 2 Posts
- 2 Interactions
Overview
Description
Statistics
- 2 Posts
Overview
- Gitea
- Gitea Open Source Git Server
Description
Statistics
- 2 Posts
Bluesky
Overview
- python-pillow
- Pillow
Description
Statistics
- 1 Post
- 2 Interactions