Overview
Description
Statistics
- 24 Posts
- 39 Interactions
Fediverse
*sigh*
CVE-2026-53359: Guest-to-Host Escape in KVM/x86
Workaround: disable nested virtualization (kvm_intel.nested=0 / kvm_amd.nested=0 boot/module parameters)
MT @v4bel@x.com
💥 Introducing "Januscape" (CVE-2026-53359)
A Guest-to-Host Escape in KVM/x86 exploiting a UAF in the shadow MMU. Triggerable on both Intel and AMD hosts. Threatens x86 public clouds (GCP, AWS) that expose nested virtualization.
"16 years" latent. Successfully used as a 0-day exploit in "Google kvmCTF".
To the best of public knowledge, the first KVM exploit research triggerable on both Intel and AMD.
Details: https://januscape.io
@Viss @ai6yr "CVE-2026-53359: Guest-to-Host Escape in KVM/x86" https://chaos.social/@equinox/116878165318496253
Haven't seen a big splash in the (IT) news yet, but apparently there is a 16 year old vulnerability in KVM which can be used to escape a guest and even take over the host (CVE-2026-53359): https://github.com/V4bel/Januscape. If /dev/kvm is available (world-writable on the host), it can also be used as a LPE to root.
This is kind of bad. REALLY bad.
Januscape (CVE-2026-53359): A Silent 16-Year Linux KVM Flaw That Can Collapse Cloud Hosts From Inside a Guest Machine + Video
Introduction: A Hidden Crack Inside the Virtualization Core of Linux A newly disclosed vulnerability in the Linux Kernel-based Virtual Machine (KVM) subsystem has shaken the virtualization security landscape. Named Januscape (CVE-2026-53359), the flaw allows a malicious virtual machine to trigger a use-after-free condition inside the host’s…
⚠️ CRITICAL: 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
A 16-year-old use-after-free vulnerability in Linux KVM (CVE-2026-53359) allows guest VMs to escape to the host kernel and potentially achieve full code execution on Intel and AMD x86 systems. Exploitation requires root inside the guest and nested virtualization enabled. An unreleased exploit repor…
Januscape (CVE-2026-53359): The 16-Year-Old KVM Bug That Lets a Guest VM Take Down Its Host
CVE-2026-53359, dubbed Januscape, is a 16-year-old KVM use-after-free letting guest VMs crash or escalate into the host. Here's the full technical breakdownhttps://thecybersecguru.com/news/cve-2026-53359-januscape-kvm-guest-to-host-escape/
Januscape Exposes a 16-Year Linux KVM Flaw, Researchers Reveal Critical Guest-to-Host Escape Threat for Cloud Infrastructure + Video
Introduction: A Hidden Vulnerability That Lived Inside Linux for Sixteen Years One of the most significant Linux virtualization vulnerabilities ever discovered has finally come to light. Security researcher Hyunwoo Kim has uncovered Januscape (CVE-2026-53359), a dangerous use-after-free vulnerability buried inside Linux's Kernel-based…
The Januscape vulnerability (CVE-2026-53359) in the Linux KVM hypervisor allows attackers to execute a VM escape, enabling code execution on both Intel and AMD host systems. This use-after-free flaw can be exploited by an attacker with guest root access to achieve full host compromise or cause a denial-of-service.
https://www.securityweek.com/linux-kernel-vulnerability-allows-vm-escape-on-intel-and-amd-systems/
A 16-year-old flaw in #Linux KVM hypervisor dubbed "#Januscape" (CVE-2026-53359) is a Use-After-Free vulnerability which allows guest VMs to escape to the host:
The fix was merged into the mainline Linux kernel on June 19, 2026:
👇
https://thehackernews.com/2026/07/16-year-old-linux-kvm-flaw-lets-guest.html
We have patched kernels ready for testing for two Linux kernel vulnerabilities: Januscape (CVE-2026-53359) and Bad Epoll (CVE-2026-46242).
Januscape affects every supported AlmaLinux release (8, 9, and 10). Bad Epoll affects AlmaLinux 9 and 10.
Learn more: https://almalinux.org/blog/2026-07-06-januscape-bad-epoll/
Bluesky
Overview
- Adobe
- ColdFusion
Description
Statistics
- 7 Posts
- 1 Interaction
Fediverse
‼️ New Dark Web Informer Blog Post!
Title: Adobe ColdFusion flaw CVE-2026-48282 is now being Exploited in the Wild
Link: https://darkwebinformer.com/adobe-coldfusion-flaw-cve-2026-48282-is-now-being-exploited-in-the-wild/
"Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel.“
📰 Patch Now: Critical Adobe ColdFusion RCE Flaw (CVE-2026-48282) Under Active Exploitation
🚨 CRITICAL FLAW: Adobe ColdFusion vulnerability (CVE-2026-48282) with a 9.8 CVSS score is being actively exploited. Unauthenticated RCE allows full server takeover. Patch immediately! #Adobe #ColdFusion #CyberSecurity #RCE
🌐 cyber[.]netsecops[.]io
Geopolitical: The NATO Summit commenced in Ankara on July 7, addressing defense spending and new air power deals. Ukraine executed long-range drone strikes on Russia's Omsk refinery on July 7. Cybersecurity: A critical Adobe ColdFusion vulnerability (CVE-2026-48282) is being actively exploited. A Linux 'Bad Epoll' root exploit (CVE-2026-46242) has also been publicly released. Technology: The UN Global Dialogue on AI Governance started July 6 in Geneva. Microsoft announced 4,800 job cuts, notably affecting its Xbox division, on July 6.
Bluesky
Overview
Description
Statistics
- 6 Posts
- 16 Interactions
Fediverse
The new Linux kernel threat that outsmarted AI: Bad Epoll! 🚨
Discover the deep technical mechanics of CVE-2026-46242, how it escapes Chrome's sandbox to gain root, and its critical impact on Android/Linux systems. 👇
🔗 https://denizhalil.com/2026/07/06/bad-epoll-cve-2026-46242-linux-kernel-flaw/
time to upgrade, people!
https://git.proxmox.com/?p=pve-kernel.git;a=shortlog;h=refs/heads/trixie-6.17
#proxmox #badEpoll #linux #CVE202646242
⚠️ CRITICAL: Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability
A public proof-of-concept exploit is now available for CVE-2026-46242, a race-condition use-after-free bug in the Linux kernel epoll facility that allows unprivileged local processes to escalate to root. This affects kernel versions 6.4 and newer, including Android devices. Any system running vulne…
We have patched kernels ready for testing for two Linux kernel vulnerabilities: Januscape (CVE-2026-53359) and Bad Epoll (CVE-2026-46242).
Januscape affects every supported AlmaLinux release (8, 9, and 10). Bad Epoll affects AlmaLinux 9 and 10.
Learn more: https://almalinux.org/blog/2026-07-06-januscape-bad-epoll/
Geopolitical: The NATO Summit commenced in Ankara on July 7, addressing defense spending and new air power deals. Ukraine executed long-range drone strikes on Russia's Omsk refinery on July 7. Cybersecurity: A critical Adobe ColdFusion vulnerability (CVE-2026-48282) is being actively exploited. A Linux 'Bad Epoll' root exploit (CVE-2026-46242) has also been publicly released. Technology: The UN Global Dialogue on AI Governance started July 6 in Geneva. Microsoft announced 4,800 job cuts, notably affecting its Xbox division, on July 6.
Overview
- BeyondTrust
- Remote Support
Description
Statistics
- 4 Posts
- 1 Interaction
Fediverse
‼️ New Dark Web Informer Blog Post!
Title: Pre-Auth Access-Control Bypass in BeyondTrust Remote Support and PRA (CVE-2026-40138)
Attention, elevated activities detected targeting BeyondTrust Remote Support and Privileged Remote Access (CVE-2026-40138) https://vuldb.com/vuln/376483/cti
Bluesky
Overview
Description
Statistics
- 3 Posts
- 1 Interaction
Fediverse
‼️ New Dark Web Informer Blog Post!
Title: When the Password Check Fails, You're In: The Hidden Admin Backdoor in Tenda Router Firmware (CVE-2026-11405)
CVE-2026-11405 is a Tenda authentication backdoor. It allows full administrative access without valid credentials. Protect your network with these steps.
#CVE202611405 #Tenda #AuthenticationBackdoor #CyberSecurity #RouterSecurity
Overview
- Gitea
- Gitea Open Source Git Server
Description
Statistics
- 3 Posts
Fediverse
🚨 Critical Gitea flaw CVE-2026-20896 is being probed in the wild
Researchers warn that attackers are targeting a critical Gitea Docker image flaw that can allow authentication bypass with a single HTTP header.
The issue affects official Gitea Docker images up to 1.26.2 when reverse-proxy authentication is enabled.
The vulnerable default trusted any source IP as a reverse proxy, meaning an attacker who could reach the container’s HTTP port could spoof X-WEBAUTH-USER and impersonate a known or guessable user.
Gitea patched the issue in 1.26.3 / 1.26.4, and a public PoC/checker is now available.
Sysdig says the first in-the-wild probing was seen 13 days after disclosure.
Observed IP: 159[.]26[.]98[.]241
Bluesky
Overview
Description
Statistics
- 2 Posts
- 2 Interactions
Fediverse
"Ransomware has had a human at the keyboard, or at least a human writing its script, since it was first established as a category of threat. The Sysdig Threat Research Team (TRT) has captured what we assess to be the first documented case of agentic ransomware: a complete extortion operation driven end-to-end by a large language model (LLM).
This operator, which we have dubbed JADEPUFFER, gained initial access to an internet-facing Langflow instance through CVE-2025-3248 and ran an adaptive and fully automated campaign, ultimately pivoting to the intended target and running a destructive database-extortion playbook against the victim's production database server. JADEPUFFER is considered an agentic threat actor (ATA), or an operator whose attack capability is delivered by an AI agent rather than a human-driven toolkit.
The most striking characteristic, however, was the LLM's behavior. JADEPUFFER's own payloads were self-narrating. They contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively. The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.
The research below examines the Sysdig TRT’s observations of JADEPUFFER, along with its indicators of compromise and recommended defensive actions."
https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion
#AI #AiAgents #AgenticAI #CyberSecurity #LLMs #Ransomware #Jadepuffer
⚠️ CRITICAL: Sysdig clocks first documented case of agentic ransomware
JadePuffer deployed the first documented end-to-end agentic ransomware attack in June 2026, using AI agents to autonomously conduct reconnaissance, steal credentials, move laterally, and encrypt systems. The attack exploited CVE-2025-3248 in Langflow and targeted MySQL and Alibaba Nacos instances.…
Overview
Description
Statistics
- 2 Posts
- 2 Interactions
Overview
Description
Statistics
- 2 Posts
Overview
- python-pillow
- Pillow
Description
Statistics
- 1 Post
- 2 Interactions