Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Linux and Ubiquiti Flaws, Accenture Breach, Android Exploit
July 12, 2026
Microsoft Teams macOS Bug Exposes Screen Sharing Content
July 12, 2026
Apple Sues OpenAI and Ex-Staff Over Alleged Trade Secret Theft
July 12, 2026
Home/CyberSecurity News/Critical Linux and Ubiquiti Flaws, Accenture Breach, Android Exploit
CyberSecurity News

Critical Linux and Ubiquiti Flaws, Accenture Breach, Android Exploit

Key Takeaways Multiple long-undetected vulnerabilities in Linux kernel components, some over a decade old, have been disclosed, including critical privilege escalation and guest-to-host escape flaws....

Emy Elsamnoudy
Emy Elsamnoudy
July 12, 2026 8 Min Read
3 0

Key Takeaways

  • Multiple long-undetected vulnerabilities in Linux kernel components, some over a decade old, have been disclosed, including critical privilege escalation and guest-to-host escape flaws.
  • Ubiquiti revealed 25 vulnerabilities across its UniFi product line, with several critical remote code execution and command injection issues affecting various services.
  • Accenture faces claims of a significant data breach involving source code and access tokens, while an Android 17 one-click root exploit highlights the risks of legacy kernel code.
  • New attack techniques include air-gap data exfiltration via HDMI signals and AI coding assistant hijacking through prompt injection and supply chain manipulation.
  • Urgent patches are required for critical flaws in PHP, OpenSSH, Palo Alto PAN-OS, Roundcube, and Django, along with mitigation for a Microsoft Edge RCE vulnerability.

Long-Standing Linux Kernel Flaws Surface

Recent disclosures have brought to light several critical vulnerabilities within the Linux kernel, some of which remained undiscovered for over a decade. These include a 16-year-old KVM escape bug, dubbed “Januscape,” and a 15-year-old privilege escalation flaw known as “GhostLock.”

Table Of Content

  • Key Takeaways
  • Long-Standing Linux Kernel Flaws Surface
  • Januscape: 16-Year-Old KVM Escape
  • GhostLock: 15-Year-Old Kernel Privilege Escalation
  • Linux DRM Bug Enables Passwordless Root
  • Ubiquiti and Accenture Face Major Security Issues
  • Ubiquiti Discloses 25 UniFi Flaws
  • Accenture Data Breach Claims
  • New Attack Vectors and Notable Vulnerabilities
  • TrojPix Air-Gap Data Theft Attack
  • Multiple PHP Flaws Enable DoS
  • Microsoft Edge Remote Code Execution Flaw
  • OpenSSH 10.4 Ships Security Fixes
  • Android 17 One-Click Root Exploit
  • Palo Alto PAN-OS Code Execution Flaw
  • Roundcube Zero-Click XSS Flaws
  • Django SQL Injection Exploited in the Wild
  • AI Systems Targeted by Sophisticated Attacks
  • Claude Desktop Turned into RCE Vector
  • GhostApproval Hits AI Coding Assistants
  • AI Coding Agents Hijacked via “Friendly Fire”
  • WhatsApp Message Weaponizes OpenClaw
  • Operationalizing Threat Intelligence and Advanced Compromises
  • Operationalizing Threat Intelligence
  • Attackers Abuse Microsoft Entra Passkeys
  • AI-Driven AWS Compromise in 72 Hours
  • What You Should Do

Januscape: 16-Year-Old KVM Escape

The “Januscape” vulnerability, identified as CVE-2026-53359, resided in KVM’s shadow Memory Management Unit (MMU) logic for nearly 16 years. This flaw could allow a malicious guest virtual machine to corrupt the host kernel memory, potentially leading to a full guest-to-host escape with root privileges. The vulnerability was actively exploited as a zero-day in Google’s kvmCTF before its public disclosure and impacts both Intel and AMD platforms. Read more

GhostLock: 15-Year-Old Kernel Privilege Escalation

Another significant finding is “GhostLock,” tracked as CVE-2026-43499, a privilege escalation flaw in the Linux kernel’s real-time mutex subsystem. This bug, introduced in 2011, remained undetected for over a decade. Researchers successfully demonstrated an exploit with a 97% reliability rate, leveraging a dangling pointer to hijack kernel control flow and achieve root access, earning a $92,337 bounty. Read more

Linux DRM Bug Enables Passwordless Root

A use-after-free race condition, CVE-2026-46215, found in the Linux kernel’s DRM GEM core ioctl, allowed any local user with GPU render node access to escalate privileges to root with a 99% success rate. This vulnerability originated from AMD’s CRIU checkpoint/restore code added in v6.18-rc1. Kernel maintainers have responded by completely disabling the vulnerable ioctl in the upcoming 7.1 release. Read more

Ubiquiti and Accenture Face Major Security Issues

Enterprise infrastructure provider Ubiquiti has disclosed a multitude of vulnerabilities across its UniFi ecosystem, while consulting giant Accenture is dealing with claims of a substantial data breach.

Ubiquiti Discloses 25 UniFi Flaws

Ubiquiti’s Security Advisory Bulletin 066 detailed 25 vulnerabilities impacting its UniFi product line. Among these is CVE-2026-50746, a critical command injection flaw in UniFi Connect rated 10.0 CVSS, exploitable without authentication. The advisory also listed several other high-severity bugs (CVSS 9.9) involving SQL injection, Server-Side Request Forgery (SSRF), and access control issues across UniFi Talk, Access, and Protect applications. Read more

Accenture Data Breach Claims

A threat actor identified as “888” has claimed responsibility for a data breach at Accenture in July 2026, alleging the theft of approximately 35 GB of source code, RSA/SSH keys, and Azure access tokens. The actor provided sample screenshots of Azure DevOps activity as evidence. Accenture has acknowledged an “isolated matter” that has since been remediated but has not confirmed the full scope of the alleged data compromise. Read more

New Attack Vectors and Notable Vulnerabilities

Attackers continue to find innovative ways to compromise systems, from novel air-gap data exfiltration techniques to exploiting AI coding assistants and long-standing software flaws.

TrojPix Air-Gap Data Theft Attack

Researchers have unveiled TrojPix, an electromagnetic covert-channel attack capable of exfiltrating data from compromised air-gapped computers. This technique exploits pixel-level HDMI signal leakage, allowing data extraction from up to 208 meters away, even through concrete walls. TrojPix achieves a peak throughput of 8.1 Mbps with near-perfect accuracy, all while remaining imperceptible to the human eye. Read more

Multiple PHP Flaws Enable DoS

Two PHP vulnerabilities, CVE-2026-12184 and CVE-2026-14355, could allow attackers to trigger denial-of-service conditions and memory corruption in widely deployed web applications. The more severe flaw affects PHP’s HTTP stream wrapper, potentially crashing PHP-FPM, while the second corrupts memory due to a buffer miscalculation in the OpenSSL extension’s AES-WRAP-PAD handling. Read more

Microsoft Edge Remote Code Execution Flaw

Microsoft disclosed CVE-2026-57992, a High-severity (CVSS 7.5) Use-After-Free vulnerability in Edge’s Chromium engine. This flaw can lead to remote code execution if a victim visits a malicious page and performs two tap gestures that trigger autofill. An official patch is not yet available, prompting advice to restrict autofill and monitor MSRC for updates. Read more

OpenSSH 10.4 Ships Security Fixes

OpenSSH 10.4, released on July 6, 2026, addresses several security vulnerabilities. These include a malicious-server file redirection flaw in sftp, an scp path traversal issue, and a client-side use-after-free bug in ssh triggered by mid-session host key changes. The release also introduces experimental post-quantum cryptography support, combining ML-DSA 44 and Ed25519. Read more

Android 17 One-Click Root Exploit

An exploit dubbed “IonStack” demonstrates a one-click remote code execution and root access capability on Android 17. This proof-of-concept chains a Firefox zero-day with a 15-year-old Linux kernel flaw. Researchers responsibly disclosed the exploit, noting no in-the-wild activity, but it underscores how legacy kernel code can harbor severe vulnerabilities for extended periods. Read more

Palo Alto PAN-OS Code Execution Flaw

Palo Alto Networks disclosed CVE-2026-0288, a 9.2-severity buffer overflow in PAN-OS’s User-ID Terminal Server Agent. This vulnerability allows unauthenticated attackers to achieve remote code execution or crash the service via specially crafted network traffic. It affects multiple PAN-OS branches with TSA configured, though Panorama and Cloud NGFW on AWS are not impacted. The vendor is currently unaware of active exploitation. Read more

Roundcube Zero-Click XSS Flaws

Roundcube 1.7 includes patches for six vulnerabilities, two of which are critical zero-click stored Cross-Site Scripting (XSS) flaws (CVE-2026-54432 and CVE-2026-54433). These allow malicious JavaScript to execute simply by loading an attachment-warning page or viewing an email in plain-text mode. Reported by Samsung R&D Institute Ukraine, these updates are urgent due to the minimal interaction required for exploitation. Read more

Django SQL Injection Exploited in the Wild

CVE-2026-1207, a SQL injection flaw in Django’s GeoDjango module affecting PostGIS-backed applications, is now being actively exploited. Attackers are leveraging crafted raster field “band” parameters. Exploitation began shortly after its February 2026 disclosure and appears targeted. Patched releases are available in Django 6.0.2, 5.2.11, and 4.2.28. Read more

AI Systems Targeted by Sophisticated Attacks

Artificial intelligence systems, particularly coding assistants, are becoming new targets for attackers, with novel techniques designed to bypass security measures and inject malicious code.

Claude Desktop Turned into RCE Vector

Pentera Labs researchers demonstrated that a compromised email inbox could lead to full remote code execution on a victim’s machine by hijacking Claude Desktop’s synced “Personal Preferences” field. Attackers can inject instructions that direct Claude to run commands through installed extensions like Desktop Commander or trick users into installing the extension via a fake error message. Anthropic classified this behavior as “expected functionality.” Read more

GhostApproval Hits AI Coding Assistants

Wiz researchers uncovered “GhostApproval,” a symlink-following flaw (CWE-61) affecting Amazon Q, Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. This vulnerability allows malicious repositories to bypass human approval and write attacker SSH keys directly to a developer’s authorized_keys file. AWS, Cursor, and Google have released fixes, while Anthropic initially disputed the finding before patching symlink resolution in later Claude Code versions. Read more

AI Coding Agents Hijacked via “Friendly Fire”

A new exploit, “Friendly Fire,” hijacks Claude Code and Codex CLI during routine security reviews. It works by embedding prompt injections within the documentation of a modified open-source library, deceiving auto-mode classifiers into approving a malicious binary as safe. The attack transferred directly from Claude Code to Codex without modification, suggesting a fundamental weakness in how frontier models differentiate trusted instructions from untrusted data. Read more

WhatsApp Message Weaponizes OpenClaw

Three high-severity flaws in OpenClaw, an open-source AI coding assistant with over 100,000 daily users, enable remote code execution via a single WhatsApp message. Attackers can bypass environment-variable filters, abuse Git’s ext:: transport, or escape its Docker sandbox. Researcher Chinmohan Nayak showed that payloads disguised as routine developer debugging requests succeeded in every tested session, prompting an urgent upgrade to version 2026.6.6. Read more

Operationalizing Threat Intelligence and Advanced Compromises

The gap between acquiring threat intelligence and effectively using it remains a challenge, while sophisticated attackers are leveraging AI to accelerate compromise timelines.

Operationalizing Threat Intelligence

A persistent gap exists between organizations purchasing threat intelligence feeds and their ability to operationalize them into Security Operations Center (SOC) detection and response workflows. Many feeds remain unused due to a lack of context and slow update cycles. The article outlines what a fully integrated, bidirectional intelligence pipeline looks like across SIEM, SOAR, firewall, and EDR platforms. Read more

Attackers Abuse Microsoft Entra Passkeys

Threat group ONC 066, also known as “Pink,” has been conducting a phone-based phishing campaign since April 2026. This campaign tricks employees into registering attacker-controlled passkeys on their Microsoft accounts by using live operators to relay Multi-Factor Authentication (MFA) codes in real time. The scheme establishes a persistent foothold that survives password resets, primarily for extortion, targeting victims in the food and beverage, healthcare, and aviation sectors. Read more

AI-Driven AWS Compromise in 72 Hours

A Sygnia investigation revealed a threat actor utilized AI-assisted tooling to progress from initial AWS access to full environmental compromise in approximately 72 hours. This was achieved by chaining familiar techniques at an unprecedented speed and scale. Forensic evidence, including four access keys used simultaneously from a single IP, suggested agentic automation rather than manual operation. This echoes an earlier Sysdig case where AI escalated to full AWS administrative control in just eight minutes. Read more

What You Should Do

  • Patch Immediately: Prioritize installing updates for PHP, OpenSSH, Roundcube, Django, and Palo Alto PAN-OS to address critical vulnerabilities.
  • Update Linux Kernels: Ensure Linux systems, especially those using KVM or real-time mutexes, are running the latest kernel versions to mitigate Januscape, GhostLock, and DRM flaws.
  • Upgrade Ubiquiti UniFi: Apply all available patches for Ubiquiti UniFi products as per Security Advisory Bulletin 066, particularly for critical command injection flaws.
  • Restrict Autofill: For Microsoft Edge users, consider restricting or disabling autofill functionality as a temporary mitigation for CVE-2026-57992 until a patch is released.
  • Monitor Accenture Systems: Organizations that interact with Accenture should monitor their systems for any unusual activity and review access logs for potential compromise, given the breach claims.
  • Educate on Phishing: Train employees about advanced phishing techniques, especially those involving passkeys and MFA relay, to counter threats like the ONC 066 campaign.
  • Review AI Assistant Configurations: If using AI coding assistants (e.g., Claude Code, Amazon Q), ensure they are updated and configured to prevent prompt injection and supply chain attacks like “GhostApproval” and “Friendly Fire.”
  • Implement Threat Intelligence: Actively integrate threat intelligence feeds into SOC workflows, ensuring context and timely updates to enhance detection and response capabilities.
  • Consider Air-Gap Security: For highly sensitive air-gapped systems, be aware of novel exfiltration methods like TrojPix and review physical and electromagnetic shielding measures.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCVEExploitPatchphishingSecurityThreatVulnerabilityzero-day

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Microsoft Teams macOS Bug Exposes Screen Sharing Content

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Dell BIOS Critical Flaw Exposes Admin Passwords From SPI Flash
July 11, 2026
CISA Report Details Lessons Learned From AWS GovCloud Credential Leak
July 11, 2026
281 Android VPN Apps Leak Sensitive Data, Transfer Data Unencrypted
July 11, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us