# Today's Top Stories
July 08, 2026
-
1SecurityWeek general Jul 07Critical Gitea Flaw Under Active Exploitation, Researchers Warn
CVE-2026-20896, a critical authentication bypass flaw in Gitea, is under active exploitation — attackers can bypass authentication using a single HTTP header to access repositories and steal secrets. Security practitioners running self-hosted Gitea instances should patch immediately, as the ease of exploitation (single header manipulation) makes this a high-severity, low-barrier-to-entry attack.
-
2SecurityWeek general Jul 07Critical Adobe ColdFusion Vulnerability Exploited in Attacks
CVE-2026-48282, a CVSS 10.0 critical vulnerability in Adobe ColdFusion, is being actively exploited in the wild. ColdFusion has historically been a high-value target for attackers seeking initial access to enterprise web servers, and a perfect CVSS score with confirmed in-the-wild exploitation demands immediate patching priority.
-
3BleepingComputer general Jul 07New Januscape Linux flaw allows VM escape on Intel, AMD devices
A 16-year-old Linux kernel vulnerability dubbed 'Januscape' allows attackers to escape virtual machines and execute arbitrary code on the host, affecting both Intel and AMD systems running Linux's KVM hypervisor. The age of the flaw means it is present across a vast range of deployed Linux versions, posing significant risk to cloud and virtualization infrastructure operators.
-
4The Hacker News general Jul 07BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
BeyondTrust patched two critical pre-authentication vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products: CVE-2026-40138 (CVSS 9.2) and a second flaw, both allowing unauthenticated attackers to take control of devices. Given BeyondTrust's prior exploitation history (a critical PRA/RS RCE was weaponized in late 2024), these flaws in privileged access management software are a high-priority patching concern.
-
5BleepingComputer general Jul 07Accenture confirms breach after hacker offers stolen data for sale
IT services giant Accenture confirmed a security breach after a threat actor claimed to have stolen 35 GB of data including source code and offered it for sale. As a major contractor holding sensitive client data across government and enterprise sectors, any confirmed breach of Accenture has significant downstream supply-chain risk implications.
-
ADSponsoredPenetration Testing
Comprehensive security assessments by certified professionals. Find vulnerabilities before attackers do.
Learn More → -
6The Hacker News general Jul 07Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
A suspected China-aligned threat actor is exploiting CVE-2024-42009 (CVSS 9.3) in Roundcube webmail to target physics and engineering departments at U.S. and Canadian universities, siphoning credentials in a campaign Proofpoint warns is likely ongoing. The targeting of STEM university departments aligns with Chinese state-sponsored intellectual property theft priorities.
-
7BleepingComputer general Jul 07Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese threat group UAT-7810 has developed new malware called LONGLEASH to expand their Operational Relay Box (ORB) network by compromising unpatched Ruckus routers and other internet-facing networking devices. ORB networks are increasingly used by Chinese APTs to obscure attribution and route malicious traffic, making this infrastructure evolution significant for network defenders.
-
8CyberScoop general Jul 06Sysdig clocks first documented case of agentic ransomware
Sysdig documented the first confirmed case of agentic ransomware in a late June 2026 attack, where an AI agent autonomously handled multiple attack chain steps, reducing operator complexity and accelerating attack tempo. This represents a qualitative shift in ransomware operations — AI-assisted automation gives threat actors operational advantages that traditional detection timelines are not designed to counter.
-
9The Hacker News general Jul 07CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
CERT/CC issued a warning about CVE-2026-11405, an undocumented hardcoded authentication backdoor found in multiple Tenda router firmware versions that bypasses password verification to grant admin access to the web management interface. Hardcoded backdoors in consumer/SMB routers are a persistent supply-chain risk, and Tenda devices are widely deployed globally.
-
10BleepingComputer general Jul 07Hidden backdoor in Tenda router firmware grants admin access
A hidden authentication backdoor was discovered in multiple Tenda router firmware versions, allowing attackers to gain administrative access to the web management panel without valid credentials. The flaw affects several firmware releases from the Chinese manufacturer, and with Tenda routers widely deployed in home and small business environments, the exposure surface is substantial.