# Archive

Browse past daily curated stories

Jul 09 Jul 08 Jul 07 Jul 05 Jul 04 Jul 03 Jul 02 Jul 01 Jun 30 Jun 27 Jun 26 Jun 25 Jun 24 Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06

Thursday, July 09, 2026

  1. 1
    0
    The Hacker News general
    15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

    CVE-2026-43499 (dubbed 'GhostLock') is a 15-year-old Linux kernel privilege escalation flaw discovered by Nebula Security that affects every mainstream Linux distribution since 2011. It requires no special permissions or unusual configurations, allowing any logged-in user to gain full root access or escape containers. Security teams running unpatched Linux systems should treat this as urgent given the breadth of affected distributions.

  2. 2
    0
    The Hacker News general
    CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

    CISA added four actively exploited vulnerabilities to its KEV catalog, including CVE-2026-48282 (CVSS 10.0), a path traversal RCE flaw in Adobe ColdFusion, plus flaws in Langflow and two Joomla extensions. Federal agencies were given until July 10 to patch, reflecting confirmed in-the-wild exploitation. Organizations running ColdFusion or Langflow AI agent frameworks should prioritize these patches immediately.

  3. 3
    0
    The Hacker News general
    Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

    Ubiquiti shipped patches for seven critical vulnerabilities across UniFi Connect, Talk, Access, Protect, and OS, including CVE-2026-50746 (CVSS 10.0), an improper access control flaw in UniFi Connect that enables privilege escalation and arbitrary command execution. The breadth of affected product lines — covering physical access, video surveillance, and network OS — makes this a high-priority patch for enterprise and prosumer environments. Administrators should update all UniFi product lines immediately.

  4. 4
    0
    The Hacker News general
    China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

    Cisco Talos has documented China-linked threat actor UAT-7810 expanding its LapDogs ORB network with three new SOHO router backdoors: LongLeash, DogLeash, and JarLeash. The actor targets internet-facing networking devices to build Operational Relay Box infrastructure used to obfuscate APT traffic. Network defenders should audit SOHO routers for signs of compromise and review Cisco Talos IOCs associated with the LapDogs campaign.

  5. 5
    0
    BleepingComputer general
    Telco giant KDDI says data breach affects over 12 million people

    Japanese telecom giant KDDI disclosed a breach affecting over 12 million customers, exposing email addresses and passwords from an email platform shared across five ISPs. The breach compromised webmail services and email storage, representing one of the largest telecom data exposures in Japan in recent years. Affected users across KDDI's ISP ecosystem should rotate credentials and enable MFA immediately.

  6. 6
    0
    BleepingComputer general
    CISA orders feds to patch max severity ColdFusion flaw by Friday

    CISA ordered federal agencies to patch a maximum-severity Adobe ColdFusion vulnerability (CVE-2026-48282, CVSS 10.0) by July 11, citing active exploitation in the wild. ColdFusion's history as a high-value target for initial access means this deadline applies pressure not just to federal agencies but to any enterprise running the platform. Organizations without a patch management cadence for ColdFusion should treat this as an emergency remediation.

  7. 7
    0
    The Hacker News general
    Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

    Court documents reveal the FBI tracked an alleged Scattered Spider member, 19-year-old Peter Stokes, through a persistent Windows Device ID tied to Microsoft account records from a May 2025 intrusion at a luxury jewelry retailer. The case demonstrates how Windows telemetry and Microsoft account linkages serve as durable forensic artifacts even when attackers rotate credentials. This is a significant development in the ongoing Scattered Spider prosecution series.

  8. 8
    0
    SecurityWeek general
    China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

    Cisco Talos attributed the LapDogs ORB network campaign to Chinese APT UAT-7810, documenting three new custom backdoors — LongLeash, DogLeash, and JarLeash — used to compromise internet-facing SOHO routers. The expanded toolkit signals a deliberate effort to build resilient relay infrastructure for sustained espionage operations. Network security teams should cross-reference Talos IOCs against edge device logs, particularly for routers lacking automated firmware update mechanisms.

  9. 9
    0
    Krebs on Security threat-intel
    Felons, Fraudsters Flog Offensive Cybersecurity Startup

    Brian Krebs reports that a cybersecurity startup advertising millions of dollars for zero-day vulnerability purchases is operated by two convicted felons and far-right conspiracy theorists who previously ran fake intelligence companies and an AI lobbying platform under assumed names. The investigation raises serious concerns about fraudulent zero-day acquisition schemes targeting vulnerability researchers. Security professionals should exercise extreme caution before engaging with unvetted zero-day brokers.

  10. 10
    0
    The Hacker News general
    Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

    Researchers at Noma Security demonstrated 'GitLost,' a prompt injection attack where a crafted public GitHub Issue tricks GitHub Agentic Workflows into exfiltrating data from an organization's private repositories — requiring zero credentials or org access. The attack exploits AI agent read permissions granted across repos, making it exploitable against any org that has deployed GitHub AI agents with broad repository access. Organizations using GitHub Copilot Workspace or similar agentic CI/CD integrations should immediately audit agent permission scopes.