# Archive
Browse past daily curated stories
Thursday, July 09, 2026
-
1The Hacker News general15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
CVE-2026-43499 (dubbed 'GhostLock') is a 15-year-old Linux kernel privilege escalation flaw discovered by Nebula Security that affects every mainstream Linux distribution since 2011. It requires no special permissions or unusual configurations, allowing any logged-in user to gain full root access or escape containers. Security teams running unpatched Linux systems should treat this as urgent given the breadth of affected distributions.
-
2The Hacker News generalCISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CISA added four actively exploited vulnerabilities to its KEV catalog, including CVE-2026-48282 (CVSS 10.0), a path traversal RCE flaw in Adobe ColdFusion, plus flaws in Langflow and two Joomla extensions. Federal agencies were given until July 10 to patch, reflecting confirmed in-the-wild exploitation. Organizations running ColdFusion or Langflow AI agent frameworks should prioritize these patches immediately.
-
3The Hacker News generalUbiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
Ubiquiti shipped patches for seven critical vulnerabilities across UniFi Connect, Talk, Access, Protect, and OS, including CVE-2026-50746 (CVSS 10.0), an improper access control flaw in UniFi Connect that enables privilege escalation and arbitrary command execution. The breadth of affected product lines — covering physical access, video surveillance, and network OS — makes this a high-priority patch for enterprise and prosumer environments. Administrators should update all UniFi product lines immediately.
-
4The Hacker News generalChina-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
Cisco Talos has documented China-linked threat actor UAT-7810 expanding its LapDogs ORB network with three new SOHO router backdoors: LongLeash, DogLeash, and JarLeash. The actor targets internet-facing networking devices to build Operational Relay Box infrastructure used to obfuscate APT traffic. Network defenders should audit SOHO routers for signs of compromise and review Cisco Talos IOCs associated with the LapDogs campaign.
-
5BleepingComputer generalTelco giant KDDI says data breach affects over 12 million people
Japanese telecom giant KDDI disclosed a breach affecting over 12 million customers, exposing email addresses and passwords from an email platform shared across five ISPs. The breach compromised webmail services and email storage, representing one of the largest telecom data exposures in Japan in recent years. Affected users across KDDI's ISP ecosystem should rotate credentials and enable MFA immediately.
-
6BleepingComputer generalCISA orders feds to patch max severity ColdFusion flaw by Friday
CISA ordered federal agencies to patch a maximum-severity Adobe ColdFusion vulnerability (CVE-2026-48282, CVSS 10.0) by July 11, citing active exploitation in the wild. ColdFusion's history as a high-value target for initial access means this deadline applies pressure not just to federal agencies but to any enterprise running the platform. Organizations without a patch management cadence for ColdFusion should treat this as an emergency remediation.
-
7The Hacker News generalCourt Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
Court documents reveal the FBI tracked an alleged Scattered Spider member, 19-year-old Peter Stokes, through a persistent Windows Device ID tied to Microsoft account records from a May 2025 intrusion at a luxury jewelry retailer. The case demonstrates how Windows telemetry and Microsoft account linkages serve as durable forensic artifacts even when attackers rotate credentials. This is a significant development in the ongoing Scattered Spider prosecution series.
-
8SecurityWeek generalChina-Linked APT Expands Arsenal With New ‘Leash’ Backdoors
Cisco Talos attributed the LapDogs ORB network campaign to Chinese APT UAT-7810, documenting three new custom backdoors — LongLeash, DogLeash, and JarLeash — used to compromise internet-facing SOHO routers. The expanded toolkit signals a deliberate effort to build resilient relay infrastructure for sustained espionage operations. Network security teams should cross-reference Talos IOCs against edge device logs, particularly for routers lacking automated firmware update mechanisms.
-
9Krebs on Security threat-intelFelons, Fraudsters Flog Offensive Cybersecurity Startup
Brian Krebs reports that a cybersecurity startup advertising millions of dollars for zero-day vulnerability purchases is operated by two convicted felons and far-right conspiracy theorists who previously ran fake intelligence companies and an AI lobbying platform under assumed names. The investigation raises serious concerns about fraudulent zero-day acquisition schemes targeting vulnerability researchers. Security professionals should exercise extreme caution before engaging with unvetted zero-day brokers.
-
10The Hacker News generalPublic GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
Researchers at Noma Security demonstrated 'GitLost,' a prompt injection attack where a crafted public GitHub Issue tricks GitHub Agentic Workflows into exfiltrating data from an organization's private repositories — requiring zero credentials or org access. The attack exploits AI agent read permissions granted across repos, making it exploitable against any org that has deployed GitHub AI agents with broad repository access. Organizations using GitHub Copilot Workspace or similar agentic CI/CD integrations should immediately audit agent permission scopes.