- Januscape vulnerability in Linux KVM hypervisor
- Exploitation for VM escape and host compromise
- Dirty FragChained with Januscape for privilege escalation if root access is not available
The cybersecurity landscape continues to face critical threats across multiple fronts today, with significant vulnerabilities disclosed in widely-deployed infrastructure software, remote access tools, and network hardware. Organizations are urged to prioritize patching efforts as threat actors actively exploit known flaws in educational institutions and enterprise systems.
A critical vulnerability in the Linux kernel's KVM hypervisor has been identified that could allow attackers to escape virtual machines and execute code on underlying host systems. The flaw, which has remained unpatched for 16 years, affects both Intel and AMD-based systems running vulnerable versions of the Linux kernel. This vulnerability represents a significant risk to cloud infrastructure and virtualized environments where VM isolation is essential for security boundaries. Source: Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems
A threat activity cluster suspected of being aligned with Chinese interests has been actively exploiting critical vulnerabilities in Roundcube webmail software targeting physics and engineering departments at universities in the United States and Canada. The attackers are leveraging now-patched critical security flaws, including CVE-2024-42009 with a CVSS score of 9.3, to harvest credentials and maintain persistent access to academic networks. The campaign demonstrates a focused effort to compromise research institutions and extract sensitive information from higher education environments. Source: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
BeyondTrust has issued an urgent warning regarding critical security flaws discovered in its Remote Support and Privileged Remote Access software that could enable attackers to bypass authentication mechanisms entirely. The vulnerabilities affect enterprise customers who rely on these tools for secure remote administration and access management. Organizations using BeyondTrust solutions are advised to apply patches immediately to prevent unauthorized administrative access to their systems. Source: BeyondTrust warns of critical flaws in remote access software
The CERT Coordination Center has disclosed that multiple firmware versions released by Chinese network device manufacturer Tenda contain an undocumented authentication backdoor that grants administrative access to the web management interfaces without requiring password verification. This vulnerability, tracked as CVE-2026-11405, allows attackers to bypass password protection and gain full administrative control over affected routers. The discovery raises concerns about the security of network infrastructure deployed globally, particularly in small office and home office environments where Tenda devices are commonly used. Source: CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
Today's threat landscape underscores the critical importance of timely vulnerability patching across all layers of infrastructure, from hypervisors and email systems to remote access tools and network hardware. Security teams should prioritize assessment and remediation of these disclosed flaws to prevent exploitation by active threat actors.
Source articles and extracted indicators (defanged where appropriate).