Weekly review

ThreatNoir Afternoon Brief — July 7

2026-07-07Afternoon4 articles
Audio
Listen to the episode

Afternoon Review in IT Security — July 7, 2026

The cybersecurity landscape continues to face critical threats across multiple fronts today, with significant vulnerabilities disclosed in widely-deployed infrastructure software, remote access tools, and network hardware. Organizations are urged to prioritize patching efforts as threat actors actively exploit known flaws in educational institutions and enterprise systems.

Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems

A critical vulnerability in the Linux kernel's KVM hypervisor has been identified that could allow attackers to escape virtual machines and execute code on underlying host systems. The flaw, which has remained unpatched for 16 years, affects both Intel and AMD-based systems running vulnerable versions of the Linux kernel. This vulnerability represents a significant risk to cloud infrastructure and virtualized environments where VM isolation is essential for security boundaries. Source: Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A threat activity cluster suspected of being aligned with Chinese interests has been actively exploiting critical vulnerabilities in Roundcube webmail software targeting physics and engineering departments at universities in the United States and Canada. The attackers are leveraging now-patched critical security flaws, including CVE-2024-42009 with a CVSS score of 9.3, to harvest credentials and maintain persistent access to academic networks. The campaign demonstrates a focused effort to compromise research institutions and extract sensitive information from higher education environments. Source: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

BeyondTrust Warns of Critical Flaws in Remote Access Software

BeyondTrust has issued an urgent warning regarding critical security flaws discovered in its Remote Support and Privileged Remote Access software that could enable attackers to bypass authentication mechanisms entirely. The vulnerabilities affect enterprise customers who rely on these tools for secure remote administration and access management. Organizations using BeyondTrust solutions are advised to apply patches immediately to prevent unauthorized administrative access to their systems. Source: BeyondTrust warns of critical flaws in remote access software

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

The CERT Coordination Center has disclosed that multiple firmware versions released by Chinese network device manufacturer Tenda contain an undocumented authentication backdoor that grants administrative access to the web management interfaces without requiring password verification. This vulnerability, tracked as CVE-2026-11405, allows attackers to bypass password protection and gain full administrative control over affected routers. The discovery raises concerns about the security of network infrastructure deployed globally, particularly in small office and home office environments where Tenda devices are commonly used. Source: CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Today's threat landscape underscores the critical importance of timely vulnerability patching across all layers of infrastructure, from hypervisors and email systems to remote access tools and network hardware. Security teams should prioritize assessment and remediation of these disclosed flaws to prevent exploitation by active threat actors.

Sources & IOCs

Source articles and extracted indicators (defanged where appropriate).

BeyondTrust warns of critical flaws in remote access software
CVE7
  • High-severity vulnerability in BeyondTrust RS and PRA software leading to denial-of-service or restricted resource access.
  • Previously exploited critical pre-authentication RCE vulnerability in BeyondTrust RS and PRA.
  • Zero-day vulnerability exploited by Silk Typhoon to breach BeyondTrust systems.
  • Zero-day vulnerability exploited by Silk Typhoon to breach BeyondTrust systems.
  • Critical vulnerability in BeyondTrust RS and PRA software allowing authentication bypass.
  • Critical vulnerability in BeyondTrust RS software allowing unauthenticated remote access.
  • High-severity vulnerability in BeyondTrust RS and PRA software leading to denial-of-service or restricted resource access.