08 Jul, 2026

New Januscape Linux flaw allows VM escape on Intel, AMD devices

A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. According to Hyunwoo Kim, the security researcher who discovered it, this guest-to-host escape flaw (tracked as CVE-2026-53359) stems from a use-after-free weakness in the shadow MMU emulation of KVM/x86, the kernel-based virtual machine built for x86 and […]

2 mins read

Microsoft to enable Windows settings backup by default for orgs

Microsoft says the Windows settings backup and restore tool will be enabled by default on Microsoft Entra-joined or Microsoft Entra hybrid-joined enterprise systems after upgrading to Windows 11 26H2. Formerly known as Windows Backup for Organizations, this backup tool helps back up and restore enterprise users’ Windows settings after a device is reset, replaced, upgraded, or […]

2 mins read

BeyondTrust warns of critical flaws in remote access software

BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication. The first vulnerability, tracked as CVE-2026-40138, affects the company’s RS remote desktop and assistance platform (versions 25.3.2 or earlier) and the PRA enterprise cybersecurity solution (versions 25.3.2 or earlier). […]

3 mins read

Microsoft testing new Cloud Rebuild Windows 11 recovery feature

Microsoft has begun testing the Cloud Rebuild recovery feature in the latest Windows 11 Insider Preview builds released for users in the Experimental channel. First introduced at the Ignite developer conference in November 2025, Cloud Rebuild is a tool that can remotely trigger a complete system reinstall from the cloud for Windows 11 devices experiencing persistent […]

2 mins read

Fake IT support calls on Microsoft Teams push EtherRAT malware

Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. The campaign, reported by Palo Alto Networks’ Unit 42, combines phishing emails, Microsoft Teams voice calls, legitimate remote management tools, and a Node.js-based malware loader to […]

3 mins read

Vietnam arrests suspects behind HiAnime anime piracy service

​Vietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June. HiAnime provided access to a massive library of English-subbed and dubbed anime without subscription fees, attracting several hundred million visitors each month and temporarily surpassing legal streaming platforms like Disney+ and Crunchyroll […]

2 mins read

Max severity Adobe ColdFusion flaw now exploited in attacks

Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, the Canadian Center for Cyber Security (CCCS) warned on Thursday. ColdFusion is a commercial web app development platform designed to help build and deploy enterprise-grade websites. The CVE-2026-48282 security flaw affects ColdFusion versions 2025.9, 2023.20, and earlier, and can be exploited by attackers […]

2 mins read

Flipper Zero firmware development continues with community help

Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. The announcement comes as the gadget maker decided to focus on building new devices, like the Flipper One open Linux platform, for which the company turned to the community’s help to complete development. There […]

2 mins read

JadePuffer ransomware used AI agent to automate entire attack

Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. According to cloud security company Sysdig, JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data. The […]

3 mins read