Early July 2026 brought a wave of major disclosures affecting widely used software and infrastructure. The most prominent threats include the long-hidden Linux KVM Januscape flaw, the GhostLock kernel privilege escalation, and a cluster of critical Ubiquiti UniFi vulnerabilities. These issues collectively threaten the security posture of organisations across sectors, making immediate awareness and response mandatory.
Linux KVM Januscape and GhostLock: Decade-Old Flaws Surface
The discovery of Januscape (CVE-2026-53359), a 16-year-old bug in the Linux Kernel-based Virtual Machine (KVM), has sent ripples through the technology community. First introduced in 2010, this flaw resided in KVM’s shadow MMU logic, undetected until a recent patch in June 2026. Januscape enables a malicious guest virtual machine to corrupt host kernel memory, effectively allowing an escape from the VM sandbox and full host compromise with root privileges. Both Intel and AMD x86_64 platforms are affected, making the vulnerability relevant to nearly all enterprise Linux deployments running virtualised workloads.
The issue was made public by researcher Hyunwoo Kim on 6 July 2026, shortly after the fix was incorporated upstream (commit 81ccda30b4e8). Notably, Januscape had been exploited as a zero-day in Google’s kvmCTF competition, highlighting its real-world impact. Systems with KVM enabled, especially those supporting nested virtualisation, are most at risk. Misconfigured permissions on /dev/kvm can further widen the attack surface, enabling even unprivileged users to exploit the bug.
Another critical kernel flaw, GhostLock (CVE-2026-43499), was also disclosed in July 2026. GhostLock is a 15-year-old privilege escalation bug lurking in the futex/rtmutex code since Linux 2.6.39 (2011). Any local user, even without special permissions, can exploit GhostLock to gain root access in seconds. The vulnerability impacts all major Linux distributions (Ubuntu, RHEL, Fedora, SUSE, Debian) and Android kernels, especially those not yet updated with the April 2026 patch (commit 3bfdc63936dd). Containerised environments are not immune, as GhostLock enables container escapes to host root.
- Januscape (CVE-2026-53359): Affects Linux KVM on Intel/AMD, 2007–2026, fixed in June 2026
- GhostLock (CVE-2026-43499): Affects Linux kernels 2.6.39 (2011) to pre-April 2026, all major distros and Android
Ubiquiti UniFi: 25 Vulnerabilities with Multiple Critical Exploits
On 7 July 2026, Ubiquiti Networks released Security Advisory Bulletin 066, detailing 25 separate vulnerabilities across its UniFi product ecosystem. Seven of these are rated critical, including a maximum-severity (CVSS 10.0) command injection flaw in UniFi Connect (CVE-2026-50746). This bug can be exploited without authentication, granting attackers the ability to execute arbitrary commands on vulnerable devices remotely.
The affected components and versions are extensive, covering:
- UniFi Connect Application: Versions 3.4.16 and earlier (CVE-2026-50746)
- UniFi Talk VoIP Application: 5.1.2 and earlier (CVE-2026-50747)
- UniFi Access Application: 4.2.28 and earlier (CVE-2026-50748, CVE-2026-54400)
- UniFi Protect (Camera NVR): 7.1.77 and earlier (CVE-2026-55115, CVE-2026-54407/8)
- UniFi Network Application: 10.3.58 and earlier (CVE-2026-54404)
- UniFi OS: 5.1.18 and earlier, including UDM/UDM-Pro/UDM-SE, UNVR, UNAS consoles (multiple CVEs)
Ubiquiti released patches for all impacted products on the same day as the advisory. If any UniFi products are running versions at or below those listed, they are vulnerable to one or more remote code execution, authentication bypass, or privilege escalation attacks.
Microsoft Edge RCE, OpenSSH 10.4 and PHP DoS: Additional Major Threats
Microsoft disclosed a high-severity remote code execution vulnerability (CVE-2026-57992) in Edge’s Chromium engine on 7 July 2026. This use-after-free flaw can be triggered if a user visits a malicious web page and performs a specific autofill action (two quick taps or clicks). At the time of disclosure, no official patch was available. Microsoft advised disabling or restricting autofill and monitoring the MSRC for updates.
Simultaneously, OpenSSH 10.4 was released on 6 July 2026, fixing several vulnerabilities in ssh, scp, and sftp. Key issues addressed include a malicious server file redirection flaw, a path traversal vulnerability in scp, and a client-side use-after-free bug triggered by mid-session host key changes. The update also introduces experimental post-quantum cryptography support (ML-DSA 44 and Ed25519).
PHP maintainers disclosed two new vulnerabilities (CVE-2026-12184, CVE-2026-14355) in early July 2026. The first, in the HTTP stream wrapper, can crash PHP-FPM entirely via remote requests. The second permits memory corruption through a bug in the OpenSSL extension’s AES-WRAP-PAD handling. Both flaws affect PHP 8.x branches and are under active remediation.
Other Notable Security Events: TrojPix, Android IonStack and Accenture Breach
Research teams unveiled TrojPix, a new electromagnetic exfiltration technique that can transmit data from air-gapped machines via subtle HDMI signal changes. Demonstrated at up to 8 Mbps over distances exceeding 200 metres, TrojPix highlights risks to physically isolated systems.
Security company Nebula demonstrated the IonStack exploit chain on Android 17, combining a Firefox zero-day with GhostLock to achieve full remote device compromise in one tap. Though not observed in the wild, this proof-of-concept shows the real-world impact of chaining remote and local vulnerabilities.
Finally, consulting giant Accenture experienced an “isolated” breach in July 2026 after threat actor “888” claimed to have stolen 35 GB of source code and credentials. Accenture confirmed the incident was contained, though screenshots of Azure DevOps data were shared as proof by the attacker.
Why This Matters and What Organisations Should Do
These coordinated disclosures underscore the risks posed by both legacy flaws and modern supply chain vulnerabilities. Januscape and GhostLock threaten the foundation of Linux-based infrastructure, while the Ubiquiti and Microsoft Edge issues expose enterprise networking and endpoint environments to remote exploitation. Immediate patching, version reviews, and configuration audits are essential for affected products.
Organisations should prioritise:
- Patching all affected Linux, Ubiquiti, and Edge products to the latest secure versions
- Reviewing exposure of KVM-enabled hosts and UniFi consoles to untrusted networks
- Monitoring vendor advisories for remediation of PHP and Edge vulnerabilities
Originally reported by cybersecuritynews.com.





