Cybersecurity News | Daily Recap [07 Jul 2026]

Cybersecurity News | Daily Recap [07 Jul 2026]
Daily Recap, Linux and virtualization issues topped the roundup, including a Januscape-disclosed Linux kernel vulnerability that enables VM escape on Intel/AMD systems affecting KVM guest-to-host isolation, alongside rapid probing of a Gitea Docker flaw (CVE-2026-20896) shortly after disclosure. State-sponsored and criminal activity also featured prominently, with Iran-linked actors using a modular Cavern C2 framework, Chinese espionage groups leveraging Roundcube exploit chains and Armored Likho continuing targeting of government and electric power, while BeyondTrust patched critical authentication-bypass issues and CERT/CC warned of a hidden Tenda admin backdoor—plus phishing delivery of EtherRAT and Blogspot-hosted Veil#Drop staging. #Januscape #KVM #Gitea #CVE-2026-20896 #Cavern #Iran #Israeli #Roundcube #Armored Likho #BeyondTrust #PRA #Tenda #EtherRAT #VeilDrop #Blogspot #HiAnime #BONK

Linux & Virtualization

  • A newly disclosed Linux kernel flaw lets attackers perform VM escape on Intel and AMD systems, with multiple reports confirming the long-standing KVM issue affects guest-to-host isolation. – Januscape Flaw, Kernel Escape, KVM Escape
  • Attackers began probing a Gitea Docker vulnerability (CVE-2026-20896) just 13 days after disclosure, underscoring how quickly exposed development infrastructure is targeted. – Gitea Flaw

State-Sponsored Threats

  • Iran-linked hackers were seen using a new modular C2 framework to run more flexible intrusions, including campaigns built around Cavern against Israeli organizations. – Modular C2, Cavern C2
  • A suspected Chinese espionage group used a Roundcube exploit chain to infiltrate universities in the U.S. and Canada, while Armored Likho continued targeting government and electric power entities. – Roundcube Espionage, Armored Likho

Vulnerability Alerts

  • BeyondTrust warned and patched critical authentication-bypass flaws in its remote access and PRA products, prompting urgent remediation for organizations using the software. – Critical Flaws, Auth Bypass
  • CERT/CC flagged a hidden admin backdoor in Tenda router firmware, raising concerns about unauthorized device takeover on consumer networking gear. – Tenda Backdoor

Phishing & Malware

  • Phishing lures posing as a big-brand job interview were used to steal Google accounts, while fake Microsoft Teams IT-support calls delivered EtherRAT malware to victims. – Job Phishing, EtherRAT
  • Veil#Drop attacks were observed delivering payloads through Blogspot-hosted infrastructure, showing continued abuse of legitimate platforms for malware staging. – Veil#Drop

Platform & Product Updates

  • Microsoft plans to enable Windows settings backup by default for organizations and is also testing a new Cloud Rebuild recovery feature for Windows 11. – Backup Default, Cloud Rebuild
  • Software security and business-aligned risk management remain top-of-mind as new commentary highlights the gap between rapid software creation and slower security processes. – Speed vs Security, Risk Management
  • Tarah Wheeler was featured in a CISO Conversations profile discussing leadership, thought leadership, and modern cybersecurity strategy. – Tarah Wheeler

Incidents, Law Enforcement & Crypto

  • Canada’s spy agency said it disrupted three criminal groups in 2025, while Vietnam arrested suspects tied to the HiAnime piracy service. – Canadian Ops, HiAnime Arrests
  • A major medical device manufacturer notified nearly 4 million people of a breach, while attackers managed to vote themselves $20 million in BONK cryptocurrency. – Medical Breach, BONK Theft
  • U.S. Army websites were defaced with pro-Kurdish messages and insults aimed at Trump, highlighting opportunistic website tampering campaigns. – Army Defacement

Cybersecurity News | Daily Recap – hendryadrian.com