Canadian Cyber Security Journal
SOCIAL:
Filed under: News

Cybersecurity Daily Brief — Wednesday, July 8, 2026

Here are today’s top cybersecurity stories for Wednesday, July 8, 2026.

GhostLock CVE-2026-43499: 15-Year-Old Linux Kernel Flaw Gets Public Exploit
Nebula Security disclosed GhostLock, a use-after-free vulnerability in the Linux kernel’s rt_mutex priority inheritance code, triggered via the futex subsystem. The flaw has been present since Linux 2.6.39-rc1 (circa 2011) and allows any local user to gain root access with no special permissions required. A working exploit with 97% reliability is now public, and Nebula demonstrated container escape in testing. Ubuntu 20.04, 22.04, and 24.04 LTS remain vulnerable or under active patching as of early July.
The Hacker News

Accenture Confirms Breach After Hacker Claims 35 GB of Source Code Stolen
Threat actor “888” posted on PwnForums claiming to have exfiltrated 35 GB from Accenture, including source code, RSA keys, SSH keys, Azure personal access tokens, Azure Storage access keys, and configuration files from a private Azure DevOps repository. Accenture confirmed it is aware of the incident and has remediated the source, stating no impact to operations or service delivery. A screenshot of the private DevOps repository was provided as proof of exfiltration.
BleepingComputer

Ubiquiti Patches CVSS 10.0 Command Injection Flaw in UniFi Connect
Ubiquiti disclosed 25 security vulnerabilities across the UniFi ecosystem, the most severe being CVE-2026-50746 (CVSS 10.0), an improper access control flaw in UniFi Connect Application versions 3.4.16 and earlier. An unauthenticated network-adjacent attacker can execute arbitrary OS commands and take full control of the host. Censys tracks over 100,000 UniFi OS instances exposed online. Users should upgrade UniFi Connect to version 3.4.20 or later immediately.
BleepingComputer

CISA Adds Three Vulnerabilities to Known Exploited Vulnerabilities Catalog
CISA added three flaws to its KEV catalog on July 7: CVE-2026-48908, an unrestricted file upload in JoomShaper SP Page Builder; CVE-2026-55255, a Langflow authorization bypass allowing authenticated users to run other users’ flows; and CVE-2026-56290, an improper access control flaw in Joomlack Page Builder enabling unauthenticated remote code execution (CVSS 10.0). Federal agencies face a July 28 remediation deadline. CISA also reminded agencies of the July 10 deadline for the previously catalogued Adobe ColdFusion CVE-2026-48282.
CISA

Entra Passkey Vishing Campaign Targets Microsoft 365 Organisations
A threat actor tracked as O-UNC-066 (also called “Pink” by Palo Alto Unit 42) has been running a voice phishing campaign since April 2026, tricking employees into enrolling attacker-controlled Microsoft Entra passkeys. Callers impersonate IT security staff and direct victims to fake passkey enrollment pages with authentic-looking branding. The kit is operator-controlled in real time and adapts to whatever MFA method the victim uses. Okta attributes the activity to an extortion group that launched a data-leak site on May 31. Targeted sectors include food and beverage, technology, healthcare, automotive, and aviation.
BleepingComputer

China-Linked UAT-7810 Expands ORB Network With LONGLEASH Malware
Cisco Talos published new research on UAT-7810, a Chinese threat actor that maintains the LapDogs operational relay box network. The group developed LONGLEASH, an updated backdoor, alongside two new implants: DOGLEASH (C-based) and JARLEASH (Java-based). Attack chains exploit known vulnerabilities in Ruckus and ASUS AiCloud routers to add compromised devices to the ORB network. The infrastructure is then leased to secondary China-nexus actors including UAT-5918, which targets critical infrastructure in Taiwan.
The Hacker News | Cisco Talos

GitLost: GitHub AI Agent Tricked Into Leaking Private Repository Data
Noma Labs disclosed GitLost, a prompt injection technique that exploits GitHub Agentic Workflows to exfiltrate private repository contents. An attacker with no credentials or organizational access posts a public issue containing hidden instructions; if the organization’s agent has read access to private repositories, it follows the injected commands and posts private data publicly. GitHub Agentic Workflows is in public preview. Noma disclosed the technique to GitHub before publishing.
The Hacker News

Google Releases Chrome 151 With Patches for 382 Vulnerabilities
Google’s Chrome 151 update addresses 382 security flaws, including 15 rated critical. The critical vulnerabilities include use-after-free, out-of-bounds, and type confusion issues across components including Extensions, GPU abstraction, WebUSB, and Chromoting. Of the 382 flaws, 358 were discovered by Google. No active exploitation has been confirmed. Users on Windows, macOS, and Linux should update immediately.
SecurityWeek

North Korean PolinRider Campaign Compromises 162 Open Source Packages
A North Korea-linked supply chain campaign called PolinRider has been running since December 2025, injecting JavaScript loaders into legitimate repositories to deliver the DEV#POPPER remote access trojan and OmniStealer infostealer. Socket identified 162 malicious release artifacts across 108 unique packages on NPM, Packagist, Go modules, and Chrome extensions. The actor compromises maintainer accounts to push infected packages, linking the campaign to North Korea’s broader Contagious Interview and Deceptive Development operations.
SecurityWeek

U.S. Army Websites Defaced in Pro-Kurdish 404 Hijacking Attack
Two U.S. Army subdomain websites, oil.army.mil and ai2c.army.mil, were defaced through a 404 hijacking attack displaying pro-Kurdish messages and criticism of the current U.S. administration. The attack exploited legacy third-party hosting for the sites’ error-handling systems. An Army spokesperson confirmed the pages had no connection to enterprise networks and have been taken offline. Attribution beyond references to Kurdish separatist sentiment remains unclear.
CyberScoop

Stay tuned for today’s in-depth analysis posts.

Enjoy this article? Don’t forget to share.