Seite wählen

08.07.2026

16-year-old KVM flaw allows attackers to escape VMs and take over Linux servers

CSO Online 07.07.2026 21:53
A critical vulnerability in the Kernel-based Virtual Machine (KVM) module of the Linux kernel allows attackers with root access in a guest VM to execute arbitrary code on the host system. This violates the most important security boundary that cloud providers and enterprises rely on to isolate sensitive processes on servers.
The vulnerability, tracked as CVE-2026-53359, stems from a use-after-free memory bug in the shadow MMU emulation of KVM on x86 CPU architecture. According to Hyunwoo Kim, the researcher who discovered it, the flaw has been present in the Linux kernel code for the past 16 years and is the first KVM guest-to-host escape vulnerability that works on both Intel and AMD CPUs.

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

The Hacker News 07.07.2026 16:37
A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project.

From there, they could read live conversations, steal the data users shared, and make the bots send attacker-written messages, including requests to re-enter a password.

Security firm Varonis found it

Sicherheitsalbtraum Wechselrichter: Hoymiles lässt Nachbarschaften verstummen

Heise Security 07.07.2026 15:30
Schwere Funkschwachstellen bei Hunderttausenden PV-Anlagen erlauben laut Forschern das Abschalten im Vorbeifahren und sogar die physische Zerstörung der Geräte.

OpenSSH stärkt SSH gegen heutige und künftige Angriffe

Heise Security 07.07.2026 12:29
OpenSSH 10.4 behebt mehrere Sicherheitslücken in SSH, SCP und SFTP. Zudem gibt es Protokollverschärfungen und experimentelle Post-Quantum-Signaturen.

Zimbra Collaboration Suite: Kritische Lücke macht Classic Web Client angreifbar

Heise Security 07.07.2026 12:06
Admins aufgepasst: Ein Update der Zimbra Collaboration Suite kann Mail-basierte Angriffe auf den Classic Web Client abschmettern.

Samsung-Sicherheitsupdate: Juli-Patches für Galaxy-Geräte

Heise Security 07.07.2026 10:22
Samsung hat sein Security-Bulletin für Juli 2026 veröffentlicht und verteilt wichtige Sicherheitspatches vor allem für die Topmodelle der Galaxy-Reihe.

Linux-Kernel: 16 Jahre alte KVM-Lücke ermöglicht VM-Ausbruch

Golem 07.07.2026 09:07
Eine seit 2010 bestehende Lücke im KVM-Code des Linux-Kernels gefährdet unter anderem Cloudsysteme. Angreifer können damit VM-Hosts kapern. (Sicherheitslücke, Virtualisierung)

Hackers Exploit Maximum Severity Adobe ColdFusion Flaw

Infosecurity Magazine 07.07.2026 08:20
Threat actors are exploiting an Adobe ColdFusion vulnerability which has a CVSS score of 10.0

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

The Hacker News 07.07.2026 06:40
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday.

"An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

The Hacker News 07.07.2026 05:16
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices.

The vulnerabilities are listed below –

CVE-2026-40138 (CVSS score: 9.2) – A pre-authentication vulnerability exists in the