GhostLock, Accenture Azure Breach & CISA's 48-Hour Patch Deadline
カートのアイテムが多すぎます
ご購入は五十タイトルがカートに入っている場合のみです。
カートに追加できませんでした。
しばらく経ってから再度お試しください。
ウィッシュリストに追加できませんでした。
しばらく経ってから再度お試しください。
ほしい物リストの削除に失敗しました。
しばらく経ってから再度お試しください。
ポッドキャストのフォローに失敗しました
ポッドキャストのフォロー解除に失敗しました
-
ナレーター:
-
著者:
(00:00:36) Joomla Web Shell Exploitation
(00:01:20) Langflow IDOR Credential Harvesting
(00:02:18) GhostLock Linux Kernel Flaw
(00:03:06) Accenture Breach Supply Chain Risk
(00:03:33) AssuranceAmerica and Apple Patch Velocity
(00:04:10) Closing Watchpoints
A 48-hour federal patch deadline, a 15-year-old Linux kernel flaw with public exploit code, and a confirmed breach at one of the world's largest consultancies — today's briefing covers the most consequential cybersecurity developments of July 8, 2026.
CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, giving federal civilian agencies until July 10 to remediate flaws in Adobe ColdFusion, Joomla's Page Builder, JoomShaper's SP Page Builder, and the AI workflow platform Langflow. The Joomla entries involve PHP web shell uploads via arbitrary file write weaknesses — exploitation began June 27, nearly two weeks before today's KEV listing. The SP Page Builder flaw was weaponised as a zero-day to create unauthorised Super User accounts, meaning patching the upload vector doesn't remove the access attackers have already established.
Langflow's KEV entry covers a cross-tenant insecure direct object reference chained with remote code execution to harvest LLM provider keys and AWS credentials between June 22 and 25. This is the seventh documented Langflow vulnerability in 18 months.
Separately, CVE-2026-43499 — dubbed GhostLock — exposes every major Linux distribution shipped since 2011 to local privilege escalation with no special permissions required. Working exploit code is public. Patch distribution across Ubuntu LTS versions remains incomplete.
Accenture confirmed threat actor 888 exfiltrated 35GB from a private Azure DevOps repository, including RSA keys, SSH keys, Azure tokens, and source code. Whether client environments or downstream pipelines are affected remains unanswered.
Also covered: AssuranceAmerica's 6.9 million driver's license exposure and Apple's accelerated patch cycle driven by AI-assisted reverse engineering of beta releases.
This episode includes AI-generated content.
adbl_web_anon_alc_button_suppression_t1
まだレビューはありません