Weekly Security Bulletin Highlights 16-Year-Old Linux Flaw, Ubiquiti Vulnerabilities, and Novel Data Exfiltration Techniques
This week's cybersecurity news features a 16-year-old Linux KVM escape vulnerability, numerous flaws in Ubiquiti's UniFi ecosystem, and innovative methods for data theft from air-gapped systems.

This week's cybersecurity bulletin underscores the persistent threat of long-undiscovered vulnerabilities, with a 16-year-old Linux KVM escape flaw and a 15-year-old kernel privilege escalation bug both coming to light after more than a decade.
The headline vulnerability, dubbed 'Januscape' and tracked as CVE-2026-53359, is a critical flaw within KVM's shadow MMU logic that remained hidden for nearly 16 years. This vulnerability allows a malicious guest virtual machine to corrupt host kernel memory, potentially leading to a full guest-to-host escape with root privileges. Researchers noted that it was actively exploited as a zero-day in Google's kvmCTF competition before its public disclosure, and it affects both Intel and AMD platforms.
Adding to the enterprise infrastructure concerns, Ubiquiti disclosed 25 vulnerabilities across its UniFi ecosystem in Security Advisory Bulletin 066. Among these, CVE-2026-50746 stands out as a critical command injection flaw in UniFi Connect, rated a perfect 10.0 and exploitable without authentication. Several other high-severity bugs, scoring 9.9, were identified across UniFi Talk, Access, and Protect, including SQL injection, SSRF, and access control issues.
Beyond traditional vulnerabilities, novel attack vectors are emerging. The TrojPix attack demonstrates a new method for data exfiltration from air-gapped systems. This electromagnetic covert-channel attack can steal data from compromised air-gapped computers from up to 208 meters away, even through walls, by exploiting pixel-level HDMI signal leakage. The technique achieves a peak throughput of 8.1 Mbps with high accuracy and is invisible to the human eye.
Microsoft Edge users are facing a Use-After-Free vulnerability (CVE-2026-57992) in its Chromium engine, which could lead to remote code execution. While no official patch is yet available, users are advised to restrict autofill functionality and monitor Microsoft's Security Response Center for updates. OpenSSH 10.4 has also been released, addressing several vulnerabilities including a malicious-server file redirection flaw in sftp and an scp path traversal issue, while also introducing experimental post-quantum cryptography support.
Further compounding the Linux security landscape, the 'GhostLock' vulnerability (CVE-2026-43499) is a privilege escalation flaw in the kernel's real-time mutex subsystem that has existed since 2011. Researchers demonstrated a highly reliable exploit that grants root access by hijacking kernel control flow. Similarly, an exploit chain named 'IonStack' was detailed, which chains a Firefox zero-day with a 15-year-old Linux kernel flaw to achieve remote code execution and root access on Android 17 with a single click, though it is not believed to have been seen in the wild.
Accenture is also reportedly facing claims of a significant data breach, with a threat actor named '888' alleging the theft of approximately 35 GB of source code, keys, and access tokens. While Accenture acknowledged an "isolated matter" that has been remediated, they have not confirmed the full scope of the alleged data loss. The bulletin also touches upon operationalizing threat intelligence, highlighting the gap between acquiring feeds and integrating them into SOC workflows, and proposes solutions for a more effective, bidirectional intelligence pipeline.