CISA's 48-hour KEV mandate hits Adobe ColdFusion, Joomla, and Langflow as a 15-year Linux kernel flaw called GhostLock drops with working exploit code. Accenture confirms 35GB stolen from Azure DevOps — source code, SSH keys, and cloud tokens all in play.
Audio is available on Spreaker — see link below.
CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog on July eighth, and federal agencies have until July tenth to patch them. That's a forty-eight-hour window.
The Joomla and JoomShaper entries are worth holding on. Both exploit arbitrary file upload weaknesses to plant PHP web shells in media directories.
Langflow's KEV entry covers a cross-tenant access flaw, classified as an insecure direct object reference. Between June twenty-second and June twenty-fifth, a single threat operator ran a sustained campaign chaining this flaw with a separate remote code execution vulnerability to harvest LLM provider keys and AWS credentials.
Separate from the KEV additions, a fifteen-year-old Linux kernel privilege-escalation flaw was publicly disclosed on July eighth with working exploit code already released. CVE-2026-43499, named GhostLock, affects every major Linux distribution shipping since two thousand eleven.
Accenture confirmed a breach involving thirty-five gigabytes of material stolen from a private Azure DevOps repository. The threat actor, known as 888, claims the haul includes source code, RSA keys, SSH keys, Azure tokens, and configuration files.
Two other developments complete the picture. AssuranceAmerica disclosed a breach exposing six-point-nine million driver's license numbers, traced to targeted employee credential theft in March.
The signal across all of today's stories is consistent. Credentials are the primary target.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.