Cloud VM Isolation Breaks at the Hypervisor; North Korean Actors Weaponize Maintainer Trust
CVE-2026-53359 (Januscape), a 16-year-old Linux KVM flaw enabling VM-to-host escape, landed patches July 4 while the North Korean PolinRider supply chain campaign hit 100+ legitimate packages through stolen maintainer credentials, graduating beyond typosquatting into a method that subverts the trust signals defenders rely on.
Security