{"id":287996,"date":"2026-07-10T10:04:00","date_gmt":"2026-07-10T14:04:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/10\/wdid-hackaday\/"},"modified":"2026-07-10T11:25:08","modified_gmt":"2026-07-10T15:25:08","slug":"wdid-hackaday","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/10\/wdid-hackaday\/","title":{"rendered":"Wdid | Hackaday"},"content":{"rendered":"<p><a href=\"https:\/\/hackaday.com\/tag\/wdid\/\">Wdid | Hackaday<\/a><\/p>\n<p><a href=\"https:\/\/hackaday.com\/tag\/wdid\/\">https:\/\/hackaday.com\/tag\/wdid\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-10 10:04:00<\/a><\/p>\n<p>Source Domain: <a href=\"hackaday.com\">hackaday.com<\/a><\/p>\n<p>The Januscape vulnerability allows a user in a guest VM managed by the Linux Kernel Virtual Machine (KVM) to corrupt memory in the host system and break out of isolation.<\/p>\n<p>KVM virtualization is used by major hosting platforms like Amazon AWS, Google GCP, Digital Ocean, and many more. All of the shared hosting platforms count on virtualization to isolate untrusted guest systems from the physical hardware and each other; being able to corrupt memory for all guests or break isolation presents a major threat.<\/p>\n<p>The bug report says the error has been present for 16 years, which is nearly the entire lifetime of the KVM subsystem in Linux. Fixes are available in mainline, and major hosting providers who count on KVM are likely already updating.<\/p>\n<h2>Vulnerabilities In Balcony Solar<\/h2>\n<p>Micro solar, or \u201cbalcony solar\u201d, installs have been gaining traction in Europe as a way to offset rising electrical costs by connecting solar and battery systems to a house or apartment power system.<\/p>\n<p>Vulnerabilities have been found in the popular Hoymiles micro-inverter, which uses a proprietary RF radio protocol to manage the devices. Unfortunately, it looks like this protocol has no encryption or authentication beyond validating the serial number, and the serial number is also available over a wireless probe command.<\/p>\n<p>Armed with a Nordic nRF radio researchers were able to discover nearby inverters in the wild and collect the serial numbers, though of course they stopped short of issuing commands to random users.<\/p>\n<p>The wireless management control allows controlling the device power and output levels, as well as setting a lockout PIN, which the researchers suspect could be used to disable devices and lock the legitimate owners out completely.<\/p>\n<p>There are an estimated 500,000 units in use, and currently the only known mitigation is to unplug the device entirely and disconnect the solar panels, though the team suggests that setting an anti-theft PIN may also help \u2013 or at least prevent an&#8230;<\/p>\n<p><a href=\"https:\/\/hackaday.com\/tag\/wdid\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wdid | Hackaday https:\/\/hackaday.com\/tag\/wdid\/ Publish Date: 2026-07-10 10:04:00 Source Domain: hackaday.com The Januscape vulnerability allows&#8230;<\/p>\n","protected":false},"author":1,"featured_media":287997,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s0.wp.com\/_si\/?t=eyJpbWciOiJodHRwczpcL1wvaGFja2FkYXkuY29tXC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIwXC8wN1wvaGFja2FkYXktbG9nby13aXRoLXRleHQtb3BlbmdyYXBoLWRlZmF1bHQtaW1hZ2UuanBnIiwidHh0IjoiSGFja2FkYXkiLCJ0ZW1wbGF0ZSI6ImhpZ2h3YXkiLCJmb250IjoiIiwiYmxvZ19pZCI6MTU2NjcwMTc3fQ.kVPxWrsIQyGdD1cPoxYvzP1mD56qtpkNpW1nAFiZiIgMQ","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[71,27],"class_list":["post-287996","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287996"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=287996"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287996\/revisions"}],"predecessor-version":[{"id":287998,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287996\/revisions\/287998"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/287997"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=287996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=287996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=287996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}