Tag: linux
-
Microsoft Warns: MistralAI PyPI Package Compromised with Malware
Mistral’s official Python client on PyPI has been pulled into the ongoing wave of AI supply”‘chain attacks, with Microsoft warning that version 2.4.6 of the mistralai package was backdoored to silently deploy a credential”‘stealing payload on Linux systems. The logic is designed to execute automatically whenever the package is imported, meaning developers simply using the library in…
-
Local privilege escalation bis zu Root-Rechten – ‘Copy Fail”-Sicherheitslücke im Linux-Kernel wird in Angriffen ausgenutzt
First seen on security-insider.de Jump to article: www.security-insider.de/linux-kernel-luecke-cve-2026-31431-root-eskalation-a-7c39801062b8b452a3ad5ad00d6c517d/
-
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
Tags: access, attack, business, control, cve, cybersecurity, exploit, flaw, group, incident response, infosec, linux, LLM, mitigation, risk, service, strategy, switch, technology, tool, update, vulnerability, zero-day), a logic bug which lets users easily obtain root access, and Dirty Frag, which abuses weaknesses in how the Linux kernel handles fragmented memory pages. The Dirty Frag attack combines two separate vulnerabilities affecting the Linux IPsec Encapsulating Security Payload (ESP) subsystem (CVE-2026-43284) and the RxRPC networking protocol (CVE-2026-43500). The proposal has set off a furious…
-
Linux bitten by second severe vulnerability in as many weeks
Production-version patches are coming online and should be installed pronto. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/linux-bitten-by-second-severe-vulnerability-in-as-many-weeks/
-
‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/dirty-frag-exploit-blow-up-enterprise-linux-distros
-
Official JDownloader site served malware to Windows and Linux users between May 6 and May 7
JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 67, 2026. JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files between May 6 and May 7, 2026. JDownloader is a free, open-source download management application designed…
-
Security Affairs newsletter Round 576 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence Braintrust security incident…
-
Linux developers weigh emergency >>killswitch<< for vulnerable kernel functions
Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (>>Killswitch<<) that would allow administrators to disable vulnerable … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/11/linux-kernel-emergency-killswitch/
-
Rustinel: Open-source endpoint detection for Windows and Linux
Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/11/rustinel-open-source-endpoint-detection-windows-linux/
-
âš¡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago, the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like…
-
Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities
Two new high-severity vulnerabilities, dubbed ‘Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributions First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dirty-frag-linux-kernel/
-
New ‘Dirty Frag’ exploit targets Linux kernel for root access
Tags: access, attack, control, cve, exploit, linux, malicious, microsoft, mitigation, monitoring, switch, tool, vulnerabilityAttackers are already exploiting Dirty Frag: Microsoft warned that Dirty Frag is already being actively exploited in the wild, primarily as a post-compromise privilege escalation tool. The company said attackers are using the vulnerability after obtaining an initial foothold on vulnerable Linux systems, allowing them to elevate privileges from a low-level user account to full…
-
Dirty Frag: Linux kernel hit by second major security flaw in two weeks
The issue was found in the same area of the Linux kernel that produced last month’s Copy Fail bug, and also allows anyone with a basic account on an affected computer to seize full administrative control. First seen on therecord.media Jump to article: therecord.media/dirty-frag-linux-kernel-hit-by-second-major-bug
-
9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems
The Dirty Frag vulnerability affects Linux systems and allows root access escalation, while public PoC exploit code increases attack risks. First seen on hackread.com Jump to article: hackread.com/9-year-old-dirty-frag-vulnerability-root-access-linux/
-
PoC Exploit Released for Dirty Frag Linux Kernel Vulnerability
A proof-of-concept exploit for a new Linux kernel vulnerability class dubbed >>Dirty Frag<<. This universal local privilege escalation vulnerability allows attackers to obtain root access across most major Linux distributions reliably. Because a third party unexpectedly broke the responsible disclosure embargo, the exploit is now public without official patches or an assigned Common Vulnerabilities and…
-
CISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk
CISA warns that the nine-year-old Linux Copy Fail flaw is being actively exploited, allowing local attackers to gain root access on affected systems. The post CISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-linux-kernel-vulnerability-root-access-cisa-warning/
-
Google Chrome 148 Released With Fixes for 127 Security Flaws
Google has officially rolled out Chrome version 148 to the stable channel, delivering a massive security overhaul that addresses 127 vulnerabilities across Windows, Mac, and Linux. The update, now available as version 148.0.7778.96 for Linux and 148.0.7778.96 or 148.0.7778.97 for Windows and Mac, patches several critical memory management flaws that could allow attackers to execute…
-
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems.”While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky First…
-
Starfighter 16: Linux-Laptop mit Opal-Verschlüsselung und abnehmbarer Webcam
Seit vielen Jahren arbeitet Starlabs am auf Datenschutz und Privatsphäre ausgelegten Starfighter 16. Jetzt kann der Laptop bestellt werden. First seen on golem.de Jump to article: www.golem.de/news/starfighter-16-linux-laptop-mit-opal-verschluesselung-und-abnehmbarer-webcam-2605-208392.html
-
New malware turns Linux systems into P2P attack networks
Persistence through rootkits and PAM backdoors: The researchers also wrote of QLNX’s use of rootkits and Linux Pluggable Authentication Modules (PAM) to establish long term persistence. According to Trend Micro, the malware leverages rootkit functionality to conceal malicious activity, processes, and components from administrative tools and security monitoring systems.The malware was also observed tampering with…
-
QLNX Targets Developers in Supply Chain Credential Theft Campaign
QLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown how a single compromised maintainer account can be used to push backdoored releases to millions…
-
New stealthy Quasar Linux malware targets software developers
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers’ systems with a mix of rootkit, backdoor, and credential-stealing capabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/
-
Attackers are cashing in on fresh ‘CopyFail’ Linux flaw
Researchers dropped a reliable root exploit and it didn’t sit idle for long First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/cisa_sounds_the_alarm_on/
-
Copy Fail und die KI: Forscher patzen bei Offenlegung von Linux-Lücke
Copy Fail ist eine der gefährlichsten Linux-Lücken der vergangenen Jahre. Die Offenlegung verlief aber alles andere als vorbildlich – unter anderem wegen KI. First seen on golem.de Jump to article: www.golem.de/news/copy-fail-und-die-ki-forscher-patzen-bei-offenlegung-von-linux-luecke-2605-208331.html
-
Linux-Kernel: <> erlaubt Root-Zugriff
Eine Sicherheitslücke im Linux-Kernel hebelt die Rechteverwaltung auf Millionen von Servern aus. Betroffen sind alle großen Distributionen seit 2017. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-system-root-rechte
-
US government warns of severe CopyFail bug affecting major versions of Linux
U.S. cybersecurity agency CISA says the CopyFail bug is being actively used in hacking campaigns, and poses a major risk to servers and data centers that rely on Linux. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/04/u-s-government-warns-of-severe-copyfail-bug-affecting-major-versions-of-linux/
-
Moving to mainframe can be cheaper than sticking with VMware: Gartner
Serious Linux VMs will enjoy big iron if you can learn to love lock-in risks and skills challenges First seen on theregister.com Jump to article: www.theregister.com/2026/05/04/gartner_state_of_mainframes/
-
‘Copy Fail’ is a real Linux security crisis wrapped in AI slop
The actively exploited defect could affect every mainstream Linux distribution built since 2017, but some researchers found Theori’s AI-generated disclosure unhelpful and lacking. First seen on cyberscoop.com Jump to article: cyberscoop.com/copy-fail-linux-vulnerability-artificial-intelligence/
-
U.S. government warns of severe CopyFail bug affecting major versions of Linux
U.S. cybersecurity agency CISA says the CopyFail bug is being actively used in hacking campaigns, and poses a major risk to servers and datacenters that rely on Linux. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/04/u-s-government-warns-of-severe-copyfail-bug-affecting-major-versions-of-linux/
-
âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches.While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and…