Tag: linux
-
DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root
DirtyClone: a Linux kernel privilege escalation that silently rewrites executables in memory, leaving no disk trace. Patch now. JFrog Security Research published a working exploit walkthrough on June 25 for CVE-2026-43503 (CVSS score of 8.8), a Linux kernel privilege escalation they call DirtyClone. It’s the fourth vulnerability in the DirtyFrag family, all sharing the same…
-
Critical Linux Kernel Flaw Allows Unprivileged Users to Gain Full Root Access
A newly disclosed flaw in the Linux kernel’s traffic-control subsystem, now assigned CVE-2026-46331 and referred to as >>Pedit COW,<< has been found to grant any unprivileged local user full root access on vulnerable systems. Within just 24 hours of the CVE being formally assigned on June 16, 2026, a working proof-of-concept exploit dubbed packet_edit_meme surfaced…
-
Linux Kernel DirtyClone Vulnerability Lets Local Attackers Gain Root Privileges
A critical Local Privilege Escalation flaw has been uncovered within the Linux kernel, allowing unprivileged local users to seamlessly gain root access by manipulating the system’s page cache. This vulnerability, designated as CVE-2026-43503, represents a severe gap in the XFRM/IPsec subsystem’s packet-processing path that bypasses earlier mitigations. By exploiting this flaw, attackers can execute a…
-
8 Best Linux Distros for Forensics Pentesting in 2026
Here are the best Linux distros in 2026 for ethical hacking, pentesting and digital forensics, from beginners through advanced. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/open-source-distros-for-pentesting-and-forensics/
-
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
A flaw in the Linux kernel’s traffic-control subsystem can let a local unprivileged user gain root on affected systems.CVE-2026-46331, nicknamed “pedit COW,” is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared within a day of the CVE assignment on June 16. Red Hat rates the…
-
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant.Tracked as CVE-2026-43503 (CVSS 8.8), it lets a local user corrupt file-backed memory through a cloned network packet and gain root. The patch…
-
Critical open-source projects get a new security framework
Open source software projects are getting a new framework for handling security vulnerabilities as AI shortens the time between flaw discovery and exploitation. The Linux … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/26/akrites-open-source-security-framework/
-
Usefree in Linux-Kernel nf_tables gibt Root-Zugrif – Öffentlicher Exploit für Linux-Kernel-Lücke CVE-2026-23111
First seen on security-insider.de Jump to article: www.security-insider.de/linux-kernel-cve-2026-23111-nftables-exploit-a-2dafbed1cd34e3936bee8fc541fc2f2f/
-
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware
AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin’s XLab threat detection system flagged a single IP address, 107.150.106.14, spreading a Linux binary through two vulnerabilities that were disclosed in 2013 and 2016 respectively. The binary had zero detections on…
-
The systemd 261 release brings a software TPM, new OS installer
Linux distributions that ship systemd as their init system now have a new version to track. The systemd 261 update adds a cloud metadata subsystem, carries process state … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/22/systemd-261-released/
-
A Critical Deadline Is Approaching for Windows and Linux Security
The cryptographic keys that secure your computer’s boot sequence will start to expire on June 24. Here’s what that means for you. First seen on wired.com Jump to article: www.wired.com/story/a-critical-deadline-is-approaching-for-windows-and-linux-security/
-
Breach Roundup: ShinyHunters Leaks 26M MSG Records
Tags: attack, breach, cisa, cybersecurity, data, data-breach, email, leak, linux, ransomware, russia, supply-chainAlso, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla Flaw. This week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims – and more compelling cybersecurity news. First seen…
-
Über 400 ArchPakete im AUR manipuliert
Hacker haben über 400 Community-Pakete im Arch User Repository manipuliert, um Passwörter zu stehlen und ein eBPF-Rootkit zu installieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-pakete-manipuliert
-
Über 400 ArchPakete im AUR manipuliert
Hacker haben über 400 Community-Pakete im Arch User Repository manipuliert, um Passwörter zu stehlen und ein eBPF-Rootkit zu installieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-pakete-manipuliert
-
Windows and Linux users: The deadline to update Secure Boot keys is near
What you need to know about the expiration of keys securing your machine’s boot sequence. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/windows-and-linux-users-the-deadline-to-update-secure-boot-keys-is-near/
-
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic
Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows builds internally labelled WIN_DRV and WIN_PLUS preserve the original SprySOCKS protocol and command set while adding Windows-native loading techniques and, in WIN_DRV’s case, a kernel-mode driver that substantially increases stealth and…
-
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic
Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows builds internally labelled WIN_DRV and WIN_PLUS preserve the original SprySOCKS protocol and command set while adding Windows-native loading techniques and, in WIN_DRV’s case, a kernel-mode driver that substantially increases stealth and…
-
China-Linked FishMonger Ports SprySOCKS to Windows With Kernel-Level Stealth and UEFI Bootkit Hints
China-linked FishMonger used two SprySOCKS Windows variants that leveraged kernel drivers and the Print Spooler to target governments in four countries. ESET researchers have found two previously undocumented Windows versions of SprySOCKS, a backdoor that the security community had until now treated as Linux-only. Trend Micro first documented the Linux variant in September 2023 and…
-
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/sprysocks-windows-variant-kernel-drivers
-
SprySOCKS Backdoor Expands From Linux to Windows
China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sprysocks-backdoor-windows/
-
(g+) Linux-Rechteausweitung: Wie ein normaler Linux-Nutzer zu Root wird
Tags: linuxIm Mai 2026 trafen drei universelle Linux-Rechtelücken zusammen, alle nach demselben alten Muster. Was zu tun ist. First seen on golem.de Jump to article: www.golem.de/news/linux-rechteausweitung-wie-ein-normaler-linux-nutzer-zu-root-wird-2606-209788.html
-
(g+) Linux-Rechteausweitung: Wie ein normaler Linux-Nutzer zu Root wird
Tags: linuxIm Mai 2026 trafen drei universelle Linux-Rechtelücken zusammen, alle nach demselben alten Muster. Was zu tun ist. First seen on golem.de Jump to article: www.golem.de/news/linux-rechteausweitung-wie-ein-normaler-linux-nutzer-zu-root-wird-2606-209788.html
-
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.”The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,” ESET said in a report shared with The Hacker News. “Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP, First…
-
Windows version of SprySOCKS Linux malware used to attack govt orgs
Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-version-of-sprysocks-linux-malware-used-to-attack-govt-orgs/
-
CVE-2022-0492 wird aktiv ausgenutzt – Vier Jahre alte Linux-Kernel-Lücke erlaubt Container-Ausbruch
First seen on security-insider.de Jump to article: www.security-insider.de/linux-kernel-cve-2022-0492-container-ausbruch-cgroups-a-dfa9ed0a068ebd2d08d9dccbb4b05916/
-
Zehn Jahre unentdeckt: Hacker manipulieren Linux-Login
Die Hackergruppe Velvet Ant hat über fast zehn Jahre hinweg Linux-Login-Systeme mit einer Hintertür versehen, um unbemerkt Netzwerke auszuspionieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/manipulierter-linux-login-zehn-jahre
-
China-nexus group hid in Linux login system for nearly a decade
First seen on scworld.com Jump to article: www.scworld.com/brief/china-nexus-group-hid-in-linux-login-system-for-nearly-a-decade
-
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide…
-
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide…
-
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself.Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary…