Collecting Cyber-News from over 60 sources

Tag: linux

Pardus Linux Vulnerability Chain Enables Complete System Takeover

May 21, 2026 10:00 AM

Tags: access, authentication, cve, data-breach, flaw, linux, vulnerability

A critical local privilege escalation vulnerability chain tracked as CVE-20265140 has exposed serious security weaknesses in Pardus Linux. Researchers revealed that the flaws allow any unprivileged local user to gain full root access without authentication, potentially leading to complete system compromise within seconds. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-5140-pardus-linux-root-access-flaw/
PoC Released for PinTheft Linux Flaw Enabling Root Privilege Escalation

May 21, 2026 8:00 AM

Tags: cyber, exploit, flaw, linux

A public proof-of-concept (PoC) exploit called “PinTheft” has been released for a newly disclosed Linux kernel flaw that allows local attackers to escalate privileges to root on certain systems. PinTheft is a Linux local privilege escalation (LPE) exploit that targets a reference-counting bug in the Reliable Datagram Sockets (RDS) zerocopy send path and turns it…
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

May 21, 2026 12:00 AM

Tags: exploit, flaw, linux, risk, update, vulnerability

PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…
Exploit released for new PinTheft Arch Linux root escalation flaw

May 20, 2026 2:01 PM

Tags: exploit, flaw, linux, vulnerability

PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/linux/exploit-released-for-new-pintheft-arch-linux-root-escalation-flaw/
Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access

May 20, 2026 12:00 PM

Tags: access, cyber, flaw, linux, update, vulnerability

A critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users to gain full root access without authentication. The issue, rated CVSS 9.3 (Critical), affects the pardus-update package and stems from a combination of three distinct flaws that, when chained together, enable complete system compromise within seconds. Pardus Linux…
DirtyDecrypt: PoC Released for yet another Linux flaw

May 20, 2026 11:00 AM

Tags: flaw, linux, vulnerability

DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, this time with a working proof-of-concept already out in the open. The flaw was discovered and…
PoC Exploit Released for DirtyDecrypt Linux Kernel Vulnerability

May 20, 2026 9:00 AM

Tags: cyber, exploit, linux, vulnerability

PoC exploit code for the DirtyDecrypt (DirtyCBC) Linux kernel vulnerability has been released publicly, turning a previously theoretical local privilege escalation into a practical, copy”‘paste exploit path to root on specific Linux distributions. DirtyDecrypt (also called DirtyCBC) is a local privilege escalation (LPE) in the Linux kernel’s RxGK security layer for the RxRPC transport used by…
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

May 19, 2026 6:00 PM

Tags: cve, exploit, flaw, linux, vulnerability

Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE).Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it…
Canonical ships Ubuntu Core 26 with 15 years of security maintenance

May 19, 2026 4:00 PM

Tags: ai, linux

Operators of industrial sensors, edge AI controllers, and connected medical equipment now have a refreshed long-term Linux option for fleets that must stay patched for more … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/19/ubuntu-core-26-released/
Gentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi Systems

May 19, 2026 1:00 PM

Tags: cyber, cybercrime, linux, ransomware, threat, vmware, windows

The Gentlemen ransomware operation has rapidly emerged as one of the most active and scalable cybercrime threats since its public appearance in the second half of 2025. The Gentlemen stands out for its ability to target a wide range of enterprise systems, including Windows, Linux, NAS, BSD, and VMware ESXi environments. This lineage suggests the…
‘Dirty Frag” – Exploit ermöglicht Root-Zugriff auf gängigen Linux-Distributionen

May 19, 2026 8:00 AM

Tags: access, exploit, linux

First seen on security-insider.de Jump to article: www.security-insider.de/dirty-frag-linux-kernel-root-privilegienerweiterung-a-1b9036c48d50dcb440bccd0da0c70687/
Linux-Distribution – Debian 13.5 ‘Trixie” erschienen, Fokus auf Sicherheitsupdates

May 18, 2026 11:00 PM

Tags: linux

Debian GNU/Linux 13.5 steht zum Download bereit. Die Entwickler haben fast 150 Fehler behoben und rund 100 Sicherheitslücken geschlossen. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/linux-distribution-debian-13-5-trixie-erschienen-fokus-auf-sicherheitsupdates.97404
Pwn2Own Berlin: Windows, Linux, Edge und jede Menge KI-Tools gehackt

May 18, 2026 5:00 PM

Tags: ai, linux, tool, windows

Bei der Pwn2Own in Berlin sind vor allem Betriebssysteme und KI-Tools attackiert worden. Die Teilnehmer gewannen fast 1,3 Millionen US-Dollar. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-berlin-hacker-hacken-windows-linux-edge-und-jede-menge-ki-tools-2605-208767.html
Pwn2Own Berlin: Hacker hacken Windows, Linux, Edge und jede Menge KI-Tools

May 18, 2026 3:00 PM

Tags: ai, hacker, linux, tool, windows

Bei der Pwn2Own in Berlin sind vor allem Betriebssysteme und KI-Tools attackiert worden. Die Teilnehmer gewannen fast 1,3 Millionen US-Dollar. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-berlin-hacker-hacken-windows-linux-edge-und-jede-menge-ki-tools-2605-208767.html
Nahezu unverwaltbar: Linus Torvalds warnt vor KI-Chaos bei Linux

May 18, 2026 10:00 AM

Tags: ai, linux

Linux-Entwickler werden wohl derzeit regelrecht von KI-generierten Bug-Reports erschlagen. Chefentwickler Linus Torvalds schlägt Alarm. First seen on golem.de Jump to article: www.golem.de/news/nahezu-unverwaltbar-linus-torvalds-warnt-vor-ki-chaos-bei-linux-2605-208750.html
Exploit available for new DirtyDecrypt Linux root escalation flaw

May 18, 2026 10:00 AM

Tags: access, exploit, flaw, linux, vulnerability

A recently patched local privilege escalation vulnerability in the Linux kernel’s rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-available-for-new-dirtydecrypt-linux-root-escalation-flaw/
Exploit available for new DirtyDecrypt Linux root escalation flaw

May 18, 2026 10:00 AM

Tags: access, exploit, flaw, linux, vulnerability

A recently patched local privilege escalation vulnerability in the Linux kernel’s rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-available-for-new-dirtydecrypt-linux-root-escalation-flaw/
Linux Torvalds Warns AI Bug Report Spam Is Disrupting Linux Security Discussions

May 18, 2026 10:00 AM

Tags: ai, cyber, linux, spam

Linux kernel creator Linus Torvald has warned that a flood of low”‘value, AI”‘generated bug reports is overwhelming the private Linux security mailing list and actively disrupting real security work. The new kernel documentation for Linux 7.1 now explicitly tells AI users to treat such findings as public bugs and to contribute thorough analysis and patches…
JDownloader Website Hack Exposes Windows and Linux Users to Malicious Installers

May 16, 2026 1:00 PM

Tags: access, cyber, linux, malicious, malware, open-source, threat, unauthorized, windows

A popular open-source download manager trusted by millions suddenly became a malware delivery platform after attackers compromised its official website, replacing legitimate installers with trojanized versions targeting both Windows and Linux users. The incident, confirmed by JDownloader developers, occurred between May 6 and May 7, 2026, when threat actors gained unauthorized access to the project’s web…
Linux “ssh-keysign-pwn” Flaw Exposing Critical Authentication Files

May 16, 2026 11:00 AM

Tags: access, authentication, cyber, flaw, linux, password, unauthorized, vulnerability

A newly disclosed Linux kernel vulnerability, dubbed >>ssh-keysign-pwn<< by Qualys researchers, exposes millions of Linux systems to unauthorized access to sensitive SSH private keys and hashed passwords stored in /etc/shadow. Tracked as CVE-2026-46333 and GHSA-pm8f-4p6p-6×53, the flaw has existed undetected for approximately six years and was published to the National Vulnerability Database on May 15, 2026. Linux "ssh-keysign-pwn" Flaw At the…
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

May 16, 2026 1:00 AM

Tags: linux, microsoft, vulnerability, windows, zero-day

Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnerabilities affecting products such as Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux…
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

May 15, 2026 9:00 PM

Tags: exploit, linux, microsoft, vulnerability, windows, zero-day

During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
OrBit Rootkit Targets Linux to Steal SSH and Sudo Credentials

May 15, 2026 2:00 PM

Tags: credentials, cyber, hacker, linux, threat

Hackers are continuing to abuse a stealthy Linux rootkit known as OrBit to harvest SSH and sudo credentials, with new research showing the threat has quietly evolved over four years while remaining active in the wild. First analyzed in 2022, OrBit was initially believed to be a custom-built Linux userland rootkit. It operates by hijacking…
Fragnesia Linux Kernel Flaw Enables Root Privilege Escalation

May 15, 2026 1:00 PM

Tags: cve, flaw, linux, vulnerability

Security researchers have disclosed a newly identified local privilege escalation vulnerability in the Linux Kernel, dubbed “Fragnesia,” which belongs to the broader Dirty Frag family of flaws. The issue, officially tracked as CVE-2026-46300, affects the Linux Kernel’s XFRM ESP-in-TCP subsystem and allows unprivileged local attackers to escalate privileges to root by corrupting page-cache memory. First seen on…
Rocky Linux launches opt-in security repository for urgent fixes

May 15, 2026 1:00 PM

Tags: exploit, linux

Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/rocky-linux-launches-security-repository/
Fragnesia: Schon wieder gefährliche Root-Lücke im Linux-Kernel

May 15, 2026 1:00 PM

Tags: linux

Dirty Frag und Copy Fail beschäftigen bereits unzählige Linux-Admins. Die nächste Root-Lücke ist bereits identifiziert – und die Patches sind spät dran. First seen on golem.de Jump to article: www.golem.de/news/fragnesia-schon-wieder-gefaehrliche-root-luecke-im-linux-kernel-2605-208702.html
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

May 15, 2026 10:00 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, vulnerability, windows

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest…
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

May 15, 2026 10:00 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, vulnerability, windows

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest…
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

May 15, 2026 10:00 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, vulnerability, windows

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest…
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

May 15, 2026 10:00 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, vulnerability, windows

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest…