Linux

CVE-2026-43284 and CVE-2026-43500 chain together for deterministic root access. PoC exploit is public, patches still rolling out. Here's how to detect and mitigate.

CVE-2026-46300 exploits a logic bug in the XFRM ESP-in-TCP subsystem to corrupt page cache and gain root. Kernel patches rolling out now—mitigation available.

A new Linux kernel flaw dubbed Dirty Frag (CVE-2026-43284) enables instant root on all major distros. No patches exist after embargo collapsed.

CVE-2026-31431 lets attackers gain root on every major Linux distro since 2017 with a 732-byte Python script. Here's how it works and what to do.

CVE-2026-41651 lets any local user gain root privileges on Ubuntu, Debian, and Fedora via a TOCTOU race in PackageKit. Patch to version 1.3.5 immediately.

AI-discovered vulnerabilities bypass all security policies including 'secure' mode. Most servers won't receive fixes until 2027 without manual intervention.

Qualys discloses nine confused deputy vulnerabilities in Linux AppArmor that enable local privilege escalation to root. Ubuntu, Debian, and SUSE affected since 2017.

Cisco Talos links previously unknown threat actor UAT-9921 to VoidLink malware campaigns targeting technology and financial services since September 2025.

New Linux botnet SSHStalker infected 7,000 cloud servers using brute-force SSH attacks and 2009-era kernel exploits. Uses IRC for command-and-control while apparently staging for future operations.

Check Point researchers expose a sophisticated cloud-native malware framework designed from the ground up to target AWS, Azure, GCP, and containerized environments.