Hot on the Heels of Copy Fail, New Linux Bugs Grant Root Privileges

Additional Linux privilege escalation exploits related to long-existing bugs have been disclosed, so patch ASAP.
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And More Linux Vulnerabilities

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...
Infosecurity Magazine

Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes

A nine-year-old logic flaw in the Linux kernel's process trace (ptrace) path has been discovered that could let unprivileged ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
Cryptopolitan on MSN

Mini Shai-Hulud worm hijacks 323 npm packages under 30 minutes through a single stolen account

On May 19, the Mini Shai-Hulud worm compromised one npm maintainer account and pushed 639 malicious versions across 323 ...
Morning Overview on MSN

A new Linux privilege escalation flaw called Fragnesia gives attackers root access through a page cache corruption trick — patches are rolling out now

A pair of newly disclosed Linux kernel vulnerabilities, collectively dubbed Fragnesia, allow a local attacker to corrupt the ...

The 4th Linux kernel flaw this month can lead to stolen SSH host keys

The good news is there's already a patch. The bad news is that the fix isn't available for all Linux distributions yet.
The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

This Linux kernel vulnerability has defenders scrambling. Here's which systems are affected - and what you should do ASAP.
Rolling Stone

The Black Keys Dig Deep Into Their Record Collection and Find Plenty of Gold

The past couple of Black Keys records have seen the Akron, Ohio, arena-garage blues-rock duo stretch out of their comfort zone a little. Their 2024 Ohio Players brought on collaborators like Beck, Dan ...
GitHub

use-ssh-keys-to-authenticate.md

You can connect to your Git repos through SSH on macOS, Linux, or Windows to securely connect with Azure DevOps. > SSH URLs have changed, but old SSH URLs continue to work. If you've already set up ...