news
Security Leftovers
-
Security Week ☛ Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability
Organizations are urged to patch after proof-of-concept code makes the Linux root escalation flaw easier to exploit.
-
Security Week ☛ North Korean Hackers Target Open Source Developers in Supply Chain Attacks
The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer to developers.
-
Scoop News Group ☛ Finding vulnerabilities was never the hard part
AI is surfacing vulnerabilities at a scale the industry has never seen, and most organizations have no way to determine which ones actually matter.
-
Security Week ☛ Armored Likho APT Targeting Government, Electric Power Entities
The threat actor uses modular RATs and information stealers in financially motivated and cyber espionage campaigns.
-
Security Week ☛ Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks
Securonix says the sophisticated framework abuses compromised websites, Blogspot, PowerShell, and fileless techniques to evade detection and deploy the PureLog information stealer.
-
Federal News Network ☛ Federal government organizations must double down efforts to combat ‘living off the land’ attacks
LotL attacks represent a new frontier in cybersecurity, where adversaries use trusted system tools to carry out malicious activities.
-
Security Week ☛ Prompt Injection Attacks Trick Hey Hi (AI) Agents Into Making Crypto Payments
Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous Hey Hi (AI) agents browsing the web.
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (container-tools:rhel8, grafana, grafana-pcp, kernel, ruby:2.5, and ruby:3.3), Debian (bird3, chromium, kernel, linux-6.1, mediawiki, nginx, openvpn, php-phpseclib, php8.2, php8.4, and sympa), Fedora (7zip, buildah, chromium, clamav, freerdp, leptonica, mariadb10.11, mariadb11.8, nextcloud, nsd, openqa, openvpn, os-autoinst, pdns, pdns-recursor, perl-Crypt-ScryptKDF, podman, python-jupyter-server, and python-streamlink), Mageia (mariadb and yt-dlp), Slackware (libevent, libseccomp, mozilla, mutt, and php82), SUSE (apache2, containerd, dnsmasq, docker, dracut, firewalld-legacy, gimp, glibc, golang-github-docker-libnetwork, google-guest-agent, gstreamer-plugins-bad, helm, kernel, kernel-devel, keybase-client, kitty, krb5, libarchive, libnfs, libslirp, nilfs-utils, openCryptoki, openQA, openssl-3, pacemaker, pcr-oracle, perl-DBI, perl-List-SomeUtils-XS, podman, python-pip, python-pydata-sphinx-theme, python-tornado6, python3-lxml, python311-mistune, python313-joserfc, rmt-server, sg3_utils, systemd, tracker-miners, and xdg-dbus-proxy), and Ubuntu (cifs-utils, linux-nvidia, linux-nvidia-6.17, linux-raspi-realtime, and ncurses).
-
Hacker News ☛ New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments.
-
Linux Kernel Flaw Enables Root Access On Servers and Android Devices
A newly disclosed Linux kernel vulnerability is drawing widespread attention after researchers demonstrated that it can reliably elevate an unprivileged user to full root privileges on affected Linux systems and Android devices. Tracked as CVE-2026-46242 and nicknamed "Bad Epoll," the flaw affects one of Linux's most fundamental kernel subsystems, making it particularly difficult to mitigate without installing security updates.
-
Security Affairs ☛ Bad Epoll Flaw Gives Attackers Root Access on Linux and Android
Bad Epoll (CVE-2026-46242) lets local attackers gain root on Linux and Android. The flaw was missed by AI but found by a security researcher.
A newly disclosed Linux kernel vulnerability, named Bad Epoll (CVE-2026-46242), allows a local attacker with no special privileges to gain full root access on affected Linux systems and Android devices. Security updates are already available, and users are urged to install them as soon as possible.
The flaw affects the Linux kernel’s epoll subsystem, a core feature used by servers, browsers, and countless applications to efficiently manage multiple network connections and file events. Because epoll is fundamental to Linux, there is no practical workaround other than patching vulnerable systems.
-
Debian Linux Kernel Multiple Vulnerabilities
Multiple vulnerabilities were identified in Debian Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system.