New Fragnesia kernel flaw lets unprivileged local users escalate to root on Linux systems
Tag: root
Exploits, Global Security News, Risk Management
9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems
The Dirty Frag vulnerability affects Linux systems and allows root access escalation, while public PoC exploit code increases attack risks.
AI, Exploits, Global Security News
Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild
Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain full root access on most major Linux distributions, including Ubuntu, RHEL, Fedora,…
AI, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Microsoft Defender Flags DigiCert Certificates as Malware
A recent Microsoft Defender update incorrectly flagged legitimate DigiCert root certificates as malware, triggering widespread alerts. In some cases, it also removed trusted certificates from Windows systems, causing disruption. “Earlier today we determined false positive alerts were mistakenly triggered and updated the alert logic,” Microsoft said, as reported by BleepingComputer. Inside the DigiCert False Positive…
Global Security News
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. […]
AI, Exploits, Global Security News
Critical cPanel Vulnerability Lets Attackers Bypass Login, Gain Root Access
A critical cPanel vulnerability lets attackers bypass login and gain root access, with active exploitation reported before patches were released.
AI, Global Security News
9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access
Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algif_aead to stay secure.
AI, Exploits, Global Security News, Risk Management
12-year-old Pack2TheRoot bug lets Linux users gain root privileges
‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users install or remove system packages without authorization, potentially gaining full root access. The vulnerability is rated high severity, CVSS score of 8.8, and has existed for nearly 12…
Data Breaches, Global Security News
Vercel Employee’s AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, “are the new attack surface, the new lateral movement,” a researcher noted.
Cybersecurity, Global Security News
European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE
Exploits, Global Security News
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
AI, Exploits, Global Security News, Risk Management
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit
Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control…
AI, Global Security News
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks
AI, Apps, Exploits, Global Security News, malware, Network Security
Cisco fixes maximum-severity Secure FMC bugs threatening firewall security
Cisco patched two critical Secure FMC vulnerabilities that could let attackers gain root access to managed firewalls. Cisco addressed two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) that could allow attackers to gain root access. Cisco Secure Firewall Management Center (FMC) is a centralized management platform for Cisco firewalls. It lets administrators configure,…
AI, APAC, Cloud Security, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management, Russia
Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape
Major Threats & Vulnerabilities Zero-Day Exploits and Critical CVEs Cisco SD-WAN Zero-Day Grants Root Access has been actively exploited since 2023, allowing attackers to bypass authentication and gain root privileges. Cisco urges administrators to patch immediately, secure management planes, and monitor for rogue peers. ServiceNow AI Platform Vulnerability could allow unauthenticated remote code execution through…
AI, Europe, Exploits, Global Security News, Network Security
Project Compass is Europol’s new playbook for taking on The Com
A global law enforcement effort has taken root to combat The Com, a sprawling nihilistic network of thousands of minors and young adults engaged in various forms of cybercrime, including physical violence and extortion. Project Compass, an operation coordinated by Europol with support from 28 countries, including all members of the Five Eyes, has resulted…
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Endpoint, Global Security News, Network Security, Security
Continuous Improvement at Black Hat Europe: Listen to Your Analysts! (They Know What They Need)
When security analysts lack endpoint context, identifying the root cause of a network connection is difficult. Discover how a simple automation workflow enriched XDR incidents with DNS data in minutes.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Endpoint, Global Security News, Network Security, Security
Continuous Improvement at Black Hat Europe: Listen to Your Analysts! (They Know What They Need)
When security analysts lack endpoint context, identifying the root cause of a network connection is difficult. Discover how a simple automation workflow enriched XDR incidents with DNS data in minutes.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Endpoint, Global Security News, Network Security, Security
Continuous Improvement at Black Hat Europe: Listen to Your Analysts! (They Know What They Need)
When security analysts lack endpoint context, identifying the root cause of a network connection is difficult. Discover how a simple automation workflow enriched XDR incidents with DNS data in minutes.
Black Hat, Cisco Breach Protection, Cisco Secure Access, Cisco Security Cloud, Endpoint, Global Security News, Network Security, Security
Continuous Improvement at Black Hat Europe: Listen to Your Analysts! (They Know What They Need)
When security analysts lack endpoint context, identifying the root cause of a network connection is difficult. Discover how a simple automation workflow enriched XDR incidents with DNS data in minutes.
AI, Global Security News, Risk Management
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for…
AI, Chrome, Compliance, Global Security News, Network Security, Risk Management
Sustaining Digital Certificate Security – Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025. The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that…
AI, Compliance, Exploits, Global Security News, Network Security, Risk Management
New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen…