Pierluigi Paganini
May 20, 2026
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects […]
Pierluigi Paganini
May 20, 2026
DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, this time with a working proof-of-concept already out in the open. The flaw was discovered and […]
Pierluigi Paganini
May 14, 2026
Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access […]
Pierluigi Paganini
May 09, 2026
Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels […]
Pierluigi Paganini
May 08, 2026
Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain full root access on most major Linux distributions, including Ubuntu, RHEL, Fedora, […]
Pierluigi Paganini
May 04, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Recently, Xint Code researchers warned of a serious Linux […]
Pierluigi Paganini
April 30, 2026
Linux flaw CVE‑2026‑31431, ‘Copy Fail,’ lets any local user write four bytes into page cache files, enabling easy escalation to root on major distros. Xint Code researchers warn of a serious Linux flaw, tracked as CVE-2026-31431 (CVSS score of 7.8), dubbed Copy Fail. It lets any local, unprivileged user write four controlled bytes into the […]
Pierluigi Paganini
April 24, 2026
‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users install or remove system packages without authorization, potentially gaining full root access. The vulnerability is rated high severity, CVSS score of 8.8, and has existed for nearly 12 […]
Pierluigi Paganini
April 23, 2026
A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is linked to the Harvester cyberespionage group, which is […]
Pierluigi Paganini
March 16, 2026
Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have existed since 2017 and could allow unprivileged users to bypass protections, escalate privileges to root, […]
