Collaborate Disseminate
After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and a …read more Continue reading This Week in Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, and Backdoored Tools
Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local privileges escalations are never good, …read more Continue reading This Week in Security: State Malware, State Hardware Bans, and Stuxnet before Stuxnet was Cool
The author of the BlueHammer exploit, which was released earlier this month and addressed in the last Patch Tuesday, continues to be annoyed with the responses from the Microsoft security …read more Continue reading This Week in Security: Annoyed Researchers, Dangling DNS, and Hacks that Could Have Been Worse
CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In …read more Continue reading This Week in Security: Docker Auth, Windows Tools, and a Very Full Patch Tuesday
Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs. …read more Continue reading This Week in Security: Flatpak Fixes, Android Malware, and SCADA was IOT Before IOT was Cool
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios …read more Continue reading This Week in Security: The Supply Chain Has Problems
Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in …read more Continue reading This Week in Security: Second Verse, Worse Than the First
The ides of security March are upon us — Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and …read more Continue reading This Week in Security: Linux Flaws, Python Ownage, and a Botnet Shutdown
When Friday the Thirteenth and Patch Tuesday happen on the same week, we’re surely in for a good time. Anyone who maintains any sort of Microsoft ecosystem knows by now …read more Continue reading This Week in Security: Plenty of Patches, Replacing Old Gear, and Phrack Calls for Papers
Editor’s Note: Over the course of nearly 300 posts, Jonathan Bennett set a very high bar for this column, so we knew it needed to be placed in the hands …read more Continue reading This Week In Security: Getting Back Up to Speed