The Bad PlaceMay 1

Feed: All Latest | Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers by Dan Goodin, Ars Technica

AI generated summary, Read the full article for complete information.

A newly disclosed Linux kernel vulnerability, dubbed CopyFail (CVE‑2026‑31431), enables a local privilege‑escalation that lets an unprivileged attacker obtain root on virtually any Linux distribution with a single, unmodified script. Released by security firm Theori after a brief private disclosure, the flaw resides in the kernel’s crypto API where an AEAD template copy operation overwrites adjacent memory, allowing the attacker to elevate privileges, break out of containers, compromise multi‑tenant systems, and hijack CI/CD pipelines. Although patches were quickly issued for several kernel versions (7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254), many distributions had not yet applied them, leaving countless desktops, servers, and cloud environments exposed. Experts warn that the exploit’s reliability surpasses earlier high‑profile kernel bugs like Dirty Pipe and Dirty Cow, and they urge all Linux users to verify that their systems incorporate the relevant fixes or follow vendor mitigation guidance.

Read more: https://www.wired.com/story/dangerous-new-linux-exploit-gives-attackers-root-access-to-countless-computers/

#Theori #Ubuntu #Amazon #SUSE #Debian #RedHat #Fedora #ArchLinux #Kubernetes #Linux #copyfail #security #security_cyberattacksandhacks #security_securitynews

Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers

The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.

WIRED
PrivacyDigestMay 1

The most severe #Linux threat to surface in years catches the world flat-footed

Publicly released #exploit code for an effectively unpatched #vulnerability that gives #root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers & on personal devs

…code that #exploits it were released from #security firm #Theori , 5 weeks after privately disclosing it to Linux #kernel security team

https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/

The most severe Linux threat to surface in years catches the world flat-footed

CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more.

Ars Technica
Tim AllisonSep 5, 2025

Fun writeup by #Theori exploring traces in their cyber reasoning system for #aixcc

https://theori.io/blog/exploring-traces-63950

Inside the brain of a hacking robot: Exploring traces | AI Cyber Challenge - Theori BLOG

Agent trajectory walkthroughs of a fully autonomous hacking system | AI for Security, AIxCC

Trekker21Aug 25, 2025
#Stargate #StargateSG1 #ColonelONeill #Tealc #MajorCarter #DanielJackson #DrFrasier #GeneralHammond #BraTac #GoaUld #Thor #SG1 #SGC #GateRoom #CheyenneMountain #TheOri #ValaMalDoran #ColonelCameronMitchell #GeneralLandry #Geek #SyFy #StargateNerd #StargateMeme #Stargate #ScienceFiction #Humor
Trekker21Mar 26, 2025
#JadziaDax #Dax #Trill #USSDefiant #NX74205 #StarTrek #TheFederation #ParamountPlus #Geek #STDS9 #DS9 #StarTrekMeme #StargateMeme #TrekTalk #GeekTalk #TheGeekShallInheritTheEarth #Stargate #StargateSG1 #Tealc #SG1 #SGC #GateRoom #CheyenneMountain #TheOri
Trekker21Mar 17, 2024
#Stargate #StargateSG1 #ColonelONeill #Tealc #MajorCarter #DanielJackson #DrFrasier #GeneralHammond #BraTac #GoaUld #Thor #SG1 #SGC #GateRoom #CheyenneMountain #TheOri #ValaMalDoran #ColonelCameronMitchell #jasonmomoa #stargate #stargatesg#sg #stargateforever #stargatecommand #stargatefan #samanthacarter #jackoneill #richarddeananderson #danieljackson #amandatapping #stargatefamily #stargatelover #michaelshanks #stargatefandom #scifi #tealc #sga #wewantstargate #sciencefiction #christopherjudge