> because of the #Linux kernel’s defense in depth measures Mythos was unable to successfully exploit any of these.

https://red.anthropic.com/2026/mythos-preview/

🥂

> Where Mythos Preview did succeed was in writing several local privilege escalation exploits.

:(

> We have nearly a dozen examples of Mythos Preview successfully chaining together two, three, and sometimes four vulnerabilities in order to construct a functional exploit on the Linux kernel.

:(

Keep an eye on this query
https://lore.kernel.org/all/?q=Reported-by%3A+Nicholas+Carlini+%3Cnpc%40anthropic.com%3E

A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets

Excellent article by Quang Le about exploiting CVE-2025-38617 — a race condition that leads to a use-after-free in the packet sockets implementation.

The implemented exploit was used to pwn the kernelCTF mitigation-v4-6.6 instance. The exploit bypasses CONFIG_RANDOM_KMALLOC_CACHES and CONFIG_SLAB_VIRTUAL.

Article: https://blog.calif.io/p/a-race-within-a-race-exploiting-cve
Exploit: https://github.com/google/security-research/pull/339

I find stack overflow security bugs fascinating; and on Linux, compilers still don't protect against stack overflows by default when stack frames are bigger than stack guard pages.

So I went looking around in Android, and thanks to how Android's RPC mechanism allows recursive synchronous callbacks in some cases, I managed to find a way to jump a thread guard page in system_server from shell context and (with very low success rate) get instruction pointer control:
https://project-zero.issues.chromium.org/issues/465827985

RomHack Training registration is officially open.

Join us in Rome from September 28 to October 1 for six intensive technical tracks led by industry experts:

- "1337 Offensive Hardware Hacking Training" with Luca Bongiorni
- "Advanced .NET Exploitation Training" with Sina Kheirkhah
- "Burp Suite Pro, 100% hands-on" with Nicolas Grégoire
- "Corelan Heap" with Peter Van Eeckhoutte @corelan @corelanc0d3r
- "Exploiting the Linux Kernel" with Andrey Konovalov @xairy
- "Offensive Mobile Reversing and Exploitation" with Dinesh Shetty and Prateek Gianchandani | 8kSec

Early-bird pricing (-10%) is now available.
Please note that all training participants will also receive a free attendance ticket for RomHack Camp taking place October 2-4.

Full details and registration:
https://romhack.training

#RomHack2026 #RomHackTraining

Pwndbg 2026.02.18 is out! Enhance your GDB or LLDB experience!

We visualize branches in nearpc, synchronize your decompiler (IDA/Binja/Ghidra) via decomp2dbg, annotate stack variabless from debug info or decompiler, support new Linux kernel debugging commands - for tracing SLUB allocs/frees or dumping tasks information.

See what's changed in: https://github.com/pwndbg/pwndbg/releases/tag/2026.02.18

Want Pwndbg to keep moving fast, or, having us give a talk about it? Sponsor us: https://github.com/sponsors/pwndbg/

#gdb #lldb #pwndbg #pwn #ctf #reverseengineering