Threat Intel
Another week, another way for a local user to become root on Linux without ever touching the disk. DirtyClone — tracked as CVE-2026-43503, CVSS 8.8 — is the newest member of the DirtyFrag family, and JFrog Security Research published a working exploit walkthrough on June 25, the first public
Threat Intel
There is a fresh local privilege-escalation bug in the Linux kernel, and it has a nasty property: the attack leaves the file on disk completely untouched. Your integrity checks pass, your file hashes match, and a root shell is already open. Tracked as CVE-2026-46331 and nicknamed "
Threat Intel
curl 8.21.0 shipped on June 24, 2026 with patches for 18 vulnerabilities — the most CVEs ever fixed in a single curl release, bringing the project's lifetime total to 206. One of the flaws had been sitting in the code for over 25 years. For a tool
Threat Intel
The Exploit That Shouldn't Exist: Microsoft Defender's Race Condition A Windows zero-day dubbed RoguePlanet has been released publicly. It exploits a race condition in Microsoft Defender to escalate privileges from a standard user to SYSTEM level. The exploit was released by Nightmare Eclipse (also known
Threat Intel
Persistence: The Attacker's Real Goal A Linux server gets cleaned up after an intrusion. The suspicious process is terminated. Credentials are rotated. The system is rebooted. Everything seems secure. A few hours later, the same outbound connection appears again. That's persistence. The attacker no longer needs
Threat Intel
A Mail Server Vulnerability With No Workaround The Exim mail server project announced a critical use-after-free vulnerability in its GnuTLS backend. All versions from 4.97 through 4.99.2 are affected. The only fix is upgrading to 4.99.3. What makes this vulnerability particularly dangerous: triggering
Threat Intel
18 Vulnerabilities, One High-Severity: And AI Found Some OpenSSL released patches for 18 vulnerabilities in June 2026. That alone would be significant. But one detail stands out: several were discovered with AI assistance, including the highest-severity flaw. CVE-2026-45447 is a heap user-after-free bug in
Threat Intel
The Threat Changed: Your Workstation Is Your Supply Chain A developer's machine gets compromised. Credentials are stolen—SSH keys, cloud tokens, npm publishing credentials. The attacker uses those stolen tokens to push malicious code to dependencies. The developer's next package update reaches thousands of users, and
Threat Intel
Now Being Exploited: A Three-Year-Old Container Escape A Linux kernel vulnerability that's been public for three years is now being actively exploited in the wild to escape containers and gain root access. CISA added it to their Known Exploited Vulnerabilities (KEV) catalog on June 2, 2026,
Threat Intel
The Attack: Seconds, Not Hours A new denial-of-service technique discovered by Calif security researchers can knock major web servers offline in seconds from a home computer on a 100 Mbps connection. The attack, dubbed HTTP/2 Bomb, chains two old techniques together in a way that nobody had
Threat Intel
A 19-Year-Old Kernel Bug, Found by Machine Learning, Gives Root Asim Manizada found and disclosed a privilege escalation in the Linux kernel's CIFS (SMB file sharing) subsystem called CIFSwitch. The vulnerability chains four normal pieces of Linux infrastructure—keyrings, the cifs.upcall helper, user namespaces, and
Threat Intel
Critical: Any cPanel User Can Become Root LiteSpeed's cPanel plugin has a privilege escalation flaw that's actively being exploited right now. Any cPanel user on your server—including a compromised account—can run arbitrary scripts as root. CVSS 10.0. This isn't theoretical. What