All posts tagged: attackers

Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers

Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers

Published by skeptic

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices. The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security firm Theori, five weeks after privately disclosing it to the Linux kernel security team. The team patched the vulnerability in versions 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254) but few of the Linux distributions had incorporated those fixes at the time the exploit was released. A Single Script to Hack Them All The critical flaw, tracked as CVE-2026-31431 and the name CopyFail, is a local privilege escalation, a vulnerability class that allows unprivileged users to elevate themselves to administrators. CopyFail is particularly severe because it can be exploited with a single piece of exploit code—released in Wednesday’s disclosure—that works across all vulnerable distributions with no modification. With that, an attacker can, among other things, hack multi-tenant systems, break …

Alleged Colorado attacker’s family released after nearly a year in detention : NPR

Alleged Colorado attacker’s family released after nearly a year in detention : NPR

Published by Sam Flores

The ICE South Texas Family Residential Center in Dilley, Texas, is seen, Aug. 23, 2019. Eric Gay/AP hide caption toggle caption Eric Gay/AP On Thursday evening, Hayam El Gamal and her five children were freed after 10 months at an ICE detention center in Texas. That morning, a Texas federal judge had ordered their release. He had also told the government not to deport them. ICE had been trying to expel them ever since El Gamal’s husband, in a high profile case in June 2025, was charged with attempted murder for allegedly throwing molotov cocktails at Colorado protesters who’d gathered in support of Israeli hostages in Gaza – an attack his family said it knew nothing about. Back home in Colorado on Saturday, two days after their release, El Gamal and her children reported to an ICE office for a required check-in. There, ICE detained them again, told them they were being deported to Egypt, and rushed them onto a plane, their lawyers said. “They were horrified,” one of their lawyers, Chris Godshall-Bennett, said. It …

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

Published by skeptic

During Operation Lunar Peek in November 2024, attackers gained unauthenticated remote admin access — and eventual root — across more than 13,000 exposed Palo Alto Networks management interfaces. Palo Alto Networks scored CVE-2024-0012 at 9.3 and CVE-2024-9474 at 6.9 under CVSS v4.0. NVD scored the same pair 9.8 and 7.2 under CVSS v3.1. Two scoring systems. Two different answers for the same vulnerabilities. The 6.9 fell below patch thresholds. Admin access appeared required. The 9.3 sat queued for maintenance. Segmentation would hold. “Adversaries circumvent [severity ratings] by chaining vulnerabilities together,” Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, told VentureBeat in an exclusive interview on April 22, 2026. On the triage logic that missed the chain: “They just had amnesia from 30 seconds before.” Both CVEs sit on the CISA Known Exploited Vulnerabilities catalog. Neither score flagged the kill chain. The triage logic that consumed those scores treated each CVE as an isolated event, and so did the SLA dashboards and the board reports those dashboards feed. CVSS did exactly what it was designed …

How attackers hit 700 organizations through CX platforms your SOC already approved

How attackers hit 700 organizations through CX platforms your SOC already approved

Published by skeptic

CX platforms process billions of unstructured interactions a year: Survey forms, review sites, social feeds, call center transcripts, all flowing into AI engines that trigger automated workflows touching payroll, CRM, and payment systems. No tool in a security operation center leader’s stack inspects what a CX platform’s AI engine is ingesting, and attackers figured this out. They poison the data feeding it, and the AI does the damage for them. The Salesloft/Drift breach in August 2025 proved exactly this. Attackers compromised Salesloft’s GitHub environment, stole Drift chatbot OAuth tokens, and accessed Salesforce environments across 700+ organizations, including Cloudflare, Palo Alto Networks, and Zscaler. It then scanned stolen data for AWS keys, Snowflake tokens, and plaintext passwords. And no malware was deployed. That gap is wider than most security leaders realize: 98% of organizations have a data loss prevention (DLP) program, but only 6% have dedicated resources, according to Proofpoint’s 2025 Voice of the CISO report, which surveyed 1,600 CISOs across 16 countries. And 81% of interactive intrusions now use legitimate access rather than malware, per …

Most ransomware playbooks don’t address machine credentials. Attackers know it.

Most ransomware playbooks don’t address machine credentials. Attackers know it.

Published by skeptic

The gap between ransomware threats and the defenses meant to stop them is getting worse, not better. Ivanti’s 2026 State of Cybersecurity Report found that the preparedness gap widened by an average of 10 points year over year across every threat category the firm tracks. Ransomware hit the widest spread: 63% of security professionals rate it a high or critical threat, but just 30% say they are “very prepared” to defend against it. That’s a 33-point gap, up from 29 points a year ago. CyberArk’s 2025 Identity Security Landscape puts numbers to the problem: 82 machine identities for every human in organizations worldwide. Forty-two percent of those machine identities have privileged or sensitive access. The most authoritative playbook framework has the same blind spot Gartner’s ransomware preparation guidance, the April 2024 research note “How to Prepare for Ransomware Attacks” that enterprise security teams reference when building incident response procedures, specifically calls out the need to reset “impacted user/host credentials” during containment. The accompanying Ransomware Playbook Toolkit walks teams through four phases: containment, analysis, remediation, and …

Nigeria church attackers demand ransoms as search intensifies for over 150 hostages

Nigeria church attackers demand ransoms as search intensifies for over 150 hostages

Published by Sam Flores

ABUJA, Nigeria (AP) — Gunmen who abducted more than 150 church worshippers in Nigeria’s conflict-hit northwest are demanding 17 motorcycles as ransom from families of hostages, residents told The Associated Press on Thursday. In one of the largest mass abductions targeting religious worship centers in the West African nation in recent months, the attackers on Sunday raided three different churches in Kaduna state’s Kajuru council area, seizing 177 people before 11 managed to escape. Nigerian security forces have deployed tactical teams in search of the kidnappers, believed to be among the rogue gangs who often carry out kidnappings for ransoms in remote communities with limited state and security presence. In interviews on Thursday, residents said the attackers contacted families demanding 17 motorcycles — estimated at around $1,000 each or $17,000 in total — to begin negotiations for their release. “They (abductors) said that they want 17 motorcycles (and) have not told us yet that they need money,” said Ishaku Dan’azumi, the village head of Kurmin Wali. The kidnappers requested the motorcycles to replace ones they …