Dirty Frag: CVE-2026-43284 and CVE-2026-43500 Grant Root Access Across All Major Linux Distros
Dirty Frag chains two Linux kernel bugs (CVE-2026-43284, CVE-2026-43500) to achieve root LPE on Ubuntu, RHEL, Fedora and more. A public PoC is
News
News
ClaudeBleed: Flaw in Anthropic’s Claude Chrome Extension Lets Any Plugin Hijack Your AI
ClaudeBleed, a CVSS 10.0 flaw in the Claude Chrome extension, lets any zero-permission extension hijack Anthropic's AI to steal emails, files, and GitHub
News
28 Fake Call History Apps Defrauded Users After 7.3 Million Google Play Downloads
Researchers found 28 fraudulent Android apps on Google Play with 7.3 million downloads that claimed to reveal call histories but charged users for
News
PCPJack Cloud Worm Evicts Competitor Malware, Steals Credentials from Docker and Kubernetes
PCPJack is a new self-propagating cloud worm that removes TeamPCP infections, then harvests credentials from Docker, Kubernetes, Redis, MongoDB, and other exposed services.
News
Inside Department 4: How Bauman University’s Secret GRU Program Feeds Russia’s Elite Hacking Units
An international investigation reveals Department 4 at Bauman Moscow State Technical University trains 10–15 students per year for GRU units including Fancy Bear
News
TCLBANKER Banking Trojan Spreads via WhatsApp and Outlook Worm Modules
Elastic Security Labs exposes TCLBANKER, a Brazilian banking trojan targeting 59 financial platforms via DLL sideloading and self-spreading WhatsApp and Outlook worms.
News
ShinyHunters Hits Instructure Canvas Again: 9,000 Schools Face May 12 Data Leak Deadline
ShinyHunters defaced Canvas login pages on May 7, 2026, claiming a second Instructure breach with a May 12 ransom deadline. 275M student records
News
Metasploit Adds ARMLE Support to CVE-2026-31431 Copy Fail Linux Root Exploit
Rapid7's May 8 Metasploit update extends CVE-2026-31431 Copy Fail coverage to ARMLE Linux targets and improves Apache Shiro deserialization chain selection.
News
Salt Typhoon Compromises 200+ Networks in Global PRC Telecom Espionage Campaign
CISA AA25-239A: PRC-linked Salt Typhoon exploits CVE-2023-20198 and unpatched routers to compromise 200+ organizations in 80+ countries. Patch now.
News
CISA/USCG Threat Hunt Finds Flat IT/OT Networks and Plain-Text Credentials at US Critical Infrastructure
CISA advisory AA25-212A: proactive threat hunt at US critical infrastructure finds plain-text credentials, flat IT/OT networks, and shared admin accounts.