Tag: local privilege escalation
24 articles

Nightmare Eclipse Unveils Windows Zero-Day Exploit
A security researcher is sounding the alarm about a newly unveiled Windows zero-day exploit, dubbed LegacyHive, which targets the Windows User Profile Service and could allow for a full system compromise. The proof-of-concept exploit, published by a zero-day hunter known as NightmareEclipse, is just a glimpse of the potential damage this vulnerability could cause.

Linux Flaw Exposes Multi-Tenant Environments to Root Privilege Escalation
A newly discovered Linux flaw, dubbed DirtyClone, lets local users easily gain root privileges on popular systems like Debian, Ubuntu, and Fedora - putting shared environments at risk of a devastating breach. This vulnerability is especially alarming in setups with user namespaces enabled or privileged containers deployed.

Linux Kernel Flaw Enables Unprivileged Root Access
A shocking Linux kernel flaw, dubbed pedit COW, allows unprivileged users to gain root access on vulnerable hosts by cleverly corrupting an in-memory cached copy of a setuid binary. This stealthy exploit requires no disk changes, making it nearly undetectable.

Disgruntled Bug Hunter Exposes New Windows 0-Day Vulnerability
A disgruntled bug hunter, known as Nightmare Eclipse, has revealed a new zero-day vulnerability called RoguePlanet, which can give attackers SYSTEM-level control over fully patched Windows 10 and 11 systems. The exploit, fueled by a grudge against Microsoft, targets a weakness in Windows Defender.

Microsoft Fixes Zero-Days in June Patch Tuesday Update
Microsoft just dropped some critical patches in its June update, fixing three zero-day vulnerabilities that left Windows systems open to attacks - and one security researcher isn't happy about the delayed fix. The update squashes bugs that allowed hackers to escalate privileges or bypass disk encryption.

Cisco SD-WAN Manager Flaw Actively Exploited
Cisco is warning of a high-severity vulnerability in its Catalyst SD-WAN Manager that allows attackers to execute commands as root, and it's already being exploited by hackers. This flaw, rated 7.8 on the CVSS scale, could give attackers control over your system if they're able to upload a malicious file.

Microsoft Discloses Actively Exploited Defender Vulnerabilities
Microsoft warns of two critical vulnerabilities in its Defender software, one of which is being actively exploited by attackers to gain elevated privileges, and the other causing denial-of-service issues. These flaws, tracked as CVE-2026-41091 and CVE-2026-45498, highlight the need for urgent patching to prevent system compromise.

Linux Flaw Enables Root Command Execution on Major Distros
A newly discovered Linux flaw, tracked as CVE-2026-46333, allows hackers to easily gain root access on major distributions, putting countless systems at risk. This nine-year-old vulnerability, just recently exposed, is a wake-up call for Linux users everywhere.

Exploit Released for PinTheft Linux Flaw
A critical Linux flaw, dubbed PinTheft, has been exploited, allowing local attackers to gain root privileges on affected systems through a complex vulnerability in the Reliable Datagram Sockets (RDS) code. This security gap can be triggered by a specific interaction between RDS zerocopy and io_uring fixed buffers.

Windows Zero-Day Exploit MiniPlasma Exposes SYSTEM Vulnerability
A security researcher has uncovered a Windows zero-day exploit, dubbed MiniPlasma, that can grant SYSTEM privileges on fully patched systems, revealing a vulnerability that was originally reported to Microsoft in 2020 but left unpatched. The researcher released a proof-of-concept exploit on GitHub, highlighting the issue with the Cloud Filter driver.

Hackers Disrupt Microsoft Exchange, Windows 11 at Pwn2Own Contest
Security researchers just scored big at Pwn2Own Berlin 2026, raking in $385,750 for exploiting 15 zero-day vulnerabilities in top tech targets like Microsoft Exchange and Windows 11. The contest, running from May 14-16, offers up to $1 million in prizes for hacking the latest enterprise technologies.

Linux Flaw Exposes Local Users to Root Access
A newly discovered Linux flaw, dubbed Fragnesia, allows unprivileged local users to gain root access by exploiting a weakness in the kernel's handling of shared page fragments, putting all Linux kernels released before May 13, 2026, at risk. This vulnerability can be triggered through a simple sequence of operations, making it a serious threat to Linux users.

Linux Kernel Vulnerability Exposes Root Access Risk via Page Cache Corruption
A newly discovered Linux Kernel vulnerability, dubbed Fragnesia, allows unprivileged local attackers to corrupt the kernel page cache and gain root access, posing a significant risk to system security. This critical flaw, tracked as CVE-2026-46300, is the third local privilege escalation vulnerability found in Linux kernel in just two weeks.

Linux Vulnerability Exposes Widespread Risk of Local Privilege Escalation
A critical Linux vulnerability, dubbed copy.fail, poses a severe risk of local privilege escalation, allowing unprivileged processes to rapidly escalate to root access. This shocking flaw, considered one of the worst in years, can be exploited with alarming ease.

Linux Distributions Scramble to Patch Dirty Frag Kernel Vulnerabilities
A critical vulnerability known as Dirty Frag has been discovered in the Linux kernel, allowing attackers with local access to gain root privileges across major distributions. Linux distributions are now racing against the clock to patch this chained local privilege escalation flaw.

Linux 'Dirty Frag' Zero-Day Exposes Root Flaw in Major Distros
A newly discovered Linux zero-day, dubbed "Dirty Frag," allows hackers to instantly gain root access on major distributions by chaining two separate kernel vulnerabilities. This flaw enables attackers to alter protected system files in memory without authorization, putting countless systems at risk.

Linux Flaw Enables Root Access Across Major Distributions
A newly discovered Linux flaw, dubbed Dirty Frag, allows hackers to gain root access across major distributions by exploiting a chain of vulnerabilities in the kernel codebase. This unpatched local privilege escalation is a deterministic logic bug, making it a particularly potent threat.

Linux Flaw Exposes Millions to Local Privilege Escalation
A critical Linux flaw, known as Copy Fail, has been discovered, exposing millions to potential local privilege escalation attacks - a vulnerability that highlights a deterministic logic error in the Linux kernel's cryptographic subsystem. This flaw, tracked as CVE-2026-31431, was publicly disclosed on April 29, 2026.

Linux Vulnerability 'Copy Fail' Exposes High-Severity Risk
A newly discovered Linux vulnerability, dubbed "Copy Fail," poses a high-severity risk, allowing authenticated local users to gain root access and take total control of a system. This alarming flaw, tracked as CVE-2026-31431, has already moved from discovery to exploitation in the wild.

CISA Warns of Actively Exploited Linux Root Access Bug
A nine-year-old Linux kernel bug, known as Copy Fail, is being actively exploited in the wild, allowing unprivileged users to gain root access with a simple 732-byte Python-based exploit. The Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, warning of potential security risks.

Linux Flaw Exposes Root-Level Access Across Major Distros
A newly discovered Linux flaw, nicknamed "Copy Fail," allows unprivileged users to gain root-level access to major distributions, putting countless systems at risk. This vulnerability, which involves a temporary write of just four bytes during a crypto operation, can be exploited by attackers to take full control of an operating system.

Linux Flaw Enables Unprivileged Root Access on Major Distributions
A newly discovered Linux flaw, dubbed "Copy Fail," allows unprivileged users to gain root access on major distributions by exploiting a logic error in the kernel's cryptographic subsystem. This high-severity vulnerability, tracked as CVE-2026-31431, poses a significant threat to Linux systems, enabling attackers to write controlled bytes into the page cache of readable files and escalate privileges.

Linux Flaw Enables Fast Root Access via Cryptographic Code
A newly discovered Linux flaw, dubbed Copy Fail, allows unprivileged users to gain root access by writing controlled bytes into the page cache of readable files, enabling a swift and stealthy privilege escalation. This vulnerability, tracked as CVE-2026-31431, poses a significant threat to Linux systems, putting them at risk of exploitation.

Windows RPC Exposes New Local Privilege Escalation Technique
A newly discovered technique allows hackers to easily escalate their privileges to SYSTEM level on Windows systems, using a vulnerability in the Remote Procedure Call stack. This alarming exploit relies on clever manipulation of Security Quality of Service parameters and impersonation levels.