New Fragnesia Linux flaw lets attackers gain root privileges
… Bowling said this flaw belongs to the Dirty Frag vulnerability class, which was disclosed last week, and affects all Linux kernels released before May 13, 2026. …
Search
New Linux 'Dirty Frag' zero-day gives root on all major distros
… Dirty Frag works by chaining two separate kernel flaws, the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability, to modify protected system files in memory without authorization and achieve privilege escalation. …
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
… Tag CVE ID CVE Title Severity .NET CVE-2026-35433 .NET Elevation of Privilege Vulnerability Important .NET CVE-2026-32177 .NET Elevation of Privilege Vulnerability Important .NET CVE-2026-32175 .NET Core Tampering Vulnerability Important AMD CPU Branch CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cach… …
Exploit available for new DirtyDecrypt Linux root escalation flaw
… However, V12's proof-of-concept exploit has only been tested against Fedora and the mainline Linux kernel. DirtyDecrypt belongs to the same vulnerability class as several other root-escalation flaws disclosed in recent weeks, including Dirty Frag , Fragnesia , and Copy Fail . …
Exploit released for new PinTheft Arch Linux root escalation flaw
… The vulnerability, named PinTheft by the V12 security team and still waiting to be assigned a CVE ID for easier tracking, exists in the Linux kernel's RDS Reliable Datagram Sockets and was patched earlier this month . …
Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks firewall zero-day exploited for nearly a month By Sergiu Gatlan May 7, 2026 06:57 AM Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. …
Windows BitLocker zero-day gives access to protected drives, PoC released
… Additionally, they said that "Microsoft silently patched the RedSun vulnerability" and criticized the company for the hushed activity and not assigning an identifier for the vulnerability, as was the case with BlueHammer. …