Security researchers have discovered a new vulnerability in the Linux kernel which could allow malicious actors to run code with elevated privileges, exposing systems to risk of data theft, malware deployment, and even full device takeover.
The vulnerability is tracked as CVE-2026-46300, and was given a severity score of 7.8/10 (high). It’s nicknamed Fragnesia and is apparently in the same vulnerability class as Dirty Frag, another kernel bug that was disclosed recently.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical CyberPanel Vulnerability (CVE-2024-51378): How to Stay Protected
November 7, 2024
The SonicWall Capture Labs threat research team became aware of CVE-2024-51378, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-51378 is a critical vulnerability with a CVSS score of 9.8 in CyberPanel versions 2.3.6 and 2.3.7 that allows unauthenticated remote code execution (RCE). Threat actors, including the PSAUX ransomware group, have been reported exploiting ...
- Cisco Releases Security Advisories for Multiple Products
November 7, 2024
Cisco has released 15 security advisories addressing multiple vulnerabilities, including one critical and two high severity vulnerabilities affecting various products. The critical vulnerability affects Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point, a software that uses wireless backhaul technology to connect appliances. The vulnerability enables command injection, which could allow an attacker to ...
- Update your Android: Google patches two zero-day vulnerabilities
November 6, 2024
Google has announced patches for several high severity vulnerabilities. In total, 51 vulnerabilities have been patched in November’s updates, two of which are under limited, active exploitation by cybercriminals. If your Android phone shows patch level 2024-11-05 or later then the issues discussed below have been fixed. The updates have been made available for Android 12, ...
- CVE-2024-9379: Ivanti Cloud Service Appliance Authenticated SQL Injection
November 1, 2024
The SonicWall Capture Labs threat research team became aware of an authenticated SQL injection vulnerability affecting Ivanti Cloud Service Appliances (CSA). Identified as CVE-2024-9379 and with a moderate score of 6.5 CVSSv3, the vulnerability is more severe than it initially appears due to reported exploitation attempts. Recently, in its October security update, Ivanti announced, “We are ...
- Patch now! New Chrome update for two critical vulnerabilities
October 30, 2024
Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never ...
- Exploring CVE-2024-38227 vulnerability in Microsoft SharePoint
October 25, 2024
On September 10, Microsoft released another batch of updates addressing 79 vulnerabilities in its products. Among the patches that caught our attention were those for Microsoft SharePoint, an extensive content management system (CMS). Four out of the five SharePoint vulnerabilities covered by the September release allowed remote code execution (RCE) and one of them posed ...