Security researchers have discovered a new vulnerability in the Linux kernel which could allow malicious actors to run code with elevated privileges, exposing systems to risk of data theft, malware deployment, and even full device takeover.
The vulnerability is tracked as CVE-2026-46300, and was given a severity score of 7.8/10 (high). It’s nicknamed Fragnesia and is apparently in the same vulnerability class as Dirty Frag, another kernel bug that was disclosed recently.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Windows Cyber Attacks Confirmed – CISA Says Update By September 3
August 14, 2024
Microsoft has released the monthly round of Patch Tuesday security updates, with fixes for a total of 90 vulnerabilities across the Windows ecosystem. Of these, the Microsoft Security Response Center warns that five Windows vulnerabilities have confirmed and active cyber attacks against them already. So serious are these zero-day security issues that the U.S. Cybersecurity and ...
- ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
August 13, 2024
This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws ...
- 5G network flaws could be abused to let hackers spy on your phone
August 12, 2024
5G basebands could be exploited by attackers to allow them to send fake messages to your contacts, or even hand over your credentials using a very real-looking website, experts have warned. Unveiled at the Black Hat cybersecurity conference, a research group from Pennsylvania State University presented their vulnerability sniffing tool 5GBaseChecker. Read more… Source: MSN News Sign up for ...
- Indirect prompt injection in the real world: how people manipulate neural networks
August 12, 2024
Large language models (LLMs) – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. Systems built on instruction-executing LLMs may be vulnerable to prompt injection attacks. A prompt is a text description of a task that the system is to perform, for example: “You are a ...
- Windows Downdate: Downgrade Attacks Using Windows Updates
August 9, 2024
A version-rollback vulnerability has been discovered by a cybersecurity researcher that allows a fully patched Windows machine to be downgraded to older version, allowing the exploitation of previously patched zero-days and vulnerabilities. Alon Leviev unveiled his findings at Black Hat USA 2024 and DEF CON 32 (2024) as a tool named Windows Downdate. Leviev started their journey ...
- Keys to the Kingdom – Gaining access to the Physical Facility through Internal Access
August 9, 2024
This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions. This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover how vulnerable internal systems were to lateral movement by an attacker ...