Local Privilege Escalation
New Linux ‘Dirty Frag’ zero-day gives root on all major distros
A new Linux zero-day exploit, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. Security researcher Hyunwoo Kim, who disclosed it earlier today and published a proof-of-concept (PoC) exploit, says this local privilege escalation was introduced roughly nine years ago in the Linux kernel’s algif_aead cryptographic algorithm interface. Dirty […]
New Linux ‘Copy Fail’ flaw gives hackers root on major distros
An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. The vulnerability is tracked as CVE-2026-31431 and was discovered by the offensive security company Theori, using its AI-driven pentesting platform Xint Code after scaning the […]
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. Since the start of the month, a security researcher known as “Chaotic Eclipse” or “Nightmare-Eclipse” has published proof-of-concept exploit code for all three security issues in protest to how Microsoft’s Security Response Center (MSRC) handled […]
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. Dubbed BlueHammer, the vulnerability was published by a security researcher discontent with how Microsoft’s Security Response Center (MSRC) handled the disclosure process. Since, the security issue has no official patch and there […]
CISA: High-severity Linux flaw now exploited by ransomware gangs
CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks. While the vulnerability (tracked as CVE-2024-1086) was disclosed on January 31, 2024, as a use-after-free weakness in the netfilter: nf_tables kernel component and was fixed via a commit submitted in January 2024, it was first introduced […]
Chinese hackers exploiting VMware zero-day since October 2024
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024. While the American technology giant didn’t tag this security bug (CVE-2025-41244) as exploited in the wild, it thanked NVISO threat researcher Maxime Thiebaut for reporting the bug in May. However, […]
New Linux udisks flaw lets attackers get root on major Linux distros
Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of […]
ASUS Armoury Crate bug lets attackers get Windows admin privileges
A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. The security issue is tracked as CVE-2025-3464 and received a severity score of 8.8 out of 10. It could be exploited to bypass authorization and affects the AsIO3.sys of the Armoury Crate system management software. Armoury […]
Microsoft patches Windows Kernel zero-day exploited since 2023
Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. Fixed in Windows security updates released during this month’s Patch Tuesday, the security flaw is now tracked as CVE-2025-24983 and was reported to Microsoft by ESET researcher Filip Jurčacko. The vulnerability is […]
Google fixes Android kernel zero-day exploited in attacks
The January 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild. This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation security flaw in the Android Kernel’s USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks. The issue occurs because the driver […]