FuzzingLabs reproduced the bug on RHEL 10 ahead of Pwn2Own Berlin 2026, building its own root exploit by a different route. The timeline is tight: the fix shipped February 5, FuzzingLabs published April 16, and Exodus’s detailed write-up landed June 8.
The technique is now documented across Debian, Ubuntu, and Red Hat. Because the bug is in the mainline, any distribution that shipped a vulnerable kernel with both features enabled is exposed, unless a distribution’s hardening or namespace restrictions block the path.
CVE-2026–23111 lands in the middle of a heavy run of Linux local-root disclosures. Recent weeks have brought Copy Fail, the Dirty Frag chain, its Fragnesia variant, DirtyDecrypt, and a nine-year-old ptrace flaw that reads /etc/shadow and runs commands as root.
New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub.
The malware has evolved and is now targeting customers of multiple banks and financial institutions across Europe in a phishing campaign aimed at stealing payment card data.
After tricking victims with a fake verification screen to place the cards near the mobile device’s near-field communication (NFC) chip, NFCShare reads the information using Android’s IsoDep interface and EMV commands.
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones).
This argument injection vulnerability has yet to be assigned a CVE ID, can only be exploited by authenticated attackers without admin privileges, and affects all Gogs releases up to and including 0.14.2 and 0.15.0+dev.
They can exploit this vulnerability to compromise the targeted server, read any repository (including private repos), steal credentials, move laterally to other systems on the network, and alter any hosted source code.
Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta’s AI-powered support system to reset passwords.
As BleepingComputer reported one week ago, the threat actors exploited a flaw in the company’s High Touch Support (HTS) tool, an AI-assisted support system that helps users regain access after being locked out of their Instagram accounts.
By exploiting the fact that HTS didn’t verify whether email addresses were associated with the targeted Instagram accounts, they obtained password reset links that allowed them to log in and hijack accounts without two-factor authentication (2FA) enabled.