Overview
Description
Statistics
- 4 Posts
- 1 Interaction
Fediverse
GhostLock (CVE-2026-43499): a use-after-free in the Linux kernel, shipped by default since 2011 and disclosed this week. Any logged-in user gets full root in about five seconds, and it escapes containers.
The story isn't that it exists, it's how reliable it is. Daniel Bechenea, security manager at Pentest-Tools.com:
"An exploit reported at 97% reliable, with public code anyone can run, changes that math."
Kernel privesc used to be the exploit you thought twice about firing. A near-deterministic one with public code removes the hesitation.
Patch to a fixed kernel now. Until it reaches every host, treat any code execution on an unpatched box as root and verify the kernel version per system. Don't assume the April fix propagated.
Full breakdown by Emma Woollacott at ITPro: https://www.itpro.com/software/linux/cyber-researchers-sound-alarm-over-a-15-year-old-linux-kernel-flaw-ghostlock-could-let-hackers-seize-unpatched-machines-in-just-five-seconds
#offensivesecurity #penetrationtesting #cybersecurity
A Linux kernel vulnerability went undetected across nearly all major Linux distributions for more than 15 years before being patched earlier this year.
Tracked as CVE-2026-43499 and dubbed GhostLock, the flaw allows an unprivileged local attacker to escalate privileges to root and escape containerized environments. Linux users are advised to install the latest kernel updates from their distribution.
A newly disclosed Linux kernel vulnerability, GhostLock (CVE-2026-43499), has existed in most Linux distributions since 2011. Researchers have published a working exploit with a reported 97% success rate, making prompt patching a priority for affected systems.
Story here: https://www.techfinitive.com/check-your-kernel-version-now-15-year-old-security-ghost-in-the-linux-machine/
Overview
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
📰 CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog
📢 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) & CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability
🌐 cyber[.]netsecops[.]io
Bluesky
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Bluesky
Overview
- WAGO
- 0765-110x/0100-0000
Description
Statistics
- 2 Posts
Fediverse
#OT #Advisory VDE-2026-031
WAGO: Early-Boot Diagnostic Exposure in WAGO System I/O Field Devices
Certain devices in the WAGO System I/O Field series enable an internal diagnostic capability during the initial stages of system startup. This behavior, which is not part of the publicly documented feature set, briefly allows access to system functions before the main operating environment becomes fully active. Under specific conditions, this could permit interactions with system components that are normally protected during regular operation.
#CVE CVE-2026-4769
https://certvde.com/en/advisories/vde-2026-031/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-031.json
CVE-2026-4769 exposes WAGO System I/O field devices. An early-boot flaw lets an unauthenticated attacker reach full system compromise.
#WAGO #CVE20264769 #ICS #OTSecurity #Firmware
Overview
- wpdatatables
- wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
Description
Statistics
- 2 Posts
Bluesky
Overview
- wpdevteam
- Essential Addons for Elementor – Popular Elementor Templates & Widgets
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
CVE-2026-15155 - Critical Email Header Injection in Essential Addons for Elementor. Allows authenticated account takeover. CVSS 8.8. No patch available. Disable login/register widget immediately. #CVE #WordPress #infosec
Overview
- Apache Software Foundation
- Apache Log4j API
- org.apache.logging.log4j:log4j-api
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
A new Apache Log4j flaw, CVE-2026-49844, makes log4j-api emit invalid JSON from non-finite numbers. Patch to 2.25.5 or 2.26.1 now.
#Log4j #CVE202649844 #ApacheLog4j #Vulnerability #CyberSecurity
Overview
- SecureAge
- CatchPulse
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
CVE-2026-15506: HIGH severity heap-based buffer overflow in SecureAge CatchPulse (v10.9.0 – 10.9.3, saappctl.sys). Exploitable by local attackers for code execution or DoS. No patch yet — restrict access & monitor updates. https://radar.offseq.com/threat/cve-2026-15506-heap-based-buffer-overflow-in-secur-a85caef566d01d76 #OffSeq #vuln #BlueTeam
Overview
- Microsoft
- Microsoft Edge (Chromium-based)
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
CVE-2026-58596 (HIGH, CVSS 8.3): Microsoft Edge (Chromium-based) suffers from untrusted pointer dereference, enabling remote privilege escalation. Patch ASAP: https://radar.offseq.com/threat/cve-2026-58596-cwe-822-untrusted-pointer-dereferen-74291c1991697a5a 🛡️ #OffSeq #MicrosoftEdge #Vuln #Infosec
Overview
- Hydro-Québec
- Le Circuit Electrique charging station backend
Description
Statistics
- 1 Post
Fediverse
A critical privilege escalation flaw (CVE-2026-20744) affects Hydro-Québec EV charging stations. Learn how this vulnerability impacts the backend.
#CVE202620744 #CyberSecurity #HydroQuebec #EVSecurity #Vulnerability