Pretty much as expected, Ubuntu running snapd as root was always going to turn out well :-|

https://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888/78627

My friends, time to bring your Ubuntu system up to date:

sudo apt update && sudo apt upgrade && systemctl reboot

Quite the Ubuntu 24.04 vulnerability, via snap packages. Surprise surprise.

https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt

#ubuntu #linux #CVE20263888

Critical Ubuntu flaw (CVE-2026-3888) enables local root escalation via Snap.

Delayed exploit (10–30 days) makes detection harder.

Patch snapd immediately.
https://www.technadu.com/critical-cve-2026-3888-vulnerability-exposes-ubuntu-to-root-escalation/623670/

#Cybersecurity #Linux #Ubuntu

🛑 ALERT - A new flaw in #Ubuntu 24.04+ lets attackers gain full root access from low privileges.

By timing system cleanup, they replace a snap directory and execute code as root—no user action required.

🔗 Exploit steps and patched versions → https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html

Global tensions heighten as the US-Iran conflict escalates, impacting oil markets via the Strait of Hormuz (March 18). Technology sees continued rapid AI advancement, with OpenAI's GPT-5.4 and Anthropic's Claude Sonnet 4.6 released (March 17). In cybersecurity, the EU sanctioned private cyber offensive groups (March 17), and a critical Ubuntu privilege escalation flaw (CVE-2026-3888) was discovered (March 18). AI-driven threats also increasingly impact M&A security.

#Geopolitics #Cybersecurity #AINews

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html

CVE-2026-3888 : quand le nettoyage système d’Ubuntu offre un accès root https://www.it-connect.fr/cve-2026-3888-quand-le-nettoyage-systeme-dubuntu-offre-un-acces-root/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux

Alerte pour les bubuntuistes:
https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html

CVE-2026-3888 en #Ubuntu: escalada a root aprovechando snap-confine y la limpieza de systemd-tmpfiles

https://unaaldia.hispasec.com/2026/03/cve-2026-3888-en-ubuntu-escalada-a-root-aprovechando-snap-confine-y-la-limpieza-de-systemd-tmpfiles.html?utm_source=rss&amp

RT @TheHackersNews
⚠️ WARNING - An unpatched critical telnetd bug (CVE-2026-32746) lets attackers gain full system access with no credentials.

One connection to port 23 is enough to trigger memory corruption and execute code as root.

No patch yet. Prior telnet flaw is already exploited in the wild.

🔗Read → https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html

#telnet: Yet Another Critical Unauthenticated Root RCE #vulnerability CVE-2026-32746 discovered in legacy inetUtils Telnet - no user interaction and no special network position required.
Telnet is still in use in old switches, routers, ICS/IoT, cameras:
👇
https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html

CVE-2026-32746 : les serveurs Linux menacés par une nouvelle faille Telnet https://www.it-connect.fr/cve-2026-32746-les-serveurs-linux-menaces-par-une-nouvelle-faille-telnet/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux

The Interlock ransomware group is actively exploiting a Cisco Firewall 0-day vulnerability (CVE-2026-20131) to deploy their ransomware, a flaw that allows unauthenticated remote attackers to execute arbitrary Java code. This exploitation began before the vulnerability's public disclosure, enabling the group to compromise organizations unaware of the threat.
https://cybersecuritynews.com/cisco-firewall-0-day-ransomware/

Cybersecurity: Interlock ransomware is exploiting a critical Cisco FMC zero-day (CVE-2026-20131, CVSS 10.0) for root access, active since January 2026. CISA added a Microsoft SharePoint vulnerability (CVE-2026-20963) to its Known Exploited Vulnerabilities Catalog. Geopolitical: Tensions in the Gulf region are escalating, with Iran reportedly targeting energy sites, leading to a sharp spike in oil prices. These events underscore the urgent need for enhanced digital resilience and geopolitical stability.

#Cybersecurity #Geopolitics #AnonNews_irc

The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. https://thehackernews.com/2026/03/apple-fixes-webkit-vulnerability.html

Apple has introduced a new update system called Background Security Improvements for delivering faster, lightweight security patches across its platforms.

The first update using this mechanism addressed CVE-2026-20643, a WebKit cross-origin vulnerability that could be exploited through malicious web content.

Apparently just affects the 26’s ?support.apple.com/en-us/126604 / CVE-2026-20643

Earlier today the JRuby team was informed of a low-severity vulnerability in the bcrypt-ruby gem. We worked with the library's maintainers to arrange a fix and disclosure. The issue is now fixed in versions 3.1.22 and higher. Exposure risk is low, but upgrading is recommended.

CVE-2026-33306: Integer Overflow Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954

@agreenberg more in depth analysis from Google.

It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/

According to TAG’s analysis, DarkSword “uses CVE-2025-43520, a kernel-mode race condition in XNU’s virtual filesystem (VFS) implementation” I’m guessing it’s https://github.com/apple-oss-distributions/xnu/blob/bbb1b6f9e71b8cdde6e5cd6f4841f207dee3d828/bsd/vfs/vfs_cluster.c#L3700 ? There’s several VFS changes; not sure if this is the right one.

If it is this one, I guess you’d somehow

• Make a contiguous memory region,
• start reading a file into it,
• then switch it to a non-contiguous region after it’s validated the region, but before it actually starts reading the file,
• so it ends up writing what it thinks is your contiguous area, but actually is the first part of your area followed by some other memory?

As usual, Wired is… not great 🙄

Regarding DarkSword, the latest objectively bad exploit affecting iOS and Safari, Google has a more in depth analysis, with a lot more informations on the specific versions of iOS that are affected.

TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/

Cybersecurity: Interlock ransomware is exploiting a critical Cisco FMC zero-day (CVE-2026-20131, CVSS 10.0) for root access, active since January 2026. CISA added a Microsoft SharePoint vulnerability (CVE-2026-20963) to its Known Exploited Vulnerabilities Catalog. Geopolitical: Tensions in the Gulf region are escalating, with Iran reportedly targeting energy sites, leading to a sharp spike in oil prices. These events underscore the urgent need for enhanced digital resilience and geopolitical stability.

#Cybersecurity #Geopolitics #AnonNews_irc

🔒 HIGH: CVE-2026-22729 in VMware Spring AI (1.0.x, 1.1.x) enables JSONPath injection, letting authenticated users bypass access controls and access sensitive docs. Patch or sanitize input! https://radar.offseq.com/threat/cve-2026-22729-vulnerability-in-vmware-spring-ai-96356f4f #OffSeq #SpringAI #CVE202622729 #AppSec

🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! https://radar.offseq.com/threat/cve-2026-22730-vulnerability-in-vmware-spring-ai-ddcf48d5 #OffSeq #VMware #SQLi #Infosec