Linux Security Archives • Daily CyberSecurity

SSHFS Command Execution Exploit Code Released Publicly

sshfs command execution exploit public exploit code released

SSHFS Command Execution Exploit Code Released Publicly

Do Son June 5, 2026

Multiple Faults Expose Client Linux Filesystems A popular utility for mounting remote directories over SFTP contains severe...

Plesk privilege escalation flaw CVE-2026-44962 patch Plesk LPE, Root Command Execution

Severe Plesk Privilege Escalation Flaw Patched in Linux Versions

Do Son June 1, 2026

A dangerous security vulnerability has been uncovered within a widely used web hosting control panel. Specifically, a...

NVIDIA Releases Critical Security Patches for AI Frameworks NVIDIA TensorRT-LLM vulnerabilities

NVIDIA Releases Critical Security Patches for AI Frameworks

Do Son May 27, 2026

NVIDIA has issued urgent software fixes to address several severe software flaws. Specifically, these new updates resolve...

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa OrBit Linux Rootkit Medusa Userland LD_PRELOAD Hooking

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa

Do Son May 19, 2026

In July 2022, security researchers dropped the first analysis of OrBit, a sophisticated, then-undocumented Linux userland rootkit....

PamDOORa Backdoor Targets Linux PAM Stack to Steal Passwords and Wipe Logs PamDOORa Linux Backdoor PAM Stack Credential Harvesting

PamDOORa Backdoor Targets Linux PAM Stack to Steal Passwords and Wipe Logs

Do Son May 12, 2026

In the enterprise world, Linux servers are the bedrock of cloud environments and critical infrastructure. To protect...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

The Q1 2026 Exploit Surge: AI Discovers the Flaws, APTs Reap the Rewards

Do Son May 11, 2026

The first quarter of 2026 has set a blistering and volatile pace for the cybersecurity industry, marked...

Trust Hijacked: Official JDownloader Website Breached to Distribute Malicious Installers JDownloader Breach Supply Chain Attack

Trust Hijacked: Official JDownloader Website Breached to Distribute Malicious Installers

Do Son May 9, 2026

When millions of users rely on a popular utility, the implicit trust placed in its official download...

Exploited in the Wild: “Dirty Frag” Linux Vulnerability Grants Instant Root Access Dirty Frag Vulnerability Linux Privilege Escalation

Exploited in the Wild: “Dirty Frag” Linux Vulnerability Grants Instant Root Access

Do Son May 9, 2026

The Linux ecosystem is facing a severe new security challenge that demands immediate attention from everyone, whether...

Nix Vulnerability Grants Root Access via NAR Parser Overflow CVE-2026-25137 Nix Daemon Privilege Escalation CVE-2026-44028

Nix Vulnerability Grants Root Access via NAR Parser Overflow

Do Son May 6, 2026

Nix, the robust package manager celebrated for bringing reliability and reproducibility to Linux and Unix systems, has...

Patch Now: GnuTLS Release 3.8.13 Fixes 12 Vulnerabilities GnuTLS Security Update DTLS Heap Overwrite GnuTLS Vulnerability CVE-2026-1584

Patch Now: GnuTLS Release 3.8.13 Fixes 12 Vulnerabilities

Do Son May 4, 2026

The GnuTLS project, a vital secure communications library used extensively across the Linux ecosystem to implement SSL,...

Crashing the Shield: The One-Line Script Taking Down ModSecurity v3 WAFs libmodsecurity3 Denial of Service WAF Security Vulnerability CVE-2025-27110 ModSecurity vulnerability, JSON DoS

libmodsecurity3 Denial of Service WAF Security Vulnerability CVE-2025-27110 ModSecurity vulnerability, JSON DoS

Crashing the Shield: The One-Line Script Taking Down ModSecurity v3 WAFs

Do Son May 1, 2026

Security researchers have identified two significant vulnerabilities in libmodsecurity3, the core library of the ModSecurity v3 project....

Copy Fail: Public PoC and Full Details Disclosed for the 732-Byte Linux Root Exploit (CVE-2026-31431) Linux Kernel Root Exploit Copy Fail CVE-2026-31431

Linux Kernel Root Exploit Copy Fail CVE-2026-31431

Copy Fail: Public PoC and Full Details Disclosed for the 732-Byte Linux Root Exploit (CVE-2026-31431)

Do Son April 29, 2026

Security researchers have unveiled a critical logic bug in the Linux kernel that allows an unprivileged user...

Legacy Leak: Deprecated GNU C Library Functions Spark New Security Fears glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

Legacy Leak: Deprecated GNU C Library Functions Spark New Security Fears

Do Son April 29, 2026

The GNU C Library (glibc), a cornerstone of the Linux ecosystem, has issued a security advisory. The...

Full Exploit Disclosed: Public PoC and Technical Details Released for Critical ProFTPD SQL Injection ProFTPD SQL Injection CVE-2026-42167 Exploit

ProFTPD SQL Injection CVE-2026-42167 Exploit

Full Exploit Disclosed: Public PoC and Technical Details Released for Critical ProFTPD SQL Injection

Do Son April 29, 2026

Analysts from ZeroPath Research have uncovered a critical SQL injection vulnerability within the mod_sql extension of ProFTPD,...

Linux Privilege Escalation: “Pack2TheRoot” Flaw Impacts Major Distributions Pack2TheRoot Vulnerability PackageKit Privilege Escalation

Linux Privilege Escalation: “Pack2TheRoot” Flaw Impacts Major Distributions

Do Son April 23, 2026

A long-standing security flaw has been unearthed in a core component of the modern Linux desktop and...

Emergency .NET Update: Critical Data Protection Flaw Allows Authentication Forgery Windows DNS Client RCE .NET 10 Auth Bypass CVE-2026-40372

Emergency .NET Update: Critical Data Protection Flaw Allows Authentication Forgery

Do Son April 22, 2026

Microsoft has issued an urgent out-of-band (OOB) security update for .NET 10 to address a critical vulnerability...

Three Silent Vulnerabilities Discovered in the glibc Core glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

Three Silent Vulnerabilities Discovered in the glibc Core

Do Son April 21, 2026

The core of many Linux-based operating systems is facing a series of security challenges. Recent advisories for...

High-Severity Use-After-Free Vulnerability Uncovered in Rsync Rsync Vulnerability Use-After-Free CVE-2022-29154 & CVE-2024-12084 CVE-2024-120845 PoC

Rsync Vulnerability Use-After-Free CVE-2022-29154 & CVE-2024-12084 CVE-2024-120845 PoC

High-Severity Use-After-Free Vulnerability Uncovered in Rsync

Do Son April 16, 2026

Rsync, the high-performance and extraordinarily versatile tool relied upon by millions for remote and local file synchronization,...

CVE-2026-4631: Critical 9.8 RCE Flaw in Cockpit Allows Unauthenticated Server Takeover Cockpit RCE CVE-2026-4631

CVE-2026-4631: Critical 9.8 RCE Flaw in Cockpit Allows Unauthenticated Server Takeover

Do Son April 14, 2026

In the world of Linux server management, ease of use and security are intended to go hand-in-hand....

Root Access at Risk: Critical Nix Sandbox Escape Overwrites Sensitive System Files Nix Sandbox Escape Root Escalation CVE-2024-45593

Root Access at Risk: Critical Nix Sandbox Escape Overwrites Sensitive System Files

Do Son April 10, 2026

A severe security vulnerability has been identified in the Nix package manager, a tool celebrated by the...

Critical Alert 2 Active Exploits Detected Today