"CISA has added the bug to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to patch within two weeks, setting a May 15 deadline."
"The same exploit binary works unmodified on every Linux distribution, demonstrating a high level of reliability that has raised concerns among cybersecurity agencies."
"Microsoft Defender is seeing preliminary testing activity that might result most likely in increased threat actor exploitation over the next few days."
CISA warns of a Linux kernel vulnerability, CVE-2026-31431, known as 'CopyFail', which is actively being exploited. This bug allows low-level users to gain root access by modifying data they should only read. Discovered by Theori's AI platform, patches were released before public disclosure. The exploit affects major Linux distributions, including Ubuntu and RHEL, and is applicable to all mainstream kernels since 2017. CISA has added this vulnerability to its catalog, urging federal agencies to patch within two weeks due to the risk of exploitation.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]