#CopyFail **UPDATE 2025-05-05:** Red Hat has released the kernel updates for Red Hat Enterprise Linux 9 and 10. So if you followed the steps I described in this thread, you can now simply do

dnf update

on affected machines to get the new kernel and do a

grubby --update-kernel=ALL --remove-args='initcall_blacklist=algif_aead_init'

to remove the mitigation described in this post, before you finish the process with a

reboot

to switch to the fixed kernel.

https://access.redhat.com/security/cve/cve-2026-31431

Kritische #Kernel #Lücke bedroht zahlreiche #Linux Systeme - #fosstopia

#IT #Security #Forscher haben eine schwere #Schwachstelle im #Linux_Kernel offengelegt (CVE-2026-31431). Die Lücke trägt den Namen Copy Fail und erlaubt lokalen Nutzern den Zugriff auf höchste Systemrechte (root). Angreifer können gezielt vier Bytes in den Seitencache beliebiger Dateien schreiben und so die Kontrolle über ein System übernehmen...

https://fosstopia.de/kritische-kernel-lucke-26/

NicFab Newsletter #19 is out.

This week:
→ EDPB marks 10 years of GDPR
→ AI Act trilogue stalls — high-risk rules still set for 2 August 2026
→ EU Age Verification App found vulnerable hours after launch
→ First European standard on trusted data transactions (EN 18235-1:2026)
→ CopyFail (CVE-2026-31431) added to CISA KEV
→ Minnesota first US state to ban nudification apps

https://www.nicfab.eu/en/newsletter-issues/2026-05-05-issue-19/

#Privacy #DataProtection #AIAct #Cybersecurity #AI

Red Hat product updates to copy fail available https://access.redhat.com/security/cve/cve-2026-31431

#cve202631431 #CopyFail #RedHat

AlmaLinux 10.2 Beta is now live!

The release team of AlmaLinux, which is a free binary-compatible alternative to a commercial Linux distribution, Red Hat Enterprise Linux, has just released the beta version of the upcoming point release, which is AlmaLinux v10.2.

This beta version of AlmaLinux brings many improvements over the current version, which is version v10.1. The version is available for the following architectures listed:

• Intel/AMD (x86_64)
• Intel/AMD (x86_64_v2)
• Intel/AMD 32-bit (i686) (userspace only, no installation)
• ARM64 (aarch64)
• IBM PowerPC (ppc64le)
• IBM Z (s390x)

However, this beta version of AlmaLinux is not a production release, and is not guaranteed to be stable, especially when it comes to production installations. For users who rely on stability, you’ll have to wait until the official release. If you are curious about this beta version, and you intend to test and to report bugs and issues, you can download the beta version here.

AlmaLinux 10.2 brings i686 userspace packages to enable legacy 32-bit software, CI pipelines, and containerized workloads for users who rely on them in their workflow. It also presents you with updated toolsets and packages, such as the updated MariaDB 11.8, PHP 8.4, and Python 3.14. Security updates have also been provided, such as OpenSSL, Keylime, and SELinux policies, to enhance your computer’s security and to reduce attack vectors.

Also, a severe vulnerability that was left unnoticed since 2017, called Copy Fail (CVE-2026-31431) that exposed a flaw in authencesn, has been patched in this version of AlmaLinux, along with versions v10.x, v9.x, and v8.x.

You can learn more about this beta version here.

Heads up: CVE-2026-31431 (Copy Fail) is a kernel crypto vulnerability affecting Rocky Linux. Our community is on it: tracking patches and sharing Rocky-specific guidance as it develops.

If you're running Rocky in production, check the forum thread for the latest:

https://forums.rockylinux.org/t/cve-2026-31431-copy-fail-linux-kernel-crypto-vulnerability/20375/8
#RockyLinux #LinuxSecurity #OpenSource

"CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros — unpatched systems may remain vulnerable to attack"

"CISA warns of the actively exploited “Copy Fail” Linux flaw (CVE-2026-31431), enabling root access, with a public exploit released before patches were ready."

https://www.tomshardware.com/software/linux/cisa-flags-actively-exploited-copy-fail-linux-kernel-flaw-enabling-root-takeover-across-major-distros-unpatched-systems-may-remain-vulnerable-to-attack

#Linux

copy.fail (CVE-2026-31431): a small Linux kernel bug with an unusually big blast radius | Jorijn Schrijvershof https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/

@christopherkunz https://security-tracker.debian.org/tracker/CVE-2026-31431

"CopyFail" (CVE-2026-31431) : un utilisateur local sans privilège peut écrire 4 bytes contrôlés dans le cache de TOUT fichier lisible ➡️ élévation root. Si vous avez du multi-tenant, des conteneurs, des CI runners non fiables : mettre à jour. Ordinateur perso ? Moins urgent mais mettez à jour quand même.

L'article : https://xint.io/blog/copy-fail-linux-distributions (en)

Le site : https://copy.fail/ (en)
#linux #cybersecurity

Falla in cPanel e WHM mette a rischio gli account amministrativi sui server di hosting

@informatica
La pubblicazione di un PoC per la CVE-2026-41940 espone cPanel & WHM e WP Squared a rischi concreti di takeover. L’authentication bypass può compromettere server hosting e siti WordPress. Analisi tecnica, impatti e contromisure per

cPanel zero-day active:
40K+ servers hit
CVE-2026-41940
→ auth bypass
→ admin access
Patch immediately.

Source: https://www.securityweek.com/over-40000-servers-compromised-in-ongoing-cpanel-exploitation/

Follow @technadu

#Infosec #ZeroDay #CyberSecurity

🚨 In this week’s newsletter, we cover CVE-2026-41940, a cPanel & WHM authentication bypass that puts entire hosting environments at risk. We break down how it enables admin access and what defenders should do next.

Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-41940-cpanel-whm-authentication-bypass-exploitation

📰 cPanel Zero-Day Auth Bypass (CVE-2026-41940) Actively Exploited for Months Before Patch

🚨 CRITICAL ZERO-DAY 🚨 cPanel & WHM auth bypass (CVE-2026-41940, CVSS 9.8) exploited for months before patch! Unauthenticated attackers can get root access. 1.5M instances exposed. Patch NOW! #cPanel #ZeroDay #CVE #WebHosting

🔗 https://cyber.netsecops.io

Cyber Journaal S02E53: cPanel CVE-2026-41940 leidde tot 44.000 gecompromitteerde installaties, ShinyHunters lekte 215.600 Aman Resorts accounts en Raptor Supplies Nederland staat op het darkweb.

➤ https://www.ccinfo.nl/journaal/3150984_cpanel-44-000-installaties-gecompromitteerd-shinyhunters-lekt-aman-resorts-en-raptor-supplies-wemeldinge-op-darkweb

#cybersecurity #datalek #infosec

Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately
#CyberSecurity
https://securebulletin.com/critical-apache-http-server-2-4-67-patches-rce-flaw-cve-2026-23918-upgrade-all-servers-immediately/

Several vulnerabilities in #Apache HTTP Server 2.4 have been fixed in release 2.4.67. The most severe of these are:

- CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset

- CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

- CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack

https://httpd.apache.org/security/vulnerabilities_24.html

#CVE_2026_23918 #CVE_2026_24072 #CVE_2026_33006 #infosec #cybersecurity

AISLE boasts about their AI tooling and CVE-2026-42511:

"Our autonomous AI system found another critical vulnerability in the FreeBSD DHCP stack - an unauthenticated remote code execution vulnerability with root privileges.

This finding is significant not only because RCE as root is about as severe as it gets, but also because FreeBSD was explicitly included in Anthropic’s Mythos announcement, and Mythos did not identify this issue."

Not sure if it was a good idea to look this closely: CVE-2026-42511 (#freebsd #dhclient) looks awfully similar to CVE-2011-0997 (isc-dhcp).

Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction
#CyberSecurity
https://securebulletin.com/critical-android-zero-click-vulnerability-cve-2026-0073-allows-remote-shell-access-without-user-interaction/

Read-only ArgoCD access + one annotation = every Kubernetes secret in the cluster, plaintext. CVE-2026-43824. Fixed in 3.2.11 and 3.3.9. If you're running 3.2.x or 3.3.x, upgrade today.

CHERI-Speichersicherheit reduziert LLM-gefundene FreeBSD-Schwachstelle CVE-2026-4747

https://www.all-about-security.de/cheri-speichersicherheit-reduziert-llm-gefundene-freebsd-schwachstelle-cve-2026-4747/

#llm #Freebsd