Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local privileges escalations are never good, but typically are not “Internet-melters”: they are significantly less dangerous than remote vulnerabilities, but are often combined with a remote vulnerability to gain complete access to a […]
CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the 2024 bug, the authentication system could be tricked into passing a zero-length request to the authentication handler. In the modern vulnerability, the system can […]
Running suspicious software in a virtual machine seems like a basic precaution to figure out whether said software contains naughty code. Unfortunately it’s generally rather easy to detect whether or not one’s software runs inside a VM, with [bRootForce] going through a list of ways that a VirtualBox VM can be detected from inside the […]
Recently a video surfaced from someone claiming that certain USB-to-Ethernet dongles contained ‘malware’ among other big claims. Basically these dongles were said to be designed by China (and Russia) to spy on users and so on, but how much of this is actually grounded in reality? When [lcamtuf] dove into the topic, what he found […]