AI Discovers a Long-Hidden Bug in Linux Ignored for 15 Years

Recent developments highlight significant cybersecurity concerns as China’s Volt Typhoon hackers are suspected of embedding themselves in critical infrastructure across the United States. This situation was underscored during a confidential war game simulation conducted for insurers, which explored various catastrophic scenarios, revealing profound vulnerabilities that could disrupt essential services.

In a notable escalation, U.S. Immigration and Customs Enforcement (ICE) has initiated investigations into online detractors following incidents of doxing and threats against its personnel, opening over 100 cases. Concurrently, the European Union has reinstated powers under the controversial “Chat Control” bill, permitting tech companies to scrutinize private communications, including texts and emails, to combat online child exploitation. The European Parliament approved this measure despite significant pushback from lawmakers.

Wired has recently unveiled adjustments within the surveillance systems at Madison Square Garden, which maintains a database of celebrities and high-profile individuals, categorizing them under potentially discriminatory labels such as “LGBTQIA” and “DO NOT HOST.” This revelation sheds light on the ethical considerations surrounding personal data monitoring in public spaces.

Emerging research indicates a growing trend of fraudulent government website hijacks, where scammers distribute “leaked” OnlyFans content. However, these operations have faced hurdles due to a surge in copyright complaints from content creators, effectively leading to the removal of these malicious links and enhancing user safety.

This compilation of cybersecurity news highlights additional incidents of importance. One critical development involves Nebula Security’s publication of exploit code for the GhostLock vulnerability, identified as CVE-2026-43499. This vulnerability, which has remained in the Linux kernel for 15 years, allows unauthorized users to gain root access on unpatched systems. Present in nearly all mainstream Linux distributions since 2011, this flaw poses a significant threat to organizations until fully addressed, particularly as unpatched versions of popular systems, including Ubuntu, continue to circulate.

Notably, Nebula leveraged its AI-driven tool, VEGA, to identify this exploit, shedding light on the importance of automated tools in uncovering longstanding vulnerabilities. This incident emphasizes the relevance of the MITRE ATT&CK framework, as tactics such as privilege escalation and exploitation of public-facing applications appear to have been utilized by adversaries.

In another troubling incident, a journalist faced undue police attention after his vehicle, a loaned Range Rover, was mistakenly flagged as stolen due to a data entry error across thousands of miles. This case exemplifies the shortcomings of automated surveillance systems and the potential for serious misidentifications resulting from inaccurate data, raising questions about the reliability of such monitoring technologies.

Additionally, Accenture has confirmed a data breach after a hacker claimed to have stolen 35 GB of sensitive information, including proprietary code and access tokens. This breach is particularly concerning given Accenture’s role in providing cyber defense services to ICE. The timing underscores vulnerabilities within federal cybersecurity dependencies and highlights tactics such as compromise of credentials and exploitation of vulnerabilities present in system defenses, which align with the findings of the MITRE ATT&CK Matrix.

As the Pentagon seeks to bolster its cybersecurity workforce through initiatives like Cyber RAP, designed for candidates lacking typical academic backgrounds, concerns remain regarding the adequacy of training and compensation offered. Simultaneously, the proposal to utilize contractor-operated cyber operations has sparked debate regarding the ethics and implications of employing third-party hackers. This dual approach of developing in-house capabilities while potentially outsourcing critical cyber functions reflects the evolving landscape of national security and corporate defense strategies.

Source