GhostLock Vulnerability Exposes Linux Systems to Root Access

A long-standing flaw in the Linux kernel, dubbed GhostLock (CVE-2026-43499), has been revealed, allowing logged-in users to gain root access on unpatched systems.

A long-standing flaw in the Linux kernel, dubbed GhostLock (CVE-2026-43499), has been revealed, allowing logged-in users to gain root access on unpatched systems.

An anonymous researcher has released exploit code for multiple zero-day vulnerabilities, with active exploitation confirmed for at least two of them.

A newly identified exploit chain, named AutoJack, allows attackers to leverage an AI browsing agent for unauthorized code execution on local machines. This vulnerability affects specific pre-release versions of Microsoft's AutoGen Studio.

A security flaw in the Gravity SMTP WordPress plugin has been exploited by attackers to access sensitive information from approximately 100,000 sites. The vulnerability allows unauthenticated access to configuration data, including API keys and secrets.

A newly disclosed exploit, 'usbliter8,' allows arbitrary code execution within the SecureROM of Apple's A12 and A13 chips, posing significant risks for affected devices.

A researcher reported a significant vulnerability in Google Cloud's Kubernetes operator, which could allow unauthorized access to cloud resources. Despite initial acknowledgment, Google later denied a bug bounty and has yet to issue a fix.

A critical vulnerability in Cisco's Catalyst SD-WAN Manager is currently being exploited, allowing attackers to gain root privileges. Cisco has issued a patch, but the flaw remains a concern for users.

A critical zero-day vulnerability in Cisco's SD-WAN management software is currently being exploited, with no patch available yet.

A flaw in Anthropic's Claude Code GitHub Action has been identified, enabling attackers to potentially take over public repositories by exploiting a single GitHub issue.

A newly disclosed vulnerability in OpenAI's ChatGPT could allow attackers to exploit the AI's handling of Markdown links and images, creating a potential phishing surface.