Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-08 03:00 PDT
- Sri Lanka makes 37 arrests as it raids another scam centre
Graham Cluley • 2026-05-08 02:30 • www.bitdefender.com
You don’t need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone – and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding new places to hide.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/sri-lanka-37-arrests-scam-centre - Former govt contractor convicted for wiping dozens of federal databases
BleepingComputer • 2026-05-08 01:45 • www.bleepingcomputer.com
A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. […]
https://www.bleepingcomputer.com/news/security/former-govt-contractor-convicted-for-wiping-dozens-of-federal-databases/ - CVE-2025-68670: discovering an RCE vulnerability in xrdp
Securelist • 2026-05-08 01:00 • securelist.com
During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.
https://securelist.com/cve-2025-68670/119742/ - Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
SANS ISC Diary (full) • 2026-05-08 00:50 • isc.sans.eduLess than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as “Dirty Frag,” this vulnerability was discovered and reported by Hyunwoo Kim (@v4bel) [1]. In this diary, I will provide a brief background on Dirty Frag, and discuss its relationship to Copy Fail. I will then discuss how to mitigate Dirty Frag and outline recommended next steps for system owners.
- New Linux 'Dirty Frag' zero-day gives root on all major distros
BleepingComputer • 2026-05-08 00:45 • www.bleepingcomputer.com
A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. […]
https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/ - Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
The Hacker News • 2026-05-07 22:12 • thehackernews.com
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel.
Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers
https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
