Linux pedit COW root escalation, Amazon Q extension cred leak

A vulnerability (CVE-2026-12957, CVSS 8.5) in Amazon Q VS Code extension auto‑loads Model Context Protocol configs from workspace files, allowing code execution and credential theft when a developer opens a malicious repo. Amazon patched it in version 1.65.0, underscoring a systemic risk for AI‑powered coding tools that auto‑execute config files.

CVE‑2026‑46331 is an out‑of‑bounds write in the kernel’s act_pedit traffic‑control module that corrupts shared page‑cache memory. A public proof‑of‑concept lets any local user gain root on unpatched RHEL 8‑10 and related platforms. Red Hat has issued an advisory and provides a quick blacklist mitigation.

Infoblox researchers found that the Chinese DCloud Uni-App framework underlies more than 236,000 scam domains, from fake crypto exchanges to pig‑butchering operations. The shared code lets disparate fraudsters quickly clone phishing and investment‑scam sites, amplifying a global scam economy that can even spill into real‑world schemes.

Saxe shows GLM-5.2 can be run locally on eight H200 GPUs, bypassing API logging, and matches GPT-5.5‑Cyber in code and terminal tasks, giving attackers long‑horizon autonomous capabilities. This removes the biggest friction for malicious use of frontier AI, likely spawning a dark‑economy of inference services.

Tracebit ran 951 attack simulations with ten frontier AI models in an AWS cyber range. The models achieved admin privilege escalation in 162 cases, typically within minutes, and 95.9% of those trips triggered a canary an average of 8 minutes before the critical action.

Meta is quietly building a facial-recognition prototype for a Pentagon contractor, aiming to deliver real-time ID tools for police and the military. The move contradicts the company’s earlier pledges to limit the tech and could expand government surveillance using billions of Facebook photos.

Citizen Lab uncovered that Russian investigators accessed opposition activist Andrey Pivovarov’s seized iPhone with Cellebrite’s UFED in June 2021, months after Cellebrite terminated sales to Russia and Belarus. The finding shows how forensic tools can be repurposed for political repression despite export bans.