Linux LPE, AMSI bypass, and a hidden malware repo

JFrog Security Research disclosed DirtyClone (CVE‑2026‑43503), a high‑severity Linux kernel LPE that lets any unprivileged user corrupt file‑backed memory via a cloned network packet and gain root without leaving logs. The flaw survives earlier DirtyFrag fixes and impacts Debian, Ubuntu, Fedora and other modern distributions. Patch kernels to v7.1‑rc5 or apply backports immediately.

The AMSI design uses one boolean to toggle scanning, and that fails open when the check is bypassed. By flipping it, attackers can run six distinct shell‑based payloads, including reverse PowerShell shells, while Windows Defender remains active. The post demonstrates each technique with live end‑to‑end tests on Windows 11.

A newly disclosed CVE‑2026‑45504 lets an authenticated low‑privilege Exchange user pull arbitrary files from the server by abusing EWS ReferenceAttachment URLs. The flaw bypasses typical permissions, exposing system files like hosts or secrets, and could aid post‑compromise lateral movement. Administrators must patch or block the EWS endpoint immediately.

A fresh wave of the Shai‑Hulud Miasma campaign hijacked trusted Leo Platform npm packages, injecting malware via binding.gyp to run during node‑gyp installation. The compromise affects developer workstations, CI/CD pipelines, and production‑adjacent environments, forcing immediate removal of malicious versions and credential rotation. This underscores that a package’s trust is only as good as its latest release.

Researchers discovered a GitHub repository that appears legitimate but hides a malicious ZIP in its releases. When AI‑powered coding tools such as Claude Code, Gemini CLI, or Cursor clone the repo and run the setup script, the hidden payload executes without triggering scanners, giving attackers silent code execution on developer machines. The technique exploits the agents’ automatic dependency installation and could affect any project that relies on AI‑assisted code generation.

ThreatLabz uncovered an AI‑crafted phishing site that mimics a Cloudflare CAPTCHA, coercing users to run an obfuscated PowerShell dropper. The script fetches and installs SmartRAT, a remote‑access trojan capable of credential theft and full system control. This shows how cheap AI tools can mass‑produce convincing lures that bypass traditional defenses.

The FBI and CISA have updated their advisory to flag a new phishing step: Russian intelligence actors are coaxing Signal users into revealing their Backup Recovery Key. That key lets attackers restore the entire account and read historic messages, essentially bypassing Signal’s end‑to‑end encryption. Users must generate a new recovery key immediately to block future access.

A leak of almost one million passport records surfaced after a breach of a customs‑style app used for expedited border crossing at cannabis dispensaries. High‑value identity documents were stored in a low‑security system, exposing travelers worldwide to identity theft and complicating border‑security controls.

Google’s official blog confirms Chrome will start disabling Manifest V2 extensions in June 2026, cutting off the dynamic filtering used by most ad blockers. With a hard 30,000‑rule limit on declarativeNetRequest, extensions like uBlock Origin lose the ability to block trackers effectively, shrinking user privacy controls.

MemNixFS turns raw Linux memory images into a regular filesystem, exposing processes, page cache, reconstructed root files, and a UTC forensic timeline as ordinary files. You can grep, cat, or feed the data to any existing script without learning a new query language, making memory forensics as simple as navigating directories.