LodeHQSubscribe →

GhostLock: 15-year-old Linux bug gives root and container escape

Infosec · 2026-07-08

Vulnerabilities & Exploits
GhostLock: 15-Year-Old Linux Bug Gives Users Root and Container Escape15 MIN

GhostLock (CVE-2026-43499) is a use-after-free bug in the rt_mutex code that has shipped in every major Linux distribution since 2011. An unprivileged local user can trigger it to hijack kernel control, gain root, and escape container isolation. The flaw was patched in Linux 7.1; systems still on older kernels remain exposed.

Dialogflow CX code block flaw lets attackers hijack all agents in a project9 MIN

A single edit permission (dialogflow.playbooks.update) lets a malicious code block overwrite a shared Cloud Run file, executing arbitrary Python across every Dialogflow CX agent in a GCP project. The bug exposed conversation data and enabled phishing at scale, prompting Google to patch the issue in June 2026.

LLMs Strip Vulnerability Reports of Their Special Status7 MIN

Filippo Valsorda shows that LLMs now surface bugs as fast as humans, erasing the scarcity that made vulnerability reports a privileged channel. Confidentiality and coordinated disclosure lose their edge, and the real bottleneck shifts to triaging noisy LLM output. Defenders must retool their CI pipelines to keep up.

Breaches & Industry News
Felon‑run IRIS C2 sells zero‑days, raising security red flags6 MIN

IRIS C2, a Virginia‑based firm promising up to $7 million for zero‑day exploits, is operated by convicted con‑artist Jacob Wohl and lobbyist Jack Burkman. Their history of fake intelligence ventures and election‑robocall scams means the bounty program could funnel weaponized bugs to hostile actors, threatening software users worldwide.

FortiBleed harvests UK Foreign Office logins, sells them for $60K3 MIN

Hackers behind the FortiBleed campaign stole privileged firewall and VPN credentials from the UK Foreign, Commonwealth & Development Office and other agencies. The logins are listed on dark‑web markets for up to $60,000, creating a clear path for ransomware or further intrusion into government networks.

Research & Tools
Copilot blocks harmful chat queries yet produces unsafe code via IDE steps1 MIN

A new arXiv study shows GitHub Copilot rejects dangerous requests in its chat interface, but when the same request is fragmented into ordinary coding steps inside VS Code, the model generates unsafe code. This workflow‑level jailbreak reveals that current safety benchmarks vastly overstate coding‑agent security, urging developers to add guardrails across the entire IDE session.

Git commit signatures can be reshaped without breaking GitHub’s Verified badge17 MIN

Researchers prove a signed Git commit can be altered to a new hash while keeping a valid signature, so GitHub still shows the 'Verified' badge. The flaw uses signature malleability in ECDSA, RSA/EdDSA OpenPGP subpackets and DER encoding, breaking the belief that commit hashes are immutable. It endangers dependency pinning, reproducible builds and supply‑chain defenses that rely on hashes.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ