Latest Internet & Cybersecurity News
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV Catalog
The U.S. CISA added a 9-year-old Linux kernel local privilege escalation flaw (CVE-2026-31431, CVSS 7.8) to its Known Exploited Vulnerabilities catalog due to active wild exploitation. Dubbed 'Copy Fail,' it allows unprivileged users to gain root via a simple Python exploit; patches available in kernel 6.18.22, 6.19.12, and 7.0. FCEB agencies must patch by May 15 .
Trellix Confirms Source Code Repository Breach in May 2026
Trellix has confirmed a hack on its source code repository, with full details on timeline, risks, and impacts to the cybersecurity industry released. The breach poses potential threats to their products and customers. Industry watches for further fallout .
Promising Cybersecurity Stocks to Watch: Palo Alto, CrowdStrike, and More
MarketBeat highlights seven top cybersecurity stocks by trading volume: Palo Alto Networks, CrowdStrike, Fortinet, BlackBerry, SentinelOne, Globant, and Rapid7. Investors eye these amid rising cyber threats. Recommended for consideration on May 3 .
Berkshire Hathaway Meeting Spotlights Deepfake and Cyber Risks
At Berkshire's annual meeting, CEO Greg Abel revealed a deepfake video of Warren Buffett created with public data, underscoring cyber threats like deepfakes and attacks. Emphasized daily management of these risks across the business. Highlights evolving AI-driven dangers .
2026 Cybersecurity Paradox: CISO Confidence Plummets to 22%
CISOs' confidence in cybersecurity dropped sharply from 48% in 2022 to 22% in 2026; 'not very confident' views rose to 63%. One state faced three ransomware attacks recently, exemplifying contrasts in state-level preparedness. Paradox reveals growing pessimism .
Cyber-Physical Resilience Reshapes Industrial Cybersecurity Beyond Perimeters
Industrial cybersecurity shifts from perimeter defenses to protecting core processes amid IT-OT convergence and fading air gaps. Emphasizes cyber-process hazard analysis, anomaly detection in operations, and physics-based indicators. Addresses rising ICS incidents and safety risks .
New Cybersecurity Guide Targets Threats to Food and Agriculture SMBs
A new guide addresses phishing, malware, and supply chain risks for small food and agriculture businesses. Focuses on common threats amid rising attacks on the sector. Aims to bolster SMB defenses .
Linux 'Copy Fail' Exploit PoCs in Go and Rust Detected in Repos
Kaspersky detected Go and Rust versions of the Python PoC for CVE-2026-31431 'Copy Fail' in open-source repos, heightening exploitation risks. Microsoft notes preliminary testing activity signaling imminent threat actor uptick. Urgent patching advised .
Wiz Details 'Copy Fail' Page Cache Manipulation for Root Gain
The Linux flaw enables attackers to modify page cache of executables like /usr/bin/su, injecting code for root privileges without disk changes. Stems from 2011-2017 kernel changes. Demonstrates sophisticated in-memory binary tampering .
CISA Urges Disable Feature, Isolation if Linux Patches Delayed
For CVE-2026-31431, if immediate patching unavailable, CISA recommends disabling the affected kernel feature, network isolation, and access controls. Linux distros have pushed updates. Critical for vulnerable systems .