terminal

Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017

A critical zero-day vulnerability named “Copy Fail” (CVE-2026-31431) in the Linux kernel, affecting every major distribution since 2017, allows any unprivileged local user to gain root access by exploiting a flaw in the kernel's cryptographic template via the AF_ALG socket and splice() system call. The vulnerability, discovered by Theori and exploited by Xint Code Research Team, enables file page cache corruption undetectable by integrity tools, and also facilitates Kubernetes container escapes; a patch has been released and administrators are urged to update immediately.

https://cybersecuritynews.com/linux-kernel-0-day-copy-fail/

ClickFix Campaigns Spread MacSync macOS Infostealer Via Fake AI Tool Installers

Multiple ClickFix campaigns have been identified spreading the MacSync macOS information stealer through fake AI tool installers that trick users into running malicious Terminal commands. These campaigns leverage malvertising and social engineering, often using trusted platforms and search ads to lure victims, with recent variants employing advanced evasion techniques to harvest sensitive data like credentials and cryptocurrency wallet seed phrases. Security experts warn that these evolving tactics exploit developers’ trust in command-line installs and have been adopted by multiple threat actors targeting both macOS and Windows environments.

https://thehackernews.com/2026/03/clickfix-campaigns-spread-macsync-macos.html

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft revealed a new phishing campaign, ClickFix, using Windows Terminal to deploy Lumma Stealer malware. The campaign tricks users into executing commands via a trusted app, bypassing detection methods aimed at the Run dialog. It executes a multi-stage attack: downloading and extracting malicious scripts, collecting credentials from browsers, and establishing persistence. The malware targets sensitive data, emphasizing the risks of social engineering tactics in cybersecurity.

https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html

2026-01-14: The Day the Telnet Died

On January 14, 2026, global telnet traffic dropped 59% abruptly due to potential port 23 filtering by U.S. internet providers, coinciding with the discovery of CVE-2026-24061, a critical telnet vulnerability. Eighteen ASNs lost all telnet sessions, and five countries dropped from data completely. The post suggests the drop was a response to an exploitable vulnerability, emphasizing the importance of patching or disabling GNU Inetutils telnetd. The sustained reduction in telnet traffic indicates a shift away from insecure protocols among ISPs.

https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

New Tool Blocks Imposter Attacks Disguised as Safe Commands

New open-source tool “Tirith” detects and blocks homoglyph attacks in command-line environments by analyzing URLs in commands to prevent exploitation through deceptive characters. Available on GitHub, it works on multiple shells and platforms, identifies threats like homograph attacks and terminal injections without requiring network access or modifying commands.

https://www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-commands/

Scroll to Top