Fyodor Y

🚨 Critical Linux Kernel Vulnerability Alert Qualys has disclosed ssh-keysign-pwn: a 6-year race condition in __ptrace_may_access() that lets unprivileged local users read root-owned files. A privileged process (e.g. ssh-keysign or chage) opens sensitive FDs. During do_exit(), after exit_mm() (mm=NULL) but before exit_files(), pidfd_getfd() can steal those FDs. Impact: • Theft of host SSH private keys → real impersonation & MitM risk until keys are rotated
• Full read access to /etc/shadow → offline password cracking Affected: All kernels before 31e62c2ebbfd (May 14, 2026) — Ubuntu, Debian, Arch, CentOS, Raspberry Pi OS and more. Immediate action required: Apply the kernel patch NOW. 🔗 PoC: https://t.co/UZJyKb6Szj
🔗 Patch: https://t.co/rNU2YB4mVv…/31e62c2ebbfd
🔗 Full analysis: Phoronix & Qualys oss-security #LinuxSecurity #KernelVulnerability #CyberSecurity #InfoSec #OpenSSH #PrivilegeEscalation #ThreatIntelligence #Linux #CyberThreat #PatchNow

Another great example of AI-driven vuln research finding high-impact bugs in a heavily audited open-source project. Where human analysts give up or move on to a more interesting attack surface, AI keeps going until the end. Context, prompts, and skills still matter, but it’s not a magic box you ask “find me a 0-day.” VR was always artisanal. Not just running tools in sequence, but deep understanding of the problem space, historical knowledge of prior findings, and intuition for where bugs persist. Malware analysis got commoditized years ago with sandbox automation. VR resisted. Now AI has outpaced human analysts in throughput. Still needs guidance and direction, but it’s a completely new era. Some people I know still dismiss the progress, but hard to argue with results.

Yesterday, the DOJ made a press release confirming a coordinated crackdown against a massive Southeast Asian scam compound Two Chinese nationals ran a forced-labor fraud factory in Myanmar called the Shunda compound. Trafficked workers, beaten and held against their will, were forced to run cryptocurrency investment and romance scams targeting Americans. One worker's team stole 3 million dollars from a single victim. When a militia seized the compound in late 2025, the FBI flew to Thailand, reviewed over 1,300 desktop computers and thousands of phones, and interviewed former workers. They tracked the two managers to Cambodia, where they tried to keep operating, then arrested them in Thailand on immigration charges. They are now facing federal wire fraud conspiracy charges in the US. Separately, the Feds seized a Telegram channel with around 6,000 members that was recruiting English speakers with American accents for fake jobs in Cambodia. Once there, workers were held against their will and forced to impersonate JPMorgan Chase, customer service reps, and NYPD detectives over WhatsApp and Microsoft Teams, telling victims their bank accounts were used to buy illegal firearms, then draining their savings. The Strike Force also seized 503 fake crypto investment websites in a single operation, seized over 700 million dollars in cryptocurrency tied to money laundering, and sanctioned Cambodian officials linked to scam center operations.

hostednowhere[.]com : A groundbreaking platform that encodes an entire website into a single URL (specifically the fragment part after #). github: https://t.co/MN2HS6yXC8 Like: https://nowhr[.]xyz/s#PZJhb9owEIaVf-JkXyExMNq1GkhQykrFKA1t2SZEnTlHYpHEqW0IFNTfvnNb9sXv3evn7mzZcfNlMpwP5uV69dSb5-GffbgdtXSzvhs9izCaNtMbHg8eX581JEmNufcXzL1WR7c1djzmjkPWmzD0rhXrbZeu7ElFmNt7dHwr9bfBcR3FwKEwKspqZFNgqKWCmLz1nQDhpRyyH-dOjbCzKzDcv1xkepuQXZ4VuuOlxpSXQVBVlV-1fKmSoEkpDZDwyFZA1Ze7jkcJJQ3S8LqLjAvFMyAcXb_tEb7_UPUhx80vp-N9-dqg9Bv3AuQN7Az5hD_Z2GqrDTnyfe7Uj7KNRey24XhkeWucOutP0chlIXUZcTi5vym655SecjPA3D9r_h97Ea9WuN0dPiyywLbG-fYm3e9Ph_Hhhh5E43A3kVUKChaLsi8Ml6LAaCyS1BSiSDC-inS6QZ1IbRTqz0jl0lg8k1rLHKMHaTdG0-EMZQZ8o4DM-MaYDP7iahvKMLK1oFMTaSO4BQuI1qAKsMBUiW3E93be-3PpVJQkBC20geLdvzN4THL6Ds4_

🇨🇳 Massive China Housing Fund Data Leak Claim Surfaces A threat actor has shared a dataset allegedly linked to China’s Housing Provident Fund (住房公积金), a government-backed housing benefit system. The data reportedly includes information on over 25 million individuals, with claims that the full dataset may reach nearly 77 million records. Exposed data appears to include: Full names National ID numbers Phone numbers Employer/company details While the dataset structure appears consistent with real records, the exact source and breach method remain unclear, and even the actor notes limited ability to verify the origin. ⚠️ Status: Unverified — high impact, moderate confidence #CyberSecurity #DataLeak #ThreatIntel #DarkWeb