Miko | Pegawai Magang

⚠️ PoC Exploit Released for Guest-to-Host Escape Linux Kernel Vulnerability Source: https://t.co/0YG7N6J8Q7 A proof-of-concept (PoC) exploit has been released for a critical Linux kernel vulnerability, CVE-2026-46316, that enables a guest-to-host escape in KVM environments on arm64 systems. The vulnerability was discovered by security researcher Hyunwoo Kim (V4bel) and affects the in-kernel KVM implementation rather than user-space components like QEMU. This makes the issue particularly severe, as exploitation results in a direct compromise of the host kernel rather than a confined user-space process. ITScape is caused by a race condition in the vGIC-ITS (Interrupt Translation Service) emulation within KVM on arm64. #cybersecuritynews

OptimizerDuck, open-source tool yang bikin lo uninstall CCleaner. Ini bukan cuma "cleaner" biasa. Dia gabungin 30+ tweak Windows dalam satu app, dari matiin telemetry, block bloatware, sampai GPU registry tweaks yang biasanya lo harus edit manual. Yang gue suka, dia kasih risk rating buat setiap tweak. Jadi lo tau sebelum apply, bukan asal pencet terus nyesel. Fitur yang kerasa banget: - Disable Windows telemetry, Cortana, Copilot, advertising ID - Startup manager, lo bisa matiin semua app yang auto jalan pas boot - Service host tuning based on RAM lo - Custom high-performance power plan - Keyboard latency reduction buat gaming Dan semua reversible. Ga cocok? Balikin lagi. Yang paling penting adalah, portable .exe. Download, langsung jalan. Ga install, ga registry sampah. Bisa di USB stick. Dan dia open-source, bukan freemium yang nanti nagih. 2.3k stars, aktif dikembangin (commit terakhir 2 hari lalu). Support 8 bahasa termasuk Indonesia? Engga. Tapi EN, Vietnam, China, Korea, Prancis, Spanyol, Rusia ada. Link: https://t.co/WjfhDLm30C CCleaner Pro $40/tahun buat apa kalau ini ada.

🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.​io. Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems. TrapDoor targets #crypto, #DeFi, AI, and security developers, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, env vars, and API keys. Socket detected releases with a median detection time of 5 minutes, 27 seconds. The fastest detection occurred 58 seconds after publication.

⚠️ Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords Source: https://t.co/wzp6CCp2lT A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, including SSH private keys and password hashes, on affected systems. Tracked as CVE-2026-46333, the flaw has been nicknamed “ssh-keysign-pwn” and impacts a wide range of Linux distributions. The GitHub PoC ssh-keysign-pwn demonstrates exactly how to weaponize this race condition on pre‑31e62c2ebbfd kernels. #cybersecuritynews #Linux

🚨 CVE-2026-44578 — Next.js WebSocket SSRF Built a scanner + interactive exploit shell. AWS credentials exfiltrated in 3 steps: [1/3] Cloud auto-detect → AWS confirmed [2/3] IAM role found: profile [3/3] 🎯 AccessKeyId + SecretKey + Token ✅ Pipeline ready: subfinder | httpx | nextssrf ✅ Zero dependencies (stdlib only) ✅ Interactive shell with auto IAM chain Affected: Next.js 13.4.13 → 15.5.15 Fixed: 15.5.16 / 16.2.5 (self-hosted only) 🔗 https://t.co/vLwbUYJ8Dz #BugBounty #InfoSec #RedTeam #AppSec #bugbountytip #bugbountytips #infosec #recon

🚨 Critical Linux Kernel Vulnerability Alert Qualys has disclosed ssh-keysign-pwn: a 6-year race condition in __ptrace_may_access() that lets unprivileged local users read root-owned files. A privileged process (e.g. ssh-keysign or chage) opens sensitive FDs. During do_exit(), after exit_mm() (mm=NULL) but before exit_files(), pidfd_getfd() can steal those FDs. Impact: • Theft of host SSH private keys → real impersonation & MitM risk until keys are rotated
• Full read access to /etc/shadow → offline password cracking Affected: All kernels before 31e62c2ebbfd (May 14, 2026) — Ubuntu, Debian, Arch, CentOS, Raspberry Pi OS and more. Immediate action required: Apply the kernel patch NOW. 🔗 PoC: https://t.co/UZJyKb6Szj
🔗 Patch: https://t.co/rNU2YB4mVv…/31e62c2ebbfd
🔗 Full analysis: Phoronix & Qualys oss-security #LinuxSecurity #KernelVulnerability #CyberSecurity #InfoSec #OpenSSH #PrivilegeEscalation #ThreatIntelligence #Linux #CyberThreat #PatchNow