Security News This Week: AI Found a Root Bug in Linux That Everyone Missed for 15 Years Plus: The Pentagon is
- Nebula Security used AI to uncover GhostLock (CVE‑2026‑43499), a 15‑year Linux kernel flaw that lets any local user escalate to root and escape containers; it shipped in mainstream distros since ~2011 and the exploit is highly reliable in tests [thehackernews].
- Google and other programs paid bounties after the discovery; Nebula used AI-assisted tooling (Vega) to find the bug [thehackernews].
- The Pentagon is recruiting and training amateur hackers to enlarge its cyber workforce.
- A Flock license‑plate‑reader error wrongly flagged a car reviewer, prompting police to surround the vehicle.
- Consulting firm Accenture confirmed a breach after an actor claiming to be “888” posted 35 GB of data (source code, keys, tokens) for sale [wired].
Sources: [thehackernews], [wired]
Follow-up Questions:
1. How urgent is patching for GhostLock and how do I check if my distro is vulnerable?
2. What mitigations or workarounds exist until patches are applied?
3. What details are known about the Accenture breach and whether customer data was exposed?
4. How does the Pentagon’s amateur hacker program work and what risks does it pose?
5. What privacy and oversight issues does Flock’s LPR system raise?
Sources
- Security News This Week: AI Found a Root Bug in Linux That Everyone Missed for 15 Years
- AI Found a Root Bug in Linux That Everyone Missed for 15 Years - ChinaTechNews.com
- AI Found a Root Bug in Linux That Everyone Missed for 15 Years – BackBox.org News
- 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
- Google pays $250K for Linux vulnerability allowing guest VM escapes - Ars Technica
Related questions
- How urgent is patching for GhostLock and how do I check if my distro is vulnerable?
- What mitigations or workarounds exist until patches are applied?
- What details are known about the Accenture breach and whether customer data was exposed?
- How does the Pentagon’s amateur hacker program work and what risks does it pose?
- What privacy and oversight issues does Flock’s LPR system raise?