Artificial intelligence found a fundamental bug in Linux that everyone missed for 15 years

💥 Explore this must-read post from WIRED 📖

📂 **Category**: Security,Security / Cyberattacks and Hacks,Security / Privacy,Security / Security News,Security Roundup

📌 **What You’ll Learn**:

Amid years of warnings that China’s notorious Volt Typhoon hackers may already be based within critical US infrastructure, a closed war game for insurance companies has played out a set of worst-case scenarios – revealing a dangerous and devastating threat.

ICE’s internal oversight group, the Office of Professional Responsibility, has begun investigating online critics of the agency, opening more than 100 cases looking into what ICE officials call “incidents of defamation and threats” against agency employees. And in the European Union, technology companies will be able to scan citizens’ personal texts, emails and social media messages again due to renewed powers in a “chat control” bill aimed at curbing online child abuse material. The European Parliament voted in favor of extending the legislation despite a majority of lawmakers voting against the proposal.

WIRED revealed more about the surveillance scene at Madison Square Garden this week with the revelation that MSG maintained a database that categorized hundreds of celebrities, high-profile Knicks fans, and even some of Taylor Swift’s wedding guests using labels that included “LGBTQIA,” “Do Not Host,” and low-to-high “risk.”

A wave of government website hijacks in which scammers promise “leaked” OnlyFans content is being thwarted by thousands of copyright complaints from adult content creators, new research shows this week, helping keep people safe by removing malicious links.

And there’s more. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

Nebula Security has published exploit code for GhostLock (CVE-2026-43499), a free-to-use bug that has been in the Linux kernel for 15 years and allows any logged-in user to access an unpatched device, according to SecurityWeek and The Hacker News. The bug is shipped by default in every major distribution since 2011 and requires no special permissions or network access. The Nebula exploit escapes containers and was 97 percent reliable in testing. I earned $92,337 in revenue through Google’s kernelCTF program. The issue was fixed in April, but patch availability is uneven; Ubuntu, as of early July, still lists 24.04, 22.04, and 20.04 LTS as vulnerable or in progress, so defenders should confirm the stable package rather than assume it’s waiting.

Notably, Nebula found the flaw in VEGA, an AI-based bug-hunting tool, part of a group of 2026 Linux privilege escalation flaws brought to light by automated tools combing through old kernel code that few have re-read in years.

Writing for The Drive, reporter Joel Feder describes how four police cars in Plymouth, Minn., cornered him in a Cole parking lot in late June — officers shouted, hands on their weapons — because Fluke license plate cameras indicated the $155,000 Range Rover he was testing, on loan from a New Jersey dealership, was stolen. Vedder writes that police were tracking the SUV around town for days…due to a typo.

It’s due to a data entry error 2,000 miles away: A Jaguar Land Rover fleet plate bearing the number 34 03 DTM was reported missing to the LAPD, but it was entered into the system as just “34 DTM” – dropping the smaller middle numbers that New Jersey uses on manufacturer plates. Fluke cameras read the capital letters, ignored the non-standard bodywork, and began alerting police to any matching vehicle. Feder reported that four other Land Rovers sharing the same license plate format were tracked throughout Minnesota in the same week; He was just the first one pulled over.

It turns out that the painting that started all this police activity wasn’t stolen at all, but rather misplaced while the photo was taken. Ironically, the incident came just two weeks after The Drive published a viral report about this type of herd overtaking.

Consulting giant Accenture confirmed a security breach after threat actor “888” claimed to have captured 35GB of data — source code, RSA and SSH keys, Azure access tokens, and configuration files — and offered it for sale on a cybercrime forum, according to BleepingComputer. Accenture described it as an “isolated issue” and said it had remedied the source, reporting no impact on operations but declined at the time to comment on what was actually captured or how the attackers gained access. To support this claim, 888 posted a screenshot that appears to show a cloned Azure DevOps repository on the redacted Accenture.com host; BleepingComputer could not verify the full range. This isn’t the actor’s first move into the company, as 888 attempted to sell Accenture employee data after a third-party hack in 2024, and Accenture was separately hit by a LockBit Ransomware attack in 2021.

The timing of the breach is particularly embarrassing: Accenture’s federal arm has held ICE’s Cyber ​​Defense and Intelligence Support Services contract — for 24/7 threat monitoring, intrusion detection, and incident response across the agency’s networks — since September 2021, a roughly $56.5 million assignment that expires at the end of August and is currently being renegotiated.

The Pentagon this week opened applications for the Cyber ​​RAP program, a paid apprenticeship that recruits people with no cyber certification or experience — just the ability to learn — into full-time, 12-month positions to learn to guard the department’s networks, according to DefenseScoop. US Army IT Director Kirsten Davis has presented it as aiming to do away with “academic gatekeeping” in favor of “raw competence, patriotic drive, and operational capability.” But the pay is a paltry $22,584 a year, and those who quit will owe the government to reimburse them for training.

This is the deal to build talent within the company. The other option on the table is to rent it. A provision in the fiscal year 2027 defense bill advanced by the Senate Armed Services Committee would allow Defense Secretary Pete Hegseth to set up a pilot to run cyber operations through “contractor-owned and contractor-operated means” — a government-blessed hired hacker crew, GovInfoSecurity reports.

💬 **What’s your take?**
Share your thoughts in the comments below!

#️⃣ **#Artificial #intelligence #fundamental #bug #Linux #missed #years**

🕒 **Posted on**: 1783783876

🌟 **Want more?** Click here for more info! 🌟

By

Leave a Reply

Your email address will not be published. Required fields are marked *