Random in Security is a summary of the cybersecurity news.
Vulnerabilities#
NIST Updates NVD Operations to Address Record CVE Growth#
NIST is rolling out a risk-based prioritization model for the NVD to cope with a 263% growth in CVE submissions between 2020 and 2025. Enrichment now focuses on CISA’s Known Exploited Vulnerabilities catalog, federal government software, and critical software designated under Executive Order 14028, while everything else gets parked as “lowest priority” pending resources. Translation: if your CVE isn’t already being actively exploited or running on a federal box, good luck getting metadata anytime soon.
“Copy Fail” CVE-2026-31431#
Xint and the copy.fail teaser site detail a logic flaw in the Linux kernel’s AF_ALG AEAD path where authencesn performs scratch writes past the output buffer into page-cache pages chained in via splice() and sg_chain()—yielding a deterministic 4-byte page-cache write from an unprivileged user.
A 732-byte Python exploit edits the page cache of a setuid binary for instant root across Ubuntu 24.04, Amazon Linux 2023, RHEL 10.1, and SUSE 16 (kernels 6.12 through 6.18), with no race and no offsets.
Mainline commit a664bf3d603d reverts AEAD to out-of-place operation, the CVE landed April 22, and disclosure followed April 29—so if your distro kernel still ships in-place AEAD nine years after it was a bad idea, that’s a choice.
“Dirty Frag” CVE-2026-43284 and CVE-2026-43500#
Sysdig tracks “Dirty Frag” (disclosed May 8, 2026 by Hyunwoo Kim, PoC on GitHub) as twin LPEs in the kernel’s ESP/IPsec receive path (CVE-2026-43284, introduced January 2017) and rxrpc fast path (CVE-2026-43500, added June 2023), both performing in-place decryption without validating memory ownership.
An attacker points a crafted packet at cached pages of /usr/bin/su, decrypts with an attacker-controlled key, and shellcode lands in the shared page cache—a deterministic logic flaw, no races required, against kernels 4.10 through 7.0.
Sysdig Secure shipped two new runtime rules and a Falco recipe watching for unexpected AF_RXRPC socket creation, because at publication time no distro had a patched kernel out and AFS daemons are basically the only legitimate rxrpc users on Earth.
“Fragnesia” CVE-2026-46300#
AlmaLinux’s writeup details the third local-root in the ESP/rxrpc neighborhood in two weeks—this time skb_try_coalesce() failing to propagate the SKBFL_SHARED_FRAG marker, which lets the XFRM ESP-in-TCP path AES-GCM-decrypt directly over page-cache pages and XOR a chosen keystream into /usr/bin/su.
AlmaLinux 8/9/10 are all vulnerable through esp4/esp6 (plus rxrpc on AL9/10 if kernel-modules-partner is installed); AlmaLinux pushed patched kernels (4.18.0-553.124.3.el8_10, 5.14.0-611.54.5.el9_7, 6.12.0-124.56.3.el10_1) to production on May 16, ahead of Red Hat.
PoCs are public in V12’s pocs repository, and Enginsight published a German-language analysis that pairs nicely with this one if your reading list runs bilingual.
At this point the socket-buffer coalescing logic deserves its own threat model.
Drupal Core SQLi#
SA-CORE-2026-004 covers CVE-2026-9082, a 23/25-CVSS SQL injection in Drupal’s database abstraction API that hits PostgreSQL-backed sites across 8.9.0 through 11.3.9 and is exploitable by anonymous users—information disclosure, privilege escalation, and RCE are all on the menu. Patches landed in 11.3.10 / 11.2.12 / 11.1.10 / 10.6.9 / 10.5.10 / 10.4.10 (with best-effort backports for unsupported Drupal 8 and 9), and exploit attempts were already being seen in the wild by May 22. Notably, the Banque de France put their website in maintenance mode until they applied the patch, while a cascade of public PoCs landed within days—because nothing motivates the open-source community quite like a 23/25 on anonymous-reachable SQLi.
Interesting Reads#
IDN Homograph Attacks: More Steps, Same Deception#
Red Siege revisits the classic IDN homograph attack and shows how attackers route around modern registrar language requirements by simply selecting the appropriate language pack. The trick still works because Punycode is just an ASCII encoding of Unicode, and plenty of apps (Slack, looking at you) happily render the spoofed Unicode form rather than the encoded one. Defenses are unglamorous but effective: enforce Punycode display in browsers, filter incoming mail by character set, and monitor DNS for substitution patterns—still ignored by most, somehow.
The AI-Assisted Breach of Mexico’s Government Infrastructure#
Gambit Security published a technical deep-dive into a breach of nine Mexican government organizations between December 2025 and February 2026, in which a single threat actor leaned on Claude Code and OpenAI’s GPT-4.1 API to handle most of the heavy lifting—reconnaissance, exploit customization, privilege escalation, tunneling via Chisel, and exfiltration. A custom 17,550-line tool called BACKUPOSINT.py piped harvested data from 305 SAT servers through GPT-4.1 to produce 2,597 structured intelligence reports, while the operator allegedly walked away with 195 million SAT taxpayer records and 220 million Mexico City civil records. Coverage from SOCRadar, SC Media, and TechRadar has the play-by-play, but the short version is that the era of “the AI did it for me” pentesting has officially gone live—and not in a good way.
Claude Mythos Preview#
Anthropic’s red team previewed Claude Mythos, which apparently spent its weekends discovering thousands of previously unknown security flaws across operating systems, browsers, and cryptographic libraries. Highlights include a 27-year-old OpenBSD bug exploitable via TCP sequence number overflow and a 16-year-old FFmpeg vulnerability, all stitched together into multi-stage exploits without human babysitting. Patching teams may want to start filing tickets in advance.
384 bit RSA DKIM Key#
The badkeys project reported a 384-bit RSA DKIM key at dkim._domainkey.t-systems.nl to Deutsche Telekom / T-Systems, who promptly informed them it was “out of scope” for the bug bounty.
So badkeys factored it (cado-nfs handles 384-bit RSA in a few hours on a modern PC) and published the recovered private key in the same post—no factoring required for the next person who wants to sign mail as T-Systems.
2048-bit keys have been the recommended minimum for over a decade, so this is less “edge case” and more “did anyone look at this since 2010?”
Benchmarking Self-Hosted LLMs for Offensive Security#
TrustedSec ran 4,800 evaluation runs across six self-hosted models—gemma4:31b, qwen3.5:27b, devstral-small-2:24b, nemotron-3-super, qwen3-coder, and qwen3:32b—against eight OWASP Juice Shop challenges, with gemma4 topping the leaderboard at a 98.5% pass rate using just an HTTP request function and basic encoding helpers. The catch: while local models reliably crush single-step exploitation like SQL injection and IDOR, they score zero on multi-step data extraction because they can’t hold strategy and memory together long enough. Your local gemma can probably pop a login form, but it still can’t plan a heist.
How we made Trail of Bits AI-native (so far)#
Trail of Bits went from 5% internal AI adoption to a structured operation built around standardized Claude Code, an AI Maturity Matrix, and 94 plugins housing 201 reusable skills plus 84 specialized agents that encode their domain expertise. On the right engagements, auditors jumped from roughly 15 bugs/week to 200, with about 20% of all bugs reported to clients now first surfaced by AI rather than human review. Dan Guido’s companion [un]prompted 2026 talk covers the org-change side—how they got the other 95% of the firm on board with clear levels, real consequences, and visible capability ladders—because as it turns out the hard part wasn’t the tools, it was the humans.
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain#
Socket caught @bitwarden/cli 2026.4.0 on npm shipping a malicious bw1.js payload on April 23, 2026, pushed via a compromised GitHub Action in Bitwarden’s CI/CD pipeline—same playbook as the broader Checkmarx campaign, same gzip+base64 packaging, same audit.checkmarx[.]cx/v1/telemetry C2 (IP 94.154.172.43, lockfile /tmp/tmp.987654321.lock).
The stealer scrapes GitHub tokens from memory and harvests AWS/Azure creds, npm config, SSH keys, and—charmingly modern—Claude/MCP configuration data, then exfils through GitHub API and npm registry channels.
Only the npm CLI was affected (the Chrome extension and other distributions are clean), but “password manager CLI ships a credential stealer” is the kind of headline that ages well.
China’s Digital Forensics Battle Grounds — Part 1#
NetAskari’s publicly accessible Substack piece surveys China’s commercial forensics vendors—Longxin and friends—offering mobile mirroring, cloud extraction, SIM cloning, Telegram dumps, and Uyghur-language analysis, with DeepSeek bolted on for “suspicious communication” pattern detection. The author estimates the domestic toolchain runs roughly eight years behind Cellebrite/Magnet-class Western forensics and is optimized for Chinese-made handsets, but argues the gap is closing and exports are coming. Surveillance-as-a-service, now with characteristics.
Bad Connection: Global Telecom Exploitation by Covert Surveillance Actors#
Citizen Lab’s Bad Connection report documents two long-running surveillance campaigns: STA1 has been abusing SS7/Diameter signalling since at least November 2022—spoofing operator identities, rotating country codes, and abusing “combined attach” for silent 3G/4G location tracking—while STA2 fires SIMjacker-style binary SMS at the S@T browser to pull location with zero user interaction. Named gateways include 019Mobile (Israel) as a recurring entry point, Airtel Jersey as a 4G first-hop proxy, and Tango Networks UK as secondary, with operator footprints across Cambodia, Mozambique, Sweden, Italy, Liechtenstein, Uganda, Israel, UK, Thailand, and Jersey. The unifying finding: carriers still trust their interconnect peers like it’s 1998 and skip TLS/authentication on the signalling plane, which is exactly why the campaigns ran for years.