Tag

Poc

All articles tagged with #poc

technology7 days ago•4 min saved

DirtyDecrypt PoC Unleashed: Linux Kernel Local Privilege Escalation (CVE-2026-31635)

A newly released PoC for CVE-2026-31635, aka DirtyDecrypt, enables local privilege escalation in the Linux kernel by exploiting a missing copy-on-write guard in rxgk_decrypt_skb. The flaw affects systems with CONFIG_RXGK (e.g., Fedora, Arch, openSUSE) and can write to privileged memory or the kernel page cache, with potential container escape paths. It’s linked to the Dirty Frag/Copy Fail family of flaws, and mitigations being discussed include a kernel runtime killswitch and Rocky Linux’s opt-in security repository to push urgent fixes before upstream patches.

via The Hacker News|

#cve-2026-31635 #dirtydecrypt #linux-kernel

technology9 days ago•3 min saved

PoC Exploit Enables Root on Some Linux Systems via DirtyDecrypt(rxgk) Flaw

A patched Linux kernel flaw in the rxgk module, known as DirtyDecrypt/DirtyCBC, now has a proof-of-concept exploit that can grant root access on affected systems. The vulnerability aligns with CVE-2026-31635 and requires CONFIG_RXGK; it mainly affects distros tracking upstream kernels (e.g., Fedora, Arch, openSUSE). V12 Security reported the flaw, and patches are available, though a temporary mitigation involving disabling specific modules could disrupt IPsec VPNs and AFS. This comes amid broader activity around root-privilege flaws, with CISA warning about Copy Fail being exploited in the wild.

via BleepingComputer|

#dirtydecrypt #linux-kernel #poc

security9 days ago•1 min saved

MiniPlasma PoC Prompts SYSTEM Privilege Escalation on Windows

Security researcher Chaotic Eclipse released a MiniPlasma PoC that can grant SYSTEM privileges on patched Windows by abusing cldflt.sys (Cloud Files Mini Filter Driver); the flaw traces to CVE-2020-17103 and may be unpatched on many systems, suggesting broad impact across Windows versions. The PoC exploits a race condition and has shown reliability on Windows 11 May 2026 builds, though results vary by build (Insider Canary sometimes unaffected). Microsoft had addressed a related issue in 2025 (CVE-2025-62221).

via The Hacker News|

#cldfltsys #miniplasma #poc

technology9 days ago•4 min saved

MiniPlasma PoC: New Windows zero-day grants SYSTEM on patched PCs

A security researcher released a GitHub proof-of-concept for a Windows privilege-escalation zero-day named MiniPlasma, which reportedly lets attackers obtain SYSTEM privileges on patched Windows by abusing the Cloud Filter driver (cldflt.sys) and the HsmOsBlockPlaceholderAccess path; the issue traces to CVE-2020-17103, first reported by Google Project Zero and allegedly fixed in December 2020, though the author claims it remains exploitable. BleepingComputer verified the PoC on Windows 11 Pro with May 2026 updates, while a vulnerability analyst confirmed it works on public builds but not on Canary; the disclosure follows Chaotic Eclipse's ongoing sequence of Windows zero-days and public protest against Microsoft’s handling of bug bounties. Microsoft has not publicly responded to this additional disclosure.

via BleepingComputer|

#cybersecurity #poc #privilege-escalation

arts-and-culture2 years ago•0 min saved

"Get Creative and Win: Join Our Caption Contest Today!"

Queer Family Summer Sanctuary is a new celebration of Indigenous, Black, POC, and Queer heart, art, and soul, offering inclusive rituals, poetry, dance, comedy, performance art, and music. The interdisciplinary performance aims to provide catharsis and inspiration in the face of intensified LGBTQIA+ attacks across the country.

via PoPville|

#arts-and-culture #black #indigenous

cybersecurity3 years ago•2 min saved

KeePass Vulnerability Exposes Master Passwords to Theft

A vulnerability in the KeePass password manager can be exploited to retrieve the master password from the software's memory. A PoC exploitation tool is publicly available, but the password can't be extracted remotely just by exploiting this flaw. The vulnerability affects the KeePass 2.X branch for Windows, and possibly for Linux and macOS. It has been fixed in the test versions of KeePass v2.54, with the official release expected by July 2023. KeepassXC, a fork of KeePassX, is not affected.

via Help Net Security|

#cybersecurity #keepass #master-password