AI Found a Root Bug in Linux That Everyone Missed for 15 Years
AI Found a Root Bug in Linux That Everyone Missed for 15 Years
AI 在 Linux 中发现了一个被忽视了 15 年的根漏洞
Nebula Security has published exploit code for GhostLock (CVE-2026-43499), a use-after-free bug that sat in the Linux kernel for 15 years and lets any logged-in user take root on an unpatched machine, according to SecurityWeek and The Hacker News. The flaw shipped by default in essentially every mainstream distribution since 2011 and needs no special permissions or network access. Nebula’s exploit escapes containers and was 97 percent reliable in testing. It earned a $92,337 payout through Google’s kernelCTF program. It was fixed in April, but patch availability is uneven; Ubuntu, as of early July, still listed 24.04, 22.04, and 20.04 LTS as vulnerable or in progress, so defenders should confirm the fixed package rather than assume one is waiting.
据 SecurityWeek 和 The Hacker News 报道,Nebula Security 发布了 GhostLock (CVE-2026-43499) 的漏洞利用代码。这是一个存在于 Linux 内核中长达 15 年的“释放后使用”(use-after-free)漏洞,允许任何已登录用户在未打补丁的机器上获取 root 权限。该漏洞自 2011 年以来默认存在于几乎所有主流发行版中,且无需特殊权限或网络访问。Nebula 的漏洞利用程序可以逃逸容器,在测试中可靠性高达 97%。该发现通过 Google 的 kernelCTF 项目获得了 92,337 美元的奖金。该漏洞已于 4 月修复,但补丁的可用性参差不齐;截至 7 月初,Ubuntu 仍将 24.04、22.04 和 20.04 LTS 列为易受攻击或正在修复中,因此防御者应确认已安装修复后的软件包,而不是假设补丁已经就绪。
Notably, Nebula found the bug with VEGA, its AI-driven bug-hunting tool, part of a 2026 run of Linux privilege-escalation flaws surfaced by automated tools combing old kernel code few had reread in years.
值得注意的是,Nebula 是利用其人工智能驱动的漏洞挖掘工具 VEGA 发现该漏洞的。这是 2026 年一系列 Linux 提权漏洞中的一部分,这些漏洞都是由自动化工具在梳理多年来鲜有人问津的旧内核代码时发现的。
Flock Cameras Sent 4 Cops After a Reporter
Flock 摄像头因误报引来四辆警车围堵一名记者
Writing in The Drive, reporter Joel Feder describes being boxed in by four Plymouth, Minnesota, police cars in a Kohl’s parking lot in late June—officers shouting, hands on their guns—because Flock’s license plate cameras had flagged the $155,000 Range Rover he was testing, loaned from a New Jersey dealership, as stolen. Feder writes that police had been tracking the SUV around town for days … because of a typo.
记者 Joel Feder 在《The Drive》上撰文描述了 6 月下旬他在明尼苏达州普利茅斯市一家 Kohl’s 停车场被四辆警车围堵的经历——警察大声呼喝,手按枪套——原因仅仅是 Flock 的车牌识别摄像头将他正在测试的一辆价值 15.5 万美元的路虎揽胜(由新泽西州一家经销商借出)标记为被盗车辆。Feder 写道,警方已经在城里追踪这辆 SUV 好几天了……而这一切仅仅是因为一个拼写错误。
The cause traced back to a data-entry error 2,000 miles away: a Jaguar Land Rover fleet plate reading 34 03 DTM had been reported to Los Angeles police as lost, but it was entered into the system as just “34 DTM”—dropping the smaller middle digits that New Jersey uses on manufacturer plates. Flock’s cameras read the large characters, ignored the nonstandard structure, and started alerting police to any matching car. Feder reports that four other Land Rovers sharing the same license plate format were being tracked around Minnesota that same week; he was just the first他是第一个被拦下的。
起因可以追溯到 2000 英里外的一次数据录入错误:一块车牌号为“34 03 DTM”的捷豹路虎车队车牌被向洛杉矶警方报告丢失,但在录入系统时被误输为“34 DTM”,漏掉了新泽西州制造商车牌中较小的中间数字。Flock 的摄像头读取了较大的字符,忽略了非标准结构,并开始向警方发出针对任何匹配车辆的警报。Feder 报告称,同一周内,明尼苏达州还有另外四辆使用相同车牌格式的路虎被追踪;他只是第一个被拦下的。
The plate that kicked off all this police activity turned out not to have been stolen at all, just misplaced during a photo shoot. Ironically, the incident came barely two weeks after The Drive published a viral report on exactly this kind of Flock overreach.
引发这一系列警察行动的车牌最终被证实根本没有被盗,只是在一次拍摄活动中被弄丢了。讽刺的是,这起事件发生时,距离《The Drive》发布关于此类 Flock 系统过度执法的病毒式报道仅过去了两周。
ICE’s Cyber Contractor Gets Breached
ICE 的网络承包商遭遇数据泄露
Consulting giant Accenture has confirmed a security breach after a threat actor going by “888” claimed to have lifted 35 GB of data—source code, RSA and SSH keys, Azure access tokens, and configuration files—and put it up for sale on a cybercrime forum, according to BleepingComputer. Accenture called it an “isolated matter,” said it had remediated the source, and reported no impact to operations but declined at the time to comment on what was actually taken or how the attackers got in.
据 BleepingComputer 报道,咨询巨头埃森哲(Accenture)确认发生了一起安全漏洞事件。此前,一名自称“888”的威胁行为者声称窃取了 35 GB 的数据(包括源代码、RSA 和 SSH 密钥、Azure 访问令牌以及配置文件),并在一个网络犯罪论坛上进行兜售。埃森哲称这是一个“孤立事件”,表示已修复漏洞源头,并报告称对运营没有影响,但当时拒绝评论具体被窃取了什么数据或攻击者是如何入侵的。
The timing of the breach is particularly awkward: Accenture’s federal arm has held ICE’s Cyber Defense and Intelligence Support Services contract—24/7 threat monitoring, intrusion detection, and incident response across the agency’s networks—since September 2021, a roughly $56.5 million task order that expires at the end of August and is currently being recompeted.
此次泄露的时间点尤为尴尬:埃森哲的联邦部门自 2021 年 9 月以来一直持有美国移民及海关执法局(ICE)的网络防御和情报支持服务合同,负责该机构网络的全天候威胁监控、入侵检测和事件响应。这份价值约 5650 万美元的任务订单将于 8 月底到期,目前正在进行重新竞标。
The Pentagon Wants to Train an Army of Amateur Hackers—but Not for a Living Wage
五角大楼想训练一支业余黑客大军,但提供的薪水难以维持生计
The Pentagon opened applications this week for Cyber RAP, a paid apprenticeship that recruits people with no cyber degree or experience—just the aptitude to learn—into 12-month, full-time gigs learning to guard the department’s networks, according to DefenseScoop. The US military’s CIO, Kirsten Davies, pitched it as ditching “academic gatekeeping” for “raw aptitude, patriotic drive, and hands-on capability.” But the pay is an abysmal $22,584 a year, and those who wash out will owe the government back for the training.
据 DefenseScoop 报道,五角大楼本周开放了“Cyber RAP”项目的申请。这是一个带薪学徒项目,旨在招募没有网络安全学位或经验的人员——只要具备学习能力——进行为期 12 个月的全职工作,学习如何保护国防部的网络。美国军方首席信息官 Kirsten Davies 将其宣传为摒弃“学术门槛”,转而看重“原始天赋、爱国动力和实践能力”。但该项目的薪水极低,每年仅为 22,584 美元,且中途退出者还需向政府偿还培训费用。