'CopyFail' Attackers Start Cashing in on Linux Flaw
Security researchers say exploit code is being used in the wild, and the flaw can give limited users full root access on affected systems.
- On Friday, the Cybersecurity and Infrastructure Security Agency added CVE-2026-31431 to its known exploited vulnerabilities catalog, ordering all civilian federal agencies to patch affected systems by May 15.
- Dubbed CopyFail, the high-severity vulnerability was discovered by Theori using its Xint platform in Linux kernel versions 7.0 and earlier, affecting nearly every mainstream Linux kernel built since 2017.
- While attackers actively exploit the flaw in the wild, Caitlin Condon, vice president of security research at VulnCheck, criticized the disclosure for relying on AI-generated content, calling it "AI slop" that "detracts from technical reality."
- Developer Jorijn Schrijvershof described the bug as having an "unusually big blast radius" affecting Debian, Fedora, and Kubernetes, potentially allowing attackers to access every application and database within a datacenter.
- Hundreds of additional proof-of-concept exploits have surfaced since the vulnerability was disclosed five days ago; organizations should exercise caution when running untested research artifacts, including AI-generated exploit code.
16 Articles
16 Articles
TechCrunch
US government warns of severe CopyFail bug affecting major versions of Linux
U.S. cybersecurity agency CISA says the CopyFail bug is being actively used in hacking campaigns, and poses a major risk to servers and data centers that rely on Linux.
'Copy Fail' is a real Linux security crisis wrapped in AI slop
Attackers are actively exploiting a Linux vulnerability in the wild, and researchers warn that the fallout could be broad — anyone with authenticated local access can leverage it to gain total control of a system. But the story behind CVE-2026-31431 is almost as interesting as the bug itself. Theori, the company that discovered the bug, leaned heavily on AI to find and initially disclose it. The result is a case study that underscores the chal…
Attackers are cashing in on fresh 'CopyFail' Linux flaw
Researchers dropped a reliable root exploit and it didn’t sit idle for long CISA is warning that a newly-disclosed Linux kernel bug dubbed “CopyFail” is already being exploited, just days after researchers dropped a working root-level exploit.… This article has been indexed from The Register – Security Read the original article: Attackers are cashing in on fresh ‘CopyFail’ Linux flaw The post Attackers are cashing in on fresh ‘CopyFail’ Linux …
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
