DirtyDecrypt (CVE-2026-31635) and ssh-keysign-pwn (CVE-2026-46333): Sorting Out May's Linux LPE Pair
DirtyDecrypt (CVE-2026-31635) is a page-cache write primitive in the Linux kernel's rxgk subsystem affecting distros with CONFIG_RXGK enabled. Published alongside ssh-keysign-pwn (CVE-2026-46333), the pair add to a remarkable month for Linux kernel privilege escalation disclosures.
read article
NGINX Rift (CVE-2026-42945) is an 18-year-old heap buffer overflow in the NGINX rewrite module with a CVSS score of 9.2. A public PoC is available and active exploitation was confirmed within three days of disclosure. Patch now, or reconfigure affected rewrite directives immediately.
A public proof-of-concept for BitUnlocker, a downgrade attack rooted in CVE-2025-48804, can defeat BitLocker on fully patched Windows 11 machines in under five minutes — because the patch alone was never enough.
Three Linux kernel local privilege escalation vulnerabilities in three weeks! Fragnesia (CVE-2026-46300) is a separate bug from Dirty Frag, but it shares the same mitigation, so if you already applied it then you are already covered until patches arrive.
A working proof-of-concept for a BitLocker bypass, called YellowKey, affecting Windows 11 and Windows Server 2022/2025 was published publicly this week with no patch available.
A second major Linux privilege escalation vulnerability was disclosed this week, days after Copy Fail, with a working public exploit already circulating. Here's what Dirty Frag means for your organization, in plain terms.
A critical memory corruption flaw in Apache HTTP Server's HTTP/2 implementation allows remote attackers to crash or fully compromise any server running version 2.4.66.
A newly disclosed Linux vulnerability lets any local user become root in under a second — no hacking experience required. Here's what that means for your organization, in plain terms.
Introducing the updated CrowdSOC blog — where we share threat intelligence insights, security operations best practices, and platform updates for the organizations we protect.
Ransomware groups have refined their targeting strategy. Smaller organizations with thinner security coverage and higher urgency to restore operations are increasingly in scope. Here is what the data shows and what you can do about it.
The updated Cybersecurity Framework brings new governance functions and an expanded scope. We break down the practical implications for county and municipal IT teams who need to do more with less.
Comprehensive security feels overwhelming when you're short on budget and staff. The data is clear that focused foundational controls provide outsized protection. Start here.
The decisions made in the first few hours of an incident have an outsized impact on outcome. A practical, step-by-step guide for non-security teams facing a possible breach.
Understanding the business model behind modern ransomware groups helps organizations understand how they think about targeting — and how to make themselves a less attractive target.
Free tools, federal programs, and prioritization strategies for county and local government IT teams working to improve security posture without meaningful budget increases.
Insurance questionnaires are becoming de facto security frameworks for small businesses. Understanding what's really being asked — and what a policy will and won't cover — matters.