[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdKb-6T4njTvIIRWLRcaDcQlpBcno6w7A_c3p07-IrrA":3},{"article":4,"iocs":43},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":27,"category":28,"article_tags":32},"708f0c71-e5fe-4aa1-8ab7-70135743eb66","Active attack: Dirty Frag Linux vulnerability expands post-compromise risk","active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk-50905a","Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability enables reliable escalation from an unprivileged user to root and may be leveraged after initial compromise through SSH access, web shells, containers, or low-privileged accounts. Microsoft Defender is actively monitoring related activity and provides detection coverage for exploitation attempts. The post Active attack: Dirty Frag Linux vulnerability expands post-compromise risk appeared first on Microsoft Security Blog.","Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking components (esp4, esp6, rxrpc) that enables reliable escalation from unprivileged users to root access. The vulnerability is actively being exploited post-compromise via SSH access, web shells, containers, or low-privileged accounts. Microsoft Defender is actively monitoring exploitation attempts and providing detection coverage.","Dirty Frag Linux kernel vulnerability enables reliable privilege escalation from unprivileged user to root.","May 20 6 min read Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing your email, retrieving records from your CRM, writing and executing code, and taking actions on your behalf across dozens of connected systems.","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F05\u002F08\u002Factive-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk\u002F","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002FMS_Actional-Insights_Rapid-response.jpg","2026-05-08T17:12:46+00:00","2026-05-08T20:00:24.622626+00:00",9,[18,21,24],{"name":19,"type":20},"Microsoft","vendor",{"name":22,"type":23},"Microsoft Defender","product",{"name":25,"type":26},"Linux kernel","technology","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":27,"icon":29,"name":30,"slug":31},null,"Vulnerabilities","vulnerabilities",[33,38],{"category":34},{"id":35,"icon":29,"name":36,"slug":37},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":39},{"id":40,"icon":29,"name":41,"slug":42},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",[44],{"type":42,"value":45,"context":46},"Dirty Frag","Linux kernel local privilege escalation vulnerability affecting esp4, esp6, and rxrpc components"]