AI Found a 15-Year-Old Linux Root Bug: GhostLock (CVE-2026-43499). Nebula Security's AI tool VEGA discovered a use-after-free flaw in the Linux kernel that has existed since 2011, allowing any logged-in user to escalate to root and escape containers. The bug was fixed in April but patch availability remains inconsistent across distributions, and a working exploit was demonstrated to earn a $92,337 bounty via Google's kernelCTF program. Learn more
Progress ShareFile Emergency Shutdown: Credible Threat, No Patch. Progress Software took the unusual step of instructing on-premises Storage Zone Controller customers to shut down Windows servers entirely rather than issue a patch, citing a credible external security threat. The company temporarily disabled account access while investigating, and the shutdown-not-patch response suggests either an unresolvable vulnerability or active exploitation in progress.
Palo Alto Networks Patches 13 PAN-OS Vulnerabilities Including Critical Buffer Overflows. Palo Alto released advisories covering 13 flaws in PAN-OS, led by CVE-2026-0288, which involves multiple buffer overflows enabling denial-of-service or arbitrary code execution on firewalls. Additional issues include command injection, authentication bypass, and MitM attack vectors. No active exploitation was confirmed at time of disclosure. Learn more
Six U-Boot Bootloader Flaws Enable Stealthy Pre-OS Code Execution. Binarly researchers identified six vulnerabilities in the widely deployed U-Boot open-source bootloader, four causing device crashes and two enabling arbitrary code execution before the operating system loads. The flaws exist in FIT signature verification code, have been present since U-Boot 2013.07, and affect routers, servers, and embedded Linux devices across numerous vendor firmwares.
Key Takeaway
Prioritize kernel and firmware patch cadence this week: verify GhostLock patch status across all Linux hosts and containers, confirm U-Boot firmware versions on embedded and network devices, and treat the ShareFile shutdown order as a signal to audit any remaining on-premises ShareFile deployments immediately.
