New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available

Laura FrenchMay 15, 2026

Fragnesia is at least the fourth privilege escalation flaw affecting Linux systems disclosed in the last three weeks.

RESOURCES

Managed Security Services
The CISO shortage: Finding leadership without a leader
Exposure management
Fighting fire with fire: Defending against Mythos-powered cyberattacks
SOC
The human factor: Why AI-powered SOCs still need people in charge
Email security
Beyond the inbox: Why your domain and social media are the next front lines
AI/ML
Securing every door: Scalable strategies to manage machine and AI agent risks

PODCASTS

Breach
You’re not going to patch your way out of this – PSW #926
Leadership
Optimize Legal Operations as the CISO Role Changes to Address Skills Gaps and AI – Walter Scott Wilkens – BSW #447
Vulnerability Management
Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland… – SWN #580
Application security
Why Basic Security Practices Still Work – Rob Allen – ASW #382
IAM Technologies
IAM for MSSPs: The Hidden Risk of Blind Trust – Dustin Sachs – CSP #224

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

(Credit: Andrii Lysenko – stock.adobe.com)

OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery

Laura FrenchMay 14, 2026

The program aims to leverage GPT models and Codex Security to improve software resilience.

US Capitol Building with 3 Flags Flying

House calls on Instructure to brief Congress on Canvas hack

Steve ZurierMay 13, 2026

ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.

(Credit: theartofpics – stock.adobe.com)

Vulnerability Management

Patch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEs

Laura FrenchMay 12, 2026

The May 2026 Microsoft security update included no zero days for the first time since June 2024.

(Adobe Stock)

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

Steve ZurierMay 12, 2026

Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.

Google reports first known AI-assisted zero-day exploit in the wild

Laura FrenchMay 12, 2026

Attackers used AI to create an exploit script for a 2FA bypass flaw in an open-source project.

(Credit: Robert – stock.adobe.com)

SailPoint GitHub repo hit by third-party cyberattack

Steve ZurierMay 11, 2026

SailPoint says GitHub repo breach exposed no customer data or production systems.

Vibe coding has cybersecurity asking what AI can — and can’t — replace

Laura FrenchMay 11, 2026

Cyber pros balance hype, skepticism and uncertainty as AI coding disrupts industry norms.

Vulnerability Management

Federal agencies ordered to patch Ivanti EPMM zero-day in 3 days

Laura FrenchMay 8, 2026

The actively exploited flaw enables remote admin users to execute arbitrary code.

EVENTS