❌

Reading view

↗️

Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

βœ‡Ars Technica - All content
By: Dan Goodin

Microsoft on Tuesday released fixes for two high-severity zero-days that were disclosed by a researcher who has been locked in a testy beef with the software giant.

Nightmare Eclipse, the pseudonym the researcher goes by, released a handful of high-severity vulnerabilities in recent months, making them zero-days that had the potential to be exploited in the wild. The researcher has said the disclosures, which included proof-of-concept code, came after Microsoft reneged on an arrangement the two made regarding vulnerabilities they had discussed.

Disclosure drama

β€œBut someone violated our agreement and left me homeless with nothing,” Nightmare Eclipse wrote in March. β€œThey knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.”

Read full article

Comments

Β© Getty Images

  •  
  • ↗️
↗️

High-severity vulnerability in Linux caused by a single faulty character

βœ‡Ars Technica - All content
By: Dan Goodin

Researchers have analyzed a high-severity vulnerability in Linux that’s able to escalate untrusted users to root by exploiting a bug you don't often see: a single errant character inside the kernel.

The vulnerability, tracked as CVE-2026-23111, is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It’s used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables.

!!!WTF!!!

The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven’t been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root.

Read full article

Comments

Β© Getty Images

  •  
  • ↗️
❌