CISO Daily Digest: Fragnesia Linux LPE & 18-Year-Old Nginx Vulnerability (20260514)
Fragnesia Linux kernel LPE grants root access; 18-year-old Nginx rewrite module flaw enables unauthenticated RCE; Exim critical vulnerability patched.
May 14 brought attention to several long-dormant vulnerabilities coming to light. The Fragnesia Linux kernel vulnerability grants root access through page cache corruption, joining a growing list of Linux LPEs discovered in May. An 18-year-old Nginx rewrite module flaw (CVE-2026-42945) was disclosed by F5, enabling unauthenticated remote code execution. Microsoft revealed its MDASH multi-model agentic AI security system, which had already found 16 Windows vulnerabilities.
Active Threats This Week
📌 Fragnesia Linux Kernel LPE Grants Root via Page Cache Corruption
A new Linux kernel local privilege escalation vulnerability named Fragnesia allows attackers to gain root access by corrupting the page cache. It is the third significant Linux LPE disclosed within two weeks.
🔗 Reference: The Hacker News | Xakep
📌 18-Year-Old Nginx Rewrite Module Flaw Enables Unauthenticated RCE
F5 disclosed CVE-2026-42945, a critical vulnerability in the Nginx rewrite module that has existed for 18 years. The flaw allows unauthenticated remote code execution and affects a significant portion of web servers worldwide.
🔗 Reference: The Hacker News | iThome
📌 Exim Critical Vulnerability in GnuTLS Environments
A critical vulnerability was disclosed in the Exim mail transfer agent affecting environments using the GnuTLS library. The flaw could allow arbitrary code execution on affected mail servers.
🔗 Reference: iThome
📌 Windows BitLocker and CTFMON Zero-Days Exposed
Two Windows zero-day vulnerabilities named YellowKey and GreenPlasma were disclosed, affecting BitLocker encryption bypass and CTFMON privilege escalation respectively. Microsoft is investigating both.
🔗 Reference: The Hacker News
📌 Mistral AI’s PyPI Package Hit by Supply Chain Attack
Mistral AI confirmed that its PyPI package was compromised in a supply chain attack, part of the broader Mini Shai-Hulud campaign targeting the Python package ecosystem.
🔗 Reference: iThome
📌 Iranian MuddyWater APT Attacks Korean Manufacturers
The Iran-linked MuddyWater APT group was observed attacking Korean electronics manufacturers, using SentinelOne components for DLL sideloading to evade detection.
🔗 Reference: iThome
📌 RubyGems Registration Suspended Due to Mass Data-Drop Attack
The RubyGems package registry temporarily suspended new user registrations after attackers weaponized the platform for data dead drops, uploading tens of thousands of malicious packages.
🔗 Reference: Dark Reading | Xakep
📌 71% of Organizations Experienced Identity-Based Attacks
A Sophos study revealed that 71% of organizations experienced at least one identity-based attack in the past year, with compromised credentials being the primary entry vector for ransomware.
🔗 Reference: iThome
This digest is auto-generated from curated cybersecurity news sources.