Connect with us

News

US government warns of severe CopyFail bug affecting major versions of Linux

info

Published

on

Lukas NLSXFjl nhc unsplash.jpg

A severe security vulnerability affecting almost every version of the Linux operating system has caught defenders off-guard and scrambling to patch after security researchers publicly released exploit code that allows attackers to take complete control of vulnerable systems.

The U.S. government says the bug, dubbed “CopyFail,” is now being exploited in the wild, meaning it’s being actively used in malicious hacking campaigns.

The bug, officially tracked as CVE-2026-31431 and discovered in Linux kernel versions 7.0 and earlier, was disclosed to the Linux kernel security team in late March, and patched after about a week. But the patches have yet to fully trickle down to the many Linux distributions that rely on the vulnerable kernel, leaving any system running an affected Linux version at risk of compromise.

Linux is widely used in enterprise settings, running the computers that operate much of the world’s datacenters. 

The CopyFail website says that the same short Python script “roots every Linux distribution shipped since 2017.”  According to security firm Theori, which discovered CopyFail, the vulnerability was verified in several widely used versions of Linux including Red Hat Enterprise Linux 10.1, Ubuntu 24.04 (LTS), Amazon Linux 2023, as well as SUSE 16. 

Devops engineer and developer Jorijn Schrijvershof wrote in a blog post that the exploit works on Debian and Fedora versions, as well as Kubernetes, which relies on the Linux kernel. Schrijvershof described the bug as having an “unusually big blast radius” as it works on “nearly every modern distribution” of Linux.

The bug is called CopyFail because the affected component in the Linux kernel, the core of the operating system that has virtually complete access to the entire device, does not copy certain data when it should. This corrupts sensitive data within the kernel, allowing the attacker to piggyback the kernel’s access to the rest of the system, including its data.

If exploited, the bug is particularly problematic because it allows a regular, limited-access user to gain full-administrator access on an affected Linux system. A successful compromise of a server in a datacenter could allow an attacker to gain access to every application, server, and database of numerous corporate customers, and potentially gain access to other systems on the same network or datacenter.

The CopyFail bug cannot be exploited over the internet on its own, but can be weaponized if used in conjunction with an exploit that works over the internet. Per Microsoft, if the CopyFail bug is chained together with another vulnerability that can be delivered over the internet, an attacker could use the flaw to gain root access to an affected server. A user operating a Linux computer with a vulnerable kernel could also be tricked into opening a malicious link or attachment that triggers the vulnerability.

The bug could also be injected by way of supply chain attacks, in which malicious actors hack into an open source developer’s account and plant the malware in their code in order to compromise a large number of devices in one go.

Given the risk to the federal enterprise network, U.S. cybersecurity agency CISA has ordered all civilian federal agencies to patch any affected systems by May 15.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Alake warns mining firms over host community agreements, threatens licence revocation

info

Published

on

By

IMG 20260704 WA0057.jpg

MTN ADVERT

The Minister of Solid Minerals Development, Dele Alake, has warned mining companies operating in Nigeria that failure to comply with their Community Development Agreements (CDAs) could lead to sanctions, including the revocation of their licences.

Mr Alake gave the warning on Saturday during the ministry’s 2026 Ministerial Retreat in Abuja.

He said although the government has made significant progress in reforming the solid minerals sector, greater emphasis would now be placed on accountability and ensuring that host communities benefit from mining activities.

“Our reforms have restored confidence, attracted serious investors and made the sector a key part of Nigeria’s economic diversification. Now, our focus is on accountability,” he stated.

The minister stressed that companies must honour the agreements reached with their host communities.

PT WHATSAPP CHANNEL

“Mining companies that fail to honour their Community Development Agreements will face sanctions, including the revocation of their licences,” he said.

He added that, “Host communities deserve to benefit from the resources in their land, and there will be consequences for those who ignore that responsibility.”

Community Development Agreements are legally required arrangements between mining companies and host communities, outlining commitments on social amenities, employment, infrastructure and other development projects.

READ ALSO: Alake calls for united African front to capture greater value from global mineral economy

Illegal mining

Mr Alake also reaffirmed the Federal Government’s commitment to tackling illegal mining across the country.

According to him, the ministry will strengthen the operations of the Mining Marshals while adopting practical and innovative measures to improve security in the sector.

“I also reaffirmed our commitment to ending illegal mining by strengthening the Mining Marshals and embracing practical, innovative ideas that will make the sector more secure and more beneficial to all Nigerians,” he said.

The minister said the government’s ongoing reforms are aimed at building a more transparent, secure and investment-friendly mining sector capable of contributing more significantly to Nigeria’s economic diversification.


Continue Reading

News

New Google commercial imagines a Declaration of Independence written with help from AI

info

Published

on

By

Google declaration of independence.jpg

Two hundred and fifty years after the signing of the Declaration of Independence, a new commercial from Google asks: What if the Founding Fathers had access to Google Workspace?

With the tagline “Group project, but make it 1776,” the ad depicts a largely unseen Thomas Jefferson mid-draft when he gets a nagging text from Ben Franklin, leading to a very Google-centric collaboration process. Edits are suggested in Google Docs, a meeting gets scheduled in Google Calendar and conducted remotely via Google Meet (with every single attendee apparently turning their camera off?), then the whole thing is finalized with e-signatures; cue the fireworks.

Of course, since this is an ad from a tech company in the year 2026, AI has a role to play. The fictionalized founders use Google’s “help me visualize” AI tool to try out different animals on the national seal, Gemini takes notes on the meeting, and the founders also ask the chatbot for advice before declining King George III’s document access request.

The whole thing is very tongue-in-cheek (at one point, Sam Adams asks, “Can we settle this over beers?”), and the AI evangelism is relatively discreet when compared to many other recent ads. And unlike that infamous Google commercial in which a father uses Gemini to write a fan letter for his daughter, this one shies away from any suggestion that the actual text of the Declaration of Independence would be improved with AI. Perhaps the most AI-forward element of the ad is the footage itself, which to my eye has the uncanny glow of AI-generated video.

While viewer comments on YouTube and Instagram appear to be mostly positive, you may not be surprised to learn that the response on Bluesky has been far more critical. Posters declared the commercial “cringey” and “stunningly tone deaf,” and the AI angle was the biggest target — even as many users, including historian Angus Johnston, noted that it’s “amazing how little of this is actually AI.”

“Even in a corny fantasy joke, it’s impossible to make the case that AI is a useful tool for political organizing, writing, or human collaboration,” Johnston said.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

Continue Reading

Trending