Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.ar.al/users/aral/statuses/116498065676191710">Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 01-May-2026 16:13:26 JST</a><a href="https://mastodon.ar.al/@aral" title="aral@mastodon.ar.al"><img src="https://gnusocial.jp/avatar/4627-48-20250906071718.webp" width="48" height="48" alt="Aral Balkan" style="position: absolute; left: 0; top: 0;">Aral Balkan</a></section><article><p>RE: <a href="https://infosec.exchange/@patrickcmiller/116497719012673276" rel="nofollow">https://infosec.exchange/@patrickcmiller/116497719012673276</a></p><p>“The realistic threat chain looks like this. An attacker exploits a known WordPress plugin vulnerability and gets shell access as www-data. They run the copy.fail PoC. They are now root on the host. Every other tenant is suddenly reachable, in the way I walked through in this hack post-mortem. The vulnerability does not get the attacker onto the box; it changes what happens in the next ten seconds after they land there.”</p><p><a href="https://mastodon.ar.al/tags/CopyFail" rel="tag">#CopyFail</a> <a href="https://mastodon.ar.al/tags/linux" rel="tag">#linux</a> <a href="https://mastodon.ar.al/tags/exploit" rel="tag">#exploit</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/6365274#notice-12534775">In conversation</a><time datetime="2026-05-01T16:13:26+09:00" title="Friday, 01-May-2026 16:13:26 JST">about 10 hours ago</time> <span>from <span><a href="https://mastodon.ar.al/@aral/116498065676191710" rel="external" title="Sent from mastodon.ar.al via ActivityPub">mastodon.ar.al</a></span></span><a href="https://mastodon.ar.al/@aral/116498065676191710">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://infosec.exchange/@patrickcmiller/116497719012673276">Patrick C Miller :donor: (@patrickcmiller@infosec.exchange)</a></h5><div> from <span>Patrick C Miller :donor:</span></div></header><div>The most severe Linux threat to surface in years catches the world flat-footed https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 01-May-2026 16:13:26 JST Aral Balkan
RE: https://infosec.exchange/@patrickcmiller/116497719012673276
“The realistic threat chain looks like this. An attacker exploits a known WordPress plugin vulnerability and gets shell access as www-data. They run the copy.fail PoC. They are now root on the host. Every other tenant is suddenly reachable, in the way I walked through in this hack post-mortem. The vulnerability does not get the attacker onto the box; it changes what happens in the next ten seconds after they land there.”
#CopyFail #linux #exploit
In conversationabout 10 hours ago from mastodon.ar.alpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Patrick C Miller :donor: (@patrickcmiller@infosec.exchange)
  from Patrick C Miller :donor:
  The most severe Linux threat to surface in years catches the world flat-footed https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/

Public

Embed Notice

HTML Code

Corresponding Notice