只需732位元組即可提權，Linux生態全線告急

2026年4月29日，國際安全研究團隊Theori的研究員Taeyang Lee正式公開了代號為Copy Fail的Linux內核高危險漏洞，官方編號CVE-2026-31431。這項漏洞在Linux核心中潛伏近9年，影響2017年至今幾乎所有主流Linux發行版，攻擊者僅需取得本地普通用戶權限，運行一段732位元組的Python腳本，即可穩定取得系統最高root權限，甚至實現容器逃逸，直接突破Kubernetes集群的隔離邊界。

相較於歷史上名震一時的Dirty Cow、Dirty Pipe等內核提權漏洞，Copy Fail的利用門檻更低、穩定性更強、隱蔽性更高，堪稱近年來Linux生態最具威脅的本地提權漏洞之一。

Linux 向左走向右走末日 Ubuntu 個網都比人hack左

Linux個漏洞修復好啦
Windows搞掂個Windows Defender個提權零日漏洞未？

Windows Defender零日漏洞被用作入侵Windows （12/4/2026 19:26）
https://forum.hkgolden.com/thread/8041645

https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/

今日仲未搞掂
20260430 article
https://www.eweek.com/news/microsoft-defender-flaws-exploited-windows-10-11/



BlueHammer (提權)
RedSun (提權)
UnDefend (block windows defender update)

三個零日漏洞，淨係patch咗BlueHammer
其餘兩個拖到五月無聲無氣
搞乜
M$真係唔當佢啲用家係人

https://www.huntress.com/blog/nightmare-eclipse-intrusion

TL;DR: Huntress has observed the use of Nightmare-Eclipse tooling, including BlueHammer, RedSun, and UnDefend, during a real-world intrusion investigation. In the clearest case, the activity included suspicious binaries staged in user-writable directories, hands-on-keyboard reconnaissance, likely compromised FortiGate SSL VPN access, and follow-on tunneling behavior. Organizations should review VPN logs, investigate the artifacts and paths below, and treat any confirmed execution as high-priority incident activity.

The activity also appeared to be part of a broader intrusion rather than isolated proof-of-concept (PoC) testing. Huntress identified suspicious FortiGate SSL VPN access tied to the compromised environment, including a source IP geolocated to Russia, with additional suspicious infrastructure observed in other regions. Those findings are covered in more detail below.

俄佬已經用緊呢個exploit

Linux個漏洞修復好啦
Windows搞掂個Windows Defender個提權零日漏洞未？

Windows Defender零日漏洞被用作入侵Windows （12/4/2026 19:26）
https://forum.hkgolden.com/thread/8041645

https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/

今日仲未搞掂
20260430 article
https://www.eweek.com/news/microsoft-defender-flaws-exploited-windows-10-11/



BlueHammer (提權)
RedSun (提權)
UnDefend (block windows defender update)

三個零日漏洞，淨係patch咗BlueHammer
其餘兩個拖到五月無聲無氣
搞乜
M$真係唔當佢啲用家係人

Sorry I use mac

Linux個漏洞修復好啦
Windows搞掂個Windows Defender個提權零日漏洞未？

Windows Defender零日漏洞被用作入侵Windows （12/4/2026 19:26）
https://forum.hkgolden.com/thread/8041645

https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/

今日仲未搞掂
20260430 article
https://www.eweek.com/news/microsoft-defender-flaws-exploited-windows-10-11/



BlueHammer (提權)
RedSun (提權)
UnDefend (block windows defender update)

三個零日漏洞，淨係patch咗BlueHammer
其餘兩個拖到五月無聲無氣
搞乜
M$真係唔當佢啲用家係人

Sorry I use mac

mac唔係冇耐之前先fix左個影響成20年既咩