EXECUTIVE SUMMARY
This article is to inform our partners and clients on the various happenings within the cybersecurity space. That includes items such as relevant breaches, emerging vulnerabilities, research, threat actor movement, and what you need to do as an organization to mitigate a future threat.
KEY TAKEAWAYS
- Two new Linux local privilege escalation flaws, Dirty Frag and Fragenesia, have been disclosed and may already be under active exploitation.
- The Shai-Hulud campaign has compromised additional AI-related packages and released its source code publicly in a move framed as a “competition.”
- A second phase of the Nightmare Eclipse research has revealed two new Windows local privilege escalation zero-days.
- Cisco has warned that a newly discovered critical SD-WAN vulnerability is being exploited as a zero-day in active attacks.
- A vulnerability in nginx can lead to remote code execution under certain non-standard configurations.
- A new Linux Flaw SSH-Pwn-Key allows unprivileged users to read files owned by root.
1. Dirty Frag and Fragenesia Linux LPE Vulnerabilities Disclosed, Potentially Exploited in the Wild
SUMMARY
New Linux local privilege escalation bugs "Dirty Frag" and “Fragnesia” have been disclosed publicly. The two vulnerabilities are similar in nature and were disclosed roughly a week apart. If successfully exploited, they could allow an attacker to gain root level access.
Category
Zero-day
Industry
Multiple (Especially cloud heavy environments)
Sources
https://www.phoronix.com/news/Dirty-Frag-Linux
https://www.phoronix.com/news/Linux-Fragnesia
https://www.openwall.com/lists/oss-security/2026/05/13/3
https://www.openwall.com/lists/oss-security/2026/05/14/2
https://www.openwall.com/lists/oss-security/2026/05/07/8
https://www.securityweek.com/new-dirty-frag-linux-vulnerability-possibly-exploited-in-attacks/
https://access.redhat.com/solutions/7142250
ANALYST COMMENTS
Recent Linux local privilege escalation (LPE) vulnerabilities “Dirty Frag” and “Fragnesia” represent two related threats affecting major Linux distributions. Both exploits target logic flaws within the kernel’s ESP/XFRM code paths, specifically within the esp4, esp6, and rxrpc modules, and may allow a local user to escalate privileges to root. Dirty Frag, which follows the recently disclosed “Copy Fail” vulnerability, abuses decryption fast path handling to enable arbitrary writes into the kernel page cache of read only files.
Similarly, Fragnesia, announced by V12 Security, allows for arbitrary byte writes via a logic bug in the same codebase. A proposed two line patch for skbuff.c, the affected component, has been released publicly, however the fix has not yet been integrated into mainline Linux kernels.
In addition to publicly available PoC code for both vulnerabilities, there are indicators suggesting possible exploitation in the wild. Given the public availability of exploit code, exploitation activity is assessed to be highly likely. This assessment is further corroborated by reports of samples uploaded to major malware sandboxes that exhibit characteristics associated with these vulnerabilities. Attribution to any one specific threat actor is unlikely at this stage, as the public availability of the exploit code likely enables multiple threat actors and groups to incorporate the techniques into their operations.
The remediation guidance for both vulnerabilities is the same and should be applied consistently across affected systems. Environments with significant Linux or cloud deployments are likely at the highest risk, with internet exposed cloud hosts and critical systems prioritized first due to their increased exposure and potential impact.
ACTIONABLE GUIDANCE
Depending on Linux distribution a patch may be available, additional guidance for your version of Linux may be available via the distributions official website. Many mainline Linux distributions such as Red Hat, Amazon Linux, Ubuntu, Fedora, and Alma Linux have released or are expected to release distribution specific guidance and updates.
2. Shai-Hulud Compromises More AI Packages and Open-Sources Its Code for a “Competition”
SUMMARY
A coordinated software supply chain attack, dubbed Mini Shai-Hulud, compromised over 170 packages across high-profile npm and PyPI projects. The campaign leveraged provenance attestation (a cryptographically signed claim that establishes a verifiable "paper trail" for a software artifact) to distribute malware that targets sensitive developer information, orchestrated by the hacking group TeamPCP. Additionally, the group has also open-sourced Shai-Hulud, coinciding with a supply-chain “competition” amongst threat actors.
Category
Supply Chain Risk
Industry
Multiple (With focus on CI/CD pipelines, Github repositories, and developer accounts)
Sources
https://www.securityweek.com/tanstack-mistral-ai-uipath-hit-in-fresh-supply-chain-attack/
https://www.theregister.com/security/2026/05/13/malware-crew-teampcp-open-sources-its-shai-hulud-worm-on-github/5239319
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
Internal OSec Research
ANALYST COMMENTS
A coordinated software supply chain attack dubbed "Mini Shai-Hulud," orchestrated by the hacking group TeamPCP, has compromised over 400+ packages across high-profile npm and PyPI projects, including TanStack, UiPath, and Guardrails AI.
As in previous waves, the group utilized a worm that hijacked CI/CD pipelines and exploited security weaknesses like OIDC token extraction to steal sensitive data such as developer credentials, API keys, and cloud secrets from AWS, GCP, Azure, and GitHub. By abusing provenance attestation to make malicious packages indistinguishable from legitimate ones, causing the malware to spread rapidly. The npm variant targeted GitHub Actions to mint publish tokens, while the Python variant focused on stealing credentials and targeting password managers.
In recent developments, TeamPCP has open-sourced their "Shai-Hulud" worm on GitHub under repositories titled "Shai-Hulud: Open Sourcing The Carnage," which have already seen rapid forks and modifications from independent threat actors. Coinciding with the release, the group also announced on underground crime forums that it has partnered with the forum operator to host a supply chain hack competition with $1000 payouts (in XMR) to successful participants.
The reasoning behind the choice to open-source the code is likely to further innovate on the features of the malware including security evasion, or additional targeting features. The forum postings and the requirement of members of the forum to be of a certain member rank indicates they are attempting to attract known operators with established reputation to carry out these attacks. However, this will also obscure attribution to TeamPCP, and make it harder for defenders tracking their campaign.
Given these developments, the open source and package related eco-systems are at an increased risk of compromise and therefore an internal SBOM inventory should be a priority for development teams if one currently does not exist. A testing and vetting period of new packages should also be considered as new processes in order to prevent and mitigate potential credential compromise via malicious packages and libraries.
ACTIONABLE GUIDANCE
Organizations using any of the affected packages should audit their development projects for the presence of the vulnerable versions noted above. Package maintainers should audit their configurations to ensure their automation controls are properly hardened and monitor for unexpected package modifications, including the addition of unknown code, dependencies, or install scripts references. The malware favors injecting code into installation and init scripts that trigger during installation of an affected package. While network indicators should be blocked when discovered, it should not be relied upon as a sole mitigation strategy for reducing risk. Based on analysis of the code, the following can be used for detection of the current version of the malware. However, these indicators may change as multiple threat actors and groups modify or adapt the malware for their own operations.
3. Nightmare-Eclipse Round Two Discloses Two New Windows LPE 0-Days
SUMMARY
The researcher Nightmare-Eclipse has disclosed two more Windows related PoCs. These include ‘YellowKey’ (a bitlocker bypass vulnerability) and ‘GreenPlasma’ (a Windows local privilege escalation vulnerability).
Category
Critical vulnerabilities
Industry
Multiple
Sources
https://deadeclipse666.blogspot.com/2026/05/were-doing-silent-patches-now-huh-also.html
ANALYST COMMENTS
Researcher Nightmare-Eclipse has disclosed two unpatched Windows proof-of-concept exploits, 'YellowKey' and 'GreenPlasma', which remain outside the scope of recent Patch Tuesday updates and lack associated CVE identifiers. YellowKey targets a specific logic flaw in BitLocker's key derivation or storage mechanisms to bypass encryption protections, while GreenPlasma exploits a privilege escalation vector in the CTFMON service. Both are currently confirmed to impact Windows 11 and Server 2022+. Given the public availability of the exploit code, threat actors are expected to attempt to leverage these vulnerabilities for credential theft and system compromise within 24 to 72 hours of disclosure. While the currently released code is not fully weaponized, only minimal modifications would likely be required to make it operational for malicious use.
As of this document, the researcher has released another LPE vulnerability, “MiniPlasma” which is a variation on CVE-2020-17103 potentially due to an incomplete fix of the original vulnerability. This vulnerability is undergoing analysis and will be updated in this item when complete, with additional guidance.
ACTIONABLE GUIDANCE
Until a patch can be provided addressing these vulnerabilities, the following mitigations can be used to reduce the risk of compromise. The current released code for YellowKey is reliant on knowing the PIN or not having a PIN set for TPM. A PIN is not set by default. While the researcher has said a differing variant exists that bypasses the PIN, that has not been released and this is currently the best practice available for reducing risk against this vulnerability. Additional risk mitigation should also include monitoring for non-administrator users upgrading to SYSTEM level privileges or disruptions to security tools such as EDR and AV solutions that may be de-activated when the privileges have been achieved. Disabling USB ports will also help reduce the potential attack surface that YellowKey specifically may take advantage of.
4. Cisco Warns of New Critical SD-WAN Flaw Exploited in Zero-Day Attacks
SUMMARY
Cisco has identified and warned about a critical authentication bypass flaw (CVE-2026-20182) in their Catalyst SD-WAN Controller. Successful exploitation could allow attackers to gain administrative privileges, emphasizing the need for immediate software updates and enhanced security measures.
Category
Known Exploited Vulnerabilities
Industry
Technology, Public Sector and Government Administration
Sources
https://blog.talosintelligence.com/uat-8616-sd-wan/
ANALYST COMMENTS
Cisco has identified a critical vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager, which allows attackers to bypass authentication and gain administrative access. The vulnerability stems from a malfunctioning peering authentication mechanism that could be exploited by sending crafted requests to the system, potentially enabling attackers to manipulate network configurations through NETCONF access.
The vendor is also aware of threat actors actively exploiting this flaw in zero-day attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch affected devices by May 17, 2026, to prevent exploitation of the vulnerability.
Public research detailing the vulnerability is currently available and has likely accelerated exploitation efforts across multiple threat clusters and groups. Data from public honeypots has seen increased traffic overall over the last 24 hours that could be seen as an increase in targeting vulnerable Cisco SD-WAN devices. External reporting indicates exploitation by multiple threat actor groups, as demonstrated by the differing exploitation patterns observed thus far.
ACTIONABLE GUIDANCE
Patches addressing these vulnerabilities have been released and should be prioritized for deployment. These devices are highly targeted by threat actors, especially Chinese attributed groups, including for the purposes of joining ORB networks. Organizations associated with the telecommunications industry are likely at an increased risk, especially from nation-state related actors.
Currently observed Indicators of compromise include suspicious log entries during DTLS authorization challenges and the presence of unknown SSH keys within the vmanage-admin user’s authorized_key folder. Additional mitigations may include implementing network level restrictions for the affected ports and monitoring for connections coming from newly observed and unknown IP addresses.
Vulnerable Release | First Fixed Release |
| Earlier than 20.9* | Migrate to a fixed release |
| 20.9 | 20.9.9.1 |
| 20.10 | 20.12.7.1 |
| 20.11* | 20.12.7.1 |
| 20.12 | 20.12.5.4, 20.12.6.2, 20.12.7.1 |
| 20.13* | 20.15.5.2 |
| 20.14* | 20.15.5.2 |
| 20.15 | 20.15.4.4, 20.15.5.2 |
| 20.16* | 20.18.2.2 |
| 20.18 | 20.18.2.2 |
| 26.1.1 | 26.1.1.1 |
5. nginx Flaw Results in Remote Code Execution, Non-Standard Configuration Required
SUMMARY
A critical 18-year-old buffer overflow flaw named nginx Rift (CVE-2026-42945) was discovered in nginx, affecting numerous versions and products. Successful exploitation can lead to remote code execution or availability degradation. However, exploitation requires a non-standard configuration, which may reduce the overall impact and exposure of the vulnerability.
Category
Critical Vulnerabilities
Industry
Multiple
Sources
https://almalinux.org/blog/2026-05-13-nginx-rift-cve-2026-42945/
https://depthfirst.com/nginx-rift
https://man.archlinux.org/man/setarch.8.en
ANALYST COMMENTS
A critical heap buffer overflow flaw, named nginx Rift and tracked as CVE-2026-42945, was discovered in nginx, affecting both nginx Plus and nginx Open Source versions. This 18-year-old vulnerability, with a CVSS v4 score of 9.2, arises from how nginx handles rewrite directives with unnamed PCRE capture groups and question marks in replacement strings, leading to a heap overflow. The issue impacts a broad range of nginx products and environments, allowing remote code execution or denial-of-service attacks through crafted HTTP requests. Public PoC code is currently available, though no confirmed exploitation in the wild has been reported at this time.
Code and details on the vulnerability were analyzed and found that the vulnerability requires a non-standard implementation of nginx. Namely that the bug requires that ASLR be disabled on nginx to be triggerable and most Linux distributions have ASLR enabled by default. With high confidence, widespread exploitation is considered unlikely, as the configuration requirements necessary to successfully exploit this vulnerability are not typical for most Linux environments.
Additional requirements, including knowledge of the vulnerable endpoint and configuration, further limit the ability for attackers to fully weaponize this vulnerability at scale. While a theoretical scenario may exist that bypasses ASLR protections, no such technique has currently been demonstrated in relation to this vulnerability. Combined with the requirement for a known vulnerable target, the practical scope and reliability of the current PoC appears limited.
As of this document, exploit attempts have been seen in the wild. However, none of the reports suggest that the exploit attempts were successful and is in line with this and other analysis performed. This does not change the suggested remediation and prioritization strategies.
ACTIONABLE GUIDANCE
Patches were released on April 21, 2026, and users are advised to upgrade to fixed versions or apply a configuration-level workaround by replacing unnamed with named captures in rewrite rules. Most Linux distributions will have ASLR enabled by default, therefore no further action is required unless a non-standard configuration of Linux and nginx was used. This issue can likely be safely de-prioritized from other critical patching that is needed to take place within the organization.
6. SSH-Pwn-Key Allows Reading Root-Owned Files By Unprivileged Users
SUMMARY
A newly discovered Linux kernel vulnerability, called ssh-keysign-pwn, allows unprivileged users to read root-owned files and affects recent Linux kernel versions. The issue has been addressed by a patch adjusting the kernel's ptrace behavior.
Category
Critical Vulnerabilities
Industry
Multiple
Sources
https://www.phoronix.com/news/Linux-ssh-keysign-pwn
https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/
https://lore.kernel.org/all/20201016230915.1972840-1-jannh@google.com/
Get the Complete Report
The full Intelligence Desk brief includes exhaustive IOC lists, YARA detection rules, detailed remediation playbooks, and OSec's original threat research. Delivered weekly to our partners and clients. REQUEST ACCESS