linux

The 732-Byte Secret to Root: Everything You Know About Hardening Just Failed

John Z Black May 1, 2026

Vulnerabilities & Patching #linux #kernel #root-exploit #zero-day #devops

Copy Fail (CVE-2026-31431) is a nine-year-old logic flaw that grants root on basically every Linux distro. It's tiny, it's reliable, and your file integrity monitors won't see a thing.

France's Linux Move Isn't About Linux

John Z Black Apr 10, 2026

Policy, Law & Governance #france #linux #digital-sovereignty #eu #us-tech #open-source #geopolitics #anssi

France isn't migrating government workstations to Linux because it's technically better. It's doing it because the US demonstrated it can turn off American tech platforms for foreign governments whenever it wants.

Delete This Web Shell and It Grows Back. Thanks, Cron.

John Z Black Apr 4, 2026

Threat Intelligence #webshell #php #cookie-c2 #linux #persistence #microsoft-defender

Microsoft found PHP web shells that take commands through cookies instead of URLs. Delete them and a cron job rebuilds them. Your WAF probably can't see any of it.

The Next Enterprise Exposure Wave: Old Management Surfaces, New Root Paths

John Z Black Mar 18, 2026

Security Operations & Resilience #management-plane #ip-kvm #telnet #linux #root-access #hardening #attack-surface

An unpatched telnetd with unauthenticated root RCE. Nine critical IP-KVM flaws. A Linux privilege escalation tied to systemd timing. Different CVEs, same underlying problem: forgotten management plumbing.

The SocksEscort Takedown: Your Linux Server Might Be Someone Else's Criminal Proxy

John Z Black Mar 13, 2026

Cybercrime #socksescort #botnet #proxy #linux #takedown #law-enforcement #infrastructure

US authorities dismantled SocksEscort, a proxy-for-hire botnet built on silently infected Linux devices. Here's why this takedown matters more than it seems, and why 'it's Linux, it's fine' isn't a security posture.