Cyber Security News

Hacking Editorial Brief — June 27, 2026

Critical Linux Kernel Vulnerability Grants Instant Root Access

A critical vulnerability in the Linux kernel's pedit (packet edit) subsystem is under active exploitation, allowing attackers to gain immediate root access by poisoning cached binaries in memory. Dubbed the "pedit COW bug," the flaw enables privilege escalation through copy-on-write manipulation, and public exploit code is already circulating. The availability of working proof-of-concept code significantly lowers the barrier for attackers targeting Linux systems. Organizations running vulnerable kernel versions should prioritize patching immediately, as the combination of exploit availability and root-level compromise makes this a high-urgency threat to Linux infrastructure.

Multiple Zero-Days and Vulnerabilities Under Active Exploitation

Cisco disclosed that threat actors exploited CVE-2026-20245, a zero-day in Catalyst SD-WAN Manager, for at least two months before public disclosure. The vulnerability allows arbitrary command execution with elevated privileges, and the extended pre-disclosure exploitation window suggests sophisticated threat actor reconnaissance and targeting. Separately, attackers are actively exploiting a critical vulnerability in PTC Windchill and FlexPLM product lifecycle management software, targeting industrial and manufacturing environments. A public proof-of-concept exploit for CVE-2026-55200, a remote code execution flaw in libssh2 (versions up to 1.11.1), has also been released, substantially increasing risk to unpatched SSH implementations. Malaysian authorities issued an advisory after hackers compromised the Health Ministry website and other government systems, attributing the breaches to unpatched vulnerabilities.

Sources: SQ Magazine · The Hacker News · CSO Online · Cybersecurity News · The Star