Linux Done DIRTY: 4 Page Cache Exploits Running Amok
Researchers have exposed a rapidly expanding family of Linux root escalation vulnerabilities, including copy-fail, dirty-frag, fragnesia, and the newly identified dirty-decrypt, all stemming from page cache corruption. These exploits allow unprivileged local users to escalate to root privileges without passwords or sudo access by manipulating the kernel's in-memory file cache rather than modifying files on disk. The copy-fail exploit, tracked as CVE-2026-31431, demonstrates this mechanism by smuggling malicious payloads through a vulnerable crypto operation using the splice system call to overwrite privileged binaries like /usr/bin/su in memory. While the affected systems include unpatched versions of Ubuntu 24.04, the underlying flaw affects the kernel's handling of page cache data across multiple distinct code paths, creating a significant security risk for Linux distributions.
SecTor 2025 | Scaling the AppSec Program Without Scaling Security Headcount
A five-year engagement successfully scaled an application security program across an entire enterprise without increasing security headcount by integrating specialized AI-driven automation into the Software Development Lifecycle. The solution bridges the gap between security practitioners and junior developers by automating threat modeling, translating business requirements into security controls, and delivering real-time SAST and DAST feedback directly within the development workflow. This approach enforces a zero-critical-vulnerability policy in production while maintaining high velocity for engineering teams who previously lacked the time or expertise to address security findings manually. The strategy replaces ad-hoc testing with a deterministic, scalable system that empowers developers to fix vulnerabilities on the fly without creating bottlenecks.