FILTERING BY: CLEAR FILTER

The Akrites Framework: Defending Open Source Infrastructure Against AI-Driven Exploitation

The Linux Foundation has launched the Akrites Framework to secure critical open-source software (OSS) infrastructure against AI-accelerated exploitation. The framework addresses the drastic reduction in Time-to-Exploit (TTE) caused by frontier AI models and the "knowledge-actuation gap," where AI models fail to implement security principles they theoretically understand. It specifically targets risks associated with agentic AI, including indirect prompt injection via tool-result pipeline poisoning, which has already resulted in high-severity fraud. Akrites establishes a systemic, coordinated remediation and disclosure process to replace fragmented patching, integrating agentic firewalls and vector-similarity-based context scrubbing to mitigate AI-driven autonomous exploitation.

Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP

A sophisticated Local Privilege Escalation (LPE) vulnerability, dubbed "Fragnesia," has been identified within the Linux kernel networking subsystem. By exploiting a logic error in the reassembly of ESP-in-TCP encapsulated traffic, an unprivileged user can induce page-cache corruption to achieve full root execution, effectively bypassing most modern hardware-enforced security mitigations.


LINK COPIED TO CLIPBOARD