Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Berz0k advertises zero-day Linux LPE exploit for sale

Threat Actor Meta
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

berz0k is advertising a zero-day Linux LPE exploit for $170,000 on cybercrime forums, signaling active monetization of root-level access in the exploit market. The claimed capability spans multiple major Linux distributions, which could broaden downstream abuse if the claim is accurate. The sale format and price point suggest a mature commodity exploit rather than a one-off proof of concept.

Related Happenings

Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)

Vulnerability
First: 18.05.2026 10:18 Last: 18.05.2026 10:18 Sources 1

About this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...

Open Happening

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

How related: Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM ESP-in-TCP subsystem.

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Open Happening

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Open Happening

Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)

Vulnerability
First: 11.05.2026 11:15 Last: 11.05.2026 11:15 Sources 1

About this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...

Open Happening

Linux kernel Dirty Frag local root escalation privilege-escalation flaw

Vulnerability
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...

Open Happening

Timeline

  1. 14.05.2026 10:06 2 articles · 13d ago

    berz0k advertises a zero-day Linux LPE exploit for $170,000

    Initial Disclosure

    Threat actor berz0k advertises a zero-day Linux local privilege escalation exploit for $170,000 on cybercrime forums, claiming it works across multiple major Linux distributions and can achieve stable root access via a TOCTOU-based path that uses a shared object (.so) payload dropped into /tmp.

    Show sources
    Open in new tab