Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero found unprotected memory access from userspace in the Tensor G5 video processing chip driver, which allows direct write access to kernel memory.
Using previously discovered flaws in media decoding components — in this case CVE-2025-54957 in the Dolby digital audio decoder — Project Zero modified a Pixel 9 attack to work on the Pixel 10, despite newer protections built into the hardware to harden the system against memory corruption.
The author’s takeaway is mixed. Once the bug on Pixel 9 was reported, one could hope that the Android team would look into similar bugs in their newer systems. On the positive side, though, Project Zero reported the vulnerabilities to the Android team in November 2025 and they were patched in February of 2026, 71 days later. That’s 19 days short of the 90-day timeline.
Linus on AI and Security
Linus Torvalds clarified opinions on AI detected security vulnerabilities in the Linux kernel in a recent mailing list post about the Linux 7.1 kernel development cycle.
In typically succinct phrasing, Torvalds supports the use of AI tools in general, but considers any AI reported bug to be, by definition, public. Linus also requests that submitters of AI generated reports verify the report is accurate and engage with fixing the issue instead of doing an unverified drive-by report. It’s difficult to summarize his comments without being longer than his initial post, so for more full information, head over to the Linux kernel mailing list!
GitHub on AI and Bug Bounties
Similar to comments from Linus above, GitHub is detailing how AI generated reports will be handled in an attempt to generate higher-quality bug reports in the bug bounty program.
While slightly ironic that a platform which has gone deep down the AI rabbit hole is now facing issues of scope when AI-generated reports flood its own security program, the problem is certainly real. GitHub lays out what seems to be a fair list of requirements for a good bug report. One must provide a working example of the vulnerability in action, adhere to the scope of the bounty, and of course, the report must be valid.
All three of the requests directly target things AI has been historically terrible at, especially at scale when deployed by users with limited security background and experience. AI models have often been guilty of completely fabricating code, fixes, and data. Completely false security reports waste time.
GitHub further clarifies their position that malicious repositories are not, themselves, in scope for the bug bounty program, stating that users are responsible for what repositories they clone, fork, or otherwise interact with. This makes sense in the scope of a bug bounty program where a submitter can create an arbitrarily malicious repository and file a bug on it, but seems short-sighted given recent rampant exploitation of the GitHub actions build process. Expecting every user to understand the implications of the GitHub actions workflow before forking a public repository seems unlikely to work in the long term.
GitHub Internal Breach
Speaking of which, GitHub has posted to their security blog about a breach of internal repositories.
There are not a lot of details about the breach, but GitHub says a compromised VSCode extension on a developers system was used to gain the credentials for internal systems. If that sounds familiar, it should – many of the current worms targeting NPM and PyPi include code to infect VSCode extensions as well.
GitHub says that only internal company repositories were impacted, and that if any customer repositories are found to be affected the users will be notified.
If you find it amusing that a developer at GitHub, owned by Microsoft, was compromised by a Microsoft VSCode extension, hosted on the Microsoft’s extension repository, I’d say you’re right.
Zero-Copy Removed from AF_ALG
The Linux kernel is removing the zero-copy code from AF_ALG. The AF_ALG code is part of of the kernel-level encryption libraries, and has been used in the CopyFail exploits.
The patch notes that the zero-copy functionality was originally intended to accelerate performance with hardware encryption accelerators, but is rarely used for that purpose and has almost no dependencies in userspace tools. By removing the seldom used, but very complex, zero-copy API, the kernel developers hope to eliminate future bugs in the CopyFail class which manipulate the page table cache.
CISA Self-Doxes
A contractor for the US government cybersecurity watchdog agency CISA left a public GitHub repo – hilariously named “Private-CISA” – available, with credentials for CISA cloud services, authentication tokens, plaintext passwords, and internal credentials.
Brian Krebs reports on the full details. Credentials included access to the CISA AWS GovCloud systems, the internal CISA build system for tools, and plain-text logins to the repository of internal libraries. GitHub itself has protections to prevent accidentally publishing authentication tokens and credentials in repositories, but they were explicitly disabled.
The GitHub repository had been active since November of 2025, and even after being taken down, leaked credentials to access AWS GovCloud remained active for an additional 48 hours.
NGINX 0-Day
The NGINX web server is used on millions of systemsm approximately 30% to 40% of web servers, as both a traditional web server and as a proxy system for internal web services.
Last month the “nginx-rift” vulnerability allowed for arbitrary code execution via the NGINX rewrite engine. Now, the “nginx-poolslip” vulnerability has been found causing denial of service and in some cases remote code execution even on the latest NGINX versions.
Currently there are no official patches for the NGINX service, though there likely will be shortly. In the mean time, the primary suggestion for mitigating the bug is to ensure no “rewrite”, “if”, or “set” rules in the NGINX config use unnamed PCRE capture groups.
Pid-fd Linux Bug Gets Official
The “pid-fd” bug mentioned last week now has an official patch and CVE.
Not to be confused with CopyFail or DirtyFrag bugs which allow root access via corrupting the page cache of file data in RAM, this bug, also called “ssh-keysign-pwn”, enables reading any file regardless of file permissions, exposing important files like the system password file in /etc/shadow or the SSH private keys of the server or users, and executing commands as root via other common utilities including ssh-keysign, pkexec, and accounts-daemon.
RDS-Pintheft Linux bug
Seemingly not getting too much attention the V12 group released proof-of-concept code for another Linux kernel bug, naming it “RDS-pintheft”.
The bug lies in the Linux RDS network code, an alternate communications method for high-speed communications within clusters. It functions similarly to CopyFail and DirtyFrag: mis-handling memory buffers allows reliable overwriting of the page cache and replacing the perceived contents of a suid-root binary, granting instant root.
This exploit does require the RDS and RDS TCP kernel modules to be loaded, which may not be present on all distributions. If the module is already loaded or the attacker can cause it to be automatically loaded, and has the ability to execute code locally, it appears to be game over.
Patches are available and will likely be integrated into distribution kernel patches soon.
Google Self-Doxes Chromium
Bleeping Computer reports that Google has accidentally exposed the details of an un-patched Chromium exploit that enables JavaScript based botnets in all Chromium based browsers. Chromium is the open source browser engine which lies underneath Google Chrome, but also Microsoft Edge, Vivaldi, Opera, Arc, and Brave.
The JavaScript bug allows service workers to remain running in the background, even when the original page has been closed, or even when the browser itself has been closed. This would allow malicious websites, or ads carrying JavaScript injected into benign websites, to continue issuing requests without the user knowing, fueling a botnet for click fraud or denial of service attacks.
The bug was first reported in 2022, but ignored until 2024 when it was flagged as requiring attention. In February of 2026, the bug was marked as fixed, though no patches had been shipped yet. On May 20, details of the bug were automatically released because the bug had been closed for more than 14 weeks and marked as fixed.
But in fact the bug was not fixed, and the researcher noted that previous alerts that may have given the user a hint that something was occurring are now gone, making the attack even simpler.
Additional fixes will likely arrive shortly, given the publicity and severity of the bug.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.