A new SSH key-stealing kernel exploit landed yesterday. Your seedboxes were patched within 24 hours. On 2026-05-14, Qualys disclosed a new Linux kernel vulnerability — ssh-keysign-pwn — that lets an unprivileged user steal the SSH host private keys of any Linux server they have shell access on. The patch landed in Linus Torvalds' tree the ... Read More »
Linux kernel "Fragnesia" disclosed 2026-05-13 — Pulsed Media customers not exposed A new Linux kernel local privilege escalation, "Fragnesia" (informally "copyfail 3.0"), was disclosed on 2026-05-13 by Sam James (Gentoo) on the oss-security mailing list. It is the third member of the page-cache-LPE family this spring, following Copy Fail ... Read More »
We just updated WHMCS several minor revisions today as WHMCS released a CVE with service addons.
We do not use service addons but this was good time to do jump on several versions.
If you notice any regressions, please let us know.
A second Linux kernel local-privilege-escalation flaw — published 2026-05-07 by Hyunwoo Kim under the name Dirty Frag (CVE-2026-43284 and CVE-2026-43500) — landed eight days after the previous one (Copy Fail, CVE-2026-31431, disclosed 2026-04-29 by Theori). Both belong to the same kernel bug class as 2022's Dirty Pipe: a write into the Linux ... Read More »
