I haven't updated mine. I have a firewall and it's not exposed to the Internet. Need a key to SSH in. Same with my public facing server. Almost none of these exploits are "drop everything now and patch" unless you are somehow exposing yourself stupidly.
reply> unless you are somehow exposing yourself stupidly
replyOr, y'know, offer some forms of compute as a service.
If you’re running any sort of CI you’re probably going to have a bad couple of days if everything goes well
replyTo be honest, CI has always been a massive risk, I'm a bit miffed at how blasé some people are about providing runners.
replyunless you run pinned CI runners on hardware you control
replyI sort of always expect there to be an LPE to root on Linux tbh, if anything this is great news and Linux might be a useful multiuser system after all.
replyUpdating your kernel isn't good enough, it never was.
replyNative unsandboxed execution == root. Only thing that's new is some people started making websites for their LPEs.
https://github.com/google/security-research/tree/master/pocs...
With how things are going the question should be ‘is twice a day often enough?’
replyAt the moment it doesn't seem to be.
replyWithin an hour of be advised of, and running the mitigation for DirtyFrag, my upstream provider has blocked all WHM/cPanel/SSH/FTP/SFTP access with a heads-up on:
CVE-2026-29201 CVE-2026-29202 CVE-2026-29203
which look like a repeat of CVE-2026-41940 a week ago.
So you think someone is going to break into your house, find your default credentials somehow and get root access?
replyI think when there’s a step change in our ability to find one type of vulnerability, other types of vulnerability are probably going to become more common as well. Let’s see where we stand at the end of the year.
replyWith physical access, root access is as simple as setting init=/bin/bash in the kernel parameters from a bootloader. No need for credentials or anything.
replySecure boot and disk enryption are not that unusual nowdays
replySecure boot doesn't provide security, just control for device manufacturers.
replyPhysical access always means the device is pwned. You can install a keylogger or something similar.