RE: infosec.exchange/@patrickcmill…
“The realistic threat chain looks like this. An attacker exploits a known WordPress plugin vulnerability and gets shell access as www-data. They run the copy.fail PoC. They are now root on the host. Every other tenant is suddenly reachable, in the way I walked through in this hack post-mortem. The vulnerability does not get the attacker onto the box; it changes what happens in the next ten seconds after they land there.”
Patrick C Miller :donor: (@patrickcmiller@infosec.exchange)
The most severe Linux threat to surface in years catches the world flat-footed https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/Patrick C Miller :donor: (Infosec Exchange)
