Aggregator

It has emerged that seven people, plus an unknown number of security officials, found out before the Prime Minister that red flags had been raised during background checks on the US Ambassador.

A newly disclosed Linux kernel flaw dubbed "Copy Fail" can let a local, unprivileged attacker gain root access on major Linux distributions, with researchers claiming the bug affects kernels shipped since 2017. "The POC exploit works out of the box today, but a future version that can escape from containers like Docker is promised soon," writes Slashdot reader tylerni7. "Technical details are available here." Slashdot reader BrianFagioli shares a report from NERDS.xyz: A newly disclosed Linux kernel vulnerability called Copy Fail (CVE-2026-31431) allows an unprivileged user to gain root access using a tiny 732-byte script, and it works with unsettling consistency across major distributions. Unlike older exploits that relied on race conditions or fragile timing, this one is a straight-line logic flaw in the kernel's crypto subsystem. It abuses AF_ALG sockets and splice to overwrite a few bytes in the page cache of a target file, such as /usr/bin/su. Because the kernel executes from the page cache, not directly from disk, the attacker can inject code into a setuid binary in memory and immediately escalate privileges. What makes this especially concerning is how quiet it is. The file on disk remains unchanged, so standard integrity checks see nothing wrong, while the in-memory version has already been tampered with. The same primitive can also cross container boundaries since the page cache is shared, raising the stakes for multi-tenant environments and Kubernetes nodes. The underlying issue traces back to an in-place optimization added years ago, now being rolled back as part of the fix. Until patched kernels are widely deployed, this is one of those bugs that feels less like a theoretical risk and more like a practical, reliable path to full system compromise.

Read more of this story at Slashdot.

The 37-year-old actress, who is newly betrothed to British pop singer Harry Styles, bundled up in cozy attire as she enjoyed a solo stroll through the city.

Northern Territory Police have arrested Jefferson Lewis.

Anger at the Energy Secretary's refusal to allow licences for new oil drilling in North Sea has surged among MPs in recent weeks in the wake of soaring energy bills following the Iran war.

Keir Starmer and Shabana Mahmood have both hinted they will consider a ban on the marches, which have become a feature in towns across the UK following the 7 October Hamas attack on Israel.

A new study from Harvard Medical School and Beth Israel Deaconess found that an OpenAI reasoning model outperformed experienced ER doctors at diagnosing and managing patient cases using messy, real-world emergency department records. Researchers say the results don't support replacing doctors, but they do suggest AI could meaningfully reshape clinical workflows if tested carefully in prospective trials. NPR reports: The researchers ran a series of experiments on the AI model to test its clinical acumen -- including actual cases like the lupus patient who'd been previously treated at the emergency department at Beth Israel in Boston. The team graded how well the AI model could provide an accurate diagnosis at three moments in time, from the triage stage in the ER, up to being admitted into the hospital. Overall, AI outperformed two experienced physicians -- and did so with only the electronic health records and the limited information that had been available to the physicians at the time. "This is the big conclusion for me -- it works with the messy real-world data of the emergency department, " said Dr. Adam Rodman, a clinical researcher at Beth Israel and one of the study authors. "It works for making diagnoses in the real world." Other parts of the study focused on case reports published in the New England Journal of Medicine and clinical vignettes to suss out whether the AI model could meet well-established "benchmarks" and game out thorny diagnostic questions. "The model outperformed our very large physician baseline," said Raj Manrai, assistant professor of Biomedical Informatics at Harvard Medical School who was also part of the study. The authors emphasize the AI relied on text alone, while in real life, clinicians need to attend to many other inputs like images, sounds and nonverbal cues when diagnosing and treating a patient. The findings have been published Thursday in the journal Science.

Read more of this story at Slashdot.

The influencer, 26, who already shared Bambi, three, with fiancé Tommy Fury, took to her home renovation social media profile to share a snap of her playing with sponges.

The brothers uploaded the video to Instagram on Thursday where they answered questions from a friend behind the camera and Cruz's girlfriend Jackie Apostel.

Cole Tomas Allen, the man accused of attempting to assassinate the President at the White House Correspondents' Dinner, appeared in court today for a detention hearing.

Stop the sprawl!

With the average Global Fortune 500 enterprise expected to run more than 150,000 AI agents by 2028, up from fewer than 15 today, there’s plenty of room for chaos. Analyst firm Gartner says that, without proper governance, those agents will multiply and run amok.…

The film student was killed in front of horrified members of the public at the popular north London beauty spot at around 6.40pm on April 7, with multiple bystanders filming the attack on their phones.

Loose Women star Nadia Sawalha has claimed 'dark forces' are at work after her husband Mark Adderley was suspended from the Green Party for antisemitism.

French prosecutors say police detained a 15-year-old suspected of using the alias "breach3d" in connection with a cyberattack on France Titres (ANTS), the state agency that handles passports, ID cards, and other secure documents. The breach allegedly involved 12 million to 18 million lines of data offered for sale online, potentially affecting up to a third of France's population if the records are unique. The Register reports: It formally opened (PDF) a judicial investigation on April 29, covering alleged fraudulent access to a state-run automated data processing system and the extraction of data from it. Each offense carries a potential prison sentence of seven years and a maximum ~$350,000 fine. Public Prosecutor Laure Beccuau has requested that the minor, whose pronouns, like their name, were also not specified, be formally charged and placed under judicial supervision. [...] France's approach to punishing minors via its legal system is typically geared toward re-education and rehabilitation rather than prison time. While those aged between 13 and 16 can face time in juvenile detention, it is often used as a last resort measure. The maximum sentences and fines for the charges the 15-year-old in this case faces are upper limits imposed on adult offenders, and would likely be lowered substantially in cases involving a minor, like this one.

Read more of this story at Slashdot.

D4vd, real name David Anthony Burke, 21, was arrested earlier this month on murder charges. His alleged victim's death certificate has now been updated following an extensive investigation.

More than a dozen earthquakes have struck near Nevada's highly classified base in the past 24 hours, fueling speculation about possible underground testing.

KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start

Give a man a phishing kit and he might get lucky a couple of times; teach an AI to phish and it'll change the landscape, if KnowBe4's latest phishing trends report is accurate.…

The actress, 36, who plays brash Sarah Stratton in the TV show, wore a chic, satin top which she tucked into a pair of black trousers.

RightsCon, one of the world's largest digital human rights conferences, was suddenly postponed by Zambia's government just days before it was scheduled to begin in Lusaka. Officials cited unresolved speaker clearances and "thematic issues," while Access Now said it had not yet received formal communication and was seeking an urgent meeting with the government. 404 Media reports: Minister of Technology and Science Felix Mutati first announced the postponement on April 28, saying that Zambia needed more time to ensure the conference "fully [aligns] with national procedures, diplomatic protocols, and the broader objective of fostering a balanced and consensus-driven platform for dialogue." "In particular, certain invited speakers and participants remain subject to pending administrative and security clearances, which have not yet been concluded," he added, according to the Lusaka Times. [...] On a popular listserv for academics, many of whom are attending RightsCon, a board member of Access Now wrote "I am told I can leak that RightsCon has been canceled. Message from [Access Now] following shortly" in a thread about what attendees were planning on doing. And in an email, AccessNow wrote: "It is with heavy hearts that we share: RightsCon will not proceed in Zambia or online. We understand this news is deeply upsetting for our community and while we know everyone has questions, our goal right now is to notify you of the event's status because many of you have imminent travel plans. We do not recommend registered participants travel to Lusaka for RightsCon. Over the last 48 hours we have experienced an overwhelming surge of support from civil society, government representatives, sponsors, and our community as a whole. For this, we wholeheartedly thank you. We'll communicate more information soon."

Read more of this story at Slashdot.