VulnHub

Real-time Cybersecurity News

Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise

Hackread – Cybersecurity News, Data Breaches, AI and More
LinuxVulnerabilityUpdate

Overview

Researchers have discovered a serious vulnerability in PackageKit, a package management tool used across various Linux distributions. This flaw, dubbed Pack2TheRoot, allows attackers to gain full root access, potentially compromising the security of affected systems. Linux distributions that utilize PackageKit, which includes many popular versions, are at risk. This vulnerability is particularly concerning because it has been present for over a decade, raising questions about the security practices in place for maintaining open-source software. Users and system administrators are urged to update their systems and apply any available patches to mitigate the risk of exploitation.

Key Takeaways

  • Affected Systems: Linux distributions using PackageKit, including Fedora, Ubuntu, and others.
  • Action Required: Users should update PackageKit to the latest version as patches become available.
  • Timeline: Disclosed on [date]

Original Article Summary

Security experts have found a high-severity flaw named Pack2TheRoot in PackageKit that allows hackers to gain full root access on multiple Linux distributions.

Impact

Linux distributions using PackageKit, including Fedora, Ubuntu, and others.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Disclosed on [date]

Remediation

Users should update PackageKit to the latest version as patches become available.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, Vulnerability, Update.

Read Original Article

Related Coverage

A DOD contractor’s API flaw exposed military course data and service member records

CyberScoop

Researchers discovered a significant flaw in the API of Schemata, a contractor for the Department of Defense, which exposed sensitive information related to military courses and service members. This breach included personal details such as names, email addresses, base assignments, and course materials before Schemata implemented a fix and informed government officials. The exposure raises serious concerns about the security of military data and the potential risks to service members' privacy. Such incidents highlight the need for stringent security measures among contractors handling sensitive government information. The incident serves as a reminder of the vulnerabilities that can exist in systems that support military operations.

May 6, 2026

Roku sued for allegedly bricking TVs - see which models are affected, and your best alternatives

Latest news

Roku is facing a lawsuit after numerous users reported that their Roku TVs have become unusable, either getting stuck in boot loops or displaying black screens. This issue affects several models, leading to frustration among customers who rely on these devices for streaming. Users have taken to social media and forums to express their dissatisfaction, prompting legal action against the company. The situation raises concerns about the reliability of Roku devices and the potential need for better customer support and product durability. As these issues continue, affected users are encouraged to seek alternatives while the lawsuit unfolds.

May 6, 2026

DAEMON Tools installers compromised in new supply chain attack

SCM feed for Latest

Recently, a supply chain attack targeted DAEMON Tools, a popular disk imaging software. Attackers compromised three key components: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. This tampering can potentially allow malicious activities on systems that install these altered files. Users of DAEMON Tools are at risk, especially if they download the software from unverified sources. It's crucial for users to ensure they are using legitimate versions and to stay updated on any security advisories regarding the software.

May 6, 2026

DHS mobile device security falls short of standards, inspector general report finds

SCM feed for Latest

A recent report from the Department of Homeland Security's inspector general reveals significant security issues with mobile applications used by the agency's intelligence office. Out of 650 apps assessed, over 75% were found to either pose security risks or were banned altogether. This raises serious concerns about the data protection measures in place for mobile devices that handle sensitive information. The presence of these risky apps could potentially expose critical national security data to unauthorized access or cyberattacks. The findings suggest a need for immediate review and improvement of mobile device security protocols within the DHS.

May 6, 2026

FTC bans Kochava from selling location data without consent

SCM feed for Latest

The Federal Trade Commission (FTC) has banned Kochava, a data broker, from selling geolocation data without user consent. The FTC's complaint revealed that Kochava collected and sold location data from hundreds of millions of mobile devices, allowing clients to monitor users' movements to sensitive locations like health clinics and places of worship. This practice raised significant privacy concerns, as it involved tracking individuals without their knowledge or approval. The ruling emphasizes the need for stronger protections around personal data and could set a precedent for how data brokers handle user information in the future. Consumers are increasingly wary of how their data is used, and this decision reflects a growing push for accountability in the industry.

May 6, 2026

Why ransomware attacks succeed even when backups exist

BleepingComputer

Ransomware attacks are increasingly successful even when organizations have backups, primarily because attackers often target and destroy these backups before encrypting the main data. Acronis explains that this tactic leaves victims with little to no options for recovery, as the backups become unusable. This highlights a significant vulnerability in many organizations' cybersecurity strategies, as they may rely too heavily on backups without considering their protection. Companies need to bolster their defenses by securing backup systems and implementing strategies that can withstand ransomware attacks, ensuring they have a path to recovery even if their primary data is compromised.

May 6, 2026