The Iran-linked Handala Hack Team published what it described as the names and phone numbers of 2,379 US Marines stationed in the Persian Gulf on April 28, hours after Marines in Bahrain began receiving WhatsApp messages threatening drone and missile strikes. The Wall Street Journal first reported the leak. US Central Command referred questions to the Naval Criminal Investigative Service while authenticity assessments continued. Check Point Research has tied the persona to an Iranian intelligence unit.

The breach is the most public escalation yet in a digital campaign tied to the US-Israeli war on Iran that opened in late February. Handala styles itself as a pro-Palestinian hacktivist outfit, but the US Department of Justice and multiple cybersecurity vendors attribute the group to Iran’s Ministry of Intelligence and Security. The Telegram message described the release as proof of the group’s intelligence superiority and called US base security an empty illusion. Service members in Bahrain reported identical WhatsApp threats a day earlier from what appeared to be a hijacked Bahraini business phone number.

Telegram Dump Lists 2,379 Names With Visible Data Gaps

The group posted the data to its public Telegram channel on Tuesday, April 28, with a message claiming the release was only a sample and that further publications could include tens of thousands more service members. Independent reporters who reviewed the file flagged a long list of integrity problems. Some rows contained incomplete phone numbers. Some name fields held what appeared to be military contract identifiers rather than names.

The group also claimed it holds home addresses, family information, base details, shopping habits, and nightly leisure routines for thousands of additional troops. Researchers at Bitdefender and Cybernews note those data points could have been assembled from breached commercial data brokers, social media profiles, and credential dumps rather than pulled from a single secure system. The point of a campaign like this is not to prove a particular intrusion but to put a name, a phone number, and a location in front of a Marine and a Marine’s family at the same time.

Reporters Found Incomplete Phone Numbers in the Sample

When reporters dialed two dozen numbers from the leaked sample, most reached automated voice messaging systems. In three cases, names left on voicemails matched names from the file. One person confirmed their identity but hung up after being told about the leak. Another said they could not answer questions and referred the reporter to the Navy’s public affairs office.

That verification sample is small, but the result fits a deliberate pattern. The group does not need every entry to be authentic. It needs enough authentic entries for a Marine reading the list to feel exposed and for a journalist verifying the leak to confirm at least some hits.

WhatsApp Threats Land at Naval Support Activity Bahrain

According to Stars and Stripes’ reporting from Bahrain, the threats arrived on Monday, April 27, sent through WhatsApp to service members stationed in Bahrain, which hosts US Naval Forces Central Command. Stars and Stripes reviewed identical messages received by two different service members. The texts came from what appeared to be a Bahraini cell number tied to a legitimate business on the island, indicating the number had been spoofed or hijacked.

The messages warned recipients that their identities were known to Iranian missile units and that they would be targeted by Shahed drones and Kheibar and Ghadeer missiles. Recipients were told to call their families and say their final goodbyes. The messages also referenced Iran’s claimed casualties at a primary school in Minab, in southern Iran’s Hormozgan province, struck in the early days of the conflict. Similar threats reached residents in Israel the same day, according to The Jerusalem Post. CENTCOM referred questions about the messages to NCIS. NCIS did not say how many people received them.

Check Point Ties Handala to the MOIS Persona Void Manticore

Check Point Research’s published analysis of the group assesses Handala Hack as one of three online personas operated by an Iranian threat actor it tracks as Void Manticore. The same cluster is known in other vendor frameworks as Red Sandstorm, Banished Kitten, and Cobalt Mystique. Check Point links the actor to Iran’s Ministry of Intelligence and Security and traces its operations as far back as 2022, when the Homeland Justice persona was used in destructive wiper attacks against Albanian government agencies.

The cluster typically gains initial access through compromised credentials or supply-chain footholds at IT service providers, then moves laterally using RDP and basic tunneling tools, and deploys destructive wipers alongside hack-and-leak releases. Recent Handala campaigns have routed traffic through Starlink IP ranges to bypass Iranian government internet blackouts. The cluster’s tactics have stayed consistent since 2022, which means strengthening defenses against credential theft and supply-chain footholds remains the most direct counter for would-be victims.

From Albania to Stryker to the FBI Director’s Inbox

Public Handala claims over the past four months include the following high-profile operations:

• A January 2026 takeover of public-address systems at roughly 20 Israeli kindergartens, triggering air-raid sirens and Arabic-language broadcasts in classrooms.
• A March 2026 cyberattack on US medical device maker Stryker, branded Operation Epic Fury, in which the group says it wiped more than 200,000 systems across 79 countries and exfiltrated 50 terabytes of data. Stryker confirmed severe, global disruption affecting all company laptops in a Securities and Exchange Commission filing.
• An April 2026 breach of FBI Director Kash Patel’s personal Gmail account, with the group publishing more than 300 emails from the inbox.
• The current April 28 release of personal data on 2,379 US Marines.

Justin Moore, a threat intelligence researcher at Palo Alto Networks’ Unit 42, described Handala to Wired earlier this year as a group that combined the noisy playbook of a hacktivist outfit with the destructive capabilities of a nation-state, calling it a primary cyber-retaliatory arm for the Iranian regime.

Navy Memo Already Warned Sailors of Operation Epic Fury

Two weeks before the Marines leak, then-Navy Secretary John Phelan issued an April 17 unclassified memo to Department of the Navy personnel warning of adversary cyber actors conducting a social engineering campaign against sailors, Marines, and their families. The Hill’s coverage of the unclassified memo reports it named Operation Epic Fury as the catalyst and called on personnel to lock down social media accounts, switch on multi-factor authentication, and ask family members to scrub identifying images and information from public posts.

Phelan asked sailors to turn off Bluetooth and Wi-Fi when not in use, avoid public Wi-Fi, treat dating apps that request personal information with caution, and set social profiles to the highest privacy setting. The memo went out before Phelan was abruptly removed from his post on April 22 by Defense Secretary Pete Hegseth, in a dispute reported to involve shipbuilding strategy and an unrelated First Amendment ruling. The Navy guidance acknowledges, in effect, that personal devices are now part of the attack surface for force protection.

Fifth Fleet’s 2.5 Million Square Miles Multiplies the Risk

The Persian Gulf is not an ordinary posting. The US 5th Fleet, operationally run through US Naval Forces Central Command at Naval Support Activity Bahrain, covers about 2.5 million square miles of water across 21 countries, including the Arabian Gulf, the Red Sea, the Gulf of Oman, the Gulf of Aden, the Arabian Sea, and parts of the Indian Ocean. Its area encompasses three of the world’s most heavily monitored maritime chokepoints: the Strait of Hormuz, the Suez Canal, and Bab el-Mandeb.

CENTCOM’s wider area of responsibility spans more than 4 million square miles and roughly 560 million people. About 1.34 million active-duty US service members were on the books as of December 2025, according to USAFacts, and a significant share rotate through CENTCOM postings. In a region where Iranian forces have already seized commercial vessels and the US Navy has imposed a blockade on Iranian ports, a phone number paired with a duty station and a deployment pattern is operationally sensitive information.

FBI, IBM, and Verizon Reports Frame the Wider Stakes

Iran-linked operations are running on top of a global cyber baseline that is already breaking records.

The FBI’s 2025 Internet Crime Report announcement placed total cyber-enabled crime losses at nearly $21 billion, with cryptocurrency and artificial intelligence-related complaints among the costliest categories. IBM’s 2025 Cost of a Data Breach Report, conducted by the Ponemon Institute, found the global average breach cost fell 9 percent to $4.44 million, the first decline in five years, while the US average climbed to a record $10.22 million. Verizon’s 2025 Data Breach Investigations Report found third-party involvement in confirmed breaches doubled to 30 percent of cases, a shift driven largely by supply-chain compromises and service-provider intrusions.

Iranian operators sit inside this trend rather than outside it. Check Point researchers have documented Void Manticore deploying commodity infostealers purchased on criminal forums, such as Rhadamanthys, alongside custom wipers in phishing campaigns. That pairing complicates attribution and pulls criminal tooling directly into state intelligence operations.

April CISA Advisory Connects to a Broader Iranian Pattern

On April 7, CISA, the FBI, the NSA, and the Department of Energy issued a joint advisory warning that Iranian-affiliated advanced persistent threat actors were exploiting internet-exposed programmable logic controllers at US water, wastewater, energy, and local-government facilities. The agencies attributed operational disruption and financial loss to the activity and tied it to escalating hostilities with Iran. The advisory builds on a December 2023 alert against the IRGC-linked CyberAv3ngers persona, which compromised at least 75 Unitronics PLC devices across multiple US states.

Lee Sult, chief investigator at the cybersecurity firm Binalyze, gave Cybernews a blunt read on what the Marines leak means in that wider context after the data was published.

Even when ceasefires are declared and deals are made, groups like Handala should still be considered an active threat and a warfighting asset of the Iranian regime. They make a statement that they will target anyone and everyone perceived as an enemy of Iran.

Sult described Handala as objectively active, opportunistic, and growing in confidence, mixing destruction, leaks, intimidation, and psychological warfare. He argued that Iran’s conventional military reach is now constrained enough that cyber will remain its dominant retaliatory tool through any pause in fighting.

Personal Data Sits Inside the Force-Protection Perimeter

Handala’s stated intent is to make individual Marines and their relatives feel watched, whether or not the underlying records came from a current intrusion. That distinction matters less to a service member receiving a WhatsApp message naming their family than to a security researcher reviewing the leak afterward. Threat intelligence firms and the Navy memo converge on a similar list of responses for affected service members and their commands:

1. Identity-protection and credit-monitoring support for service members named in the leak and their families.
2. Audit of contact information held by personnel offices, base contractors, and supply-chain IT vendors.
3. Review of personal-device exposure across messaging apps, dating apps, social media, and dual-use phones.
4. Continuous monitoring of dark-web markets and Telegram channels for military-linked records being resold.
5. Sanctions, indictments, and infrastructure seizures targeting named MOIS operators and their commercial proxies.

The US Treasury Department sanctioned Yahya Hosseini Panjaki, the MOIS deputy intelligence minister tied by independent researchers to the Handala persona, in September 2024. According to Iran International reporting cited by BeyondTrust analysts, he was killed in a March 2026 Israeli strike on MOIS headquarters. His death has not visibly slowed Handala’s tempo, suggesting the operations are institutional rather than dependent on a single figure.

That is the harder lesson sitting under the April 28 dump. The Marines whose names appeared on a Telegram channel did not see classified materials leak. They saw a public statement that their families, schedules, and phone numbers are catalogued by a foreign intelligence service and can be published at any time. That is force protection, not data protection. The Pentagon’s response will need to treat scattered personal data, third-party data brokers, and commercial messaging apps as part of the same defensive perimeter as the bases themselves.

South Korea brought home the second mastermind of a hacking syndicate that drained roughly $25.5 million from the country’s wealthiest accounts, the Ministry of Justice confirmed this week. The 40-year-old Chinese national arrived at Incheon International Airport from Bangkok on Wednesday, May 13, 2026, ending an extradition file that ran through three Interpol-backed operations and months of Thai court hearings. He is the second ringleader from the same syndicate to be marched through Incheon in nine months.

BTS member Jungkook sat near the top of a target list that ranged from famous entertainers to conglomerate chairmen and venture-company CEOs. Hackers used his stolen identity to open unauthorised brokerage accounts in January 2024 in an attempt to lift 8.4 billion won worth of HYBE shares before BigHit Music froze the trade. He had just begun mandatory military service.

An 11-Month Treaty File Closes At Incheon

The handover capped a chase that began long before the perp walk. The ministry requested the suspect’s provisional arrest from Thai authorities in May last year, followed by a formal extradition request in August. Korea waited through three months of Thai court processing before formally requesting transfer.

Korean prosecutors and investigators were dispatched to Thailand in July 2025 to coordinate with officials from the Thai Prosecutor General’s Office and the Thai National Police. Authorities from both countries also conducted frequent video conferences from October to December 2025. The final ministerial sign-off came this week, per the Justice Ministry’s account in the Korea Times extradition briefing.

A joint operation in Thailand in May 2025 led to the arrest of a 36-year-old Chinese accomplice along with 16 other members of the group. Authorities also secured custody of the latest suspect at the same location. The 40-year-old then stayed on a provisional detention hold while Seoul worked through nine more months of paperwork.

The first ringleader, a 36-year-old Chinese national, was extradited to Korea, indicted and detained in August last year. Identified as Jeon, he is now facing 11 charges, with court proceedings ongoing in Seoul.

How $25.5 Million Slipped Out of Korea’s Elite Accounts

From August 2023 to April 2024, the syndicate allegedly siphoned off more than 38 billion won ($25.5 million) by using illegally obtained personal data to gain access to victims’ bank and cryptocurrency accounts, according to the Ministry of Justice’s statement to the Korea Herald. Another attempt to steal 25 billion won (~ $16.8 million) from 10 people was thwarted only by financial intervention in the eleventh hour.

The breach trail started inside government infrastructure. The hacking group meticulously breached six government and public agency websites to gain resident registration numbers and authentication credentials of 258 high-profile targets.

The target list was not random. Investigators say the group covertly looked into the account balances of as many as 258 people, ranging from famous entertainers to conglomerate chairmen and venture-company CEOs, with 258 high-net-worth Koreans in the crosshairs.

• $25.5M lifted from victim accounts between August 2023 and April 2025
• $16.8M second-wave attempt blocked at the eleventh hour
• 258 high-net-worth Koreans on the target list
• 89 victims whose names were used to register cloned SIM cards
• 6 government and public agency websites breached
• 18 members of the syndicate now in custody

The Budget Carrier Backdoor That Broke Two-Factor Authentication

The crew did not crack a single financial firewall. They walked through the front door using cloned identities.

The hacker ring made use of a loophole in South Korea’s budget mobile carrier system and exploited the mechanism of remote SIM card activation, which helped them bypass in-person verification and enabled them to register phones in the names of 89 victims. That gap let the syndicate intercept every SMS-based one-time password the banks pushed.

Korea’s MVNO market is built for prepaid SIM activation customers can complete entirely online. Larger telcos still require in-person ID checks at retail stores. The syndicate picked the path of least resistance and ran it across 89 cloned identities.

These cloned identities allowed them to even cross the two-factor authentication required to drain accounts. Brokerage logins, crypto exchange withdrawals, and password resets routed straight to attacker handsets.

“This technique compromises SMS-based MFA by transferring the target’s phone number to the attacker,” says Matthew Gardiner, Product Marketing Manager at Proofpoint, in the firm’s SIM swapping threat reference. Bitsight’s threat research team places telecommunications among the most-targeted industries for SIM-swap fraud, noting in its State of the Underground report that compromising telecom infrastructure or personnel lets attackers reassign phone numbers and bypass multi-factor authentication, per the firm’s SIM swapping breakdown.

Why Jungkook Made the Perfect Mark

Jungkook checked every box the syndicate looked for. Wealthy. Recognizable. Out of the loop.

Jungkook was reported to have had his securities account identity stolen in January 2024, shortly after entering the military, with 33,500 shares of HYBE stock worth approximately 8.4 billion won taken. The group transferred 33,500 HYBE shares into accounts they controlled.

The hacker took away shares from the singer’s account and sold a portion to a third party. Jeon allegedly sold about 100 million won (approx. 73,000 USD) worth of stocks under Jungkook’s name to a third party, and Jungkook later recovered the funds through a civil lawsuit in March 2024.

Investigators also found that Jeon used the names of a top-30 chaebol leader, a venture company CEO, and others to commit further crimes. Both names remain redacted in court filings. “The suspect admits to some of the allegations while denying others,” police said during a press briefing after his August 2025 detention hearing.

The hackers were also particularly looking for known figures who are currently serving in the military or incarcerated, to take advantage of their absence. The Seoul Metropolitan Police Agency framed the case’s stakes during a briefing reported by Yonhap News Agency.

“As this case has very large social repercussions, we will conduct a strict investigation with not a shred of doubt.”

SIM Cloning Is Outpacing Carrier Defenses Worldwide

The Jungkook case lands inside a global spike. In 2024, the FBI’s Internet Crime Complaint Center (IC3) received 982 complaints related specifically to SIM swapping attacks, with total reported losses exceeding $26 million, according to VikingCloud’s IC3 data analysis. While this represents a slight dip from the peak of $68 million in 2021, experts say attackers are becoming more selective, targeting victims with higher-value digital assets like cryptocurrency and brokerage accounts.

In a separate US case, attackers used SIM swaps to steal $400 million in cryptocurrency from 50 victims, including one company.

Federal cybersecurity agencies have moved against the underlying weakness. CISA put it plainly: “Do not use SMS as a second factor for authentication.” Organizations must also remain compliant with evolving regulations, such as the FCC’s new rules designed to combat SIM swapping.

Group-IB’s 2026 SIM swap evolution analysis frames the wider shift bluntly. The High-Tech Crime Trends Report 2026 reveals how this shift has industrialized cybercrime, exposed the limits of perimeter-based defenses, and elevated identity and trust as the new primary attack surfaces.

Korea’s case shows the wall buckles when the gate is automated. Cheap MVNO portals built for convenience let the syndicate impersonate 89 people without ever speaking to a human.

Inside the 18-Member Syndicate Now in Custody

With both leaders and the other 16 members now under governmental custody, the Ministry of Justice has confirmed the end to this specific transnational fraud. The Seoul Metropolitan Police plan to apply for an arrest warrant for the 40-year-old after an intensive investigation.

Korea JoongAng Daily reported the ring was headed by two individuals attending the same university, who orchestrated the acts from their bases in China and Thailand. A judge at the Seoul Central District Court issued the original arrest warrant on Jeon on charges of violating the Information and Communications Network Act and the Act on the Aggravated Punishment of Specific Economic Crimes, and his trial will keep Korea-Thailand cooperation in play through at least 2026.

Jungkook avoided personal loss. The next 257 names on the list mostly did not. Whether Korean prosecutors can recover the won that already crossed into crypto wallets, and whether MVNO regulators close the SIM activation loophole before the next syndicate spins up, are the only questions still open.

A new Linux root-shell exploit named Fragnesia landed publicly on May 13, 2026, and any unprivileged local user with shell access can run it in a single command. The flaw is tracked as CVE-2026-46300 with a CVSS score of 7.8. Every Linux kernel shipped before May 13, 2026 is exposed. It abuses a logic bug in the kernel’s XFRM ESP-in-TCP path to rewrite the in-memory copy of /usr/bin/su, injecting a stub that fires off a root shell. The on-disk binary is never modified.

Discovered by researcher William Bowling and the V12 security team, Fragnesia is the third Linux local privilege escalation to drop in three weeks. The lineage is uncomfortable. The upstream patch that closed Dirty Frag (kernel commit f4c50a4034e6) added code that trusts a marker that is not, in fact, accurate, and Bowling’s candidate follow-up patch carries a Fixes tag pointing at a 2013 kernel commit. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel’s XFRM ESP-in-TCP subsystem, discovered by researcher William Bowling of the V12 security team.

Inside The Exploit: A Six-Step Recipe For Root

Fragnesia turns a sequence of ordinary kernel calls into an arbitrary-byte write directly into the page cache of a setuid binary. The vulnerability allows any local unprivileged user to escalate privileges to root without requiring a race condition, making it one of the more reliable local privilege escalation exploits seen in recent years. No timing window. No kernel panic on failure. No exotic precondition.

The mechanics start with namespace gymnastics. The exploit calls unshare(CLONE_NEWUSER | CLONE_NEWNET) to obtain a namespace where it holds CAP_NET_ADMIN without any real privileges on the host. Inside that sandbox, the exploit installs an ESP-in-TCP security association using AES-128-GCM with a known key and SPI 0x100, then builds a one-time keystream lookup table that maps every possible byte value to a matching nonce.

The corruption itself happens in six clean steps. The public README walks through them in the V12 Fragnesia proof-of-concept code and write-up on GitHub:

1. Create a user and network namespace with unshare, gaining CAP_NET_ADMIN without host privileges.
2. Install an ESP-in-TCP security association via NETLINK_XFRM using AES-128-GCM with a known key.
3. Build a 256-entry keystream table by varying the IV nonce through AF_ALG to reach every possible stream byte.
4. Splice file pages into the TCP receive queue before the socket transitions into espintcp ULP mode.
5. Enable espintcp so the kernel decrypts the queued ESP record in place, XORing keystream bytes directly into the cached file page.
6. Execute /usr/bin/su, which now runs an injected ELF stub that calls setresuid(0,0,0) and drops a shell.

The Patch That Spawned The Next Patch

This is the part defenders need to sit with. Fragnesia is not a re-announcement of Dirty Frag. Dirty Frag works by chaining two separate kernel flaws, the xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284) and a RxRPC Page-Cache Write security issue (CVE-2026-43500), to achieve privilege escalation by modifying protected system files in memory. Fragnesia attacks the same surface but through a different invariant violation.

The bug lives several layers deeper than ESP processing itself. The underlying flaw is in the core socket-buffer code: skb_try_coalesce() failed to propagate the SKBFL_SHARED_FRAG marker when transferring paged fragments between buffers, so the kernel could lose track of the fact that a fragment was externally backed (e.g. by page-cache pages spliced in from a file). The XFRM ESP-in-TCP receive path would then perform in-place AES-GCM decryption directly over those page-cache pages, allowing an unprivileged user to XOR a chosen keystream byte into a read-only file’s cache page.

That breaks the assumption the original Dirty Frag fix relied on. Fragnesia is not a totally separate bug class from Dirty Frag. It is another exploit path through the same ESP/XFRM attack surface, and the original upstream Dirty Frag fix does not fully stop it. The candidate follow-up patch sitting on the netdev mailing list is a two-line change to skb_try_coalesce() that preserves the shared-frag flag during fragment transfer. The Fixes tag points back to a 2013 commit, which means the underlying invariant has been wrong for roughly 13 years.

The public disclosure thread was opened on May 13 by Gentoo developer Sam James to the oss-security list. The oss-security Fragnesia disclosure post by Sam James bundles the PoC source, the netdev patch, and the V12 advisory in a single message.

V12 attributes part of the discovery to its agentic AI tooling. V12 Security attributes part of the discovery process to agentic AI-assisted security tooling, and regardless of how much weight you give that claim, the cadence of exploit iteration is accelerating. The fact that the candidate fix carries a Fixes: tag pointing at a 2013 commit also suggests the bug class isn’t exhausted – there are probably more invariant violations in the same code path waiting to be found. Defenders should assume this bug class is not finished evolving.

Who’s Exposed Right Now

The blast radius is broad and specific at the same time. Every supported AlmaLinux release is affected. Every Ubuntu LTS kernel without the May 13 backport is affected. RHEL, CentOS Stream, Fedora, openSUSE, Debian, and Amazon Linux are all in the same bucket until distribution patches land. The AlmaLinux Fragnesia disclosure-day advisory and patched-kernel announcement notes that its core team built and shipped fixes ahead of upstream because exploitation looked trivial.

• CVE-2026-46300: the assigned identifier, CVSS 7.8.
• Ubuntu 6.8.0-111-generic: the confirmed test target on a single-command exploit.
• May 13, 2026: the netdev patch publication date that marks the kernel cutoff.
• 2013: the year of the kernel commit referenced in the candidate fix’s Fixes tag.
• Three: the number of universal Linux LPEs disclosed since April 29.

Mitigation Costs: Kill ESP, Lose IPsec

The interim mitigation is identical to the Dirty Frag one, and it carries the same operational price. Operators run rmmod against esp4, esp6, and rxrpc, then write an install-blacklist file under /etc/modprobe.d/ so the modules cannot be loaded again. The exploit’s attack surface disappears.

So does kernel-mode IPsec. esp4 / esp6 are the kernel-side ESP transforms used by IPsec. Disabling them breaks IPsec tunnels that rely on the kernel data path on the affected machine. Do not apply this mitigation on hosts that terminate or transit IPsec / strongSwan / Libreswan tunnels. Hosts that act as IPsec endpoints will lose connectivity the moment the modules unload. AFS clients lose their RxRPC transport.

WireGuard and OpenVPN users get a pass. Both stacks live outside the espintcp data path. If you are routing traffic through kernel-mode IPsec tunnels, those tunnels will break. If you use WireGuard (which runs in userspace, not through the espintcp path) or OpenVPN, you are not affected by the mitigation. If you are running IPsec, evaluate a userspace fallback before unloading the modules.

Microsoft’s Dirty Frag advisory frames the broader operational threat model that applies equally to Fragnesia. Local privilege escalation vulnerabilities are frequently used by threat actors after initial access to expand control over a compromised environment. Once root access is obtained, attackers can disable security tooling, access sensitive credentials, tamper with logs, pivot laterally, and establish persistent access. The Microsoft Security Blog post on active Dirty Frag attacks and post-compromise risk documents limited in-the-wild activity tied to the same module surface Fragnesia exploits.

Why Defenders Can’t See Page-Cache Tampering

Standard file-integrity tools are blind to this attack pattern. The on-disk /usr/bin/su byte sequence never changes. A tripwire comparing hashes against a known-good baseline returns clean every time. The Wiz Threat Intel advisory on the Fragnesia page-cache corruption primitive says the deterministic write primitive sits entirely in kernel memory.

The vulnerability allows unprivileged local attackers to modify read-only file contents in the kernel page cache and achieve root privileges through a deterministic page-cache corruption primitive.

That quote, from the Wiz Research team writing on May 13, captures the detection problem cleanly. The tampered su binary persists in memory until either a reboot or an explicit page-cache drop. Anyone who runs su on a compromised host between exploit time and reboot inherits the root shell. Forensics that depends on disk artifacts will turn up nothing.

The recommended cleanup is one command, but it is non-negotiable after suspected exploitation. The Fragnesia exploit works by corrupting page-cache pages of sensitive files (such as /usr/bin/su). If you suspect the system may have already been targeted before you applied the mitigation, drop the page cache so any tampered pages are evicted and the next read comes fresh from disk: … This is safe to run on a live system (it only frees clean cache and dentry/inode entries) and pairs well with the blacklist above. echo 1 | tee /proc/sys/vm/drop_caches handles the eviction.

Three Linux LPEs In Three Weeks: The AI-Accelerated Pattern

Fragnesia is the third Linux root flaw to drop since late April. Fragnesia is the third Linux kernel privilege escalation requiring a patch and reboot on affected hosts in just three weeks, following Copy Fail (April 29) and Dirty Frag (May 7). Each was discovered with assistance from automated or agentic security tooling. Each modifies the page cache without touching disk.

The first in the chain was Copy Fail. Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw. The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel’s authencesn cryptographic template. “An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root,” the writeup from security biz Theori explains. CISA added Copy Fail to its Known Exploited Vulnerabilities catalog on May 1, with a federal remediation deadline of May 15.

Dirty Frag arrived a week later, surfaced by Korean researcher Hyunwoo Kim. The Cloud Security Alliance’s CSA research note on Dirty Frag as an AI/ML infrastructure zero-day warned that page-cache attacks bypass traditional file-integrity monitoring and that AI inference hosts and Kubernetes nodes share the same page cache across all containers.

The pattern goes deeper than three bugs. Anthropic disclosed last week that its Mythos Preview model had autonomously chained kernel vulnerabilities to root a Linux host as part of Project Glasswing, Anthropic’s open-source kernel security partnership announcement. The Record’s reporting on Dirty Frag noted that AI tooling has compressed vulnerability hunting from years to weeks.

Bowling, who heads assurance at Zellic and runs V12, summarized the technical class concisely on May 13. “Fragnesia is a member of the Dirty Frag vulnerability class,” he wrote in the advisory. “This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag. It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition.”

The cycle is not finished. The development comes as a threat actor named “berz0k” has been observed advertising on cybercrime forums a zero-day Linux LPE exploit for $170,000, claiming it works on multiple major Linux distributions. “The threat actor claims the vulnerability is TOCTOU-based (Time-of-Check Time-of-Use), capable of stable local privilege escalation without causing system crashes, and leverages a shared object (.so) payload dropped into the /tmp directory,” ThreatMon said in a post on X.

One operational lesson keeps repeating. The XFRM ESP code path was written for a world where IPsec mattered to almost no userspace developer. It now sits in the same blast radius as splice, sendfile, and the page cache. Defenders should plan for at least one more disclosure in this surface before the bug class is exhausted.

Frequently Asked Questions

Am I Still Vulnerable If I Already Patched Dirty Frag?

Yes. The upstream Dirty Frag fix did not close Fragnesia. The bug is a separate invariant violation in skb_try_coalesce() that became practically exploitable only after the Dirty Frag patch landed on May 8. Apply your distribution’s May 13 kernel update or, if no patched kernel is available yet, run the rmmod and modprobe blacklist commands for esp4, esp6, and rxrpc. Then drop the page cache with echo 1 | tee /proc/sys/vm/drop_caches before granting shell access again.

Will The Mitigation Break My VPN?

It will break kernel-mode IPsec tunnels. esp4 and esp6 are the IPsec transforms in the Linux data path, so any host running strongSwan or Libreswan as an endpoint or transit node will lose tunnel traffic the moment the modules unload. WireGuard runs entirely in userspace and is unaffected. OpenVPN is also unaffected. If you depend on kernel IPsec, evaluate a userspace fallback or wait for the patched kernel rather than running the blacklist.

How Do I Tell If My System Has Been Exploited?

Traditional file-integrity monitoring will not detect Fragnesia because the on-disk /usr/bin/su binary is never modified. Hunt for anomalous setuid binary execution from unexpected user contexts, namespace creation by unprivileged accounts, and unusual splice or sendmsg syscall patterns in audit logs. After remediation, drop the page cache with echo 1 | tee /proc/sys/vm/drop_caches and reboot. Treat any successful exploitation as full host compromise and rotate credentials accessed from the host.

When Will Patched Kernels Reach My Distribution?

AlmaLinux and CloudLinux shipped patched kernels in their testing streams on May 13. Ubuntu, Debian, and openSUSE typically follow within 24 to 72 hours of a netdev patch for a critical kernel CVE. RHEL backports usually arrive within a week. Monitor your distribution’s security mailing list and the upstream stable kernel branches. If you cannot wait, KernelCare and other livepatch services were preparing rebootless backports as of disclosure day.

Does This Bug Affect Containers Or Kubernetes Nodes?

Yes, in a particularly nasty way. The Linux page cache is shared between the host kernel and every container running on it. An attacker with shell inside an unprivileged container can corrupt the host’s cached copy of /usr/bin/su and escape to root on the node. Multi-tenant Kubernetes clusters, CI runners that execute untrusted code, and AI inference pipelines that expose interactive shells are the highest-risk environments. Patch nodes first, then drain and recycle workloads.

Fragnesia closes a strange chapter that has lasted three weeks and likely is not over. The same code path produced Copy Fail, Dirty Frag, and now this, and the candidate fix’s pointer at a 13-year-old commit suggests the auditors are still finding new ways to misuse old assumptions. For server operators, the right reflex over the next 48 hours is the same one Microsoft, AlmaLinux, and Wiz are all converging on: patch, then drop caches, then verify what the host was doing while it was exposed.

Disclaimer: This article covers a publicly disclosed Linux kernel vulnerability and the recommended remediation steps published by V12 Security, AlmaLinux, Wiz, and Microsoft as of May 14, 2026. The information is for general awareness only and should not replace formal incident response procedures. System administrators should validate every patch and module-blacklist change in a controlled environment before production deployment and consult their security operations team for environment-specific guidance. Vendor advisories and CVE scoring may change as further analysis is published.