Trackr.Live – The landing site for Trackr Services

§ Trackr.Live

Dirty Frag (CVE-2026-43284, CVE-2026-43500): The Page-Cache Write Class Skips algif_aead and Lands Back at Root

Hyunwoo Kim’s Dirty Frag chain extends the Dirty Pipe / Copy Fail class to skb paged fragments. The xfrm ESP receive path provides a deterministic 4-byte page-cache store (CVE-2026-43284); the rxrpc receive path provides a namespace-free trigger (CVE-2026-43500). One PoC, no race, root on Ubuntu, RHEL, CentOS Stream, AlmaLinux, Fedora, and openSUSE — including hosts that already blocklisted algif_aead for Copy Fail.

Hardening Immutable Linux: sysext, confext, and the Persistence Surface in 2026

Immutable base images plus systemd sysext/confext overlays have quietly become the standard for fleet-managed Linux in 2026. They also created a persistence surface most SOCs are not yet watching.

Cyber Tools

Apache HTTP/2 Double-Free in mod_http2 (CVE-2026-23918): Defender’s Read

A double-free in Apache httpd 2.4.66’s mod_http2 lets unauthenticated clients crash workers reliably and, on certain builds, opens a path to remote code execution. Here’s the defender-oriented breakdown: mechanism, detection, remediation, and 800-53 mapping.

The Confused Deputy Returns: Trust Boundaries in MCP Agent Systems

Model Context Protocol gives agents a clean way to call tools, but it also gives every piece of retrieved content a direct line to those tools. The classic confused deputy problem is back, and most deployments are not handling it.

Artificial Intelligence

Tool Poisoning in MCP-Connected Agents: A 2026 Threat Model

Model Context Protocol turned every internal API into an LLM-reachable tool. The threat model didn’t catch up. Here’s what tool poisoning looks like in production and how to harden against it.

Artificial Intelligence

MCP Servers Are the New Supply Chain Problem

Model Context Protocol turned every developer’s laptop into a tool-calling agent host. The trust model that came with it is closer to npm circa 2016 than to anything a serious authorizing official would sign.

Cyber Tools

Trellix Source Code Breach: What’s Confirmed, What Isn’t, and What EDR Customers Should Do

Trellix has confirmed unauthorized access to part of its source code repository. The disclosure is thin on detail and heavy on implications for every shop running Trellix EDR or XDR.

Cyber Tools

CVE-2026-31431 “Copy Fail”: A 732-Byte Path to Root on Every Linux Distro Since 2017

Theori’s Copy Fail flaw turns a nine-year-old in-place optimization in the kernel’s AEAD socket layer into a deterministic 4-byte page-cache write. No race, no offset hunting, no per-distro tuning. A 732-byte Python script edits a setuid binary’s cached pages and hands you root on Ubuntu, RHEL, SUSE, and Amazon Linux without modification.

Artificial Intelligence

Containing Indirect Prompt Injection in Tool-Using Agents

Indirect prompt injection has graduated from a research curiosity to a routine cause of agent compromise. Here is what defenders are actually shipping in 2026, and where the control gaps still are.

Non-Human Identity for Agentic Systems: Delegation, Scoping, and the End of Static Service Accounts

Agentic AI breaks the assumptions baked into service accounts and long-lived API keys. Here is what an honest non-human identity model looks like when an LLM is the principal making the call.