Fragnesia: The Root You Didn't See Coming

22:508 scenes8 speakersBriefing

01 Cold Open: Root Access, No Race Condition Required

Chapters

01Cold Open: Root Access, No Race Condition Required

02Sponsor — Blue Cortex AI

03Fragnesia: The Kill Chain and Why It's Different

04Fragnesia: The OT Blind Spot

05Next.js SSRF Toolkit and SD-WAN: Before the Weekend

06Mythos and the 4.7-Month Clock: When Does AI Break Disclosure?

07Canvas Litigation Wave: The 130-Day Gap and What It Signals

08Synthesis: What You Do Before Monday

Speakers

HalilAlexLenaSaraJamesPierreDr.Dr.

▶01Cold Open: Root Access, No Race Condition Required00:00

HalilA public PoC that gives any local attacker root on every unpatched Linux kernel — no race condition, no timing tricks. It just works. And almost nobody is talking about it yet.

HalilWelcome to CyberDaily Threatcast. I'm Halil Öztürkci. Let's get into it.

HalilFour threads today. First: CVE-2026-46300, codename Fragnesia — the third universal Linux local privilege escalation in under three weeks. We're going deep.

HalilSecond: the Next.js WebSocket SSRF has crossed a line. A full exploit toolkit is now public. Seventy-nine thousand self-hosted instances. Weekend mass exploitation is on the table.

HalilThird: Cisco SD-WAN's vdaemon peering service — we covered the SD-WAN story earlier this week, but today there's a new detail that changes the urgency entirely. A Metasploit module, twelve days out.

HalilAnd fourth: Anthropic's Mythos model just found zero-days in macOS and solved an OT cyber range exercise no AI had ever cracked. AISI says capability is doubling every four point seven months. We'll talk about what that actually means for patch SLAs — we touched on AI exploitation timelines on May tenth, but today Arjun has new Mythos-specific findings that materially change the picture.

HalilAlex, Sara, James, Lena — Fragnesia first. Let's go.

▶02Sponsor — Blue Cortex AI01:50

HalilThis episode is brought to you by Blue Cortex AI and Tarhy — their autonomous SOC platform. Here's what Tarhy does: it pulls alerts from your EDR stack — Defender, CrowdStrike, Cortex XDR, SentinelOne — and its AI agents triage every single one, around the clock. Not just pattern matching. Multi-step reasoning, cross-event correlation, MITRE ATT&CK mapping, and a confidence-scored verdict — all in about three minutes. And here's the thing that matters: their Neural Timeline shows you exactly how the AI reached each decision. No black box. The results speak for themselves — sixty to seventy percent fewer false positives, eighty percent faster time to verdict. If your SOC is drowning in five thousand alerts a day, Tarhy can save twenty-five hundred analyst hours a month. Check them out at bluecortex.ai.

▶03Fragnesia: The Kill Chain and Why It's Different02:58

HalilAlex. CVE-2026-46300. Why is this one genuinely scary and not just another CVSS panic?

AlexBecause it's deterministic. That's the word that matters here. No race condition, no timing dependency — the exploit runs clean every time.

HalilWalk us through the mechanics.

AlexSo, the XFRM subsystem — that's Linux's IPsec framework — supports ESP-in-TCP, basically tunneling IPsec through TCP to traverse NATs. The bug is in how the kernel coalesces socket buffers during a ULP mode transition.

AlexThat creates a write primitive. Then — and this is the clever part — the attacker uses AES-GCM keystream manipulation. Craft specific ESP-in-TCP packets, the decryption produces a known keystream, XOR that against page cache pages.

LenaAnd the file on disk is untouched. The write stays in RAM.

AlexExactly. You overwrite something like slash usr slash bin slash su in memory. Root access. The on-disk binary is clean — forensics miss it if they're only checking file integrity.

HalilLena, you mapped the timeline. How fast did we get here?

LenaVery fast. Dirty Frag — same XFRM attack surface — was embargo-breached April 30th. The Hacker News reported active exploitability on May 8th. Fragnesia was disclosed May 13th and 14th by V12 Security. That's two weeks from embargo breach to a second distinct vulnerability in the same subsystem.

AlexThree universal Linux LPEs in under three weeks. Poison Pages, Copy Fail, Dirty Pipe — attackers have templates for this class of bug. The weaponization timeline here is days, not weeks.

LenaI want to be precise though — the clustering is researcher-driven, not actor stockpiling. I see no APT pre-exploitation, no zero-day use before disclosure. PoCs appeared with the disclosures.

HalilSo we're looking at opportunistic exploitation, not a targeted campaign — for now.

LenaModerate confidence on that. The toolkit is public. Opportunistic exploitation follows. But no named actor yet.

▶04Fragnesia: The OT Blind Spot05:22

HalilSara, this is where you lit up in the briefing. Tell me why OT environments are in a different category here.

SaraBecause the vulnerable kernels are everywhere in OT — they're just not where IT security people look.

SaraLevel 3, your historians and SCADA servers — RHEL, Ubuntu LTS, often enterprise Linux that should be patchable. But then Level 2, your HMI workstations, your engineering laptops? Those are running whatever kernel the vendor certified. Sometimes from 2019.

JamesAnd the laptops are the worst of it, right? They move between IT and OT networks.

SaraThat's my nightmare scenario. Engineer plugs in after visiting a malicious site, Fragnesia turns that foothold into root, and now you have a pivot point into the safety network.

HalilWhat about the modprobe blacklist — is that actually safe in an OT environment?

SaraYeah, honestly, for most OT environments — yes. Modbus TCP, DNP3, EtherNet/IP, OPC UA — none of those use host-level IPsec. The esp4 and esp6 modules handle IPsec ESP transformation, and that lives at the firewall level in most plants, not on the hosts.

SaraThe one edge case is IEC 62351-5 implementations using IPsec for substation protocol security. Rare, but they exist. If you're running secure R-GOOSE or R-SV with IPsec, verify before you blacklist.

JamesSame guidance for IT, honestly. Run lsmod, grep for esp4, esp6, rxrpc. If those modules aren't loaded, blacklist immediately — it's safe relief right now.

SaraThe brutal truth on patch timelines: enterprise Linux at Level 3, maybe seven to fourteen days. Embedded vendor Linux — Siemens, Rockwell, Schneider — we're talking Q3 or Q4 2026 at the earliest. Vendor validation plus safety certification delays.

HalilAnd end-of-life embedded PLCs?

SaraNever. Compensating controls only. That's the reality we operate in.

JamesSo the action is: blacklist the modules today where you can, inventory every Linux kernel in the OT environment by Purdue level, tag by vendor patch support status, and watch those engineering laptops — they're your most likely initial access vector.

▶05Next.js SSRF Toolkit and SD-WAN: Before the Weekend08:06

HalilLet's move to CVE-2026-44578 — the Next.js WebSocket SSRF. Lena, you flagged no named actor attribution. Alex, is that relevant to the urgency calculus?

AlexNot really. The toolkit is public — interactive shell, automated scanning pipeline. Seventy-nine thousand self-hosted instances. You don't need an APT to run a scanning pipeline.

LenaRight. The tooling appears researcher-created, not a known campaign. Broad-spectrum opportunistic exploitation — that's my read.

PierreSeventy-nine thousand exposed instances is not an abstract number. These are production deployments running e-commerce, SaaS platforms, internal tooling. The attack path — WebSocket upgrade to cloud metadata credential harvest — that's a direct path to AWS keys, GCP service accounts.

AlexAnd Vercel-hosted deployments are unaffected — this is purely a self-hosted problem. So the exposure is concentrated and inventoriable.

JamesJames here. Two things to do today, right now. WAF rules — block Upgrade headers containing websocket on routes accepting user input. And block egress to cloud metadata endpoints at the network layer. One sixty-nine dot two fifty-four dot one sixty-nine dot two fifty-four — drop all egress from app servers.

HalilAnd AWS IMDSv2?

JamesAWS made IMDSv2 default for new instances in 2024, but legacy instances may still run IMDSv1. Verify your state on each instance. Don't assume.

HalilNow — SD-WAN. We covered this earlier in the week. Alex, you said there's a detail that changes the calculus. Make the case.

AlexTwelve days. That's when Rapid7 releases the Metasploit module for CVE-2026-20182 — May 27th. The module automates the bypass and SSH key injection into vmanage-admin authorized keys. Full control-plane access, point and click.

LenaHmm. So the exploitation curve steepens dramatically at that date.

AlexExactly. Right now this requires understanding DTLS internals and the vdaemon handshake. After May 27th, it's script-kiddie territory.

JamesSnort SIDs 66482 and 66483 are live from Talos today. That's your immediate detection coverage. And check vdaemon dot txt logs for challenge-ack zero in TX statistics — that's a forensic artifact of unauthenticated peering attempts.

HalilImportant caveat from Alex's briefing: Rapid7 confirmed CVE-2026-20182 is not a patch bypass of CVE-2026-20127. If you patched the February and April vulnerabilities, you are not covered here. Different attack path, same service.

▶06Mythos and the 4.7-Month Clock: When Does AI Break Disclosure?11:30

HalilWe covered AI exploitation timelines on May tenth. But Arjun, today you have Mythos-specific findings that go further. What's genuinely new?

Dr.Two things that weren't in the May tenth discussion. One: Mythos found an actual exploitable privilege escalation chain in macOS — a fifty-five-page technical report delivered to Apple, who confirmed they're reviewing it. This is not a toy finding.

Dr.Two: Mythos solved the Cooling Tower OT/IT hybrid cyber range exercise. No frontier model had cracked that before. It succeeded three out of ten attempts — probabilistic, not reliable — but the point is the iterative capability gain between checkpoints.

SaraWait — Cooling Tower is an OT/IT scenario. What does it mean that an AI can now reason through that?

Dr.It means the attack surface for OT environments now includes adversaries with access to models that understand industrial protocol contexts. That's new.

LenaI want to hold onto that three-of-ten number though. It's probabilistic. We shouldn't treat this as reliable autonomous exploitation yet.

Dr.Absolutely right, Lena. And that's exactly why the four point seven month doubling rate is the real story. Today it's three of ten. What does six months look like?

HalilAISI's data — where does the four point seven months come from specifically?

Dr.AISI's evaluation framework tracks autonomous cyber task completion time since late 2024. Mythos and GPT-5.5 are actually exceeding that trendline. Palo Alto's Unit 42 found AI identifying twenty-six CVEs representing seventy-five issues in a single month — versus under five per month for typical human-led discovery.

PierreSo what breaks first? The ninety-day disclosure window?

Dr.Yes. Current SLAs assume human-speed research and weaponization. When discovery-to-exploit compresses to single-digit hours, ninety days becomes — Deloitte's word, not mine — liability theater.

HalilAnd the OpenBSD finding? Why does that matter beyond the headline?

Dr.Because OpenBSD is twenty-seven years of paranoid code review, explicitly designed to resist this kind of scrutiny. If Mythos found exploitable memory-safety bugs there, no vendor's production code should be considered exempt.

LenaThat's the framing I'd take to a CISO. Not 'AI found a bug.' It's 'the codebase you trusted most just failed an AI audit.'

Dr.And the disclosure framework isn't designed for AI-scale submission velocity. Bounty programs handle tens of reports per month. Mythos-class auditing could generate more valid reports in a day than a typical program receives in a quarter. That's a structural problem, not a process problem.

▶07Canvas Litigation Wave: The 130-Day Gap and What It Signals14:41

HalilWe've covered Canvas from multiple angles this week — the ShinyHunters attribution, the ransom deadline, the financial exposure. Today's angle is different: twenty-five-plus federal lawsuits and what they signal for the education sector's legal liability. Sofia, walk us through it.

Dr.The number that matters is one hundred thirty days. That's the gap between the breach — December 4th — and notification on April 16th. HIPAA's Breach Notification Rule requires notification within sixty calendar days of discovery. Maximum. This is more than double that.

HalilIs there a law enforcement exception that could cover this?

Dr.There is a temporary delay provision — but it requires a specific written request from law enforcement stating notification would impede a criminal investigation. Absent documented evidence of that request, the one hundred thirty days falls squarely outside the regulatory safe harbor.

PierreAnd the penalty exposure at that timeline — what are we talking about?

Dr.Under HIPAA's tiered structure, willful neglect not corrected can reach up to one point five to two million dollars per violation category. If multiple state statutes apply — Connecticut requires notification without unreasonable delay — aggregate exposure increases significantly.

HalilWhat about FERPA? Plaintiffs are suing over student data. Does FERPA have bite here?

Dr.This is the critical distinction most people miss. FERPA does not mandate breach notification to students at all. It requires educational agencies to maintain records of disclosures — not to notify data subjects of unauthorized access. Plaintiffs' strongest claims run through HIPAA and state law, not educational privacy statute.

LenaHmm. So the litigation strategy depends entirely on whether health or biometric data was in the exposed dataset.

Dr.Exactly. Biometric data compounds severity considerably — several state biometric privacy laws carry statutory damages that don't require proof of actual harm. That's a meaningful difference for class certification.

HalilThe plaintiffs are demanding ten years of monitoring. Realistic?

Dr.Ambitious opening position. The FTC has secured twenty-year consent decrees in major breaches — Equifax, Capital One — but that's direct enforcement, not private litigation. Courts have been reluctant to impose decade-plus injunctive relief against educational institutions. More realistic outcome: three to five years of independent security assessments plus remediation funds.

HalilSo what does every education sector organization do right now?

Dr.Three things. Impose seventy-two-hour maximum notification clauses in all vendor SLAs — the detection-to-notification chain cannot exceed this. Implement dual-trigger protocols: if health data is involved, assume HIPAA applicability and start the sixty-day clock at detection, not confirmation of exfiltration. And audit state-by-state notification matrices — the patchwork matters.

▶08Synthesis: What You Do Before Monday18:04

HalilLet me pull all of this together. We covered a lot of ground and I want to leave you with the clearest possible picture of what matters, in what order.

HalilNumber one: Fragnesia. CVE-2026-46300. Patch or mitigate within forty-eight hours. Run lsmod — grep for esp4, esp6, rxrpc. If those modules aren't loaded, blacklist them now. Red Hat RHSB-2026-003 is your reference. Check your distribution's advisory directly — Ubuntu and SUSE timelines were not confirmed as of this recording.

JamesAnd OT teams — schedule emergency maintenance windows for Level 2 and Level 3 Linux systems. Apply the modprobe blacklist as your bridge mitigation. Engineering laptops that touch OT networks are your highest-risk surface.

HalilNumber two: Next.js. Seventy-nine thousand self-hosted instances. Patch before end of business Friday. Check official Next.js release notes for current patched versions — confirm the version numbers before you deploy. If you can't patch today, WAF rules on WebSocket upgrades and block egress to cloud metadata endpoints right now.

AlexAnd verify IMDSv2 on every instance. Don't assume the 2024 default covers your legacy environment.

HalilNumber three: Cisco SD-WAN. Deploy Snort SIDs 66482 and 66483 today. Audit vdaemon logs for challenge-ack zero entries. You have twelve days before the Metasploit module makes this trivial — use them. And note: prior patches against the April UAT-8616 chain do not cover CVE-2026-20182. Different attack path.

HalilNumber four — the strategic thread. Arjun laid out something that should sit with every CISO in this audience: Anthropic's Mythos found real, exploitable vulnerabilities in macOS and OpenBSD. Autonomously. AI cyber task capability is doubling every four point seven months. The ninety-day disclosure window is already mismatched to exploitation reality.

Dr.Start planning now for compressed disclosure timelines. Establish AI-aware SLAs with your major OS and platform vendors. Include AI-discovered vulnerability scenarios in your next red team exercise. The window to get ahead of this is closing.

HalilAnd on Canvas — if you hold health data, biometric data, or any sensitive personal information in a third-party LMS, audit your vendor SLA notification timelines today. The one hundred thirty-day gap at Goodwin University is going to be the benchmark plaintiffs cite in every future education sector case. Get ahead of it.

HalilWhat we're watching tomorrow: kernel patch availability updates across distributions for Fragnesia, any confirmed exploitation of the Next.js toolkit over the weekend, and the Cisco SD-WAN module development timeline out of Rapid7.

HalilThat's it for today's CyberDaily Threatcast. Stay safe. See you tomorrow. Thanks to Blue Cortex AI for sponsoring today's episode. Autonomous SOC, real reasoning, no black box. bluecortex.ai.

Episodes

Wed20May

Exploitation Overtakes Credentials: The DBIR Inflection Point

34:4711 sc

Tue19May

pgcrypto's Twenty-Year Debt, Storm-2949's Invisible Breach, and the @antv Worm

33:4910 sc

Mon18May

47 Zero-Days, No Patches: Pwn2Own Berlin's Reckoning

30:2910 sc

Sun17May

TOTP Secrets, Silent Patches, and a 2005 Malware That Rewrites History