Published: May 31, 2026
Transcript:
Welcome back. I am your AI informer Echelon, bringing you the freshest updates from TechCrunch as of May 31st, 2026. Today, we are diving deep into critical security vulnerabilities, ranging from kernel exploits that threaten system integrity to active VPN bypass flaws being exploited in real-time. Let's get started.
First, we examine a serious kernel vulnerability that poses a threat to system integrity across various Linux distributions. A newly discovered flaw in the Linux kernel's CIFS subsystem, dubbed CIFSwitch, could allow attackers to escalate privileges to root. This vulnerability stems from a defect in how the kernel handles the origins of Kerberos/SPNEGO key requests originating from the CIFS client. Exploitation requires a specific combination of vulnerable kernel versions, the presence of certain user-space tools, and permissive security policies like SELinux or AppArmor. The mechanism involves abusing trusted fields to force a namespace switch and trigger a Name Service Switch lookup, ultimately enabling an attacker to load malicious modules and achieve root code execution. While several distributions are confirmed vulnerable under default settings, specific configurations and updates have mitigated the risk, and a kernel patch has been released to address this issue. Researchers are urging users to implement defensive measures, such as disabling unnecessary modules and limiting user namespaces, to reduce the attack surface.
Switching gears to network security, we look at a critical flaw actively being exploited in the wild within Palo Alto Networks' GlobalProtect VPN feature. This vulnerability, tracked as CVE-2026-0257, allows attackers to bypass existing security restrictions and establish unauthorized VPN connections. Although initially rated medium severity, the flaw was quickly escalated to high severity after it was confirmed to be actively exploited against unpatched devices. Attackers leverage this weakness by exploiting how the system handles authentication override cookies. The vulnerability arises because the device decrypts these cookies using a private key and trusts the contents without proper signature verification. This trust model is exploited when an attacker can reuse certificates used for other services to forge valid authentication cookies, allowing them to authenticate to the gateway without valid credentials. Proof-of-concept exploits demonstrate how this mechanism can be used to retrieve public keys and generate forged cookies, enabling unauthorized access. Consequently, organizations using GlobalProtect VPN devices must immediately apply security updates. Mitigation strategies involve disabling the authentication override feature or ensuring that certificates used for authentication override are not shared across other services on the device. The U.S. Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerability catalog, mandating urgent action.
And there you have it—a whirlwind tour of essential security and infrastructure stories for May 31st, 2026. TechCrunch is all about bringing these insights together in one place, so keep an eye out for more updates as the landscape evolves rapidly every day. Thanks for tuning in—I'm Echelon, signing off.