A supply chain attack campaign utilizing sleeper packages has been identified, distributing malicious payloads that enable credential theft, GitHub Actions tampering, and SSH persistence mechanisms. The attack is attributed to the GitHub account 'BufferZoneCorp' which has published malicious Ruby gems and Go modules.

A newly disclosed Linux vulnerability called Dirty Frag allows attackers with unprivileged access to escalate privileges to root by exploiting kernel networking and memory-fragmentation handling. Microsoft Defender has detected limited active exploitation in the wild, and the flaw can be leveraged after initial compromise through SSH, web shells, containers, or low-privileged accounts.