Skip to main content

LHB Linux Digest #26.08: Two Kernel Bugs You Need to Know, SSH Tunneling, and AI Pentesting

Imagine you could automate pentesting with a bunch of AI agents.

Β· By Abhishek Prakash Β· 6 min read

Warp Terminal

Short one this week my friend, energy's a bit low on my end, but two kernel vulnerabilities landed that are too important to skip, so let's get into it.

Two old, nasty kernel bugs got public exploits this week. If you're running KVM or any kind of multi-tenant containers, this is a "patch today, not this weekend" situation.

GhostLock (CVE-2026-43499) is a 15-year-old use-after-free bug in the Linux kernel's futex/rtmutex subsystem. It lets an unprivileged local user grab root and escape containers on unpatched systems. This one's been sitting quietly since 2011, affects pretty much every major distro, and researchers have already shown a reliable exploit that gets root in about five seconds. It also breaks container isolation, so if you're self-hosting anything multi-tenant, take this seriously.

Januscape (CVE-2026-53359) is a 16-year-old use-after-free in KVM's shadow MMU implementation. It can let an attacker escape a guest VM and run code on the host, on both Intel and AMD systems. Cloud providers and anyone running untrusted workloads in virtualized environments are the biggest targets, but if you run KVM at home, it's worth checking your patch status too.

Two decade-plus-old bugs surfacing with working exploits in the same week is a good reminder that "old and stable" doesn't mean "safe to ignore."

πŸ“š Worth reading from Linux Handbook

A Postgres instance on a remote server, port 5432 not exposed to the internet (rightly so). How to access it? The fix is SSH tunneling, and this tutorial walks through all three flavors with the actual commands and real use cases behind them.

  • Local forwarding (-L) to reach a remote service, like that Postgres box, as if it were running on your own machine
  • Remote forwarding (-R) to expose something local, like a webhook receiver on your dev machine, to the outside world through a VPS
  • Dynamic forwarding (-D) to turn your SSH connection into a SOCKS proxy for encrypting your traffic on untrusted WiFi

If you've ever wanted to skip standing up a VPN just to reach one service, this is worth ten minutes of your time. Read the full guide.

Also recent, in case you missed them:

πŸ’‘Quick terminal tip

Most Linux users know how to extract archives, but tar includes several lesser-known options that can make working with archives safer and more efficient.

Before extracting an archive, inspect its contents:

tar -tf archive.tar.gz

This lists every file and directory inside the archive without extracting anything.

To avoid cluttering your current directory, extract the archive into its own automatically created folder:

tar -xf archive.tar.gz --one-top-level

If you prefer a custom directory name instead, specify it explicitly:

tar -xf archive.tar.gz --one-top-level=archive

Finally, you don't have to extract the entire archive. To restore only specific files or directories, list them after the archive name:

tar -xf archive.tar.gz path/to/file.txt docs/

This is particularly useful when working with large source archives or backups where you only need a handful of files.

πŸ› οΈ Tool discovery

Let's find your next favorite software in this section.

DarkMoon: AI-Powered Autonomous Penetration Testing Platform

DarkMoon is an open-source platform that runs full penetration tests using AI agents that plan, execute, and validate real exploits against a target, across web apps, Active Directory, and Kubernetes.

Why use it? Well, manual pentesting takes weeks and a proper consultant costs thousands a day, and Dark-Moon automates that entire loop, from recon to a structured, evidence-backed report, using 50+ integrated tools like Nuclei, sqlmap, and BloodHound under the hood.

It also runs a local privacy gateway that keeps your real IPs, hosts, and credentials from ever reaching the LLM provider. Good fit for DevSecOps pipelines, bug bounty workflows, or just testing your own homelab exposure before someone else does.

You can self-host it or purchase a plan from their website.

GitHub - ASCIT31/Dark-Moon: Autonomous AI pentesting engine, continuous offensive security across web, cloud, AD & Kubernetes. Agentic reasoning + real exploit execution deliver proof-based vulnerabilities. Privacy gateway: the LLM never sees your real IPs, hosts, creds or paths (deterministic placeholders rehydrated locally), nothing leaves your perimeter.
Autonomous AI pentesting engine, continuous offensive security across web, cloud, AD & Kubernetes. Agentic reasoning + real exploit execution deliver proof-based vulnerabilities. Privacy gatewa…

Dashy: Self-Hosted Dashboard for Homelab and Infrastructure Services

Dashy is an open-source, self-hosted dashboard that provides a unified homepage for accessing infrastructure services, applications, and development tools. It combines link management with service health monitoring, widgets, authentication, and extensive customization, making it a practical landing page for homelabs, self-hosted environments, and DevOps teams managing numerous services.

  • 🚦 Service Health Monitoring: Displays real-time availability and status checks for configured applications and services.
  • πŸ“Š Rich Widget Ecosystem: Integrates dynamic widgets for self-hosted services, system information, and external APIs to create an operational dashboard.
  • 🎨 Highly Customizable UI: Supports multiple themes, icon packs, custom CSS, configurable layouts, and a built-in visual configuration editor.
  • πŸ” Fast Navigation: Includes instant search, keyboard shortcuts, multiple pages, and flexible launch options for quickly accessing services.
  • 🐳 Easy Deployment: Runs via Docker, Docker Compose, or directly from source, with support for multi-architecture container images.
GitHub - lissy93/dashy: πŸš€ A self-hostable personal dashboard built for you. Includes status-checking, widgets, themes, icon packs, a UI editor and tons more!
πŸš€ A self-hostable personal dashboard built for you. Includes status-checking, widgets, themes, icon packs, a UI editor and tons more! - lissy93/dashy

πŸ“° Linux news that matters

  • Apple has released version 1.0 of its open-source Container project, a Swift-based tool that runs OCI-compatible Linux containers inside lightweight virtual machines on Apple silicon Macs. The stable release introduces persistent Linux environments through the new container machine command, adopts TOML-based configuration, and adds capabilities such as host-to-container file copying while establishing a stable baseline for future development.
  • The German state of Mecklenburg-Vorpommern is expanding its open-source strategy by rolling out a self-hosted Nextcloud platform across state and municipal administration, with a long-term target of more than 50,000 public-sector employees. The initiative replaces Microsoft SharePoint for collaboration, is operated on state-controlled infrastructure, and forms part of a broader digital sovereignty strategy that also includes OpenProject and a locally controlled AI assistant based on OpenWebUI while emphasizing open standards and European technologies.
  • AWS has expanded its DevOps Agent with release management capabilities that automatically review code changes, validate dependency impacts and access controls, and execute functional verification in managed environments before software is deployed. The enhancement moves the agent beyond troubleshooting and operations into pre-production quality assurance, positioning it as an AI-assisted release engineer integrated into the software delivery lifecycle.
  • Researchers at Noma Security disclosed GitLost, a prompt-injection technique that tricks GitHub Agentic Workflows into reading data from private repositories and publishing it in a public repository comment. The attack requires only a crafted GitHub Issue in a public repository when the organization's AI workflow has read access to private repositories, illustrating how natural-language instructions embedded in untrusted content can override the agent's intended behavior.

πŸ˜‚ Geek humor

πŸ’Œ Keep on loving Linux Handbook

GitOps course is nearly ready. It should arrive next week.

Perfect time to become a Pro member and enjoy unlimited access to our eBooks, courses and in-depth tutorials.

Missed the previous editions?Β You canΒ access the newsletter archives.

You may also contribute to Linux Handbook and share your experience and expertise with the community.

I like reading your messages, so just hit the reply button and share your thoughts πŸ˜„

About the author

Abhishek Prakash Abhishek Prakash
Updated on Jul 10, 2026