Security experts found a flaw in the way the Linux kernel handles small pieces of data sent over a network.

A person with very little access can use this trick to gain total power over the system almost every single time they try.

How the Attack Works

The issue comes from two bugs known as CVE-2026-43284 and CVE-2026-43500.

These bugs happen because the system does not properly check memory when putting together broken bits of network data.

By sending specifically made data, a hacker can force the computer to overwrite important files that keep the system safe.

Staying Safe

Fixing this is tricky because the bad data can hide in the computer's memory even after you think you fixed it.

People running these systems should update their software as soon as a fix comes out from their provider.

You can also turn off certain network settings to stop the attack from happening right now.

The main takeaway is that even small mistakes in how computers handle data can lead to total security failures if not fixed quickly.

Officials at the Department of Defense want everyone to stay sharp as online threats change quickly.

This new plan will require staff to retake their safety training every three years to make sure they still know the best way to stop hackers.

New Rules for the Military

The Pentagon is now setting one clear rule that all parts of the military must follow.

Before this, the Army tried to let people take the training just once, but top leaders decided that was not safe enough.

By making everyone study again every few years, the government hopes to stop simple mistakes that lead to big problems.

Fixing Training Gaps

Leslie Beavers, who is a top leader for military computers, says that having the same rules for everyone is the best way to stay ready.

The military wants to move away from old tests that people just click through without learning anything useful.

Instead, they are looking for better ways to teach skills that actually help soldiers protect important data in the real world.

Stronger training standards help ensure that every member of the defense team is ready to face new digital dangers.

The conversation highlights that cloud security was once treated as an isolated "island" of specialized tools and teams, but has now merged into the mainstream of security operations. In contrast, AI has emerged as a global earthquake, affecting every security domain simultaneously. While 2023 was about the initial awakening to AI and 2025 saw its rise, 2026 is described as the "reality of AI," where the technology is no longer a separate concept but a fundamental component of tools like firewalls, email security, and Security Operations Centers (SOCs).

A major shift is occurring toward an "agentic SOC," where AI agents handle tasks like triage, investigation, and malware analysis. These agents can perform complex decompilation and binary analysis in seconds—tasks that previously cost tens of thousands of dollars and took weeks of human effort. However, there is a noted cultural resistance termed "SOC-home syndrome" (a play on Stockholm syndrome), where some security teams actively fight to keep manual processes despite the clear efficiency and net-new capabilities AI agents provide.

Despite technological leaps, the "speed of sound" in security remains a barrier, particularly in patching. Many enterprise systems, like databases or critical industrial controllers, cannot be patched immediately regardless of how fast AI identifies vulnerabilities. This leads to the "ragged edge of adoption," where some organizations are pioneering AI-driven autonomous defense while others are still grappling with basic cloud migration. True resilience in this environment requires a mix of re-architecting legacy systems and prioritizing mission-critical business processes over purely technical metrics.

A student wanted to see if he could stop a moving train from his own computer by finding a back door into the railway network.

Police arrested the student after the Taiwan High Speed Rail Corporation noticed someone was trying to mess with their controls.

Breaking the Safety System

The student found a way to get past the security checks that keep the train tracks safe from the public.

He successfully sent a command that told the train to use its emergency brakes while it was on the move.

This caused a lot of worry because stopping a fast train suddenly can be very dangerous for the people sitting inside.

Finding the Hacker

Safety teams at the rail company saw the strange activity on their screens and quickly blocked the access.

They worked with local police to track the computer signals back to the student's home.

The young man told officials he was just curious and did not mean to hurt anyone, but he still faces serious legal trouble.

This event shows that even people acting alone can cause big physical problems if large transport systems are not locked down tight.

The breach happened when a person who should not have access gets into a computer file where a company keeps list of its customers.

Zara sent emails to the people who might be in danger so they can watch out for scams or strange activity.

What Was Stolen

The stolen files held basic details that people use when they shop online at the store.

Bad actors got their hands on full names, home addresses, and phone numbers of the shoppers.

In some cases, the hackers also saw email addresses and birth dates which can be used to trick people later.

Fixing the Problem

Zara said they worked with experts to close the hole in their security as soon as they found it.

They also told the government about the leak because there are strict rules for keeping customer data safe.

So far, the company says no credit card numbers or passwords were taken during the incident.

Keeping customer data private is more important than ever as retail companies hold more personal information than in the past.

A website called Canvas, and is where millions of people go to take tests and hand in their school work.

Just as final exams were starting, a group of people attacked the site to slow it down and keep everyone from getting to their classes.

Testing at a Bad Time

The company that makes the software, called Instructure, found that their systems were being hit with too much fake traffic.

This kind of attack is meant to overwhelm the computers so that real students cannot log in to finish their exams.

Because this happened during finals week, many students were worried they would fail their classes since they could not turn in their big projects on time.

A Global Problem

The site failure did not just happen in one place but affected schools and colleges all across the country.

Some teachers had to cancel tests or give students more time to finish their work once the site came back online.

The team at Instructure worked all day to block the bad traffic and get the service running smoothly again for everyone.

Attacking school tools during the busiest time of the year shows how much damage can be done when we rely on just one major website for learning.