// #poc-public
2 articles
MiniPlasma: PoC-Released Windows Zero-Day Exploits Cloud Files Mini Filter Driver for SYSTEM Access
A researcher published a working proof-of-concept for a Windows zero-day — dubbed MiniPlasma — that exploits the Cloud Files Mini Filter Driver to achieve SYSTEM-level access on fully-patched Windows 10, Windows 11, and Windows Server 2022/2025. Microsoft has not issued a patch or an out-of-band advisory. All unmitigated Windows systems with cloud sync enabled are affected.
Linux 'Dirty Frag' Zero-Day Chains Two Kernel Flaws for Deterministic Root — PoC Published, No Patch
Security researchers have published a proof-of-concept exploit for a new Linux kernel local privilege escalation vulnerability chain nicknamed Dirty Frag, which combines flaws in the xfrm-ESP and RxRPC page-cache subsystems to reliably achieve root access from an unprivileged user process. Unlike its predecessor CopyFail, Dirty Frag is deterministic — it does not rely on race conditions and succeeds reliably across Ubuntu, RHEL, CentOS Stream, AlmaLinux, openSUSE, and Fedora. No CVE ID or kernel patch has been issued at time of disclosure.