News
Ubuntu Infrastructure Under 'Sustained Cross-Border Attack' — Down 24+ Hours During Critical Vulnerability Disclosure
Canonical's web infrastructure has been offline for over 24 hours following what the company calls a 'sustained, cross-border attack' — a group sympathetic to the Iranian government claimed credit. The timing is particularly dangerous as it coincides with Pack2TheRoot (CVE-2026-41651), a 14-year-old PackageKit privilege escalation vulnerability affecting versions 1.0.2 through 1.3.4 that gives unprivileged users root access. Mirror-based updates continue working, but Canonical's patch communication is severely hampered.
Source
↳ Follow the thread