Cybersecurity News in Asia

Qualys Threat Research Unit discovers “CrackArmor”

By CybersecAsia editors | Wednesday, March 18, 2026, 8:00 AM Asia/Singapore

Nine vulnerabilities that can be exploited since 2017, putting millions of Linux systems in danger.

The Qualys Threat Research Unit (TRU) has recently discovered “CrackArmor”, a set of nine vulnerabilities within AppArmor, a widely used security module in the Linux kernel.

These flaws have left over 12 million enterprise systems running Ubuntu, Debian, and SUSE distributions exposed since 2017, enabling local attackers to gain full root access, execute container breakouts, and cause system-wide crashes.

The CrackArmor vulnerabilities exploit a “confused deputy” flaw, which manipulates a trusted, higher-privilege program into misusing its authority. Attackers can trick system processes into performing malicious actions on their behalf, effectively bypassing security controls to gain unauthorized access or escalate privileges without needing administrative credentials.

The discovery highlights a significant risk across numerous sectors. Industries most impacted include cloud computing, banking and finance, manufacturing, healthcare, and government.

“These discoveries highlight critical gaps in how we rely on default security assumptions,” said Dilip Bachwani, Chief Technology Officer, Qualys. “CrackArmor proves that even the most entrenched protections can be bypassed without admin credentials. For CISOs, this means patching alone isn’t enough; we must re-examine our entire assumption of what ‘default’ configurations mean for our infrastructure.”

Qualys researchers have determined that the only reliable method to mitigate the CrackArmor vulnerabilities is through immediate kernel patching. Organizations are urged to apply the necessary security updates to protect their systems from potential exploitation.

In keeping with the responsible disclosure process, the Qualys TRU team coordinated and communicated with upstream maintainers for several months to ensure that fixes were robust and stable across all Linux distributions prior to public release.

CybersecAsia understands that the Linux community is working to address these critical security issues.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach
Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
Zero Trust Made Simple: Why it matters and how to get started
Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
Cloud Secure Edge: Remote access, better security
SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

How a Vietnamese D2C retailer built its own secure digital infrastructure
Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations
Saturday, June 27, 2026
PETALING JAYA, Malaysia, June 26, …Read More »
DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments
Thursday, June 25, 2026
New White Paper Outlines Best …Read More »
At VivaTech 2026, Taiwan-Based MaiAgent Says Enterprises Should Stop Building RAG and AI Agent Systems From Scratch
Friday, June 19, 2026
TAIPEI and PARIS, June 19, …Read More »
How large-scale AI drives the evolution of video encoding to intelligent understanding
Thursday, June 18, 2026
HANGZHOU, China, June 18, 2026 …Read More »
Crisis24 Opens Global Maritime Operations Center in Manila to Power Intelligence, Consulting and Crisis Response Services
Thursday, June 18, 2026
New 24/7 operations center anchors …Read More »

Featured

S E Asia governments targeted by cyber-espionage group

Featured

Rethinking network and infrastructure design for resilience

Featured