Cybersecurity News in Asia

Qualys Threat Research Unit discovers “CrackArmor”

By CybersecAsia editors | Wednesday, March 18, 2026, 8:00 AM Asia/Singapore

Nine vulnerabilities that can be exploited since 2017, putting millions of Linux systems in danger.

The Qualys Threat Research Unit (TRU) has recently discovered “CrackArmor”, a set of nine vulnerabilities within AppArmor, a widely used security module in the Linux kernel.

These flaws have left over 12 million enterprise systems running Ubuntu, Debian, and SUSE distributions exposed since 2017, enabling local attackers to gain full root access, execute container breakouts, and cause system-wide crashes.

The CrackArmor vulnerabilities exploit a “confused deputy” flaw, which manipulates a trusted, higher-privilege program into misusing its authority. Attackers can trick system processes into performing malicious actions on their behalf, effectively bypassing security controls to gain unauthorized access or escalate privileges without needing administrative credentials.

The discovery highlights a significant risk across numerous sectors. Industries most impacted include cloud computing, banking and finance, manufacturing, healthcare, and government.

“These discoveries highlight critical gaps in how we rely on default security assumptions,” said Dilip Bachwani, Chief Technology Officer, Qualys. “CrackArmor proves that even the most entrenched protections can be bypassed without admin credentials. For CISOs, this means patching alone isn’t enough; we must re-examine our entire assumption of what ‘default’ configurations mean for our infrastructure.”

Qualys researchers have determined that the only reliable method to mitigate the CrackArmor vulnerabilities is through immediate kernel patching. Organizations are urged to apply the necessary security updates to protect their systems from potential exploitation.

In keeping with the responsible disclosure process, the Qualys TRU team coordinated and communicated with upstream maintainers for several months to ensure that fixes were robust and stable across all Linux distributions prior to public release.

CybersecAsia understands that the Linux community is working to address these critical security issues.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more
What AI worries keep members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more

Bottom sidebar

Other News

DESILO Launches World’s First Fully Homomorphic Encryption Library Integrating 5th-Generation FHE Scheme ‘GL’, Accelerating the Era of Private AI
Tuesday, April 28, 2026
SEOUL, South Korea, April 28, …Read More »
Tencent Cloud Cube Sandbox Goes Fully Open-Source, with Five Major Breakthroughs Enabling Large-Scale Agent Deployment
Thursday, April 23, 2026
Tencent Cloud’s Cube Sandbox goes …Read More »
Sparrow to Demonstrate AI-Driven Security and SBOM Management at Black Hat Asia 2026
Wednesday, April 22, 2026
SINGAPORE, April 21, 2026 /PRNewswire/ …Read More »
Relativity to Establish Singapore Entity, Expanding APAC Footprint
Wednesday, April 22, 2026
News Summary: Relativity plans to …Read More »
Cohesity Appoints Nigel Lee as Technical Sales Leader, Asia Pacific and Japan (APJ)
Wednesday, April 22, 2026
SINGAPORE, April 21, 2026 /PRNewswire/ …Read More »

Featured

How AI is supercharging insider threats

Featured

Q-Day is coming. Are you ready?

Featured