Three Linux Exploits, ICE's 20M-Person Database, and Android's Good/Bad Week | May 13
Linux's vulnerability saga hits a third entry, ICE agents are walking around with a Palantir database of 20 million people, and Android delivers both a refused-to-patch VPN leak and a useful new intrusion logging tool for high-risk users.
On Our Radar 🎯
Linux Just Took a Third Major Vulnerability
Last week it was Copy Fail. This week we got two more: Dirty Frag, a local privilege escalation that lets low-privileged users (including those inside virtual machines) gain root on servers, and now, dropping today: Fragnesia—a third vulnerability in the same family. Microsoft has already spotted attackers experimenting with Dirty Frag in the wild. This works across Linux distributions and has no obvious signs of exploitation. Some distributions have pushed out patches (Debian, AlmaLinux, and Fedora, and Tails) but Fragnesia is quite new and fixes will hopefully follow shortly.
A question I've bene receiving:"is Linux broken?" While I understand the concern, these things can happen on every operating system. The question I like to ask is: what do these vulnerabilities expose about the patching model, history, and response. When you look at Apple or Microsoft, if a kernel flaw drops, you wait for the OS update and you're done. But on Linux, you have to figure out which of the three vulnerabilities your specific distro has actually addressed, when they shipped each patch, and how transparently they communicated about it. That fragmentation is the trade-off for the open-ended ecosystem people love about Linux. This is a legit weakness, but not a fatal one.
This especially matters when we look at the flip side: open source is part of what made these easily findable in the first place. I don't think any of this should be a direct referendum on Linux. But I do think it's a reminder that "trust" in an operating system is built on response, frequency, and history over time.
What you can do: Open your distro's update tool or package manager right now and pull the latest patches. Then check your distro's blog or mailing list for explicit statements about Copyfail, Dirty Frag, and Fragnesia. If you can't find them, ask in their community channels. I have no issue saying if your Linux distro has no communication about this, it may be time to hop on the distro hopping train. Copy Fail has been around for weeks, and no communication by now is an indication they are not following proper security practices.
Bits & Bytes 🤖
~ ICE Agents Are Carrying Phones With a Palantir Database of 20 Million People
404 Media reports that ICE agents are now using iPhones loaded with a Palantir-built lookup tool covering 20 million people with highlight sensitive personal information.
Our take: This is the surveillance economy doing what it does best: it's the privatization of sensitive data that should worry everyone regardless of where they sit politically. It's good to ask yourself if you know if you're in the database, and if so—how did you get there, and of course if you can opt out. If your question to any of these questions is "I don't know..." then now you understand digital rights.
~ Android's Good News and Bad News
Mullvad disclosed a bug in Android 16 (the "Tiny UDP Cannon") that lets any app leak traffic outside the VPN tunnel, even with "Block connections without VPN" enabled. Google marked it won't-fix. GrapheneOS was also impacted, but fortunately patched it. On the upside, Google launched Android Intrusion Logging as part of Advanced Protection Mode, a new option for high-threat users to log security, DNS, and connection events for forensic analysis.
Our take: A "won't fix" from Google on a confirmed VPN leak is rough, but an actual lockdown-style toolset for high-risk users is genuinely useful. I guess Google decided to unintentionally copy Apple by releasing tools designed for high threat models that don't treat VPNs as first-class citizens.
~ Encrypted RCS Lands in iOS 26.5
Apple's iOS, macOS, and iPadOS 26.5 ship with end-to-end encrypted RCS messaging. This is an open standard, currently in beta, available on a subset of carriers that allows encrypted communication between iOS & Android users.
Our take: This doesn't replace Signal and other trusted messengers. Metadata is still exposed and it's locked to default messaging apps, including iOS Messages and Google Messages. But it's a baseline raise for everyone still on SMS/RCS, the same way HTTPS raised the baseline for the web without replacing VPNs or Tor. This one is worth sharing with the family members who haven't switched to Signal.
This Week on Techlore 📺
Want the full breakdown? Today's Surveillance Report covers everything above in depth, plus the full Defense Bulletin—data breaches, threats, and FOSS+ updates across Windows BitLocker, Signal, Debian, Tails, Fedora, IVPN, KDE, and more. Listen or watch below.
📰
Listen to the weekly podcast on Apple Podcasts, Spotify, other podcast apps, or RSS. You can also watch Surveillance Report on YouTube or Techlore.TV
Action Item ✅
Pull your Linux updates today and verify your distribution has shipped patches for Copyfail, Dirty Frag, and Fragnesia. If your distro hasn't been publicly transparent about all three, start asking in their community channels!
Click For All Weekly Sources 🔗
Highlight: Linux Can't Catch A Break
- https://arstechnica.com/security/2026/05/linux-bitten-by-second-severe-vulnerability-in-as-many-weeks/
- https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc
- https://www.phoronix.com/news/Linux-Fragnesia
Story 1: ICE Has 20 Million People On Their iPhones
Story 2: Android's Good News And Bad News
- https://www.mullvad.net/en/blog/2026/5/12/any-app-on-recent-android-versions-can-leak-certain-traffic/
- https://securitylab.amnesty.org/latest/2026/05/android-intrusion-logging-as-a-new-source-of-data-for-consensual-forensic-analysis/
- https://cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/
The Defense Bulletin
Data Breaches
- https://arstechnica.com/security/2026/05/chaos-erupts-as-cyberattack-disrupts-learning-platform-canvas-amid-finals/
- https://techcrunch.com/2026/05/13/us-lawmakers-demand-answers-from-instructure-after-canvas-data-breaches/
- https://www.bleepingcomputer.com/news/security/uk-fines-water-supplier-13m-for-exposing-data-of-664k-customers/
- https://techcrunch.com/2026/05/12/us-bank-discloses-security-lapse-after-sharing-customer-data-with-ai-app/
- https://www.bleepingcomputer.com/news/security/electronics-giant-foxconn-confirms-cyberattack-on-north-american-factories/
- https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/
- https://www.bleepingcomputer.com/news/security/skoda-warns-of-customer-data-breach-after-online-shop-hack/
Threats
- https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
- https://www.eff.org/deeplinks/2026/05/broken-promises-rip-instagrams-end-end-encrypted-dms
- https://gizmodo.com/meta-and-tiktok-are-getting-your-data-from-state-healthcare-sites-report-2000754335
FOSS+ Updates
- https://arstechnica.com/gadgets/2026/05/ios-macos-and-ipados-26-5-updates-arrive-with-encrypted-rcs-messaging-and-more/
- https://itsfoss.com/news/debian-makes-reproducible-builds-mandatory/
- https://tails.net/news/version_7.7.3/
- https://www.bleepingcomputer.com/news/security/signal-adds-security-warnings-for-social-engineering-phishing-attacks/
- https://itsfoss.com/news/fedora-hummingbird-images/
- https://www.ivpn.net/blog/ivpn-plan-changes-new-plus-tier-increased-device-limits-additional-privacy-services/
- https://arstechnica.com/information-technology/2026/05/mozilla-says-271-vulnerabilities-found-by-mythos-have-almost-no-false-positives/
- https://kde.org/announcements/sovereign-tech-fund-invests-kde/
Written by
Know Your Rights. Protect Your Freedom.
Digital Rights Digest—threats to your freedom and how to fight back. A five-minute weekly read, 100% free.
