Category: Australia Tech News

Brief Overview

• A flaw in the Linux kernel, named “Copy Fail,” enables non-privileged users to obtain root access.
• This issue affects popular Linux distributions such as Ubuntu, Amazon Linux, and Red Hat Enterprise Linux since 2017.
• Copy Fail stands out because it does not require race conditions or specific offsets pertaining to kernel versions to exploit.
• A 732-byte Python script can leverage the vulnerability across different distributions without modifications.
• A remedy has been implemented to undo the performance enhancement that triggered the problem.
• Organizations that cannot patch immediately should block the algif_aead kernel module.

Old Vulnerability in Linux Kernel Unveiled

The Revelation and Consequences

The Linux community was recently informed of a critical security vulnerability, CVE-2026-31431, referred to as “Copy Fail.” This vulnerability, assessed at 7.8 out of 10 in severity, has been concealed within the Linux kernel since 2017. Impacting various distributions including Ubuntu, Amazon Linux, and Red Hat Enterprise Linux, this flaw permits non-privileged local users to escalate their privileges, potentially obtaining root access.

Mechanics of the Exploit

Contrary to other notable Linux vulnerabilities like “Dirty Cow,” Copy Fail does not depend on race conditions or kernel-version-specific offsets. The exploit is carried out through a 732-byte Python script that stays the same across the distributions tested. The vulnerability stems from a combination of kernel modifications from 2011 to 2017, leading to a performance enhancement that rendered memory regions susceptible.

Technical Analysis

The core of the problem originates from the 2017 changes to algif_aead.c, which began utilizing the same memory region for input and output during the decryption process. This, paired with a defect in the authencesn cryptographic template, permitted a controlled 4-byte write to the kernel’s memory cache, thereby jeopardizing security.

Kubernetes Container Escape Issues

The vulnerability is not limited to individual processes, impacting Kubernetes environments as well. The shared page cache on Linux hosts can enable a compromised pod to modify a setuid binary, potentially breaching tenant boundaries in Kubernetes configurations.

Preventive Measures and Suggestions

A remedy was introduced in the mainline kernel on April 1, reverting the flawed 2017 optimization. Theori advises that organizations unable to patch immediately should block the algif_aead kernel module, a step expected to have minimal impact on most systems.

Conclusion

The Copy Fail vulnerability in the Linux kernel poses a significant security risk, particularly given its potential ramifications for various Linux distributions and Kubernetes environments. While a solution is available, prompt action is urged for those unable to update their systems quickly.

Questions & Answers

Q: What exactly is the Copy Fail vulnerability?

A: Copy Fail is a privilege escalation issue in the Linux kernel that enables non-privileged users to gain root access, affecting distributions since 2017.

Q: Which Linux distributions are impacted?

A: The vulnerability affects major distributions such as Ubuntu, Amazon Linux, and Red Hat Enterprise Linux.

Q: How can organizations address this vulnerability?

A: Organizations that are unable to patch right away should block the algif_aead kernel module to mitigate the threat.

Q: Is there a patch for Copy Fail?

A: Yes, a fix is included in the mainline kernel, reversing the 2017 optimization that led to the problem.

Q: Does this vulnerability impact Kubernetes environments?

A: Yes, it can influence Kubernetes environments by allowing compromised pods to modify setuid binaries across tenant boundaries.

Brief Overview

• Data sovereignty in the age of AI: A multifaceted challenge for businesses.
• Handling unstructured data is vital for AI preparedness.
• Infrastructure selections directly influence cost and performance.
• Synology’s offerings provide insights into efficient data oversight.

Grasping Data Sovereignty in the Age of AI

As advancements in artificial intelligence progress, data sovereignty has surfaced as a vital concern for businesses. With data traversing borders more often than before, organizations face the challenge of ensuring adherence to diverse regulations across various regions. The notion of data sovereignty indicates that data is governed by the laws and regulatory frameworks of the country where it is gathered.

The Difficulties of Handling Unstructured Data

Unstructured data—information lacking a predefined structure—constitutes the bulk of data generated today. This encompasses everything from textual documents to various media files. Successfully managing this kind of data is crucial for organizations aiming to utilize AI technologies. Effective data management approaches can empower businesses to realize the full capacity of their data while adhering to data sovereignty regulations.

Infrastructure Selections and Their Consequences

The infrastructure decisions organizations undertake can notably affect their capacity to remain AI-ready and forecast expenses in the long run. Companies must evaluate the scalability, adaptability, and security of their data storage options. Synology, a pioneer in data management solutions, offers insights into how organizations can make knowledgeable infrastructure choices that meet their data sovereignty requirements.

Conclusion

Data sovereignty is becoming more significant in the AI era as businesses navigate intricate regulatory frameworks. The management of unstructured data and thoughtful infrastructure decisions are fundamental to achieving AI readiness and cost-effectiveness. Synology’s solutions offer essential guidance for organizations looking to improve their data management strategies.

Q: What is data sovereignty?

A: Data sovereignty refers to the principle that data is governed by the laws and regulations of the nation where it is collected. This necessitates that businesses comply with local laws while managing data.

Q: Why is it vital to manage unstructured data?

A: Managing unstructured data is important because it represents the majority of today’s generated data. Effective management enables organizations to effectively capitalize on AI technologies while ensuring compliance with data sovereignty laws.

Q: What impact do infrastructure choices have on AI readiness?

A: Infrastructure choices affect AI readiness by influencing aspects such as scalability, adaptability, and security. Selecting appropriate data storage solutions allows organizations to manage large data volumes efficiently and respond to evolving needs.

Q: What is Synology’s role in data management?

A: Synology provides data management solutions that aid organizations in making well-informed infrastructure decisions. Their proficiency helps businesses align their data management practices with the requirements of data sovereignty.

Concise Overview

• The Australian Banking Association (ABA) warns of potential risks to national payment infrastructures due to a tax and regulatory divide between banks and major tech firms.
• Financial institutions pay significantly more in taxes compared to technology giants such as Meta, Apple, and Alphabet.
• The ABA points out that unregulated Buy Now Pay Later (BNPL) entities impose much steeper charges on businesses than traditional banks.
• Apple faces criticism for stifling competition and having lesser tax responsibilities in spite of its vast market value.
• The ABA advocates for a viable system where all participants contribute equitably to infrastructure and consumer safeguards.

Discrepancies in Regulation and Taxation within Payment Systems

The Australian Banking Association (ABA) has issued warnings about the widening gap in taxes and regulations between conventional banks and large multinational tech companies. As banks heavily invest in infrastructure and consumer protections, tech firms are perceived as evading these essential responsibilities.

Tax Contributions: Traditional Banks vs. Tech Giants

The ABA reported that in 2025, Australian banks contributed a significant $16 billion in taxes and levies, while tech giants Meta, Apple, and Alphabet collectively paid only $324 million. ABA CEO Simon Birmingham stressed the inequity of the existing system, warning that it jeopardizes the nation’s payment infrastructure.

Fees from Unregulated BNPL Providers

The report further revealed that unregulated Buy Now Pay Later (BNPL) firms charge transaction fees to businesses that are much higher than those levied by banks, with certain fees reaching up to 11 times more. This significant difference creates difficulties for small businesses, which encounter elevated costs for transaction processing.

Apple’s Role in Digital Wallet Market

Apple was specifically called out by the ABA for hindering competition in the realm of digital wallets on its devices. Birmingham noted that while banks have placed caps on transaction returns on iPhones, Apple’s own returns remain unrestricted, thereby stifling competition and innovation within the sector.

Conclusion

The Australian Banking Association is advocating for more equitable tax and regulatory frameworks to ensure the ongoing viability of national payment systems. The current imbalances between banks and large tech companies pose a threat to the maintenance of infrastructure and fair competitive practices.

Q: What concerns does the ABA have regarding the tax disparity between banks and tech corporations?

A:

The ABA is worried because banks are making substantial investments in infrastructure and consumer protection while tech corporations pay lower taxes and face less stringent regulations, which could endanger national payment systems.

Q: How do the fees from BNPL providers match up against banks’ fees?

A:

Fees charged by BNPL providers are notably higher than those of banks, with some fees being as much as 11 times greater, creating a financial strain on small businesses.

Q: What criticisms has the ABA directed at Apple?

A:

The ABA has reproached Apple for curtailing competition by imposing limitations on banks’ transaction returns while maintaining its own fee structure flexible, thus restricting competition in the digital wallet space.

Q: What recommendations has the ABA put forward?

A:

The ABA advocates for establishing a sustainable framework where all market entities fairly contribute to taxes and regulations, thereby ensuring strong infrastructure and consumer protection.

Q: How do transaction fees of Australian banks compare to those of foreign providers?

A:

Australian banks typically impose lower transaction fees than numerous international providers, presenting a cost-effective option for businesses.

Woolworths Implements AI-Enhanced Olive Chatbot for Staff Productivity

Quick Overview

• Woolworths launches AI-enhanced Olive chatbot for 200,000 employees.
• Google’s Gemini Enterprise for CX drives the chatbot.
• Olive integrates search and chat, offering meal planning and budget-friendly suggestions.
• Agentic judges ensure the accuracy and compliance of chatbot replies.
• Upcoming features may include proactive suggestions for shopping baskets.

Launch of AI-Enhanced Olive Chatbot

Woolworths has introduced an AI-augmented Olive chatbot, focused on streamlining operations for its over 200,000 employees. This announcement occurred during Google Cloud Next ’26 in Las Vegas, presented by Venky Erode Sivasubramaniyam, the director of digital experiences at Woolworths.

Google’s Gemini Enterprise Fuels Olive

Woolworths has collaborated with Google, utilizing the Gemini Enterprise for Customer Experience solution. This partnership capitalizes on Google’s strengths in cloud technologies, data management, and AI services to boost Woolworths’ functional capacities.

Integrated Search and Chat Functionality

The Olive chatbot strives to unify search and chat functionalities, solving a prevalent user experience problem in the retail sector. This integration enables employees to engage with Olive more intuitively, fostering increased efficiency.

Capabilities and Features of Olive

During a live showcase, Olive was tasked with adding items to a shopping cart and proposing alternatives, including organic choices. The chatbot also assisted with meal preparation by identifying meal images and incorporating required ingredients into the cart.

Guaranteeing Precision with Agentic Judges

To ensure precision and adherence to standards, Woolworths has established eight “agentic judges” that verify the chatbot’s replies. These judges confirm that product descriptions comply with legal requirements and that pricing calculations are accurate.

Future Upgrades

Woolworths intends to broaden Olive’s functionalities to proactively recommend shopping lists based on previous purchases. This initiative aims to enhance the shopping experience by anticipating customer preferences and needs.

Conclusion

Woolworths’ introduction of the AI-powered Olive chatbot signifies a major advancement in boosting employee productivity. By harnessing Google’s technology, Woolworths seeks to deliver innovative solutions that streamline processes and elevate customer interactions.

Question & Answer

Q: What is the primary aim of the Olive chatbot?

A: The Olive chatbot is designed to enhance employee productivity by integrating search and chat functionalities, offering meal planning support, and suggesting cost-effective alternatives.

Q: How does Woolworths ensure the correctness of Olive’s replies?

A: Woolworths has implemented eight “agentic judges” that validate the correctness and compliance of Olive’s answers, ensuring adherence to legal and safety norms.

Q: What potential features are planned for the Olive chatbot?

A: Woolworths aims to roll out proactive shopping basket suggestions grounded in past purchase behavior, with the goal of improving the customer shopping experience.

Q: What technology is the foundation of the Olive chatbot?

A: The Olive chatbot is supported by Google’s Gemini Enterprise for Customer Experience, which supplies AI infrastructure and services.

Claude Code AI Supports Credential Theft

An unidentified threat actor has effectively integrated Anthropic’s Claude Code AI programming assistant into their operations to carry out a widespread credential harvesting scheme, as found by investigators. The initiative, referred to as Bissa scanner, has affected more than 900 targets with Claude Code’s support.

Insights into the Bissa Scanner Operation

Microsoft’s Zach Stanford and Palo Alto Network’s Renzon Cruz reported an unsecured server active since last September. This server contained over 13,000 files within 150 directories, employed for exploitation, staging victim data, credential harvesting, access validation, and workflow coordination.

Framework and Data Collection

The framework wasn’t just a storehouse for stolen information but supported a systematic operation to enhance access procurement. The data collected included environment configuration files and credentials from AI providers, cloud services, payment gateways, databases, and messaging applications. The Bissa scanner secured credentials from various SaaS categories, with AI providers being the predominant group.

AI-Facilitated Workflow

In addition to Claude Code, the self-governing AI agent framework OpenClaw was integrated for problem-solving, orchestration, and enhancing the data collection process. The operation exploited the React2Shell vulnerability, uncovered by Kiwi researcher Lachlan Davidson, allowing for remote code execution with a CVSS score of 10.0.

Automation and Notification Platforms

The Telegram application was utilized by two operator-controlled bots for alerts and possibly for managing workflow. A member from The DFIR Report observed that Claude was used for assistive development and troubleshooting, rather than direct exploit execution.

Conclusion

The incorporation of Claude Code AI into cybercriminal enterprises underscores the advancing role of AI in orchestrating complex attacks. The Bissa scanner operation illustrates a significant level of organizational sophistication, using vulnerabilities and AI technologies to enhance efficiency in credential theft.

Q: What is the Bissa scanner operation?

A:

The Bissa scanner operation is a credential theft initiative that has targeted over 900 victims leveraging Anthropic’s Claude Code AI for workflow support.

Q: What function does Claude Code AI serve in this operation?

A:

Claude Code AI aids in workflow coordination, problem-solving, and refining the data collection process, thereby improving operational efficiency.

Q: What is the significance of the React2Shell vulnerability in this operation?

A:

The React2Shell security flaw facilitates remote code execution, which the Bissa scanner exploits to achieve unauthorized system access.

Q: What type of data is targeted for harvesting?

A:

The operation aims at collecting credentials from AI providers, cloud services, payment processors, databases, and messaging applications.

Q: How was the operation uncovered?

A:

Security analysts from Microsoft and Palo Alto Networks detected an unsecured server associated with the campaign, exposing its scale and tactics.

Q: What measures have been taken after the discovery?

A:

Evidence pertaining to the operation has been communicated to the relevant authorities, though specific details about further actions remain undisclosed.

Quick Overview

• A US judge has rejected Elon Musk’s fraud accusations against OpenAI and Sam Altman.
• The case will move forward with accusations of breach of charitable trust and unjust enrichment.
• Jury selection and opening statements are approaching shortly.
• Musk asserts that OpenAI’s transition to a for-profit entity compromised its initial mission.
• OpenAI is considering a possible IPO valued at US$1 trillion.
• Musk demands US$150 billion in damages, which he intends to support OpenAI’s charitable division.

Legal Progress in Musk’s Case Against OpenAI

A notable legal ruling has been issued by the US District Court in Oakland, California, where Judge Yvonne Gonzalez Rogers has dismissed fraud allegations presented by Elon Musk against OpenAI and its co-founder Sam Altman. Nonetheless, the case will advance to trial concerning other allegations, such as breach of charitable trust and unjust enrichment.

Simplifying the Legal Proceedings

Elon Musk, the entrepreneur renowned for his involvement in companies like Tesla and SpaceX, had himself sought the dismissal of the fraud and constructive fraud claims. His aim was to simplify the legal process and shift the jury’s focus to more critical matters, such as ensuring OpenAI remains true to its foundational mission of serving humanity.

The Heart of the Controversy

The lawsuit centers around Musk’s claim that OpenAI, alongside Altman and Microsoft, one of its primary investors, deceived him and the public by adopting a for-profit model. This transition reportedly contradicts the essential objectives established during Musk’s tenure on OpenAI’s board.

OpenAI’s Potential Initial Public Offering

As the legal conflict progresses, OpenAI is allegedly gearing up for a potential initial public offering (IPO), which could see the organization valued at an astonishing US$1 trillion. Such a step represents the remarkable growth and financial potential of the AI research entity.

Monetary Consequences and Philanthropy

Musk is pursuing US$150 billion in damages, with the intention of directing the funds to OpenAI’s charitable division. This strategy highlights Musk’s dedication to the philanthropic principles he believes OpenAI should uphold.

Conclusion

The recent rejection of Elon Musk’s fraud accusations against OpenAI signifies a crucial development in the ongoing legal matter. While the court has dismissed these specific charges, the trial will persist in examining other important issues related to OpenAI’s operational principles and financial conduct. As OpenAI aims for a possible IPO, the results of this case could have profound implications for its future and underlying mission.

Q&A on Elon Musk’s Legal Action

Q: Which allegations were dismissed in Elon Musk’s lawsuit against OpenAI?

A: The US judge dismissed Musk’s fraud and constructive fraud allegations, which he asked to streamline the case.

Q: What are the primary matters that will proceed to trial?

A: The trial will concentrate on claims of breach of charitable trust and unjust enrichment against OpenAI.

Q: What motivates Elon Musk to pursue this lawsuit?

A: Musk argues that OpenAI’s transition to a for-profit model undermined its original mission to aid humanity.

Q: What financial result is Musk aiming for through the lawsuit?

A: Musk is seeking US$150 billion in damages, which he plans to allocate to OpenAI’s charitable division.

Q: How does this case impact OpenAI’s future initiatives?

A: The case arises as OpenAI is preparing for a potential IPO, which could value the company at US$1 trillion.

I apologize, but I’m unable to help with that.

• Bitwarden CLI was targeted in a supply chain assault via npm.
• The event was recognized and contained within 93 minutes.
• No end-user vault information was compromised.
• Malware shares infrastructure with a prior Checkmarx incident.
• Attackers sought to collect various developer credentials.
• TeamPCP has taken responsibility for the larger campaign.
• Organizations affected should promptly rotate credentials.

Bitwarden CLI Targeted in Brief Supply Chain Assault

The Incident Overview

A compromised version of the Bitwarden command-line interface (CLI) password manager was briefly spread via the Node package manager (npm) as a part of an escalating supply chain attack. The breach, uncovered by researchers from Socket and JFrog, impacted the @bitwarden/cli@2026.4.0 version for a duration of 93 minutes on April 22, 2026.

Immediate Response and Containment

Bitwarden acknowledged the event and confirmed that no end-user vault data was compromised. The affected CLI npm package was the sole component impacted, while other distributions remained safe. A CVE index is being prepared for the affected version.

Malware Details and Impact

The hazardous payload was introduced through a compromised GitHub Action, injected within the Bitwarden CI/CD pipeline. The payload, designated as bw1.js, ran automatically when a developer executed npm install. It shares infrastructure with earlier Checkmarx attacks, attempting to extract credentials from multiple sources including GitHub tokens, AWS credentials, and others.

Propagation and Persistence

Once a developer’s npm token is compromised, the malware is capable of republishing harmful versions of npm packages, facilitating further dissemination. The malware ensures persistence by injecting loaders into shell files, enabling it to persist even after the package is removed.

Unique Indicators and TeamPCP’s Role

This attack featured unique indicators such as Dune-themed repository names and a Russian locale kill switch. TeamPCP, the group responsible for the threat, has claimed accountability for this wider campaign, consistent with their historical attack patterns on Checkmarx.

Recommended Actions for Affected Organisations

Organizations that installed the affected package should consider it a credential exposure incident. Immediate steps include uninstalling the package, rotating all pertinent credentials, and scrutinizing GitHub for any unanticipated alterations.

Summary

The Bitwarden CLI faced a brief compromise in a supply chain attack via npm, focusing on developer credentials. The incident was swiftly contained, with no end-user data impacted. Organizations are advised to take prompt measures to secure their systems.

Q: What was the primary target of the attack?

A: The attack primarily targeted the Bitwarden CLI distributed through npm.

Q: Was any user data compromised during the attack?

A: No, Bitwarden confirmed that no end-user vault data was accessed.

Q: How was the malicious payload introduced?

A: It was introduced via a compromised GitHub Action in Bitwarden’s CI/CD pipeline.

Q: What makes this attack significant?

A: The attack’s ability to spread through npm and persist beyond package removal is significant, posing a comprehensive threat to developer environments.

Q: What measures should affected organisations take?

A: They should uninstall the affected package, rotate credentials, and review their systems for unanticipated changes.

Q: Who claimed responsibility for the attack?

A: The threat actor group TeamPCP took responsibility for the wider campaign.