Critical Zero-Days Under Active Exploitation Target Linux Distros, Polish Water Infrastructure, and Enterprise Platforms

A string of critical security vulnerabilities has emerged as active threats across enterprise software, open-source infrastructure, and industrial control systems, according to a digest of confirmed incidents and federal advisories issued May 8, 2026. Among the most severe is an unpatched Linux zero-day vulnerability—labeled "Dirty Frag"—enabling local privilege escalation across all major distributions, leaving systems without a available patch at the time of reporting. Security researchers flagged the flaw as critical given its broad applicability and root-level access capability.

Separately, threat actors successfully breached industrial control systems at five water treatment plants in Poland, marking a significant attack on critical infrastructure. Federal cybersecurity authorities also issued urgent directives: CISA ordered a four-day patching window for an actively exploited zero-day in Ivanti Endpoint Manager Mobile, while adding a SQL injection flaw in BerriAI's LiteLLM to its Known Exploited Vulnerabilities catalog. Meanwhile, a newly identified Linux remote access trojan called Quasar is actively targeting developer credentials to compromise software supply chains—a method that, if successful, could cascade into downstream victims. Additionally, the RansomHouse ransomware group claimed responsibility for breaching cybersecurity firm Trellix, publishing proof-of-breach screenshots that appear to show access to proprietary source code.

The convergence of unpatched vulnerabilities, critical infrastructure targeting, and supply chain-oriented tooling signals escalating pressure across multiple threat vectors simultaneously. Security teams face compounding patch burdens amid reports of active exploitation for at least two of the identified flaws. The targeting of water treatment SCADA systems and developer environments suggests adversaries are prioritizing high-impact, high-visibility assets with the potential for downstream systemic reach.