April 30, 2026 tech news: Linux 'Copy Fail' Root Exploit; LinkedIn's Secret Browser Extension Scanning; PyTorch Lightning Supply Chain Attack; Discord's Cascading Voice Outage; Water-Powered Nanoscale Electricity; Microsoft Open-Sources Earliest DOS Code; Dutch Police DDoS Honeypots.

Linux ‘Copy Fail’ Root Exploit

A critical privilege escalation vulnerability dubbed ‘Copy Fail’ (CVE-2026-31431) allows attackers to gain root permissions on nearly all Linux distributions released since 2017. The flaw, discovered by Theori using AI-driven pentesting, is more reliable and portable than the previous ‘Dirty Pipe’ vulnerability, affecting major distros including Ubuntu, RHEL, and Amazon Linux.

• https://www.bleepingcomputer.com/news/security/new-linux-copy-fail-flaw-gives-hackers-root-on-major-distros

LinkedIn’s Secret Browser Extension Scanning

LinkedIn has been covertly scanning users’ browser extensions since 2017 to build detailed software inventories linked to verified professional identities. This fingerprinting allows LinkedIn to infer personal details—such as job hunting, religious practices, or political leanings—and has triggered a criminal investigation by the Bavarian Central Cybercrime Prosecution Office.

• https://404privacy.com/blog/linkedin-is-scanning-your-browser-extensions-this-is-how-they-use-the-data/

PyTorch Lightning Supply Chain Attack

A supply chain attack compromised the popular ’lightning’ deep learning framework on PyPI. The malware steals credentials, cloud secrets, and environment variables, and uniquely leverages Claude Code and VS Code hooks to maintain persistence. It further spreads by hijacking npm publish tokens to infect other packages, creating a cross-ecosystem worm.

• https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/

Discord’s Cascading Voice Outage

A routine infrastructure change at Discord led to a massive voice and video outage when a 17% drop in session servers triggered a cascading failure. The resulting flood of reconnection requests overwhelmed internal Erlang supervisor processes, which blocked critical service discovery and prevented voice syncers from communicating with the global SFU fleet.

• https://discord.com/blog/behind-the-scenes-of-the-3-25-26-voice-outage

Water-Powered Nanoscale Electricity

Researchers at EPFL have developed a nanoscale device that generates continuous electricity from evaporating tap or seawater. While the output is too small for grid power, it paves the way for battery-free, autonomous sensors and wearable electronics that can power themselves using only ambient water, heat, and sunlight.

• https://www.tomshardware.com/tech-industry/nanoscale-device-generates-continuous-electricity-from-evaporating-water-and-some-sunlight-paves-the-path-for-battery-free-sensors-wearable-electronics-and-more

Microsoft Open-Sources Earliest DOS Code

Microsoft has released the earliest known source code for 86-DOS, the precursor to MS-DOS. Because the original code existed only on paper, a team of historians had to painstakingly transcribe the printouts to digitize the foundation of the consumer PC era.

• https://arstechnica.com/gadgets/2026/04/microsoft-open-sources-the-earliest-dos-source-code-discovered-to-date

Dutch Police DDoS Honeypots

As part of ‘Operation PowerOFF,’ Dutch police have deployed sophisticated honeypots designed to look like DDoS-for-hire services. These sites are used to gather evidence of criminal intent and IP addresses from users, while other ‘scare’ sites are used to frighten teenagers into avoiding cybercrime.

• https://lina.sh/blog/ddos-honeypot