Canonical, the company that makes Ubuntu Linux, says its web infrastructure is under a 'sustained, cross-border attack'

Ubuntu's user screen in the settings. — (Image credit: Ubuntu)

Recent updates

May 1, 2026: Added some extra context about repository downloads. Even if Ubuntu's official repos are down, you should be able to download from mirror repos by selecting a different one from the 'Download from' dropdown in the Software & Updates tool.

Canonical, the company behind the most popular Linux distro, says its web infrastructure is currently under a "sustained, cross-border attack."

Affected sites and services seem to run across the entire Ubuntu gamut, from its website to its blog and even potentially its repos. According to what user reports I could gleam from online forums—given official status pages are down—the problems have been ongoing for hours even if Canonical only officially commented on it recently.

Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it.We will provide more information in our official channels as soon as we are able to.May 1, 2026

Importantly, there are reports of the security repo servers at security.ubuntu.com being either slow or down for many users, and indeed when I tried the website it didn't load. Repositories are how Ubuntu users get their updates, and the security repo is, of course, a very important one, as it allows users to download and install important security updates and patches. It is worth noting, however, that updates should still be able to be installed from different mirror repos, which you can choose by selecting one in the 'Download from' dropdown in the Software & Updates tool.

Even the page that lists server statuses is disabled by Canonical. It instead reiterates the same message that Canonical posted to X.

All this follows the disclosure yesterday of a recently discovered vulnerability nicknamed "Copy Fail" which cybersecurity research firm Theori, on Xint.io, explains as meaning the discovery that a "single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017."

It's not known, however, whether this vulnerability has anything to do with the current attack. In fact, Canonical saying that it's a "sustained, cross-border attack" could imply it's not vulnerability-related attack but simply a wide-scale DDoS or something similar. If it is to do with Copy Fail, then perhaps it's only indirectly so—possibly to attempt to prevent some from installing updates that fix the vulnerability.

Cybersecurity company Vercert Analyzer claims that hacktivist group 'The Islamic Cyber Resistance in Iraq – 313 Team' has claimed responsibility for the attack(s) and has sent an extortion message to the Ubuntu team. Though we can't confirm this ourselves and will be waiting for more word from Canonical itself.

Best gaming rigs 2026

1. Best gaming laptop: Razer Blade 16

2. Best gaming PC: HP Omen 35L

3. Best handheld gaming PC: Lenovo Legion Go S SteamOS ed.

4. Best mini PC: Minisforum AtomMan G7 PT

5. Best VR headset: Meta Quest 3

👉Check out our list of guides👈

TOPICS

Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob's led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world's #1 PC Gaming site full-time. It's definitely not an ego thing, he assures us.