Debian attacker may have used new exploit