Eight days after Copy Fail, the same bug class returned. CVE-2026-43284 and CVE-2026-43500 chain two page-cache write primitives in xfrm-ESP and RxRPC into a deterministic Linux root exploit. The patch was public before the disclosure was.
A recent article lists six operational gaps in Docker Compose and recommends Kubernetes as the realistic next step. It skips right past Docker Swarm, which closes every one of those gaps using the same Compose files you already have, without the Kubernetes overhead nobody asked for.
The day after Copy Fail disclosed a root exploit affecting every major Linux distribution, Canonical’s web infrastructure went offline under a sustained DDoS attack. They aren’t directly related. But the convergence created a patching crisis that’s worth understanding.
On April 30, 2026, the lightning package on PyPI - the runtime for PyTorch Lightning - was live for 42 minutes carrying a credential-stealing worm. Eight days after Bitwarden CLI. Same campaign. New targets: ML training pipelines. New capability: persistence inside Claude Code and VS Code that survives removing the compromised package.
CVE-2026-31431 is a 9-year-old Linux kernel bug that gives any unprivileged local user root on every major distribution. No race condition required. 732 bytes of Python. If you're running shared-kernel infrastructure, you've seen this pattern before.
GTFOBins documents hundreds of standard Unix tools that can be turned against the systems they’re installed on. Not through exploits. Through the tools doing exactly what they were designed to do.
MinIO’s GitHub repository was archived on April 25, 2026. We used to rely on it. Here’s the full story of how a genuinely good open source project was methodically dismantled, and what it means for anyone building infrastructure on software they don’t control.
On April 22, 2026, a malicious version of @bitwarden/cli was live on npm for 93 minutes before it was pulled. It was part of a supply chain campaign that has been quietly escalating since 2025 - and this time, it targeted the tool built specifically to protect your credentials.
On February 6, 2026, Salesforce entered Heroku into “sustaining engineering mode” - no new features, no new enterprise contracts, engineering focused on keeping the lights on. Here’s what that designation actually means, the trigger events to watch for, and how to think about your migration timeline.
A Roblox cheat download at a third-party AI company triggered a $2M ransom demand against Vercel. Here’s the full attack chain and what it teaches us about how fast we’re granting access to AI tools. Updated April 26, 2026 with new investigation findings.
Firefox 150 shipped 271 fixes from Mythos. An unauthorized group accessed the model through a contractor. Here’s what Project Glasswing actually means for infrastructure operators - and what the coverage gets wrong. Updated April 22, 2026.
Between March 19 and 23, 2026, a threat actor known as TeamPCP compromised Aqua Security’s CI/CD pipeline. For four days, anyone who pulled a Trivy container image received malware. Here’s what happened - and what it teaches us about how we reference dependencies.