Posts

The TeamPCP group (UNC6780) compromised a GitHub employee's device through a trojanized VS Code extension, exfiltrating approximately 3,800 internal repositories from the platform in May 2026.

An inverted validation flaw in the rxgk module allows local attackers to bypass the Copy-On-Write (COW) mechanism and corrupt the page cache to gain root access.

A memory handling flaw during data copy operations allows any unprivileged user to gain full control of a Linux system.

Researchers reveal that CVE-2026-42945, a critical flaw in NGINX's rewrite module, went undetected since 2008. With a CVSS score of 9.2, it allows a remote, unauthenticated attacker to crash servers or execute malicious code on systems without active memory protections.

CVE-2026-7482, a critical vulnerability in Ollama that allows any remote attacker to extract prompts, environment variables, and API tokens from server memory in just three unauthenticated HTTP requests.

Dirty Frag. A privilege escalation flaw in the Linux kernel affecting all major distributions, with no patches available and an embargo broken ahead of schedule.