Vulnerabilities
Binarly Discloses Six New U-Boot Bootloader Vulnerabilities in Routers, Cameras, and Server Chips
A six-flaw U-Boot disclosure with cross-vendor device implications — defender posture review this week.
Original vulnerability disclosures and technical security research. Novel attack techniques, exploit chains, bug bounty findings, and defensive discoveries.
Vulnerabilities
A six-flaw U-Boot disclosure with cross-vendor device implications — defender posture review this week.
Vulnerabilities
An unpatched HTTP/3 QUIC-library finding — defender teams review protocol posture this week.
Supply Chain Attack
A meaningful ecosystem-policy signal from npm after months of contributor-account compromises — defender developers review CI/CD posture this week.
Linux
Another long-standing Linux finding lands with defender-team implications across distributions and container platforms.
Policy & Government
A sharp French policy signal on quantum-safe encryption — international PQC migration accelerates this week.
Artificial Intelligence (AI)
An AI-coding-agent bypass with cross-vendor implications — defender posture-review work for organizations running open-source agents this week.
Artificial Intelligence (AI)
A multi-vendor AI-browser research disclosure — defender posture-review work for organizations deploying agentic browsers this week.
Mobile Security
Two researchers mapped the proximity-sharing protocols behind AirDrop and Quick Share and found six flaws spanning five billion Apple and Android devices, with vendor fixes only partly shipped.
Linux
Researchers detailed pedit COW, CVE-2026-46331, a Linux kernel privilege-escalation flaw in the act_pedit traffic-control action — a second Linux disclosure in the same weekend as DirtyClone, with distribution patch tracking continuing.
Linux
Another Linux kernel research disclosure — distribution patch tracking work for the week. JFrog published a working exploit for DirtyClone, a local privilege escalation to root in the kernel networking stack, fixed upstream in late May.
Vulnerabilities
A macOS endpoint-protection bypass with defender posture-review implications. XM Cyber researchers showed that a standard, non-admin user can silently unload EDR and MDM agents on macOS, abusing legitimate XPC behavior rather than a single patchable bug.
Vulnerabilities
A 29-year-old proxy bug surfaces — defender review for Squid Proxy deployments. Researchers at Calif.io disclosed Squidbleed, a heap over-read that can leak another user's cleartext HTTP request on a shared Squid proxy.