Android 14–16/16-qpr2 patch CVE-2025-48595, a Framework integer-overflow EoP Google flags as under limited, targeted exploitation. In CISA KEV with a 2026-06-05 deadline. Includes the 06-01 vs 06-05 patch-level split.
Two CRLF-adjacent bugs, two different checks. Smuggling is a proxy↔Tomcat HTTP/1.1 framing mismatch (tomcat-embed-core version, CVE-2026-24880); splitting is CRLF in sendRedirect/setHeader/RestTemplate. With a grep checklist.
TrapDoor planted 34 packages across npm, PyPI and Crates.io to steal Solana/Sui/Aptos wallet keys. Each registry fires differently: postinstall, import-time, and Rust build.rs.
SpaceX's $4.16B SB-AMTI award is a sensor layer for tracking airborne moving targets, not interceptors. AMTI vs GMTI, the SDN Backbone deal days earlier, and how Japan's defense constellation compares.
RedSun (CVE-2026-41091) and UnDefend (CVE-2026-45498) are confirmed exploited and in CISA KEV. A patched Windows isn't enough: how to check your Defender engine 1.1.26040.8 / platform 4.18.26040.7.
Calif's Vibe Hacking: a compromised SSH host runs commands on your local terminal via VS Code/Cursor Remote-SSH. No CVE — Microsoft calls it by design. How to check and isolate instead.
CVE-2026-5426 zero-day: KnowledgeDeliver's shared ASP.NET machineKey → ViewState RCE → Godzilla in memory → Cobalt Strike via JS tampering. Hunting starts at Event ID 1316.
Microsoft's 2011 Secure Boot CAs expire June and October 2026. Secure Score check MC1293483 tracks fleet readiness; KB5025885 applies a two-phase rollover via the AvailableUpdates registry (0x140 → 0x280). BlackLotus-driven 2023 CA migration finally collides with the natural 15-year cert expiry.
Claude's new Microsoft Purview connector surfaces ~30 audit event types and on-demand chat/file access — but not prompts, model names, or tool calls. Claude Code goes through OpenTelemetry separately. Enterprise plan only; Team and consumer plans excluded.
After Rift, two more nginx CVEs landed in late May 2026: njs js_fetch_proxy heap overflow CVE-2026-8711 and a second rewrite-module heap overflow CVE-2026-9256. Both pre-auth, CVSS v4.0 9.2, config-specific. Concrete grep checks and patch paths.
Walking through Dirty Pipe (CVE-2022-0847) from a 2026 angle: one uninitialized pipe_buffer.flags bit kept PIPE_BUF_FLAG_CAN_MERGE alive into splice'd pages, plus patched-kernel checks for distros and containers.