Security News & Updates
Security news, release announcements, and security advisories for DevOps and infrastructure teams - tracked and explained by the Private DevOps team so you know what to act on.
11 updates in this topic
Mini Shai-Hulud Worm Hits Microsoft's durabletask PyPI
TeamPCP's Mini Shai-Hulud worm backdoored durabletask v1.4.1-1.4.3 on PyPI, stealing AWS, GitHub and Vault secrets and spreading via SSM and kubectl exec.
Read updatessh-keysign-pwn (CVE-2026-46333): Linux Kernel Secret Leak
CVE-2026-46333 (ssh-keysign-pwn) lets any local Linux user read SSH host keys and /etc/shadow via a kernel ptrace exit race. Who is exposed and how to fix it.
Read updateApple's M5 Memory Integrity Enforcement Bypassed in Five Days with AI Help
Researchers built the first public macOS kernel exploit on Apple M5 silicon, defeating Memory Integrity Enforcement in five days with Claude Mythos. The real story is the velocity.
Read updateGoogle GTIG Confirms the First AI-Developed Zero-Day Used in the Wild
On May 11, 2026, Google's Threat Intelligence Group published the first confirmed evidence of a criminal group using AI to build a working zero-day. Here is what it means for your threat model.
Read updateNGINX Rift (CVE-2026-42945) - An 18-Year-Old RCE in the World's Most Deployed Web Server
NGINX Rift (CVE-2026-42945) is a CVSS 9.2 heap overflow in the nginx rewrite module. A single unauthenticated request can reach RCE. PoC is public. Here is who is exposed and how to patch.
Read updateFragnesia (CVE-2026-46300) - The Linux Kernel LPE That the Dirty Frag Patch Created
Fragnesia is a new Linux kernel local privilege escalation introduced by the Dirty Frag patch itself. Public PoC is out. Ubuntu still unpatched. Here is the mitigation playbook.
Read updateMay 2026 Linux and cPanel CVE Storm: What to Patch Now
Three high-severity Linux kernel CVEs and a critical cPanel authentication bypass are being actively exploited in May 2026. Here is what to patch and how.
Read updateDirty Frag (CVE-2026-43500) - Linux Kernel RxRPC Root Escalation, Public Exploit Out
Dirty Frag (CVE-2026-43500) is a high-severity Linux kernel local privilege escalation in the RxRPC subsystem. Public exploit is already out - the disclosure embargo broke. Patch and mitigation playbook below.
Read updateCopy Fail (CVE-2026-31431) - Patch Every Linux Server You Run
Copy Fail (CVE-2026-31431) is a Linux kernel local privilege escalation that turns any local account into root in seconds. Every major distribution is affected. This is the patch and mitigation playbook.
Read updateMajor Vercel Breach Disclosed - Rotate Every Token Now
A high-impact supply chain breach hit Vercel customers in April 2026. Plaintext environment variables - API keys, database credentials, signing keys - were exposed. This is the rotation playbook.
Read updateOpenSSL CVE-2024-12797 - Raw Public Key TLS Authentication Bypass Patched
OpenSSL has patched CVE-2024-12797, a high-severity TLS authentication flaw that lets a server bypass Raw Public Key verification without aborting the handshake. Affects OpenSSL 3.2, 3.3, and 3.4. Update immediately.
Read update