Patch Tuesday Analysis · May 2026 May 2026 Patch Tuesday: No Zero-Days for the First Time in 23 Months, but Three Unauthenticated 9.8 RCEs in the Queue Microsoft fixes 118 to 138 CVEs depending on methodology, including 16 critical, with no actively exploited or publicly disclosed vulnerability. First Patch Tuesday without a zero-day since June…
CTI Analysis · Unpatched Windows Vulnerability MiniPlasma: Chaotic Eclipse Reopens cldflt.sys and Revives the Question of Microsoft Patch Durability A fifth uncoordinated public disclosure in six weeks, a PoC targeting the Windows Cloud Files Mini Filter Driver, and an extraordinary claim: the CVE-2020-17103 patch would not be present on fully patched Windows 11 and Windows…
Technical Analysis · Linux Kernel Vulnerability Reading Root-Owned Files Without Privilege: What CVE-2026-46333 Reveals About Nine Years of Blind Spot in the Linux Kernel A race window in the Linux kernel ptrace access control allows, via pidfd_getfd(2), the theft of file descriptors held by SUID root binaries about to terminate. Two public exploits exfiltrate SSH…
CTI Analysis · Disclosure Doctrine The Embargo Isn’t Dead Everywhere: What the AMD-SB-7052 Disclosure Reminds Us Seven months of embargo, no leak, successful multi-actor coordination. In the middle of a series documenting the erosion of responsible disclosure, the AMD-SB-7052 case deserves to be read for what it is: a demonstration that the classical model still…
CTI Analysis · Disclosure Doctrine The Embargo Is No Longer a Protection: What AI Is Changing in Responsible Disclosure Six dnsmasq CVEs, a maintainer exhausted by the tsunami of AI-generated bug reports, and the public admission of a major doctrinal pivot. Reading a weak signal that could foreshadow the end of a model thirty years…
CTI Analysis · Critical Vulnerability BitLocker Is No Longer a Promise: What the YellowKey Case Reveals Two Windows zero-days disclosed without coordination, a researcher openly challenging Microsoft, and a phantom component in the Windows Recovery Environment whose true nature, bug or backdoor, no one can yet determine. Published May 14, 2026 Reading time 15 minutes…
