Technical Analysis · Linux Kernel Vulnerability Reading Root-Owned Files Without Privilege: What CVE-2026-46333 Reveals About Nine Years of Blind Spot in the Linux Kernel A race window in the Linux kernel ptrace access control allows, via pidfd_getfd(2), the theft of file descriptors held by SUID root binaries about to terminate. Two public exploits exfiltrate SSH…
CTI Analysis · Critical Vulnerability BitLocker Is No Longer a Promise: What the YellowKey Case Reveals Two Windows zero-days disclosed without coordination, a researcher openly challenging Microsoft, and a phantom component in the Windows Recovery Environment whose true nature, bug or backdoor, no one can yet determine. Published May 14, 2026 Reading time 15 minutes…
Remote code execution via the Reading Pane, without user interaction Executive summary On May 12, 2026, as part of the monthly Patch Tuesday cycle, Microsoft released a fix for CVE-2026-40361, a critical use-after-free vulnerability (CWE-416) officially classified by the vendor as a “Microsoft Office Word Remote Code Execution Vulnerability” (1) (2). Researcher Haifei Li, founder…
Universal Local Privilege Escalation in the Linux Kernel Executive summary On May 7, 2026, researcher Hyunwoo Kim (alias @v4bel) publicly disclosed a new class of Linux kernel vulnerabilities named Dirty Frag (1) (2). This disclosure, brought forward as a result of an embargo break by an unrelated third party, exposes an exploitation chain combining two…
Technical and Strategic AnalysisFBI/CISA PSA I-032026-PSA — March 20, 2026 | TLP:CLEAR 1. Executive Summary — Board Level / Strategic View On March 20, 2026, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly published a public service announcement (PSA I-032026-PSA) alerting the public to an active campaign by…
On March 13, 2026, Microsoft released out-of-band update KB5084597 to remediate three remote code execution (RCE) vulnerabilities in the RRAS (Routing and Remote Access Service) MMC snap-in: CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. Attack surface and exploitation vector The vulnerability resides in the RRAS MMC snap-in used for remote server management. The attack vector is client-side: the…
Sources: Krebs on Security · BleepingComputer · Cisco TalosReference: Microsoft Security Update Guide, March 2026Target audience: Windows administrators, SOC teams, CERT/CSIRT, patch management leads Overview On March 10, 2026, Microsoft released its monthly Patch Tuesday security updates, addressing 79 vulnerabilities across Windows, Office, SQL Server, Azure, and several third-party components. Three vulnerabilities are classified as…
Executive Summary In late January 2026, CERT-UA issued a critical alert regarding the active exploitation of CVE-2026-21509, a vulnerability affecting Microsoft Office. The vulnerability is being leveraged by the threat actor UAC-0001, attributed to the Russian state-sponsored group APT28 (Fancy Bear). Observed attacks primarily target Ukrainian governmental institutions, but multiple European Union organizations have also…
Context CISA published an alert on January 28, 2026, regarding active exploitation of vulnerability CVE-2026-24858 affecting multiple Fortinet products. This flaw was added to CISA’s KEV (Known Exploited Vulnerabilities) catalog on January 27, 2026. Fortinet has released patches and recommendations to remediate this critical authentication bypass vulnerability. Technical Description of the Vulnerability CVE-2026-24858 is an…
