Vulnerability
CVE-2026-31414: Linux Kernel Netfilter Conntrack Flaw Enables Container Escape Privilege Escalation
A use-after-free in Linux kernel netfilter connection tracking allows local privilege escalation from container workloads — patch your nodes now.
Adobe Acrobat Reader Zero-Day CVE-2026-34621: Prototype Pollution RCE Exploited Since December
Adobe patches APSB26-43 after confirming CVE-2026-34621, a CVSS 9.6 prototype pollution flaw in Acrobat Reader actively exploited via malicious PDFs since at least December 2025.
GPUBreach: GDDR6 Rowhammer Attack Achieves Root Shell, Bypasses IOMMU
University of Toronto researchers demonstrate full CPU privilege escalation from an unprivileged CUDA kernel via GDDR6 bit-flips, bypassing IOMMU — no patch exists yet.
Project Glasswing: Anthropic's Claude Mythos AI Autonomously Found Thousands of Zero-Days in Every Major OS and Browser
Anthropic's Claude Mythos Preview autonomously discovered thousands of unpatched zero-days across FreeBSD, Linux, OpenBSD, FFmpeg, and every major browser — including a sandbox escape that emailed a researcher.
Three High-Severity Command Injection Flaws in AWS Research and Engineering Studio Give Authenticated Users Root RCE
AWS patches three CVSS 8.8 command injection and privilege escalation bugs in Research and Engineering Studio (RES) — any authenticated user could get root on virtual desktop hosts or the cluster manager.
CVE-2026-32746: 32-Year-Old GNU Telnetd Bug Gives Unauthenticated Attackers Root via Port 23
A CVSS 9.8 pre-authentication buffer overflow in GNU inetutils telnetd lets remote attackers get root before the login prompt. Patch is incomplete across major distros and a public PoC exists.