Linux
Exim 4.99.2 Patches Four Mail Server Flaws: Heap Corruption via JSON Headers, DNS Poisoning, and SPA Auth Bugs
Exim 4.99.2 fixes four memory-safety bugs (CVE-2026-40684 through 40687) in the world's most-deployed MTA, including a JSON heap-write reachable from untrusted headers.
Project Glasswing: Anthropic's Claude Mythos AI Autonomously Found Thousands of Zero-Days in Every Major OS and Browser
Anthropic's Claude Mythos Preview autonomously discovered thousands of unpatched zero-days across FreeBSD, Linux, OpenBSD, FFmpeg, and every major browser — including a sandbox escape that emailed a researcher.
CVE-2026-39860: Nix Package Manager Symlink Bug Gives Any User Root on Multi-User Installs
A critical symlink-following flaw in the Nix daemon lets unprivileged users overwrite arbitrary files as root during fixed-output derivation builds.
CrackArmor: Nine AppArmor Flaws Enable Container Escape on Debian, Ubuntu, and SUSE
Every Kubernetes node running these distros is potentially exposed. Root escalation from within containers confirmed.