
Secure Boot's 2011-era keys start expiring, cutting off boot updates on unpatched PCs
Microsoft's 2011 Secure Boot certificates started expiring in June 2026. Here's what breaks on Windows and Linux, and the one update that fixes it.

Microsoft's 2011 Secure Boot certificates started expiring in June 2026. Here's what breaks on Windows and Linux, and the one update that fixes it.

A worm hijacked Red Hat's npm namespace, a rootkit spread through 1,500 Arch AUR packages, and a SOC 2-certified AI gateway shipped malware. Registries are under fire.

Two of the most cautious C projects split on AI contributions in the same week. The real fight is over copyright provenance and who cleans up the slop.

Dirty Frag chains two page-cache flaws in the ESP and RxRPC subsystems into a deterministic privilege escalation that hits every major distro. A PoC exploit is public.

CVE-2026-31431 chains AF_ALG and splice() to write into the page cache of /usr/bin/su. Xint Code disclosed it on April 29, nine years after the bug shipped.