The landing site for Trackr Services
CVE-2026-7482 turns Ollama’s /api/create into a heap-read primitive that exfiltrates prompts, system messages, and process environment variables through a crafted GGUF tensor shape. Patch to 0.17.1; everything else is a stopgap.
A defender-focused analysis of how APT29-aligned and Storm-2372-style intrusion sets are abusing device authorization grants and long-lived OAuth consent in Entra ID through 2026 — what to detect, what to revoke, and where it maps to 800-53.
A defender-oriented analysis of firmware- and bootloader-resident implants on perimeter network appliances, what they look like in practice, how to detect them, and how to map the response to NIST 800-53.
Hyunwoo Kim’s Dirty Frag chain extends the Dirty Pipe / Copy Fail class to skb paged fragments. The xfrm ESP receive path provides a deterministic 4-byte page-cache store (CVE-2026-43284); the rxrpc receive path provides a namespace-free trigger (CVE-2026-43500). One PoC, no race, root on Ubuntu, RHEL, CentOS Stream, AlmaLinux, Fedora, and openSUSE — including hosts that already blocklisted algif_aead for Copy Fail.
Immutable base images plus systemd sysext/confext overlays have quietly become the standard for fleet-managed Linux in 2026. They also created a persistence surface most SOCs are not yet watching.
A double-free in Apache httpd 2.4.66’s mod_http2 lets unauthenticated clients crash workers reliably and, on certain builds, opens a path to remote code execution. Here’s the defender-oriented breakdown: mechanism, detection, remediation, and 800-53 mapping.
Model Context Protocol gives agents a clean way to call tools, but it also gives every piece of retrieved content a direct line to those tools. The classic confused deputy problem is back, and most deployments are not handling it.
Model Context Protocol turned every internal API into an LLM-reachable tool. The threat model didn’t catch up. Here’s what tool poisoning looks like in production and how to harden against it.
Model Context Protocol turned every developer’s laptop into a tool-calling agent host. The trust model that came with it is closer to npm circa 2016 than to anything a serious authorizing official would sign.
Trellix has confirmed unauthorized access to part of its source code repository. The disclosure is thin on detail and heavy on implications for every shop running Trellix EDR or XDR.
