Bootc and rpm-ostree turn the root filesystem read-only and push state into a handful of writable paths. That quietly invalidates half your host integrity detections. Here is the new shape of the problem and what to instrument before the first ATO review notices.
Two separate disclosures against Anthropic’s Claude Code GitHub Action show how a single opened issue can walk out with OIDC tokens and an unscrubbed API key. Neither got a CVE, which is its own problem.
CVE-2025-29927 let attackers skip Next.js middleware entirely with a single request header, including the middleware doing your auth. The detection is trivial once you capture the field — and the architecture mistake underneath it is the part worth your attention.
ClickFix turns the user into the execution primitive, which means your payload-side detections fire late or not at all. Here’s where the real telemetry lives, what the first week of tuning has to fix, and which environment assumptions decide whether the detection works at all.
A self-propagating npm worm poisoned 32 @redhat-cloud-services packages on June 1, 2026 — and because it published through Red Hat’s own OIDC pipeline, the malicious versions carried legitimate SLSA provenance. Here’s the scope, the mechanism, and the rotation list.
A defender’s view of indirect prompt injection in MCP-connected and tool-calling LLM agents — what the telemetry actually looks like, where detections originate noise, and how to map containment to 800-53.
CIFSwitch is a local-root flaw in the Linux kernel’s CIFS client that a researcher surfaced with AI-assisted analysis after it sat untouched since 2007. The kernel piece is real, but whether it touches you is a configuration question, not a kernel-version one.
Wildcarded sub claims in IAM trust policies for GitHub Actions OIDC are still the most common cloud-CI footgun in 2026. Here’s the detection that actually catches it, and the tuning round that has to happen before the SOC stops ignoring the alert.
Image-mode RHEL moves the host into an ostree-backed, container-built world. The threat model shifts up the stack, and most detection content built for traditional EL hosts quietly stops working.
CVE-2026-48095 is a heap buffer overflow in 7-Zip’s NTFS handler reachable from any file extension because of signature-based fallback parsing. The fix shipped in 26.01 three days after the private report; public disclosure came 25 days later. PoC is public, the trigger is a one-line undefined shift, and the exploitable vtable sits 304 bytes from the overflow site. The patch is uncomplicated. The deployment surface isn’t.
