Image-mode RHEL moves the host into an ostree-backed, container-built world. The threat model shifts up the stack, and most detection content built for traditional EL hosts quietly stops working.
CVE-2026-48095 is a heap buffer overflow in 7-Zip’s NTFS handler reachable from any file extension because of signature-based fallback parsing. The fix shipped in 26.01 three days after the private report; public disclosure came 25 days later. PoC is public, the trigger is a one-line undefined shift, and the exploitable vtable sits 304 bytes from the overflow site. The patch is uncomplicated. The deployment surface isn’t.
Microsoft Defender’s new Preview adds automatic Isolate device to the attack disruption stack — distinct from the Device contain action that’s been auto-firing since 2023. The distinction matters operationally. So does Microsoft’s stated 99%+ confidence threshold, the 3-day offline retry window, the workstation-only scope, and the exclusion model defenders need to wire up before flipping this on.
A defender-oriented look at the SharePoint ToolShell chain (CVE-2025-53770 / 53771) — what the telemetry actually looks like in a real SIEM, where the first round of tuning breaks, and which assumptions about your SharePoint farm change the answer.
Cloudflare’s May 18 post on cyber-frontier-models — running Anthropic’s Mythos Preview against 50+ of their own repositories under Project Glasswing — is the latest in a twelve-month cluster: Mythos’s 2,000 zero-days in seven weeks, OpenAI’s Aardvark scanning 1.2M commits in 30 days, XBOW on top of HackerOne, AISLE taking 13 of 14 OpenSSL CVEs for 2025. Defender-side analysis only; the goal is to read the trend, not to provide an operator playbook.
Continuous Access Evaluation and Device Bound Session Credentials closed some of the AitM gap, but session token theft against Entra ID is still the dominant identity attack and most of the detection burden still falls on the SOC. Here is the shape of the problem and where the first round of tuning has to land.
Agentic AI assistants in the browser collapse the gap between read access and exfil. Here is what the detection actually looks like in the M365 audit pipeline, where the noise comes from, and which assumptions change the answer.
First VPN — 1vpns.com, twelve years old, 5,000 accounts, the bulletproof VPN that ‘wouldn’t fall under any jurisdiction’ — is offline as of May 20. The story isn’t the seizure. It’s that Europol was already inside the infrastructure before the takedown, walking out with the user database. That changes the threat model for every successor service still running.
The Packagist attack making the rounds isn’t against laravel-lang — it’s against packages cosplaying as Laravel utilities. The RAT inside is conventional. The delivery model — clean decoy packages, a hard dev-master dependency, three years of credibility-building — is the part defenders need to internalize.
FIDO2 rollout doesn’t close the consent surface. A look at illicit OAuth grant tradecraft against Entra ID in 2026, what the detection actually looks like in a real SIEM, and where the first round of tuning breaks.
