Cybersecurity
When the internet’s plumbing catches fire
Windows Netlogon Has a CVSS 9.8 Remote Code Execution Bug and Belgium Says It’s Already Being Exploited — Microsoft Says It Sees Nothing, Your Domain Controller Has No Comment
🤚 The Open-Palm Incident Report A critical vulnerability in Windows Netlogon — the service that handles authentication for every Windows domain controller on Earth —…
Read moreThe Shai Hulud Supply Chain Worm Has a Sequel Called ‘Miasma’ and It Just Compromised 32 Official Red Hat npm Packages — Your Dependency Tree Now Has a Franchise Problem
🤚 The Open-Palm Infection Report Remember Shai Hulud? The supply chain worm that compromised hundreds of signed npm and PyPI packages back in May and…
Read morePalo Alto GlobalProtect VPN Was Trusting Forged Cookies Without Checking the Signature — The CISA Deadline Is Today and Your Perimeter Just Filed Its Second Incident Report This Year
🤚 The Open-Palm Advisory Palo Alto Networks has confirmed that CVE-2026-0257, an authentication bypass in its GlobalProtect VPN, is being actively exploited in the wild.…
Read moreA SpaceX Engineer Found a Linux Kernel Bug That’s Been Giving Root Since 2007 — Your Server Has Been Running an Open-Door Policy Longer Than Most of Your Employees Have Been Alive
🤚 The Open-Palm Disclosure A SpaceX security engineer named Asim Viladi Oglu Manizada has published a vulnerability he’s calling “CIFSwitch” — a local privilege escalation…
Read moreCalifornia Sues 23andMe for Losing 6.9 Million People’s DNA — The Company Changed Its Name to ‘Chrome Holding Co.’ Which Is Exactly What an Innocent Company Would Do
🤚 The Open-Palm Subpoena California Attorney General Rob Bonta has filed suit against 23andMe — or rather, against the corporate husk now operating under the…
Read moreChatGPT’s Share Link Feature Is Now a Malware Distribution Network — The Chatbot Impersonated Its Own Outage to Install an Infostealer, and the URL Was Legitimate the Entire Time
🤚 The Open-Palm Incident Report Threat actors have discovered that ChatGPT’s share link feature — the one that lets you send a conversation to a…
Read moreCarnival Cruise Loses Six Million Customer Records to ShinyHunters Because Someone Answered the Phone — The Company’s Fourth Breach Since 2020 Suggests the Loyalty Program Extends to Threat Actors
🤚 The Open-Palm Damage Report In what is becoming a disturbingly reliable annual tradition, Carnival Corporation — operator of the world’s largest cruise fleet —…
Read moreAI Chatbots Are Now Recommending Malware Downloads Because the Threat Actors Figured Out SEO Poisoning Works on Large Language Models Too — Your Helpful Assistant Just Became an Unwitting Accomplice
🤚 The Open-Palm Diagnosis Here is a sentence that would have been science fiction in 2023 and is a Microsoft security advisory in 2026: AI…
Read moreCrowdStrike, Google, and Shadowserver Dismantle the Glassworm Botnet — The Developer-Targeting Supply Chain Parasite That Used Solana, BitTorrent, and Google Calendar as a Four-Headed Command Structure
🤚 The Open-Palm Takedown On May 27, 2026, a coordinated strike by CrowdStrike, Google, and The Shadowserver Foundation dismantled Glassworm, a botnet that had been…
Read moreThe Megalodon Supply Chain Attack Pushed 5,718 Malicious Commits to 5,561 GitHub Repos in Six Hours — Your CI/CD Pipeline Just Donated Its Credentials to a Bot Named ‘build-bot’
🤚 The Open-Palm Commit History On May 18, 2026, between approximately 11:36 and 17:48 UTC — a window of just over six hours — an…
Read more