The Scheduler: How the Kernel Decides Who Runs Next
A Linux system runs hundreds of processes on a handful of CPU cores. The scheduler decides which process runs on which core, for how long, and in what order....
A Nine-Year-Old ptrace Bug Let Unprivileged Users Read SSH Keys and Shadow Passwords
CVE-2026-46333, disclosed by Qualys on May 21, exploits a race condition in the Linux kernel's ptrace access check to steal SSH host private keys, shadow password hashes, and in two variants, execute arbitrary commands as root. The bug has been in the kernel since November 2016.
Latest
How ptrace Works
ptrace is the only mechanism Linux provides for one process to observe, interrupt, and modify the execution of another. Every debugger, syscall tracer, and...
Six Zero-Days in Six Weeks: Inside Chaotic Eclipse's Windows Exploit Spree
A researcher publishing as Chaotic Eclipse has released six Windows zero-days since April 2026 — escalation flaws, a BitLocker bypass, and a post-exploitation...
How Windows Privilege Escalation Works
Windows enforces privilege boundaries through integrity levels, access tokens, and the Security Reference Monitor. Privilege escalation exploits don't break...
GlassWorm Botnet Taken Down After More Than a Year of Developer-Targeted Supply Chain Attacks
CrowdStrike, Google, and the Shadowserver Foundation simultaneously severed all four C2 channels of the GlassWorm botnet on May 26 — ending a persistent...
The Infrastructure Is Fine: How TeamPCP Breached GitHub and Grafana
A poisoned VS Code extension on a single developer device gave TeamPCP access to 3,800 of GitHub's internal repositories. Grafana fell the same week via a...
Hardware Interrupts: How the CPU Reacts to the World
The CPU has no way to watch for external events while executing code. Hardware solves this by interrupting it. Here is the mechanism that lets a keypress, a...
The Auth Check Is the Attack Surface
A pre-authentication SQL injection in LiteLLM's API key verification path gave attackers read/write access to every credential the proxy manages — and the 401...
When the Handshake Is the Hole: CVE-2026-41089 and the Netlogon Stack Overflow
A pre-authentication buffer overflow in Windows Netlogon puts every unpatched domain controller one crafted packet away from full domain compromise.
The Filesystem: How the Kernel Reads a File
A filename is not a file. It is a pointer to an inode, which is a pointer to data blocks. Understanding this three-layer model explains everything from hard...
How a Forgotten Domain Handed Attackers Publish Rights to node-ipc
An expired maintainer email domain and a standard npm password reset handed attackers publish rights to a package with 822,000 weekly downloads — no npm breach...
Processes: How the Kernel Tracks Everything
Every running program on a Linux system is a process. The kernel represents each one as a single data structure containing everything it needs to manage,...