Bogdan Deac

Home
Newsletter
Poetry
About

Sign in Subscribe

photos

Arboretum Park Simeria

Bogdan Deac

22 Sep 2025 • 1 min read

Share

PEAKS No 43: Copy Fail, Goblin Infestation & the Open-Source Everything Wave

Hi there! 🛡️ Security & Privacy * Notepad++ CVE-2026-3008: a %s format specifier in nativeLang.xml triggers a string injection in FindInFiles, enabling DoS crashes and memory address leaks that can bypass ASLR. Patched in v8.9.4; update immediately. More * GitHub RCE CVE-2026-3854 (CVSS 8.7): Wiz Research found a header

05 May 2026 5 min read

PEAKS No 42: The Open-Weight Uprising: GPT-5.5, Qwen Beats a 397B Giant, and Your Jira Data Is Now AI Training Fuel

Hi there! 🛡️ Security & Privacy * 🚨 Bitwarden CLI 2026.4.0 compromised in supply chain attack — Attackers abused a GitHub Action in Bitwarden's CI/CD pipeline as part of the ongoing Checkmarx campaign; update immediately and rotate credentials. More * Pack2TheRoot (CVE-2026-41651): cross-distro Linux privilege escalation — CVSS 8.8; exploits

28 Apr 2026 4 min read

PEAKS No 41: Zero-Days, Claude Overload, and Robots That Run Half-Marathons

Hi there! 🛡️ Security & Privacy * Three Windows zero-days now actively exploited in the wild — BlueHammer (CVE-2026-33825), RedSun, and UnDefend, all leaked by a disgruntled researcher angry at Microsoft's MSRC handling process. Only BlueHammer has been patched as of April 2026. More * EU's age verification app bypassed

21 Apr 2026 4 min read

Bogdan Deac © 2026

Powered by Ghost