-

FBI seizes NetNut proxy platform tied to 2M-device Popa botnet
Quiet holiday week, but the kernel mailing list and the FBI both had eventful Wednesdays.
-

Secure Boot certificate expiration: what actually breaks and when
Secure Boot certs expiring, etcd patching websocket auth, EKS gets rollback, and Linux 7.3 targets NVMe bottlenecks — solid infrastructure week.
-

Amazon Q silently ran MCP servers from cloned repos; Kubernetes pushes back on AI-generated PRs
The Amazon Q MCP story is the supply-chain incident that makes every other hardening post this week feel more urgent – and Kubernetes maintainers are already fighting a different kind of automated noise in their review queue.
-

Scattered Spider pleads out; Jaeger gets 8.6x cheaper storage
Scattered Spider pleads out, Jaeger gets 8.6x compression on a real workload, and Red Hat spends two posts arguing the same S-curve point from opposite ends.
-

AUR hit by second, more sophisticated malware wave — 1,500+ packages affected
Linux 7.1 ships while 7.2 is already bumping compiler minimums, the AUR got hit twice in a day with the second wave obfuscated well enough to slip past the initial response, and a DNS caching quirk means dead domains can still look alive in your monitoring.