-

FBI seizes NetNut proxy platform tied to 2M-device Popa botnet
Quiet holiday week, but the kernel mailing list and the FBI both had eventful Wednesdays.
-

Secure Boot certificate expiration: what actually breaks and when
Secure Boot certs expiring, etcd patching websocket auth, EKS gets rollback, and Linux 7.3 targets NVMe bottlenecks — solid infrastructure week.
-

Linux 7.2 targets August; an 18-year-old GPU bug surfaces; PQC lands in pip
An 18-year-old bug surfaces via GPU fleet telemetry, AI tooling is making engineers work more hours not fewer, and post-quantum crypto just became a single pip install — all in the same news cycle.
-

Weak RSA keys with sparse bit patterns found in real-world Certificate Transparency logs
Git 2.55, Linux 7.2-rc1, and a real RSA key vulnerability in the wild — a quieter news day with a few sharp edges worth your attention.
-

Amazon Q silently ran MCP servers from cloned repos; Kubernetes pushes back on AI-generated PRs
The Amazon Q MCP story is the supply-chain incident that makes every other hardening post this week feel more urgent – and Kubernetes maintainers are already fighting a different kind of automated noise in their review queue.
-

LWN: Kernel 7.2 gets allocation tokens and boot-time structure-layout randomization
MinIO archived, kernel hardening incoming, Podman 6 out — a solid infrastructure day under all the AI noise.
-

Cisco SD-WAN zero-day hits production; supply chain ransom reaches Grafana Labs
A supply chain ransom hit Grafana’s CI runners, a Cisco SD-WAN zero-day is being used for lateral movement in production right now, and both Fedora and Red Hat published pieces about what happens when humans stop owning the security decisions in their own pipelines.
-

Scattered Spider pleads out; Jaeger gets 8.6x cheaper storage
Scattered Spider pleads out, Jaeger gets 8.6x compression on a real workload, and Red Hat spends two posts arguing the same S-curve point from opposite ends.
-

Lambda gets stateful MicroVMs; 94% of orgs report cloud breaches
Lambda now hands you a full Firecracker VM per session, Cloudflare spent six weeks chasing a race condition in a Rust HTTP library, and Trail of Bits just showed what a frontier model actually does when pointed at real codebases – 64 PRs, not a blog post.
-

AUR supply-chain attack: orphaned packages pushed malware for days
Quiet weekend, but systemd v261 and the AUR supply-chain saga both deserve your attention before Monday standup.