-

FBI seizes NetNut proxy platform tied to 2M-device Popa botnet
Quiet holiday week, but the kernel mailing list and the FBI both had eventful Wednesdays.
-

Weak RSA keys with sparse bit patterns found in real-world Certificate Transparency logs
Git 2.55, Linux 7.2-rc1, and a real RSA key vulnerability in the wild — a quieter news day with a few sharp edges worth your attention.
-

LWN: Kernel 7.2 gets allocation tokens and boot-time structure-layout randomization
MinIO archived, kernel hardening incoming, Podman 6 out — a solid infrastructure day under all the AI noise.
-

Cisco SD-WAN zero-day hits production; supply chain ransom reaches Grafana Labs
A supply chain ransom hit Grafana’s CI runners, a Cisco SD-WAN zero-day is being used for lateral movement in production right now, and both Fedora and Red Hat published pieces about what happens when humans stop owning the security decisions in their own pipelines.
-

AUR supply-chain attack: orphaned packages pushed malware for days
Quiet weekend, but systemd v261 and the AUR supply-chain saga both deserve your attention before Monday standup.
-

Linux 7.2 lands cache-aware scheduling; curl closes its vuln queue for the summer
Linux 7.2 is landing real work – cache-aware scheduling, a two-line IOPS fix – while Daniel Stenberg draws a line on CVE noise. Google’s data-agent announcement is mostly previews dressed as GA.
-

AUR hit by second, more sophisticated malware wave — 1,500+ packages affected
Linux 7.1 ships while 7.2 is already bumping compiler minimums, the AUR got hit twice in a day with the second wave obfuscated well enough to slip past the initial response, and a DNS caching quirk means dead domains can still look alive in your monitoring.