-

FBI seizes NetNut proxy platform tied to 2M-device Popa botnet
Quiet holiday week, but the kernel mailing list and the FBI both had eventful Wednesdays.
-

Secure Boot certificate expiration: what actually breaks and when
Secure Boot certs expiring, etcd patching websocket auth, EKS gets rollback, and Linux 7.3 targets NVMe bottlenecks — solid infrastructure week.
-

Linux 7.2 targets August; an 18-year-old GPU bug surfaces; PQC lands in pip
An 18-year-old bug surfaces via GPU fleet telemetry, AI tooling is making engineers work more hours not fewer, and post-quantum crypto just became a single pip install — all in the same news cycle.
-

Weak RSA keys with sparse bit patterns found in real-world Certificate Transparency logs
Git 2.55, Linux 7.2-rc1, and a real RSA key vulnerability in the wild — a quieter news day with a few sharp edges worth your attention.
-

Amazon Q silently ran MCP servers from cloned repos; Kubernetes pushes back on AI-generated PRs
The Amazon Q MCP story is the supply-chain incident that makes every other hardening post this week feel more urgent – and Kubernetes maintainers are already fighting a different kind of automated noise in their review queue.
-

Lambda gets stateful MicroVMs; 94% of orgs report cloud breaches
Lambda now hands you a full Firecracker VM per session, Cloudflare spent six weeks chasing a race condition in a Rust HTTP library, and Trail of Bits just showed what a frontier model actually does when pointed at real codebases – 64 PRs, not a blog post.
-

AUR supply-chain attack: orphaned packages pushed malware for days
Quiet weekend, but systemd v261 and the AUR supply-chain saga both deserve your attention before Monday standup.
-

AI-generated patches slow Linux ARM64; AWS bets big on agentic everything
AI-generated patches are backing up Will Deacon’s ARM64 review queue, AWS is shipping agents that act before asking permission, and the LeadDev piece quietly explains why your deployment metrics no longer mean what you think they mean.
-

AI spam kills AppleTalk; agents argue over your incidents
AI-generated patch spam killed AppleTalk, AI agents are blamed for misrouting incidents, and a 70-year pattern says the ‘no more code’ promise won’t land any differently this time.
-

Linux 7.2 lands cache-aware scheduling; curl closes its vuln queue for the summer
Linux 7.2 is landing real work – cache-aware scheduling, a two-line IOPS fix – while Daniel Stenberg draws a line on CVE noise. Google’s data-agent announcement is mostly previews dressed as GA.