CVE-2026-48778 | CVE-2026-48800 | CVSS 7.8 HIGH
Notepad++ v8.9.5 — Fixed in v8.9.6.1
Reading time: 10 minuti
Responsible Disclosure Note — All findings described in this article were communicated to Don Ho (maintainer of Notepad++) prior to publication. The upstream fix has been committed to the repository notepad-plus-plus/notepad-plus-plus. The complete timeline is provided at the bottom of the article.
Table of Contents Introduction Setup: Loading the Codebase Threat Model and Attack Surface Phase 1: Taint Analysis with Semgrep Phase 2: Manual Verification of Findings CVE-2026-48778: config.
read_more() →Reading time: 15 minutes | Lab time: 30 minutes
Your First eBPF Hook: Monitoring Syscalls with bpftrace in 30 Minutes Series: eBPF Security & Observability — Week 1, Thursday
Type: Deep Technical Lab
Main tool: bpftrace
Target: Developers, Security Engineers, SRE
Reading time: ~15 minutes
Lab time: 30 minutes
Have you ever wanted to know exactly what your operating system is doing at this precise moment — which processes are starting, which files are being opened, which network connections are being established — without installing heavy agents, without restarting anything, without modifying a single line of your application code?
read_more() →Reading Time: 16 minutes
Responsible Disclosure Notice — All findings described in this article were reported to Todd C. Miller (sudo maintainer) prior to publication. The upstream fix has been committed to the sudo-project/sudo repository. Full timeline is disclosed at the end of this article.
Executive Summary During an independent audit of the plugins/sudoers/env.c module in sudo 1.9.17p2 / 1.9.18rc1, I identified seven environment variables that are silently passed through to privileged processes when env_reset is disabled (!
read_more() →Author: Michele Piccinni
Category: How to di 8BS
Reading Time: 15-23 minutes
Introduction DNS is a protocol that was born in a historical era in which the priority was to create a functioning network of interconnected devices, during which the security component was not even considered. Almost all organizations have a public DNS, carefully maintained and protected because exposed to the Internet, and an internal DNS that lives peacefully in the corporate network, often taken as secure by definition, without applying the same level of maintenance and attention.
read_more() →Author: Michele Piccinni
Category: Explainers
Reading Time: 11-16 minutes
Introduction In day-to-day security operations, a significant portion of the work is dedicated to mitigating known vulnerabilities; another part focuses on risks that have not yet materialized but must be considered during the planning phase. The so-called quantum threat falls into this second category, with a distinctive characteristic: the conditions that make it relevant already exist, even though the concrete effects will only manifest in the future.
read_more() →