YellowKey bypasses BitLocker via WinRE USB FsTx files, exposing Windows 11 and Server 2022/2025 systems.
Get the latest international news and world events from around the world.
New Fragnesia Linux flaw lets attackers gain root privileges
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability that allows attackers to run malicious code as root.
Known as Fragnasia and tracked as CVE-2026–46300, this security flaw stems from a logic bug in the Linux XFRM ESP-in-TCP subsystem that can enable unprivileged local attackers to gain root privileges by writing arbitrary bytes to the kernel page cache of read-only files.
Zellic’s head of assurance, William Bowling, who discovered this new universal local privilege escalation flaw, also shared a proof-of-concept (PoC) exploit that achieves a memory-write primitive in the kernel that is used to corrupt the page cache memory of the /usr/bin/su binary to get a shell with root privileges on vulnerable systems.
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites.
Burst Statistics is a privacy-focused analytics plugin active on 200,000 WordPress sites and marketed as a lightweight alternative to Google Analytics.
The flaw, tracked as CVE-2026–8181, was introduced on April 23 with the release of version 3.4.0 of the plugin. The vulnerable code was also present in the following iteration, version 3.4.1.
TeamPCP hackers advertise Mistral AI code repos for sale
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data.
In a post on a hacker forum, the threat actor is asking $25,000 for a set of nearly 450 repositories.
Mistral AI is a French artificial intelligence company founded by former researchers from Google’s DeepMind and Meta, which provides open-weight large language models (LLMs), both open source and proprietary.
OpenAI confirms security breach in TanStack supply chain attack
OpenAI says two employees’ devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution.
In a security advisory published today, the company said the incident did not impact customer data, production systems, intellectual property, or deployed software.
The company says the breach is linked to the recent “Mini Shai-Hulud” supply-chain campaign by the TeamPCP extortion gang, which targeted developers by slipping malicious updates into trusted and popular software packages.
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days.
Today’s highlight was Orange Tsai’s attempt, who was awarded $175,000 in rewards after chaining 4 logic bugs to achieve a sandbox escape on Microsoft Edge.
Windows 11 was also hacked three times by Angelboy and TwinkleStar03 (working with the DEVCORE Internship Program), Marcin Wiązowski, and Kentaro Kawane of GMO Cybersecurity, each earning $30,000 in cash rewards for demonstrating new privilege escalation zero-days.
Dell confirms its SupportAssist software causes Windows BSOD crashes
Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday.
SupportAssist is a software suite developed by Dell that comes pre-installed on most new Dell computers running Windows 10 or Windows 11.
A Dell representative told customers on the company’s official forums on Wednesday that the latest SupportAssist Remediation service update is the one triggering 0xEF_DellSupportAss_BUGCHECK_CRITICAL_PROCESS errors and advised them to remove the service to resolve the crashes.
String Theory Emerges from “Almost Nothing”
Developed in the 1960s, string theory proposes that everything in the universe is made from invisible strings. The theory arose as a possible solution to the problem of “quantum gravity,” the quest to align quantum mechanics, which describes our world at the smallest scales, with the general theory of relativity, which explains how our universe works on the largest scales (and includes gravity). Researchers have tried to reconcile the two theories—asking, for example, how gravity behaves in the quantum realm—but their equations go berserk, or in mathematical terms, go to infinity.
String theory is a mathematical solution that tames the unruly infinities. It purports that all particles, including the graviton—the hypothetical particle believed to convey the force of gravity—are generated by very small vibrating strings. The math behind string theory requires the strings to vibrate in at least 10 dimensions, rather than the four we live in (three for space and one for time), which is one of the reasons some scientists are not convinced that string theory is correct. But perhaps the biggest challenge for the theory is the ultrahigh energies required for testing it: Such an experiment would require a particle collider the size of a galaxy.
What is a physicist to do? One way they can probe the theory is to turn to a “bootstrap” approach, in which researchers start with certain assumptions they believe to be true about the universe, and then see what laws emerge out of those assumptions. In a new paper titled “Strings from Almost Nothing,” accepted for publication in Physical Review Letters, Caltech researchers, and their colleagues at New York University and Institut de Fisica d’Altes Energies in Barcelona, have done just that. From a couple of basic assumptions about how particles should scatter off one another at very high energies, they derived the elements of string theory.
