Toggle light / dark theme

Get the latest international news and world events from around the world.

Log in for authorized contributors

11 Old MicrosoftSigned Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard.

“An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware,” ESET researcher Martin Smolár said in a report published today.

The UEFI shim bootloaders expose any UEFI-based machine that trusts Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party UEFI certificate authority (CA) certificate, irrespective of the installed operating system. The certificate is used to sign third-party boot components intended to run under Secure Boot. It expired as of June 27, 2026, and has been replaced by Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023.

SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026–15409 and CVE-2026–15410, in zero-day attacks and urges customers to install the newly released security updates.

CVE-2026–15409 is a critical (CVSS 10.0) server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface that allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.

CVE-2026–15410 is a high-severity (CVSS 7.2) post-authentication code injection flaw in the SMA1000 Appliance Management Console that could allow a remote authenticated administrator to execute arbitrary operating system commands.

Nearly 300 GitHub repos pose as legit software to push malware

A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware.

The campaign drew traffic from search results for security products, cryptocurrency services, financial tools, developer utilities, secure email providers, macOS utilities, and gaming software.

The malware collects data from more than 19 web browsers, steals info from 32 cryptocurrency wallets, and exfiltrates sensitive details from messaging and social media apps.

Microsoft releases Windows 10 KB5099539 extended security update

Microsoft has released the Windows 10 KB5099539 extended security update, which includes the July 2026 Patch Tuesday security updates for 570 vulnerabilities, along with additional security fixes.

Initially, Microsoft only offered consumers one year of extended security updates. However, last month, Microsoft quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to receives security updates until October 12, 2027.

If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’

Dead Space creator and Call of Duty veteran Glen Schofield announces retirement: ‘I had a front row seat to one of the greatest creative explosions in history’

The blockbuster veteran said last year he might not make another game.

Astronomers may have caught an early galaxy in the process of dying

Astronomers have spotted many “red and dead” galaxies in the early universe. These are massive systems that stopped forming stars surprisingly early in cosmic history. Now, they may have found evidence of one in the act of becoming dead: a massive galaxy being stripped of its starforming gas just 1.4 billion years after the Big Bang. The clues behind why it lost its star-forming material are detailed in a paper posted to the arXiv preprint server on June 16.

Comet-like galaxy SPT2349–56 is an emerging galaxy cluster, or “protocluster,” containing about 30 star-forming galaxies within a region 100 kiloparsecs wide. Among its members, C26 is particularly interesting because of its unusual shape. It has a head and a tail like a comet. It also has a dense, bright region called the “knot,” embedded within the tail. It was first detected in ALMA images.

In this new study, using observations from the Hubble Space Telescope and the James Webb Space Telescope, the team led by Dazhi Zhou of the University of British Columbia studied this galaxy’s head, tail and knot to estimate its mass and star-forming properties.

100 scientific papers I’ve read in full over the past year

Ever since high school, I’ve had a personal tradition of sharing the scientific papers I read (in full) with my online community. About a year ago, I started cataloguing my posts and periodically sharing batches of papers here on Substack. So far, I have made 16 Substack posts, each with 5–10 papers and my comments. In total, this has resulted in a compilation of 100 papers and commentaries. Together, these papers represent a massive accumulation of human knowledge, progress, and innovation. Millions more exist out there on the internet. I will acknowledge that there’s a lot wrong with the academic publishing system and that it deserves massive reform. But seeing all of this amazing work at once nonetheless gives me hope that the collective intellect of the human species is capable of great things.


I’ve kept track of the 100 scientific papers that I’ve read in full over the past ~1 year, writing short summaries and posting them on social media. Here is the full compilation!

/* */