Archive
6 comics · newest first
Exim Dead.Letter Mail Server Flaw
Exim CVE-2026-45185, aka Dead.Letter, can corrupt memory in GnuTLS-based mail server builds and may allow code execution. Admins should update Exim and verify whether their configurations use the affected GnuTLS path.
Bleeding Llama: Ollama Memory Leak
Ollama CVE-2026-7482 can let exposed AI servers leak process memory, including API keys, prompts, and chats. Update to 0.17.1 or later, firewall instances, and put an auth proxy/API gateway in front.
Fake Privacy Filter Steals the Spotlight
A fake OpenAI Privacy Filter repo on Hugging Face reportedly hit #1 trending and drew about 244K downloads before being disabled, while HiddenLayer says it shipped infostealer malware. Defensive takeaway: verify AI model sources, and if the fake repo was run, isolate or wipe the host and rotate saved passwords, cookies, tokens, and keys.
cPanel Login Gate Fails Open
CVE-2026-41940 is a critical cPanel/WHM authentication bypass that can let unauthenticated attackers into hosting control panels, putting websites, mail, databases, and configurations at risk. Update to fixed builds, restart services, and check for signs of compromise.
PAN-OS portal root carpet
Palo Alto Networks CVE-2026-0300 is an actively exploited PAN-OS User-ID Authentication Portal flaw that can let unauthenticated attackers run code as root on exposed firewalls. Restrict the portal to trusted IPs, apply workarounds, monitor, and patch as fixes arrive.
Shinyhunters Breach Canvas
9000 Schools and 231M emails exposed. A for effort..
Don't miss tomorrow's comic
One panel a day. No spam, unsubscribe with one click.