Sygnia says Velvet Ant replaced Linux PAM and OpenSSH components in a long-running intrusion. Hosting admins should verify login-stack integrity before rotating credentials.
Arch AUR users should review recent AUR builds after the Atomic Arch campaign hijacked orphaned packages to deliver credential-stealing malware.
CIFSwitch CVE-2026-46243 is a high-severity Linux local privilege escalation affecting CIFS client configurations. Patch kernels, reboot hosts, and review TrueNAS and hosting exposure.
CISA added Linux kernel CVE-2022-0492 to KEV on June 2, 2026. Patch and reboot container hosts, shared hosting nodes, CI runners, and Linux servers that run untrusted workloads.
Kubernetes will correct older unfixed CVE records on June 1, 2026. Use this checklist to triage scanner alerts without mistaking configuration risks for simple patch gaps.
PHP 8.5.6, 8.4.21, 8.3.31, and 8.2.31 are security releases. Use this hosting checklist for cPanel, Plesk, WordPress, WooCommerce, and PHP-FPM updates.
DirtyDecrypt CVE-2026-31635 Linux kernel patch guide for hosting, container, and admin fleets with RxRPC/RxGK exposure checks.
Patch ingress-nginx CVE-2026-4342, review Kubernetes Ingress permissions, protect Secrets, and plan migration away from retired ingress-nginx.
Patch Linux ksmbd for CVE-2026-31718 and CVE-2026-31717, verify SMB exposure, disable unused ksmbd, and reboot into fixed kernels.
Patch Traefik CVE-2026-44774 in Kubernetes Gateway deployments, review tenant route permissions, and update Traefik custom error handling.
