vulnerability research
16 posts
Article
Dirty Frag roots every kernel
Technical analysis of CVE-2026-3490 'Dirty Frag' - a page_frag refcount UAF in the Linux kernel enabling local root on stock 5.15-6.8 kernels.
Article
Your patched kernel is still vulnerable
Dirty Frag - CVE-2026-31337, CVSS 7.8 - is a UAF in the Linux kernel's IPv4 fragment reassembly path. Container-to-host root on every major distro.
Article
Chrome's fourth 2026 zero-day ships mid-cycle
Google's fourth exploited Chrome zero-day of 2026 patches a V8 type confusion bug. The real risk is the patch-to-deployment window.
Article
Pick offense or defense
Two paths into infosec - offense and defense - broken down at the mechanism level. Foundation, tooling, telemetry, and the divergence point.