Blog
Notes from the ops room.
Hosting, infrastructure, development, and SEO — written by the people doing the work.
Avada Builder CVE-2026-8713: Delete wp-config.php, No Login Required
WordPress
DragonForce Hid Ransomware C2 Inside Microsoft Teams for Two Months
Security
PHP SOAP Extension RCE (CVE-2026-6722): CVSS 9.8, Patch Now
Security
Joomla JCE CVE-2026-48907: CVSS 10.0 Web Shell, No Login Required
Security
Two LiteSpeed cPanel Bugs Are Handing Attackers Root — One CISA Deadline Is Today
Security
Check Point VPN Zero-Day Lets Ransomware Skip the Password
Security
Agentjacking: Fake Sentry Errors Are Hijacking AI Coding Agents
Security
Oracle PeopleSoft Zero-Day (CVE-2026-35273): 100+ Orgs Breached Before a Patch Existed
Security
UpdraftPlus Auth Bypass (CVE-2026-10795) Puts 3 Million WordPress Sites at Risk
WordPress
June 2026 Patch Tuesday: Wormable Kernel Bug, Exchange Under Active Attack
Security
Claude Fable 5 Is Out. Here's What Matters for Your Business.
Artificial Intelligence
Linux Kernel CVE-2026-23111 Has a Public Root Exploit — Patch Now
Security
CVE-2026-8181: Wrong Password, Full Admin on 200,000 WordPress Sites
WordPress
"Chat Is Dead": Inside OpenAI's Pre-IPO Pivot to Agents
Artificial Intelligence
Apple's 5-Year Memory Defense Fell in 6 Days
Security