LinuxGratis launches its new Astro-powered site
We rebuilt LinuxGratis with Astro 7 and host it on Stackscale's private cloud: a faster operating system directory, always-fresh data and a brand new articles section.
Read more →$ ls /articles
News, guides and releases from the free software world
The history of Linux: from a 1991 hobby to running the world
How Linus Torvalds built the Linux kernel in 1991, the GPL license, the first distributions and why it now powers servers, phones and supercomputers.
Read more →
The history of BSD: from Berkeley to FreeBSD, OpenBSD and NetBSD
The other great free-software lineage. How Berkeley turned UNIX into BSD and gave rise to the systems powering Netflix, the PlayStation and half the internet.
Read more →
UNIX: the operating system that started it all (1969)
Before Linux, before BSD, before macOS there was UNIX. The story of the system born in 1969 that laid the foundations of almost every modern operating system.
Read more →
Why are there so many Linux distributions?
Hundreds of distros, a single kernel. Explore the Linux family tree: where Debian, Red Hat, Arch and Slackware come from, and why all that variety is a real strength.
Read more →DeviceTree-ACPI Hybrid Mode to Improve Linux on Snapdragon X Laptops
Hans de Goede proposes a DT-ACPI hybrid mode in the Linux kernel to leverage the ACPI tables on Qualcomm Snapdragon X laptops. It already works on a ThinkPad T14s Gen 6 with keyboard and touchpad via ACPI.
Read more →Torvalds Calls sched_ext Code "Disgusting" and Forces a Cleanup
Linus Torvalds reluctantly merged the sched_ext changes for Linux 7.2 but slammed the loose ext_* files dropped into kernel/sched. Days later a pull request moved them into kernel/sched/ext/.
Read more →
Livepatch now patches the kernel on Arm64 with no reboots
Canonical brings Livepatch to Arm64: critical kernel patches without rebooting, landing with Ubuntu 26.04 LTS and Ubuntu Core 26.
Read more →macOS ClickFix: a fake CAPTCHA silently mounts a DMG to drop Atomic Stealer
A campaign tricks macOS users into pasting a command into Terminal. It abuses curl and hdiutil to mount a hidden DMG and install the AMOS infostealer.
Read more →Slurm on OpenNebula: HPC batch scheduling for AI training
OpenNebula ships Slurm appliances in its Marketplace for GPU-based AI training, with PCI passthrough, InfiniBand over SR-IOV, and a preview of OneSlurm as a managed service layer.
Read more →Windows 11 adds Point-in-Time Restore in the KB5095093 update
The optional KB5095093 update for Windows 11 24H2 and 25H2 brings Point-in-Time Restore, a VSS-based recovery that rolls the whole PC back to a state from the last 72 hours.
Read more →XCP-ng 8.3 LTS: second batch of June 2026 updates
XCP-ng ships its second June patch set for 8.3 LTS: it fixes XSA-491 and XSA-492, an SMB kernel driver flaw and an lldpd over-read, and bumps DRBD, XAPI, the Intel ice driver and the Windows Guest Tools.
Read more →Nested virtualization: running Hyper-V inside a virtual machine
What Hyper-V nested virtualization is, what it's good for, and its limitations according to Microsoft's documentation.
Read more →OpenNebula on KVM vs. VMware VCF 9.1: when an upgrade really means redesigning your infrastructure
OpenNebula argues that moving to VMware Cloud Foundation 9.1 is a full infrastructure redesign rather than a simple upgrade, and proposes KVM as a lighter path ahead of the vSphere 8 end of support in 2027.
Read more →
How to use RISC-V custom instructions on Ubuntu
Canonical explains how Ubuntu supports RISC-V custom instructions, with PPAs for stateless cases and an image cookbook when you need your own kernel.
Read more →Squid on Debian Trixie: four bugs patched, including the 'Squidbleed' memory leak
Debian shipped DSA-6360-1 to fix four Squid proxy vulnerabilities, among them Squidbleed (CVE-2026-47729), which can leak other users' HTTP headers. What it affects and how to update.
Read more →postmarketOS 26.06 'Alpen Avocado' Arrives with GNOME 50 and KDE Plasma Mobile 6.6
postmarketOS 26.06 'Alpen Avocado' moves to Alpine Linux 3.24, ships GNOME 50, Plasma Mobile 6.6.5 and Phosh 0.55, switches to Plymouth and systemd 261, and reaches 254 devices in testing.
Read more →PorteuX 2.7: the Slackware-based portable distro ships Linux 7.1 and KDE Plasma 6.7
PorteuX 2.7 arrives with the Linux 7.1 kernel, KDE Plasma 6.7, GNOME 50.2 and eight desktops as standalone flavors. NTFS-plus driver, a native cursor theme and more.
Read more →
How to choose the right Ubuntu LTS version
Ubuntu LTS versions get 5 years of support. We explain what LTS means, how often they ship and which one fits your case.
Read more →SparkyLinux 2026.06 "Tiamat": rolling release with optional Linux 7.1 kernel
SparkyLinux 2026.06 arrives based on Debian Testing "Forky", with the Linux 7.0 kernel by default, support for Linux 7.1, and Calamares 3.4.2.
Read more →
Windows 11 26H2 reaches the Experimental channel: 19 June 2026 builds
Microsoft starts moving Experimental channel devices to Windows 11 26H2 via an enablement package. Builds 26300.8697 and 26220.8690, the Dev channel shift, and why 26H1 machines are left out.
Read more →Apple opens up iOS in Brazil: alternative stores, external payments and Notarization
After its deal with CADE, Apple allows alternative app marketplaces and external payments on iOS in Brazil. The changes ship with iOS 26.5 and add Notarization plus safeguards for minors.
Read more →libheif: a malicious HEIF/AVIF image can crash your system or run code (USN-8454-1)
Ubuntu fixes several libheif vulnerabilities in advisory USN-8454-1. A crafted HEIF or AVIF image could cause denial of service or code execution. Here's who is affected and how to update.
Read more →CVE-2026-43495: out-of-bounds read in the Linux kernel MediaTek t7xx WWAN driver
A malicious MediaTek 5G modem can read up to 262140 bytes of kernel memory through the t7xx driver. What it affects, severity, and how to patch.
Read more →The Hyper-V virtual switch: external, internal and private
The three Hyper-V virtual switch types and when to use each one, with the Hyper-V Manager steps and the PowerShell cmdlets.
Read more →Raspberry Pi OS 2026-06-18 Ships with Linux Kernel 6.18 LTS
The latest Raspberry Pi OS image arrives with the 6.18.34 LTS kernel, Labwc 0.9.7, and desktop refinements on top of the Debian 13 Trixie base. Here's what changed.
Read more →
Tails 7.9: new stable release of the anonymous OS with Tor Browser 15.0.16
Tails 7.9 is out: Tor Browser 15.0.16, updated firmware for newer hardware and a Secure Boot notification fix. Download the latest stable version.
Read more →Canonical brings fleet management down to microcontrollers with Golioth and Ubuntu Core
Canonical integrates Golioth as a snap on Ubuntu Core to manage Nordic and STM32 microcontrollers running Zephyr: OTA with rollback, mutual TLS, and the Pouch protocol.
Read more →
Anbox Cloud 1.30.0 brings virtualized Android: full VMs in the cloud
Anbox Cloud 1.30.0 adds virtualized Android, letting you run complete system images in lightweight VMs with their own kernel, alongside the existing container model.
Read more →CVE-2026-42055: heap buffer overflow in nginx HTTP/2 proxy (USN-8458-1)
Mishandling of large headers in nginx's proxy_v2 and gRPC modules can restart the worker and, without ASLR, lead to code execution. F5 fixes it in 1.31.2 and 1.30.3; Ubuntu ships USN-8458-1.
Read more →CVE-2026-42530: critical use-after-free in NGINX's HTTP/3 (QUIC) module
A use-after-free in NGINX's HTTP/3 module lets an unauthenticated remote attacker crash worker processes, and on systems without ASLR potentially run code. It affects 1.31.0 and 1.31.1; fixed in 1.31.2.
Read more →Atril on Debian: opening a malicious PDF could run commands (DSA-6349-1)
MATE's Atril document viewer carried a command injection (CVE-2026-46529) allowing one-click code execution. Debian fixed it in Trixie and Bookworm.
Read more →The OpenNebula Model for Migrating VMware Workloads with OneSwap
OpenNebula frames VMware-to-KVM migration as a three-phase process built around OneSwap, with delta migration cutting downtime from hours to minutes and a 90% automatic conversion rate in real projects.
Read more →Canonical's answer to vulnerabilities found by AI
Lech Sandecki lays out how Canonical handles the wave of flaws surfaced by AI models: security updates in 24 hours, coordinated disclosure and up to 15 years of support with Ubuntu Pro.
Read more →KDE Plasma 6.7.1 Fixes Kickoff, Discover, and KWin Bugs
The first point release for Plasma 6.7 fixes a Discover crash on rpm-ostree distros, two Kickoff regressions, and several clipboard and KWin issues.
Read more →KDE Plasma 6.7 Is Out: Per-Screen Virtual Desktops, the Air Theme and More
The KDE Project ships Plasma 6.7 with independent virtual desktops per monitor, a global push-to-talk shortcut, Wayland session restore and the return of KDE 4's Air theme.
Read more →
Build a local AI inference appliance with Ubuntu Core 26 in a VM
Canonical walks through turning Ubuntu Core 26 into a local AI inference appliance using Multipass and the gemma4 snap, with an OpenAI-compatible API before touching real hardware.
Read more →VirtualBox 7.2.10 fixes CentOS 10 boot and OS/2 guests
VirtualBox 7.2.10 fixes a VMM bug that stopped CentOS 10 from booting, restores OS/2 boot under E1000, and solves startup of ARM machines with little RAM.
Read more →Linux Guest Additions: clipboard with Plasma on Wayland in VirtualBox 7.2.10
VirtualBox 7.2.10 adds initial Extended Data Control Protocol support for clipboard sharing with Plasma on Wayland guests, skips vboxvideo on kernel 7.0+, and restores OS/2 clipboard and shared-folder automount.
Read more →VirtualBox 7.2.10: the maintenance update that rounds out the 7.2 branch
Oracle shipped VirtualBox 7.2.10 on June 16, 2026 with fixes across VMM, EFI, USB, storage, network and Guest Additions. It is the latest available release of the 7.2 branch.
Read more →VirtualBox 7.2.10 lands with initial Linux kernel 7.1 support
Oracle ships VirtualBox 7.2.10 with initial Linux 7.1 support, better RHEL 9.8 compatibility, and several fixes for Linux hosts and guests.
Read more →USB on Apple Silicon and VIRTIO-SCSI fixes in VirtualBox 7.2.10
VirtualBox 7.2.10 fixes USB attachment to headless VMs on Apple Silicon/macOS 26.4.1 and makes VIRTIO-SCSI report as an SSD to guests.
Read more →CVE-2026-35248: the VirtualBox flaw Oracle fixed in April, already behind the 7.2 branch
Oracle's April 2026 Critical Patch Update included CVE-2026-35248, a Core flaw in VirtualBox 7.2.6 rated CVSS 5.0. The current 7.2.10 branch already sits above the affected release.
Read more →GNU Linux-libre 7.1: the blob-free kernel is now available
The GNU Linux-libre project ships version 7.1 based on Linux 7.1, deblobbing new drivers for Lontium LT8713SX, Realtek 802.11be chips and Qualcomm SoCs.
Read more →Hyper-V checkpoints: standard versus production
Hyper-V on Windows 10 and 11 offers two checkpoint types: standard, which also saves the memory state, and production, which uses VSS or File System Freeze for a data-consistent copy. Here's when to use each.
Read more →Linux 7.1: the security changes and what to check before you upgrade
Kernel 7.1 extends Landlock to UNIX sockets, turns on Intel FRED by default, and ships two networking changes (IPv6 and UDP-Lite) that can break custom kernel builds.
Read more →Linux 7.1 Is Here: New NTFS, Landlock for UNIX Sockets, and More
Linus Torvalds announces Linux 7.1 with a new NTFS implementation that supports full write, improved amd-pstate and intel_idle drivers, exFAT changes, and security hardening.
Read more →
CVE-2026-48914: QEMU/KVM heap overflow lets a guest VM crash the host
A bounds-checking flaw in virtio_blk_handle_scsi lets a VM with CAP_SYS_ADMIN corrupt the heap and take down the host QEMU process. CVSS 8.2. Update to QEMU 9.2.1.
Read more →Peppermint OS Devuan Moves to Devuan 6 Excalibur, No systemd
The Devuan edition of Peppermint OS now builds on Devuan 6 Excalibur, with Xfce 4.20, kernel 6.12 LTS, three init systems and Calamares on Qt 6.
Read more →
Windows 11: unified Windows Update and fewer reboots in the 12 June 2026 builds
Microsoft ships new Insider builds with a Windows Update that bundles drivers, .NET and firmware into one monthly restart, more typo-tolerant search, and per-app release notes.
Read more →
AI at the edge: Cisco and Canonical ship a validated Ubuntu design
Cisco and Canonical publish a Cisco Validated Design for deploying AI at the edge with Ubuntu Server 24.04.3 LTS, Cisco Unified Edge hardware and an automated operator stack.
Read more →Proxmox Mail Gateway 9.1: reworked spam quarantine and encrypted backups
Proxmox Mail Gateway 9.1 ships on Debian 13.5 with Linux kernel 7.0, an improved spam quarantine interface and native encryption to Proxmox Backup Server.
Read more →
Qubes OS 4.3.1: New Stable Release with Reinforced Security
Qubes OS 4.3.1 is now available: consolidated security updates, bug fixes and a Fedora 43 template in the most secure operating system based on compartmentalization.
Read more →CVE-2026-42897: Exchange Server zero-day exploited through Outlook Web Access
An OWA XSS lets attackers run JavaScript just by getting a user to open an email in the browser. Microsoft had already mitigated it in May, and CISA listed it as actively exploited.
Read more →
CVE-2026-46316 (ITScape): the first guest-to-host escape on KVM/arm64
Hyunwoo Kim disclosed ITScape, a use-after-free in KVM/arm64's vGIC-ITS cache that lets a guest VM run code as root on the host. What it is, who it affects, and how to patch it.
Read more →Live Migration: move running VMs between hosts with no downtime
Hyper-V Live Migration moves running virtual machines from one host to another with no perceived downtime. Since Windows Server 2016 it no longer requires Failover Clustering.
Read more →Alpine Linux 3.24 Arrives with GNOME 50, KDE Plasma 6.6, and COSMIC
Alpine Linux 3.24 ships the Linux 6.18 LTS kernel, the GNOME 50, KDE Plasma 6.6, and COSMIC desktops, Sway 1.12, and Limine bootloader support with IPv6 in the installer.
Read more →CVE-2026-44815: remote code execution in the Windows DHCP Client Service
Microsoft fixed a CVSS 9.8 flaw in the Windows DHCP Client Service in June 2026 that could allow remote code execution. It affects every Windows system with a DHCP client.
Read more →OpenSSL fixes a PKCS#7 use-after-free that can lead to code execution (CVE-2026-45447)
A malformed S/MIME message can free a BIO the application still owns during PKCS7_verify(). It affects OpenSSL 1.0.2, 1.1.1, 3.0, 3.4, 3.5, 3.6 and 4.0.
Read more →CVE-2026-47291: Unauthenticated RCE in Windows HTTP.sys via Integer Overflow
A flaw in the HTTP.sys kernel driver allows unauthenticated RCE through oversized HTTP requests. It hits IIS, WinRM and WCF, but only if you raised MaxRequestBytes.
Read more →CVE-2026-49160 (HTTP/2 Bomb): the zero-day that takes down HTTP.sys with a few bytes
A resource-consumption flaw in Windows' HTTP/2 implementation lets a remote attacker cause denial of service by sending very little data. CVSS 7.5, fixed in the June 2026 Patch Tuesday.
Read more →FreeBSD KTLS: a local user can overwrite files and escalate to root (CVE-2026-45257)
A flaw in the KTLS receive path lets an unprivileged user overwrite arbitrary files over loopback. Affected versions, the June 9, 2026 patch, and the mitigation.
Read more →FreeBSD fixes a Linuxulator privilege escalation via LD_PRELOAD (CVE-2026-49413)
An unprivileged local user could inject a library with LD_PRELOAD into a setuid Linux binary running under FreeBSD's Linuxulator and inherit its privileges. What breaks, who is affected, and how to patch.
Read more →FreeBSD patches an Arm CPU erratum that allows privilege escalation on arm64 (CVE-2025-10263)
A hardware flaw in Cortex-A, Neoverse and Ampere processors lets software write to memory after page permissions are revoked. FreeBSD ships a kernel mitigation for its 14.x and 15.x branches.
Read more →KVM, QEMU and libvirt in RHEL: how the three layers of Linux virtualization fit together
A clear breakdown of the three pieces behind virtualization in Red Hat Enterprise Linux: KVM in the kernel, QEMU as the emulator and libvirt as the management layer, with virt-manager, Cockpit and virsh.
Read more →OpenNebula Joins the Confidential Computing Consortium and Lands in Its Maturity Report
OpenNebula Systems joins the Confidential Computing Consortium as a General Member and appears in the '3 Degrees of Confidential Computing' report. A look at confidential VM support over KVM with AMD SEV-SNP, Intel TDX and Arm CCA, plus what OpenNebula 7.2 adds.
Read more →
Three Guest-to-Host RCE Flaws in Windows Hyper-V (June 2026 Patch Tuesday)
Microsoft patches three Hyper-V remote code execution bugs that let an attacker escape a guest VM and run code on the host server, plus a host memory leak.
Read more →
June 2026 Patch Tuesday: 198 CVEs, Microsoft's largest ever
Microsoft fixes 198 vulnerabilities in June 2026, its biggest bulletin to date, with 32 critical flaws, three zero-days and a CVSS 9.8 RCE in the Windows kernel.
Read more →What is RoCE (RDMA over Ethernet), and how Ubuntu supports it
Canonical breaks down RDMA over Converged Ethernet: the difference between RoCEv1 and RoCEv2, why Ethernet needs PFC and ECN, and the kernel drivers Ubuntu ships for AI and HPC networking.
Read more →
Alpine Linux 3.24.0: New Stable Series with GNOME 50, KDE Plasma 6.6 and COSMIC
Alpine Linux 3.24.0 is here: it ships GNOME 50, KDE Plasma 6.6, the COSMIC desktop, plus Limine boot loader and IPv6 support in the installer.
Read more →
Four Xen advisories (XSA-491 to XSA-494): mapcache memory corruption and hypervisor crash
Xen released four advisories on 9 June 2026. XSA-494 (CVE-2026-42488) allows memory corruption, privilege escalation and host crash; XSA-491 (CVE-2026-42487) lets a device model crash the hypervisor.
Read more →Apple tightens parental controls and child accounts in iOS 27, iPadOS 27, and macOS 27
At WWDC26 Apple announced child accounts that are mandatory for kids under 13, expanded Communication Safety, Ask to Browse, and per-category time limits across iOS 27, iPadOS 27, and macOS 27.
Read more →Apple rebuilds Siri as Siri AI in iOS 27, iPadOS 27 and macOS 27
Apple introduces Siri AI, a new version of the assistant powered by Apple Intelligence, with a dedicated app, personal context and on-device processing. It ships on iOS 27, iPadOS 27, macOS 27 and visionOS 27.
Read more →Apple shows iOS 27, iPadOS 27 and macOS 27 with a rebuilt Siri AI
At the WWDC26 opening keynote Apple introduced iOS 27, iPadOS 27, macOS 27, watchOS 27, visionOS 27 and tvOS 27, with the next round of Apple Intelligence, Siri AI and performance gains. They ship free in fall 2026.
Read more →Chrome rushes a fix for CVE-2026-11645, a V8 zero-day already under attack
Google patched an out-of-bounds read/write in V8 in Chrome 149.0.7827.103 with an exploit in the wild. What's affected, severity, and how to update.
Read more →Debian DSA-6331-1: several Keystone (OpenStack) flaws that touch your cloud's identity layer
Debian fixes authorization bypass, privilege escalation and user impersonation bugs in Keystone for Bookworm and Trixie. Here's what to update.
Read more →FRRouting on RHEL 10: two denial-of-service flaws in bgpd (RHSA-2026:24347)
Red Hat patches CVE-2026-37457 and CVE-2026-37459 in FRRouting: two ways to crash the bgpd daemon with a crafted BGP UPDATE. Update to FRR 10.4.4 on RHEL 10.
Read more →PostgreSQL JDBC: a malicious server can hang the client over SCRAM (CVE-2026-42198)
Red Hat fixes a denial of service in the PostgreSQL JDBC driver on RHEL 10. A hostile server forces a runaway PBKDF2 computation during SCRAM-SHA-256 authentication. CVSS 7.5.
Read more →
VMSA-2026-0004: Stored XSS in VMware Cloud Foundation Operations
Broadcom patches three stored XSS flaws (CVE-2026-41722, 41723 and 41724), CVSS 8.0, in VMware Cloud Foundation Operations. No workaround: you have to update.
Read more →
Windows 11 26H1 splits into separate Beta and Experimental branches (8 June 2026 builds)
Microsoft splits the Beta and Experimental channels for Windows 11 26H1 with new build series and lets Insiders switch branches without a clean reinstall.
Read more →Hyper-V Requirements: SLAT, Hardware Virtualization and DEP
What hardware Hyper-V needs according to Microsoft's documentation: a 64-bit processor with SLAT, VM Monitor Mode extensions, hardware-assisted virtualization (Intel VT / AMD-V) and DEP. How to check it with systeminfo.
Read more →GNOME 50.2 Adds Rate Control to VA-API H.264 Screencast
GNOME 50.2 ships rate control for VA-API H.264 screencast pipelines, plus fixes across Mutter, Nautilus, GDM, GNOME Software, and Orca.
Read more →Ubuntu 26.04 LTS wants to take the GPU setup pain out of AI work
Canonical explains how Ubuntu 26.04 LTS installs CUDA and ROCm with a single apt install and integrates DOCA-OFED, with an eye on squeezing every watt of AI hardware.
Read more →
CIFSwitch (CVE-2026-46243): a 19-year-old Linux kernel flaw hands root to any local user
CVE-2026-46243 lets an unprivileged user open a root shell by abusing the CIFS module's SPNEGO upcall. Red Hat, Ubuntu, Debian, SUSE, Oracle Linux and Amazon Linux are affected.
Read more →Ubuntu Core 26 brings AI to the edge on Renesas RZ/V processors
Canonical walks through compiling, packaging and deploying AI models on Renesas RZ/V microprocessors with Ubuntu Core 26 and the DRP-AI accelerator.
Read more →HTTP/2 Bomb (CVE-2026-49975): one client takes a web server down in seconds
The HTTP/2 Bomb pairs HPACK compression with flow control to exhaust the RAM of nginx, Apache, IIS, Envoy and Pingora. Affected versions, impact and patches.
Read more →What Hyper-V is: the type-1 hypervisor built into Windows
Hyper-V is Microsoft's type-1 hypervisor included in Windows Server and Windows. Here's its bare-metal architecture, what it's for and how it fits into a virtualization setup.
Read more →Build 2026: Windows doubles down as a development platform
At Build 2026 Microsoft shows Microsoft Execution Containers, WSL Containers, post-quantum cryptography in TLS and WHCP-certified drivers by default for Windows.
Read more →OpenBSD 7.8 patches several X server flaws with errata 037
OpenBSD 7.8 errata 037 fixes multiple vulnerabilities in the X server's dri2, sync, saver and Xkb extensions. What it affects and how to apply the patch.
Read more →Use-after-free in the Linux kernel TLS layer: a socket close that steps on freed memory
A race condition in the Linux kernel's tls_sk_proto_close() lets one thread close a TLS socket while another changes options, triggering a use-after-free. Disclosed on oss-security, 2 June 2026.
Read more →Ubuntu and Ubuntu Pro now run on Microsoft's Azure Cobalt 200 VMs
Canonical brings Ubuntu and Ubuntu Pro to Microsoft's second-generation Arm silicon from day one of preview, with kernel Livepatch on Arm64.
Read more →Windows gets platform security for AI agents: the MXC SDK
Microsoft introduces Microsoft Execution Containers (MXC), a policy-driven execution layer to sandbox AI agents on Windows and WSL, with process isolation, session isolation and hypervisor micro-VMs.
Read more →XCP-ng 8.3 LTS: first batch of June 2026 updates
XCP-ng ships its first June 2026 update for the 8.3 LTS branch: kernel patches against local root escalation, the end of ssh-rsa support, USB smartcard passthrough and a higher UEFI vCPU ceiling.
Read more →Android Security Bulletin June 2026: one exploited flaw among 124 fixes
Google patches over a hundred Android vulnerabilities. CVE-2025-48595, a Framework privilege escalation, may already be under targeted exploitation.
Read more →libvirt 12.4.0: per-VM energy monitoring with resctrl and new virtio events
libvirt 12.4.0 adds per-VM energy monitoring via resctrl, lifecycle events for virtio channels, bhyve improvements and the freezer controller in CGroupV2.
Read more →Canonical and NVIDIA bring OpenShell to Ubuntu as a snap for AI agents
Canonical packages the NVIDIA OpenShell runtime as a snap on Ubuntu to sandbox AI agents. One command to install, and it runs on DGX Spark, DGX Station and RTX PRO.
Read more →CVE-2026-41089: the Netlogon RCE is now hitting domain controllers
A stack-based buffer overflow in the Windows Server Netlogon service lets an unauthenticated remote attacker run code on a domain controller. What it is, who it affects and how to protect yourself.
Read more →The History of ReactOS: the Dream of a Free Windows
History, key versions and curiosities of ReactOS, the free operating system recreating Windows with binary compatibility for apps and drivers since 1998.
Read more →CVE-2026-46129: Btrfs double-free triggered by a sysfs kobject registration failure
A double free in the error path of Btrfs create_space_info() can corrupt kernel memory. Here is who it affects, how serious it is, and how to patch it.
Read more →Ubuntu becomes the default image on Google Cloud TPU VMs
Canonical and Google Cloud ship certified Ubuntu images on TPU virtual machines, supporting Ironwood, Trillium, v5p and v5e with optimized access to JAX, PyTorch and TensorFlow.
Read more →Migrating from Apache Spark 3 to Spark 4: what changes and how to prepare
Canonical publishes a guide for moving from Apache Spark 3 to Spark 4. Here are the Scala and Java requirements, the default ANSI SQL mode and the phased migration strategy.
Read more →
Rocky Linux 10.2 Released: Post-Quantum Cryptography and Flatpak by Default
Rocky Linux 10.2 arrives with OpenSSH ML-KEM, Flatpak for Firefox and Thunderbird, GCC 14.3, Podman with Sequoia-PGP and support until 2035.
Read more →Workshop: sandboxed development environments on Ubuntu with one command
Canonical introduces Workshop, an Ubuntu tool that spins up sandboxed dev environments defined in YAML, running on unprivileged LXD containers and built with AI agents in mind.
Read more →Ubuntu and Arm: running agentic AI workloads with kernel 7.0 and 15 years of support
Canonical explains how to run agentic AI workloads on Arm and Ubuntu 26.04 LTS: CPUs with up to 136 Neoverse V3 cores, Arm64 kernel livepatching and 15 years of support with Ubuntu Pro.
Read more →
AlmaLinux OS 10.2 "Lavender Lion" Is Now Available
AlmaLinux 10.2 ships with kernel 6.12, GNOME 49, PHP 8.4, PostgreSQL 18 and i686 support. Discover everything new in this stable release.
Read more →Samba on Ubuntu: USN-8306-1 fixes six flaws, two with code execution
Ubuntu ships USN-8306-1 patching six Samba vulnerabilities, including two that allow arbitrary code execution in the SAMR server and the printing subsystem.
Read more →
Palm's webOS: The Operating System Ahead of Its Time
The story of webOS, Palm's groundbreaking operating system: cards multitasking, Synergy, its journey through HP and its rebirth on LG smart TVs.
Read more →
MX Linux 25.2 «Infinity»: text-mode installer and Debian 13.5 base
MX Linux 25.2 «Infinity» arrives with a new text-mode TUI installer, kernel 6.12.90, a Debian 13.5 base and mesa 26.0.1 on AHS editions. What's new and download.
Read more →
BlackBerry OS: The Fallen King of Mobile Email
The history of BlackBerry OS: from RIM's 1999 pager to the reign of push email and physical keyboards, the famous BBM, and its fall to iOS and Android.
Read more →Chrome 148 patches a WebRTC use-after-free that runs code on Linux (CVE-2026-9111)
Google shipped Chrome 148.0.7778.178 to close a critical WebRTC use-after-free affecting Linux that runs code just from visiting a web page.
Read more →Packagist supply chain attack: Linux malware hidden in package.json
Eight PHP packages on Packagist, including devdojo/wave and devdojo/genesis, ran a Linux binary pulled from GitHub. Separately, hundreds of laravel-lang versions were republished with a credential stealer after a GitHub token leaked.
Read more →Canonical brings managed Kubeflow to the Azure Marketplace
Canonical announces a fully managed Kubeflow MLOps platform on the Azure Marketplace: deployable in under an hour, running on AKS, with 24/7 management.
Read more →PinTheft (CVE-2026-43494): what it is and why your Ubuntu is probably already safe
Canonical breaks down PinTheft, a Linux kernel bug that poisons the page cache. CVSS 7.8, Medium priority on Ubuntu, and why the default configuration isn't vulnerable.
Read more →CVE-2026-45250: a stack overflow in setcred(2) hands out root on FreeBSD
The setcred(2) syscall copied the supplementary group list into a fixed-size kernel stack buffer without checking its length, letting an unprivileged local user run code in the kernel and escalate to root on FreeBSD 14.3, 14.4 and 15.0.
Read more →FreeBSD fixes a ptrace(PT_SC_REMOTE) flaw that gave local root (CVE-2026-45253)
Poor parameter validation in ptrace(PT_SC_REMOTE) let an unprivileged local user run code in the FreeBSD kernel. There is no workaround: you have to patch.
Read more →FreeBSD fixes a libcap_net flaw that let Capsicum sandboxes widen their network permissions (CVE-2026-45254)
A logic bug in libcap_net treated an omitted restriction as 'allow any', so an application inside a Capsicum sandbox could gain network permissions instead of losing them. What breaks, who is affected, and how to patch.
Read more →Ubuntu Core 26 connects to AWS IoT Greengrass and Azure IoT Edge
Canonical shows how to bring cloud intelligence to the edge with Ubuntu Core 26, AWS and Azure runtimes delivered as snaps, and on-device AI deployment.
Read more →
Windows Mobile and Pocket PC: the PDA era before the iPhone
The history of Windows Mobile and Pocket PC: Windows CE roots, key versions, the stylus, and why they faded away against iOS and Android.
Read more →Canonical releases Ubuntu Core 26, its IoT LTS with 15 years of support
Ubuntu Core 26 ships on top of Ubuntu 26.04 LTS, with OTA updates up to 90% smaller, Livepatch on ARM64 and TPM-sealed keys.
Read more →Firefox 151 fixes a sandbox escape and a DOM use-after-free (MFSA 2026-46)
Mozilla ships Firefox 151 with 27 fixes, including an Android sandbox escape, a use-after-free in DOM Bindings, and a same-origin bypass. Update now.
Read more →
OpenBSD 7.9: the 60th release of the security-focused OS
OpenBSD 7.9, released May 19, 2026, improves the kernel scheduler, expands arm64 support, hardens pledge and unveil, and enables IPv6 SLAAC by default.
Read more →
Red Hat Enterprise Linux 10.2 is now available
RHEL 10.2 arrives with kernel 6.12, the Red Hat Lightspeed AI assistant, post-quantum cryptography and improved image mode. Discover all the new features.
Read more →ssh-keysign-pwn (CVE-2026-46333): how Ubuntu fixes the /etc/shadow and SSH key leak
A Linux kernel race condition let local users read sensitive files through ptrace. Ubuntu has patches out for Focal, Jammy, Noble, Questing and Resolute.
Read more →
Symbian OS: the System That Once Ruled Smartphones
The history of Symbian OS: from Psion's EPOC to the operating system that dominated Nokia smartphones in the 2000s. Versions, S60, UIQ and trivia.
Read more →ssh-keysign-pwn (CVE-2026-46333): a ptrace race exposes SSH keys and /etc/shadow
A logic flaw in the Linux kernel ptrace subsystem lets an unprivileged local user steal SSH host keys and password hashes. It has been there since 2016, and patches are out for Debian, Ubuntu, Fedora, SUSE, AlmaLinux and CloudLinux.
Read more →Redhound: how Canonical hunts logic flaws with AI
Canonical introduces Redhound, an AI auditing agent that found three critical zero-days in LXD that had gone unnoticed for years.
Read more →
Palm OS: the system that put computing in your pocket
The history of Palm OS, the operating system behind the PalmPilot PDAs: origins, key versions, Graffiti handwriting and its legacy before smartphones.
Read more →Fragnesia (CVE-2026-46300): a skb_try_coalesce bug hands out local root on the Linux kernel
skb_try_coalesce() drops the SKBFL_SHARED_FRAG marker and lets an unprivileged user write over page-cache pages to get root. AlmaLinux already shipped patched kernels.
Read more →NGINX Rift (CVE-2026-42945): an 18-year-old rewrite-module bug allows unauthenticated RCE
A heap overflow in ngx_http_rewrite_module with a 9.2 CVSS leaves NGINX open to remote code execution. Red Hat already ships a fix for RHEL 9 in RHSA-2026:18029. What it is, who it affects and how to mitigate it.
Read more →CVE-2026-35421: one EMF file in Paint is enough to run code on Windows
Microsoft patched a Windows GDI heap overflow in May 2026 that lets an attacker run code when a crafted Enhanced Metafile is opened in Microsoft Paint. What it is, who it affects, and how to mitigate.
Read more →CVE-2026-40361: four code-execution flaws in Microsoft Word, and the Preview Pane is enough
Microsoft patched four Word RCE vulnerabilities (CVSS 8.4) in May 2026. The Preview Pane is an attack vector and two of them are rated more likely to be exploited.
Read more →CVE-2026-41096: remote code execution in the Windows DNS Client via a crafted response
Microsoft patched CVE-2026-41096, a critical flaw in the Windows DNS Client that allows remote code execution through a specially crafted DNS response. It was fixed in the May 2026 Patch Tuesday.
Read more →CVE-2026-41103: Microsoft's SSO plugin for Jira and Confluence lets attackers impersonate any user
A flawed SAML check in the Microsoft SSO Plugin for Jira and Confluence (CVSS 9.1) lets an unauthenticated attacker forge identities and log in as anyone. Affected versions and the fix.
Read more →CVE-2026-45185: unauthenticated remote code execution in Exim with GnuTLS
A use-after-free during TLS shutdown in GnuTLS builds of Exim allows unauthenticated remote code execution when handling SMTP with BDAT. Affects Exim 4.97 to 4.99.2, fixed in 4.99.3.
Read more →May 2026 Patch Tuesday: 120 flaws fixed and, for the first time in nearly two years, no zero-days
Microsoft closes around 120 vulnerabilities in its May 2026 release, 17 of them critical, with no known zero-days at launch. Here's what got fixed and why you should patch now.
Read more →
Caldera OpenLinux and the SCO Lawsuits: From Friendly Desktop to Courtroom
The story of Caldera OpenLinux, a pioneer of commercial Linux, its versions and its turn into SCO Group, the source of the 2000s lawsuits against Linux and IBM.
Read more →iOS 26.5 fixes a kernel privilege escalation to root (CVE-2026-28951)
Apple ships iOS 26.5 and iPadOS 26.5 with over 90 security patches. CVE-2026-28951 is a kernel authorization flaw that could let an app gain root privileges.
Read more →macOS Tahoe 26.5 fixes a Gatekeeper bypass and serious kernel bugs
Apple ships macOS Tahoe 26.5 with patches across more than twenty subsystems. CVE-2026-28954 lets a malicious disk image slip past Gatekeeper, and two kernel flaws allow tampering with privileged memory.
Read more →Dirty Frag (CVE-2026-43284): two Linux kernel bugs chain into local root
A write-what-where condition in ESP plus a privilege escalation flaw in RxRPC let an unprivileged local user reach root. Public PoCs exist and no universal patch shipped on 8 May 2026.
Read more →CVE-2026-43303: a Linux kernel use-after-free that hits WSL2 and containers
A flaw in the Linux kernel's memory management leaves stale pointers in page->private, opening the door to memory corruption or privilege escalation. It affects 5.18 onward and matters most for WSL2 and containers. What it is, who it hits, and how to patch it.
Read more →Dirty Frag: two Linux kernel flaws give root, and how to close them on Ubuntu
Canonical ships patches for Dirty Frag, two local privilege escalation flaws in the ESP/IPsec and RxRPC kernel modules. Affected releases run from Ubuntu 18.04 to 26.04 LTS.
Read more →
Knoppix: The Pioneering Live CD That Changed Linux
The story of Knoppix, the first popular Live CD built by Klaus Knopper in 2000: key releases, its legendary hardware detection and surprising trivia.
Read more →Ubuntu patches EntrySign and 130+ kernel CVEs in USN-8245-1
USN-8245-1 fixes EntrySign (CVE-2024-36347), the microcode signature flaw in AMD Zen processors, along with more than a hundred kernel vulnerabilities. Here's who's affected and how to update.
Read more →Mandrake and Mandriva: the Linux that won over beginners
The story of Mandrake Linux and Mandriva: born in 1998 from Gaël Duval, the lawsuit over its name, MandrakeSoft, its key versions and its legacy in Mageia and OpenMandriva.
Read more →RHSA-2026:13577: Red Hat patches six kernel flaws in RHEL 8
Red Hat ships an Important kernel update for RHEL 8 that fixes six CVEs, including a KVM privilege escalation and a heap overflow in the NFSv4.0 LOCK replay cache.
Read more →cPanel/WHM under attack: an authentication bypass (CVE-2026-41940) seeded ransomware across thousands of servers
A critical authentication bypass in cPanel/WHM lets attackers take over the panel with no credentials. It landed in CISA's KEV catalog and was exploited at scale to encrypt sites with the .sorry extension.
Read more →Red Hat Linux (1994-2003): The Story of the Red Hat
The history of Red Hat Linux: from version 1 to 9, the birth of RPM and the 2003 split into Fedora and Red Hat Enterprise Linux. Versions and trivia.
Read more →
EndeavourOS Titan Neo is here: kernel 6.19, Calamares 26.03 and Nvidia improvements
EndeavourOS Titan Neo arrives on May 1, 2026 with Linux kernel 6.19.14, Calamares 26.03.2.3 and improved Nvidia support for KDE Plasma.
Read more →CVE-2026-7164: a crafted SCTP packet crashes FreeBSD's pf firewall
Faulty packet validation in pf allows unbounded recursion when parsing SCTP chunks, leading to a kernel panic. FreeBSD 13.5, 14.3, 14.4 and 15.0 are affected. Here's how to fix it.
Read more →FreeBSD patches an execve() bug that hands root to any local user (CVE-2026-7270)
An operator precedence bug in the FreeBSD kernel lets an unprivileged account escalate to superuser. Fixed on 29 April 2026 in FreeBSD-SA-26:13.exec.
Read more →
The Early Versions of Debian: History and Curiosities
A journey through Debian's origins: from Ian Murdock in 1993 to the legendary 1.1 Buzz, the Toy Story codenames, and the birth of dpkg and apt.
Read more →
Fedora Linux 44 Released: GNOME 50, KDE Plasma 6.6 and Kernel 6.19
Fedora Linux 44 arrives on April 28, 2026 with GNOME 50, KDE Plasma 6.6, Linux kernel 6.19, MariaDB 11.8 and improved Wine compatibility.
Read more →
Slackware 1.0 (1993): The Story of the Oldest Linux Distribution
Discover the history of Slackware 1.0, released by Patrick Volkerding in July 1993. Its SLS origins, key versions, trivia and why it's still alive today.
Read more →
Ubuntu 26.04 LTS 'Resolute Raccoon' Is Now Available
Canonical releases Ubuntu 26.04 LTS 'Resolute Raccoon' with Linux kernel 7.0, GNOME 50, Python 3.14 and support until 2036. Here's everything that's new.
Read more →Yggdrasil: the first Linux ever shipped on CD-ROM
The story of Yggdrasil Linux/GNU/X, the 1992 distribution that brought Linux to CD-ROM with automatic hardware detection and live booting.
Read more →SplitSSHell: a comma in SSH certificates opened root access in OpenSSH (CVE-2026-35414)
A 15-year-old OpenSSH flaw let a certificate with a 'deploy,root' principal bypass access control and authenticate as root. Fixed in OpenSSH 10.3.
Read more →CrackArmor: kernel AppArmor flaws let users load arbitrary profiles (USN-8201-1)
Qualys found 11 CVEs in the Linux kernel AppArmor module. An unprivileged local user could load, replace or remove profiles, escalate to root, or escape a container. Ubuntu fixed it in USN-8201-1.
Read more →CVE-2026-40372: a .NET patch opened a door to SYSTEM in ASP.NET Core
A regression in .NET 10.0.6 made ASP.NET Core Data Protection validate its HMAC over the wrong bytes. The result: forgeable auth cookies and escalation to SYSTEM. Microsoft shipped 10.0.7 out of band.
Read more →Out-of-bounds read in libXpm: OpenBSD fixes it with errata 032 (CVE-2026-4367)
OpenBSD 7.7 and 7.8 patch an out-of-bounds read in libXpm triggered by crafted XPM files. What it affects, how serious it is, and how to apply the fix.
Read more →SLS: The First Complete Linux Distribution in History
The story of Softlanding Linux System (SLS), the first Linux distro to bundle the kernel, GNU and X Window on floppies. Versions, trivia and its legacy in Slackware and Debian.
Read more →Linux 0.01: The Story of the Kernel That Began as a Hobby
The history of the Linux 0.01 kernel from 1991: origins, its 10,000 lines of 386-only code, the Freax name, and curious facts about Torvalds' first Linux.
Read more →
Zorin OS 18.1: an easier leap from Windows
Zorin OS 18.1 ships with Linux kernel 6.17, LibreOffice 26.2, better Windows app detection and support until June 2029.
Read more →SUSE patches two glibc DNS parsing flaws (CVE-2026-4437 and CVE-2026-4438)
Update SUSE-SU-2026:1369-1 fixes two DNS resolution issues in glibc: a crafted server response that confuses the resolver and an invalid hostname returned by gethostbyaddr. Affected versions, severity and how to patch.
Read more →CVE-2026-32201: SharePoint spoofing zero-day exploited in real attacks
Microsoft patched a SharePoint zero-day (CVE-2026-32201) in April 2026 that was already under attack: an unauthenticated attacker can view sensitive data and alter information. What it affects and how to stay protected.
Read more →CVE-2026-33824: the wormable Windows IKE RCE that reaches SYSTEM with a single UDP packet
A double free in the Windows IKE extension (CVSS 9.8) allows unauthenticated remote code execution and is wormable. What it is, who it affects, and how to protect yourself.
Read more →BlueHammer (CVE-2026-33825): a Microsoft Defender flaw hands attackers SYSTEM
An elevation-of-privilege bug in the Microsoft Defender antimalware platform, dubbed BlueHammer, lets an unprivileged user run code as SYSTEM on Windows 10 and 11.
Read more →CVE-2026-33827: a Windows TCP/IP race condition opens the door to wormable RCE
A synchronization flaw in the Windows TCP/IP stack allows remote, unauthenticated code execution with no user interaction when IPv6 and IPSec are both enabled. CVSS 8.1, patched in the April 2026 Patch Tuesday.
Read more →
KolibriOS: The Operating System That Fits on a Floppy Disk
The history, versions and curiosities of KolibriOS, the assembly-written operating system that fits on a 1.44 MB floppy disk and boots in just seconds.
Read more →April 2026 Patch Tuesday: Microsoft fixes 167 flaws and two zero-days
April 2026's update patches 167 vulnerabilities across Windows, Office, SharePoint and Defender, with eight critical bugs and two zero-days: a SharePoint flaw under active attack and a Defender bug disclosed before the patch.
Read more →RHSA-2026:7674: Red Hat fixes IPv6 literal parsing in rhc (CVE-2026-25679)
Red Hat updates the rhc client on RHEL 8 over an Important flaw: incorrect parsing of IPv6 host literals in net/url can mishandle URLs while connecting to Red Hat managed services.
Read more →Linux 7.0 lands: Intel TSX in auto mode and self-healing XFS
Linus Torvalds released kernel 7.0 on 12 April 2026. Here are the changes that matter for security and robustness: Intel TSX auto mode and online XFS self-repair.
Read more →Adobe ships an emergency fix for an Acrobat Reader zero-day (CVE-2026-34621) exploited since 2025
A prototype pollution bug in Acrobat Reader's JavaScript engine runs code when you open a malicious PDF. CISA added it to the KEV catalog and Adobe pushed an out-of-band patch.
Read more →
TempleOS: Terry A. Davis's One-Man Masterpiece
The story of TempleOS, the operating system Terry A. Davis wrote entirely by himself over a decade: the HolyC language, 640x480 graphics and one of computing's strangest legends.
Read more →OpenSSH on Debian: the GSSAPI Key Exchange patch opens the door to DoS and possible code execution (DSA-6204-1)
Debian fixes CVE-2026-3497, a flaw in its GSSAPI Key Exchange patch for OpenSSH that a remote attacker can use to crash SSH processes or, in the worst case, run code.
Read more →Apple ships iOS and macOS Tahoe 26.4.1 with no detailed CVEs
A look at Apple's April 2026 security updates: macOS Tahoe 26.4.1, iOS/iPadOS 26.4.1, 26.4.2 and 18.7.8, none of them with published CVE entries.
Read more →IBM OS/360: The Operating System That Nearly Sank IBM
The history of IBM OS/360, the operating system of the System/360 (1964): its PCP, MFT and MVT options, its chaotic development and The Mythical Man-Month.
Read more →OpenSSL fixes two low-severity bugs in April 2026: DANE and AES-CFB128
The 7 April 2026 OpenSSL update patches CVE-2026-28387 (DANE use-after-free) and CVE-2026-28386 (out-of-bounds read in AES-CFB128). Who is affected and how to update.
Read more →Firefox 149.0.2 patches high-impact memory-safety bugs (MFSA 2026-25)
Mozilla ships Firefox 149.0.2 to fix several high-impact memory-safety bugs, some with signs of memory corruption. If you run Firefox or Thunderbird, update now.
Read more →CVE-2026-31405: out-of-bounds read in the Linux kernel dvb-net (ULE) path, CVSS 9.8
A flaw in the Linux kernel DVB subsystem reads a function pointer past the end of a table and can invoke it. Present since 2.6.12. What happens and how to stay safe.
Read more →CVE-2026-31407: netfilter conntrack skips netlink validation and leaks kernel memory
A flaw in the Linux kernel's SCTP connection tracking lets a local user read kernel memory because of missing netlink validation. CVSS 7.1. Who is affected and which versions fix it.
Read more →CVE-2026-31408: use-after-free in the Linux kernel Bluetooth SCO stack
A race in sco_recv_frame() frees the socket too early and opens the door to a use-after-free in the kernel's Bluetooth code. CVSS 8.8. Here's what it affects and how to patch it.
Read more →
VMS and OpenVMS: The Operating System That Never Goes Down
The story of VMS and OpenVMS: born at DEC in 1977 for the VAX, famous for its clustering and legendary reliability, and still maintained today by VSI on x86-64.
Read more →OpenBSD patches iked(8): out-of-bounds read and NULL pointer dereference in IKEv2
OpenBSD 7.8 errata 027 fixes flaws in iked, the daemon that negotiates IPsec tunnels. A crafted packet could read out-of-bounds memory or crash the service.
Read more →
Multics, the Grandfather of Unix: The OS That Changed Everything
The history, versions and curiosities of Multics, the ambitious MIT, GE and Bell Labs operating system whose complexity inspired the creation of Unix.
Read more →
AIX, IBM's Unix: History, Versions and Curiosities
The story of AIX, IBM's Unix born in 1986 for POWER systems. Key versions, the SMIT tool and trivia about one of the longest-lived commercial Unix operating systems.
Read more →
HP-UX: HP's Enterprise Unix That Outlived PA-RISC and Itanium
The history of HP-UX, Hewlett-Packard's Unix born in 1984: its key versions, the leap from PA-RISC to Itanium, VUE, SAM and its final shutdown in 2025.
Read more →CVE-2026-4747: an unauthenticated RPCSEC_GSS flaw opens the door to kernel-level RCE on FreeBSD
A stack overflow in RPCSEC_GSS packet validation lets a malicious client run code with kernel privileges on FreeBSD NFS servers, no authentication required. Affected versions, impact and the March 26, 2026 patches.
Read more →CVE-2026-20698: Apple fixes a macOS kernel flaw that could corrupt memory
macOS Tahoe 26.4 patches CVE-2026-20698, a kernel memory-handling bug that let an app crash the system or corrupt kernel memory.
Read more →macOS Tahoe 26.4: Apple fixes a PackageKit root escalation (CVE-2026-28840)
Apple patches over 70 flaws in macOS Tahoe 26.4. The worst lets an app gain root through PackageKit. What it affects and how to update.
Read more →Firefox 149 fixes 34 security flaws, several allowing code execution (CVE-2026-4684)
Mozilla ships Firefox 149 with 34 fixes, 17 rated high. Among them a WebRender use-after-free and several memory bugs showing evidence of exploitable corruption.
Read more →
IRIX: The Silicon Graphics Unix That Conquered Hollywood
The history, versions and curiosities of IRIX, Silicon Graphics' Unix for high-end graphics workstations that powered movie effects like those in Jurassic Park.
Read more →
Kali Linux 2026.1: kernel 6.18, BackTrack Mode and 8 new tools
Kali Linux 2026.1 arrives with Linux kernel 6.18, the annual visual refresh, the nostalgic BackTrack Mode for its 20th anniversary and eight new tools.
Read more →CVE-2026-3055: a Citrix NetScaler memory flaw is being used to steal sessions
A memory overread in NetScaler ADC and Gateway configured as a SAML IdP leaks session tokens. Exploitation is already active and CISA has set a patch deadline.
Read more →Copy Fail (CVE-2026-31431): a 2017 algif_aead bug lets local users get root on Linux
An optimization in the kernel's AF_ALG crypto module lets a local user write 4 bytes into any cached file and become root. Nearly every distribution is affected.
Read more →Chrome 146 fixes two serious flaws in WebGL and Dawn (CVE-2026-4675 and CVE-2026-4676)
Google ships Chrome 146.0.7680.164/165 with patches for a heap buffer overflow in WebGL and a use-after-free in Dawn, both reachable through a crafted web page.
Read more →OpenBSD 7.8 errata 024: three denial-of-service flaws in libexpat
OpenBSD 7.8 errata 024 fixes CVE-2026-32776, 32777 and 32778 in libexpat, which let malformed XML hang or crash applications that rely on the library.
Read more →SunOS and Solaris: The Story of Sun Microsystems' Unix
The history of SunOS and Solaris: from the BSD workstation to Sun's System V Unix, with NFS, ZFS, DTrace, OpenSolaris and its legacy in illumos.
Read more →CVE-2026-22732: Spring Security silently drops HTTP security headers
A critical flaw (CVSS 9.1) makes servlet apps using Spring Security lose headers like Content-Security-Policy and Strict-Transport-Security without warning. Affected versions and fix.
Read more →CVE-2026-23245: race condition in the Linux traffic control gate action
A flaw in net/sched/act_gate.c let a local user trigger inconsistent kernel memory access when the gate action was replaced while a timer or dump walked the schedule list. CVSS 7.8.
Read more →
Xenix, Microsoft's Forgotten Unix That Ruled the 1980s
The history of Xenix, the Unix Microsoft licensed from AT&T in 1980: its origins, key versions, the handover to SCO and why it became the most widespread Unix of its era.
Read more →Apple ships its first background patch to close a WebKit flaw (CVE-2026-20643)
Apple uses Background Security Improvements for the first time to fix CVE-2026-20643, a WebKit Navigation API bug that bypassed the same-origin policy on iOS and macOS.
Read more →Berkeley's original BSD: the Unix that shaped the internet
The history of the original Berkeley BSD: from 1BSD to 4.4BSD, 4.2BSD's TCP/IP, the CSRG group, the AT&T lawsuit and a legacy that lives on today.
Read more →CrackArmor: nine AppArmor flaws let a local user escalate to root
Qualys reveals CrackArmor, a set of confused-deputy vulnerabilities in AppArmor present since 2017 that let a local user reach root, leak kernel memory and break container isolation on Ubuntu, Debian and SUSE.
Read more →CrackArmor on Ubuntu: fixes for the kernel, sudo and util-linux
Canonical split the CrackArmor fixes across three packages: kernel, sudo and util-linux. What each one patches, and why you need all three.
Read more →Debian DSA-6162-1: kernel patch for the CrackArmor AppArmor flaws
Debian ships DSA-6162-1 and fixes the CrackArmor AppArmor vulnerabilities found by Qualys in trixie. They allow local privilege escalation to root. Fixed version: 6.12.74-2.
Read more →Debian DSA-6163-1: the Bookworm kernel fixes 49 vulnerabilities
Debian ships a Linux kernel update for Debian 12 Bookworm bundling 49 flaws, including the AppArmor bugs found by Qualys. Fixed version: 6.1.164-1.
Read more →
Unix V6 and V7: The Code That Seeded Modern Computing
The history of Bell Labs' Unix V6 (1975) and V7 (1979): the versions that escaped AT&T, conquered universities and shaped today's Linux and BSD systems.
Read more →CVE-2026-21262: a SQL Server zero-day that hands over sysadmin
Microsoft fixed an improper access control flaw in SQL Server in March 2026 that lets an authenticated user escalate to sysadmin over the database. CVSS 8.8.
Read more →CVE-2026-23240: critical use-after-free in the Linux kernel TLS subsystem
A race condition in net/tls/tls_sw.c lets a worker touch already-freed memory. What it affects, which versions, and how it's fixed.
Read more →CVE-2026-26144: an Excel XSS can turn Copilot into a zero-click data thief
Microsoft rated this Excel information-disclosure flaw Critical. Chained with the Copilot agent, it can exfiltrate sensitive data with no user interaction. Fixed in the March 2026 Patch Tuesday.
Read more →March 2026 Patch Tuesday: Microsoft fixes 2 zero-days and 79 flaws
March 2026's security rollup patches 79 vulnerabilities across Windows, Office, SQL Server, .NET and Azure, including two disclosed zero-days and four critical Office and Excel flaws.
Read more →
The History of RISC OS: Acorn's System That Gave Birth to ARM
RISC OS, Acorn's operating system for the Archimedes in 1987, was the cradle of ARM processors. Its history, key versions and real curiosities.
Read more →
GEOS: The 8-Bit GUI That Stunned the Commodore 64
The story of GEOS, Berkeley Softworks' graphical OS that brought windows, a mouse and desktop publishing to the Commodore 64 and Apple II back in 1986.
Read more →CVE-2026-20127: Cisco confirms real-world attacks against Catalyst SD-WAN via auth bypass
A critical flaw in Cisco Catalyst SD-WAN Controller and Manager lets an unauthenticated remote attacker log in as a high-privileged account. Cisco confirms active exploitation tied to UAT-8616.
Read more →CVE-2026-20131: the critical Cisco FMC flaw Interlock exploited 36 days before disclosure
A Java deserialization bug in Cisco Secure Firewall Management Center (CVSS 10.0) lets an unauthenticated attacker run code as root. Interlock ransomware used it as a 0-day from January 2026.
Read more →CVE-2026-23236: smscufx driver lets an unprivileged user corrupt kernel memory
The Linux kernel's smscufx framebuffer driver dereferenced a userspace pointer instead of copying it in first. A local user could corrupt kernel memory and crash the box. Here's who's affected and how to patch.
Read more →Ubuntu ships kernel updates across every supported LTS (March 2026)
On 4 March 2026 Canonical released kernel patches for Ubuntu 25.10 and the 24.04, 22.04, 20.04 and 18.04 LTS branches, fixing CVE-2025-40214 and other flaws.
Read more →
OS/2: IBM's Bold Bet That Was Ahead of Its Time
The history of OS/2: the operating system IBM and Microsoft built together, its Warp releases, why it lost to Windows, and how it lives on in ArcaOS.
Read more →DSA-6153-1: an LXD flaw lets you run commands on the host (CVE-2026-23953)
Debian patches LXD over a newline injection (CVE-2026-23953, CVSS 8.7) that lets attackers add arbitrary hooks to lxc.conf and run commands as root on the host.
Read more →
The History of BeOS: the Multimedia OS That Nearly Became Apple
BeOS, the 1990s multimedia operating system from Be Inc. and Jean-Louis Gassée. Its history, key versions, Apple's rejection and its rebirth as Haiku.
Read more →
Commodore 64 and Its KERNAL: The Best-Selling Computer Ever
The story of the Commodore 64 and its KERNAL: 1982 origins, the best-selling 8-bit computer in history, ROM revisions, legendary chips and real trivia.
Read more →CVE-2026-22719: VMware Aria Operations Command Injection Exploited in the Wild
Broadcom patches an unauthenticated command injection flaw in VMware Aria Operations (CVSS 8.1) that enables RCE during assisted migrations. Exploited in the wild and added to CISA's KEV catalog.
Read more →CVE-2026-3038: Stack buffer overflow in FreeBSD routing sockets causes kernel panic
An unprivileged user can trigger a kernel panic on FreeBSD by exploiting a stack buffer overflow in rtsock_msg_buffer(). Here's who is affected, the severity, and how to patch it.
Read more →Firefox 148 fixes more than 40 vulnerabilities: WebRender sandbox escapes and a JavaScript engine use-after-free
Mozilla ships Firefox 148 (MFSA 2026-13) with 45 CVEs, 28 of them high impact, including sandbox escapes and memory bugs that could allow code execution. Update now.
Read more →USN-8059-1: Ubuntu fixes Linux kernel security flaws (SMB/ksmbd)
Ubuntu releases USN-8059-1 with Linux kernel fixes affecting the SMB subsystem. Here is what is fixed, who is affected, and how to update.
Read more →
Apple II and ProDOS: the computer that democratized computing
The story of the Apple II (1977) and its operating system: from Apple DOS 3.3 to ProDOS. Versions, VisiCalc, Wozniak's legacy and trivia of the 8-bit classic.
Read more →
The Classic Mac OS: from System 1 to Mac OS 9
History of the classic Mac OS, from System 1 (1984) to Mac OS 9 (1999): key versions, the graphical interface that changed computing, and its quirks.
Read more →CVE-2026-23226: use-after-free in the Linux kernel's ksmbd (SMB3 multichannel)
A synchronization flaw in the Linux kernel's in-kernel SMB3 server (ksmbd) allows a use-after-free in multichannel sessions. It affects kernels 6.3 through 6.19.0. We explain the risk, who is affected and how to mitigate it.
Read more →Debian releases DSA-6141-1: a Linux kernel update fixing more than 40 vulnerabilities
Debian patches dozens of Linux kernel vulnerabilities in trixie with version 6.12.73-1. Risks include privilege escalation, denial of service and information leaks.
Read more →
Atari ST and TOS: the Amiga's Rival That Conquered Music
The history of the Atari ST and its TOS operating system: Jack Tramiel's origins, Digital Research's GEM, its versions, and the MIDI ports that made it a legend.
Read more →CVE-2026-2441: Actively Exploited Chrome CSS Zero-Day (Use-After-Free)
Google ships an emergency fix for a use-after-free in Chrome's CSS engine (CVE-2026-2441), exploited in the wild. What it is, who is affected and how to update.
Read more →
AmigaOS and the Commodore Amiga: a machine ahead of its time
The story of AmigaOS and the Commodore Amiga: real preemptive multitasking in 1985, the Agnus, Denise and Paula chips, Workbench and the legendary Boing Ball.
Read more →nginx: man-in-the-middle injection when proxying to TLS servers (CVE-2026-1642, DSA-6131-1)
Debian releases DSA-6131-1 to fix CVE-2026-1642 in nginx, a race condition that lets an attacker inject plaintext data into responses from proxied upstream TLS servers.
Read more →CVE-2026-20700: Apple Patches a dyld Zero-Day Exploited in Targeted Attacks
A memory corruption flaw in dyld, Apple's dynamic linker, allowed code execution and was used in sophisticated attacks. Fixed in iOS, macOS, watchOS, tvOS and visionOS 26.3.
Read more →Ubuntu fixes kernel flaws and AMD SEV-SNP vulnerabilities (USN-8028-1)
Ubuntu ships USN-8028-1 for 24.04 LTS: numerous Linux kernel flaws and AMD issues, including CVE-2024-36331 in SEV-SNP. Who is affected and how to update.
Read more →CVE-2026-21513: Windows MSHTML zero-day exploited by APT28
In February 2026 Microsoft patched a security feature bypass in the MSHTML framework (CVE-2026-21513, CVSS 8.8) exploited as a zero-day by the APT28 group through malicious shortcuts and HTML files.
Read more →CVE-2026-21514: Microsoft Word zero-day that bypasses OLE mitigations
A security feature bypass in Microsoft Word, exploited as a zero-day, evades OLE and Mark-of-the-Web protections. What it is, who it affects and how to patch it.
Read more →CVE-2026-21533: Remote Desktop Services zero-day escalates to SYSTEM on Windows Server
A privilege-escalation flaw in Windows Remote Desktop Services, exploited as a zero-day, lets a local attacker reach SYSTEM by tampering with the registry. What it is, who is affected, and how to mitigate it.
Read more →CVE-2026-2261: A descriptor leak in blocklistd can disable FreeBSD's defenses
A bug in FreeBSD 15.0's blocklistd(8) leaks one socket descriptor per event, exhausting resources and letting an attacker disable automatic IP blocking before their attack.
Read more →CVE-2026-24300: Critical Elevation of Privilege Flaw in Azure Front Door (CVSS 9.8)
A critical improper access control vulnerability (CWE-284) in Azure Front Door allows privilege escalation without authentication. Learn who it affects, how severe it is, and what to do.
Read more →
CP/M: The Operating System That Ruled Before DOS
The history of CP/M, Gary Kildall and Digital Research's system that dominated 8-bit microcomputers before IBM chose DOS for its PC.
Read more →February 2026 Patch Tuesday: Microsoft fixes 6 zero-days and 58 flaws
Microsoft's February 2026 Patch Tuesday fixes 58 vulnerabilities in Windows, including 6 actively exploited zero-days, 5 critical flaws and new Secure Boot certificates.
Read more →OpenBSD patches two denial-of-service flaws in libexpat (CVE-2026-24515 and CVE-2026-25210)
OpenBSD 7.7 and 7.8 ship errata 014 to fix a NULL pointer dereference and an integer overflow in libexpat that can cause denial of service when parsing XML.
Read more →Debian fixes more than 170 Linux kernel vulnerabilities (DSA-6126-1)
Debian releases DSA-6126-1, a Linux kernel update that resolves over 170 CVEs with risks of privilege escalation, denial of service and information disclosure. Fixed in 6.12.69-1 for Trixie.
Read more →Debian Patches CVE-2025-68670: Unauthenticated RCE in the xrdp RDP Server (DSA-6123-1)
An unauthenticated stack-based buffer overflow in xrdp allows remote code execution (CVSS 9.8). Debian shipped fixes for bookworm and trixie. What's affected and how to mitigate.
Read more →
The History of FreeDOS: The Free DOS That Refused to Die
The story of FreeDOS: how Jim Hall kept DOS alive since 1994 with a free system. Key versions, real trivia, and its enduring use for flashing the BIOS.
Read more →CVE-2026-1731: Critical Unauthenticated RCE in BeyondTrust Exploited by Ransomware
An unauthenticated command injection in BeyondTrust Remote Support and Privileged Remote Access allows remote code execution. Exploited as a zero-day and used in ransomware attacks. What it is, who is affected, and how to mitigate it.
Read more →CVE-2026-24423: SmarterMail authentication bypass exploited by ransomware
A critical flaw in SmarterMail's ConnectToHub endpoint allows unauthenticated RCE. Actively exploited by the Storm-2603 group in ransomware attacks. CISA ordered patching.
Read more →CVE-2026-23111: a single character in nf_tables opens the door to root on Linux
An inverted condition in the kernel's nft_map_catchall_activate() leads to a use-after-free that lets an unprivileged user escalate to root. Who is affected, how severe it is, and how to mitigate it.
Read more →CVE-2026-23069: integer underflow in the Linux kernel vsock/virtio transport
An integer underflow in vsock/virtio credit accounting can queue more data than the peer can handle. Affects a wide range of Linux kernel versions. CVSS 5.5.
Read more →CVE-2026-23074: use-after-free in the Linux kernel teql qdisc enables local privilege escalation
A use-after-free flaw in the Linux kernel traffic control teql queueing discipline allows local privilege escalation. Affects 2.6.12 through several stable branches. CVSS 7.8.
Read more →
The History of PC DOS: IBM's DOS That Outlived MS-DOS
Origins, key versions and curiosities of PC DOS, IBM's operating system for the PC. From PC DOS 1.0 to PC DOS 2000 after the split with Microsoft.
Read more →OpenBSD patches a use-after-free in httpd(8) with chunked encoding (errata 013)
The OpenBSD project published errata 013 for 7.8, fixing a use-after-free in its httpd(8) web server when processing requests with chunked transfer encoding. Available via syspatch.
Read more →The History of DR-DOS: the rival that nearly beat MS-DOS
The story of DR-DOS, Digital Research's operating system that challenged MS-DOS: its versions, pioneering multitasking and the infamous AARD code.
Read more →
MS-DOS 6.22 (1994): the last standalone DOS
The story of MS-DOS 6.22, the final standalone version of MS-DOS. The Stac lawsuit, the end of DoubleSpace and the birth of DriveSpace in 1994.
Read more →Match Group breach: data from Hinge, Tinder, OkCupid and Match leaked
ShinyHunters claims the theft of roughly 10 million Match Group user records after compromising Okta SSO credentials through vishing. What leaked and how to protect yourself.
Read more →CVE-2025-11187: OpenSSL mishandles PBMAC1 parameters in PKCS#12
OpenSSL fixes a flaw in the MAC verification of PBMAC1-protected PKCS#12 files that can cause a stack buffer overflow or denial of service. Affected versions, severity and patches.
Read more →FreeBSD-SA-26:02.jail: jail escape via nullfs (CVE-2025-15547)
A root user inside a FreeBSD jail with allow.mount.nullfs can escape the chroot and reach the entire host filesystem. Analysis of advisory FreeBSD-SA-26:02.jail.
Read more →Xen XSA-477 (CVE-2025-58150): buffer overflow in shadow paging with tracing enabled
A flaw in Xen's tracing code lets an HVM guest in shadow paging mode overrun per-CPU buffers, risking privilege escalation, information disclosure or denial of service on x86.
Read more →Xen XSA-478 (CVE-2025-58151): a TOCTOU flaw in varstored enables privilege escalation from the VM
A TOCTOU race condition in varstored, the Xapi toolstack component that manages UEFI variables, lets an attacker with kernel-level access inside a VM run code and escalate privileges. Here is who is affected and how to mitigate it.
Read more →Xen XSA-479 (CVE-2026-23553): Incomplete IBPB Allows Information Leaks Between Guest Tasks on x86
An incomplete IBPB during Xen vCPU context switches lets a guest process leak data private to other tasks on the same CPU. It affects x86; ARM is not impacted.
Read more →
The History of MS-DOS: the OS That Conquered the PC
The story of MS-DOS: from QDOS and Seattle Computer Products to Microsoft, its key versions, its 1980s reign and lesser-known curiosities.
Read more →
Windows XP (2001): History, Versions and Curiosities
The story of Windows XP: the 2001 OS that unified the NT branch, popularised the Luna interface and lasted until 2014. Editions, the Bliss wallpaper and fun facts.
Read more →CVE-2025-13878: malformed BRID/HHIT records crash the BIND 9 DNS server
ISC patches a denial-of-service flaw in BIND 9 (CVSS 7.5) that lets a remote, unauthenticated attacker abort the named daemon with malformed DNS records. What it is, who is affected and how to patch it.
Read more →
Windows NT (1993): The Kernel That Changed Windows Forever
The history of Windows NT, the 32-bit OS built by Dave Cutler in 1993: origins, key versions and curiosities of the kernel that still powers Windows today.
Read more →Qilin brings its ransomware to Linux to encrypt VMware ESXi servers
A new Linux variant of the Qilin (Agenda) ransomware encrypts VMware ESXi, FreeBSD and Linux servers, deleting snapshots and shutting down virtual machines to hinder recovery.
Read more →CVE-2026-23760: SmarterMail authentication bypass exploited two days after the patch
A critical flaw (CVSS 9.8) in SmarterMail's force-reset-password endpoint lets attackers hijack the system administrator account. Over 6,000 servers were exposed.
Read more →Windows Me (2000): The Bumpy Farewell to the MS-DOS Era
The story of Windows Millennium Edition: the last of the 9x line, new features like System Restore and Movie Maker, and the reputation for instability it earned.
Read more →CVE-2025-8110: the Gogs vulnerability CISA confirms is being exploited for code execution
A path traversal flaw in the Gogs file editor allows code execution through symbolic links. CISA added it to its KEV catalog after confirming active exploitation.
Read more →OpenBSD 7.8 errata 012: two denial-of-service bugs in rpki-client
OpenBSD 7.8 errata 012 fixes a NULL pointer dereference and a memory exhaustion in rpki-client that can be triggered by a malicious RPKI CA or Trust Anchor.
Read more →
Windows 98: History, Versions and Curiosities of the Microsoft Classic
A look back at Windows 98: its 1998 release, Internet Explorer integration, USB and FAT32 support, the Second Edition update and the famous blue screen demo.
Read more →CVE-2023-31096: Microsoft Removes the Agere Soft Modem Driver Over Privilege Escalation
In the January 2026 Patch Tuesday, Microsoft removed the third-party Agere Soft Modem driver from Windows over a previously exploited elevation-of-privilege flaw (CVE-2023-31096). What it is, who is affected, and how to respond.
Read more →CVE-2026-20805: actively exploited zero-day in Windows Desktop Window Manager
Microsoft patched CVE-2026-20805, an information-disclosure flaw in DWM exploited as a zero-day that helps defeat ASLR. Affects Windows 10, 11 and Server.
Read more →CVE-2026-20854: critical remote code execution in Windows LSASS
Microsoft fixes a use-after-free in LSASS (CVSS 7.5) that allows code execution over the network. Affects Windows 11 24H2/25H2 and Windows Server 2025.
Read more →CVE-2026-20953: remote code execution in Microsoft Office through the Preview Pane
Critical RCE (CVSS 8.4) in Microsoft Office exploitable just by previewing a malicious document. Who is affected, how severe it is, and how to mitigate it.
Read more →CVE-2026-20957 and CVE-2026-20955: code execution in Microsoft Excel
Two critical remote code execution vulnerabilities in Microsoft Excel fixed in the January 2026 Patch Tuesday. What they are, who is affected and how to stay protected.
Read more →CVE-2026-21265: the Secure Boot zero-day caused by 2026 UEFI certificate expiration
Microsoft disclosed CVE-2026-21265, a Secure Boot bypass caused by the expiration of its 2011 UEFI certificates. We explain who it affects, its severity and how to mitigate it.
Read more →January 2026 Patch Tuesday: Microsoft fixes 114 flaws and three zero-days
The first Patch Tuesday of 2026 fixes 114 vulnerabilities across Windows, Office and Azure, including one actively exploited zero-day and two publicly disclosed.
Read more →
Linux Mint 22.3 "Zena" Is Now Available
Linux Mint 22.3 "Zena" arrives with Cinnamon 6.6, improved Wayland support, new XSI icons and long-term support until 2029. Here's what's new.
Read more →MongoBleed (CVE-2025-14847): the MongoDB memory leak CISA orders patched urgently
MongoBleed lets unauthenticated attackers read MongoDB server memory and steal credentials, keys and tokens. Here is what the flaw is, who it affects and how to mitigate it.
Read more →
Windows 95: The Operating System That Changed the PC Forever
History, versions and trivia of Windows 95: the Start menu, Plug and Play and the Rolling Stones' Start Me Up campaign that defined an era of computing.
Read more →VMSCAPE (CVE-2025-40300): Ubuntu Patches a Guest-to-Host Leak in the Linux Kernel
Ubuntu's USN-7940-2 advisory fixes VMSCAPE, a branch predictor isolation flaw in the Linux kernel that could let a malicious guest expose host information. What it is, who is affected, and how to mitigate it.
Read more →
Windows 3.0 and 3.1: The OS That Brought the GUI to the PC
History of Windows 3.0 and 3.1 (1990-1992): Microsoft's first big hit, Program Manager, 386 protected mode, TrueType fonts, multimedia and curiosities.
Read more →CVE-2026-0628: Chrome patches a high-risk WebView flaw in its first 2026 update
Insufficient policy enforcement in Chrome's WebView component (CVSS 8.8) lets malicious extensions bypass security boundaries. Google fixed it in Chrome 143.
Read more →CVE-2025-43529: Apple WebKit zero-day exploited in targeted attacks
A use-after-free in WebKit (CVSS 8.8) allows code execution when opening a malicious web page. Apple patched it and CISA set a remediation deadline of January 5, 2026.
Read more →
Windows 2.0 (1987): The Release That Learned to Overlap Windows
The history of Windows 2.0, released in 1987: overlapping windows, keyboard shortcuts, the /286 and /386 editions, Apple's lawsuit, and the first Word and Excel.
Read more →
Manjaro 26.0 'Anh-Linh' Is Now Available
Manjaro 26.0 'Anh-Linh' ships with Linux 6.18 LTS kernel, KDE Plasma 6.5 and GNOME 49 on Wayland, Xfce 4.20, and support for COSMIC.
Read more →Windows 1.0 (1985): The Story of Microsoft's First Windows
Windows 1.0 (1985), Microsoft's first graphical environment over MS-DOS: its history, versions, tiled windows and the lesser-known curiosities behind it.
Read more →Smb4K on Debian (CVE-2025-66002): Local Privilege Escalation in Samba Share Mounting
Debian released advisory DSA-6092-1 to fix two flaws in smb4k that can lead to local denial of service or privilege escalation. What it is, who it affects and how to apply the patch.
Read more →
elementary OS 8.1: Wayland Session by Default and ARM64 Support
elementary OS 8.1 is here: Wayland-based Secure Session by default, first ARM64 builds, Linux kernel 6.14 and over 1,100 improvements.
Read more →
Pop!_OS 24.04 LTS: COSMIC, System76's Rust desktop, arrives
Pop!_OS 24.04 LTS is now stable: it debuts COSMIC, its new desktop written in Rust, with kernel 6.17, advanced tiling and native applications.
Read more →
FreeBSD 15.0: new stable release brings packaged base and post-quantum cryptography
FreeBSD 15.0-RELEASE is out: install the base with pkg, OpenZFS 2.4, OpenSSH 10 with post-quantum crypto and native inotify support.
Read more →
NixOS 25.11 'Xantusia' is now available
NixOS 25.11 'Xantusia' arrives with GNOME 49, LLVM 21, Docker 28, PostgreSQL 17 by default and thousands of updated packages. Discover all the news.
Read more →
openSUSE Leap 16.0: New Era with Agama Installer and SLES Base
openSUSE Leap 16.0 is here: kernel 6.12, the new Agama installer, SELinux by default, PipeWire and 24 months of support built on the SUSE Linux Enterprise base.
Read more →
Debian 13 "trixie": new stable release available
Debian 13 "trixie" is now stable: Linux kernel 6.12 LTS, GNOME 48, KDE Plasma 6.3, riscv64 support and 5 years of maintenance.
Read more →
Void Linux 20250202: new stable image with expanded ARM64 support
Void Linux ships its 20250202 image set with Linux kernel 6.12, Xfce 4.20 and ARM64 UEFI support for Apple Silicon, ThinkPad X13s and Pinebook Pro.
Read more →
NetBSD 10.1: the new stable release of the most portable OS
NetBSD 10.1 is now available. Discover what's new: AMD Zen 5 support, RAID improvements, ZFS on Xen and key security patches.
Read more →
Slackware 15.0: the oldest Linux distribution gets modern
Slackware 15.0 ships with Linux kernel 5.15 LTS, KDE Plasma 5, PAM, Wayland and UTF-8 support. Discover what's new in the oldest Linux distro.
Read more →