Libsodium: Ed25519 point-validation bug

A low-level validation function missed a coordinate check, accepting some non-main-subgroup Edwards25519 points. High-level signing APIs remain unaffected; a one-line fix was applied and released.

Honey’s Tester Detection Exposed

Technical analysis shows Honey’s extension deliberately honors stand‑down for suspected testers and dishonors it for typical users, using deterministic rules drawn from server config, telemetry, and client code.

Doublespeak: In‑Context Hijack

Replacing a harmful keyword with a benign token in in-context examples causes model internals to adopt the harmful meaning, producing disallowed outputs while evading input-layer safety checks.

Rex — Rust kernel extensions without the eBPF verifier

Rex loads and executes safe-Rust kernel extension programs in place of eBPF, relying on the Rust compiler for safety and enabling implementations that the in-kernel verifier would reject.

MongoBleed — CVE-2025-14847

A bug in MongoDB's zlib message-compression lets unauthenticated attackers read arbitrary heap memory in versions since 2017 by abusing an oversized uncompressedSize and BSON parsing.

LangGrinch: LangChain Core CVE-2025-68664

A serialization bug in langchain-core allowed unescaped 'lc' markers to revive unsafe objects, enabling secret extraction and instantiation risks across common flows. Patches are released — update immediately.

CSRF Protection — No Tokens?

Modern browsers send Sec-Fetch-Site metadata that lets servers reject cross-site requests as CSRF protection. Microdot implements this with an Origin fallback and a configurable subdomain policy.

Snitch — Visual Network Inspector

A compact CLI/TUI that surfaces host network connections with a live TUI, styled tables, and scriptable JSON output. Install via package managers, Docker, or a single install script.