may 14, 2026
4 links from the engineering internet.
kde plasma 6.7 beta ships with plasma big screen and union modules
the first beta of plasma 6.7 drops on may 14 with plasma big screen support, the union modules system for dynamic panel layouts, per-screen virtual desktops, hdr improvements, and better intel overlay plane support. final release is targeted for june 16.
fragnesia: third linux page-cache privilege escalation in three weeks drops with public poc
cve-2026-46300 is a new lpe in the linux xfrm esp-in-tcp subsystem that lets any unprivileged local user gain root by writing arbitrary bytes to the kernel page cache, no race condition required. a public poc is already available; patch or disable esp4/esp6/rxrpc.
aisi: frontier models have blown past projections for autonomous cyber capability
the uk ai security institute's may update finds frontier models' 80%-reliability cyber time horizon has been doubling faster than earlier estimates. claude mythos preview and gpt-5.5 completed the hardest multi-step attack simulations at near-100% and now exceed the limits of aisi's current evaluation framework.
nginx rift: 18-year-old rewrite module heap overflow enables unauthenticated rce
cve-2026-42945 is a heap buffer overflow in nginx's ngx_http_rewrite_module introduced in 0.6.27 in 2008, allowing unauthenticated rce or dos on versions through 1.30.0. nginx 1.30.1 and 1.31.0 patch it; f5's quarterly advisory covers 51 total vulnerabilities in big-ip, big-iq, and nginx.