may 15, 2026
6 links from the engineering internet.
t3 code v0.0.24 ships vcs diff loading optimized 98% faster
t3 code ships v0.0.24 with a 98% speedup for vcs diff loading, fixing a bottleneck that made large repos slow to open. also adds cursor-based paginated file loading and keyboard shortcuts for common actions.
opencode v1.14.51 adds experimental background subagents
opencode v1.14.51 introduces experimental background subagents so long-running tasks continue while you keep coding. also updates litellm compatibility for gpt-5 tool-call behavior and restores automatic image resizing for oversized attachments.
cisco patches sd-wan cve-2026-20182, sixth exploited zero-day of 2026
cisco releases a patch for cve-2026-20182, a cvss 10.0 auth bypass in catalyst sd-wan controller letting unauthenticated attackers gain admin access. talos confirms active exploitation by threat group uat-8616, making this the sixth actively exploited cisco zero-day of 2026.
chrome 148 update patches 79 vulnerabilities, 14 critical
google pushes a chrome 148 stable update covering 79 security fixes, 14 of them critical. the bulk are memory safety issues in the browser's rendering pipeline. users on all platforms should update from the settings menu.
cloudnativepg patches critical metrics exporter escalation to postgres superuser
cloudnativepg 1.29.1 and 1.28.3 fix cve-2026-44477 (cvss 9.4), where the metrics exporter ran as postgres superuser and could be made to spawn os processes via copy to program. the first cve assigned against cloudnativepg; all kubernetes postgres users should upgrade.
linux 7.0.8 and six older stable kernels ship patches for cve-2026-46333
greg kroah-hartman announces seven new stable kernels (7.0.8, 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, 5.10.256) fixing cve-2026-46333, a qualys-reported kernel flaw. notably, jann horn proposed the underlying patch back in 2020.