may 18, 2026
7 links from the engineering internet.
meta ships wearables device access toolkit for ray-ban display
meta opens ray-ban display glasses to third-party developers for the first time, shipping native sdks for android and ios and a web apps path using html/css/js.
intel formally sunsets bigdl, clear linux, and more open-source projects
intel archives the bigdl time series toolkit alongside other projects including clear linux and software defined silicon, continuing a pattern of oss portfolio cuts.
grafana publishes post-incident review of github workflow token breach
grafana labs details how a pull_request_target ci misconfiguration let an attacker extract privileged tokens and download its entire codebase; company refused ransom demand.
gkh_clanker_2000 joins t1000 in ai-assisted linux kernel bug hunting
greg kroah-hartman's local llm fuzzing setup now has a sequel model; two dozen new kernel fixes across usb type-c, input drivers, and industrial i/o landed over the weekend with ai assistance.
windows miniplasma zero-day gives system access, poc released
researcher chaotic eclipse disclosed a privilege escalation exploit for a 2020 cldflt.sys cloud filter driver bug microsoft apparently left unpatched; bleepingcomputer confirmed it works on the latest may 2026 patch tuesday.
torvalds: ai bug reports have made linux security mailing list unmanageable
while releasing linux 7.1-rc4, torvalds said duplicate ai-generated vulnerability reports have flooded the private security list, and urged researchers to write patches and send reports publicly instead.
attackers begin actively exploiting critical nginx heap overflow cve-2026-42945
three days after public disclosure of the critical nginx rewrite module buffer overflow, vulncheck honeypots are seeing live exploitation; 5.7 million servers expose potentially vulnerable versions.