jul 7, 2026
5 links from the engineering internet.
adobe coldfusion max-severity rce cve-2026-48282 now exploited in the wild
attackers began hitting cve-2026-48282, a max-severity unauthenticated path-traversal rce in adobe coldfusion, within hours of public disclosure. shadowserver tracks nearly 800 exposed instances and adobe urges admins to patch within 72 hours.
china-aligned hackers exploit roundcube flaws at us and canadian universities
proofpoint says a china-aligned cluster it tracks as unk_masstraction chained roundcube flaws cve-2024-42009 and cve-2025-49113 to steal credentials and drop the vshell tool, hitting physics and engineering departments with national-security ties.
uk cyber resilience pledge lands 60 signatories including m&s and capita
marks & spencer and 59 other organisations signed the uk government's new voluntary cyber resilience pledge, committing to board-level security ownership, enrolling in ncsc early warning, and pushing suppliers toward cyber essentials.
chinese open models gain us ground as openai and anthropic costs surge
cnbc reports us firms now route 30 to 46 percent of openrouter tokens through chinese open models that run 60 to 90 percent cheaper. lindy shifted 100 percent of its traffic off claude to deepseek, citing costs crashing to the ground.
llama.cpp build b9894 fixes a vulkan set_rows f16 crash
the inference engine tags build b9894 with a vulkan fix that checks the src0 type in ggml_op_set_rows to avoid failures from unimplemented f16 support, one of several builds cut through the day.