First of all, happy Europe Day! 🇪🇺

I try to make these digests on Friday, but this Friday we had more urgent and important news (see the Dirty Frag vulnerability). Also, I am not always accurate with the digest days, so here we are.

Charity

The last two weeks, we focused on smaller fundraisers. Yet, this doesn’t make them less important. As always, I can personally vouch for them.

• Radio-electronic equipment for the 25th Brigade - it’s almost done. If each subscriber of this newsletter donates only €3.50, we will close this one.

• My friends help to raise funds for 2 trucks - this one only requires €2 per subscriber to succeed.

Time Sensitive

• Shells and Scripting for Seasoned Admins book bundle by O’Reilly on Humble Bundle. It’s active for one more week. Just beware that this book bundle was already featured before.

Digest

• Netherlands: Dutch Central Bank (DNB) goes to Lidl for cloud services - a bet from the Dutch institution to move away from the US tech and potentially a new local cloud player.

• Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) - a vulnerability in GitHub Enterprise.

• Securing the git push pipeline: Responding to a critical remote code execution vulnerability - official security advisory from GitHub regarding the vulnerability above.

• CopyFail - a recently discovered kernel vulnerability that everybody were busy patching last week.

• copyfail-ebpf-k8s - an interesting mitigation of the aforementioned vulnerability using eBPF in Kubernetes.

• PGKeeper: Building the bouncer we needed for Postgres - a very nice and detailed technical article on how and why Figma built their own Postgres connection pooler instead of PgBouncer. It’s not open sourced, unfortunately.

• Ghostty Is Leaving GitHub - Mitchell Hashimoto - co-founder of HashiCorp - wants to move his latest creation - Ghostty terminal app - away from GitHub due to the recent instability of the world’s largest Git hosting provider.

• Pushing to GitHub and Codeberg Simultaneously with Git - if you’re also entertaining an idea of leaving GitHub, but want to keep the door open, here’s a guide on how to push the code into GitHub and Codeberg simultaneously.

• Dirty Frag: Universal Linux LPE - and here’s the most(?) recent kernel vulnerability that we were all happily patching yesterday.

Share

This is it for now, folks! Subscribe to CatOps on Telegram, if you’d like to get these news as they come.