Recent security disclosures highlight critical vulnerabilities across major platforms, including an Android ADB bypass, a high-severity Exim email server flaw, and ongoing supply chain attacks targeting developer ecosystems.

Key Points

• Google patched an Android Debug Bridge (ADB) bug that allowed unauthorized network connections by misinterpreting certificate error codes.
• A critical "use after free" vulnerability in the Exim message transport agent (CVE-2026-45185) enables unauthenticated arbitrary code execution on 2.5 million global installations.
• The "Fragnesia" vulnerability in the Linux kernel affects IPSec ESP encryption, requiring new patches for systems previously mitigated against similar exploits.
• The "Mini Shai Halud" supply chain worm is actively compromising NPM and PyPi packages to steal service tokens and sabotage developer environments.
• Researchers identified wormable vulnerabilities in Unitree robotics platforms that allow attackers to override safety protocols and gain root access via Bluetooth.

Why it Matters

These vulnerabilities demonstrate the persistent risk posed by both legacy code flaws and modern supply chain attacks that target critical infrastructure and developer tools. Organizations must prioritize rapid patching to prevent unauthorized system access, data theft, and the potential for widespread automated exploitation.