The X.Org Foundation has announced that this year's X.Org Developers Conference will be taking place in Toronto, Canada and hosted by Arm.

XDC2026 is scheduled to run from 28 to 30 September in Toronto at the Daniels Spectrum cultural hub in Toronto. Arm has stepped up to organize this year's conference.

Fish, a popular user-friendly command-line shell, has announced version 4.4, a new release that builds on the 4.0 series.

One notable change is the deprecation of the default fossil prompt, which is now disabled. Interactive behavior has also been refined in several areas.

The bind builtin now lists mappings from all modes when --mode is not specified, making keybinding inspection more predictable. Fish no longer displays line-wise autosuggestions that do not begin with a command, reducing visual noise during input.

In time for next month's GNOME 50 release are some improvements merged today for the Mutter compositor code adding HiDPI and monitor mode emulation support to the screen-casting API and DevKit.

GNOME 50 is coming in quite heavy on the new features. The latest code to land in Mutter is a merge request that had been in the works by Jonas Ådahl the past three months for HiDPI and monitor mode emulaiton to benefit GNOME's virtual monitor and remote desktop capabilities.

Microsoft in Windows 11 22H2 introduced a new ACPI Device Specific Method (DSM) "Turn On Display" notification that the Linux 7.0 kernel will be adding support for in dealing with some otherwise problematic laptop behavior.

Queued up into the Linux power management subsystem's "linux-next" Git branch ahead of the upcoming Linux 6.20~7.0 kernel cycle is support in the s2idle driver for invoking the Microsoft Turn On Display DSM. Microsoft's documentation describes the Turn On Display / Function 9 notification as being used to signal during resume time from modern standby when the intent is to turn on the system's display.

Early, experimental code for implementing 1GB PUD-level THPs in the Linux kernel are showing positive benchmark results but other upstream stakeholders were surprised by this patch series appearing and it looking like it could be a while until if/when the patches are mainlined for helping to reduce transaction lookaside buffer (TLB) pressure without resorting to Hugetlbfs.

Usama Arif posted a request for comments (RFC) patch series on 1GB Page Upper Directory (PUD) Transparent Huge Pages (THP) support.

Recently, a new Linux distribution caught my attention, and I’ll admit the main reason was its bold choice of desktop environment. It’s one of the first distros built entirely around the new COSMIC desktop. I’m talking about Origami Linux.

Before going any further, though, an important clarification is needed: this is a young project and still very much experimental. As a result, not everything is guaranteed to work perfectly just yet. With that in mind, let’s take a look at what you can expect from this new kid on the block.

The distro is yet another attempt at immutability, built on Fedora Atomic, using rpm-ostree for system management. The project adopts an image-based design in which the base system is read-only and updated atomically. In other words, instead of modifying system files in place, updates create new system deployments that are applied on reboot, while previous deployments are preserved and can be selected for rollback.

We are glad to announce Vulnerability-Lookup 3.0.0. Our second release of 2026 is a major milestone, featuring GCVE-BCP-07 support. Now, every Vulnerability-Lookup instance can publish its own KEV catalog while integrating KEV feeds from CISA and ENISA.

Let’s take a look at all the notable changes.

What's New

GCVE-BCP-07: Known Exploited Vulnerabilities (KEV) Catalogs Integration

This release implements support for GCVE-BCP-07, enabling seamless integration with multiple Known Exploited Vulnerabilities (KEV) catalogs from different Global Numbering Authorities (GNAs). PR #310

Out of the box, any Vulnerability-Lookup instance can publish its own GCVE-BCP-07–compliant KEV catalog and consume KEV catalogs from ENISA and CISA. Conversion and synchronization are performed using the following tool: https://github.com/gcve-eu/gcve-eu-kev

A huge thank you to CISA and ENISA for their continuous work and for making KEV data available. Their catalogs are key building blocks for effective vulnerability prioritization, and it’s great to see them fit naturally into a GCVE-aligned workflow.

New and updated tools

• CISA KEV and ENISA CNW EUVD to GCVE-BCP-07 Converter: https://github.com/gcve-eu/gcve-eu-kev

  $ gcve-from-cisa --push
  $ gcve-from-enisa --push
  

• BCP Validator: https://github.com/gcve-eu/bcp-validator

  $ python gcve_bcp05_validate.py --url https://vulnerability.circl.lu/api/vulnerability?source=gna-1
  OK: https://vulnerability.circl.lu/api/vulnerability/recent?source=gna-1
  

• GCVE Python client: https://github.com/gcve-eu/gcve

  $ gcve references --list
  {
    "kev": [
        {
        "uuid": "405284c2-e461-4670-8979-7fd2c9755a60",
        "short_name": "CISA KEV",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
        "automation_url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
        "description": "For the benefit of the cybersecurity community and network defenders\u2014and to help every organization better manage vulnerabilities and keep pace with threat activity\u2014CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework."
        },
        {
        "uuid": "1a89b78e-f703-45f3-bb86-59eb712668bd",
        "short_name": "CIRCL",
        "gcve_gna_id": 1,
        "description": "CIRCL provides a known-exploited vulnerability and supporting the different status_reason described in GCVE BCP-07."
        },
        {
        "uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd",
        "short_name": "EUVD KEV",
        "gcve_gna_id": 2,
        "automation_url": "https://github.com/enisaeu/CNW/raw/refs/heads/main/kev.csv",
        "description": "ENISA via the CSIRTs network provides list of known-exploited seen in the CSIRTs network."
        }
    ]
  }
  

New Vulnerability Sources

• new: [feeders] OSV importer for Drupal security advisories. Imports vulnerabilities from the Drupal security team's OSV feed. 14177ab

• new: [feeders] OSV importer for CleanStart security advisories. Imports vulnerabilities from CleanStart's OSV feed. 14177ab

• new: [feeders] Bitnami Vulnerability Database importer. Imports vulnerabilities from Bitnami's OSV-formatted vulnerability database, covering their application catalog. 165e99d

Changes

• chg: [gcve] Updated GCVE Python client with improved type hints and bug fixes. 78dbfc1 5ddf74d

• chg: [gcve] KEV catalog menu now handles production instances that have their own GNA ID. When a local instance (e.g., CIRCL - GNA-1) exists in the GCVE KEV catalog list, it's marked as local without creating duplicates. 2bba2d8

• chg: [api] Extended x_gcve injection to all vulnerability list endpoints: VulnerabilitiesList, Recent, Last, and LastLegacy. This ensures consistent GCVE integration across all API endpoints. 227da00

• Various graphical improvements.

Fixes

• fix: [gcve] Resolved circular import in gcve_utils module. e7aa364

• 'Ghost CVEs' toggle is wonky #303

• Fix CVSS 4.0 parsing crash in web filters #304

• Fix blacklist bypass vulnerability in username validation #314

• Support YYYYMMDD date format in API since parameter #315

Changelog

For the full list of changes, check the GitHub release:
v3.0.0 Release Notes

Thank you to all our contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, please open a ticket on our GitHub repository:
GitHub Issues

Follow Us on the Fediverse

Stay updated on security advisories in real-time by following us on Mastodon:
@vulnerability_lookup

MEXICO CITY -- Mexico's President Claudia Sheinbaum announced Sunday she plans to send humanitarian aid to Cuba this week, including food and other humanitarian aid.

Sheinbaum's comments came after U.S. President Donald Trump said he asked the Mexican leader to suspend oil shipments to the Caribbean island.

Sheinbaum said at a public event in the northern state of Sonora that she did not discuss Cuban affairs in a phone conversation with Trump on Thursday. She added that her government seeks to “ diplomatically solve everything related to the oil shipments (to Cuba) for humanitarian reasons.”

Earlier, Trump told reporters that he told the Mexican president not to send oil to Cuba.

With the launch of optical media in game consoles such as the Sony PlayStation 1. The console could be hacked with a use of a simple modchip - an unauthorized hardware modification that was soldered directly onto the motherboard. This was done to circumvent security features. While the original goal was for piracy and backups, as modchips evolved, so did their use cases. Everything from Region Free, homebrew, emulators, makeshift development kits and more were soon possible. In today's video we look at the earliest modchips and how they shaped the video game landscape.