Security

Critical CVE response pipeline, Mythos

Shortening patch cycles: why 48h is no longer optional for critical CVEs

Context: decades-old vulnerabilities, still exploitable The Mythos Preview report (April 2026) highlighted an uncomfortable reality: among the 10,000+ vulnerabilities identified, the most critical ones are not necessarily the most recent. The SACK TCP bug in OpenBSD has been around for 27 years. The FFmpeg H.264 buffer overflow for 16 years. The FreeBSD NFS stack overflow for 17 years. What has changed is the speed at which these flaws can now be exploited. With AI-assisted exploitation tools, the window between a patch being published and active exploitation is now measured in hours, not weeks. ...

May 28, 2026 · 8 min · Thomas L.
kubectl port-forward tunnel to Azure PostgreSQL

Connecting to an Azure database without direct access using socat and kubectl port-forward

In professional environments, Azure databases (PostgreSQL, MySQL, SQL Server…) are often exposed exclusively via a Private Endpoint: they are only reachable within the Azure private network, with no public IP. The result: from your development workstation, it is impossible to connect directly using a client like DBeaver or psql. However, the AKS cluster (Azure Kubernetes Service) running in the same VNet does have access. This guide explains how to leverage that fact to create a secure tunnel to the database, without modifying any network rules or opening a single public port. ...

May 27, 2026 · 6 min · Thomas L.