Top

ana-domestic-renewal-amadeus-altea-migration-chaos-2026-cover-en

Updated today

About

Makoto Horikawa

Backend Engineer / AWS / Django

Canarii

脆弱性と障害を、現場の手が動く視点で

重大なセキュリティ脆弱性と国内サービス障害は即日速報。日々の IT ニュースを、Python / Django / AWS / Wagtail を主戦場とするフリーランスエンジニアの視点で分析・解説します。

GitHub Portfolio

Latest articles

See all →

Roundup Updated today

Why ANA's Domestic Renewal Turned to Chaos: The Changes and Causes Explained

InfrastructureJapanese Companies

2026.06.158 views

News Updated today

Code-execution flaw in ad server Revive Adserver (CVE-2026-50741): update to 6.0.8

SecurityDevelopment

2026.06.262 views

News Updated today

Max-Severity Flaw in Manufacturers' Design-Data Software PTC Windchill: Patch Now (CVE-2026-12569)

SecurityInfrastructure

2026.06.264 views

News Updated today

Cisco Phone System Flaw CVE-2026-20230 Now Exploited: Patch to Stop a Root Takeover

SecurityInfrastructure

2026.06.260 views

News

See all →

News Updated today

Code-execution flaw in ad server Revive Adserver (CVE-2026-50741): update to 6.0.8

Revive Adserver, the open-source software for self-hosting ad delivery, has a server-takeover flaw, CVE-2026-50741 (CVSS 8.8). A low-privileged login account can run arbitrary programs, and it is a recurrence that bypasses June's fix for CVE-2026-34916. It is exploitable via the type parameter and the ox.setChannelTargeting XML-RPC method. Versions up to 6.0.7 are affected; update to 6.0.8.

SecurityDevelopment

2026.06.262 views

News Updated today

Max-Severity Flaw in Manufacturers' Design-Data Software PTC Windchill: Patch Now (CVE-2026-12569)

PTC Windchill and FlexPLM, the design-data software used across automotive, electronics and other manufacturing, has a max-severity flaw allowing unauthenticated remote takeover. Germany's BSI warned admins at night, and attacks are reported underway. U.S. CISA set a June 28 deadline; apply the fix.

SecurityInfrastructure

2026.06.264 views

News Updated today

Cisco Phone System Flaw CVE-2026-20230 Now Exploited: Patch to Stop a Root Takeover

Cisco Unified Communications Manager, the software many companies use to run their phone systems, has an unauthenticated flaw that is already being exploited. At worst, attackers can take over the server and seize root. U.S. CISA set a June 28 deadline; apply the fix.

SecurityInfrastructure

2026.06.260 views

News Updated today

pnpm Hit by 2 Serious Flaws Letting Malicious Code Hijack Developer Machines (CVE-2026-55698)

Two high-severity flaws have been found in pnpm, the widely used JavaScript package manager. Pulling in a malicious package or repository can let an attacker take over a developer's machine and run arbitrary code. Fixes are out: update to 10.34.2+ on the 10.x line or 11.5.3+ on 11.x.

SecurityDevelopment

2026.06.260 views

News Updated yesterday

Toshiba/Dynabook PCs Have an Unpatchable Driver Flaw (CVE-2026-56129): Remove the Driver

A driver preinstalled on Toshiba and Dynabook PCs has a vulnerability that may let even a non-administrator user improperly access the PC's memory. Disclosed June 25, 2026 as CVE-2026-56129. No fix will be provided; the countermeasure is to remove the affected driver. Check the vendor's official notice for whether your model is affected.

SecurityJapanese Companies

2026.06.250 views

gitlab-security-release-cve-2026-6552-account-takeover-cover-en

News Updated yesterday

GitLab Patches 14 More Flaws: Self-Managed Servers Should Update to 19.1.1 (CVE-2026-10086)

On June 24, 2026, GitLab fixed 14 more vulnerabilities at once, including a flaw that lets a developer run malicious code in another user's screen and one that leaks information from its AI feature. Companies running GitLab on their own servers should update now to the latest releases (19.1.1 / 19.0.3 / 18.11.6). GitLab.com users are already covered.

SecurityInfrastructureDevelopment

2026.06.115 views

Column

See all →

kakaku-com-ai-driven-renewal-tech-choice-cover-en

Column

Rebuilding Kakaku.com's 30-Year-Old Code With 71 AI Agents

Kakaku.com is rebuilding its 30-year-old, 9.6M-line system with 71 AI agents on Python and FastAPI. I agree with the stack, but ask why the tied candidates lost, and the cost of over-trusting AI.

AIJapanese CompaniesDevelopment

2026.06.105 views

individual-blog-revival-google-core-update-2026-cover-en

Column

The Day Google Summons Back the "Obscure Personal Blog": Beyond AI Article Fatigue

The "obscure personal blogs" that Google's Helpful Content Update killed in 2023 are being summoned back by the March and May 2026 Core Updates. A field report on E-E-A-T's "Experience" axis, AI-article fatigue, and the strange world of a blog where Bing slightly outranks Google.

FreelanceDevelopment

2026.05.2611 views

ai-development-waterfall-return-cover-en

Column

Returning to Waterfall in the Age of AI

In an era of vibe coding, one developer returned to waterfall at a startup. Plan Mode's true identity was a design process completed decades ago. A case for 'hammer your design.'

AIDevelopment

2026.04.1111 views

Column

Your Content Has Already Been Scraped. The AI Blind Spot Exposed by Cookpad's Backlash

Chefs raged at Cookpad for scraping recipes. But AI companies have been doing the same at far greater scale. A technical investigation reveals the blind spot of the AI era.

2026.03.2917 views