The Global Positioning System (GPS) was developed by the United States military in the 1970s, but it wasn’t long before civilians all over the planet started using it. By the early 2000s the technology was popping up in consumer devices such as mobile phones, and since then its become absolutely integral to our modern way of life.

But although support for GPS in our gadgets is nearly ubiquitous, it’s not the only option when it comes to figuring out where you are on the globe. As you might imagine, not everyone was thrilled with building their infrastructure around one of Uncle Sam’s pet projects, and so today there are several homegrown regional and global satellite navigation systems in operation.

As a follow-up to our recent dive into the ongoing GPS upgrades, let’s take a look at some of the other satellite positioning systems and who operates them.

GLONASS (Russia)

Given the tensions of the Cold War, it will probably come as little surprise to learn that the Soviet Union introduced their own satellite-based navigation system to compete with GPS. Development of the Global Navigation Satellite System (GLONASS) started a few years later than its Western counterpart, with the first satellites not reaching orbit until 1982, officially making it the second Global Navigation Satellite Systems (GNSS) ever developed.

GLONASS satellites orbit at a slightly lower altitude than GPS, 19,100 kilometers (11,900 miles) compared to 20,200 km (12,600 mi) of the American system, and at a greater inclination. This makes reception better at higher latitudes, which makes sense given the desired coverage area.

As designed the capabilities and overall accuracy of GLONASS were very similar to GPS, but the early satellites had a short operational lifespan of just three years. For global coverage GLONASS required 24 satellites in orbit, and maintaining coverage over Russia required 18. But after the fall of the USSR, launches of new satellites were put on pause and the constellation started suffering losses. By 2001, there were just seven operational GLONASS satellites.

President Vladimir Putin made the restoration of GLONASS a key priority in his administration, leading to resumed launches and development of the second and third generation satellites. Within a few years commercial interest in GLONASS started to pick up, and the network regained global coverage in 2011. While the constellation has experienced a few setbacks over the last several years, spare and replacement satellites have been launched regularly, with the most recent entering orbit in September of 2025.

BeiDou (China)

Unlike the American and Russian systems, the first iteration of BeiDou was of a much smaller scale. Rather than a global system, the goal was to provide regional coverage for China and the surrounding countries with just four satellites placed in a geostationary orbit at an altitude of approximately 35,786 km (22,236 mi). From an observer in China, the satellites would appear to be motionless in the sky, ensuring reception anywhere in the country. Known retroactively as BeiDou-1, the system was operational from 2003 to 2012.

That year it was replaced with the far more ambitious BeiDou-2. The design called for a constellation of satellites in various orbits: 5 geostationary to provide backwards compatibility with BeiDou-1, 27 in medium Earth orbit similar to GPS/GLONASS, and 3 in an inclined geosynchronous orbit. The latter meaning that from the perspective of Earth, the satellite would appear to loiter overhead rather than remain in a fixed position.

BeiDou-1 was largely a research project and saw little use outside of the Chinese government. Conversely BeiDou-2 was designed for both government and civilian use from the start, with two distinct levels of service — civilian users could plot their position within a radius of 10 meters (32 feet), while the military reportedly enjoyed an accuracy of 10 cm (4 inches).

The coverage area of BeiDou-2 was expanded considerably to the south to include include Indonesia and Australia, but it still didn’t provide global service. Commercial use of the network started to pick up at this point, and by 2014 smartphones from Sony, Samsung, and Xiaomi included support for it.

It wasn’t until the introduction of BeiDou-3 in 2015 that the system could boast global coverage, with the system reaching full operational status in June of 2020.

Galileo (European Union)

While civilian use of GPS, GLONASS, and BeiDou was always part of the plan, all three systems were ultimately designed as tools of their respective governments. Conversely, when the European Union set out to develop Galileo in the early 2000s, the goal was to create a satellite navigation system operated by private companies and aimed at civilian users.

The first part of the plan fell apart fairly quickly, and by 2006 Galileo was nationalized and the European Space Agency was entrusted with its development and operation. The first operational satellite was put into orbit in October 2011, and limited functionality was available to the public by 2016. While Galileo was designed for civilian use, it does offer a High Accuracy Service (HAS) with an accuracy of 20 cm (8 inches) that was initially intended to be accessible only by paying customers. But eventually it was decided to make HAS available to compatible receivers free of charge. When combined with its interoperability with GPS and GLONASS, Galileo offers exceptional accuracy.

Galileo reached full operational status in 2024 with a constellation of 24 satellites. Starting in 2027, these will be joined by a dozen upgraded Galileo Second Generation (G2) satellites that feature more electric propulsion for more efficient orbital maneuvers, improved antennas, and inter-satellite data links.

QZSS (Japan)

Development of the Quasi-Zenith Satellite System (QZSS) started in 2002, with the goal of offering high-accuracy position services to users in and around Japan. But rather than operating independently, QZSS was designed to augment GPS with five additional satellites.

Two of the satellites are in a geostationary orbit similar to those used in China’s BeiDou-1 system, while the other three are in a geosynchronous orbit like those introduced with BeiDou-2. These orbits are intended to keep at least one satellite directly over Japan at all times to improve reception in urban areas. The system became fully operational in 2018.

In the near future, Japan plans on adding three more satellites to the QZSS constellation. This would give the system enough regional coverage to operate independently of GPS if necessary.

NavIC (India)

Navigation with Indian Constellation (NavIC), previously known as Indian Regional Navigation Satellite System (IRNSS), is an independent regional navigation system that covers India and the surrounding area using seven satellites.

Development of NavIC started in 2006, and the first satellite was launched in 2013. Like QZSS, the constellation is made up of satellites in both geostationary and geosynchronous orbits. Two levels of service are offered: the Standard Positioning Service for civilian use that offers an accuracy of 3 m (9.8 feet), and an encrypted Restricted Service intended for military and government applications that’s accurate to 2 m (6.7 ft)

One of the goals of NavIC was not only to launch and operate the system from within India, but to produce as much of the hardware domestically as possible. This includes the atomic clocks and microprocessors aboard each satellite as well as the receiver chips used in client devices. While India wanted to maintain ultimate control over NavIC for political reasons, it’s not an isolationist system — it is designed to be interoperable with other GNSS.

That last point is particularly important right now, as only three NavIC satellites are currently transmitting navigational data due to hardware issues. Those three satellites alone aren’t enough to plot an accurate position, so to compute their location receivers must pull in data from other systems such as GPS.

Better Together

Although having so many active satellite navigation systems may seem redundant, the fact that they all offer at least some level of interoperability with each other means that everyone with a multi-system receiver can benefit. Instead of being limited to the constellation of just one service, this cross compatibility lets a device pull in data from whatever satellites are overhead at the time.

Granted how much of an improvement this results in will be highly dependent on where you’re located on the globe, but no matter what, its always going to be better than being limited to just one system.

hackaday.com/2026/05/07/theres…

Research reactors come in many forms and sizes, with the TRIGA class being commonly found at universities. The TRIGA reactor at the University of Utah was installed in 1975, and for the past half century the thermal energy it produced was bled off into cooling systems. Now for a world’s first, the reactor will be used to generate electricity instead.
A TRIGA reactor core, with the blue glow from Cherenkov radiation. (Source: DoE, Wikimedia)
What makes the TRIGA design so practical for small research reactors is its inherent safety due to the use of uranium zirconium hydride (UZrH) fuel, which imposes a strong negative thermal coefficient on the reactivity. Along with no need for any kind of containment, these pool-type, water-cooled reactors thus allow for a pretty good at the literal internals of the reactor core.

Their thermal power outputs range from 0.1 – 16 MW_th, with the University of Utah reactor generating on the low end of the scale here, at 50 kW_th. This energy will be partially used by a generator that has been developed by Elemental Nuclear, a startup company who looks to be trying to commercialize TRIGA fuel for microreactors with sodium coolant.

The installation at this TRIGA reactor should thus be seen as a proof-of-concept for Elemental Nuclear’s generator design, which uses a closed Brayton cycle with helium gas to generate an output of about 2-3 kW_e from the ~13 kW generated by the turbine. This generated power will – of course – be used to power some racks with GPUs for ‘AI’ tasks. If successful, it could show the way for TRIGA-based microreactors to power datacenters.

Top image: the TRIGA reactor during a tour. (Credit: University of Utah)

hackaday.com/2026/05/07/univer…

During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems.

In this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged by popular C2 frameworks throughout Q1 2026.

Statistics on registered vulnerabilities

This section provides statistical data on registered vulnerabilities. The data is sourced from cve.org.

We examine the number of registered CVEs for each month starting from January 2022. The total volume of vulnerabilities continues rising and, according to current reports, the use of AI agents for discovering security issues is expected to further reinforce this upward trend.

Total published vulnerabilities per month from 2022 through 2026 (download)

Next, we analyze the number of new critical vulnerabilities (CVSS > 8.9) over the same period.

Total critical vulnerabilities published per month from 2022 through 2026 (download)

The graph indicates that while the volume of critical vulnerabilities slightly decreased compared to previous years, an upward trend remained clearly visible. At present, we attribute this to the fact that the end of last year was marked by the disclosure of several severe vulnerabilities in web frameworks. The current growth is driven by high-profile issues like React2Shell, the release of exploit frameworks for mobile platforms, and the uncovering of secondary vulnerabilities during the remediation of previously discovered ones. We will be able to test this hypothesis in the next quarter; if correct, the second quarter will show a significant decline, similar to the pattern observed in the previous year.

Exploitation statistics

This section presents statistics on vulnerability exploitation for Q1 2026. The data draws on open sources and our telemetry.

Windows and Linux vulnerability exploitation

In Q1 2026, threat actor toolsets were updated with exploits for new, recently registered vulnerabilities. However, we first examine the list of veteran vulnerabilities that consistently account for the largest share of detections:

• CVE-2018-0802: a remote code execution (RCE) vulnerability in the Equation Editor component
• CVE-2017-11882: another RCE vulnerability also affecting Equation Editor
• CVE-2017-0199: a vulnerability in Microsoft Office and WordPad that allows an attacker to gain control over the system
• CVE-2023-38831: a vulnerability resulting from the improper handling of objects contained within an archive
• CVE-2025-6218: a vulnerability allowing the specification of relative paths to extract files into arbitrary directories, potentially leading to malicious command execution
• CVE-2025-8088: a directory traversal bypass vulnerability during file extraction utilizing NTFS Streams

Among the newcomers, we have observed exploits targeting the Microsoft Office platform and Windows OS components. Notably, these new vulnerabilities exploit logic flaws arising from the interaction between multiple systems, making them technically difficult to isolate within a specific file or library. A list of these vulnerabilities is provided below:

• CVE-2026-21509 and CVE-2026-21514: security feature bypass vulnerabilities: despite Protected View being enabled, a specially crafted file can still execute malicious code without the user’s knowledge. Malicious commands are executed on the victim’s system with the privileges of the user who opened the file.
• CVE-2026-21513: a vulnerability in the Internet Explorer MSHTML engine, which is used to open websites and render HTML markup. The vulnerability involves bypassing rules that restrict the execution of files from untrusted network sources. Interestingly, the data provider for this vulnerability was an LNK file.

These three vulnerabilities were utilized together in a single chain during attacks on Windows-based user systems. While this combination is noteworthy, we believe the widespread use of the entire chain as a unified exploit will likely decline due to its instability. We anticipate that these vulnerabilities will eventually be applied individually as initial entry vectors in phishing campaigns.

Below is the trend of exploit detections on user Windows systems starting from Q1 2025.

Dynamics of the number of Windows users encountering exploits, Q1 2025 – Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)

The vulnerabilities listed here can be leveraged to gain initial access to a vulnerable system and for privilege escalation. This underscores the critical importance of timely software updates.

On Linux devices, exploits for the following vulnerabilities were detected most frequently:

• CVE-2022-0847: a vulnerability known as Dirty Pipe, which enables privilege escalation and the hijacking of running applications
• CVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation
• CVE-2021-22555: a heap out-of-bounds write vulnerability in the Netfilter kernel subsystem
• CVE-2023-32233: a vulnerability in the Netfilter subsystem that allows for Use-After-Free conditions and privilege escalation through the improper processing of network requests

Dynamics of the number of Linux users encountering exploits, Q1 2025 – Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)

In the first quarter of 2026, we observed a decrease in the number of detected exploits; however, the detection rates are on the rise relative to the same period last year. For the Linux operating system, the installation of security patches remains critical.

Most common published exploits

The distribution of published exploits by software type in Q1 2026 features an updated set of categories; once again, we see exploits targeting operating systems and Microsoft Office suites.

Distribution of published exploits by platform, Q1 2026 (download)

Vulnerability exploitation in APT attacks

We analyzed which vulnerabilities were utilized in APT attacks during Q1 2026. The ranking provided below includes data based on our telemetry, research, and open sources.

TOP 10 vulnerabilities exploited in APT attacks, Q1 2026 (download)

In Q1 2026, threat actors continued to utilize high-profile vulnerabilities registered in the previous year for APT attacks. The hypothesis we previously proposed has been confirmed: security flaws affecting web applications remain heavily exploited in real-world attacks. However, we are also observing a partial refresh of attacker toolsets. Specifically, during the first quarter of the year, APT campaigns leveraged recently discovered vulnerabilities in Microsoft Office products, edge networking device software, and remote access management systems. Although the most recent vulnerabilities are being exploited most heavily, their general characteristics continue to reinforce established trends regarding the categories of vulnerable software. Consequently, we strongly recommend applying the security patches provided by vendors.

C2 frameworks

In this section, we examine the most popular C2 frameworks used by threat actors and analyze the vulnerabilities targeted by the exploits that interacted with C2 agents in APT attacks.

The chart below shows the frequency of known C2 framework usage in attacks against users during Q1 2026, according to open sources.

TOP 10 C2 frameworks used by APTs to compromise user systems, Q1 2026 (download)

Metasploit has returned to the top of the list of the most common C2 frameworks, displacing Sliver, which now shares the second position with Havoc. These are followed by Covenant and Mythic, the latter of which previously saw greater popularity. After studying open sources and analyzing samples of malicious C2 agents that contained exploits, we determined that the following vulnerabilities were utilized in APT attacks involving the C2 frameworks mentioned above:

• CVE-2023-46604: an insecure deserialization vulnerability allowing for arbitrary code execution within the server process context if the Apache ActiveMQ service is running
• CVE-2024-12356 and CVE-2026-1731: command injection vulnerabilities in BeyondTrust software that allow an attacker to send malicious commands even without system authentication
• CVE-2023-36884: a vulnerability in the Windows Search component that enables command execution on the system, bypassing security mechanisms built into Microsoft Office applications
• CVE-2025-53770: an insecure deserialization vulnerability in Microsoft SharePoint that allows for unauthenticated command execution on the server
• CVE-2025-8088 and CVE-2025-6218: similar directory traversal vulnerabilities that allow files to be extracted from an archive to a predefined path, potentially without the archiving utility displaying any alerts to the user

The nature of the described vulnerabilities indicates that they were exploited to gain initial access to the system. Notably, the majority of these security issues are targeted to bypass authentication mechanisms. This is likely due to the fact that C2 agents are being detected effectively, prompting threat actors to reduce the probability of discovery by utilizing bypass exploits.

Notable vulnerabilities

This section highlights the most significant vulnerabilities published in Q1 2026 that have publicly available descriptions.

CVE-2026-21519: Desktop Window Manager vulnerability

At the core of this vulnerability is a Type Confusion flaw. By attempting to access a resource within the Desktop Window Manager subsystem, an attacker can achieve privilege escalation. A necessary condition for exploiting this issue is existing authorization on the system.

It is worth noting that the DWM subsystem has been under close scrutiny by threat actors for quite some time. Historically, the primary attack vector involves interacting with the NtDComposition* function set.

RegPwn (CVE-2026-21533): a system settings access control vulnerability

CVE-2026-21533 is essentially a logic vulnerability that enables privilege escalation. It stems from the improper handling of privileges within Remote Desktop Services (RDS) components. By modifying service parameters in the registry and replacing the configuration with a custom key, an attacker can elevate privileges to the SYSTEM level. This vulnerability is likely to remain a fixture in threat actor toolsets as a method for establishing persistence and gaining high-level privileges.

CVE-2026-21514: a Microsoft Office vulnerability

This vulnerability was discovered in the wild during attacks on user systems. Notably, an LNK file is used to initiate the exploitation process. CVE-2026-21514 is also a logic issue that allows for bypassing OLE technology restrictions on malicious code execution and the transmission of NetNTLM authentication requests when processing untrusted input.

Clawdbot (CVE-2026-25253): an OpenClaw vulnerability

This vulnerability in the AI agent leaks credentials (authentication tokens) when queried via the WebSocket protocol. It can lead to the compromise of the infrastructure where the agent is installed: researchers have confirmed the ability to access local system data and execute commands with elevated privileges. The danger of CVE-2026-25253 is further compounded by the fact that its exploitation has generated numerous attack scenarios, including the use of prompt injections and ClickFix techniques to install stealers on vulnerable systems.

CVE-2026-34070: LangChain framework vulnerability

LangChain is an open-source framework designed for building applications powered by large language models (LLMs). A directory traversal vulnerability allowed attackers to access arbitrary files within the infrastructure where the framework was deployed. The core of CVE-2026-34070 lies in the fact that certain functions within langchain_core/prompts/loading.py handled configuration files insecurely. This could potentially lead to the processing of files containing malicious data, which could be leveraged to execute commands and expose critical system information or other sensitive files.

CVE-2026-22812: an OpenCode vulnerability

CVE-2026-22812 is another vulnerability identified in AI-assisted coding software. By default, the OpenCode agent provided local access for launching authorized applications via an HTTP server that did not require authentication. Consequently, attackers could execute malicious commands on a vulnerable device with the privileges of the current user.

Conclusion and advice

We observe that the registration of vulnerabilities is steadily gaining momentum in Q1 2026, a trend driven by the widespread development of AI tools designed to identify security flaws across various software types. This trajectory is likely to result not only in a higher volume of registered vulnerabilities but also in an increase in exploit-driven attacks, further reinforcing the critical necessity of timely security patch deployment. Additionally, organizations must prioritize vulnerability management and implement effective defensive technologies to mitigate the risks associated with potential exploitation.

To ensure the rapid detection of threats involving exploit utilization and to prevent their escalation, it is essential to deploy a reliable security solution. Key features of such a tool include continuous infrastructure monitoring, proactive protection, and vulnerability prioritization based on real-world relevance. These mechanisms are integrated into Kaspersky Next, which also provides endpoint security and protection against cyberattacks of any complexity.

securelist.com/vulnerabilities…

Communication with satellites often involves the use of high-gain directional antennas coupled with careful positioning to find and track the target. With a geostationary satellite the mount is either fixed or a single-axis polar mount, but when the craft is moving in a different orbit it becomes more of a challenge to stay locked on. An azimuth-elevation mount is needed to cover the whole sky, and [Ham Radio Passion] has one as a work in progress. It’s 3D printed and looks straightforward, making it a project to watch.

An az-el mount has two parts, the first being a turntable to set the azimuth, and the second being a horizontal rotating axis to set the elevation. He’s mounting the antenna to a piece of aluminium extrusion and driving it through a set of 3D printed gears driven from a 360 degree servo with a worm drive. He explains why the servo makes more sense to him here.

The result is not yet a finished project, but it shows enough promise to make it worth keeping an eye on. It’s by no means big enough for a huge antenna array, but we can imagine antennas for higher frequencies would be well within its capabilities. Meanwhile it’s certainly not the first az-el mount we’ve seen.

youtube.com/embed/22kWTXGhnnM?…

hackaday.com/2026/05/07/this-a…

Linux folks are used to having to roll many of their own solutions, and better Linux desktop usability is a goal of the WayVR project, which aims to provide desktop control and app launching from within a VR session.

VR applications can already stream from Linux to standalone headsets with projects like WiVRn, but what WayVR does is let one launch programs and access desktop screens within VR. Put another way, instead of the headset being limited to acting as a pseudo-monitor that only receives the output of an already-running VR application, the headset and controllers can now be used to interact with one’s computer as if one were physically sitting at it. Controls and user interface are highly flexible and help users to do anything they need — including clicking, typing, and launching applications. It’s a considerable step forward for convenience and general usability.

Naturally, when it comes to using a computer from within VR there is plenty of unexplored territory regarding user interfaces. It’s fertile ground for experimentation in everything from DIY headsets to ways to input text without a keyboard, so if you enjoy working on the frontiers of such things, it’s a good scene to dive into.

hackaday.com/2026/05/06/how-to…

Presumably aimed at children, NHK World’s Texico program teaches the main ideas about programming without actually using a computer. Instead, it uses items like a toy train, playing cards, and other gadgets to teach concepts such as analysis, combination, simulation, abstraction, and more.

There are ten episodes in English and French. Some of them are more about critical thinking, which, admittedly, is important for solving problems in general with or without a computer. For example, a “magic” trick relies on the observation that tearing a sheet of paper into nine rectangular pieces will mean each piece has at least one perfectly straight edge except for the center piece.

The videos are short and light-hearted. We’d like to see a set of companion videos or posts that relate the lessons to some actual programming task. Of course, you could produce that yourself and host it on a platform like Hackaday.io or YouTube.

The episodes show programming algorithms in strange places. For example, in one episode, mail sorting is the algorithm segment. In another, it is how they pack fireworks.

If you try these with a kid, let us know how it goes. If you figure out why it is called Texico (テキシコ), let us know that, too. We’ve done our own computerless robot training. If you want to stick with hardware, there’s always the egg drop.

hackaday.com/2026/05/06/learn-…