Security and Linux Leftovers

posted by Roy Schestowitz on Apr 26, 2025

• LWN ☛ Security updates for Thursday

  Security updates have been issued by Debian (haproxy and openrazer), Fedora (c-ares and mingw-poppler), Red Hat (thunderbird), SUSE (epiphany, ffmpeg-6, gopass, and libsoup-3_0-0), and Ubuntu (erlang, haproxy, libapache2-mod-auth-openidc, libarchive, linux, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-aws-6.8, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure-fips, linux-gcp, linux-gke, linux-gkeop, linux-gcp-6.8, linux-ibm-5.15, linux-intel-iot-realtime, linux-realtime, linux-intel-iotg-5.15, linux-realtime, perl, and yelp, yelp-xsl).

• Netcraft ☛ AI-Enabled Darcula-Suite Makes Phishing Kits More Accessible, Easier to Deploy

  Netcraft researchers have observed the cybercriminals behind darcula, the phishing-as-a-service (PhaaS) platform, have released a new update to their darcula-suite, accelerating phishing kit creation with AI, confirming the use of Hey Hi (AI) to more quickly create high-quality, customized phishing kits.

• Federal News Network ☛ CISA extends deferred resignation offer to reinstated probationary staff

  About 130 probationary employees at CISA have been on administrative leave since they were reinstated in March.

• Federal News Network ☛ National security has a human capital problem and there’s no fast way out

  "We need the most talented individuals to be building the right credentials to serve in government," said Katherine Kuzminski.

• Security Week ☛ Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances

  The latest Verizon DBIR landed this week with a startling statistic about the security posture of VPNs and network edge devices.

• Kernel Space

  • Bootlin ☛ Cyber Resilience Act (CRA) – Obligations for manufacturers

    The EU’s new Cyber Resilience Act (CRA) sets out a comprehensive framework of cybersecurity requirements for products with digital elements. While most of its provisions will apply starting December 11, 2027, certain obligations—most notably, reporting duties for manufacturers—will kick in earlier, on September 11, 2026.

  • Linux Foundation and SPAM

    • PR Newswire ☛ Linux Foundation Named in 2025 WTR Industry Awards Shortlist for Excellence in Trademark Management [Ed: Corrupt Linux Foundation destroying the "Linux" trademark merits an award? Then again, look who's running it; marketing liars married to frauds.]

    • ZDNet ☛ The 4 VPNs I swear by for Linux - and why I trust them [Ed: Marketing SPAM by Red ventures]