Security Leftovers

posted by Roy Schestowitz on May 22, 2025

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by AlmaLinux (.NET 8.0, avahi, buildah, compat-openssl10, compat-openssl11, expat, firefox, gimp, git, grafana, libsoup, libxslt, mod_auth_openidc, nginx, nodejs:22, osbuild-composer, php, redis, redis:7, skopeo, thunderbird, vim, webkit2gtk3, xterm, and yelp), Arch Linux (dropbear, freetype2, go, nodejs, nodejs-lts-iron, nodejs-lts-jod, python-django, webkit2gtk, webkit2gtk-4.1, webkitgtk-6.0, and wpewebkit), Debian (mongo-c-driver), Fedora (openssh, perl-Mojolicious, thunderbird, yelp, and yelp-xsl), Red Hat (firefox, java-1.8.0-openjdk, java-11-openjdk with Extended Lifecycle Support, java-21-ibm-semeru-certified-jdk, java-21-openjdk, kernel, libxslt, ruby, ruby:3.1, ruby:3.3, unbound, and webkit2gtk3), SUSE (glib2, grub2, kernel, libwebp, openssh, and s390-tools), and Ubuntu (linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime, linux-azure, linux-azure-5.15, linux-nvidia-tegra, linux-azure, linux-azure-6.8, linux-oem-6.8, linux-azure, linux-kvm, linux-azure-fips, linux-azure-nvidia, linux-gcp, linux-gcp-6.8, linux-gkeop, linux-gke, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, mariadb-10.6, and postgresql-12, postgresql-14, postgresql-16).

• OpenSSF (Linux Foundation) ☛ Call for Proposals Now Open for Open Source SecurityCon 2025

  We’re thrilled to announce that the Call for Proposals is now open for Open Source SecurityCon, a brand new event hosted by OpenSSF and CNCF, taking place on November 10, 2025, in Atlanta, Georgia.

• Security Week ☛ Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers

  Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.

• Security Week ☛ GitLab, Atlassian Patch High-Severity Vulnerabilities

  GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.

• SANS ☛ New Variant of Crypto Confidence Scam, (Wed, May 21st)

  In February, we had a few diaries about crypto wallet scams. We saw these scams use YouTube comments, but they happened via other platforms and messaging systems, not just YouTube. The scam was a bit convoluted: The scammer posted the secret key to their crypto wallet. Usually, this would put their crypto wallet at risk of being emptied. But the wallet they used came with a twist: A second key was required. The scammer counted on the victim paying the transaction fee, which the scammer would receive, before attempting to withdraw the funds.

• Security Week ☛ Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities

  Wiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution.

• Security Week ☛ Cellcom Service Disruption Caused by Cyberattack

  Wireless carrier Cellcom has confirmed that a week-long widespread service outage is the result of a cyberattack.

• Security Week ☛ Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway

  More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.

• Security Week ☛ Google DeepMind Unveils Defense Against Indirect Prompt Injection Attacks

  Google DeepMind has developed an ongoing process to counter the continuously evolving threatIndirect prompt injection (IPI) attacks.

• Google flags malicious use of Linux .desktop files [Ed: GBHackers News" is a slopfarm. yet this site deems it a real source]

• Windows TCO / Windows Bot Nets

  • Security Week ☛ US Student to Plead Guilty Over PowerSchool Hack

    Matthew Lane allegedly hacked PowerSchool using stolen credentials and admitted to extorting a telecoms provider.