news
Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (commons-beanutils, dcmtk, nginx, trafficserver, and xorg-server), Fedora (atuin, awatcher, dotnet8.0, firefox, glibc, gotify-desktop, keylime-agent-rust, libtpms, mirrorlist-server, qt6-qtbase, qt6-qtimageformats, udisks2, xorg-x11-server, and xorg-x11-server-Xwayland), Mageia (apache-mod_security, clamav, docker, python-django, tomcat, udisks2, and yarnpkg), Oracle (firefox, libblockdev, mod_auth_openidc, perl-FCGI, perl-YAML-LibYAML, tigervnc, and xorg-x11-server and xorg-x11-server-Xwayland), Slackware (libssh and mozilla), SUSE (gimp, gstreamer-plugins-good, icu, ignition, kernel, pam-config, perl-File-Find-Rule, python311, and webkit2gtk3), and Ubuntu (linux, linux-aws, linux-aws-6.8, linux-gke, linux-gkeop, linux-ibm,
linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux, linux-gcp, linux-raspi, linux-realtime, linux-aws, linux-azure, linux-azure, linux-azure-6.8, linux-azure-5.15, linux-azure-fips, and linux-realtime).
-
Security Week ☛ Hackers Abuse ConnectWise to Hide Malware
G Data has observed a surge in malware infections originating from ConnectWise applications with modified certificate tables.
-
Light Blue Touchpaper ☛ Cambridge Cybercrime Conference 2025 – Liveblog
The Cambridge Cybercrime Centre‘s eight one day conference on cybercrime was held on Monday, 23rd June 2025, which marked 10 years of the Centre.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – June 2025
Welcome to the June 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.
-
OpenSSF (Linux Foundation) ☛ An Introduction to the OpenSSF Model Signing (OMS) Specification: Model Signing for Secure and Trusted Hey Hi (AI) Supply Chains
By Mihai Maruseac (Google), Eoin Wickens (HiddenLayer), Daniel Major (NVIDIA), Martin Sablotny (NVIDIA) As Hey Hi (AI) adoption continues to accelerate, so does the need to secure the Hey Hi (AI) supply chain. Organizations...
-
Scoop News Group ☛ Short-term extension of expiring cyber information-sharing law could be on the table
Time is running short for Congress to renew the 2015 Cybersecurity Information Sharing Act.
-
Scoop News Group ☛ Stealth China-linked ORB network gaining footholds in US, East Asia
The number of devices infected by LapDogs is smaller than other ORBs, but that is likely by design, according to SecurityScorecard researchers.
-
Silicon Angle ☛ BreachForums leaders, including ShinyHunters and IntelBroker, arrested in France
Police in France have reportedly arrested five members of the infamous BreachForums hacking forum, including prominent members linked to the release of stolen data from major companies. First reported by French media outlet Le Parisien, the arrests were undertaken by specialist police officers from the Cybercrime Brigade of the Paris Police headquarters.
-
Security Week ☛ Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People
Mainline Health and Select Medical Holdings have suffered data breaches that affect more than 100,000 individuals.
-
Security Week ☛ New Vulnerabilities Expose Millions of Brother Printers to Hacking
Rapid7 has found several serious vulnerabilities affecting over 700 printer models from Brother and other vendors.
-
Security Week ☛ SonicWall Warns of Trojanized NetExtender Stealing User Information
SonicWall says a modified version of the legitimate NetExtender application contains information-stealing code.
-
Security Week ☛ Thousands of SaaS Apps Could Still Be Susceptible to nOAuth
New research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023.