news
Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (freeradius and icu), Fedora (clamav, glow, libssh, perl-Crypt-OpenSSL-RSA, perl-CryptX, podman, trafficserver, and xorg-x11-server), Mageia (gdk-pixbuf2.0 and thunderbird), Red Hat (osbuild-composer and weldr-client), SUSE (afterburn, google-osconfig-agent, libblockdev, pam, python-tornado6, screen, and yelp-xsl), and Ubuntu (libxslt and python-pip).
-
Tom's Hardware ☛ 689 different Brother printer models all use the serial number to create default password — ridiculous security flaw baked in from manufacturing, can't be fully remediated with firmware
689 Brother printer models, along with some from a handful of other manufacturers, are vulnerable to a critical security vulnerability. The printer's default password is determined algorithmically at manufacturing and is reverse-engineerable, and is unfixable via firmware updates.
-
OpenSSF (Linux Foundation) ☛ On-Demand Webinar: Cybersecurity Skills, Simplified
A Framework That Works Cybersecurity isn’t just the responsibility of a dedicated team anymore.
-
OpenSSF (Linux Foundation) ☛ OpenSSF at UN Open Source Week 2025: Securing the Supply Chain Through Global Collaboration [Ed: It's not about real security]
-
Security Week ☛ Vulnerability Exposed All Open VSX Repositories to Takeover
A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository.
-
Security Week ☛ Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability
The Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025–5777 may be exploited in the wild for initial access.
-
Security Week ☛ In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update
Noteworthy stories that might have slipped under the radar: Norwegian dam hacked, AT&T agrees to $177 million data breach settlement, Whole Foods distributor restores systems after attack.
-
Federal News Network ☛ House appropriators soften CISA cuts, call for DHS ‘contractor cyber readiness pilot’
The House Appropriations Committee also wants to save DHS's Hey Hi (AI) Corps and prioritize funding for critical infrastructure cybersecurity.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 300 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
300. This version includes the following changes: [...] -
Scoop News Group ☛ Scattered Spider strikes again? Aviation industry appears to be next target for criminal group
Hawaiian Airlines announced a cybersecurity incident Friday as security experts warned of a sector-wide threat.
-
Scoop News Group ☛ Microsoft security updates address CrowdStrike crash, kill ‘Blue Screen of Death’ [Ed: Changing colours fixes nothing]
Third-party antivirus software will no longer have access to the backdoored Windows kernel as Abusive Monopolist Microsoft rolls out changes to reduce IT downtime from unexpected crashes or disruptions.
-
Security Week ☛ Microsoft to Preview New backdoored Windows Endpoint Security Platform After CrowdStrike Outage
Microsoft is preparing a private preview of new backdoored Windows endpoint security platform capabilities to help antimalware vendors create solutions that run outside the kernel.