news
Security and Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (python-requests), Fedora (mingw-libxslt), Red Hat (gdk-pixbuf2, jq, kernel, mod_security, ncurses, nodejs:22, opentelemetry-collector, python-setuptools, python3-setuptools, python3.12-setuptools, qt5-qt3d, redis, redis:6, redis:7, sqlite, and unbound), SUSE (apache2, cairo, chromium, djvulibre, govulncheck-vulndb, grub2, java-11-openjdk, java-17-openjdk, liblua5_5-5, nvidia-open-driver-G06-signed, python, python310, python314, python39, redis, sqlite3, and systemd), and Ubuntu (apport, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips, linux-azure, and linux-oracle).
-
Security Week ☛ Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability
Android’s light August 2025 security update resolves an Adreno GPU vulnerability confirmed as exploited in June.
-
WordPress ☛ Maintenance Releases for WordPress branches 4.7 to 6.7
Following on from the WordPress 6.8.2 maintenance release last month, the included update to the root security certificate bundle has been backported to all branches back to 4.7. This ensures that when your site performs server-side HTTP requests, the most up-to-date information about trusted security certificates is used.
-
Security Week ☛ Cisco Says User Data Stolen in CRM Hack
Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
-
Security Week ☛ SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation
Threat actors might be exploiting a zero-day vulnerability in SonicWall firewalls in a fresh wave of ransomware attacks.
-
OpenSSF (Linux Foundation) ☛ Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security
-
NVISO Labs ☛ Detection Engineering: Practicing Detection-as-Code – Validation – Part 3
In this part, we focus on implementing validation checks to improve consistency and ensure a minimum level of quality within the detection repository. Setting up validation pipelines is a key step, as it helps enforce the defined standards, reduce errors, and ensure that detections are reliable and consistent.
-
Cybernews ☛ Ghost-like backdoor for Linux has avoided antivirus detection for months [Ed: Misleading as this is malware, not "Linux backdoor"]
In what seems an especially smart, albeit malicious, solution, code that creates a highly persistent Linux backdoor without tripping any alarms has been spotted by researchers.
-
TechRadar ☛ Dangerous new Linux malware strikes - thousands of users see passwords, personal info stolen, here's what we know [Ed: So do not install it]
SentinelLabs and Beazley Security issued a joint report detailing the activities of PXA Stealer, a new Python-based infostealer for the Linux platform.