news
Security and Windows TCO Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (apache2, kernel, linux-6.1, openjdk-17, and pgpool2), Fedora (glib2, matrix-synapse, openjpeg, python3-docs, and python3.13), Oracle (gdk-pixbuf2, glibc, java-1.8.0-openjdk, kernel, libxml2, python-requests, python3.11-setuptools, and thunderbird), SUSE (amber-cli, apache-commons-lang3, eclipse-jgit, go1.23, go1.24, govulncheck-vulndb, grub2, icinga2, kubernetes1.23, libgcrypt, python3, python313, sccache, slurm, tiff, and webkit2gtk3), and Ubuntu (linux-oracle).
-
Scoop News Group ☛ Fortinet SIEM issue coincides with spike in brute-force traffic against company’s SSL VPNs
Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s security appliances.
-
Security Week ☛ Adobe Patches Over 60 Vulnerabilities Across 13 Products
Adobe’s security updates fix vulnerabilities in Commerce, Substance, InDesign, FrameMaker, Dimension and other products.
-
Security Week ☛ Fortinet, Ivanti Release August 2025 Security Patches
Fortinet and Ivanti have published new security advisories for their August 2025 Patch Tuesday updates.
-
Security Week ☛ Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000
The RansomHub ransomware group stole sensitive information from staffing and recruiting firm Manpower in January.
-
Security Week ☛ Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia
Intel, AMD and Nvidia have published security advisories describing vulnerabilities found recently in their products.
-
Security Week ☛ ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities
August 2025 ICS Patch Tuesday advisories have been published by Siemens, Schneider, Aveva, Honeywell, ABB and Phoenix Contact.
-
Newly Discovered Plague Linux Backdoor Malware Remained Undetected For A Year [Ed: "Linux Backdoor" is the wrong thing to call it, this boils down to malware.]
A new Linux malware has recently caught the attention of security researchers. Identified as “Plague,” this malware is more specifically a Linux backdoor that remained undetected for almost a year.
-
Cybernews ☛ Dozens of DockerHub Linux images still contain a critical XZ Utils backdoor [Ed: Reminder that containers have severe limitations and contain unstable software, too]
A critical XZ Utils backdoor, shipped with multiple Linux builds last year after a supply chain compromise, still lurks on DockerHub. Dozens of public images contain the bug and plague the containers built from them.
Security researchers at Binarly Research warn that they have found over 35 base images on DockerHub that remain public, despite containing the infamous XZ Utils, one of the most dangerous backdoors with the highest possible severity score of 10.0.
-
Bleeping Computer ☛ Docker Hub still hosts dozens of Linux images with the XZ backdoor
Binarly reported the images to Debian, one of the maintainers still offering backdoored images, who decided not to take them offline, citing low risk and importance of archiving continuity.
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Microsoft Patches Over 100 Vulnerabilities
Microsoft’s August 2025 Patch Tuesday updates address critical vulnerabilities in Windows, Office, and Hyper-V.
-
Federal News Network ☛ CrowdStrike lessons: Monoculture is bad, and Abusive Monopolist Microsoft monoculture is worse
If we don’t learn from the CrowdStrike outage, the next time that this happens — which is inevitable — the damage could be far worse.
-
SANS ☛ CVE-2017-11882 Will Never Die, (Wed, Aug 13th)
...this remote code execution affects Abusive Monopolist Microsoft Office and, more precisely, the good old "Equation Editor".
-