Security Leftovers

posted by Roy Schestowitz on Aug 19, 2025

• LWN ☛ Security updates for Monday

  Security updates have been issued by AlmaLinux (go-toolset:rhel8, kernel, and kernel-rt), Fedora (chromium), Oracle (libxml2), Red Hat (go-toolset:rhel8, golang, kernel, kernel-rt, openjpeg2, rsync, and tigervnc), and SUSE (apache-commons-lang3, chromedriver, fractal, framework_tool, go1.23-openssl, go1.24-openssl, grub2, gstreamer-devtools, gstreamer-plugins-rs, jasper, libavif, lighttpd, nginx, podman, postgresql13, postgresql14, postgresql15, postgresql16, python311-pypdf, ruby2.5, rust-keylime, tiff, tomcat, tomcat10, and tomcat11).

• Security Week ☛ Novel 5G Attack Bypasses Need for Malicious Base Station

  Researchers detailed a new 5G attack named Sni5Gect that can allow attackers to sniff traffic  and cause disruption.

• Security Week ☛ Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities

  More than 870 N-able N-central instances have not been patched against CVE-2025-8875 and CVE-2025-8876, two exploited vulnerabilities.

• Security Week ☛ Workday Data Breach Bears Signs of Widespread Salesfarce Hack

  Workday appears to have joined the list of major companies that had their Salesfarce instances targeted by hackers. 

• Security Week ☛ US Seizes $2.8 Million From Zeppelin Ransomware Operator

  The US has indicted Zeppelin ransomware operator Ianis Antropenko, seizing over $2.8 million in cryptocurrency from his wallet.

• Security Week ☛ Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets

  Chinese APT UAT-7237 has been targeting Taiwanese web infrastructure for long-term access to high-value entities.

• Tom's Guide ☛ Proton VPN brings split tunneling to Linux – here's what you need to know

  Proton VPN has announced split tunneling will be coming to its Linux apps. The feature is currently in beta and allows you to select which apps can bypass the VPN.

  Split tunneling is only available for Proton VPN's official Fedora and Ubuntu apps. It is not currently supported on its Flatpak app or Debian 12. However, Debian 12 support is coming soon.

• Windows TCO / Windows Bot Nets

  • SANS ☛ Keeping an Eye on MFA-Bombing Attacks, (Mon, Aug 18th)

    I recently woke up (as one does each day, hopefully) and saw a few Abusive Monopolist Microsoft MFA prompts had pinged me overnight. Since I had just awakened, I just deleted them, then two minutes later clued in - this means that one of my passwords was compromised, and I had no idea which site the compromised creds were for.

  • Tom's Hardware ☛ Latest backdoored Windows 11 security patch might be breaking SSDs under heavy workloads — users report disappearing drives following file transfers, including some that cannot be recovered after a reboot

    Windows users are reporting SSD issues following the latest backdoored Windows 11 security patch.