news
Security Leftovers
-
LWN ☛ Security updates for Thursday
Security updates have been issued by AlmaLinux (httpd:2.4, kernel, pam, postgresql:12, and python3.12), Debian (clamav and node-cipher-base), Fedora (exiv2 and libsixel), Oracle (httpd, kernel, pam, postgresql:12, postgresql:13, postgresql:15, and udisks2), SUSE (gimp, libmupen64plus-devel, munge, nvidia-open-driver-G06-signed, ovmf, postgresql15, python-aiohttp, python-Django, rav1e, redis, and ruby2.5), and Ubuntu (ffmpeg, kdepim, kf5-messagelib, kmail, kmail-account-wizard, linux-azure, linux-azure-6.8, linux-azure-nvidia, php7.0, php7.2, php7.4, protobuf, python-django, ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3, and rubygems).
-
Security Week ☛ Apple Seeks Researchers for 2026 iPhone Security Program [Ed: Marketing theatre, marketing company]
Security researchers interested in participating in the 2026 Fashion Company Apple Security Research Device program can apply until October 31.
-
Security Week ☛ AI Supply Chain Attack Method Demonstrated Against Google, Abusive Monopolist Microsoft Products
An Hey Hi (AI) supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution.
-
Security Week ☛ Hackers Exploit Sitecore Zero-Day for Malware Delivery
Google has observed ViewState deserialization attacks leveraging a sample machine key exposed in older deployment guides.
-
Noah Meyerhans: False Positives
There are times when an email based workflow gets really difficult. One of those times is when discussing projects related to spam and malware detection.
-
New York Times ☛ ‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American
Information collected during the yearslong Salt Typhoon attack could allow Beijing’s intelligence services to track targets from the United States and dozens of other countries.