news
Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (dcmtk, geographiclib, gimp, pure-ftpd, and ruby-rack), Fedora (dotnet9.0), Oracle (expat, kernel, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (git, mariadb:10.5, multiple packages, osbuild-composer, pcs, sssd, and tigervnc), SUSE (kernel and redis), and Ubuntu (google-guest-agent).
-
Open Source Initiative ☛ State of the Source at ATO 2025: Cybersecurity [Ed: Cybersecurity talks by OSI which had a data breach exposed to all for 4 years!]
In October, the OSI hosted the State of the Source Track at All Things Open designed to connect developers with the big policy conversations shaping our ecosystem. Katie Steen-James, Jeremy Stanley, Barry Peddycord III, and Bob Callaway led the panel Policy Cybersecurity, with updates on SBOMs, the Cyber Resilience Act, and what developers need to know.
-
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #44 – S2E21 A Deep Dive into the Open Source Project Security (OSPS) Baseline
-
Security Week ☛ SesameOp Malware Abuses Proprietary Chaffbot Company API
A component of the newly discovered SesameOp backdoor uses the API to store and relay commands from the C&C server.
-
Scoop News Group ☛ Bugcrowd acquires Mayhem Security to advance AI-powered security testing
Mayhem, which won the 2016 DARPA Cyber Grand Challenge, will have all its employees join Bugcrowd.
-
Security Week ☛ Android Update Patches Critical Remote Code Execution Flaw
The November 2025 Android patches resolve two vulnerabilities, both in the platform’s System component.
-
Tom's Hardware ☛ 37 years ago this week, the Morris worm infected 10% of the Internet within 24 hours — worm slithered out and sparked a new era in cybersecurity
Cornell graduate student Robert Tappan Morris unleashed his eponymous worm upon the Internet 37 years ago, changing the face of cybersecurity.
-
Pen Test Partners ☛ What testers need to know about the changes to the CHECK scheme
Chartership and professional titles UKCSC has announced that the CHECK Team Leaders and CHECK Team Members will be required to have a professional title in order to continue delivering work under the CHECK scheme. What does Chartership mean for the CHECK Scheme? UKCSC runs the professional titles system.
-
SANS ☛ Apple Patches Everything, Again, (Tue, Nov 4th)
Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities is marked as already exploited. Fashion Company Apple only offers very sparse vulnerability descriptions. Here are some vulnerabilities that may be worth watching:
-
Scoop News Group ☛ Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads
The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.
-
Security Week ☛ Apple Patches 19 WebKit Vulnerabilities
Apple has released iOS 26.1 and macOS Tahoe 26.1 with patches for over 100 vulnerabilities, including critical flaws.
-
Federal News Network ☛ We’ll take a look at what the shutdown means for the nation’s cyber defenses
"Attackers know exactly when we're vulnerable, and that's when our government's not working," said Justin Miller.
-
Security Week ☛ Transportation Companies Hacked to Steal Cargo
Threat actors engage in elaborate attack chains to infect trucking and logistics companies with remote access tools.
-
Citizen Lab ☛ NOV 12 | From Stasi to Spyware – Old Tactics, New Technology
Citizen Lab senior researcher John Scott-Railton is presenting in the panel titled “From Stasi to Spyware: Old Tactics, New Technology” at Berlin Freedom Week on November 12, 2025.