news
Security and Fear, Uncertainty, Doubt (FUD)
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (bind, bind9.16, libsoup, mariadb:10.5, and sssd), Debian (chromium, keystone, and swift), Fedora (apptainer, buildah, chromium, fcitx5, fcitx5-anthy, fcitx5-chewing, fcitx5-chinese-addons, fcitx5-configtool, fcitx5-hangul, fcitx5-kkc, fcitx5-libthai, fcitx5-m17n, fcitx5-qt, fcitx5-rime, fcitx5-sayura, fcitx5-skk, fcitx5-table-extra, fcitx5-unikey, fcitx5-zhuyin, GeographicLib, libime, mbedtls, mingw-poppler, mupen64plus, python-starlette, webkitgtk, and xen), Mageia (dcmtk, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, libvpx, and sqlite3), Oracle (bind, bind9.16, kernel, libsoup, libsoup3, osbuild-composer, qt6-qtsvg, sssd, and valkey), Red Hat (kernel and kernel-rt), SUSE (bind, gpg2, ImageMagick, python-Django, and runc), and Ubuntu (linux-azure, linux-azure-4.15, linux-fips, linux-aws-fips, inux-gcp-fips, linux-gcp, linux-gcp-6.8, linux-gke, linux-intel-iot-realtime, linux-realtime, linux-raspi-5.4, and linux-realtime, linux-realtime-6.8).
-
Trail of Bits ☛ Balancer hack analysis and guidance for the DeFi ecosystem
TL;DR
- The root cause of the hack was a rounding direction issue that had been present in the code for many years.
- When the bug was first introduced, the threat landscape of the blockchain ecosystem was significantly different, and arithmetic issues in particular were not widely considered likely vectors for exploitation.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 308 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
308. This version includes the following changes:* Attempt to fix automatic deployment to PyPi:
- Separate out deploy-tag and deploy-pypi into different stages, and base the latter on debian:unstable. - Call apt-get update prior to attempting installing twine.
-
Security Week ☛ Landfall Android Spyware Targeted Samsung Phones via Zero-Day
Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East.
-
Scoop News Group ☛ New Landfall spyware apparently targeting Samsung phones in Middle East
Palo Alto Networks researchers haven’t been able to identify who’s behind the commercial-grade tech yet.
-
Federal News Network ☛ Yeske helped change what complying with zero trust means
Don Yeske, a former director of national security in the cyber division at DHS, said its “groundbreaking zero trust architecture” focused on 46 capabilities.
-
Federal News Network ☛ The Congressional Budget Office was hacked. It says it has implemented new security measures
The CBO confirmed the incident and that it was under investigation on Thursday, but did not say whether the data breach was done by a foreign actor.
-
Security Week ☛ The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures
The Congressional Budget Office confirmed it had been hacked, potentially disclosing important government data to malicious actors.
-
Silicon Angle ☛ Congressional Budget Office breached by suspected foreign hackers
The Congressional Budget Office has been breached by hackers that are believed to be affiliated with a foreign actor. The CBO disclosed the incident on Thursday. According to the Washington Post, CBO officials first discovered the breach a few days earlier.
-
Security Week ☛ In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests
Other noteworthy stories that might have slipped under the radar: rogue ransomware negotiators charged, F5 hack prompts OT security guidance, Germany targets Huawei tech.
-
Security Week ☛ Data Exposure Vulnerability Found in Deep Learning Tool Keras
The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks.
-
Security Week ☛ ClickFix Attacks Against macOS Users Evolving
ClickFix prompts typically contain instructions for backdoored Windows users, but now they are tailored for macOS and they are getting increasingly convincing.
-
Security Week ☛ 18 Arrested in Crackdown on Credit Card Fraud Rings
Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million).
-
Pen Test Partners ☛ Exploiting AgTech connectivity to corner the grain market
TL;DR Introduction I live in the countryside & as a result, know quite a few farmers. The subject of connected farming systems comes up quite a lot in the local pub. Those of you who have watched Clarkson’s Farm will understand just how complex and confusing some tractor systems are.
-
Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
-
Forbes ☛ Amazon Confirms WorkSpaces Linux Client Authentication Issue [Ed: Microsoft propagandist Davey Winder blames "Linux"]
-
Cyble Inc ☛ Critical CVE-2025-12779 Vulnerability Exposes Amazon WorkSpaces for Linux Users to Token Theft [Ed: AWS is not Linux, it is proprietary stuff]
A newly disclosed security flaw in the Amazon WorkSpaces client for Linux has raised serious concerns across organizations relying on AWS virtual desktop infrastructure. The vulnerability, identified as CVE-2025-12779, enables local attackers to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpace sessions.
-