news
Security Leftovers
-
XDA ☛ 5 reasons Kaspersky releasing a Linux antivirus product worries me
It is not surprising that a major security vendor wants to tap into the growing Linux desktop market, especially as more people adopt Linux for both personal and professional use. Even so, the arrival of a new antivirus product from Kaspersky immediately raises concerns for anyone who follows security news or understands the geopolitical baggage associated with certain companies.
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (delve and golang), Debian (webkit2gtk), Oracle (expat and thunderbird), Red Hat (kernel), Slackware (openvpn), SUSE (chromium, grub2, and kernel), and Ubuntu (cups-filters, imagemagick, and libcupsfilters).
-
Security Week ☛ Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks
APT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads.
-
Security Week ☛ In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring
Other noteworthy stories that might have slipped under the radar: surge in Palo Alto Networks scanning, WEL Companies data breach impacts 120,000 people, Hey Hi (AI) second-order prompt injection attack.
-
Security Week ☛ Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day
CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager.
-
Security Week ☛ Over 370 Organizations Take Part in GridEx VIII Grid Security Exercise
The number of participants in the cyber and physical grid security exercise increased by nearly 50% compared to two years ago.
-
Security Week ☛ SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance
The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories.
-
Security Week ☛ SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability
SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake.
-
Security Week ☛ Salesfarce Instances Hacked via Gainsight Integrations
The infamous ShinyHunters hackers have targeted customer-managed Gainsight-published applications to steal data from Salesfarce instances.
-
Scoop News Group ☛ Legacy web forms are the weakest link in government data security
Outdated government web forms are placing millions of citizens at risk as sensitive information is collected and transmitted through insecure, non-compliant systems.
-
Red Pixels Ventures Ltd ☛ CERT-In Warns Google Chrome Users of ‘High Risk’ Vulnerabilities on Windows, macOS, and Linux
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding multiple vulnerabilities affecting Google Chrome on various operating systems. The latest bulletin, published on Friday, has flagged the discovered vulnerabilities as high risk. As per the cybersecurity firm, threat actors may potentially exploit the security flaws to remotely execute arbitrary code on the affected systems. All individual users and organisations using Google Chrome on Windows, macOS, and Linux have been advised to update to the latest version of the web browser.