news
Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (buildah, firefox, go-rpm-macros, kernel, kernel-rt, podman, and thunderbird), Debian (erlang, python-gevent, and r-cran-gh), Fedora (buildah, chromium, k9s, kubernetes1.33, kubernetes1.34, podman, python-mkdocs-include-markdown-plugin, and webkitgtk), Gentoo (Chromium, Surveillance Giant Google Chrome, Abusive Monopolist Microsoft Edge. Opera, qtsvg, redict, redis, UDisks, and WebKitGTK+), Mageia (cups-filters and ruby-rack), Oracle (kernel and libssh), Red Hat (.NET 8.0, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (act, bind, cups-filters, govulncheck-vulndb, grub2, libebml, python39, and tcpreplay), and Ubuntu (linux-raspi, linux-raspi-realtime, openjdk-21, openjdk-25, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and runc-app, runc-stable).
-
NVISO Labs ☛ Detection Engineering: Practicing Detection-as-Code – Tuning – Part 8
In Part 7, we showcased how we can leverage automation to continuously monitor the performance and trigger rate of our deployed detections. In this part, we are going to investigate how we can introduce automation and utilize continuous deployment pipelines to streamline the tedious task of tuning our detections.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – November 2025
-
PR Newswire ☛ Linux Foundation Launches the Open Robust Compartmentalization Alliance (ORCA) to Advance Software Security [Ed: Compartmentalization as a next big buzzword?]
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the formation of the Open Robust Compartmentalization Alliance (ORCA). ORCA brings together leading universities, technology companies, and research institutions to improve the resiliency and efficiency of software systems through practical, cost-preventative approaches to software compartmentalization.
-
Pen Test Partners ☛ Beyond cloud compliance dashboards, what’s next?
Cloud compliance frameworks are a good place to start. Dashboards that show how your estate compares to benchmarks like CIS and vendor-specific best practice checks are available from most major cloud providers. These tools let teams quickly see how clean their configurations are and how easy it is to spot obvious gaps.
-
Security Week ☛ Canon Says Subsidiary Impacted by Oracle EBS Hack
More than 100 alleged victims of the Oracle EBS campaign have been added to the Cl0p ransomware website.
-
Security Week ☛ Fluent Bit Vulnerabilities Expose Cloud Services to Takeover
Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation.
-
Action1 Extends Autonomous Endpoint Management to Linux, Giving MSSPs a Unified Cross-Platform Patching Platform [Ed: Obscure and proprietary wrapper for box tickers]