Security Patches and Windows TCO

posted by Roy Schestowitz on Dec 05, 2025

• Announcing Istio 1.28.1

  This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.28.0 and 1.28.1.

  This release implements the security updates described in our 3rd of December post, bcISTIO-SECURITY-2025-003.

• LWN ☛ Security updates for Thursday

  Security updates have been issued by AlmaLinux (expat and libxml2), Debian (openvpn and webkit2gtk), Fedora (gi-loadouts, kf6-kcoreaddons, kf6-kguiaddons, kf6-kjobwidgets, kf6-knotifications, kf6-kstatusnotifieritem, kf6-kunitconversion, kf6-kwidgetsaddons, kf6-kxmlgui, nanovna-saver, persepolis, python-ezdxf, python-pyside6, sigil, stb, syncplay, tinyproxy, torbrowser-launcher, ubertooth, and usd), Mageia (cups), SUSE (cups, gegl, icinga2, mozjs128, and Security), and Ubuntu (ghostscript, kernel, linux, linux-aws, linux-aws-5.15, linux-gcp-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle, linux-aws-fips, linux-fips, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure-fips, linux-gcp, linux-gcp-4.15, linux-hwe, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-gcp-6.14, linux-raspi, linux-gcp-fips, linux-intel-iot-realtime, linux-realtime, linux-raspi, linux-raspi-realtime, linux-xilinx, and postgresql-14, postgresql-16, postgresql-17).

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by Debian (containerd, mako, and xen), Fedora (forgejo, nextcloud, openbao, rclone, restic, and tigervnc), Oracle (firefox, kernel, libtiff, libxml2, and postgresql), SUSE (libecpg6, lightdm-kde-greeter, python-cbor2, python-mistralclient-doc, python315, and python39), and Ubuntu (kdeconnect, linux, linux-aws, linux-realtime, python-django, and unbound).

• Windows TCO / Windows Bot Nets

  • It's FOSS ☛ Linus Torvalds Defends Windows' Blue Screen of Death [Ed: He is wrong]

    And he is not wrong actually.

  • The Register UK ☛ Microsoft fixes Windows shortcut flaw exploited for years

    Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks.

  • The Record ☛ Phishing attempt against Reporters Without Borders attributed to Russia-linked group | The Record from Recorded Future News

    Sekoia said another organization, which the researchers did not name, was targeted with a similar lure. In that case, the victim received a decoy PDF claiming the file was encrypted and instructing the user to open it via ProtonDrive. Clicking the link redirected the target to a phishing kit designed to harvest ProtonMail credentials.

  • The Record ☛ CISA, NSA warn of China’s BRICKSTORM malware after incident response efforts

    The hackers using the malware primarily target VMware vSphere and Windows environments. Once systems are compromised, the threat actors extract credentials and create hidden virtual machines that enable further access.

  • Fortra LLC ☛ Why the Record-Breaking 30 Tbps DDoS Attack Should Concern Every Business | Fortra

    And that's why a new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen.

    In Cloudflare's Q3 2025 DDoS Threat Report, it is revealed that recent months have seen a dramatic escalation in DDoS attacks, culminating in a record-breaking 29.7 terabit-per-second attack linked to a massive botnet called Aisuru.