news
Security Leftovers
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (binwalk, glib2.0, libgd2, paramiko, and python-apt), Fedora (chromium, python3.13, python3.14, qt6-qtdeclarative, and usd), Mageia (ffmpeg, firefox, nspr, nss, and thunderbird), Oracle (kernel, mysql, mysql:8.0, mysql:8.4, ruby:3.3, wireshark, and xorg-x11-server), Red Hat (expat, mingw-expat, and rsync), SUSE (binutils, curl, glib2, gnutls, go1.24, go1.25, keylime, libmicrohttpd, libssh, openexr, postgresql15, python311, and xkbcomp), and Ubuntu (libsoup3, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke,
linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-azure-6.14, linux-azure, linux-azure-6.8, linux-azure-fips, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, linux-oem-6.14, linux-raspi, and linux-realtime, linux-realtime-6.8).
-
Security Week ☛ Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks
After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices.
-
Security Week ☛ JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover
The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges.
-
Security Week ☛ In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances.
-
Cyble Uncovers Sophisticated Linux Malware Campaign Combining Mirai-Derived DDoS Botnet with Fileless Cryptominer
V3G4 Hybrid Threat Targets Cloud Servers and IoT Devices Across Multiple Architectures; Advanced Evasion Techniques Enable Dual Monetization Strategy
Cyble Research & Intelligence Labs (CRIL) has identified an active and sophisticated Linux-targeting campaign that merges Mirai-derived DDoS botnet capabilities with a stealthy, fileless XMRig-based cryptominer, representing a significant evolution in IoT and cloud-targeted threats.
The campaign, leveraging the V3G4 Mirai variant, employs a multi-stage infection chain designed to compromise Linux servers and IoT devices across x86_64, ARM, and MIPS architectures while maintaining persistent access for both denial-of-service attacks and cryptocurrency mining operations simultaneously.