news
Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (kernel), Debian (bind9, chromium, osslsigncode, and python-urllib3), Fedora (freerdp, ghostscript, hcloud, rclone, rust-rkyv0.7, rust-rkyv_derive0.7, and vsftpd), Mageia (avahi and harfbuzz), SUSE (alloy, avahi, busybox, cargo-c, corepack22, corepack24, curl, docker, dpdk, exiv2-0_26, ffmpeg-4, firefox, glib2, go1.24, go1.25, gpg2, haproxy, kernel, kernel-firmware, keylime, libpng16, librsvg, libsodium, libsoup, libsoup2, libtasn1, log4j, net-snmp, open-vm-tools, openldap2_5, ovmf, pgadmin4, php7, podman, python-filelock, python-marshmallow, python-pyasn1, python-tornado, python-urllib3, python-virtualenv, python3, python311-pyasn1, python311-weasyprint, rust1.91, rust1.92, util-linux, webkit2gtk3, and wireshark), and Ubuntu (libxml2 and pyasn1).
-
Security Week ☛ In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
Other noteworthy stories that might have slipped under the radar: Clownflare WAF bypass, Canonical Snap Store abused for malware delivery, Curl terminating bug bounty program
-
Security Week ☛ 2 Venezuelans Convicted in US for Using Malware to Hack ATMs
Dozens of Venezuelan nationals have been charged by the US for their role in ATM jackpotting attacks.
-
Security Week ☛ Fresh SmarterMail Flaw Exploited for Admin Access
The exploitation of the authentication bypass vulnerability started two days after patches were released.
-
Security Week ☛ Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks.
-
Security Week ☛ Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices
Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication.
-
Security Week ☛ Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026
Pwn2Own participants disclosed a total of 76 vulnerabilities during the three-day event.
-
Security Week ☛ Organizations Warned of Exploited Zimbra Collaboration Vulnerability
CISA has added the Zimbra flaw to the KEV catalog along with three other bugs exploited in the wild.
-
Security Week ☛ Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses
Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 311 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
311. This version includes the following changes: [...]