Security and BSoDs

posted by Roy Schestowitz on Mar 07, 2026

• LWN ☛ Security updates for Friday

  Security updates have been issued by Debian (chromium), Fedora (freerdp, libsixel, opensips, and yt-dlp), Mageia (python-django, rsync, and vim), Red Hat (go-rpm-macros and osbuild-composer), SUSE (7zip, assertj-core, autogen, c3p0, cockpit-machines, cockpit, cockpit-repos, containerized-data-importer, cpp-httplib, docker, docker-stable, expat, firefox, gnutls, go1.25-openssl, golang-github-prometheus-prometheus, haproxy, ImageMagick, incus, kernel, kubevirt, libsoup, libsoup2, mchange-commons, ocaml, openCryptoki, openvpn, php-composer2, postgresql14, postgresql15, python-Authlib, python-azure-core, python-nltk, python-urllib3_1, python311-Django4, python311-pillow-heif, python311-PyPDF2, python313, python313-Django6, qemu, rhino, roundcubemail, ruby4.0-rubygem-rack, sdbootutil, and wicked2nm), and Ubuntu (less, nss, python-bleach, qtbase-opensource-src, and zutty).

• Tom's Hardware ☛ DoJ, Europol, and others bring down LeakBase cybercrime site of 142,000 member, multiple arrests made — seized website reportedly among world's largest hacker forums

  United States DoJ, Europol, and friends bring down LeakBase cybercrime forum

• Security Week ☛ Iranian APT Hacked US Airport, Bank, Software Company

  The attacks, observed since February, show that Iranian hackers already have a presence in the networks of US organizations.

• Security Week ☛ Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks

  The vulnerability was disclosed and mitigated in 2021 but its in-the-wild exploitation has only now come to light.

• Security Week ☛ CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List

  The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1.

• Support for Istio 1.27 ends on 30 March, 2026

  According to Istio’s support policy, minor releases like 1.27 are supported until six weeks after the N+2 minor release (1.29 in this case). Istio 1.29 was released on the 26th of February, 2026, and support for 1.27 will end on the 30th of March, 2026.

  At that point we will stop back-porting fixes for security issues and critical bugs to 1.27, so we encourage you to upgrade to the latest version of Istio (1.29). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

• Business Wire ☛ Codenotary Unveils AI-Powered Security Platform to Bridge Critical Linux Skills Gap

  Codenotary, leaders in software supply chain protection, today announced Codenotary Trust, a unified SaaS platform that uses AI to instantly detect, prioritize, and fix security, configuration, and performance issues autonomously – also providing full rollback capabilities.

• ConnectSecure Delivers Unified Linux Patching Capabilities for MSPs to Serve Customers

  ConnectSecure, a vulnerability management and compliance management vendor that serves MSPs, recently added new cross-platform Linux operating system patching capabilities to its ConnectSecure MSP platform, offering busy service providers a more efficient way to provide diverse operating system patching for customer IT infrastructures.

• Windows TCO / Windows Bot Nets

  • Dedoimedo ☛ The curious case of sudden Blue Screens of Death

    The software quality deteriorating bingo card. We're slowly getting there. In this article, I want to talk to you about a sudden manifestation of system instability and multiple BSOD events on a backdoored Windows 10 system following the July 2025 patches, including sequence of recurring problems spread over several months, potential software and hardware faults, image restore to pre-July state and results since, other observations, and more. This is somewhat convoluted, rather odd, and quite sad. Enjoy.