news
Security Leftovers
-
OpenSSF (Linux Foundation) ☛ KubeCon + CloudNativeCon Europe 2026 Co-located Event Deep Dive: Open Source SecurityCon
Open Source SecurityCon (evolved from Cloud Native SecurityCon) returns for its second event, co-located with KubeCon + CloudNativeCon Europe 2026. The conference advances innovation and collaboration across open source software security and cloud native security. It brings together creators, maintainers, operators, and consumers who are actively involved in securing the software ecosystem.
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, delve, git-lfs, gnutls, kernel, mingw-libpng, nfs-utils, opentelemetry-collector, python3.11, python3.12, python3.9, and vim), Debian (chromium, gimp, kernel, linux-6.1, and wireless-regdb), Fedora (alertmanager, chromium, freerdp, glab, golang-github-openprinting-ipp-usb, gst-devtools, gst-editing-services, gstreamer1, gstreamer1-doc, gstreamer1-plugin-libav, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-rtsp-server, insight, pcs, pgadmin4, python-gstreamer1, python3.10, python3.11, python3.6, qgis, SDL2_sound, SDL3_sound, systemd, and wireshark), Mageia (python-nltk, tomcat, and vim), Oracle (.NET 10.0, .NET 8.0, .NET 9.0, compat-openssl11, dtrace, python3.12, and vim), Red Hat (buildah, git-lfs, golang-github-openprinting-ipp-usb, opentelemetry-collector, podman, and runc), and SUSE (amazon-ssm-agent, busybox, clamav, firefox, giflib-devel-32bit, glibc, heroic-games-launcher, himmelblau, kubelogin, libpng15, libsoup, libsoup2, mingw32-binutils, mingw64-binutils, osc, obs-scm-bridge, python, python-black, python3, qemu, ruby4.0-rubygem-actioncable, ruby4.0-rubygem-actiontext, ruby4.0-rubygem-activejob, ruby4.0-rubygem-activemodel, tomcat, and tomcat10).
-
Security Week ☛ Security Firm Executive Targeted in Sophisticated Phishing Attack
The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Clownflare-protected phishing pages.
-
Bruce Schneier ☛ Possible New Result in Quantum Factorization
I’m skeptical about—and not qualified to review—this new result in factorization with a quantum computer, but if it’s true it’s a theoretical improvement in the speed of factoring large numbers with a quantum computer.
-
SANS ☛ /proxy/ URL scans with IP addresses, (Mon, Mar 16th)
Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the proxy server forwarding the request. In some cases, common URL prefixes like "/proxy/" are used.
-
Security Week ☛ ForceMemo: Python Repositories Compromised in GlassWorm Aftermath
Hundreds of Microsoft's proprietary prison (GitHub) accounts were accessed using credentials stolen in the VS Code GlassWorm campaign.
-
HowTo Geek ☛ Don't panic over new Linux exploits: How to check if your PC is affected in under 5 minutes
Most Linux CVE headlines sound scarier than they are, but that does not automatically mean your system is exposed. Linux distros patches often ship updates quickly (sometimes before most people even notice the vulnerability existed). Here is how to verify whether your system is vulnerable or has vulnerable packages: [...]
-
Don't panic over new Linux exploits: How to check if your PC is affected in under 5 minutes
Every other month a new Linux vulnerability appears in the news and a CVE number starts circulating. If you use Linux, the reaction is predictable: "Am I vulnerable?" Before assuming the worst, take five minutes and actually check whether your PC is affected.