news
Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (freerdp, libxslt, python3.11, and python3.12), Debian (libpng1.6, lxd, netty, and python-tornado), Fedora (chunkah, cpp-httplib, firefox, freerdp, gst-devtools, gst-editing-services, gstreamer1, gstreamer1-doc, gstreamer1-plugin-libav, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-rtsp-server, gstreamer1-vaapi, insight, python-gstreamer1, python3.14, rust, rust-cargo-rpmstatus, rust-cargo-vendor-filterer, rust-resctl-bench, rust-scx_layered, rust-scx_rustland, rust-scx_rusty, and xen), Mageia (freeipmi, python-openssl, python-ply, ruby-rack, vim, and zlib), Oracle (firefox, freerdp, kernel, libpng, thunderbird, uek-kernel, and virt:ol and virt-devel:ol), Red Hat (golang), SUSE (bind, expat, fetchmail, ffmpeg-7, freerdp, gsl, incus, kernel, libjavamapscript, libjxl, libpng16-16, libpolkit-agent-1-0-127, net-snmp, net-tools, openexr, perl-XML-Parser, python-ldap, python-pyasn1, python-PyJWT, python311-requests, tailscale, thunderbird, tinyproxy, and ucode-intel), and Ubuntu (golang-golang-x-net-dev and ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3).
-
SANS ☛ TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, and AstraZeneca data release.
-
Bruce Schneier ☛ Is “Hackback” Official US Cybersecurity Strategy?
But one sentence stood out: “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” This sounds like a call for hackback: giving private companies permission to conduct offensive cyber operations.
-
Tom's Hardware ☛ Microsoft issues emergency update for backdoored Windows 11 — fixes broken March preview update rollout from last week
The latest backdoored Windows 11 emergency update tackles widespread install errors and replaces the problematic KB5079391 rollout.
-
Security Week ☛ Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
Google has announced fixes for CVE-2026-5281, a zero-day affecting Chrome’s Dawn component.
-
Security Week ☛ Toy Giant Hasbro Hit by Cyberattack
The company is investigating the full scope of the incident, including whether any files have been compromised.
-
Security Week ☛ FBI Warns of Data Security Risks From China-Made Mobile Apps
The agency has not named the problematic foreign-made applications, but Fentanylware (CheeTok) and Temu come to mind.
-
Security Week ☛ US Charges Uranium Crypto Exchange Hacker
Jonathan Spalletta exploited smart contract vulnerabilities to steal approximately $55 million in cryptocurrency and cause Uranium to shut down.
-
SANS ☛ Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
-
Security Week ☛ New DeepLoad Malware Dropped in ClickFix Attacks
The malware steals credentials, installs a malicious browser extension, and can spread via USB drives.
-
HackRead ☛ ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies.